3 * Public-key cryptography
5 * (c) 2004 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of the Python interface to Catacomb.
12 * Catacomb/Python is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
17 * Catacomb/Python is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with Catacomb/Python; if not, write to the Free Software Foundation,
24 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 /*----- Header files ------------------------------------------------------*/
29 #include "catacomb-python.h"
31 /*----- DSA and similar ---------------------------------------------------*/
33 typedef struct dsa_pyobj
{
35 PyObject
*G
, *u
, *p
, *rng
, *hash
;
39 static PyTypeObject
*dsapub_pytype
, *dsapriv_pytype
;
40 static PyTypeObject
*kcdsapub_pytype
, *kcdsapriv_pytype
;
41 #define DSA_D(o) (&((dsa_pyobj *)(o))->d)
42 #define DSA_G(o) (((dsa_pyobj *)(o))->G)
43 #define DSA_U(o) (((dsa_pyobj *)(o))->u)
44 #define DSA_P(o) (((dsa_pyobj *)(o))->p)
45 #define DSA_RNG(o) (((dsa_pyobj *)(o))->rng)
46 #define DSA_HASH(o) (((dsa_pyobj *)(o))->hash)
48 static void dsa_pydealloc(PyObject
*me
)
50 dsa_pyobj
*g
= (dsa_pyobj
*)me
;
51 Py_DECREF(g
->G
); Py_DECREF(g
->u
); Py_DECREF(g
->p
);
52 Py_DECREF(g
->rng
); Py_DECREF(g
->hash
);
56 static PyObject
*dsa_setup(PyTypeObject
*ty
, PyObject
*G
, PyObject
*u
,
57 PyObject
*p
, PyObject
*rng
, PyObject
*hash
,
58 void (*calcpub
)(group
*, ge
*, mp
*))
63 g
= PyObject_New(dsa_pyobj
, ty
);
69 if ((g
->d
.u
= getmp(u
)) == 0)
71 if (MP_PYCHECK(u
)) Py_INCREF(u
);
72 else u
= mp_pywrap(g
->d
.u
);
75 assert(g
->d
.u
); assert(calcpub
);
76 pp
= G_CREATE(GROUP_G(G
));
77 calcpub(GROUP_G(G
), pp
, g
->d
.u
);
79 } else if (GROUP_G(G
) != GE_G(p
) && !group_samep(GROUP_G(G
), GE_G(p
)))
80 TYERR("public key not from group");
83 g
->d
.r
= GRAND_R(rng
);
84 g
->d
.h
= GCHASH_CH(hash
);
85 g
->G
= G
; Py_INCREF(G
); g
->u
= u
; g
->p
= p
;
86 g
->rng
= rng
; Py_INCREF(rng
); g
->hash
= hash
; Py_INCREF(hash
);
87 return ((PyObject
*)g
);
94 static PyObject
*dsapub_pynew(PyTypeObject
*ty
,
95 PyObject
*arg
, PyObject
*kw
)
97 PyObject
*G
, *p
, *rng
= rand_pyobj
, *hash
= sha_pyobj
;
99 static const char *const kwlist
[] = { "G", "p", "hash", "rng", 0 };
101 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O!O!|O!O!:new", KWLIST
,
104 gchash_pytype
, &hash
,
105 grand_pytype
, &rng
) ||
106 (rc
= dsa_setup(dsapub_pytype
, G
, 0, p
, rng
, hash
, 0)) == 0)
112 static PyObject
*dsameth_beginhash(PyObject
*me
, PyObject
*arg
)
114 if (!PyArg_ParseTuple(arg
, ":beginhash")) return (0);
115 return (ghash_pywrap(DSA_HASH(me
), gdsa_beginhash(DSA_D(me
))));
118 static PyObject
*dsameth_endhash(PyObject
*me
, PyObject
*arg
)
122 if (!PyArg_ParseTuple(arg
, "O&:endhash", convghash
, &h
)) return (0);
123 gdsa_endhash(DSA_D(me
), h
);
125 rc
= bytestring_pywrap(0, GH_CLASS(h
)->hashsz
);
126 GH_DONE(h
, PyString_AS_STRING(rc
));
131 static PyObject
*dsameth_sign(PyObject
*me
, PyObject
*arg
, PyObject
*kw
)
133 gdsa_sig s
= GDSA_SIG_INIT
;
138 static const char *const kwlist
[] = { "msg", "k", 0 };
140 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "s#|O&:sign", KWLIST
,
143 if (n
!= DSA_D(me
)->h
->hashsz
)
144 VALERR("bad message length (doesn't match hash size)");
145 gdsa_sign(DSA_D(me
), &s
, p
, k
);
146 rc
= Py_BuildValue("(NN)", mp_pywrap(s
.r
), mp_pywrap(s
.s
));
152 static PyObject
*dsameth_verify(PyObject
*me
, PyObject
*arg
)
156 gdsa_sig s
= GDSA_SIG_INIT
;
159 if (!PyArg_ParseTuple(arg
, "s#(O&O&):verify",
160 &p
, &n
, convmp
, &s
.r
, convmp
, &s
.s
))
162 if (n
!= DSA_D(me
)->h
->hashsz
)
163 VALERR("bad message length (doesn't match hash size)");
164 rc
= getbool(!gdsa_verify(DSA_D(me
), &s
, p
));
171 static void dsa_calcpub(group
*g
, ge
*p
, mp
*u
) { G_EXP(g
, p
, g
->g
, u
); }
173 static PyObject
*dsapriv_pynew(PyTypeObject
*ty
,
174 PyObject
*arg
, PyObject
*kw
)
176 PyObject
*G
, *p
= 0, *u
, *rng
= rand_pyobj
, *hash
= sha_pyobj
;
178 static const char *const kwlist
[] = { "G", "u", "p", "hash", "rng", 0 };
180 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O!O|O!O!O!:new", KWLIST
,
184 gchash_pytype
, &hash
,
185 grand_pytype
, &rng
) ||
186 (rc
= dsa_setup(dsapriv_pytype
, G
, u
, p
, rng
, hash
, dsa_calcpub
)) == 0)
192 static PyMethodDef dsapub_pymethods
[] = {
193 #define METHNAME(name) dsameth_##name
194 METH (beginhash
, "D.beginhash() -> hash object")
195 METH (endhash
, "D.endhash(H) -> BYTES")
196 METH (verify
, "D.verify(MSG, (R, S)) -> true/false")
201 static PyMethodDef dsapriv_pymethods
[] = {
202 #define METHNAME(name) dsameth_##name
203 KWMETH(sign
, "D.sign(MSG, [k = K]) -> R, S")
208 static PyMemberDef dsapub_pymembers
[] = {
209 #define MEMBERSTRUCT dsa_pyobj
210 MEMBER(G
, T_OBJECT
, READONLY
, "D.G -> group to work in")
211 MEMBER(p
, T_OBJECT
, READONLY
, "D.p -> public key (group element")
212 MEMBER(rng
, T_OBJECT
, READONLY
, "D.rng -> random number generator")
213 MEMBER(hash
, T_OBJECT
, READONLY
, "D.hash -> hash class")
218 static PyMemberDef dsapriv_pymembers
[] = {
219 #define MEMBERSTRUCT dsa_pyobj
220 MEMBER(u
, T_OBJECT
, READONLY
, "D.u -> private key (exponent)")
225 static PyTypeObject dsapub_pytype_skel
= {
226 PyObject_HEAD_INIT(0) 0, /* Header */
227 "DSAPub", /* @tp_name@ */
228 sizeof(dsa_pyobj
), /* @tp_basicsize@ */
229 0, /* @tp_itemsize@ */
231 dsa_pydealloc
, /* @tp_dealloc@ */
233 0, /* @tp_getattr@ */
234 0, /* @tp_setattr@ */
235 0, /* @tp_compare@ */
237 0, /* @tp_as_number@ */
238 0, /* @tp_as_sequence@ */
239 0, /* @tp_as_mapping@ */
243 0, /* @tp_getattro@ */
244 0, /* @tp_setattro@ */
245 0, /* @tp_as_buffer@ */
246 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
250 "DSAPub(GROUP, P, [hash = sha], [rng = rand]): DSA public key.",
252 0, /* @tp_traverse@ */
254 0, /* @tp_richcompare@ */
255 0, /* @tp_weaklistoffset@ */
257 0, /* @tp_iternext@ */
258 dsapub_pymethods
, /* @tp_methods@ */
259 dsapub_pymembers
, /* @tp_members@ */
263 0, /* @tp_descr_get@ */
264 0, /* @tp_descr_set@ */
265 0, /* @tp_dictoffset@ */
267 PyType_GenericAlloc
, /* @tp_alloc@ */
268 dsapub_pynew
, /* @tp_new@ */
273 static PyTypeObject dsapriv_pytype_skel
= {
274 PyObject_HEAD_INIT(0) 0, /* Header */
275 "DSAPriv", /* @tp_name@ */
276 sizeof(dsa_pyobj
), /* @tp_basicsize@ */
277 0, /* @tp_itemsize@ */
279 0, /* @tp_dealloc@ */
281 0, /* @tp_getattr@ */
282 0, /* @tp_setattr@ */
283 0, /* @tp_compare@ */
285 0, /* @tp_as_number@ */
286 0, /* @tp_as_sequence@ */
287 0, /* @tp_as_mapping@ */
291 0, /* @tp_getattro@ */
292 0, /* @tp_setattro@ */
293 0, /* @tp_as_buffer@ */
294 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
298 "DSAPriv(GROUP, U, [p = u G], [hash = sha], [rng = rand]): DSA private key.",
300 0, /* @tp_traverse@ */
302 0, /* @tp_richcompare@ */
303 0, /* @tp_weaklistoffset@ */
305 0, /* @tp_iternext@ */
306 dsapriv_pymethods
, /* @tp_methods@ */
307 dsapriv_pymembers
, /* @tp_members@ */
311 0, /* @tp_descr_get@ */
312 0, /* @tp_descr_set@ */
313 0, /* @tp_dictoffset@ */
315 PyType_GenericAlloc
, /* @tp_alloc@ */
316 dsapriv_pynew
, /* @tp_new@ */
321 static PyObject
*kcdsapub_pynew(PyTypeObject
*ty
,
322 PyObject
*arg
, PyObject
*kw
)
324 PyObject
*G
, *p
, *rng
= rand_pyobj
, *hash
= has160_pyobj
;
326 static const char *const kwlist
[] = { "G", "p", "hash", "rng", 0 };
328 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O!O!|O!O!:new", KWLIST
,
331 gchash_pytype
, &hash
,
332 grand_pytype
, &rng
) ||
333 (rc
= dsa_setup(kcdsapub_pytype
, G
, 0, p
, rng
, hash
, 0)) == 0)
339 static void kcdsa_calcpub(group
*g
, ge
*p
, mp
*u
)
341 mp
*uinv
= mp_modinv(MP_NEW
, u
, g
->r
);
342 G_EXP(g
, p
, g
->g
, uinv
);
346 static PyObject
*kcdsapriv_pynew(PyTypeObject
*ty
,
347 PyObject
*arg
, PyObject
*kw
)
349 PyObject
*G
, *u
, *p
= 0, *rng
= rand_pyobj
, *hash
= has160_pyobj
;
351 static const char *const kwlist
[] = { "G", "u", "p", "hash", "rng", 0 };
353 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O!O|O!O!O!:new", KWLIST
,
357 gchash_pytype
, &hash
,
358 grand_pytype
, &rng
) ||
359 (rc
= dsa_setup(kcdsapriv_pytype
, G
, u
, p
,
360 rng
, hash
, kcdsa_calcpub
)) == 0)
366 static PyObject
*kcdsameth_beginhash(PyObject
*me
, PyObject
*arg
)
368 if (!PyArg_ParseTuple(arg
, ":beginhash")) return (0);
369 return (ghash_pywrap(DSA_HASH(me
), gkcdsa_beginhash(DSA_D(me
))));
372 static PyObject
*kcdsameth_endhash(PyObject
*me
, PyObject
*arg
)
376 if (!PyArg_ParseTuple(arg
, "O&:endhash", convghash
, &h
)) return (0);
377 gkcdsa_endhash(DSA_D(me
), h
);
379 rc
= bytestring_pywrap(0, GH_CLASS(h
)->hashsz
);
380 GH_DONE(h
, PyString_AS_STRING(rc
));
385 static PyObject
*kcdsameth_sign(PyObject
*me
, PyObject
*arg
, PyObject
*kw
)
387 gkcdsa_sig s
= GKCDSA_SIG_INIT
;
391 PyObject
*r
= 0, *rc
= 0;
392 static const char *const kwlist
[] = { "msg", "k", 0 };
394 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "s#|O&:sign", KWLIST
,
397 if (n
!= DSA_D(me
)->h
->hashsz
)
398 VALERR("bad message length (doesn't match hash size)");
399 r
= bytestring_pywrap(0, DSA_D(me
)->h
->hashsz
);
400 s
.r
= (octet
*)PyString_AS_STRING(r
);
401 gkcdsa_sign(DSA_D(me
), &s
, p
, k
);
402 rc
= Py_BuildValue("(ON)", r
, mp_pywrap(s
.s
));
409 static PyObject
*kcdsameth_verify(PyObject
*me
, PyObject
*arg
)
413 gkcdsa_sig s
= GKCDSA_SIG_INIT
;
416 if (!PyArg_ParseTuple(arg
, "s#(s#O&):verify",
417 &p
, &n
, &s
.r
, &rn
, convmp
, &s
.s
))
419 if (n
!= DSA_D(me
)->h
->hashsz
)
420 VALERR("bad message length (doesn't match hash size)");
421 if (rn
!= DSA_D(me
)->h
->hashsz
)
422 VALERR("bad signature `r' length (doesn't match hash size)");
423 rc
= getbool(!gkcdsa_verify(DSA_D(me
), &s
, p
));
429 static PyMethodDef kcdsapub_pymethods
[] = {
430 #define METHNAME(name) kcdsameth_##name
431 METH (beginhash
, "D.beginhash() -> hash object")
432 METH (endhash
, "D.endhash(H) -> BYTES")
433 METH (verify
, "D.verify(MSG, (R, S)) -> true/false")
438 static PyMethodDef kcdsapriv_pymethods
[] = {
439 #define METHNAME(name) kcdsameth_##name
440 KWMETH(sign
, "D.sign(MSG, [k = K]) -> R, S")
445 static PyTypeObject kcdsapub_pytype_skel
= {
446 PyObject_HEAD_INIT(0) 0, /* Header */
447 "KCDSAPub", /* @tp_name@ */
448 sizeof(dsa_pyobj
), /* @tp_basicsize@ */
449 0, /* @tp_itemsize@ */
451 dsa_pydealloc
, /* @tp_dealloc@ */
453 0, /* @tp_getattr@ */
454 0, /* @tp_setattr@ */
455 0, /* @tp_compare@ */
457 0, /* @tp_as_number@ */
458 0, /* @tp_as_sequence@ */
459 0, /* @tp_as_mapping@ */
463 0, /* @tp_getattro@ */
464 0, /* @tp_setattro@ */
465 0, /* @tp_as_buffer@ */
466 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
470 "KCDSAPub(GROUP, P, [hash = sha], [rng = rand]): KCDSA public key.",
472 0, /* @tp_traverse@ */
474 0, /* @tp_richcompare@ */
475 0, /* @tp_weaklistoffset@ */
477 0, /* @tp_iternext@ */
478 kcdsapub_pymethods
, /* @tp_methods@ */
479 dsapub_pymembers
, /* @tp_members@ */
483 0, /* @tp_descr_get@ */
484 0, /* @tp_descr_set@ */
485 0, /* @tp_dictoffset@ */
487 PyType_GenericAlloc
, /* @tp_alloc@ */
488 kcdsapub_pynew
, /* @tp_new@ */
493 static PyTypeObject kcdsapriv_pytype_skel
= {
494 PyObject_HEAD_INIT(0) 0, /* Header */
495 "KCDSAPriv", /* @tp_name@ */
496 sizeof(dsa_pyobj
), /* @tp_basicsize@ */
497 0, /* @tp_itemsize@ */
499 0, /* @tp_dealloc@ */
501 0, /* @tp_getattr@ */
502 0, /* @tp_setattr@ */
503 0, /* @tp_compare@ */
505 0, /* @tp_as_number@ */
506 0, /* @tp_as_sequence@ */
507 0, /* @tp_as_mapping@ */
511 0, /* @tp_getattro@ */
512 0, /* @tp_setattro@ */
513 0, /* @tp_as_buffer@ */
514 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
518 "KCDSAPriv(GROUP, U, [p = u G], [hash = sha], [rng = rand]): KCDSA private key.",
520 0, /* @tp_traverse@ */
522 0, /* @tp_richcompare@ */
523 0, /* @tp_weaklistoffset@ */
525 0, /* @tp_iternext@ */
526 kcdsapriv_pymethods
, /* @tp_methods@ */
527 dsapriv_pymembers
, /* @tp_members@ */
531 0, /* @tp_descr_get@ */
532 0, /* @tp_descr_set@ */
533 0, /* @tp_dictoffset@ */
535 PyType_GenericAlloc
, /* @tp_alloc@ */
536 kcdsapriv_pynew
, /* @tp_new@ */
541 /*----- RSA ---------------------------------------------------------------*/
543 typedef struct rsapub_pyobj
{
549 #define RSA_PUB(o) (&((rsapub_pyobj *)(o))->pub)
550 #define RSA_PUBCTX(o) (&((rsapub_pyobj *)(o))->pubctx)
552 typedef struct rsapriv_pyobj
{
561 #define RSA_PRIV(o) (&((rsapriv_pyobj *)(o))->priv)
562 #define RSA_PRIVCTX(o) (&((rsapriv_pyobj *)(o))->privctx)
563 #define RSA_RNG(o) (((rsapriv_pyobj *)(o))->rng)
565 static PyTypeObject
*rsapub_pytype
, *rsapriv_pytype
;
567 static PyObject
*rsapub_pynew(PyTypeObject
*ty
,
568 PyObject
*arg
, PyObject
*kw
)
572 static const char *const kwlist
[] = { "n", "e", 0 };
574 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&O&:new", KWLIST
,
575 convmp
, &rp
.n
, convmp
, &rp
.e
))
577 if (!MP_ODDP(rp
.n
)) VALERR("RSA modulus must be even");
578 o
= (rsapub_pyobj
*)ty
->tp_alloc(ty
, 0);
580 rsa_pubcreate(&o
->pubctx
, &o
->pub
);
581 return ((PyObject
*)o
);
587 static void rsapub_pydealloc(PyObject
*me
)
589 rsa_pubdestroy(RSA_PUBCTX(me
));
590 rsa_pubfree(RSA_PUB(me
));
594 static PyObject
*rsaget_n(PyObject
*me
, void *hunoz
)
595 { return mp_pywrap(MP_COPY(RSA_PUB(me
)->n
)); }
597 static PyObject
*rsaget_e(PyObject
*me
, void *hunoz
)
598 { return mp_pywrap(MP_COPY(RSA_PUB(me
)->e
)); }
600 static PyObject
*rsameth_pubop(PyObject
*me
, PyObject
*arg
)
605 if (!PyArg_ParseTuple(arg
, "O&:pubop", convmp
, &x
)) goto end
;
606 rc
= mp_pywrap(rsa_pubop(RSA_PUBCTX(me
), MP_NEW
, x
));
612 static PyObject
*rsapriv_dopywrap(PyTypeObject
*ty
,
613 rsa_priv
*rp
, PyObject
*rng
)
617 o
= (rsapriv_pyobj
*)ty
->tp_alloc(ty
, 0);
621 rsa_privcreate(&o
->privctx
, &o
->priv
, &rand_global
);
622 rsa_pubcreate(&o
->pubctx
, &o
->pub
);
628 return ((PyObject
*)o
);
631 PyObject
*rsapriv_pywrap(rsa_priv
*rp
)
632 { return rsapriv_dopywrap(rsapriv_pytype
, rp
, 0); }
634 static PyObject
*rsapriv_pynew(PyTypeObject
*ty
,
635 PyObject
*arg
, PyObject
*kw
)
638 PyObject
*rng
= Py_None
;
639 static const char *const kwlist
[] =
640 { "n", "e", "d", "p", "q", "dp", "dq", "q_inv", "rng", 0 };
642 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "|O&O&O&O&O&O&O&O&O:new", KWLIST
,
643 convmp
, &rp
.n
, convmp
, &rp
.e
,
645 convmp
, &rp
.p
, convmp
, &rp
.q
,
646 convmp
, &rp
.dp
, convmp
, &rp
.dq
,
650 if ((rp
.n
&& !MP_ODDP(rp
.n
)) ||
651 (rp
.p
&& !MP_ODDP(rp
.p
)) ||
652 (rp
.q
&& !MP_ODDP(rp
.q
)))
653 VALERR("RSA modulus and factors must be odd");
654 if (rsa_recover(&rp
)) VALERR("couldn't construct private key");
655 if (rng
!= Py_None
&& !GRAND_PYCHECK(rng
))
656 TYERR("not a random number source");
658 return (rsapriv_dopywrap(ty
, &rp
, rng
));
664 static void rsapriv_pydealloc(PyObject
*me
)
666 RSA_PRIVCTX(me
)->r
= &rand_global
;
667 rsa_privdestroy(RSA_PRIVCTX(me
));
668 rsa_privfree(RSA_PRIV(me
));
669 Py_DECREF(RSA_RNG(me
));
673 static PyObject
*rsaget_d(PyObject
*me
, void *hunoz
)
674 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->d
)); }
676 static PyObject
*rsaget_p(PyObject
*me
, void *hunoz
)
677 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->p
)); }
679 static PyObject
*rsaget_q(PyObject
*me
, void *hunoz
)
680 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->q
)); }
682 static PyObject
*rsaget_dp(PyObject
*me
, void *hunoz
)
683 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->dp
)); }
685 static PyObject
*rsaget_dq(PyObject
*me
, void *hunoz
)
686 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->dq
)); }
688 static PyObject
*rsaget_q_inv(PyObject
*me
, void *hunoz
)
689 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->q_inv
)); }
691 static PyObject
*rsaget_rng(PyObject
*me
, void *hunoz
)
692 { RETURN_OBJ(RSA_RNG(me
)); }
694 static int rsaset_rng(PyObject
*me
, PyObject
*val
, void *hunoz
)
699 else if (val
!= Py_None
&& !GRAND_PYCHECK(val
))
700 TYERR("expected grand or None");
701 Py_DECREF(RSA_RNG(me
));
709 static PyObject
*rsameth_privop(PyObject
*me
, PyObject
*arg
, PyObject
*kw
)
711 PyObject
*rng
= RSA_RNG(me
);
714 static const char *const kwlist
[] = { "x", "rng", 0 };
716 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&|O:privop", KWLIST
,
719 if (rng
!= Py_None
&& !GRAND_PYCHECK(rng
))
720 TYERR("not a random number source");
721 RSA_PRIVCTX(me
)->r
= (rng
== Py_None
) ?
0 : GRAND_R(rng
);
722 rc
= mp_pywrap(rsa_privop(RSA_PRIVCTX(me
), MP_NEW
, x
));
728 static PyObject
*meth__RSAPriv_generate(PyObject
*me
,
729 PyObject
*arg
, PyObject
*kw
)
731 grand
*r
= &rand_global
;
736 struct excinfo exc
= EXCINFO_INIT
;
737 pypgev evt
= { { 0 } };
738 static const char *const kwlist
[] =
739 { "class", "nbits", "event", "rng", "nsteps", "e", 0 };
743 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "OO&|O&O&O&O&:generate", KWLIST
,
744 &me
, convuint
, &nbits
, convpgev
, &evt
,
745 convgrand
, &r
, convuint
, &n
,
749 else e
= mp_fromulong(MP_NEW
, 65537);
750 if (rsa_gen_e(&rp
, nbits
, e
, r
, n
, evt
.ev
.proc
, evt
.ev
.ctx
))
752 rc
= rsapriv_pywrap(&rp
);
759 static PyGetSetDef rsapub_pygetset
[] = {
760 #define GETSETNAME(op, name) rsa##op##_##name
767 static PyMethodDef rsapub_pymethods
[] = {
768 #define METHNAME(name) rsameth_##name
769 METH (pubop
, "R.pubop(X) -> X^E (mod N)")
774 static PyGetSetDef rsapriv_pygetset
[] = {
775 #define GETSETNAME(op, name) rsa##op##_##name
779 GET (dp
, "R.dp -> D mod (P - 1)")
780 GET (dq
, "R.dq -> D mod (Q - 1)")
781 GET (q_inv
, "R.q_inv -> Q^{-1} mod P")
782 GETSET(rng
, "R.rng -> random number source for blinding")
787 static PyMethodDef rsapriv_pymethods
[] = {
788 #define METHNAME(name) rsameth_##name
789 KWMETH(privop
, "R.privop(X, [rng = None]) -> X^D (mod N)")
794 static PyTypeObject rsapub_pytype_skel
= {
795 PyObject_HEAD_INIT(0) 0, /* Header */
796 "RSAPub", /* @tp_name@ */
797 sizeof(rsapub_pyobj
), /* @tp_basicsize@ */
798 0, /* @tp_itemsize@ */
800 rsapub_pydealloc
, /* @tp_dealloc@ */
802 0, /* @tp_getattr@ */
803 0, /* @tp_setattr@ */
804 0, /* @tp_compare@ */
806 0, /* @tp_as_number@ */
807 0, /* @tp_as_sequence@ */
808 0, /* @tp_as_mapping@ */
812 0, /* @tp_getattro@ */
813 0, /* @tp_setattro@ */
814 0, /* @tp_as_buffer@ */
815 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
819 "RSAPub(N, E): RSA public key.",
821 0, /* @tp_traverse@ */
823 0, /* @tp_richcompare@ */
824 0, /* @tp_weaklistoffset@ */
826 0, /* @tp_iternext@ */
827 rsapub_pymethods
, /* @tp_methods@ */
828 0, /* @tp_members@ */
829 rsapub_pygetset
, /* @tp_getset@ */
832 0, /* @tp_descr_get@ */
833 0, /* @tp_descr_set@ */
834 0, /* @tp_dictoffset@ */
836 PyType_GenericAlloc
, /* @tp_alloc@ */
837 rsapub_pynew
, /* @tp_new@ */
842 static PyTypeObject rsapriv_pytype_skel
= {
843 PyObject_HEAD_INIT(0) 0, /* Header */
844 "RSAPriv", /* @tp_name@ */
845 sizeof(rsapriv_pyobj
), /* @tp_basicsize@ */
846 0, /* @tp_itemsize@ */
848 rsapriv_pydealloc
, /* @tp_dealloc@ */
850 0, /* @tp_getattr@ */
851 0, /* @tp_setattr@ */
852 0, /* @tp_compare@ */
854 0, /* @tp_as_number@ */
855 0, /* @tp_as_sequence@ */
856 0, /* @tp_as_mapping@ */
860 0, /* @tp_getattro@ */
861 0, /* @tp_setattro@ */
862 0, /* @tp_as_buffer@ */
863 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
867 "RSAPriv(..., [rng = rand]): RSA private key.\n\
868 Keywords: n, e, d, p, q, dp, dq, q_inv; must provide enough",
870 0, /* @tp_traverse@ */
872 0, /* @tp_richcompare@ */
873 0, /* @tp_weaklistoffset@ */
875 0, /* @tp_iternext@ */
876 rsapriv_pymethods
, /* @tp_methods@ */
877 0, /* @tp_members@ */
878 rsapriv_pygetset
, /* @tp_getset@ */
881 0, /* @tp_descr_get@ */
882 0, /* @tp_descr_set@ */
883 0, /* @tp_dictoffset@ */
885 PyType_GenericAlloc
, /* @tp_alloc@ */
886 rsapriv_pynew
, /* @tp_new@ */
891 /*----- RSA padding schemes -----------------------------------------------*/
893 static PyObject
*meth__p1crypt_encode(PyObject
*me
,
894 PyObject
*arg
, PyObject
*kw
)
898 Py_ssize_t msz
, epsz
;
904 static const char *const kwlist
[] = { "msg", "nbits", "ep", "rng", 0 };
906 p1
.r
= &rand_global
; ep
= 0; epsz
= 0;
907 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "s#O&|s#O&:encode", KWLIST
,
908 &m
, &msz
, convulong
, &nbits
,
909 &ep
, &epsz
, convgrand
, &p1
.r
))
912 p1
.ep
= ep
; p1
.epsz
= epsz
;
913 if (epsz
+ msz
+ 11 > sz
) VALERR("buffer underflow");
915 x
= pkcs1_cryptencode(MP_NEW
, m
, msz
, b
, sz
, nbits
, &p1
);
922 static PyObject
*meth__p1crypt_decode(PyObject
*me
,
923 PyObject
*arg
, PyObject
*kw
)
934 static const char *const kwlist
[] = { "ct", "nbits", "ep", "rng", 0 };
936 p1
.r
= &rand_global
; ep
= 0; epsz
= 0;
937 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&O&|s#O&:decode", KWLIST
,
938 convmp
, &x
, convulong
, &nbits
,
939 &ep
, &epsz
, convgrand
, &p1
.r
))
942 p1
.ep
= ep
; p1
.epsz
= epsz
;
943 if (epsz
+ 11 > sz
) VALERR("buffer underflow");
945 if ((n
= pkcs1_cryptdecode(x
, b
, sz
, nbits
, &p1
)) < 0)
946 VALERR("decryption failed");
947 rc
= bytestring_pywrap(b
, n
);
954 static PyObject
*meth__p1sig_encode(PyObject
*me
,
955 PyObject
*arg
, PyObject
*kw
)
959 Py_ssize_t msz
, epsz
;
965 static const char *const kwlist
[] = { "msg", "nbits", "ep", "rng", 0 };
967 p1
.r
= &rand_global
; ep
= 0; epsz
= 0;
968 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "s#O&|s#O&:encode", KWLIST
,
969 &m
, &msz
, convulong
, &nbits
,
970 &ep
, &epsz
, convgrand
, &p1
.r
))
973 p1
.ep
= ep
; p1
.epsz
= epsz
;
974 if (epsz
+ msz
+ 11 > sz
) VALERR("buffer underflow");
976 x
= pkcs1_sigencode(MP_NEW
, m
, msz
, b
, sz
, nbits
, &p1
);
983 static PyObject
*meth__p1sig_decode(PyObject
*me
,
984 PyObject
*arg
, PyObject
*kw
)
996 static const char *const kwlist
[] =
997 { "msg", "sig", "nbits", "ep", "rng", 0 };
999 p1
.r
= &rand_global
; ep
= 0; epsz
= 0;
1000 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "OO&O&|s#O&:decode", KWLIST
,
1001 &hukairz
, convmp
, &x
, convulong
, &nbits
,
1002 &ep
, &epsz
, convgrand
, &p1
.r
))
1005 p1
.ep
= ep
; p1
.epsz
= epsz
;
1006 if (epsz
+ 10 > sz
) VALERR("buffer underflow");
1008 if ((n
= pkcs1_sigdecode(x
, 0, 0, b
, sz
, nbits
, &p1
)) < 0)
1009 VALERR("verification failed");
1010 rc
= bytestring_pywrap(b
, n
);
1017 static PyObject
*meth__oaep_encode(PyObject
*me
,
1018 PyObject
*arg
, PyObject
*kw
)
1022 Py_ssize_t msz
, epsz
;
1023 unsigned long nbits
;
1028 static const char *const kwlist
[] =
1029 { "msg", "nbits", "mgf", "hash", "ep", "rng", 0 };
1031 o
.r
= &rand_global
; o
.cc
= &sha_mgf
; o
.ch
= &sha
; ep
= 0; epsz
= 0;
1032 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "s#O&|O&O&s#O&:encode", KWLIST
,
1033 &m
, &msz
, convulong
, &nbits
,
1034 convgccipher
, &o
.cc
,
1040 o
.ep
= ep
; o
.epsz
= epsz
;
1041 if (2 * o
.ch
->hashsz
+ 2 + msz
> sz
) VALERR("buffer underflow");
1043 x
= oaep_encode(MP_NEW
, m
, msz
, b
, sz
, nbits
, &o
);
1050 static PyObject
*meth__oaep_decode(PyObject
*me
,
1051 PyObject
*arg
, PyObject
*kw
)
1056 unsigned long nbits
;
1062 static const char *const kwlist
[] =
1063 { "ct", "nbits", "mgf", "hash", "ep", "rng", 0 };
1065 o
.r
= &rand_global
; o
.cc
= &sha_mgf
; o
.ch
= &sha
; ep
= 0; epsz
= 0;
1066 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&O&|O&O&s#O&:decode", KWLIST
,
1067 convmp
, &x
, convulong
, &nbits
,
1068 convgccipher
, &o
.cc
,
1074 o
.ep
= ep
; o
.epsz
= epsz
;
1075 if (2 * o
.ch
->hashsz
> sz
) VALERR("buffer underflow");
1077 if ((n
= oaep_decode(x
, b
, sz
, nbits
, &o
)) < 0)
1078 VALERR("decryption failed");
1079 rc
= bytestring_pywrap(b
, n
);
1086 static PyObject
*meth__pss_encode(PyObject
*me
,
1087 PyObject
*arg
, PyObject
*kw
)
1092 unsigned long nbits
;
1097 static const char *const kwlist
[] =
1098 { "msg", "nbits", "mgf", "hash", "saltsz", "rng", 0 };
1100 p
.cc
= &sha_mgf
; p
.ch
= &sha
; p
.r
= &rand_global
; p
.ssz
= (size_t)-1;
1101 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "s#O&|O&O&O&O&:encode", KWLIST
,
1102 &m
, &msz
, convulong
, &nbits
,
1103 convgccipher
, &p
.cc
,
1109 if (p
.ssz
== (size_t)-1) p
.ssz
= p
.ch
->hashsz
;
1110 if (p
.ch
->hashsz
+ p
.ssz
+ 2 > sz
) VALERR("buffer underflow");
1112 x
= pss_encode(MP_NEW
, m
, msz
, b
, sz
, nbits
, &p
);
1119 static PyObject
*meth__pss_decode(PyObject
*me
,
1120 PyObject
*arg
, PyObject
*kw
)
1125 unsigned long nbits
;
1131 static const char *const kwlist
[] =
1132 { "msg", "sig", "nbits", "mgf", "hash", "saltsz", "rng", 0 };
1134 p
.cc
= &sha_mgf
; p
.ch
= &sha
; p
.r
= &rand_global
; p
.ssz
= (size_t)-1;
1135 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "s#O&O&|O&O&O&O&:decode", KWLIST
,
1136 &m
, &msz
, convmp
, &x
, convulong
, &nbits
,
1137 convgccipher
, &p
.cc
,
1143 if (p
.ssz
== (size_t)-1) p
.ssz
= p
.ch
->hashsz
;
1144 if (p
.ch
->hashsz
+ p
.ssz
+ 2 > sz
) VALERR("buffer underflow");
1146 if ((n
= pss_decode(x
, m
, msz
, b
, sz
, nbits
, &p
)) < 0)
1147 VALERR("verification failed");
1148 rc
= Py_None
; Py_INCREF(rc
);
1155 /*----- X25519 and related algorithms -------------------------------------*/
1161 #define DEFXDH(X, x) \
1162 static PyObject *meth_##x(PyObject *me, PyObject *arg) \
1164 const char *k, *p; \
1165 Py_ssize_t ksz, psz; \
1167 if (!PyArg_ParseTuple(arg, "s#s#:" #x, &k, &ksz, &p, &psz)) \
1169 if (ksz != X##_KEYSZ) VALERR("bad key length"); \
1170 if (psz != X##_PUBSZ) VALERR("bad public length"); \
1171 rc = bytestring_pywrap(0, X##_OUTSZ); \
1172 x((octet *)PyString_AS_STRING(rc), \
1173 (const octet *)k, (const octet *)p); \
1181 /*----- Ed25519 and related algorithms ------------------------------------*/
1184 _(ED25519, ed25519, -1, ctx) \
1185 _(ED448, ed448, 0, )
1187 #define DEFEDDSA(ED, ed, phdflt, sigver) \
1189 static PyObject *meth_##ed##_pubkey(PyObject *me, PyObject *arg) \
1194 if (!PyArg_ParseTuple(arg, "s#:" #ed "_pubkey", &k, &ksz)) \
1196 rc = bytestring_pywrap(0, ED##_PUBSZ); \
1197 ed##_pubkey((octet *)PyString_AS_STRING(rc), k, ksz); \
1203 static PyObject *meth_##ed##_sign(PyObject *me, PyObject *arg, \
1206 const char *k, *p = 0, *c = 0, *m; \
1207 Py_ssize_t ksz, psz, csz = 0, msz; \
1210 octet pp[ED##_PUBSZ]; \
1211 static const char *const kwlist[] = \
1212 { "key", "msg", "pub", "perso", "phflag", 0 }; \
1213 if (!PyArg_ParseTupleAndKeywords(arg, kw, \
1214 "s#s#|s#s#O&:" #ed "_sign", \
1216 &k, &ksz, &m, &msz, &p, &psz, \
1217 &c, &csz, convbool, &ph)) \
1219 if (p && psz != ED##_PUBSZ) VALERR("bad public length"); \
1220 if (c && csz > ED##_MAXPERSOSZ) \
1221 VALERR("personalization string too long"); \
1222 if (c && ph == -1) ph = 0; \
1223 if (!p) { p = (const char *)pp; ed##_pubkey(pp, k, ksz); } \
1224 rc = bytestring_pywrap(0, ED##_SIGSZ); \
1225 ed##sigver##_sign((octet *)PyString_AS_STRING(rc), k, ksz, \
1226 (const octet *)p, ph, c, csz, m, msz); \
1232 static PyObject *meth_##ed##_verify(PyObject *me, \
1233 PyObject *arg, PyObject *kw) \
1235 const char *p, *c = 0, *m, *s; \
1236 Py_ssize_t psz, csz = 0, msz, ssz; \
1239 static const char *const kwlist[] = \
1240 { "pub", "msg", "sig", "perso", "phflag", 0 }; \
1241 if (!PyArg_ParseTupleAndKeywords(arg, kw, \
1242 "s#s#s#|s#O&:" #ed "_verify", \
1244 &p, &psz, &m, &msz, &s, &ssz, \
1245 &c, &csz, convbool, &ph)) \
1247 if (psz != ED##_PUBSZ) VALERR("bad public length"); \
1248 if (ssz != ED##_SIGSZ) VALERR("bad signature length"); \
1249 if (c && csz > ED##_MAXPERSOSZ) \
1250 VALERR("personalization string too long"); \
1251 if (c && ph == -1) ph = 0; \
1252 rc = getbool(!ed##sigver##_verify((const octet *)p, ph, c, csz, \
1253 m, msz, (const octet *)s)); \
1261 /*----- Global stuff ------------------------------------------------------*/
1263 static PyMethodDef methods
[] = {
1264 #define METHNAME(name) meth_##name
1265 KWMETH(_p1crypt_encode
, 0)
1266 KWMETH(_p1crypt_decode
, 0)
1267 KWMETH(_p1sig_encode
, 0)
1268 KWMETH(_p1sig_decode
, 0)
1269 KWMETH(_oaep_encode
, 0)
1270 KWMETH(_oaep_decode
, 0)
1271 KWMETH(_pss_encode
, 0)
1272 KWMETH(_pss_decode
, 0)
1273 KWMETH(_RSAPriv_generate
, "\
1274 generate(NBITS, [event = pgen_nullev], [rng = rand], [nsteps = 0]) -> R")
1275 #define DEFMETH(X, x) \
1277 " #x "(KEY, PUBLIC) -> SHARED")
1280 #define DEFMETH(ED, ed, phdflt, sigver) \
1281 METH (ed##_pubkey, "\
1282 " #ed "_pubkey(KEY) -> PUBLIC") \
1283 KWMETH(ed##_sign, "\
1284 " #ed "_sign(KEY, MSG, [pub = PUBLIC], " \
1285 "[perso = STRING], [phflag = BOOL]) -> SIG") \
1286 KWMETH(ed##_verify, "\
1287 " #ed "_verify(PUBLIC, MSG, SIG, " \
1288 "[perso = STRING], [phflag = BOOL]) -> BOOL")
1295 void pubkey_pyinit(void)
1297 INITTYPE(dsapub
, root
);
1298 INITTYPE(dsapriv
, dsapub
);
1299 INITTYPE(kcdsapub
, root
);
1300 INITTYPE(kcdsapriv
, kcdsapub
);
1301 INITTYPE(rsapub
, root
);
1302 INITTYPE(rsapriv
, rsapub
);
1303 addmethods(methods
);
1306 void pubkey_pyinsert(PyObject
*mod
)
1308 INSERT("DSAPub", dsapub_pytype
);
1309 INSERT("DSAPriv", dsapriv_pytype
);
1310 INSERT("KCDSAPub", kcdsapub_pytype
);
1311 INSERT("KCDSAPriv", kcdsapriv_pytype
);
1312 INSERT("RSAPub", rsapub_pytype
);
1313 INSERT("RSAPriv", rsapriv_pytype
);
1316 /*----- That's all, folks -------------------------------------------------*/