Crypto.Signature.PKCS1_PSS is reverted to the old behavior it had
in PyCrypto: verify() returns True/False and does not raise an
exception with wrong signature.
In the process, we add a "randfunc" parameter to
- Crypto.Cipher.PKCS1_OAEP.new()
- Crypto.Cipher.PKCS1_v1_5.new()
- Crypto.Signature.PKCS1_PSS.new()
to set the PRNG used by each algorithm.
Previously, the PRNG was taken from the RSA key itself.
This patch does a few things to simplify the public key classes
(RSA, DSA and ElGamal):
* It removes the Crypto.PublicKey.pubkey module. The 3 classes
do not have an ancestor anymore.
* Methods sign(), verify(), encrypt(), and decrypt() are removed.
* Methods blind() and unblind() are removed.
* Methods can_sign() and can_encrypt() are removed.
* The 3 classes cannot be pickled anymore.
Until now, the verify() method of a Crypto.Signature object returns
False if a signature is not authentic.
With this change set, verify() now raises a ValueError exception.
The return value of verify() must not be checked anymore.
NOTE: this change sets breaks compatibility with PyCrypto
As it stood before this commit, the hash was never used in the signing
process. It looks like the bug was introduced by e053629 (Restructure
both PKCS#1 signature schemes as objects, 2011-10-16), which changed:
- >>> signature = PKCS1_PSS.sign(h, key)
+ >>> signer = PKCS1_PSS.new(key)
+ >>> signature = PKCS1_PSS.sign(key)
The pure Python wrappers around Crypto.Hash.* were convenient, but they
slowed down hash initialization by 4-7x.
There is a speed trade-off here: The MD5 and SHA1 objects are just
wrapped hashlib objects (or old-style md5/sha objects). To maintain API
compatibility with the rest of PyCrypto, we still have to wrap them, so
they're slower to initialize than the rest of the hash functions. If
hashlib ever adds a .new() method, we will automatically use hashlib
directly and gain the initialization speed-up.
These algorithm names were confusing, because there are actually
algorithms called "SHA" (a.k.a. SHA-0) and "RIPEMD" (the original
version).
This commit just renames the modules, with no backward-compatibility
support.
Objects used by PKCS#1 modules were treated as private,
and therefore ignored by epydoc.
Replaced SHA module with None as PBKDF1 default parameter value, because it was
not displayed nicely by epydoc. Default value is assigned in the body.
