diff options
-rw-r--r-- | lib/Crypto/Cipher/AES.py | 5 | ||||
-rw-r--r-- | lib/Crypto/SelfTest/Cipher/common.py | 31 | ||||
-rw-r--r-- | lib/Crypto/SelfTest/PublicKey/test_DSA.py | 11 | ||||
-rw-r--r-- | lib/Crypto/SelfTest/PublicKey/test_RSA.py | 11 | ||||
-rw-r--r-- | lib/Crypto/SelfTest/Util/test_number.py | 11 | ||||
-rw-r--r-- | lib/Crypto/SelfTest/st_common.py | 13 | ||||
-rw-r--r-- | lib/Crypto/Signature/PKCS1_PSS.py | 2 | ||||
-rw-r--r-- | lib/Crypto/Util/Counter.py | 10 | ||||
-rw-r--r-- | src/DES.c | 4 | ||||
-rw-r--r-- | src/block_template.c | 11 |
10 files changed, 67 insertions, 42 deletions
diff --git a/lib/Crypto/Cipher/AES.py b/lib/Crypto/Cipher/AES.py index b18b7d0..c484846 100644 --- a/lib/Crypto/Cipher/AES.py +++ b/lib/Crypto/Cipher/AES.py @@ -40,7 +40,8 @@ As an example, encryption can be done as follows: A more complicated example is based on CCM, (see `MODE_CCM`) an `AEAD`_ mode that provides both confidentiality and authentication for a message. -It also allows message for the header to remain in the clear, whilst still + +It optionally allows the header of the message to remain in the clear, whilst still being authenticated. The encryption is done as follows: >>> from Crypto.Cipher import AES @@ -130,7 +131,7 @@ def new(key, *args, **kwargs): (*Only* `MODE_CBC`, `MODE_CFB`, `MODE_OFB`, `MODE_OPENPGP`). The initialization vector to use for encryption or decryption. - + It is ignored for `MODE_ECB` and `MODE_CTR`. For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption diff --git a/lib/Crypto/SelfTest/Cipher/common.py b/lib/Crypto/SelfTest/Cipher/common.py index 420b6ff..a5f8a88 100644 --- a/lib/Crypto/SelfTest/Cipher/common.py +++ b/lib/Crypto/SelfTest/Cipher/common.py @@ -605,19 +605,34 @@ class RoundtripTest(unittest.TestCase): return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,) def runTest(self): - for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB, self.module.MODE_OPENPGP): + + ## ECB mode + mode = self.module.MODE_ECB + encryption_cipher = self.module.new(a2b_hex(self.key), mode) + ciphertext = encryption_cipher.encrypt(self.plaintext) + decryption_cipher = self.module.new(a2b_hex(self.key), mode) + decrypted_plaintext = decryption_cipher.decrypt(ciphertext) + self.assertEqual(self.plaintext, decrypted_plaintext) + + ## OPENPGP mode + mode = self.module.MODE_OPENPGP + encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) + eiv_ciphertext = encryption_cipher.encrypt(self.plaintext) + eiv = eiv_ciphertext[:self.module.block_size+2] + ciphertext = eiv_ciphertext[self.module.block_size+2:] + decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv) + decrypted_plaintext = decryption_cipher.decrypt(ciphertext) + self.assertEqual(self.plaintext, decrypted_plaintext) + + ## All other non-AEAD modes (but CTR) + for mode in (self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB): encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) ciphertext = encryption_cipher.encrypt(self.plaintext) - - if mode != self.module.MODE_OPENPGP: - decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) - else: - eiv = ciphertext[:self.module.block_size+2] - ciphertext = ciphertext[self.module.block_size+2:] - decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv) + decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv) decrypted_plaintext = decryption_cipher.decrypt(ciphertext) self.assertEqual(self.plaintext, decrypted_plaintext) + class PGPTest(unittest.TestCase): def __init__(self, module, params): unittest.TestCase.__init__(self) diff --git a/lib/Crypto/SelfTest/PublicKey/test_DSA.py b/lib/Crypto/SelfTest/PublicKey/test_DSA.py index b05f69a..037e087 100644 --- a/lib/Crypto/SelfTest/PublicKey/test_DSA.py +++ b/lib/Crypto/SelfTest/PublicKey/test_DSA.py @@ -225,15 +225,8 @@ def get_tests(config={}): from Crypto.PublicKey import _fastmath tests += list_test_cases(DSAFastMathTest) except ImportError: - from distutils.sysconfig import get_config_var - import inspect - _fm_path = os.path.normpath(os.path.dirname(os.path.abspath( - inspect.getfile(inspect.currentframe()))) - +"/../../PublicKey/_fastmath"+get_config_var("SO")) - if os.path.exists(_fm_path): - raise ImportError("While the _fastmath module exists, importing "+ - "it failed. This may point to the gmp or mpir shared library "+ - "not being in the path. _fastmath was found at "+_fm_path) + from Crypto.SelfTest.st_common import handle_fastmath_import_error + handle_fastmath_import_error() tests += list_test_cases(DSASlowMathTest) return tests diff --git a/lib/Crypto/SelfTest/PublicKey/test_RSA.py b/lib/Crypto/SelfTest/PublicKey/test_RSA.py index 2884317..32bed88 100644 --- a/lib/Crypto/SelfTest/PublicKey/test_RSA.py +++ b/lib/Crypto/SelfTest/PublicKey/test_RSA.py @@ -461,15 +461,8 @@ def get_tests(config={}): from Crypto.PublicKey import _fastmath tests += list_test_cases(RSAFastMathTest) except ImportError: - from distutils.sysconfig import get_config_var - import inspect - _fm_path = os.path.normpath(os.path.dirname(os.path.abspath( - inspect.getfile(inspect.currentframe()))) - +"/../../PublicKey/_fastmath"+get_config_var("SO")) - if os.path.exists(_fm_path): - raise ImportError("While the _fastmath module exists, importing "+ - "it failed. This may point to the gmp or mpir shared library "+ - "not being in the path. _fastmath was found at "+_fm_path) + from Crypto.SelfTest.st_common import handle_fastmath_import_error + handle_fastmath_import_error() if config.get('slow_tests',1): tests += list_test_cases(RSASlowMathTest) return tests diff --git a/lib/Crypto/SelfTest/Util/test_number.py b/lib/Crypto/SelfTest/Util/test_number.py index 2201a93..709a774 100644 --- a/lib/Crypto/SelfTest/Util/test_number.py +++ b/lib/Crypto/SelfTest/Util/test_number.py @@ -325,15 +325,8 @@ def get_tests(config={}): from Crypto.PublicKey import _fastmath tests += list_test_cases(FastmathTests) except ImportError: - from distutils.sysconfig import get_config_var - import inspect, os.path - _fm_path = os.path.normpath(os.path.dirname(os.path.abspath( - inspect.getfile(inspect.currentframe()))) - +"/../../PublicKey/_fastmath"+get_config_var("SO")) - if os.path.exists(_fm_path): - raise ImportError("While the _fastmath module exists, importing "+ - "it failed. This may point to the gmp or mpir shared library "+ - "not being in the path. _fastmath was found at "+_fm_path) + from Crypto.SelfTest.st_common import handle_fastmath_import_error + handle_fastmath_import_error() return tests if __name__ == '__main__': diff --git a/lib/Crypto/SelfTest/st_common.py b/lib/Crypto/SelfTest/st_common.py index c56eac5..e0e206a 100644 --- a/lib/Crypto/SelfTest/st_common.py +++ b/lib/Crypto/SelfTest/st_common.py @@ -59,4 +59,17 @@ def b2a_hex(s): # For completeness return binascii.b2a_hex(s) +def handle_fastmath_import_error(): + import Crypto.PublicKey + import imp + try: + file, pathname, description = imp.find_module("_fastmath", Crypto.PublicKey.__path__) + except ImportError: + sys.stderr.write("SelfTest: warning: not testing _fastmath module (not available)\n") + else: + file.close() + raise ImportError("While the _fastmath module exists, importing " + "it failed. This may point to the gmp or mpir shared library " + "not being in the path. _fastmath was found at %s" % (pathname,)) + # vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/lib/Crypto/Signature/PKCS1_PSS.py b/lib/Crypto/Signature/PKCS1_PSS.py index 3840959..fb97b21 100644 --- a/lib/Crypto/Signature/PKCS1_PSS.py +++ b/lib/Crypto/Signature/PKCS1_PSS.py @@ -39,7 +39,7 @@ this: >>> h = SHA1.new() >>> h.update(message) >>> signer = PKCS1_PSS.new(key) - >>> signature = signer.sign(key) + >>> signature = signer.sign(h) At the receiver side, verification can be done like using the public part of the RSA key: diff --git a/lib/Crypto/Util/Counter.py b/lib/Crypto/Util/Counter.py index 5a6fd77..eeff93c 100644 --- a/lib/Crypto/Util/Counter.py +++ b/lib/Crypto/Util/Counter.py @@ -43,12 +43,14 @@ An example of usage is the following: >>> from Crypto.Cipher import AES >>> from Crypto.Util import Counter + >>> from Crypto import Random >>> - >>> pt = b'X'*1000000 - >>> ctr = Counter.new(128) + >>> nonce = Random.get_random_bytes(8) + >>> ctr = Counter.new(64, nonce) >>> key = b'AES-128 symm key' + >>> plaintext = b'X'*1000000 >>> cipher = AES.new(key, AES.MODE_CTR, counter=ctr) - >>> ct = cipher.encrypt(pt) + >>> ciphertext = cipher.encrypt(plaintext) :undocumented: __package__ """ @@ -70,7 +72,7 @@ def new(nbits, prefix=b(""), suffix=b(""), initial_value=1, overflow=0, little_e Each call to the function returns the next counter block. Each counter block is made up by three parts:: - + prefix || counter value || postfix The counter value is incremented by 1 at each call. @@ -50,7 +50,11 @@ static void ltcseterr(int rc) break; case CRYPT_INVALID_KEYSIZE: +#ifdef PCT_DES3_MODULE PyErr_SetString(PyExc_ValueError, "Invalid key size (must be either 16 or 24 bytes long)"); +#else + PyErr_SetString(PyExc_ValueError, "Invalid key size (must be 8 bytes long)"); +#endif break; case CRYPT_INVALID_ROUNDS: diff --git a/src/block_template.c b/src/block_template.c index eec03d3..99aee43 100644 --- a/src/block_template.c +++ b/src/block_template.c @@ -159,6 +159,17 @@ ALGnew(PyObject *self, PyObject *args, PyObject *kwdict) "Key cannot be the null string"); return NULL; } + if (IVlen != 0 && mode == MODE_ECB) + { + PyErr_Format(PyExc_ValueError, "ECB mode does not use IV"); + return NULL; + } + if (IVlen != 0 && mode == MODE_CTR) + { + PyErr_Format(PyExc_ValueError, + "CTR mode needs counter parameter, not IV"); + return NULL; + } if (IVlen != BLOCK_SIZE && mode != MODE_ECB && mode != MODE_CTR) { PyErr_Format(PyExc_ValueError, |