| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\ |
|
| | |
|
| |
| |
| |
| | |
(sys.platform should be "linux2", not "linux3")
|
| | |
|
| | |
|
|/ |
|
|
|
|
|
|
|
| |
- Set errno properly when using posix_memalign
- Rename to aligned_malloc_wrapper / aligned_free_wrapper
- Use a single set of #if blocks, to avoid the possibility of
mismatching them.
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
|
| |
| |
| |
| | |
Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
|
| |
| |
| |
| |
| |
| |
| | |
For _aligned_malloc calling free is illegal. We need to use_aligned_free
instead.
Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
|
| |
| |
| |
| |
| |
| | |
This also fixes the order of arguments passed to _aligned_malloc.
Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
|
| |
| |
| |
| |
| |
| |
| |
| | |
ek and dk are used as operands in instructions that require 16 byte alignment.
Thanks to Greg Price for finding this issue.
Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
|
| |
| |
| |
| |
| |
| | |
This is the counterpart to block_init which is called from ALGnew.
Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
|
| |
| |
| |
| | |
Signed-off-by: Sebastian Ramacher <sebastian+dev@ramacher.at>
|
| |
| |
| |
| |
| |
| | |
previous commit)
Tested on py21-py33 by force-uninstalling libgmp10 after building.
|
| |
| |
| |
| |
| | |
so that they call `Crypto.SelfTest.st_common.handle_fastmath_import_error`,
thereby eliminiating duplicate code.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
```
ext_suffix = get_config_var("EXT_SUFFIX") or get_config_var("SO")
```
because `get_config_var("SO")` returns None in Python 3.4.0a4 because the "SO"
variable is deprecated and "EXT_SUFFIX" is the new way to get this information
(see: http://bugs.python.org/issue19555)
This fixes `TypeError: Can't convert 'NoneType' object to str implicitly`
errors when running the tests on Python 3.4.0a4.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The IV parameter is currently ignored when initializing
a cipher in ECB or CTR mode.
For CTR mode, it is confusing: it takes some time to see
that a different parameter is needed (the counter).
For ECB mode, it is outright dangerous.
This patch forces an exception to be raised.
|
|/
|
|
|
|
|
|
|
|
| |
As it stood before this commit, the hash was never used in the signing
process. It looks like the bug was introduced by e053629 (Restructure
both PKCS#1 signature schemes as objects, 2011-10-16), which changed:
- >>> signature = PKCS1_PSS.sign(h, key)
+ >>> signer = PKCS1_PSS.new(key)
+ >>> signature = PKCS1_PSS.sign(key)
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We were getting this error on Python 3.2:
ERROR: runTest (Crypto.SelfTest.Hash.common.MACSelfTest)
CMAC #17: NIST SP 800 38B D.7 Example 17
----------------------------------------------------------------------
Traceback (most recent call last):
File "build/lib.linux-x86_64-3.2/Crypto/SelfTest/Hash/common.py", line 199, in runTest
self.assertRaises(ValueError, h.hexverify, "4556")
File "/home/dwon/py/pythons/python3.2/lib/python3.2/unittest/case.py", line 557, in assertRaises
callableObj(*args, **kwargs)
File "build/lib.linux-x86_64-3.2/Crypto/Hash/CMAC.py", line 323, in hexverify
self.verify(unhexlify(hex_mac_tag))
TypeError: 'str' does not support the buffer interface
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes this warning:
In file included from src/CAST.c:453:0:
src/block_template.c: In function ‘ALG_Encrypt’:
src/block_template.c:426:12: warning: format ‘%i’ expects argument of
type ‘int’, but argument 3 has type ‘Py_ssize_t’ [-Wformat=]
ctr->buf_size, BLOCK_SIZE);
^
|
|
|
|
|
|
| |
This is for consistency with the rest of PyCrypto.
Closes: https://bugs.launchpad.net/pycrypto/+bug/1132550
|
| |
|
|
|
|
|
|
|
|
| |
unusable
This makes the CMAC module behave more like most Python functions do
when a required argument is missing, and reserves ValueError for a MAC
failure.
|
|
|
|
| |
I don't want to make this a public API just yet.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds encrypt_and_digest() and decrypt_and_verify()
methods to a cipher object.
In most cases they are just shortcuts to the existing functions.
For SIV mode, decrypt_and_verify() replaces decrypt().
[dlitz@dlitz.net: Squashed with bugfix commit:]
Bug in encrypt_and_digest() (all AEAD modes)
decrypt() was being called instead of encrypt().
Added also a unit test to validate that composition
of encrypt_and_digest() and decrypt_and_verify()
is the identity function.
[dlitz@dlitz.net: Included changes from the following commit from the author's pull request:]
- [9c13f9c] Rename 'IV' parameter to 'nonce' for AEAD modes.
[dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"]
[dlitz@dlitz.net: Replaced MacMismatchError with ValueError]
[dlitz@dlitz.net: Replaced ApiUsageError with TypeError]
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GCM mode requires GHASH for 2 different operations: one for
the data (AD + ciphertext) and one for the IV.
Construction of tables to speed-up GHASH is very expensive
and it is worth doing only for the data, not for the IV.
This patch ensures that the GHASH for the IV does not
use tables, with a ~40% faster key setup.
[dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tables take 64KByte per each key.
Encryption performance is more than doubled
(29 MBps vs 8MBps for AES128).
As a drawback, key setup is much slower (1300 key/s
on the same machine).
[dlitz@dlitz.net: Replaced MacMismatchError with ValueError]
[dlitz@dlitz.net: Replaced ApiUsageError with TypeError]
[dlitz@dlitz.net: Included changes from the following commits from the author's pull request:]
- [9c13f9c] Rename 'IV' parameter to 'nonce' for AEAD modes.
- [ca460a7] Made blockalgo.py more PEP-8 compliant; The second parameter
of the _GHASH constructor is now the length of the block
(block_size) and not the full module.
[dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The main change done by this commit is adding support
for MODE_GCM (NIST SP 800 38D). Test vectors are included.
The mode uses a C extension (Crypto.Util.galois._ghash)
to compute the GHASH step. The C implementation is the most
basic one and it is still significantly (5x times) slower than CTR.
Optimizations can be introduced using tables (CPU/memory trade-off)
or even AES NI instructions on newer x86 CPUs.
This patch also simplifies Crypto.Cipher.blockalgo.py by:
* removing duplicated code previously shared by digest() and verify().
* removing duplicated code previously shared by Crypto.Hash.CMAC
and Crypto.Cipher.block_algo (management of internal buffers
for MACs that can only operate on block aligned data, like
CMAC, CBCMAC, and now also GHASH).
[dlitz@dlitz.net: Included changes from the following commits from the author's pull request:]
- [9c13f9c] Rename 'IV' parameter to 'nonce' for AEAD modes.
- [ca460a7] Made blockalgo.py more PEP-8 compliant;
The second parameter of the _GHASH constructor
is now the length of the block (block_size)
and not the full module.
[dlitz@dlitz.net: Replaced MacMismatchError with ValueError]
[dlitz@dlitz.net: Replaced ApiUsageError with TypeError]
[dlitz@dlitz.net: Replaced renamed variable `ht` with original `h`]
[dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch add supports for SIV, an AEAD block cipher
mode defined in RFC5297. SIV is only valid for AES.
The PRF of SIV (S2V) is factored out in the Protocol.KDF module.
See the following example to get a feeling of the API (slightly
different than other AEAD mode, during decryption).
Encryption (Python 2):
>>> from Crypto.Cipher import AES
>>> key = b'0'*32
>>> siv = AES.new(key, AES.MODE_SIV)
>>> ct = siv.encrypt(b'Message')
>>> mac = siv.digest()
Decryption (Python 2):
>>> from Crypto.Cipher import AES, MacMismatchError
>>> key = b'0'*32
>>> siv = AES.new(key, AES.MODE_SIV)
>>> pt = siv.decrypt(ct + mac)
>>> try:
>>> siv.verify(mac)
>>> print "Plaintext", pt
>>> except MacMismatchError:
>>> print "Error"
This change also fixes the description/design of AEAD API.
With SIV (RFC5297), decryption can only start when the MAC is known.
The original AEAD API did not support that.
For SIV the MAC is now exceptionally passed together with the ciphertext
to the decrypt() method.
[dlitz@dlitz.net: Included changes from the following commits from the author's pull request:]
- [9c13f9c] Rename 'IV' parameter to 'nonce' for AEAD modes.
- [d7727fb] Fix description/design of AEAD API.
- [fb62fae] ApiUsageError becomes TypeError [whitespace]
- [4ec64d8] Removed last references to ApiUsageError [whitespace]
- [ee46922] Removed most 'import *' statements
- [ca460a7] Made blockalgo.py more PEP-8 compliant;
The second parameter of the _GHASH constructor
is now the length of the block (block_size)
and not the full module.
[dlitz@dlitz.net: A conflict that was not resolved in the previous
commit was originally resolved here. Moved the
resolution to the previous commit.]
[dlitz@dlitz.net: Replaced MacMismatchError with ValueError]
[dlitz@dlitz.net: Replaced ApiUsageError with TypeError]
[dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"]
|
|
|
|
|
|
|
|
|
| |
[dlitz@dlitz.net: Included changes from the following commits from the author's pull request:]
- [9c13f9c] Rename 'IV' parameter to 'nonce' for AEAD modes.
- [ca460a7] Made blockalgo.py more PEP-8 compliant; The second parameter
of the _GHASH constructor is now the length of the block
(block_size) and not the full module.
[dlitz@dlitz.net: Fixed unresolved conflict in lib/Crypto/Cipher/blockalgo.py]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[dlitz@dlitz.net: Included changes from the following commits from the author's pull request:]
- [5306cf3] Added support for CCM mode (AES cipher only)
- [9abe301] Added CCM tests
- [f0c1395] Add MacMismatchError and ApiUsageError
- [fb62fae] ApiUsageError becomes TypeError
- [9c13f9c] Rename 'IV' parameter to 'nonce' for AEAD modes.
- [4ec64d8] Removed last references to ApiUsageError
- [80bfd35] Corrected AES-CCM examples
[dlitz@dlitz.net: Removed unrelated documentation change]
[dlitz@dlitz.net: Renamed 'targs' back to 'args']
[dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"]
|
|
|
|
|
|
|
| |
This patch adds support for CMAC (RFC4493, NIST SP800-38B).
[dlitz@dlitz.net: Replaced MacMismatchError with ValueError]
[dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
[dlitz@dlitz.net: Re-ordered commits; so don't import S2V yet]
[dlitz@dlitz.net: Included an additional 'import *' change from the following commit:]
commit 4ec64d8eaaa4965889eb8e3b801fc77aa84e0a4e
Author: Legrandin <helderijs@gmail.com>
Date: Tue Sep 10 07:28:08 2013 +0200
Removed last references to ApiUsageError
[dlitz@dlitz.net: Removed unrelated whitespace changes]
|
| |
|
|
|
|
|
|
|
|
|
| |
[dlitz@dlitz.net: Extracted from the following commit:]
commit 5306cf38ba060a70e5397ec48a5cea00c2bf0203
Author: Legrandin <helderijs@gmail.com>
Date: Wed Jan 23 22:37:53 2013 +0100
Added support for CCM mode (AES cipher only)
|
|
|
|
|
|
| |
When the counter function returns an incorrect counter block to
the cipher in CTR mode, the error message includes both the required and
the provided amount of data (in bytes).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The MAC unit tests assume that the MAC algorithm is
based on hash functions (HMAC).
Additionally, a single test vector is quite complex
in that it includes result for multiple tests (each
performed on the same data, but with different
hashes).
This patch simplifies the MAC unit test so that it does
not depend on hashes and a test vector is simply made up by:
* 1 input
* 1 result
* All parameters to pass to the new() function
[dlitz@dlitz.net: Replaced custom MacMismatchError with ValueError.]
[dlitz@dlitz.net: Replaced 'import *' with appropriate imports.]
[dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the current implementation, it is left up to the caller
to assess if the locally computed MAC matches the MAC associated
to the received message.
However, the most natural way to do that (use == operator)
is also deepy unsecure, see here:
http://seb.dbzteam.org/crypto/python-oauth-timing-hmac.pdf
With this patch, the new HMAC.verify() method accepts
the given MAC and perform the check on behalf of the caller.
The method will use constant-time code (still dependent on the length
of the MAC, but not on the actual content).
[dlitz@dlitz.net: Modified commit message subject line.]
[dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"]
|