| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
| |
Clarify functionality that a hash is not computed, rather
a precomputed (given) hash is being signed.
Signed-off-by: Moritz Fischer <moritzf@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the documentation by adding referenced-but-not-included functions and
some other small fixes.
The only warnings left are:
```
python-rsa/rsa/key.py:docstring of rsa.key.AbstractKey.load_pkcs1:: WARNING: py:class reference target not found: rsa.key.T
python-rsa/rsa/key.py:docstring of rsa.key.AbstractKey.load_pkcs1:: WARNING: py:class reference target not found: rsa.key.T
```
These are due to Sphynx not really understanding `typing` type references.
Not sure how to fix those.
|
| | |
|
| |
|
|
| |
No functional changes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As captured in https://github.com/python/typeshed/pull/1663, the types for
SHA-1 and SHA-2 family of functions are callables that return a Hash instance,
whilst the SHA-3 family of functions are Hash `type`s (at least in Python 3.6).
Mixing the two kinds of functions together in a dictionary confuses mypy's type
inference as noted in #153, so we instead add an annotation as a hint.
Also, update test_my.py to match the python version set by tox.ini in CI
instead of always targeting Python 3.7 (as configured in setup.cfg) to
validate the types in all supported Python 3.x versions.
This fix also avoids the issue with the older mypy releases for
Python 3.6 / Python 3.7 found in distro repos...
... for Ubuntu:
```
docker run \
-v $(pwd):/tmp/rsa \
-w /tmp/rsa ubuntu:18.04 \
/bin/bash -c 'apt-get update -qqy \
&& apt-get install -qqy python3-pyasn1 python3-setuptools python3-mypy \
&& python3 setup.py test'
```
... and for Fedora:
```
docker run \
-v $(pwd):/tmp/rsa \
-w /tmp/rsa docker.io/fedora \
/bin/bash -c 'dnf -y install wget python3-devel python3-pyasn1 python3-setuptools python3-mypy \
&& python3 setup.py test'
```
Fixes #153
|
| |
|
|
|
| |
Crypto length and blocksize are public info, so don't need side-channel
free comparison.
|
| |
|
|
|
| |
Use `bytes.find()` instead of `bytes.index()`, as the former doesn't raise
an exception when the to-be-found byte doesn't exist.
|
| |
|
|
|
| |
According to PKCS#1 v1.5, the padding should be at least 8 bytes long.
See https://tools.ietf.org/html/rfc8017#section-7.2.2 step 3 for more info.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use as many constant-time comparisons as practical in the
`rsa.pkcs1.decrypt` function.
`cleartext.index(b'\x00', 2)` will still be non-constant-time. The
alternative would be to iterate over all the data byte by byte in
Python, which is several orders of magnitude slower. Given that a
perfect constant-time implementation is very hard or even impossible to
do in Python [1], I chose the more performant option here.
[1]: https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/
|
| |
|
|
|
|
|
| |
The third-party library that adds support for this to Python 3.5 is a
binary package, and thus breaks the pure-Python nature of Python-RSA.
This should fix [#147](https://github.com/sybrenstuvel/python-rsa/issues/147).
|
| |
|
|
|
|
|
|
|
|
| |
Reject cyphertexts that have been modified by prepending zero bytes, by
checking the cyphertext length against the expected size (given the
decryption key). This resolves CVE-2020-13757.
The same approach is used when verifying a signature.
Thanks Carnil for pointing this out on https://github.com/sybrenstuvel/python-rsa/issues/146
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This is based on https://github.com/sybrenstuvel/python-rsa/pull/96, with
a few improvements:
- The minimum of one use of SHA3 in a unit test, to at least touch it at
some point.
- Documented the support of SHA3.
- Only install the third-party library required by Python 3.5 when we're
running on Python 3.5. Newer Python versions support SHA3 natively.
|
| |
|
|
|
|
| |
One functional change: `CryptoOperation.read_infile()` now reads bytes
from `sys.stdin` instead of text. This is necessary to be consistent with
the rest of the code, which all deals with bytes.
|
| | |
|
| |
|
| |
"if A and B" if mostly A is True then we should judge B at first
|
| | |
|
| |
|
|
| |
Implementation of the Mask Generation Function `MGF1` used in the OAEP encoding step.
For more information, the MGF1 specification is at https://tools.ietf.org/html/rfc2437#section-10.2.1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Split the hashing out of the sign method
This code change adds support to split the hashing of a message
and the actual signing of the message.
* Updating unit test and documentation
This commit updates the unit test and usage docs. In addition,
This change removes a redundant error check inside rsa.sign().
* Refactore unit tests and code comments
Removed the print statements from the unit test and refactored a
few code comments to improve readability.
* Rename hash function
The new hash function had the same name as a function in the
standard library. This commit changes the name to avoid conflicts.
* Rename hash function to compute_hash()
This commit renames the hash function to compute_hash().
|
| |
|
|
|
|
| |
I've not used the name "find_method_hash" suggested in #78, as it's a bit
vague. It's ok-ish for a private function `_find_method_hash`, but I
thought `find_signature_hash` would be more descriptive.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The following modules have been removed:
- rsa._version133
- rsa._version200
- rsa.bigfile
- rsa.varblock
The encrypt/decrypt-bigfile CLI commands have also been removed.
|
| |
|
|
|
|
| |
Also:
- changed http to https in the code
- changed header underlines in the documentation to match the header length
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This prevents side-channel (such as timing) attacks, see:
https://en.wikipedia.org/wiki/Blinding_%28cryptography%29
|
| |
|
|
|
| |
I've also removed doctests from the obsolete rsa/_versionXXX.py files,
as those files aren't even compatible with Python 3.x anyway.
|
| | |
|
| |
|
|
|
| |
Mostly focused on docstrings (''' → """), indentation, empty lines,
and superfluous parenthesis.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- when verification passes verify() will return True, instead of
None. If verification fails the function will still raise a
rsa.pkcs1.VerificationError for legacy purposes.
- update the docs to note that the verify() function returns True
when successful
- write unit tests to verify this new behavior
This commit passes all build tests:
Ran 44 tests in 1.217s
OK
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
