[pycrypto] ERROR: testRsaUnversionedSignAndVerify failed
Hans-Peter Jansen
hpj at urpla.net
Thu Aug 20 03:11:46 CST 2009
Hi Sébastien, hi Steve,
first of all, thanks for the instant feedback.
Am Donnerstag, 20. August 2009 schrieb Sébastien Martini:
> Hi Hans-Peter,
>
> > /usr/lib/python2.6/site-packages/Crypto/Hash/SHA.py:6:
> > DeprecationWarning: the sha module is deprecated; use the hashlib
> > module instead
> > from sha import *
>
> Strange, with pycrypto 2.0.1 on Ubuntu 9.04 (and with Python 2.6.1) I
> do not have this warning. Are you sure your system use pycrypto
> 2.0.1 ?
Yes, I am:
$ rpm -qf /usr/lib/python2.6/site-packages/Crypto/PublicKey/RSA.py
python-crypto-2.0.1-28.115.1
Let me note, that I always generate rpm packages (at least with "python
setup.py bdist_rpm"), rather then installing from source directly.
Probably, Ubuntu incorporates some patches from Dwaynes trunk, does it?
I got rid of the Deprecation warning with updating to Dwaynes version, by
the price of a new one. See below.
Please let me turn around the question: are you sure, that Ubuntus version
isn't a hybrid of Andrews and Dwaynes at least? May I ask you to show me
your patches? I show you mine ;-)
openSUSE incorporated two patches to 2.0.1:
This one, I ported to trunk:
--- src/hash_template.c~ 2009-08-16 23:39:34.053841534 +0200
+++ src/hash_template.c 2009-08-20 10:16:05.877840748 +0200
@@ -111,13 +111,15 @@ ALG_hexdigest(ALGobject *self, PyObject
PyObject *value, *retval;
unsigned char *raw_digest, *hex_digest;
int i, j, size;
+ Py_ssize_t ssize;
if (!PyArg_ParseTuple(args, ""))
return NULL;
/* Get the raw (binary) digest value */
value = (PyObject *)hash_digest(&(self->st));
- size = PyString_Size(value);
+ ssize = PyString_Size(value);
+ size = (ssize > INT_MAX) ? INT_MAX : ssize;
raw_digest = (unsigned char *) PyString_AsString(value);
/* Create a new string */
Dwayne, is this in order or just plain silly?
The other is the already applied ARC2 fix to check of oversized keys.
> > ............................E.
> > ======================================================================
> > ERROR: testRsaUnversionedSignAndVerify (signer_test.SignerTest)
> > ----------------------------------------------------------------------
> > Traceback (most recent call last):
> > File ".../keyczar/tests/keyczar/signer_test.py", line 125, in
> > testRsaUnversionedSignAndVerify
> > self.__testUnversionedSignAndVerify("rsa-sign")
> > File ".../keyczar/tests/keyczar/signer_test.py", line 67, in
> > __testUnversionedSignAndVerify
> > self.assertFalse(unversioned_signer.Verify("Wrong string", sig)) File
> > "/usr/local/lib/python2.6/site-packages/keyczar/keyczar.py", line 404,
> > in Verify result = key.Verify(data, sig_bytes)
> > File "/usr/local/lib/python2.6/site-packages/keyczar/keys.py", line
> > 622, in Verify return self.public_key.Verify(msg, sig)
> > File "/usr/local/lib/python2.6/site-packages/keyczar/keys.py", line
> > 787, in Verify (util.BytesToLong(sig),))
> > File "/usr/lib/python2.6/site-packages/Crypto/PublicKey/pubkey.py",
> > line 84, in verify return self._verify(M, signature)
> > File "/usr/lib/python2.6/site-packages/Crypto/PublicKey/RSA.py", line
> > 103, in _verify m2=self._encrypt(sig[0])
> > File "/usr/lib/python2.6/site-packages/Crypto/PublicKey/RSA.py", line
> > 89, in _encrypt raise error, 'Plaintext too large'
> > error: Plaintext too large
>
> I think this error is related somehow to the hash computation (which
> also could be related to the deprecation warning) because this is the
> hash value which is signed with a private_encrypt() RSA method. I
> might be wrong but I really think this is not currently pycrypto 2.0.1
> that your keyczar install calls.
No, it _wasn't_ related to SHA.py, since in a first test, I just updated to
Dwaynes current SHA.py, which tries to import hashlib.SHA first and got rid
of the deprecation, but this error persisted.
After updating my python-crypto package to Dwaynes trunk, the tests
succeeded:
$ python alltests.py
./usr/lib/python2.6/site-packages/Crypto/Util/randpool.py:72:
RandomPool_DeprecationWarning: RandomPool is deprecated. Use Random.new()
or Random.RandomPoolCompat instead.
warnings.warn("RandomPool is deprecated. Use Random.new() or
Random.RandomPoolCompat instead.", RandomPool_DeprecationWarning)
.............................
----------------------------------------------------------------------
Ran 30 tests in 1.010s
OK
I fixed it with this patch:
--- util.py.orig 2009-08-20 10:40:19.248702303 +0200
+++ util.py 2009-08-20 10:57:27.765198430 +0200
@@ -30,7 +30,12 @@ except ImportError:
from sha import sha as sha1
from Crypto.Hash.SHA256 import new as sha256
-from Crypto.Util import randpool
+try:
+ # Import RandomPoolCompat, if available
+ from Crypto.Random import RandomPoolCompat as RandomPool
+except ImportError:
+ from Crypto.Util.randpool import RandomPool
+
from pyasn1.codec.der import decoder
from pyasn1.codec.der import encoder
from pyasn1.type import univ
@@ -291,7 +296,7 @@ def TrimBytes(bytes):
def RandBytes(n):
"""Return n random bytes."""
- return randpool.RandomPool(512).get_bytes(n)
+ return RandomPool(512).get_bytes(n)
def Hash(digest, *inputs):
"""Return a SHA-1 hash over a variable number of inputs."""
BTW, is there any reason to fetch 512 bytes always, and use a subset only
(if I read the code correctly)? What happens, if n is > 512?
> > ----------------------------------------------------------------------
> > Ran 30 tests in 3.179s
> >
> > FAILED (errors=1)
> >
> > Since I wanted to use RSA signing and encryption, I'm concerned about
> > it.
> >
> > System:
> > openSUSE 11.1, python 2.6.0, python-crypto-2.0.1, pyasn1-0.0.8a
>
> Cordially,
>
> Sébastien
Thanks,
Pete
More information about the pycrypto
mailing list