| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch add supports for SIV, an AEAD block cipher
mode defined in RFC5297. SIV is only valid for AES.
The PRF of SIV (S2V) is factored out in the Protocol.KDF module.
See the following example to get a feeling of the API (slightly
different than other AEAD mode, during decryption).
Encryption (Python 2):
>>> from Crypto.Cipher import AES
>>> key = b'0'*32
>>> siv = AES.new(key, AES.MODE_SIV)
>>> ct = siv.encrypt(b'Message')
>>> mac = siv.digest()
Decryption (Python 2):
>>> from Crypto.Cipher import AES, MacMismatchError
>>> key = b'0'*32
>>> siv = AES.new(key, AES.MODE_SIV)
>>> pt = siv.decrypt(ct + mac)
>>> try:
>>> siv.verify(mac)
>>> print "Plaintext", pt
>>> except MacMismatchError:
>>> print "Error"
This change also fixes the description/design of AEAD API.
With SIV (RFC5297), decryption can only start when the MAC is known.
The original AEAD API did not support that.
For SIV the MAC is now exceptionally passed together with the ciphertext
to the decrypt() method.
[dlitz@dlitz.net: Included changes from the following commits from the author's pull request:]
- [9c13f9c] Rename 'IV' parameter to 'nonce' for AEAD modes.
- [d7727fb] Fix description/design of AEAD API.
- [fb62fae] ApiUsageError becomes TypeError [whitespace]
- [4ec64d8] Removed last references to ApiUsageError [whitespace]
- [ee46922] Removed most 'import *' statements
- [ca460a7] Made blockalgo.py more PEP-8 compliant;
The second parameter of the _GHASH constructor
is now the length of the block (block_size)
and not the full module.
[dlitz@dlitz.net: A conflict that was not resolved in the previous
commit was originally resolved here. Moved the
resolution to the previous commit.]
[dlitz@dlitz.net: Replaced MacMismatchError with ValueError]
[dlitz@dlitz.net: Replaced ApiUsageError with TypeError]
[dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[dlitz@dlitz.net: Included changes from the following commits from the author's pull request:]
- [5306cf3] Added support for CCM mode (AES cipher only)
- [9abe301] Added CCM tests
- [f0c1395] Add MacMismatchError and ApiUsageError
- [fb62fae] ApiUsageError becomes TypeError
- [9c13f9c] Rename 'IV' parameter to 'nonce' for AEAD modes.
- [4ec64d8] Removed last references to ApiUsageError
- [80bfd35] Corrected AES-CCM examples
[dlitz@dlitz.net: Removed unrelated documentation change]
[dlitz@dlitz.net: Renamed 'targs' back to 'args']
[dlitz@dlitz.net: Whitespace fixed with "git rebase --whitespace=fix"]
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is the PyCrypto 2.6.1 release.
Dwayne Litzenberger (4):
Random: Make Crypto.Random.atfork() set last_reseed=None (CVE-2013-1445)
Fortuna: Add comments for reseed_interval and min_pool_size to FortunaAccumulator
Update the ChangeLog
Release v2.6.1
|
| |
| |
| |
| |
| |
| | |
This release is identical to PyCrypto v2.6, except it fixes the
Crypto.Random race condition (CVE-2013-1445) and adds a few related
comments.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These algorithm names were confusing, because there are actually
algorithms called "SHA" (a.k.a. SHA-0) and "RIPEMD" (the original
version).
This commit just renames the modules, with no backward-compatibility
support.
|
|/
|
|
| |
Only the last exclude-introspect setting is considered.
|
| |
|
|
|
|
| |
I doubt anyone uses it anyway, and we have no test suite for it.
|
| |
|
|
|
|
| |
private methods, and inherited ones are made more explicit.
|
| |
|
|\ |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
Conflicts:
Doc/epydoc-config
|
| | |
|
|\ \
| |/ |
|
| |
| |
| |
| | |
the same object
|
| |
| |
| |
| |
| | |
Applied patch from Debian python-crypto 2.3-3:
debian/patches/epydoc-exclude-introspect.patch
|
| |
| |
| |
| |
| |
| |
| |
| | |
- Removed references to IDEA and RC5, which have been removed from PyCrypto.
- Updated credits for re-implemented cipher modules
- Removed an erroneous note that RC4 is patented (RC5 was patented, but RC4
never was; it was originally kept as a trade secret, until it was leaked.
See: http://marc.info/?l=cryptography&m=96472454830010&w=2)
|
| |
| |
| |
| | |
Patch as per Lorenz on the mailing list.
|
| |
| |
| |
| |
| | |
Note that AllOrNothing fails occasionally. This has always been the case;
the unit test merely forces the flaw to be exposed.
|
| |
| |
| |
| |
| | |
functions.
Update documentation with Python 3.x notes.
|
| |
| |
| |
| |
| | |
o Add Ron Rivet DES test to test_DES.py
o Started on API documentation for 3.x
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Small fix to importKey documentation (ASN.1 structure names were
incorrect for public keys).
Factors of an RSA private key are computed from private exponent d
(both slowmath and fastmath).
|
|/
|
|
| |
Fixed examples to generate 1024 bit keys (that is, what RSA.generate() wants nowadays).
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Legrandin's getStrongPrime() patch changed the behaviour of
Crypto.Util.number.getRandomNumber() to something that is more like what
people would expect, but different from what we did before. This change
modifies Crypto.Util.number in the following ways:
- Rename getRandomNBitNumber -> getRandomNBitInteger
and getRandomNumber -> getRandomInteger
- Preserve old behaviour by making getRandomNumber work the same as
getRandomNBitInteger.
- Emit a DeprecationWarning when the old getRandomNumber is used.
|
|
|
|
|
|
|
|
|
|
| |
Update the documentation, so that:
1) The only example about RSA key shows how the randomness
generator should be created and used.
2) The description of Crypto.Util.randpool is replaced
with the more robust Crypto.Random.
Committer: Legrandin <gooksankoo@hoiptorrow.mailexpire.com>
|
| |
|
| |
|
|
|
|
| |
There will probably be no 2.0.2 release.
|
| |
|
| |
|
|
|
|
| |
Remove TeX file
|
|
|
|
| |
Fix \samp markup; grammar fix
|
|
|
|
| |
More reST conversion work. I think all of the LaTeX markup is now gone
|
|
|
|
| |
More conversion work
|
|
|
|
| |
More conversion work
|
|
|
|
| |
Perform some conversion
|
|
|
|
| |
Make copy for conversion to reST
|
|
|
|
|
| |
[project @ 2005-11-29 16:24:52 by akuchling]
Bump version
|
|
|
|
|
| |
[project @ 2005-06-14 01:20:22 by akuchling]
Bump version to 2.0.1
|
|
|
|
|
| |
[project @ 2005-05-09 14:20:54 by akuchling]
Remove Demo/ directory -- the code is old and possibly misleading, and no one is going to modernize it
|
|
|
|
|
| |
[project @ 2004-08-13 23:44:46 by akuchling]
Bump version to 2.0
|
|
|
|
|
| |
[project @ 2003-12-19 14:30:49 by akuchling]
Document SHA256; rename SHA to SHA1 in the text
|