Python-Crypto

Bug #502291
Comment #10

Comment 10 for bug 502291

Revision history for this message

Guddu (anurag-chourasia) wrote on 2011-01-04: Re: [Bug 502291] Re: Support for PKCS#1 v1.5 signatures (RFC3447)

#10

Good Evening Folks :-)

Could you please tell me if we are going to include this in the trunk soon
then?

Thanks for all your help and all the amazing work that you guys have done.

Regards,
Anurag

On Wed, Dec 29, 2010 at 9:12 PM, Dwayne Litzenberger <email address hidden>wrote:

> The goal behind the freeze is to improve security in a practical sense
> by ensuring that the project remains maintainable, and to avoid adding
> new security holes (especially in the C code).
>
> Considering how many times I've seen people report the "plaintext too
> large" error as a PyCrypto bug rather than PEBKAC, I think we can make
> some huge security gains by adding PKCS#1 v2 and v1.5 support, without
> adding too much complexity to the code base.
>
> I do want to pay close attention to the resulting API, however. The
> Crypto.PublicKey API is pretty unfriendly, and I'd like to avoid making
> the same mistake with PKCS#1.
>
> "Thorsten Behrens" <email address hidden> wrote:
>
> >Since this came up again on the mailing list: How does this play with
> >the moratorium on new ciphers
> >(http://lists.dlitz.net/pipermail/pycrypto/2010q3/000264.html)? It's
> >not, strictly speaking, a new cipher, and Legrandin has a history of
> >working on the RSA/DSA code. He patched in unit tests, too, which is
> >great.
> >
> >I'd like to see this resurrected and brought in. I'll even volunteer to
> >bring it into pycrypto-next, though for selfish reasons, I'd like to
> >see
> >the py3k work land on trunk first, then create a branch to bring this
> >patch in. That'd make it easier to maintain one code base. The py3k
> >work
> >and this patch both have a large number of changes to the same files,
> >which would be a pain to merge from two branches.
> >
> >--
> >You received this bug notification because you are subscribed to
> >Python-
> >Crypto.
> >https://bugs.launchpad.net/bugs/502291
> >
> >Title:
> > Support for PKCS#1 v1.5 signatures (RFC3447)
>
> --
> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/502291
>
> Title:
> Support for PKCS#1 v1.5 signatures (RFC3447)
>
> Status in Python Cryptography Toolkit:
> Confirmed
>
> Bug description:
> This patch adds support for PKCS#1 v1.5 signatures.
>
> The sign() and verify() methods for an RSA key object
> are extended to accept an optional 'protocol' parameter,
> to specify how the signature should be carried out.
>
> The default value is 'raw' (or 'schoolbook') which is
> still the original algorithm. Since 'protocol' is optional
> there should be no backward compatibility problems.
>
> The 'protocol' associated to PKCS#1 v1.5 is either 'PKCS1',
> 'PKCS1-1.5' , or 'RSA/PKCS1-1.5'. Since such protocol
> embeds the OID of the hash used, I have also modified
> each available hash algorithm so that each hash object has got
> an appropriate 'oid' string attribute, that will be retrieved
> by the sign() method.
>
> I guess that in the future we may add other protocols in
> the same way, by picking intuitive strings (e.g.' PKCS1-PSS', 'X9.31',
> etc).
>
> The verification code is not subject to Bleichenbacher's
> (http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html)
> and OKW's (
> http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001240.html)
> attacks.
>
> Typical usage is the following:
>
> import Crypto.Hash.SHA
> import Crypto.PublicKey.RSA
>
> message = "Test"
> hash = SHA.new()
> hash.update(message)
>
> signature = k.sign(hash, None, 'PKCS1')[0]
>
> [... at the other end ...]
> messageReceived = "Test"
> hash = SHA.new()
> hash.update(messageReceived)
>
> auth = k.verify(hash, signatureReceived)
>
> To unsubscribe from this bug, go to:
> https://bugs.launchpad.net/pycrypto/+bug/502291/+subscribe
>

Good Evening Folks :-)

Could you please tell me if we are going to include this in the trunk soon
then?

Thanks for all your help and all the amazing work that you guys have done.

Regards,
Anurag

On Wed, Dec 29, 2010 at 9:12 PM, Dwayne Litzenberger <dlitz@dlitz.net>wrote:

> The goal behind the freeze is to improve security in a practical sense
> by ensuring that the project remains maintainable, and to avoid adding
> new security holes (especially in the C code).
>
> Considering how many times I've seen people report the "plaintext too
> large" error as a PyCrypto bug rather than PEBKAC, I think we can make
> some huge security gains by adding PKCS#1 v2 and v1.5 support, without
> adding too much complexity to the code base.
>
> I do want to pay close attention to the resulting API, however.  The
> Crypto.PublicKey API is pretty unfriendly, and I'd like to avoid making
> the same mistake with PKCS#1.
>
> "Thorsten Behrens" <502291@bugs.launchpad.net> wrote:
>
> >Since this came up again on the mailing list: How does this play with
> >the moratorium on new ciphers
> >(http://lists.dlitz.net/pipermail/pycrypto/2010q3/000264.html)? It's
> >not, strictly speaking, a new cipher, and Legrandin has a history of
> >working on the RSA/DSA code. He patched in unit tests, too, which is
> >great.
> >
> >I'd like to see this resurrected and brought in. I'll even volunteer to
> >bring it into pycrypto-next, though for selfish reasons, I'd like to
> >see
> >the py3k work land on trunk first, then create a branch to bring this
> >patch in. That'd make it easier to maintain one code base. The py3k
> >work
> >and this patch both have a large number of changes to the same files,
> >which would be a pain to merge from two branches.
> >
> >--
> >You received this bug notification because you are subscribed to
> >Python-
> >Crypto.
> >https://bugs.launchpad.net/bugs/502291
> >
> >Title:
> >  Support for PKCS#1 v1.5 signatures (RFC3447)
>
> --
> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/502291
>
> Title:
>  Support for PKCS#1 v1.5 signatures (RFC3447)
>
> Status in Python Cryptography Toolkit:
>  Confirmed
>
> Bug description:
>  This patch adds support for PKCS#1 v1.5 signatures.
>
> The sign() and verify() methods for an RSA key object
> are extended to accept an optional 'protocol' parameter,
> to specify how the signature should be carried out.
>
> The default value is 'raw' (or 'schoolbook') which is
> still the original algorithm. Since 'protocol' is optional
> there should be no backward compatibility problems.
>
> The 'protocol' associated to PKCS#1 v1.5 is either 'PKCS1',
> 'PKCS1-1.5' , or 'RSA/PKCS1-1.5'. Since such protocol
> embeds the OID of the hash used, I have also modified
> each available hash algorithm so that each hash object has got
> an appropriate 'oid' string attribute, that will be retrieved
> by the sign() method.
>
> I guess that in the future we may add other protocols in
> the same way, by picking intuitive strings (e.g.' PKCS1-PSS', 'X9.31',
> etc).
>
> The verification code is not subject to Bleichenbacher's
> (http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html)
> and OKW's (
> http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001240.html)
> attacks.
>
> Typical usage is the following:
>
> import Crypto.Hash.SHA
> import Crypto.PublicKey.RSA
>
> message = "Test"
> hash = SHA.new()
> hash.update(message)
>
> signature = k.sign(hash, None, 'PKCS1')[0]
>
> [... at the other end ...]
> messageReceived = "Test"
> hash = SHA.new()
> hash.update(messageReceived)
>
> auth = k.verify(hash, signatureReceived)
>
> To unsubscribe from this bug, go to:
> https://bugs.launchpad.net/pycrypto/+bug/502291/+subscribe
>