| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
As it stood before this commit, the hash was never used in the signing
process. It looks like the bug was introduced by e053629 (Restructure
both PKCS#1 signature schemes as objects, 2011-10-16), which changed:
- >>> signature = PKCS1_PSS.sign(h, key)
+ >>> signer = PKCS1_PSS.new(key)
+ >>> signature = PKCS1_PSS.sign(key)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The digest AlgorithmIdentifier has optional (NULL) parameters; the
verification function should not reject a signature if they are omitted.
With this fix, either case is acceptable (parameters present with value NULL
or not present).
As an exception, signatures based on old MD2/MD5 must always have NULL
parameters.
See Appendix B.1 of RFC 3447 and Section 2.1 of RFC 4055.
Closes: https://bugs.launchpad.net/pycrypto/+bug/1119552
[dlitz: Rebased and updated to use refactored asn1 API, text OIDs, & to fix Python 2.1.]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch contains the following changes:
- Private RSA keys can be imported/exported in encrypted form,
protected according to PKCS#8 and:
* PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC.
* PBKDF2WithHMAC-SHA1AndAES128-CBC
* PBKDF2WithHMAC-SHA1AndAES192-CBC
* PBKDF2WithHMAC-SHA1AndAES256-CBC
In addition to that, it is possible to import keys i the
following weak formats:
* pbeWithMD5AndDES-CBC
* pbeWithSHA1AndRC2-CBC
* pbeWithMD5AndRC2-CBC
* pbeWithSHA1AndDES-CBC
- The following new module (and 1 new package) are added:
* Crypto.Util.Padding for simple padding/unpadding logic
* Crypto.IO._PBES for PBE-related PKCS#5 logic
* Crypto.IO.PEM for PEM wrapping/unwrapping
* Crypto.IO.PKCS8 for PKCS#8 wrapping/unwrapping
- All Object ID (OIDs) are now in dotted form to increase
readability.
- Add AES support to PEM format (decode only).
The PEM module can decrypt messages protected with AES-CBC.
- Update RSA import test cases.
- Updated to PKCS8 test cases
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pure Python wrappers around Crypto.Hash.* were convenient, but they
slowed down hash initialization by 4-7x.
There is a speed trade-off here: The MD5 and SHA1 objects are just
wrapped hashlib objects (or old-style md5/sha objects). To maintain API
compatibility with the rest of PyCrypto, we still have to wrap them, so
they're slower to initialize than the rest of the hash functions. If
hashlib ever adds a .new() method, we will automatically use hashlib
directly and gain the initialization speed-up.
|
|
|
|
|
|
|
|
|
|
|
|
| |
In PyCrypto v2.5, the "oid" attribute was added to hash objects. In
retrospect, this was not a good idea, since the OID is not really a
property of the hash algorithm, it's a protocol-specific identifer for
the hash functions. PKCS#1 v1.5 uses it, but other protocols (e.g.
OpenPGP, DNSSEC, SSH, etc.) use different identifiers, and it doesn't make
sense to add these to Crypto.Hash.* every time a new algorithm is added.
This also has the benefit of being compatible with the Python standard
library's "hashlib" objects, which also have a name attribute.
|
|
|
|
|
|
|
|
|
| |
These algorithm names were confusing, because there are actually
algorithms called "SHA" (a.k.a. SHA-0) and "RIPEMD" (the original
version).
This commit just renames the modules, with no backward-compatibility
support.
|
| |
|
|
|
|
|
|
|
|
| |
Objects used by PKCS#1 modules were treated as private,
and therefore ignored by epydoc.
Replaced SHA module with None as PBKDF1 default parameter value, because it was
not displayed nicely by epydoc. Default value is assigned in the body.
|
| |
|
| |
|
|
|
|
| |
Fixed the can_sign() methods.
|
|
|
|
|
|
|
| |
belonging to each RSA key is reused.
Error detection is internally implemented in a simpler (and safer) way for PKCS1 OAEP decryption.
General fixes to documentation for PKCS1.
|
|
|
|
| |
size in bits is in the form n*8+1)
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|