~mdw / catacomb-python / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Splice 'pyke/' prehistory from commit 'c1756f78cbf3007438b3eb2fbfbd632d070be6ca'
[catacomb-python] / pubkey.c
1 /* -*-c-*-
2 *
3 * Public-key cryptography
4 *
5 * (c) 2004 Straylight/Edgeware
6 */
7
8 /*----- Licensing notice --------------------------------------------------*
9 *
10 * This file is part of the Python interface to Catacomb.
11 *
12 * Catacomb/Python is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
16 *
17 * Catacomb/Python is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with Catacomb/Python; if not, write to the Free Software Foundation,
24 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25 */
26
27 /*----- Header files ------------------------------------------------------*/
28
29 #include "catacomb-python.h"
30
31 /*----- DSA and similar ---------------------------------------------------*/
32
33 typedef struct dsa_pyobj {
34 PyObject_HEAD
35 PyObject *G, *u, *p, *rng, *hash;
36 gdsa d;
37 } dsa_pyobj;
38
39 static PyTypeObject *dsapub_pytype, *dsapriv_pytype;
40 static PyTypeObject *kcdsapub_pytype, *kcdsapriv_pytype;
41 #define DSA_D(o) (&((dsa_pyobj *)(o))->d)
42 #define DSA_G(o) (((dsa_pyobj *)(o))->G)
43 #define DSA_U(o) (((dsa_pyobj *)(o))->u)
44 #define DSA_P(o) (((dsa_pyobj *)(o))->p)
45 #define DSA_RNG(o) (((dsa_pyobj *)(o))->rng)
46 #define DSA_HASH(o) (((dsa_pyobj *)(o))->hash)
47
48 static void dsa_pydealloc(PyObject *me)
49 {
50 dsa_pyobj *g = (dsa_pyobj *)me;
51 Py_DECREF(g->G); Py_DECREF(g->u); Py_DECREF(g->p);
52 Py_DECREF(g->rng); Py_DECREF(g->hash);
53 FREEOBJ(me);
54 }
55
56 static PyObject *dsa_setup(PyTypeObject *ty, PyObject *G, PyObject *u,
57 PyObject *p, PyObject *rng, PyObject *hash,
58 void (*calcpub)(group *, ge *, mp *))
59 {
60 dsa_pyobj *g;
61 ge *pp;
62
63 g = PyObject_New(dsa_pyobj, ty);
64 if (p) Py_INCREF(p);
65 if (!u) {
66 g->d.u = 0;
67 u = Py_None;
68 } else {
69 if ((g->d.u = getmp(u)) == 0)
70 goto end;
71 if (MP_PYCHECK(u)) Py_INCREF(u);
72 else u = mp_pywrap(g->d.u);
73 }
74 if (!p) {
75 assert(g->d.u); assert(calcpub);
76 pp = G_CREATE(GROUP_G(G));
77 calcpub(GROUP_G(G), pp, g->d.u);
78 p = ge_pywrap(G, pp);
79 } else if (GROUP_G(G) != GE_G(p) && !group_samep(GROUP_G(G), GE_G(p)))
80 TYERR("public key not from group");
81 g->d.g = GROUP_G(G);
82 g->d.p = GE_X(p);
83 g->d.r = GRAND_R(rng);
84 g->d.h = GCHASH_CH(hash);
85 g->G = G; Py_INCREF(G); g->u = u; g->p = p;
86 g->rng = rng; Py_INCREF(rng); g->hash = hash; Py_INCREF(hash);
87 return ((PyObject *)g);
88 end:
89 Py_XDECREF(p); FREEOBJ(g);
90 return (0);
91 }
92
93 static PyObject *dsapub_pynew(PyTypeObject *ty,
94 PyObject *arg, PyObject *kw)
95 {
96 PyObject *G, *p, *rng = rand_pyobj, *hash = sha_pyobj;
97 PyObject *rc = 0;
98 static const char *const kwlist[] = { "G", "p", "hash", "rng", 0 };
99
100 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O!|O!O!:new", KWLIST,
101 group_pytype, &G,
102 ge_pytype, &p,
103 gchash_pytype, &hash,
104 grand_pytype, &rng) ||
105 (rc = dsa_setup(dsapub_pytype, G, 0, p, rng, hash, 0)) == 0)
106 goto end;
107 end:
108 return (rc);
109 }
110
111 static PyObject *dsameth_beginhash(PyObject *me, PyObject *arg)
112 {
113 if (!PyArg_ParseTuple(arg, ":beginhash")) return (0);
114 return (ghash_pywrap(DSA_HASH(me), gdsa_beginhash(DSA_D(me))));
115 }
116
117 static PyObject *dsameth_endhash(PyObject *me, PyObject *arg)
118 {
119 ghash *h;
120 PyObject *rc;
121 if (!PyArg_ParseTuple(arg, "O&:endhash", convghash, &h)) return (0);
122 gdsa_endhash(DSA_D(me), h);
123 h = GH_COPY(h);
124 rc = bytestring_pywrap(0, GH_CLASS(h)->hashsz);
125 GH_DONE(h, PyString_AS_STRING(rc));
126 GH_DESTROY(h);
127 return (rc);
128 }
129
130 static PyObject *dsameth_sign(PyObject *me, PyObject *arg, PyObject *kw)
131 {
132 gdsa_sig s = GDSA_SIG_INIT;
133 char *p;
134 Py_ssize_t n;
135 mp *k = 0;
136 PyObject *rc = 0;
137 static const char *const kwlist[] = { "msg", "k", 0 };
138
139 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#|O&:sign", KWLIST,
140 &p, &n, convmp, &k))
141 goto end;
142 if (n != DSA_D(me)->h->hashsz)
143 VALERR("bad message length (doesn't match hash size)");
144 gdsa_sign(DSA_D(me), &s, p, k);
145 rc = Py_BuildValue("(NN)", mp_pywrap(s.r), mp_pywrap(s.s));
146 end:
147 mp_drop(k);
148 return (rc);
149 }
150
151 static PyObject *dsameth_verify(PyObject *me, PyObject *arg)
152 {
153 char *p;
154 Py_ssize_t n;
155 gdsa_sig s = GDSA_SIG_INIT;
156 PyObject *rc = 0;
157
158 if (!PyArg_ParseTuple(arg, "s#(O&O&):verify",
159 &p, &n, convmp, &s.r, convmp, &s.s))
160 goto end;
161 if (n != DSA_D(me)->h->hashsz)
162 VALERR("bad message length (doesn't match hash size)");
163 rc = getbool(!gdsa_verify(DSA_D(me), &s, p));
164 end:
165 mp_drop(s.r);
166 mp_drop(s.s);
167 return (rc);
168 }
169
170 static void dsa_calcpub(group *g, ge *p, mp *u) { G_EXP(g, p, g->g, u); }
171
172 static PyObject *dsapriv_pynew(PyTypeObject *ty,
173 PyObject *arg, PyObject *kw)
174 {
175 PyObject *G, *p = 0, *u, *rng = rand_pyobj, *hash = sha_pyobj;
176 PyObject *rc = 0;
177 static const char *const kwlist[] = { "G", "u", "p", "hash", "rng", 0 };
178
179 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O|O!O!O!:new", KWLIST,
180 group_pytype, &G,
181 &u,
182 ge_pytype, &p,
183 gchash_pytype, &hash,
184 grand_pytype, &rng) ||
185 (rc = dsa_setup(dsapriv_pytype, G, u, p, rng, hash, dsa_calcpub)) == 0)
186 goto end;
187 end:
188 return (rc);
189 }
190
191 static PyMethodDef dsapub_pymethods[] = {
192 #define METHNAME(name) dsameth_##name
193 METH (beginhash, "D.beginhash() -> hash object")
194 METH (endhash, "D.endhash(H) -> BYTES")
195 METH (verify, "D.verify(MSG, (R, S)) -> true/false")
196 #undef METHNAME
197 { 0 }
198 };
199
200 static PyMethodDef dsapriv_pymethods[] = {
201 #define METHNAME(name) dsameth_##name
202 KWMETH(sign, "D.sign(MSG, [k = K]) -> R, S")
203 #undef METHNAME
204 { 0 }
205 };
206
207 static PyMemberDef dsapub_pymembers[] = {
208 #define MEMBERSTRUCT dsa_pyobj
209 MEMBER(G, T_OBJECT, READONLY, "D.G -> group to work in")
210 MEMBER(p, T_OBJECT, READONLY, "D.p -> public key (group element")
211 MEMBER(rng, T_OBJECT, READONLY, "D.rng -> random number generator")
212 MEMBER(hash, T_OBJECT, READONLY, "D.hash -> hash class")
213 #undef MEMBERSTRUCT
214 { 0 }
215 };
216
217 static PyMemberDef dsapriv_pymembers[] = {
218 #define MEMBERSTRUCT dsa_pyobj
219 MEMBER(u, T_OBJECT, READONLY, "D.u -> private key (exponent)")
220 #undef MEMBERSTRUCT
221 { 0 }
222 };
223
224 static PyTypeObject dsapub_pytype_skel = {
225 PyObject_HEAD_INIT(0) 0, /* Header */
226 "DSAPub", /* @tp_name@ */
227 sizeof(dsa_pyobj), /* @tp_basicsize@ */
228 0, /* @tp_itemsize@ */
229
230 dsa_pydealloc, /* @tp_dealloc@ */
231 0, /* @tp_print@ */
232 0, /* @tp_getattr@ */
233 0, /* @tp_setattr@ */
234 0, /* @tp_compare@ */
235 0, /* @tp_repr@ */
236 0, /* @tp_as_number@ */
237 0, /* @tp_as_sequence@ */
238 0, /* @tp_as_mapping@ */
239 0, /* @tp_hash@ */
240 0, /* @tp_call@ */
241 0, /* @tp_str@ */
242 0, /* @tp_getattro@ */
243 0, /* @tp_setattro@ */
244 0, /* @tp_as_buffer@ */
245 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
246 Py_TPFLAGS_BASETYPE,
247
248 /* @tp_doc@ */
249 "DSAPub(GROUP, P, [hash = sha], [rng = rand]): DSA public key.",
250
251 0, /* @tp_traverse@ */
252 0, /* @tp_clear@ */
253 0, /* @tp_richcompare@ */
254 0, /* @tp_weaklistoffset@ */
255 0, /* @tp_iter@ */
256 0, /* @tp_iternext@ */
257 dsapub_pymethods, /* @tp_methods@ */
258 dsapub_pymembers, /* @tp_members@ */
259 0, /* @tp_getset@ */
260 0, /* @tp_base@ */
261 0, /* @tp_dict@ */
262 0, /* @tp_descr_get@ */
263 0, /* @tp_descr_set@ */
264 0, /* @tp_dictoffset@ */
265 0, /* @tp_init@ */
266 PyType_GenericAlloc, /* @tp_alloc@ */
267 dsapub_pynew, /* @tp_new@ */
268 0, /* @tp_free@ */
269 0 /* @tp_is_gc@ */
270 };
271
272 static PyTypeObject dsapriv_pytype_skel = {
273 PyObject_HEAD_INIT(0) 0, /* Header */
274 "DSAPriv", /* @tp_name@ */
275 sizeof(dsa_pyobj), /* @tp_basicsize@ */
276 0, /* @tp_itemsize@ */
277
278 0, /* @tp_dealloc@ */
279 0, /* @tp_print@ */
280 0, /* @tp_getattr@ */
281 0, /* @tp_setattr@ */
282 0, /* @tp_compare@ */
283 0, /* @tp_repr@ */
284 0, /* @tp_as_number@ */
285 0, /* @tp_as_sequence@ */
286 0, /* @tp_as_mapping@ */
287 0, /* @tp_hash@ */
288 0, /* @tp_call@ */
289 0, /* @tp_str@ */
290 0, /* @tp_getattro@ */
291 0, /* @tp_setattro@ */
292 0, /* @tp_as_buffer@ */
293 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
294 Py_TPFLAGS_BASETYPE,
295
296 /* @tp_doc@ */
297 "DSAPriv(GROUP, U, [p = u G], [hash = sha], [rng = rand]): "
298 "DSA private key.",
299
300 0, /* @tp_traverse@ */
301 0, /* @tp_clear@ */
302 0, /* @tp_richcompare@ */
303 0, /* @tp_weaklistoffset@ */
304 0, /* @tp_iter@ */
305 0, /* @tp_iternext@ */
306 dsapriv_pymethods, /* @tp_methods@ */
307 dsapriv_pymembers, /* @tp_members@ */
308 0, /* @tp_getset@ */
309 0, /* @tp_base@ */
310 0, /* @tp_dict@ */
311 0, /* @tp_descr_get@ */
312 0, /* @tp_descr_set@ */
313 0, /* @tp_dictoffset@ */
314 0, /* @tp_init@ */
315 PyType_GenericAlloc, /* @tp_alloc@ */
316 dsapriv_pynew, /* @tp_new@ */
317 0, /* @tp_free@ */
318 0 /* @tp_is_gc@ */
319 };
320
321 static PyObject *kcdsapub_pynew(PyTypeObject *ty,
322 PyObject *arg, PyObject *kw)
323 {
324 PyObject *G, *p, *rng = rand_pyobj, *hash = has160_pyobj;
325 PyObject *rc = 0;
326 static const char *const kwlist[] = { "G", "p", "hash", "rng", 0 };
327
328 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O!|O!O!:new", KWLIST,
329 group_pytype, &G,
330 ge_pytype, &p,
331 gchash_pytype, &hash,
332 grand_pytype, &rng) ||
333 (rc = dsa_setup(kcdsapub_pytype, G, 0, p, rng, hash, 0)) == 0)
334 goto end;
335 end:
336 return (rc);
337 }
338
339 static void kcdsa_calcpub(group *g, ge *p, mp *u)
340 {
341 mp *uinv = mp_modinv(MP_NEW, u, g->r);
342 G_EXP(g, p, g->g, uinv);
343 mp_drop(uinv);
344 }
345
346 static PyObject *kcdsapriv_pynew(PyTypeObject *ty,
347 PyObject *arg, PyObject *kw)
348 {
349 PyObject *G, *u, *p = 0, *rng = rand_pyobj, *hash = has160_pyobj;
350 PyObject *rc = 0;
351 static const char *const kwlist[] = { "G", "u", "p", "hash", "rng", 0 };
352
353 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O|O!O!O!:new", KWLIST,
354 group_pytype, &G,
355 &u,
356 ge_pytype, &p,
357 gchash_pytype, &hash,
358 grand_pytype, &rng) ||
359 (rc = dsa_setup(kcdsapriv_pytype, G, u, p,
360 rng, hash, kcdsa_calcpub)) == 0)
361 goto end;
362 end:
363 return (rc);
364 }
365
366 static PyObject *kcdsameth_beginhash(PyObject *me, PyObject *arg)
367 {
368 if (!PyArg_ParseTuple(arg, ":beginhash")) return (0);
369 return (ghash_pywrap(DSA_HASH(me), gkcdsa_beginhash(DSA_D(me))));
370 }
371
372 static PyObject *kcdsameth_endhash(PyObject *me, PyObject *arg)
373 {
374 ghash *h;
375 PyObject *rc;
376 if (!PyArg_ParseTuple(arg, "O&:endhash", convghash, &h)) return (0);
377 gkcdsa_endhash(DSA_D(me), h);
378 h = GH_COPY(h);
379 rc = bytestring_pywrap(0, GH_CLASS(h)->hashsz);
380 GH_DONE(h, PyString_AS_STRING(rc));
381 GH_DESTROY(h);
382 return (rc);
383 }
384
385 static PyObject *kcdsameth_sign(PyObject *me, PyObject *arg, PyObject *kw)
386 {
387 gkcdsa_sig s = GKCDSA_SIG_INIT;
388 char *p;
389 Py_ssize_t n;
390 mp *k = 0;
391 PyObject *r = 0, *rc = 0;
392 static const char *const kwlist[] = { "msg", "k", 0 };
393
394 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#|O&:sign", KWLIST,
395 &p, &n, convmp, &k))
396 goto end;
397 if (n != DSA_D(me)->h->hashsz)
398 VALERR("bad message length (doesn't match hash size)");
399 r = bytestring_pywrap(0, DSA_D(me)->h->hashsz);
400 s.r = (octet *)PyString_AS_STRING(r);
401 gkcdsa_sign(DSA_D(me), &s, p, k);
402 rc = Py_BuildValue("(ON)", r, mp_pywrap(s.s));
403 end:
404 Py_XDECREF(r);
405 mp_drop(k);
406 return (rc);
407 }
408
409 static PyObject *kcdsameth_verify(PyObject *me, PyObject *arg)
410 {
411 char *p;
412 Py_ssize_t n, rn;
413 gkcdsa_sig s = GKCDSA_SIG_INIT;
414 PyObject *rc = 0;
415
416 if (!PyArg_ParseTuple(arg, "s#(s#O&):verify",
417 &p, &n, &s.r, &rn, convmp, &s.s))
418 goto end;
419 if (n != DSA_D(me)->h->hashsz)
420 VALERR("bad message length (doesn't match hash size)");
421 if (rn != DSA_D(me)->h->hashsz)
422 VALERR("bad signature `r' length (doesn't match hash size)");
423 rc = getbool(!gkcdsa_verify(DSA_D(me), &s, p));
424 end:
425 mp_drop(s.s);
426 return (rc);
427 }
428
429 static PyMethodDef kcdsapub_pymethods[] = {
430 #define METHNAME(name) kcdsameth_##name
431 METH (beginhash, "D.beginhash() -> hash object")
432 METH (endhash, "D.endhash(H) -> BYTES")
433 METH (verify, "D.verify(MSG, (R, S)) -> true/false")
434 #undef METHNAME
435 { 0 }
436 };
437
438 static PyMethodDef kcdsapriv_pymethods[] = {
439 #define METHNAME(name) kcdsameth_##name
440 KWMETH(sign, "D.sign(MSG, [k = K]) -> R, S")
441 #undef METHNAME
442 { 0 }
443 };
444
445 static PyTypeObject kcdsapub_pytype_skel = {
446 PyObject_HEAD_INIT(0) 0, /* Header */
447 "KCDSAPub", /* @tp_name@ */
448 sizeof(dsa_pyobj), /* @tp_basicsize@ */
449 0, /* @tp_itemsize@ */
450
451 dsa_pydealloc, /* @tp_dealloc@ */
452 0, /* @tp_print@ */
453 0, /* @tp_getattr@ */
454 0, /* @tp_setattr@ */
455 0, /* @tp_compare@ */
456 0, /* @tp_repr@ */
457 0, /* @tp_as_number@ */
458 0, /* @tp_as_sequence@ */
459 0, /* @tp_as_mapping@ */
460 0, /* @tp_hash@ */
461 0, /* @tp_call@ */
462 0, /* @tp_str@ */
463 0, /* @tp_getattro@ */
464 0, /* @tp_setattro@ */
465 0, /* @tp_as_buffer@ */
466 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
467 Py_TPFLAGS_BASETYPE,
468
469 /* @tp_doc@ */
470 "KCDSAPub(GROUP, P, [hash = sha], [rng = rand]): KCDSA public key.",
471
472 0, /* @tp_traverse@ */
473 0, /* @tp_clear@ */
474 0, /* @tp_richcompare@ */
475 0, /* @tp_weaklistoffset@ */
476 0, /* @tp_iter@ */
477 0, /* @tp_iternext@ */
478 kcdsapub_pymethods, /* @tp_methods@ */
479 dsapub_pymembers, /* @tp_members@ */
480 0, /* @tp_getset@ */
481 0, /* @tp_base@ */
482 0, /* @tp_dict@ */
483 0, /* @tp_descr_get@ */
484 0, /* @tp_descr_set@ */
485 0, /* @tp_dictoffset@ */
486 0, /* @tp_init@ */
487 PyType_GenericAlloc, /* @tp_alloc@ */
488 kcdsapub_pynew, /* @tp_new@ */
489 0, /* @tp_free@ */
490 0 /* @tp_is_gc@ */
491 };
492
493 static PyTypeObject kcdsapriv_pytype_skel = {
494 PyObject_HEAD_INIT(0) 0, /* Header */
495 "KCDSAPriv", /* @tp_name@ */
496 sizeof(dsa_pyobj), /* @tp_basicsize@ */
497 0, /* @tp_itemsize@ */
498
499 0, /* @tp_dealloc@ */
500 0, /* @tp_print@ */
501 0, /* @tp_getattr@ */
502 0, /* @tp_setattr@ */
503 0, /* @tp_compare@ */
504 0, /* @tp_repr@ */
505 0, /* @tp_as_number@ */
506 0, /* @tp_as_sequence@ */
507 0, /* @tp_as_mapping@ */
508 0, /* @tp_hash@ */
509 0, /* @tp_call@ */
510 0, /* @tp_str@ */
511 0, /* @tp_getattro@ */
512 0, /* @tp_setattro@ */
513 0, /* @tp_as_buffer@ */
514 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
515 Py_TPFLAGS_BASETYPE,
516
517 /* @tp_doc@ */
518 "KCDSAPriv(GROUP, U, [p = u G], [hash = sha], [rng = rand]): "
519 "KCDSA private key.",
520
521 0, /* @tp_traverse@ */
522 0, /* @tp_clear@ */
523 0, /* @tp_richcompare@ */
524 0, /* @tp_weaklistoffset@ */
525 0, /* @tp_iter@ */
526 0, /* @tp_iternext@ */
527 kcdsapriv_pymethods, /* @tp_methods@ */
528 dsapriv_pymembers, /* @tp_members@ */
529 0, /* @tp_getset@ */
530 0, /* @tp_base@ */
531 0, /* @tp_dict@ */
532 0, /* @tp_descr_get@ */
533 0, /* @tp_descr_set@ */
534 0, /* @tp_dictoffset@ */
535 0, /* @tp_init@ */
536 PyType_GenericAlloc, /* @tp_alloc@ */
537 kcdsapriv_pynew, /* @tp_new@ */
538 0, /* @tp_free@ */
539 0 /* @tp_is_gc@ */
540 };
541
542 /*----- RSA ---------------------------------------------------------------*/
543
544 typedef struct rsapub_pyobj {
545 PyObject_HEAD
546 rsa_pub pub;
547 rsa_pubctx pubctx;
548 } rsapub_pyobj;
549
550 #define RSA_PUB(o) (&((rsapub_pyobj *)(o))->pub)
551 #define RSA_PUBCTX(o) (&((rsapub_pyobj *)(o))->pubctx)
552
553 typedef struct rsapriv_pyobj {
554 PyObject_HEAD
555 rsa_pub pub;
556 rsa_pubctx pubctx;
557 rsa_priv priv;
558 rsa_privctx privctx;
559 PyObject *rng;
560 } rsapriv_pyobj;
561
562 #define RSA_PRIV(o) (&((rsapriv_pyobj *)(o))->priv)
563 #define RSA_PRIVCTX(o) (&((rsapriv_pyobj *)(o))->privctx)
564 #define RSA_RNG(o) (((rsapriv_pyobj *)(o))->rng)
565
566 static PyTypeObject *rsapub_pytype, *rsapriv_pytype;
567
568 static PyObject *rsapub_pynew(PyTypeObject *ty,
569 PyObject *arg, PyObject *kw)
570 {
571 rsa_pub rp = { 0 };
572 rsapub_pyobj *o;
573 static const char *const kwlist[] = { "n", "e", 0 };
574
575 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&O&:new", KWLIST,
576 convmp, &rp.n, convmp, &rp.e))
577 goto end;
578 if (!MP_ODDP(rp.n)) VALERR("RSA modulus must be even");
579 o = (rsapub_pyobj *)ty->tp_alloc(ty, 0);
580 o->pub = rp;
581 rsa_pubcreate(&o->pubctx, &o->pub);
582 return ((PyObject *)o);
583 end:
584 rsa_pubfree(&rp);
585 return (0);
586 }
587
588 static void rsapub_pydealloc(PyObject *me)
589 {
590 rsa_pubdestroy(RSA_PUBCTX(me));
591 rsa_pubfree(RSA_PUB(me));
592 FREEOBJ(me);
593 }
594
595 static PyObject *rsaget_n(PyObject *me, void *hunoz)
596 { return mp_pywrap(MP_COPY(RSA_PUB(me)->n)); }
597
598 static PyObject *rsaget_e(PyObject *me, void *hunoz)
599 { return mp_pywrap(MP_COPY(RSA_PUB(me)->e)); }
600
601 static PyObject *rsameth_pubop(PyObject *me, PyObject *arg)
602 {
603 mp *x = 0;
604 PyObject *rc = 0;
605
606 if (!PyArg_ParseTuple(arg, "O&:pubop", convmp, &x)) goto end;
607 rc = mp_pywrap(rsa_pubop(RSA_PUBCTX(me), MP_NEW, x));
608 end:
609 mp_drop(x);
610 return (rc);
611 }
612
613 static PyObject *rsapriv_dopywrap(PyTypeObject *ty,
614 rsa_priv *rp, PyObject *rng)
615 {
616 rsapriv_pyobj *o;
617
618 o = (rsapriv_pyobj *)ty->tp_alloc(ty, 0);
619 o->priv = *rp;
620 o->pub.n = rp->n;
621 o->pub.e = rp->e;
622 rsa_privcreate(&o->privctx, &o->priv, &rand_global);
623 rsa_pubcreate(&o->pubctx, &o->pub);
624 if (!rng) {
625 rng = Py_None;
626 Py_INCREF(rng);
627 }
628 o->rng = rng;
629 return ((PyObject *)o);
630 }
631
632 PyObject *rsapriv_pywrap(rsa_priv *rp)
633 { return rsapriv_dopywrap(rsapriv_pytype, rp, 0); }
634
635 static PyObject *rsapriv_pynew(PyTypeObject *ty,
636 PyObject *arg, PyObject *kw)
637 {
638 rsa_priv rp = { 0 };
639 PyObject *rng = Py_None;
640 static const char *const kwlist[] =
641 { "n", "e", "d", "p", "q", "dp", "dq", "q_inv", "rng", 0 };
642
643 if (!PyArg_ParseTupleAndKeywords(arg, kw, "|O&O&O&O&O&O&O&O&O:new", KWLIST,
644 convmp, &rp.n, convmp, &rp.e,
645 convmp, &rp.d,
646 convmp, &rp.p, convmp, &rp.q,
647 convmp, &rp.dp, convmp, &rp.dq,
648 convmp, &rp.q_inv,
649 &rng))
650 goto end;
651 if ((rp.n && !MP_ODDP(rp.n)) ||
652 (rp.p && !MP_ODDP(rp.p)) ||
653 (rp.q && !MP_ODDP(rp.q)))
654 VALERR("RSA modulus and factors must be odd");
655 if (rsa_recover(&rp)) VALERR("couldn't construct private key");
656 if (rng != Py_None && !GRAND_PYCHECK(rng))
657 TYERR("not a random number source");
658 Py_INCREF(rng);
659 return (rsapriv_dopywrap(ty, &rp, rng));
660 end:
661 rsa_privfree(&rp);
662 return (0);
663 }
664
665 static void rsapriv_pydealloc(PyObject *me)
666 {
667 RSA_PRIVCTX(me)->r = &rand_global;
668 rsa_privdestroy(RSA_PRIVCTX(me));
669 rsa_privfree(RSA_PRIV(me));
670 Py_DECREF(RSA_RNG(me));
671 FREEOBJ(me);
672 }
673
674 static PyObject *rsaget_d(PyObject *me, void *hunoz)
675 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->d)); }
676
677 static PyObject *rsaget_p(PyObject *me, void *hunoz)
678 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->p)); }
679
680 static PyObject *rsaget_q(PyObject *me, void *hunoz)
681 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->q)); }
682
683 static PyObject *rsaget_dp(PyObject *me, void *hunoz)
684 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->dp)); }
685
686 static PyObject *rsaget_dq(PyObject *me, void *hunoz)
687 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->dq)); }
688
689 static PyObject *rsaget_q_inv(PyObject *me, void *hunoz)
690 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->q_inv)); }
691
692 static PyObject *rsaget_rng(PyObject *me, void *hunoz)
693 { RETURN_OBJ(RSA_RNG(me)); }
694
695 static int rsaset_rng(PyObject *me, PyObject *val, void *hunoz)
696 {
697 int rc = -1;
698 if (!val)
699 val = Py_None;
700 else if (val != Py_None && !GRAND_PYCHECK(val))
701 TYERR("expected grand or None");
702 Py_DECREF(RSA_RNG(me));
703 RSA_RNG(me) = val;
704 Py_INCREF(val);
705 rc = 0;
706 end:
707 return (rc);
708 }
709
710 static PyObject *rsameth_privop(PyObject *me, PyObject *arg, PyObject *kw)
711 {
712 PyObject *rng = RSA_RNG(me);
713 mp *x = 0;
714 PyObject *rc = 0;
715 static const char *const kwlist[] = { "x", "rng", 0 };
716
717 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&|O:privop", KWLIST,
718 convmp, &x, &rng))
719 goto end;
720 if (rng != Py_None && !GRAND_PYCHECK(rng))
721 TYERR("not a random number source");
722 RSA_PRIVCTX(me)->r = (rng == Py_None) ? 0 : GRAND_R(rng);
723 rc = mp_pywrap(rsa_privop(RSA_PRIVCTX(me), MP_NEW, x));
724 end:
725 mp_drop(x);
726 return (rc);
727 }
728
729 static PyObject *meth__RSAPriv_generate(PyObject *me,
730 PyObject *arg, PyObject *kw)
731 {
732 grand *r = &rand_global;
733 unsigned nbits;
734 unsigned n = 0;
735 rsa_priv rp;
736 mp *e = 0;
737 struct excinfo exc = EXCINFO_INIT;
738 pypgev evt = { { 0 } };
739 static const char *const kwlist[] =
740 { "class", "nbits", "event", "rng", "nsteps", "e", 0 };
741 PyObject *rc = 0;
742
743 evt.exc = &exc;
744 if (!PyArg_ParseTupleAndKeywords(arg, kw, "OO&|O&O&O&O&:generate", KWLIST,
745 &me, convuint, &nbits, convpgev, &evt,
746 convgrand, &r, convuint, &n,
747 convmp, &e))
748 goto end;
749 if (e) MP_COPY(e);
750 else e = mp_fromulong(MP_NEW, 65537);
751 if (rsa_gen_e(&rp, nbits, e, r, n, evt.ev.proc, evt.ev.ctx))
752 PGENERR(&exc);
753 rc = rsapriv_pywrap(&rp);
754 end:
755 droppgev(&evt);
756 mp_drop(e);
757 return (rc);
758 }
759
760 static PyGetSetDef rsapub_pygetset[] = {
761 #define GETSETNAME(op, name) rsa##op##_##name
762 GET (n, "R.n -> N")
763 GET (e, "R.e -> E")
764 #undef GETSETNAME
765 { 0 }
766 };
767
768 static PyMethodDef rsapub_pymethods[] = {
769 #define METHNAME(name) rsameth_##name
770 METH (pubop, "R.pubop(X) -> X^E (mod N)")
771 #undef METHNAME
772 { 0 }
773 };
774
775 static PyGetSetDef rsapriv_pygetset[] = {
776 #define GETSETNAME(op, name) rsa##op##_##name
777 GET (d, "R.d -> D")
778 GET (p, "R.p -> P")
779 GET (q, "R.q -> Q")
780 GET (dp, "R.dp -> D mod (P - 1)")
781 GET (dq, "R.dq -> D mod (Q - 1)")
782 GET (q_inv, "R.q_inv -> Q^{-1} mod P")
783 GETSET(rng, "R.rng -> random number source for blinding")
784 #undef GETSETNAME
785 { 0 }
786 };
787
788 static PyMethodDef rsapriv_pymethods[] = {
789 #define METHNAME(name) rsameth_##name
790 KWMETH(privop, "R.privop(X, [rng = None]) -> X^D (mod N)")
791 #undef METHNAME
792 { 0 }
793 };
794
795 static PyTypeObject rsapub_pytype_skel = {
796 PyObject_HEAD_INIT(0) 0, /* Header */
797 "RSAPub", /* @tp_name@ */
798 sizeof(rsapub_pyobj), /* @tp_basicsize@ */
799 0, /* @tp_itemsize@ */
800
801 rsapub_pydealloc, /* @tp_dealloc@ */
802 0, /* @tp_print@ */
803 0, /* @tp_getattr@ */
804 0, /* @tp_setattr@ */
805 0, /* @tp_compare@ */
806 0, /* @tp_repr@ */
807 0, /* @tp_as_number@ */
808 0, /* @tp_as_sequence@ */
809 0, /* @tp_as_mapping@ */
810 0, /* @tp_hash@ */
811 0, /* @tp_call@ */
812 0, /* @tp_str@ */
813 0, /* @tp_getattro@ */
814 0, /* @tp_setattro@ */
815 0, /* @tp_as_buffer@ */
816 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
817 Py_TPFLAGS_BASETYPE,
818
819 /* @tp_doc@ */
820 "RSAPub(N, E): RSA public key.",
821
822 0, /* @tp_traverse@ */
823 0, /* @tp_clear@ */
824 0, /* @tp_richcompare@ */
825 0, /* @tp_weaklistoffset@ */
826 0, /* @tp_iter@ */
827 0, /* @tp_iternext@ */
828 rsapub_pymethods, /* @tp_methods@ */
829 0, /* @tp_members@ */
830 rsapub_pygetset, /* @tp_getset@ */
831 0, /* @tp_base@ */
832 0, /* @tp_dict@ */
833 0, /* @tp_descr_get@ */
834 0, /* @tp_descr_set@ */
835 0, /* @tp_dictoffset@ */
836 0, /* @tp_init@ */
837 PyType_GenericAlloc, /* @tp_alloc@ */
838 rsapub_pynew, /* @tp_new@ */
839 0, /* @tp_free@ */
840 0 /* @tp_is_gc@ */
841 };
842
843 static PyTypeObject rsapriv_pytype_skel = {
844 PyObject_HEAD_INIT(0) 0, /* Header */
845 "RSAPriv", /* @tp_name@ */
846 sizeof(rsapriv_pyobj), /* @tp_basicsize@ */
847 0, /* @tp_itemsize@ */
848
849 rsapriv_pydealloc, /* @tp_dealloc@ */
850 0, /* @tp_print@ */
851 0, /* @tp_getattr@ */
852 0, /* @tp_setattr@ */
853 0, /* @tp_compare@ */
854 0, /* @tp_repr@ */
855 0, /* @tp_as_number@ */
856 0, /* @tp_as_sequence@ */
857 0, /* @tp_as_mapping@ */
858 0, /* @tp_hash@ */
859 0, /* @tp_call@ */
860 0, /* @tp_str@ */
861 0, /* @tp_getattro@ */
862 0, /* @tp_setattro@ */
863 0, /* @tp_as_buffer@ */
864 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
865 Py_TPFLAGS_BASETYPE,
866
867 /* @tp_doc@ */
868 "RSAPriv(..., [rng = rand]): RSA private key.\n"
869 " Keywords: n, e, d, p, q, dp, dq, q_inv; must provide enough",
870
871 0, /* @tp_traverse@ */
872 0, /* @tp_clear@ */
873 0, /* @tp_richcompare@ */
874 0, /* @tp_weaklistoffset@ */
875 0, /* @tp_iter@ */
876 0, /* @tp_iternext@ */
877 rsapriv_pymethods, /* @tp_methods@ */
878 0, /* @tp_members@ */
879 rsapriv_pygetset, /* @tp_getset@ */
880 0, /* @tp_base@ */
881 0, /* @tp_dict@ */
882 0, /* @tp_descr_get@ */
883 0, /* @tp_descr_set@ */
884 0, /* @tp_dictoffset@ */
885 0, /* @tp_init@ */
886 PyType_GenericAlloc, /* @tp_alloc@ */
887 rsapriv_pynew, /* @tp_new@ */
888 0, /* @tp_free@ */
889 0 /* @tp_is_gc@ */
890 };
891
892 /*----- RSA padding schemes -----------------------------------------------*/
893
894 static PyObject *meth__p1crypt_encode(PyObject *me,
895 PyObject *arg, PyObject *kw)
896 {
897 pkcs1 p1;
898 char *m, *ep;
899 Py_ssize_t msz, epsz;
900 unsigned long nbits;
901 PyObject *rc = 0;
902 octet *b = 0;
903 size_t sz;
904 mp *x;
905 static const char *const kwlist[] = { "msg", "nbits", "ep", "rng", 0 };
906
907 p1.r = &rand_global; ep = 0; epsz = 0;
908 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|s#O&:encode", KWLIST,
909 &m, &msz, convulong, &nbits,
910 &ep, &epsz, convgrand, &p1.r))
911 goto end;
912 sz = (nbits + 7)/8;
913 p1.ep = ep; p1.epsz = epsz;
914 if (epsz + msz + 11 > sz) VALERR("buffer underflow");
915 b = xmalloc(sz);
916 x = pkcs1_cryptencode(MP_NEW, m, msz, b, sz, nbits, &p1);
917 rc = mp_pywrap(x);
918 end:
919 xfree(b);
920 return (rc);
921 }
922
923 static PyObject *meth__p1crypt_decode(PyObject *me,
924 PyObject *arg, PyObject *kw)
925 {
926 pkcs1 p1;
927 char *ep;
928 Py_ssize_t epsz;
929 unsigned long nbits;
930 int n;
931 PyObject *rc = 0;
932 octet *b = 0;
933 size_t sz;
934 mp *x = 0;
935 static const char *const kwlist[] = { "ct", "nbits", "ep", "rng", 0 };
936
937 p1.r = &rand_global; ep = 0; epsz = 0;
938 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&O&|s#O&:decode", KWLIST,
939 convmp, &x, convulong, &nbits,
940 &ep, &epsz, convgrand, &p1.r))
941 goto end;
942 sz = (nbits + 7)/8;
943 p1.ep = ep; p1.epsz = epsz;
944 if (epsz + 11 > sz) VALERR("buffer underflow");
945 b = xmalloc(sz);
946 if ((n = pkcs1_cryptdecode(x, b, sz, nbits, &p1)) < 0)
947 VALERR("decryption failed");
948 rc = bytestring_pywrap(b, n);
949 end:
950 mp_drop(x);
951 xfree(b);
952 return (rc);
953 }
954
955 static PyObject *meth__p1sig_encode(PyObject *me,
956 PyObject *arg, PyObject *kw)
957 {
958 pkcs1 p1;
959 char *m, *ep;
960 Py_ssize_t msz, epsz;
961 unsigned long nbits;
962 PyObject *rc = 0;
963 octet *b = 0;
964 size_t sz;
965 mp *x;
966 static const char *const kwlist[] = { "msg", "nbits", "ep", "rng", 0 };
967
968 p1.r = &rand_global; ep = 0; epsz = 0;
969 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|s#O&:encode", KWLIST,
970 &m, &msz, convulong, &nbits,
971 &ep, &epsz, convgrand, &p1.r))
972 goto end;
973 sz = (nbits + 7)/8;
974 p1.ep = ep; p1.epsz = epsz;
975 if (epsz + msz + 11 > sz) VALERR("buffer underflow");
976 b = xmalloc(sz);
977 x = pkcs1_sigencode(MP_NEW, m, msz, b, sz, nbits, &p1);
978 rc = mp_pywrap(x);
979 end:
980 xfree(b);
981 return (rc);
982 }
983
984 static PyObject *meth__p1sig_decode(PyObject *me,
985 PyObject *arg, PyObject *kw)
986 {
987 pkcs1 p1;
988 char *ep;
989 Py_ssize_t epsz;
990 unsigned long nbits;
991 int n;
992 PyObject *hukairz;
993 PyObject *rc = 0;
994 octet *b = 0;
995 size_t sz;
996 mp *x = 0;
997 static const char *const kwlist[] =
998 { "msg", "sig", "nbits", "ep", "rng", 0 };
999
1000 p1.r = &rand_global; ep = 0; epsz = 0;
1001 if (!PyArg_ParseTupleAndKeywords(arg, kw, "OO&O&|s#O&:decode", KWLIST,
1002 &hukairz, convmp, &x, convulong, &nbits,
1003 &ep, &epsz, convgrand, &p1.r))
1004 goto end;
1005 sz = (nbits + 7)/8;
1006 p1.ep = ep; p1.epsz = epsz;
1007 if (epsz + 10 > sz) VALERR("buffer underflow");
1008 b = xmalloc(sz);
1009 if ((n = pkcs1_sigdecode(x, 0, 0, b, sz, nbits, &p1)) < 0)
1010 VALERR("verification failed");
1011 rc = bytestring_pywrap(b, n);
1012 end:
1013 mp_drop(x);
1014 xfree(b);
1015 return (rc);
1016 }
1017
1018 static PyObject *meth__oaep_encode(PyObject *me,
1019 PyObject *arg, PyObject *kw)
1020 {
1021 oaep o;
1022 char *m, *ep;
1023 Py_ssize_t msz, epsz;
1024 unsigned long nbits;
1025 PyObject *rc = 0;
1026 octet *b = 0;
1027 size_t sz;
1028 mp *x;
1029 static const char *const kwlist[] =
1030 { "msg", "nbits", "mgf", "hash", "ep", "rng", 0 };
1031
1032 o.r = &rand_global; o.cc = &sha_mgf; o.ch = &sha; ep = 0; epsz = 0;
1033 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|O&O&s#O&:encode", KWLIST,
1034 &m, &msz, convulong, &nbits,
1035 convgccipher, &o.cc,
1036 convgchash, &o.ch,
1037 &ep, &epsz,
1038 convgrand, &o.r))
1039 goto end;
1040 sz = (nbits + 7)/8;
1041 o.ep = ep; o.epsz = epsz;
1042 if (2 * o.ch->hashsz + 2 + msz > sz) VALERR("buffer underflow");
1043 b = xmalloc(sz);
1044 x = oaep_encode(MP_NEW, m, msz, b, sz, nbits, &o);
1045 rc = mp_pywrap(x);
1046 end:
1047 xfree(b);
1048 return (rc);
1049 }
1050
1051 static PyObject *meth__oaep_decode(PyObject *me,
1052 PyObject *arg, PyObject *kw)
1053 {
1054 oaep o;
1055 char *ep;
1056 Py_ssize_t epsz;
1057 unsigned long nbits;
1058 int n;
1059 PyObject *rc = 0;
1060 octet *b = 0;
1061 size_t sz;
1062 mp *x = 0;
1063 static const char *const kwlist[] =
1064 { "ct", "nbits", "mgf", "hash", "ep", "rng", 0 };
1065
1066 o.r = &rand_global; o.cc = &sha_mgf; o.ch = &sha; ep = 0; epsz = 0;
1067 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&O&|O&O&s#O&:decode", KWLIST,
1068 convmp, &x, convulong, &nbits,
1069 convgccipher, &o.cc,
1070 convgchash, &o.ch,
1071 &ep, &epsz,
1072 convgrand, &o.r))
1073 goto end;
1074 sz = (nbits + 7)/8;
1075 o.ep = ep; o.epsz = epsz;
1076 if (2 * o.ch->hashsz > sz) VALERR("buffer underflow");
1077 b = xmalloc(sz);
1078 if ((n = oaep_decode(x, b, sz, nbits, &o)) < 0)
1079 VALERR("decryption failed");
1080 rc = bytestring_pywrap(b, n);
1081 end:
1082 mp_drop(x);
1083 xfree(b);
1084 return (rc);
1085 }
1086
1087 static PyObject *meth__pss_encode(PyObject *me,
1088 PyObject *arg, PyObject *kw)
1089 {
1090 pss p;
1091 char *m;
1092 Py_ssize_t msz;
1093 unsigned long nbits;
1094 PyObject *rc = 0;
1095 octet *b = 0;
1096 size_t sz;
1097 mp *x = 0;
1098 static const char *const kwlist[] =
1099 { "msg", "nbits", "mgf", "hash", "saltsz", "rng", 0 };
1100
1101 p.cc = &sha_mgf; p.ch = &sha; p.r = &rand_global; p.ssz = (size_t)-1;
1102 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|O&O&O&O&:encode", KWLIST,
1103 &m, &msz, convulong, &nbits,
1104 convgccipher, &p.cc,
1105 convgchash, &p.ch,
1106 convszt, &p.ssz,
1107 convgrand, &p.r))
1108 goto end;
1109 sz = (nbits + 7)/8;
1110 if (p.ssz == (size_t)-1) p.ssz = p.ch->hashsz;
1111 if (p.ch->hashsz + p.ssz + 2 > sz) VALERR("buffer underflow");
1112 b = xmalloc(sz);
1113 x = pss_encode(MP_NEW, m, msz, b, sz, nbits, &p);
1114 rc = mp_pywrap(x);
1115 end:
1116 xfree(b);
1117 return (rc);
1118 }
1119
1120 static PyObject *meth__pss_decode(PyObject *me,
1121 PyObject *arg, PyObject *kw)
1122 {
1123 pss p;
1124 char *m;
1125 Py_ssize_t msz;
1126 unsigned long nbits;
1127 PyObject *rc = 0;
1128 octet *b = 0;
1129 size_t sz;
1130 int n;
1131 mp *x = 0;
1132 static const char *const kwlist[] =
1133 { "msg", "sig", "nbits", "mgf", "hash", "saltsz", "rng", 0 };
1134
1135 p.cc = &sha_mgf; p.ch = &sha; p.r = &rand_global; p.ssz = (size_t)-1;
1136 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&O&|O&O&O&O&:decode", KWLIST,
1137 &m, &msz, convmp, &x, convulong, &nbits,
1138 convgccipher, &p.cc,
1139 convgchash, &p.ch,
1140 convszt, &p.ssz,
1141 convgrand, &p.r))
1142 goto end;
1143 sz = (nbits + 7)/8;
1144 if (p.ssz == (size_t)-1) p.ssz = p.ch->hashsz;
1145 if (p.ch->hashsz + p.ssz + 2 > sz) VALERR("buffer underflow");
1146 b = xmalloc(sz);
1147 if ((n = pss_decode(x, m, msz, b, sz, nbits, &p)) < 0)
1148 VALERR("verification failed");
1149 rc = Py_None; Py_INCREF(rc);
1150 end:
1151 mp_drop(x);
1152 xfree(b);
1153 return (rc);
1154 }
1155
1156 /*----- X25519 and related algorithms -------------------------------------*/
1157
1158 #define XDHS(_) \
1159 _(X25519, x25519) \
1160 _(X448, x448)
1161
1162 #define DEFXDH(X, x) \
1163 static PyObject *meth_##x(PyObject *me, PyObject *arg) \
1164 { \
1165 const char *k, *p; \
1166 Py_ssize_t ksz, psz; \
1167 PyObject *rc = 0; \
1168 if (!PyArg_ParseTuple(arg, "s#s#:" #x, &k, &ksz, &p, &psz)) \
1169 goto end; \
1170 if (ksz != X##_KEYSZ) VALERR("bad key length"); \
1171 if (psz != X##_PUBSZ) VALERR("bad public length"); \
1172 rc = bytestring_pywrap(0, X##_OUTSZ); \
1173 x((octet *)PyString_AS_STRING(rc), \
1174 (const octet *)k, (const octet *)p); \
1175 return (rc); \
1176 end: \
1177 return (0); \
1178 }
1179 XDHS(DEFXDH)
1180 #undef DEFXDH
1181
1182 /*----- Ed25519 and related algorithms ------------------------------------*/
1183
1184 #define EDDSAS(_) \
1185 _(ED25519, ed25519, -1, ctx) \
1186 _(ED448, ed448, 0, )
1187
1188 #define DEFEDDSA(ED, ed, phdflt, sigver) \
1189 \
1190 static PyObject *meth_##ed##_pubkey(PyObject *me, PyObject *arg) \
1191 { \
1192 const char *k; \
1193 Py_ssize_t ksz; \
1194 PyObject *rc = 0; \
1195 if (!PyArg_ParseTuple(arg, "s#:" #ed "_pubkey", &k, &ksz)) \
1196 goto end; \
1197 rc = bytestring_pywrap(0, ED##_PUBSZ); \
1198 ed##_pubkey((octet *)PyString_AS_STRING(rc), k, ksz); \
1199 return (rc); \
1200 end: \
1201 return (0); \
1202 } \
1203 \
1204 static PyObject *meth_##ed##_sign(PyObject *me, PyObject *arg, \
1205 PyObject *kw) \
1206 { \
1207 const char *k, *p = 0, *c = 0, *m; \
1208 Py_ssize_t ksz, psz, csz = 0, msz; \
1209 int ph = phdflt; \
1210 PyObject *rc = 0; \
1211 octet pp[ED##_PUBSZ]; \
1212 static const char *const kwlist[] = \
1213 { "key", "msg", "pub", "perso", "phflag", 0 }; \
1214 if (!PyArg_ParseTupleAndKeywords(arg, kw, \
1215 "s#s#|s#s#O&:" #ed "_sign", \
1216 KWLIST, \
1217 &k, &ksz, &m, &msz, &p, &psz, \
1218 &c, &csz, convbool, &ph)) \
1219 goto end; \
1220 if (p && psz != ED##_PUBSZ) VALERR("bad public length"); \
1221 if (c && csz > ED##_MAXPERSOSZ) \
1222 VALERR("personalization string too long"); \
1223 if (c && ph == -1) ph = 0; \
1224 if (!p) { p = (const char *)pp; ed##_pubkey(pp, k, ksz); } \
1225 rc = bytestring_pywrap(0, ED##_SIGSZ); \
1226 ed##sigver##_sign((octet *)PyString_AS_STRING(rc), k, ksz, \
1227 (const octet *)p, ph, c, csz, m, msz); \
1228 return (rc); \
1229 end: \
1230 return (0); \
1231 } \
1232 \
1233 static PyObject *meth_##ed##_verify(PyObject *me, \
1234 PyObject *arg, PyObject *kw) \
1235 { \
1236 const char *p, *c = 0, *m, *s; \
1237 Py_ssize_t psz, csz = 0, msz, ssz; \
1238 int ph = phdflt; \
1239 PyObject *rc = 0; \
1240 static const char *const kwlist[] = \
1241 { "pub", "msg", "sig", "perso", "phflag", 0 }; \
1242 if (!PyArg_ParseTupleAndKeywords(arg, kw, \
1243 "s#s#s#|s#O&:" #ed "_verify", \
1244 KWLIST, \
1245 &p, &psz, &m, &msz, &s, &ssz, \
1246 &c, &csz, convbool, &ph)) \
1247 goto end; \
1248 if (psz != ED##_PUBSZ) VALERR("bad public length"); \
1249 if (ssz != ED##_SIGSZ) VALERR("bad signature length"); \
1250 if (c && csz > ED##_MAXPERSOSZ) \
1251 VALERR("personalization string too long"); \
1252 if (c && ph == -1) ph = 0; \
1253 rc = getbool(!ed##sigver##_verify((const octet *)p, ph, c, csz, \
1254 m, msz, (const octet *)s)); \
1255 return (rc); \
1256 end: \
1257 return (0); \
1258 }
1259 EDDSAS(DEFEDDSA)
1260 #undef DEFEDDSA
1261
1262 /*----- Global stuff ------------------------------------------------------*/
1263
1264 static PyMethodDef methods[] = {
1265 #define METHNAME(name) meth_##name
1266 KWMETH(_p1crypt_encode, 0)
1267 KWMETH(_p1crypt_decode, 0)
1268 KWMETH(_p1sig_encode, 0)
1269 KWMETH(_p1sig_decode, 0)
1270 KWMETH(_oaep_encode, 0)
1271 KWMETH(_oaep_decode, 0)
1272 KWMETH(_pss_encode, 0)
1273 KWMETH(_pss_decode, 0)
1274 KWMETH(_RSAPriv_generate, "generate(NBITS, [event = pgen_nullev], "
1275 "[rng = rand], [nsteps = 0]) -> R")
1276 #define DEFMETH(X, x) \
1277 METH (x, "" #x "(KEY, PUBLIC) -> SHARED")
1278 XDHS(DEFMETH)
1279 #undef DEFMETH
1280 #define DEFMETH(ED, ed, phdflt, sigver) \
1281 METH (ed##_pubkey, "" #ed "_pubkey(KEY) -> PUBLIC") \
1282 KWMETH(ed##_sign, "" #ed "_sign(KEY, MSG, [pub = PUBLIC], " \
1283 "[perso = STRING], [phflag = BOOL]) -> SIG") \
1284 KWMETH(ed##_verify, "" #ed "_verify(PUBLIC, MSG, SIG, " \
1285 "[perso = STRING], [phflag = BOOL]) -> BOOL")
1286 EDDSAS(DEFMETH)
1287 #undef DEFMETH
1288 #undef METHNAME
1289 { 0 }
1290 };
1291
1292 void pubkey_pyinit(void)
1293 {
1294 INITTYPE(dsapub, root);
1295 INITTYPE(dsapriv, dsapub);
1296 INITTYPE(kcdsapub, root);
1297 INITTYPE(kcdsapriv, kcdsapub);
1298 INITTYPE(rsapub, root);
1299 INITTYPE(rsapriv, rsapub);
1300 addmethods(methods);
1301 }
1302
1303 void pubkey_pyinsert(PyObject *mod)
1304 {
1305 INSERT("DSAPub", dsapub_pytype);
1306 INSERT("DSAPriv", dsapriv_pytype);
1307 INSERT("KCDSAPub", kcdsapub_pytype);
1308 INSERT("KCDSAPriv", kcdsapriv_pytype);
1309 INSERT("RSAPub", rsapub_pytype);
1310 INSERT("RSAPriv", rsapriv_pytype);
1311 }
1312
1313 /*----- That's all, folks -------------------------------------------------*/
Catacomb cryptographic library -- Python bindings