| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Use the Chinese Remainder Theorem when decrypting with private key, as that
makes the decryption 2-4x faster.
This fixes #163.
|
| |
|
| |
|
|
|
|
| |
Ref: 1a5b2d166fc95e5f3f07fdfec075acdf4d0eda921
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Computing the blinding factor and its inverse was done in a thread-unsafe
manner. Locking the computation & update of the blinding factors, and
passing these around in frame- and stack-bound data, solves this.
This fixes part of the issues reported in sybrenstuvel/python-rsa#173,
but there is more going on in that particular report.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Store blinding factor + its inverse, so that they can be reused & updated
on every blinding operation. This avoids expensive computations.
The reuse of the previous blinding factor is done via squaring (mod n), as
per section 9 of 'A Timing Attack against RSA with the Chinese Remainder
Theorem' by Werner Schindler, https://tls.mbed.org/public/WSchindler-RSA_Timing_Attack.pdf
|
| |
|
|
|
|
|
| |
According to PKCS#1 v1.5, the padding should be at least 8 bytes long.
See https://tools.ietf.org/html/rfc8017#section-7.2.2 step 3 for more info.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use as many constant-time comparisons as practical in the
`rsa.pkcs1.decrypt` function.
`cleartext.index(b'\x00', 2)` will still be non-constant-time. The
alternative would be to iterate over all the data byte by byte in
Python, which is several orders of magnitude slower. Given that a
perfect constant-time implementation is very hard or even impossible to
do in Python [1], I chose the more performant option here.
[1]: https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Note that version 4.3 will not appear on the master branch, but is
available in the version-4.3-py27compatible branch only.
|
|
|
|
|
|
|
| |
The third-party library that adds support for this to Python 3.5 is a
binary package, and thus breaks the pure-Python nature of Python-RSA.
This should fix [#147](https://github.com/sybrenstuvel/python-rsa/issues/147).
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Poetry breaks no-binary installations of the RSA library, which defeats
the purpose of this library.
See https://github.com/sybrenstuvel/python-rsa/issues/148
Among other changes, this reverts commit
fcf5b7457c70426a242b17db20dd4e34e1055f69.
I also added a workaround for an `ImportError` importing `zipp` on
Python 3.5.
|
| |
|
|
|
|
|
|
| |
Supporting Python 3.8 not only required configuring Tox and Travis to
run the tests on that version, but also required updating the
dependencies. Without that update, `pluggy` wouldn't work properly.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reject cyphertexts that have been modified by prepending zero bytes, by
checking the cyphertext length against the expected size (given the
decryption key). This resolves CVE-2020-13757.
The same approach is used when verifying a signature.
Thanks Carnil for pointing this out on https://github.com/sybrenstuvel/python-rsa/issues/146
|
|
|
|
| |
This is a requirement for RSA blinding, but wasn't implemented yet.
|
|
|