Skip to content

ecdsa 0.14

Compare
Choose a tag to compare
@tomato42 tomato42 released this 06 Nov 19:15
· 420 commits to master since this release
84dbe0d

tl;dr:

  • support for Brainpool curves
  • better test coverage, fixed bugs found by it
  • support for compressed point representation

Bug fixes:

  • Strict checking of DER requirements when parsing SEQUENCE, INTEGER,
    OBJECT IDENTIFIER and BITSTRING objects.
  • DER parsers now consistently raise UnexpectedDER exception on malformed DER
    encoded byte strings.
  • Make sure that both malformed and invalid signatures raise BadSignatureError.
  • Ensure that all SigningKey and VerifyingKey methods that should accept
    bytes-like objects actually do accept them (also avoid copying input strings).
  • Make SigningKey.sign_digest_deterministic use default object hashfunc when
    none was provided.
  • encode_integer now works for large integers.
  • Make encode_oid and remove_object correctly handle OBJECT IDENTIFIERs
    with large second subidentifier and padding in encoded subidentifiers.

New features:

  • Deterministic signature methods now accept extra_entropy parameter to further
    randomise the selection of k (the nonce) for signature, as specified in
    RFC6979.
  • Recovery of public key from signature is now supported.
  • Support for SEC1/X9.62 formatted keys, all three encodings are supported:
    "uncompressed", "compressed" and "hybrid". Both string, and PEM/DER will
    automatically accept them, if the size of the key matches the curve.
  • Benchmarking application now provides performance numbers that are easier to
    compare against OpenSSL.
  • Support for all Brainpool curves (non-twisted).

New API:

  • CurveFp: __str__ is now supported.
  • SigningKey.sign_deterministic, SigningKey.sign_digest_deterministic and
    generate_k: extra_entropy parameter was added
  • Signature.recover_public_keys was added
  • VerifyingKey.from_public_key_recovery and
  • VerifyingKey.from_public_key_recovery_with_digest were added
  • VerifyingKey.to_string: encoding parameter was added
  • VerifyingKey.to_der and SigningKey.to_der: point_encoding parameter was
    added.
  • encode_bitstring: unused parameter was added
  • remove_bitstring: expect_unused parameter was added
  • SECP256k1 is now part of curves * import
  • Curves: __repr__ is now supported
  • VerifyingKey: __repr__ is now supported

Deprecations:

  • Python 2.5 is not supported any more - dead code removal.
  • from ecdsa.keys import * will now import only objects defined in that module.
  • Trying to decode a malformed point using VerifyingKey.from_string
    will rise now the MalformedPointError exception (that inherits from
    AssertionError but is not it).
  • Multiple functions in numbertheory are considered deprecated: phi,
    carmichael, carmichael_of_factorized, carmichael_of_ppower,
    order_mod, largest_factor_relatively_prime, kinda_order_mod. They will
    now emit DeprecationWarning when used. Run the application or test suite
    with -Wd option or with PYTHONWARNINGS=default environment variable to
    verify if those methods are not used. They will be removed completely in a
    future release.
  • encode_bitstring and decode_bitstring expect the number of unused
    bits to be passed as an argument now. They will emit DeprecationWarning
    if they are used in the deprecated way.
  • modular_exp: will emit DeprecationWarning

Hardening:

  • Deterministic signatures now verify that the signature won't leak private
    key through very unlikely selection of k value (the nonce).
  • Nonce bit size hiding was added (hardening against Minerva attack). Please
    note that it DOES NOT make library secure against side channel attacks (timing
    attacks).

Performance:

  • The public key in key generation is not verified twice now, making key
    generation and private key reading about 33% faster.
  • Microoptimisation to inverse_mod function, increasing performance by about
    40% for all operations.

Maintenance:

  • Extended test coverage to newer python versions.
  • Fixes to examples in README.md: correct commands, more correct code (now works
    on Python 3).
  • Stopped bundling six
  • Moved sources into src subdirectory
  • Made benchmarking script standalone (runnable either with tox -e speed, or
    after installation, with python speed.py)
  • Now test coverage reported to coveralls is branch coverage, not line coverage
  • Autodetection of curves supported by OpenSSL (test suite compatibility with
    Fedora OpenSSL package).
  • More readable error messages (exceptions) in der module.
  • Documentation to VerifyingKey, SigningKey and signature encoder/decoder
    functions added.
  • Added measuring and verifying condition coverage to Continuous Integration.
  • Big clean-up of the test suite, use pytest parametrisation and hypothesis
    for better test coverage and more precise failure reporting.
  • Use platform-provided math.gcd, when provided.