Import key code is not compatible with GMP library

Bug #702835 reported by Legrandin on 2011-01-14
14
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Python-Crypto
Undecided
Unassigned

Bug Description

I have just noticed that a secret RSA key that was generated by an external tool (e.g. opensll) as DER/PEM
and that isimported via RSA.importKey() won't decrypt/sign correctly if the GMP library is installed.

The problem is that - in the standard representation - RSA key components include q^{-1} mod p, whereas
the code in _fastmath.c requires p^{-1} mod q instead.

You can verify that by importing a key from openssl, and - with GMP installed - by encrypting+decrypting a string: the result is not the original string.

I have not noticed it in my tests so far because I didn't have GMP installed (my fault).
Moreover, _slowmath.py does not use CRT compoenents as _fastmath.c does.

There are no real security concerns here: the only problem is that a) signatures generated in this way cannot be verified b) data cannot be correctly decrypted. Verification and encryption done with import key is not affected.

I have already a very short patch ready: I will send it out in the coming days.
It also extends _slowmath.py to use CRT, which therefore does exactly what _fastmath.c does.

Affects: pycrypto 2.2 and 2.3

Dwayne Litzenberger (dlitz) wrote :
Changed in pycrypto:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers