[pycrypto] ERROR: testRsaUnversionedSignAndVerify failed

Steve Weis steveweis at gmail.com
Thu Aug 20 14:42:12 CST 2009 

Are there advantages to using Pycrypto's Randpool over
Random.SystemRandom()?
In another Keyczar thread, someone reported that Randpool was a performance
bottleneck and got a big improvement by switching to SystemRandom.

I don't know enough about the underlying implementations to make any
security judgement. If anyone can comment authoritatively, please do.

On Thu, Aug 20, 2009 at 2:11 AM, Hans-Peter Jansen <hpj at urpla.net> wrote:

>
> Hi Sébastien, hi Steve,
>
> first of all, thanks for the instant feedback.
>
> Am Donnerstag, 20. August 2009 schrieb Sébastien Martini:
> > Hi Hans-Peter,
> >
> > > /usr/lib/python2.6/site-packages/Crypto/Hash/SHA.py:6:
> > > DeprecationWarning: the sha module is deprecated; use the hashlib
> > > module instead
> > >   from sha import *
> >
> > Strange, with pycrypto 2.0.1 on Ubuntu 9.04 (and with Python 2.6.1) I
> > do not have this warning. Are you sure your system use pycrypto
> > 2.0.1 ?
>
> Yes, I am:
> $ rpm -qf /usr/lib/python2.6/site-packages/Crypto/PublicKey/RSA.py
> python-crypto-2.0.1-28.115.1
>
> Let me note, that I always generate rpm packages (at least with "python
> setup.py bdist_rpm"), rather then installing from source directly.
>
> Probably, Ubuntu incorporates some patches from Dwaynes trunk, does it?
> I got rid of the Deprecation warning with updating to Dwaynes version, by
> the price of a new one. See below.
>
> Please let me turn around the question: are you sure, that Ubuntus version
> isn't a hybrid of Andrews and Dwaynes at least? May I ask you to show me
> your patches? I show you mine ;-)
>
> openSUSE incorporated two patches to 2.0.1:
>
> This one, I ported to trunk:
> --- src/hash_template.c~        2009-08-16 23:39:34.053841534 +0200
> +++ src/hash_template.c 2009-08-20 10:16:05.877840748 +0200
> @@ -111,13 +111,15 @@ ALG_hexdigest(ALGobject *self, PyObject
>        PyObject *value, *retval;
>        unsigned char *raw_digest, *hex_digest;
>        int i, j, size;
> +       Py_ssize_t ssize;
>
>        if (!PyArg_ParseTuple(args, ""))
>                return NULL;
>
>        /* Get the raw (binary) digest value */
>        value = (PyObject *)hash_digest(&(self->st));
> -       size = PyString_Size(value);
> +       ssize = PyString_Size(value);
> +       size = (ssize > INT_MAX) ? INT_MAX : ssize;
>        raw_digest = (unsigned char *) PyString_AsString(value);
>
>        /* Create a new string */
>
> Dwayne, is this in order or just plain silly?
>
> The other is the already applied ARC2 fix to check of oversized keys.
>
> > > ............................E.
> > > ======================================================================
> > > ERROR: testRsaUnversionedSignAndVerify (signer_test.SignerTest)
> > > ----------------------------------------------------------------------
> > > Traceback (most recent call last):
> > >   File ".../keyczar/tests/keyczar/signer_test.py", line 125, in
> > > testRsaUnversionedSignAndVerify
> > > self.__testUnversionedSignAndVerify("rsa-sign")
> > >   File ".../keyczar/tests/keyczar/signer_test.py", line 67, in
> > > __testUnversionedSignAndVerify
> > > self.assertFalse(unversioned_signer.Verify("Wrong string", sig)) File
> > > "/usr/local/lib/python2.6/site-packages/keyczar/keyczar.py", line 404,
> > > in Verify result = key.Verify(data, sig_bytes)
> > >   File "/usr/local/lib/python2.6/site-packages/keyczar/keys.py", line
> > > 622, in Verify return self.public_key.Verify(msg, sig)
> > >   File "/usr/local/lib/python2.6/site-packages/keyczar/keys.py", line
> > > 787, in Verify (util.BytesToLong(sig),))
> > >   File "/usr/lib/python2.6/site-packages/Crypto/PublicKey/pubkey.py",
> > > line 84, in verify return self._verify(M, signature)
> > >   File "/usr/lib/python2.6/site-packages/Crypto/PublicKey/RSA.py", line
> > > 103, in _verify m2=self._encrypt(sig[0])
> > >   File "/usr/lib/python2.6/site-packages/Crypto/PublicKey/RSA.py", line
> > > 89, in _encrypt raise error, 'Plaintext too large'
> > > error: Plaintext too large
> >
> > I think this error is related somehow to the hash computation (which
> > also could be related to the deprecation warning) because this is the
> > hash value which is signed with a private_encrypt() RSA method. I
> > might be wrong but I really think this is not currently pycrypto 2.0.1
> > that your keyczar install calls.
>
> No, it _wasn't_ related to SHA.py, since in a first test, I just updated to
> Dwaynes current SHA.py, which tries to import hashlib.SHA first and got rid
> of the deprecation, but this error persisted.
>
> After updating my python-crypto package to Dwaynes trunk, the tests
> succeeded:
>
> $ python alltests.py
> ./usr/lib/python2.6/site-packages/Crypto/Util/randpool.py:72:
> RandomPool_DeprecationWarning: RandomPool is deprecated.  Use Random.new()
> or Random.RandomPoolCompat instead.
>  warnings.warn("RandomPool is deprecated.  Use Random.new() or
> Random.RandomPoolCompat instead.", RandomPool_DeprecationWarning)
> .............................
> ----------------------------------------------------------------------
> Ran 30 tests in 1.010s
>
> OK
>
> I fixed it with this patch:
>
> --- util.py.orig        2009-08-20 10:40:19.248702303 +0200
> +++ util.py     2009-08-20 10:57:27.765198430 +0200
> @@ -30,7 +30,12 @@ except ImportError:
>   from sha import sha as sha1
>   from Crypto.Hash.SHA256 import new as sha256
>
> -from Crypto.Util import randpool
> +try:
> +  # Import RandomPoolCompat, if available
> +  from Crypto.Random import RandomPoolCompat as RandomPool
> +except ImportError:
> +  from Crypto.Util.randpool import RandomPool
> +
>  from pyasn1.codec.der import decoder
>  from pyasn1.codec.der import encoder
>  from pyasn1.type import univ
> @@ -291,7 +296,7 @@ def TrimBytes(bytes):
>
>  def RandBytes(n):
>   """Return n random bytes."""
> -  return randpool.RandomPool(512).get_bytes(n)
> +  return RandomPool(512).get_bytes(n)
>
>  def Hash(digest, *inputs):
>   """Return a SHA-1 hash over a variable number of inputs."""
>
> BTW, is there any reason to fetch 512 bytes always, and use a subset only
> (if I read the code correctly)? What happens, if n is > 512?
>
> > > ----------------------------------------------------------------------
> > > Ran 30 tests in 3.179s
> > >
> > > FAILED (errors=1)
> > >
> > > Since I wanted to use RSA signing and encryption, I'm concerned about
> > > it.
> > >
> > > System:
> > > openSUSE 11.1, python 2.6.0, python-crypto-2.0.1, pyasn1-0.0.8a
> >
> > Cordially,
> >
> > Sébastien
>
> Thanks,
> Pete
>
>
> --~--~---------~--~----~------------~-------~--~----~
> You received this message because you are subscribed to the Google Groups
> "Keyczar Discuss" group.
> To post to this group, send email to keyczar-discuss at googlegroups.com
> To unsubscribe from this group, send email to
> keyczar-discuss+unsubscribe at googlegroups.com<keyczar-discuss%2Bunsubscribe at googlegroups.com>
> For more options, visit this group at
> http://groups.google.com/group/keyczar-discuss?hl=en
> -~----------~----~----~----~------~----~------~--~---
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.dlitz.net/pipermail/pycrypto/attachments/20090820/0e1c40fd/attachment.htm

More information about the pycrypto mailing list