Merge branch 'master' into py3k

author: Anders Sundman <anders@4zm.org> 2011-05-19 19:56:55 +0200
committer: Anders Sundman <anders@4zm.org> 2011-05-19 19:56:55 +0200
commit: c44be93df8cdde46468df7f336626f69d8b21a7e (patch)
tree: c0491ce1420145cdc6c98b5afd1e04360d299ead
parent: 28f8bd25da5174b8a214ea832a88c72a8d7bba9c (diff)
parent: e226cd7f963d2c21c839071d10ed3102b758fdf6 (diff)
download: pycrypto-c44be93df8cdde46468df7f336626f69d8b21a7e.tar.gz
4 files changed, 52 insertions, 14 deletions
diff --git a/README b/README
index 7196b63..212d4e6 100644
--- a/README
+++ b/README
@@ -86,6 +86,13 @@ possible, track down the bug and include a patch that fixes it,
 provided that you are able to meet the eligibility requirements at
 http://www.pycrypto.org/submission-requirements/.
 
+It is possible to test a single sub-package or a single module only, for instance
+when you investigate why certain tests fail and don't want to run the whole
+suite each time. Use "python setup.py test --module=name", where 'name'
+is either a sub-package (Cipher, PublicKey, etc) or a module (Cipher.DES,
+PublicKey.RSA, etc).
+To further cut test coverage, pass also the option "--skip-slow-tests".
+
 To install the package under the site-packages directory of
 your Python installation, run "python setup.py install".
 
diff --git a/lib/Crypto/PublicKey/RSA.py b/lib/Crypto/PublicKey/RSA.py
index d95f2cf..0e0f2a1 100644
--- a/lib/Crypto/PublicKey/RSA.py
+++ b/lib/Crypto/PublicKey/RSA.py
@@ -33,6 +33,9 @@ if sys.version_info[0] == 2 and sys.version_info[1] == 1:
     from Crypto.Util.py21compat import *
 from Crypto.Util.py3compat import *
 
+
+from Crypto.Util.number import getRandomRange
+
 from Crypto.PublicKey import _RSA, _slowmath, pubkey
 from Crypto import Random
 
@@ -47,9 +50,12 @@ except ImportError:
 class _RSAobj(pubkey.pubkey):
     keydata = ['n', 'e', 'd', 'p', 'q', 'u']
 
-    def __init__(self, implementation, key):
+    def __init__(self, implementation, key, randfunc=None):
         self.implementation = implementation
         self.key = key
+        if randfunc is None:
+            randfunc = Random.new().read
+        self._randfunc = randfunc
 
     def __getattr__(self, attrname):
         if attrname in self.keydata:
@@ -68,7 +74,16 @@ class _RSAobj(pubkey.pubkey):
                                # instead, but this is more compatible and we're
                                # going to replace the Crypto.PublicKey API soon
                                # anyway.
-        return self.key._decrypt(ciphertext)
+
+        # Blinded RSA decryption (to prevent timing attacks):
+        # Step 1: Generate random secret blinding factor r, such that 0 < r < n-1
+        r = getRandomRange(1, self.key.n-1, randfunc=self._randfunc)
+        # Step 2: Compute c' = c * r**e mod n
+        cp = self.key._blind(ciphertext, r)
+        # Step 3: Compute m' = c'**d mod n       (ordinary RSA decryption)
+        mp = self.key._decrypt(cp)
+        # Step 4: Compute m = m**(r-1) mod n
+        return self.key._unblind(mp, r)
 
     def _blind(self, m, r):
         return self.key._blind(m, r)
diff --git a/setup.py b/setup.py
index d53fdc6..63f5d57 100644
--- a/setup.py
+++ b/setup.py
@@ -267,14 +267,17 @@ class TestCommand(Command):
 
     description = "Run self-test"
 
+    # Long option name, short option name, description
     user_options = [
         ('skip-slow-tests', None,
-            'Skip slow tests')
+            'Skip slow tests'),
+        ('module=', 'm', 'Test a single module (e.g. Cipher, PublicKey)')
     ]
 
     def initialize_options(self):
         self.build_dir = None
         self.skip_slow_tests = None
+        self.module = None
 
     def finalize_options(self):
         self.set_undefined_options('install', ('build_lib', 'build_dir'))
@@ -287,8 +290,21 @@ class TestCommand(Command):
         try:
             sys.path.insert(0, self.build_dir)
             from Crypto import SelfTest
-            SelfTest.run(verbosity=self.verbose, stream=sys.stdout, 
-            config=self.config)
+            moduleObj = None
+            if self.module:
+                if self.module.count('.')==0:
+                    # Test a whole a sub-package
+                    full_module = "Crypto.SelfTest." + self.module
+                    module_name = self.module
+                else:
+                    # Test only a module
+                    # Assume only one dot is present
+                    comps = self.module.split('.')
+                    module_name = "test_" + comps[1]
+                    full_module = "Crypto.SelfTest." + comps[0] + "." + module_name
+                # Import sub-package or module
+                moduleObj = __import__( full_module, globals(), locals(), module_name )
+            SelfTest.run(module=moduleObj, verbosity=self.verbose, stream=sys.stdout, config=self.config)
         finally:
             # Restore sys.path
             sys.path[:] = old_path
diff --git a/src/_fastmath.c b/src/_fastmath.c
index fe3fde3..3b81a6b 100644
--- a/src/_fastmath.c
+++ b/src/_fastmath.c
@@ -172,7 +172,7 @@ dsaSign (dsaKey * key, mpz_t m, mpz_t k, mpz_t r, mpz_t s)
 		return 1;
 	}
 	mpz_init (temp);
-	mpz_powm (r, key->g, k, key->p);
+	mpz_powm_sec (r, key->g, k, key->p);
 	mpz_mod (r, r, key->q);
 	mpz_invert (s, k, key->q);
 	mpz_mul (temp, key->x, r);
@@ -201,8 +201,8 @@ dsaVerify (dsaKey * key, mpz_t m, mpz_t r, mpz_t s)
 	mpz_mod (u1, u1, key->q);
 	mpz_mul (u2, r, w);
 	mpz_mod (u2, u2, key->q);
-	mpz_powm (v1, key->g, u1, key->p);
-	mpz_powm (v2, key->y, u2, key->p);
+	mpz_powm_sec (v1, key->g, u1, key->p);
+	mpz_powm_sec (v2, key->y, u2, key->p);
 	mpz_mul (w, v1, v2);
 	mpz_mod (w, w, key->p);
 	mpz_mod (w, w, key->q);
@@ -226,7 +226,7 @@ rsaEncrypt (rsaKey * key, mpz_t v)
 	{
 		return 1;
 	}
-	mpz_powm (v, v, key->e, key->n);
+	mpz_powm_sec (v, v, key->e, key->n);
 	return 0;
 }
 
@@ -254,11 +254,11 @@ rsaDecrypt (rsaKey * key, mpz_t v)
         /* m1 = c ^ (d mod (p-1)) mod p */
         mpz_sub_ui(h, key->p, 1);
         mpz_fdiv_r(h, key->d, h);
-        mpz_powm(m1, v, h, key->p);
+        mpz_powm_sec(m1, v, h, key->p);
         /* m2 = c ^ (d mod (q-1)) mod q */
         mpz_sub_ui(h, key->q, 1);
         mpz_fdiv_r(h, key->d, h);
-        mpz_powm(m2, v, h, key->q);
+        mpz_powm_sec(m2, v, h, key->q);
         /* h = u * ( m2 - m1 ) mod q */
         mpz_sub(h, m2, m1);
         if (mpz_sgn(h)==-1)
@@ -277,7 +277,7 @@ rsaDecrypt (rsaKey * key, mpz_t v)
     }
 
     /* slow */
-	mpz_powm (v, v, key->d, key->n);
+	mpz_powm_sec (v, v, key->d, key->n);
 	return 0;
 }
 
@@ -292,7 +292,7 @@ rsaBlind (rsaKey * key, mpz_t v, mpz_t b)
         {
             return 2;
         }
-    mpz_powm (b, b, key->e, key->n);
+    mpz_powm_sec (b, b, key->e, key->n);
     mpz_mul (v, v, b);
     mpz_mod (v, v, key->n);
     return 0;
@@ -1249,7 +1249,7 @@ rabinMillerTest (mpz_t n, int rounds, PyObject *randfunc)
 			}
 		} while (base_was_tested);
 		mpz_init_set (tested[i], a);
-		mpz_powm (z, a, m, n);
+		mpz_powm_sec (z, a, m, n);
 		if ((mpz_cmp_ui (z, 1) == 0) || (mpz_cmp (z, n_1) == 0))
 			continue;
 		composite = 1;
author	Anders Sundman <anders@4zm.org>	2011-05-19 19:56:55 +0200
committer	Anders Sundman <anders@4zm.org>	2011-05-19 19:56:55 +0200
commit	c44be93df8cdde46468df7f336626f69d8b21a7e (patch)
tree	c0491ce1420145cdc6c98b5afd1e04360d299ead
parent	28f8bd25da5174b8a214ea832a88c72a8d7bba9c (diff)
parent	e226cd7f963d2c21c839071d10ed3102b758fdf6 (diff)
download	pycrypto-c44be93df8cdde46468df7f336626f69d8b21a7e.tar.gz