| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tries to generate a bogus-length key.
Before this change, doing RSA.generate(128*5) would raise an exception saying:
"bits must be multiple of 128 and > 512"
This was because getStrongPrime was raising the exception when trying to
generate 320-bit primes (which is correct behaviour). Now, we raise a more
friendly error message:
"RSA modulus length must be a multiple of 256 and > 1024"
|
|
|
|
| |
This makes _slowmath behave the same as _fastmath in this regard.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
See https://bugs.launchpad.net/pycrypto/+bug/609175
Apparently, the -pg and -fomit-frame-pointer options to gcc are incompatible,
and -pg is added when python is built using --enable-profiling.
Thanks to Drew Smathers for pointing this out and proposing this fix.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Legrandin's getStrongPrime() patch changed the behaviour of
Crypto.Util.number.getRandomNumber() to something that is more like what
people would expect, but different from what we did before. This change
modifies Crypto.Util.number in the following ways:
- Rename getRandomNBitNumber -> getRandomNBitInteger
and getRandomNumber -> getRandomInteger
- Preserve old behaviour by making getRandomNumber work the same as
getRandomNBitInteger.
- Emit a DeprecationWarning when the old getRandomNumber is used.
|
|
|
|
|
|
| |
This patch add support for older python 2.1/2.2 to the previous one (DER/PEM).
Committer: Legrandin <gooksankoo@hoiptorrow.mailexpire.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Typical usage for importing an RSA key:
f = file("ssl.pem")
key = RSA.importKey(f.read())
f.close()
key.verify(hash, signature)
Typical usage for exporting an RSA public key:
key = RSA.generate(512, randfunc)
f = file("ssl.der","w")
f.write(key.publickey.exportKey('DER'))
f.close()
I confirm I am eligible for submitting code to pycrypto according
to http://www.dlitz.net/software/pycrypto/submission-requirements/
fetched on 27 December 2009.
Committer: Legrandin <gooksankoo@hoiptorrow.mailexpire.com>
|
| |
|
|
|
|
| |
This could occur if getRNG() returns NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Replaced things like (1 << bits) with (1L << bits). See PEP 237:
- In Python < 2.4, (1<<31) evaluates as -2147483648
- In Python >= 2.4, it becomes 2147483648L
- Replaced things like (bits/2) with the equivalent (bits>>1). This makes
PyCrypto work when floating-point division is enabled (e.g. in Python 2.6
with -Qnew)
- In Python < 2.2, expressions like 2**1279, 1007119*2014237, and
3153640933 raise OverflowError. Replaced them with it with 2L**1279,
1007119L*2014237L, and 3153640933, respectively.
- The "//" and "//=" integer division operators are a syntax error in Python
2.1 and below. Replaced things like (m //= 2) with the equivalent
(m >>= 1).
- Where integer division can't be replaced by bit shifting, replace (a/b) with
(divmod(a, b)[0]).
- math.log takes exactly 1 argument in Python < 2.3, so replaced things like
"-math.log(false_positive_prob, 4)" with
"-math.log(false_positive_prob)/math.log(4)".
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From http://lists.dlitz.net/pipermail/pycrypto/2009q4/000167.html, with the
following explanation included in the email:
=== snip ===
Hi there!
Here comes my monster patch.
It includes a python and C version of getStrongPrime, rabinMillerTest and isPrime.
there are also two small unit tests and some helper functions.
They all take a randfunc and propagate them (or so I hope).
The Rabin-Miller-Test uses random bases (non-deterministic).
getStrongPrime and isPrime take an optional parameter "false_positive_prob"
where one can specify the maximum probability that the prime is actually
composite. Internally the functions calculate the Rabin-Miller rounds from
this. It defaults to 1e-6 (1:1000000) which results in 10 rounds of Rabin-Miller
testing.
Please review this carefully. Even though I tried hard to get things right some
bugs always slip through.
maybe you could also review the way I acquire and release the GIL. It felt kind
of ugly the way I did it but I don't see a better way just now.
Concerning the public exponent e:
I now know why it needs to be coprime to p-1 and q-1. The private exponent d is
the inverse of e mod ((p-1)(q-1)).
If e is not coprime to ((p-1)(q-1)) then the inverse does not exist [1].
The getStrongPrime take an optional argument e. if provided the function will
make sure p-1 and e are coprime. if e is even (p-1)/2 will be coprime.
if e is even then there is a additional constraint: p =/= q mod 8.
I can't check for that in getStrongPrime of course but since we hardcoded e to
be odd in _RSA.py this should pose no problem.
The Baillie-PSW-Test is not included.
I tried hard not to use any functionality new than 2.1 but if you find anything
feel free to criticize. Also if I didn't get the coding style right either tell
me or feel free to correct it yourself.
have fun.
//Lorenz
[1] http://mathworld.wolfram.com/ModularInverse.html
=== snip ===
|
|
|
|
| |
This should fix building on FreeBSD and NetBSD.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Update the documentation, so that:
1) The only example about RSA key shows how the randomness
generator should be created and used.
2) The description of Crypto.Util.randpool is replaced
with the more robust Crypto.Random.
Committer: Legrandin <gooksankoo@hoiptorrow.mailexpire.com>
|
| |
|
| |
|
|
|
|
|
| |
Thanks to Nevins Bartolomeo (https://launchpad.net/~nevins-bartolomeo) for
contributing this fix.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is needed for encryption to work properly, according to the 1997 paper by
Robert D. Silverman of RSA Labs, "Fast generation of random, strong RSA
primes", available here:
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.17.2713&rep=rep1&type=pdf
Since e=65537 is prime, it is sufficient to check that e divides neither (p-1)
nor (q-1).
This fixes the bug https://bugs.launchpad.net/pycrypto/+bug/408660
This is a modified version of a patch by Lorenz Quack <don@amberfisharts.com>.
|
|
|
|
|
|
| |
This error should never occur, but we might as well handle it properly anyway.
This fixes https://bugs.launchpad.net/pycrypto/+bug/452195
|
|
|
|
|
|
| |
The *new* version uses Crypto.Random, so it's not broken, but we still want to
warn users and developers that their applications have been using an insecure
RNG up to this point.
|
| |
|
|
|
|
|
|
|
| |
These are the easy ones. We don't release the GIL on cipher initialization,
hash initialization, or hash finalization, because those functions might make
Python API calls, and we would need to add a mechism for re-acquiring the GIL
in those cases.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
- Add check_wraparound_func pointer to PCT_CounterObject
- Call check_wraparound_func from block_template.c
|
|
|
|
| |
when shortcut is used
|
| |
|
|
|
|
|
| |
The old behaviour can be obtained by explicitly setting allow_wraparound=True
when invoking Counter.new
|
| |
|
|
|
|
| |
attribute
|
| |
|
|
|
|
| |
without the shortcut
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
duplicating code in ALG_Decrypt
|
| |
|
| |
|
|
|
|
| |
not a multiple of 8 bits
|