diff options
author | Anders Sundman <anders@4zm.org> | 2011-05-19 19:56:55 +0200 |
---|---|---|
committer | Anders Sundman <anders@4zm.org> | 2011-05-19 19:56:55 +0200 |
commit | c44be93df8cdde46468df7f336626f69d8b21a7e (patch) | |
tree | c0491ce1420145cdc6c98b5afd1e04360d299ead | |
parent | 28f8bd25da5174b8a214ea832a88c72a8d7bba9c (diff) | |
parent | e226cd7f963d2c21c839071d10ed3102b758fdf6 (diff) | |
download | pycrypto-c44be93df8cdde46468df7f336626f69d8b21a7e.tar.gz |
Merge branch 'master' into py3k
-rw-r--r-- | README | 7 | ||||
-rw-r--r-- | lib/Crypto/PublicKey/RSA.py | 19 | ||||
-rw-r--r-- | setup.py | 22 | ||||
-rw-r--r-- | src/_fastmath.c | 18 |
4 files changed, 52 insertions, 14 deletions
@@ -86,6 +86,13 @@ possible, track down the bug and include a patch that fixes it, provided that you are able to meet the eligibility requirements at http://www.pycrypto.org/submission-requirements/. +It is possible to test a single sub-package or a single module only, for instance +when you investigate why certain tests fail and don't want to run the whole +suite each time. Use "python setup.py test --module=name", where 'name' +is either a sub-package (Cipher, PublicKey, etc) or a module (Cipher.DES, +PublicKey.RSA, etc). +To further cut test coverage, pass also the option "--skip-slow-tests". + To install the package under the site-packages directory of your Python installation, run "python setup.py install". diff --git a/lib/Crypto/PublicKey/RSA.py b/lib/Crypto/PublicKey/RSA.py index d95f2cf..0e0f2a1 100644 --- a/lib/Crypto/PublicKey/RSA.py +++ b/lib/Crypto/PublicKey/RSA.py @@ -33,6 +33,9 @@ if sys.version_info[0] == 2 and sys.version_info[1] == 1: from Crypto.Util.py21compat import * from Crypto.Util.py3compat import * + +from Crypto.Util.number import getRandomRange + from Crypto.PublicKey import _RSA, _slowmath, pubkey from Crypto import Random @@ -47,9 +50,12 @@ except ImportError: class _RSAobj(pubkey.pubkey): keydata = ['n', 'e', 'd', 'p', 'q', 'u'] - def __init__(self, implementation, key): + def __init__(self, implementation, key, randfunc=None): self.implementation = implementation self.key = key + if randfunc is None: + randfunc = Random.new().read + self._randfunc = randfunc def __getattr__(self, attrname): if attrname in self.keydata: @@ -68,7 +74,16 @@ class _RSAobj(pubkey.pubkey): # instead, but this is more compatible and we're # going to replace the Crypto.PublicKey API soon # anyway. - return self.key._decrypt(ciphertext) + + # Blinded RSA decryption (to prevent timing attacks): + # Step 1: Generate random secret blinding factor r, such that 0 < r < n-1 + r = getRandomRange(1, self.key.n-1, randfunc=self._randfunc) + # Step 2: Compute c' = c * r**e mod n + cp = self.key._blind(ciphertext, r) + # Step 3: Compute m' = c'**d mod n (ordinary RSA decryption) + mp = self.key._decrypt(cp) + # Step 4: Compute m = m**(r-1) mod n + return self.key._unblind(mp, r) def _blind(self, m, r): return self.key._blind(m, r) @@ -267,14 +267,17 @@ class TestCommand(Command): description = "Run self-test" + # Long option name, short option name, description user_options = [ ('skip-slow-tests', None, - 'Skip slow tests') + 'Skip slow tests'), + ('module=', 'm', 'Test a single module (e.g. Cipher, PublicKey)') ] def initialize_options(self): self.build_dir = None self.skip_slow_tests = None + self.module = None def finalize_options(self): self.set_undefined_options('install', ('build_lib', 'build_dir')) @@ -287,8 +290,21 @@ class TestCommand(Command): try: sys.path.insert(0, self.build_dir) from Crypto import SelfTest - SelfTest.run(verbosity=self.verbose, stream=sys.stdout, - config=self.config) + moduleObj = None + if self.module: + if self.module.count('.')==0: + # Test a whole a sub-package + full_module = "Crypto.SelfTest." + self.module + module_name = self.module + else: + # Test only a module + # Assume only one dot is present + comps = self.module.split('.') + module_name = "test_" + comps[1] + full_module = "Crypto.SelfTest." + comps[0] + "." + module_name + # Import sub-package or module + moduleObj = __import__( full_module, globals(), locals(), module_name ) + SelfTest.run(module=moduleObj, verbosity=self.verbose, stream=sys.stdout, config=self.config) finally: # Restore sys.path sys.path[:] = old_path diff --git a/src/_fastmath.c b/src/_fastmath.c index fe3fde3..3b81a6b 100644 --- a/src/_fastmath.c +++ b/src/_fastmath.c @@ -172,7 +172,7 @@ dsaSign (dsaKey * key, mpz_t m, mpz_t k, mpz_t r, mpz_t s) return 1; } mpz_init (temp); - mpz_powm (r, key->g, k, key->p); + mpz_powm_sec (r, key->g, k, key->p); mpz_mod (r, r, key->q); mpz_invert (s, k, key->q); mpz_mul (temp, key->x, r); @@ -201,8 +201,8 @@ dsaVerify (dsaKey * key, mpz_t m, mpz_t r, mpz_t s) mpz_mod (u1, u1, key->q); mpz_mul (u2, r, w); mpz_mod (u2, u2, key->q); - mpz_powm (v1, key->g, u1, key->p); - mpz_powm (v2, key->y, u2, key->p); + mpz_powm_sec (v1, key->g, u1, key->p); + mpz_powm_sec (v2, key->y, u2, key->p); mpz_mul (w, v1, v2); mpz_mod (w, w, key->p); mpz_mod (w, w, key->q); @@ -226,7 +226,7 @@ rsaEncrypt (rsaKey * key, mpz_t v) { return 1; } - mpz_powm (v, v, key->e, key->n); + mpz_powm_sec (v, v, key->e, key->n); return 0; } @@ -254,11 +254,11 @@ rsaDecrypt (rsaKey * key, mpz_t v) /* m1 = c ^ (d mod (p-1)) mod p */ mpz_sub_ui(h, key->p, 1); mpz_fdiv_r(h, key->d, h); - mpz_powm(m1, v, h, key->p); + mpz_powm_sec(m1, v, h, key->p); /* m2 = c ^ (d mod (q-1)) mod q */ mpz_sub_ui(h, key->q, 1); mpz_fdiv_r(h, key->d, h); - mpz_powm(m2, v, h, key->q); + mpz_powm_sec(m2, v, h, key->q); /* h = u * ( m2 - m1 ) mod q */ mpz_sub(h, m2, m1); if (mpz_sgn(h)==-1) @@ -277,7 +277,7 @@ rsaDecrypt (rsaKey * key, mpz_t v) } /* slow */ - mpz_powm (v, v, key->d, key->n); + mpz_powm_sec (v, v, key->d, key->n); return 0; } @@ -292,7 +292,7 @@ rsaBlind (rsaKey * key, mpz_t v, mpz_t b) { return 2; } - mpz_powm (b, b, key->e, key->n); + mpz_powm_sec (b, b, key->e, key->n); mpz_mul (v, v, b); mpz_mod (v, v, key->n); return 0; @@ -1249,7 +1249,7 @@ rabinMillerTest (mpz_t n, int rounds, PyObject *randfunc) } } while (base_was_tested); mpz_init_set (tested[i], a); - mpz_powm (z, a, m, n); + mpz_powm_sec (z, a, m, n); if ((mpz_cmp_ui (z, 1) == 0) || (mpz_cmp (z, n_1) == 0)) continue; composite = 1; |