3 * Public-key cryptography
5 * (c) 2004 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of the Python interface to Catacomb.
12 * Catacomb/Python is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
17 * Catacomb/Python is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with Catacomb/Python; if not, write to the Free Software Foundation,
24 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 /*----- Header files ------------------------------------------------------*/
29 #include "catacomb-python.h"
31 /*----- DSA and similar ---------------------------------------------------*/
33 typedef struct dsa_pyobj
{
35 PyObject
*G
, *u
, *p
, *rng
, *hash
;
39 static PyTypeObject
*dsapub_pytype
, *dsapriv_pytype
;
40 static PyTypeObject
*kcdsapub_pytype
, *kcdsapriv_pytype
;
41 #define DSA_D(o) (&((dsa_pyobj *)(o))->d)
42 #define DSA_G(o) (((dsa_pyobj *)(o))->G)
43 #define DSA_U(o) (((dsa_pyobj *)(o))->u)
44 #define DSA_P(o) (((dsa_pyobj *)(o))->p)
45 #define DSA_RNG(o) (((dsa_pyobj *)(o))->rng)
46 #define DSA_HASH(o) (((dsa_pyobj *)(o))->hash)
48 static void dsa_pydealloc(PyObject
*me
)
50 dsa_pyobj
*g
= (dsa_pyobj
*)me
;
51 Py_DECREF(g
->G
); Py_DECREF(g
->u
); Py_DECREF(g
->p
);
52 Py_DECREF(g
->rng
); Py_DECREF(g
->hash
);
56 static PyObject
*dsa_setup(PyTypeObject
*ty
, PyObject
*G
, PyObject
*u
,
57 PyObject
*p
, PyObject
*rng
, PyObject
*hash
,
58 void (*calcpub
)(group
*, ge
*, mp
*))
63 g
= PyObject_New(dsa_pyobj
, ty
);
69 if ((g
->d
.u
= getmp(u
)) == 0)
71 if (MP_PYCHECK(u
)) Py_INCREF(u
);
72 else u
= mp_pywrap(g
->d
.u
);
75 assert(g
->d
.u
); assert(calcpub
);
76 pp
= G_CREATE(GROUP_G(G
));
77 calcpub(GROUP_G(G
), pp
, g
->d
.u
);
79 } else if (GROUP_G(G
) != GE_G(p
) && !group_samep(GROUP_G(G
), GE_G(p
)))
80 TYERR("public key not from group");
83 g
->d
.r
= GRAND_R(rng
);
84 g
->d
.h
= GCHASH_CH(hash
);
85 g
->G
= G
; Py_INCREF(G
); g
->u
= u
; g
->p
= p
;
86 g
->rng
= rng
; Py_INCREF(rng
); g
->hash
= hash
; Py_INCREF(hash
);
87 return ((PyObject
*)g
);
89 Py_XDECREF(p
); FREEOBJ(g
);
93 static PyObject
*dsapub_pynew(PyTypeObject
*ty
,
94 PyObject
*arg
, PyObject
*kw
)
96 PyObject
*G
, *p
, *rng
= rand_pyobj
, *hash
= sha_pyobj
;
98 static const char *const kwlist
[] = { "G", "p", "hash", "rng", 0 };
100 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O!O!|O!O!:new", KWLIST
,
103 gchash_pytype
, &hash
,
104 grand_pytype
, &rng
) ||
105 (rc
= dsa_setup(dsapub_pytype
, G
, 0, p
, rng
, hash
, 0)) == 0)
111 static PyObject
*dsameth_beginhash(PyObject
*me
)
112 { return (ghash_pywrap(DSA_HASH(me
), gdsa_beginhash(DSA_D(me
)))); }
114 static PyObject
*dsameth_endhash(PyObject
*me
, PyObject
*arg
)
118 if (!PyArg_ParseTuple(arg
, "O&:endhash", convghash
, &h
)) return (0);
119 gdsa_endhash(DSA_D(me
), h
);
121 rc
= bytestring_pywrap(0, GH_CLASS(h
)->hashsz
);
122 GH_DONE(h
, PyString_AS_STRING(rc
));
127 static PyObject
*dsameth_sign(PyObject
*me
, PyObject
*arg
, PyObject
*kw
)
129 gdsa_sig s
= GDSA_SIG_INIT
;
134 static const char *const kwlist
[] = { "msg", "k", 0 };
136 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "s#|O&:sign", KWLIST
,
139 if (n
!= DSA_D(me
)->h
->hashsz
)
140 VALERR("bad message length (doesn't match hash size)");
141 gdsa_sign(DSA_D(me
), &s
, p
, k
);
142 rc
= Py_BuildValue("(NN)", mp_pywrap(s
.r
), mp_pywrap(s
.s
));
148 static PyObject
*dsameth_verify(PyObject
*me
, PyObject
*arg
)
152 gdsa_sig s
= GDSA_SIG_INIT
;
155 if (!PyArg_ParseTuple(arg
, "s#(O&O&):verify",
156 &p
, &n
, convmp
, &s
.r
, convmp
, &s
.s
))
158 if (n
!= DSA_D(me
)->h
->hashsz
)
159 VALERR("bad message length (doesn't match hash size)");
160 rc
= getbool(!gdsa_verify(DSA_D(me
), &s
, p
));
167 static void dsa_calcpub(group
*g
, ge
*p
, mp
*u
) { G_EXP(g
, p
, g
->g
, u
); }
169 static PyObject
*dsapriv_pynew(PyTypeObject
*ty
,
170 PyObject
*arg
, PyObject
*kw
)
172 PyObject
*G
, *p
= 0, *u
, *rng
= rand_pyobj
, *hash
= sha_pyobj
;
174 static const char *const kwlist
[] = { "G", "u", "p", "hash", "rng", 0 };
176 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O!O|O!O!O!:new", KWLIST
,
180 gchash_pytype
, &hash
,
181 grand_pytype
, &rng
) ||
182 (rc
= dsa_setup(dsapriv_pytype
, G
, u
, p
, rng
, hash
, dsa_calcpub
)) == 0)
188 static const PyMethodDef dsapub_pymethods
[] = {
189 #define METHNAME(name) dsameth_##name
190 NAMETH(beginhash
, "D.beginhash() -> hash object")
191 METH (endhash
, "D.endhash(H) -> BYTES")
192 METH (verify
, "D.verify(MSG, (R, S)) -> true/false")
197 static const PyMethodDef dsapriv_pymethods
[] = {
198 #define METHNAME(name) dsameth_##name
199 KWMETH(sign
, "D.sign(MSG, [k = K]) -> R, S")
204 static const PyMemberDef dsapub_pymembers
[] = {
205 #define MEMBERSTRUCT dsa_pyobj
206 MEMBER(G
, T_OBJECT
, READONLY
, "D.G -> group to work in")
207 MEMBER(p
, T_OBJECT
, READONLY
, "D.p -> public key (group element")
208 MEMBER(rng
, T_OBJECT
, READONLY
, "D.rng -> random number generator")
209 MEMBER(hash
, T_OBJECT
, READONLY
, "D.hash -> hash class")
214 static const PyMemberDef dsapriv_pymembers
[] = {
215 #define MEMBERSTRUCT dsa_pyobj
216 MEMBER(u
, T_OBJECT
, READONLY
, "D.u -> private key (exponent)")
221 static const PyTypeObject dsapub_pytype_skel
= {
222 PyObject_HEAD_INIT(0) 0, /* Header */
223 "DSAPub", /* @tp_name@ */
224 sizeof(dsa_pyobj
), /* @tp_basicsize@ */
225 0, /* @tp_itemsize@ */
227 dsa_pydealloc
, /* @tp_dealloc@ */
229 0, /* @tp_getattr@ */
230 0, /* @tp_setattr@ */
231 0, /* @tp_compare@ */
233 0, /* @tp_as_number@ */
234 0, /* @tp_as_sequence@ */
235 0, /* @tp_as_mapping@ */
239 0, /* @tp_getattro@ */
240 0, /* @tp_setattro@ */
241 0, /* @tp_as_buffer@ */
242 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
246 "DSAPub(GROUP, P, [hash = sha], [rng = rand]): DSA public key.",
248 0, /* @tp_traverse@ */
250 0, /* @tp_richcompare@ */
251 0, /* @tp_weaklistoffset@ */
253 0, /* @tp_iternext@ */
254 PYMETHODS(dsapub
), /* @tp_methods@ */
255 PYMEMBERS(dsapub
), /* @tp_members@ */
259 0, /* @tp_descr_get@ */
260 0, /* @tp_descr_set@ */
261 0, /* @tp_dictoffset@ */
263 PyType_GenericAlloc
, /* @tp_alloc@ */
264 dsapub_pynew
, /* @tp_new@ */
269 static const PyTypeObject dsapriv_pytype_skel
= {
270 PyObject_HEAD_INIT(0) 0, /* Header */
271 "DSAPriv", /* @tp_name@ */
272 sizeof(dsa_pyobj
), /* @tp_basicsize@ */
273 0, /* @tp_itemsize@ */
275 0, /* @tp_dealloc@ */
277 0, /* @tp_getattr@ */
278 0, /* @tp_setattr@ */
279 0, /* @tp_compare@ */
281 0, /* @tp_as_number@ */
282 0, /* @tp_as_sequence@ */
283 0, /* @tp_as_mapping@ */
287 0, /* @tp_getattro@ */
288 0, /* @tp_setattro@ */
289 0, /* @tp_as_buffer@ */
290 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
294 "DSAPriv(GROUP, U, [p = u G], [hash = sha], [rng = rand]): "
297 0, /* @tp_traverse@ */
299 0, /* @tp_richcompare@ */
300 0, /* @tp_weaklistoffset@ */
302 0, /* @tp_iternext@ */
303 PYMETHODS(dsapriv
), /* @tp_methods@ */
304 PYMEMBERS(dsapriv
), /* @tp_members@ */
308 0, /* @tp_descr_get@ */
309 0, /* @tp_descr_set@ */
310 0, /* @tp_dictoffset@ */
312 PyType_GenericAlloc
, /* @tp_alloc@ */
313 dsapriv_pynew
, /* @tp_new@ */
318 static PyObject
*kcdsapub_pynew(PyTypeObject
*ty
,
319 PyObject
*arg
, PyObject
*kw
)
321 PyObject
*G
, *p
, *rng
= rand_pyobj
, *hash
= has160_pyobj
;
323 static const char *const kwlist
[] = { "G", "p", "hash", "rng", 0 };
325 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O!O!|O!O!:new", KWLIST
,
328 gchash_pytype
, &hash
,
329 grand_pytype
, &rng
) ||
330 (rc
= dsa_setup(kcdsapub_pytype
, G
, 0, p
, rng
, hash
, 0)) == 0)
336 static void kcdsa_calcpub(group
*g
, ge
*p
, mp
*u
)
338 mp
*uinv
= mp_modinv(MP_NEW
, u
, g
->r
);
339 G_EXP(g
, p
, g
->g
, uinv
);
343 static PyObject
*kcdsapriv_pynew(PyTypeObject
*ty
,
344 PyObject
*arg
, PyObject
*kw
)
346 PyObject
*G
, *u
, *p
= 0, *rng
= rand_pyobj
, *hash
= has160_pyobj
;
348 static const char *const kwlist
[] = { "G", "u", "p", "hash", "rng", 0 };
350 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O!O|O!O!O!:new", KWLIST
,
354 gchash_pytype
, &hash
,
355 grand_pytype
, &rng
) ||
356 (rc
= dsa_setup(kcdsapriv_pytype
, G
, u
, p
,
357 rng
, hash
, kcdsa_calcpub
)) == 0)
363 static PyObject
*kcdsameth_beginhash(PyObject
*me
)
364 { return (ghash_pywrap(DSA_HASH(me
), gkcdsa_beginhash(DSA_D(me
)))); }
366 static PyObject
*kcdsameth_endhash(PyObject
*me
, PyObject
*arg
)
370 if (!PyArg_ParseTuple(arg
, "O&:endhash", convghash
, &h
)) return (0);
371 gkcdsa_endhash(DSA_D(me
), h
);
373 rc
= bytestring_pywrap(0, GH_CLASS(h
)->hashsz
);
374 GH_DONE(h
, PyString_AS_STRING(rc
));
379 static PyObject
*kcdsameth_sign(PyObject
*me
, PyObject
*arg
, PyObject
*kw
)
381 gkcdsa_sig s
= GKCDSA_SIG_INIT
;
385 PyObject
*r
= 0, *rc
= 0;
386 static const char *const kwlist
[] = { "msg", "k", 0 };
388 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "s#|O&:sign", KWLIST
,
391 if (n
!= DSA_D(me
)->h
->hashsz
)
392 VALERR("bad message length (doesn't match hash size)");
393 r
= bytestring_pywrap(0, DSA_D(me
)->h
->hashsz
);
394 s
.r
= (octet
*)PyString_AS_STRING(r
);
395 gkcdsa_sign(DSA_D(me
), &s
, p
, k
);
396 rc
= Py_BuildValue("(ON)", r
, mp_pywrap(s
.s
));
403 static PyObject
*kcdsameth_verify(PyObject
*me
, PyObject
*arg
)
407 gkcdsa_sig s
= GKCDSA_SIG_INIT
;
410 if (!PyArg_ParseTuple(arg
, "s#(s#O&):verify",
411 &p
, &n
, &s
.r
, &rn
, convmp
, &s
.s
))
413 if (n
!= DSA_D(me
)->h
->hashsz
)
414 VALERR("bad message length (doesn't match hash size)");
415 if (rn
!= DSA_D(me
)->h
->hashsz
)
416 VALERR("bad signature `r' length (doesn't match hash size)");
417 rc
= getbool(!gkcdsa_verify(DSA_D(me
), &s
, p
));
423 static const PyMethodDef kcdsapub_pymethods
[] = {
424 #define METHNAME(name) kcdsameth_##name
425 NAMETH(beginhash
, "D.beginhash() -> hash object")
426 METH (endhash
, "D.endhash(H) -> BYTES")
427 METH (verify
, "D.verify(MSG, (R, S)) -> true/false")
432 static const PyMethodDef kcdsapriv_pymethods
[] = {
433 #define METHNAME(name) kcdsameth_##name
434 KWMETH(sign
, "D.sign(MSG, [k = K]) -> R, S")
439 static const PyTypeObject kcdsapub_pytype_skel
= {
440 PyObject_HEAD_INIT(0) 0, /* Header */
441 "KCDSAPub", /* @tp_name@ */
442 sizeof(dsa_pyobj
), /* @tp_basicsize@ */
443 0, /* @tp_itemsize@ */
445 dsa_pydealloc
, /* @tp_dealloc@ */
447 0, /* @tp_getattr@ */
448 0, /* @tp_setattr@ */
449 0, /* @tp_compare@ */
451 0, /* @tp_as_number@ */
452 0, /* @tp_as_sequence@ */
453 0, /* @tp_as_mapping@ */
457 0, /* @tp_getattro@ */
458 0, /* @tp_setattro@ */
459 0, /* @tp_as_buffer@ */
460 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
464 "KCDSAPub(GROUP, P, [hash = sha], [rng = rand]): KCDSA public key.",
466 0, /* @tp_traverse@ */
468 0, /* @tp_richcompare@ */
469 0, /* @tp_weaklistoffset@ */
471 0, /* @tp_iternext@ */
472 PYMETHODS(kcdsapub
), /* @tp_methods@ */
473 PYMEMBERS(dsapub
), /* @tp_members@ */
477 0, /* @tp_descr_get@ */
478 0, /* @tp_descr_set@ */
479 0, /* @tp_dictoffset@ */
481 PyType_GenericAlloc
, /* @tp_alloc@ */
482 kcdsapub_pynew
, /* @tp_new@ */
487 static const PyTypeObject kcdsapriv_pytype_skel
= {
488 PyObject_HEAD_INIT(0) 0, /* Header */
489 "KCDSAPriv", /* @tp_name@ */
490 sizeof(dsa_pyobj
), /* @tp_basicsize@ */
491 0, /* @tp_itemsize@ */
493 0, /* @tp_dealloc@ */
495 0, /* @tp_getattr@ */
496 0, /* @tp_setattr@ */
497 0, /* @tp_compare@ */
499 0, /* @tp_as_number@ */
500 0, /* @tp_as_sequence@ */
501 0, /* @tp_as_mapping@ */
505 0, /* @tp_getattro@ */
506 0, /* @tp_setattro@ */
507 0, /* @tp_as_buffer@ */
508 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
512 "KCDSAPriv(GROUP, U, [p = u G], [hash = sha], [rng = rand]): "
513 "KCDSA private key.",
515 0, /* @tp_traverse@ */
517 0, /* @tp_richcompare@ */
518 0, /* @tp_weaklistoffset@ */
520 0, /* @tp_iternext@ */
521 PYMETHODS(kcdsapriv
), /* @tp_methods@ */
522 PYMEMBERS(dsapriv
), /* @tp_members@ */
526 0, /* @tp_descr_get@ */
527 0, /* @tp_descr_set@ */
528 0, /* @tp_dictoffset@ */
530 PyType_GenericAlloc
, /* @tp_alloc@ */
531 kcdsapriv_pynew
, /* @tp_new@ */
536 /*----- RSA ---------------------------------------------------------------*/
538 typedef struct rsapub_pyobj
{
544 #define RSA_PUB(o) (&((rsapub_pyobj *)(o))->pub)
545 #define RSA_PUBCTX(o) (&((rsapub_pyobj *)(o))->pubctx)
547 typedef struct rsapriv_pyobj
{
556 #define RSA_PRIV(o) (&((rsapriv_pyobj *)(o))->priv)
557 #define RSA_PRIVCTX(o) (&((rsapriv_pyobj *)(o))->privctx)
558 #define RSA_RNG(o) (((rsapriv_pyobj *)(o))->rng)
560 static PyTypeObject
*rsapub_pytype
, *rsapriv_pytype
;
562 static PyObject
*rsapub_pynew(PyTypeObject
*ty
,
563 PyObject
*arg
, PyObject
*kw
)
567 static const char *const kwlist
[] = { "n", "e", 0 };
569 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&O&:new", KWLIST
,
570 convmp
, &rp
.n
, convmp
, &rp
.e
))
572 if (!MP_ODDP(rp
.n
)) VALERR("RSA modulus must be even");
573 o
= (rsapub_pyobj
*)ty
->tp_alloc(ty
, 0);
575 rsa_pubcreate(&o
->pubctx
, &o
->pub
);
576 return ((PyObject
*)o
);
582 static void rsapub_pydealloc(PyObject
*me
)
584 rsa_pubdestroy(RSA_PUBCTX(me
));
585 rsa_pubfree(RSA_PUB(me
));
589 static PyObject
*rsaget_n(PyObject
*me
, void *hunoz
)
590 { return mp_pywrap(MP_COPY(RSA_PUB(me
)->n
)); }
592 static PyObject
*rsaget_e(PyObject
*me
, void *hunoz
)
593 { return mp_pywrap(MP_COPY(RSA_PUB(me
)->e
)); }
595 static PyObject
*rsameth_pubop(PyObject
*me
, PyObject
*arg
)
600 if (!PyArg_ParseTuple(arg
, "O&:pubop", convmp
, &x
)) goto end
;
601 rc
= mp_pywrap(rsa_pubop(RSA_PUBCTX(me
), MP_NEW
, x
));
607 static PyObject
*rsapriv_dopywrap(PyTypeObject
*ty
,
608 rsa_priv
*rp
, PyObject
*rng
)
612 o
= (rsapriv_pyobj
*)ty
->tp_alloc(ty
, 0);
616 rsa_privcreate(&o
->privctx
, &o
->priv
, &rand_global
);
617 rsa_pubcreate(&o
->pubctx
, &o
->pub
);
623 return ((PyObject
*)o
);
626 PyObject
*rsapriv_pywrap(rsa_priv
*rp
)
627 { return rsapriv_dopywrap(rsapriv_pytype
, rp
, 0); }
629 static PyObject
*rsapriv_pynew(PyTypeObject
*ty
,
630 PyObject
*arg
, PyObject
*kw
)
633 PyObject
*rng
= Py_None
;
634 static const char *const kwlist
[] =
635 { "n", "e", "d", "p", "q", "dp", "dq", "q_inv", "rng", 0 };
637 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "|O&O&O&O&O&O&O&O&O:new", KWLIST
,
638 convmp
, &rp
.n
, convmp
, &rp
.e
,
640 convmp
, &rp
.p
, convmp
, &rp
.q
,
641 convmp
, &rp
.dp
, convmp
, &rp
.dq
,
645 if ((rp
.n
&& !MP_ODDP(rp
.n
)) ||
646 (rp
.p
&& !MP_ODDP(rp
.p
)) ||
647 (rp
.q
&& !MP_ODDP(rp
.q
)))
648 VALERR("RSA modulus and factors must be odd");
649 if (rsa_recover(&rp
)) VALERR("couldn't construct private key");
650 if (rng
!= Py_None
&& !GRAND_PYCHECK(rng
))
651 TYERR("not a random number source");
653 return (rsapriv_dopywrap(ty
, &rp
, rng
));
659 static void rsapriv_pydealloc(PyObject
*me
)
661 RSA_PRIVCTX(me
)->r
= &rand_global
;
662 rsa_privdestroy(RSA_PRIVCTX(me
));
663 rsa_privfree(RSA_PRIV(me
));
664 Py_DECREF(RSA_RNG(me
));
668 static PyObject
*rsaget_d(PyObject
*me
, void *hunoz
)
669 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->d
)); }
671 static PyObject
*rsaget_p(PyObject
*me
, void *hunoz
)
672 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->p
)); }
674 static PyObject
*rsaget_q(PyObject
*me
, void *hunoz
)
675 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->q
)); }
677 static PyObject
*rsaget_dp(PyObject
*me
, void *hunoz
)
678 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->dp
)); }
680 static PyObject
*rsaget_dq(PyObject
*me
, void *hunoz
)
681 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->dq
)); }
683 static PyObject
*rsaget_q_inv(PyObject
*me
, void *hunoz
)
684 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->q_inv
)); }
686 static PyObject
*rsaget_rng(PyObject
*me
, void *hunoz
)
687 { RETURN_OBJ(RSA_RNG(me
)); }
689 static int rsaset_rng(PyObject
*me
, PyObject
*val
, void *hunoz
)
694 else if (val
!= Py_None
&& !GRAND_PYCHECK(val
))
695 TYERR("expected grand or None");
696 Py_DECREF(RSA_RNG(me
));
704 static PyObject
*rsameth_privop(PyObject
*me
, PyObject
*arg
, PyObject
*kw
)
706 PyObject
*rng
= RSA_RNG(me
);
709 static const char *const kwlist
[] = { "x", "rng", 0 };
711 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&|O:privop", KWLIST
,
714 if (rng
!= Py_None
&& !GRAND_PYCHECK(rng
))
715 TYERR("not a random number source");
716 RSA_PRIVCTX(me
)->r
= (rng
== Py_None
) ?
0 : GRAND_R(rng
);
717 rc
= mp_pywrap(rsa_privop(RSA_PRIVCTX(me
), MP_NEW
, x
));
723 static PyObject
*rsameth_generate(PyObject
*me
, PyObject
*arg
, PyObject
*kw
)
725 grand
*r
= &rand_global
;
730 struct excinfo exc
= EXCINFO_INIT
;
731 pypgev evt
= { { 0 } };
732 static const char *const kwlist
[] =
733 { "nbits", "event", "rng", "nsteps", "e", 0 };
737 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&|O&O&O&O&:generate", KWLIST
,
738 convuint
, &nbits
, convpgev
, &evt
,
739 convgrand
, &r
, convuint
, &n
,
743 else e
= mp_fromulong(MP_NEW
, 65537);
744 if (rsa_gen_e(&rp
, nbits
, e
, r
, n
, evt
.ev
.proc
, evt
.ev
.ctx
))
746 rc
= rsapriv_pywrap(&rp
);
753 static const PyGetSetDef rsapub_pygetset
[] = {
754 #define GETSETNAME(op, name) rsa##op##_##name
761 static const PyMethodDef rsapub_pymethods
[] = {
762 #define METHNAME(name) rsameth_##name
763 METH (pubop
, "R.pubop(X) -> X^E (mod N)")
768 static const PyGetSetDef rsapriv_pygetset
[] = {
769 #define GETSETNAME(op, name) rsa##op##_##name
773 GET (dp
, "R.dp -> D mod (P - 1)")
774 GET (dq
, "R.dq -> D mod (Q - 1)")
775 GET (q_inv
, "R.q_inv -> Q^{-1} mod P")
776 GETSET(rng
, "R.rng -> random number source for blinding")
781 static const PyMethodDef rsapriv_pymethods
[] = {
782 #define METHNAME(name) rsameth_##name
783 KWMETH(privop
, "R.privop(X, [rng = None]) -> X^D (mod N)")
784 KWSMTH(generate
, "generate(NBITS, [event = pgen_nullev], [rng = rand], "
785 "[nsteps = 0]) -> R")
790 static const PyTypeObject rsapub_pytype_skel
= {
791 PyObject_HEAD_INIT(0) 0, /* Header */
792 "RSAPub", /* @tp_name@ */
793 sizeof(rsapub_pyobj
), /* @tp_basicsize@ */
794 0, /* @tp_itemsize@ */
796 rsapub_pydealloc
, /* @tp_dealloc@ */
798 0, /* @tp_getattr@ */
799 0, /* @tp_setattr@ */
800 0, /* @tp_compare@ */
802 0, /* @tp_as_number@ */
803 0, /* @tp_as_sequence@ */
804 0, /* @tp_as_mapping@ */
808 0, /* @tp_getattro@ */
809 0, /* @tp_setattro@ */
810 0, /* @tp_as_buffer@ */
811 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
815 "RSAPub(N, E): RSA public key.",
817 0, /* @tp_traverse@ */
819 0, /* @tp_richcompare@ */
820 0, /* @tp_weaklistoffset@ */
822 0, /* @tp_iternext@ */
823 PYMETHODS(rsapub
), /* @tp_methods@ */
824 0, /* @tp_members@ */
825 PYGETSET(rsapub
), /* @tp_getset@ */
828 0, /* @tp_descr_get@ */
829 0, /* @tp_descr_set@ */
830 0, /* @tp_dictoffset@ */
832 PyType_GenericAlloc
, /* @tp_alloc@ */
833 rsapub_pynew
, /* @tp_new@ */
838 static const PyTypeObject rsapriv_pytype_skel
= {
839 PyObject_HEAD_INIT(0) 0, /* Header */
840 "RSAPriv", /* @tp_name@ */
841 sizeof(rsapriv_pyobj
), /* @tp_basicsize@ */
842 0, /* @tp_itemsize@ */
844 rsapriv_pydealloc
, /* @tp_dealloc@ */
846 0, /* @tp_getattr@ */
847 0, /* @tp_setattr@ */
848 0, /* @tp_compare@ */
850 0, /* @tp_as_number@ */
851 0, /* @tp_as_sequence@ */
852 0, /* @tp_as_mapping@ */
856 0, /* @tp_getattro@ */
857 0, /* @tp_setattro@ */
858 0, /* @tp_as_buffer@ */
859 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
863 "RSAPriv(..., [rng = rand]): RSA private key.\n"
864 " Keywords: n, e, d, p, q, dp, dq, q_inv; must provide enough",
866 0, /* @tp_traverse@ */
868 0, /* @tp_richcompare@ */
869 0, /* @tp_weaklistoffset@ */
871 0, /* @tp_iternext@ */
872 PYMETHODS(rsapriv
), /* @tp_methods@ */
873 0, /* @tp_members@ */
874 PYGETSET(rsapriv
), /* @tp_getset@ */
877 0, /* @tp_descr_get@ */
878 0, /* @tp_descr_set@ */
879 0, /* @tp_dictoffset@ */
881 PyType_GenericAlloc
, /* @tp_alloc@ */
882 rsapriv_pynew
, /* @tp_new@ */
887 /*----- RSA padding schemes -----------------------------------------------*/
889 static PyObject
*meth__p1crypt_encode(PyObject
*me
,
890 PyObject
*arg
, PyObject
*kw
)
894 Py_ssize_t msz
, epsz
;
900 static const char *const kwlist
[] = { "msg", "nbits", "ep", "rng", 0 };
902 p1
.r
= &rand_global
; ep
= 0; epsz
= 0;
903 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "s#O&|s#O&:encode", KWLIST
,
904 &m
, &msz
, convulong
, &nbits
,
905 &ep
, &epsz
, convgrand
, &p1
.r
))
908 p1
.ep
= ep
; p1
.epsz
= epsz
;
909 if (epsz
+ msz
+ 11 > sz
) VALERR("buffer underflow");
911 x
= pkcs1_cryptencode(MP_NEW
, m
, msz
, b
, sz
, nbits
, &p1
);
918 static PyObject
*meth__p1crypt_decode(PyObject
*me
,
919 PyObject
*arg
, PyObject
*kw
)
930 static const char *const kwlist
[] = { "ct", "nbits", "ep", "rng", 0 };
932 p1
.r
= &rand_global
; ep
= 0; epsz
= 0;
933 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&O&|s#O&:decode", KWLIST
,
934 convmp
, &x
, convulong
, &nbits
,
935 &ep
, &epsz
, convgrand
, &p1
.r
))
938 p1
.ep
= ep
; p1
.epsz
= epsz
;
939 if (epsz
+ 11 > sz
) VALERR("buffer underflow");
941 if ((n
= pkcs1_cryptdecode(x
, b
, sz
, nbits
, &p1
)) < 0)
942 VALERR("decryption failed");
943 rc
= bytestring_pywrap(b
, n
);
950 static PyObject
*meth__p1sig_encode(PyObject
*me
,
951 PyObject
*arg
, PyObject
*kw
)
955 Py_ssize_t msz
, epsz
;
961 static const char *const kwlist
[] = { "msg", "nbits", "ep", "rng", 0 };
963 p1
.r
= &rand_global
; ep
= 0; epsz
= 0;
964 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "s#O&|s#O&:encode", KWLIST
,
965 &m
, &msz
, convulong
, &nbits
,
966 &ep
, &epsz
, convgrand
, &p1
.r
))
969 p1
.ep
= ep
; p1
.epsz
= epsz
;
970 if (epsz
+ msz
+ 11 > sz
) VALERR("buffer underflow");
972 x
= pkcs1_sigencode(MP_NEW
, m
, msz
, b
, sz
, nbits
, &p1
);
979 static PyObject
*meth__p1sig_decode(PyObject
*me
,
980 PyObject
*arg
, PyObject
*kw
)
992 static const char *const kwlist
[] =
993 { "msg", "sig", "nbits", "ep", "rng", 0 };
995 p1
.r
= &rand_global
; ep
= 0; epsz
= 0;
996 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "OO&O&|s#O&:decode", KWLIST
,
997 &hukairz
, convmp
, &x
, convulong
, &nbits
,
998 &ep
, &epsz
, convgrand
, &p1
.r
))
1001 p1
.ep
= ep
; p1
.epsz
= epsz
;
1002 if (epsz
+ 10 > sz
) VALERR("buffer underflow");
1004 if ((n
= pkcs1_sigdecode(x
, 0, 0, b
, sz
, nbits
, &p1
)) < 0)
1005 VALERR("verification failed");
1006 rc
= bytestring_pywrap(b
, n
);
1013 static PyObject
*meth__oaep_encode(PyObject
*me
,
1014 PyObject
*arg
, PyObject
*kw
)
1018 Py_ssize_t msz
, epsz
;
1019 unsigned long nbits
;
1024 static const char *const kwlist
[] =
1025 { "msg", "nbits", "mgf", "hash", "ep", "rng", 0 };
1027 o
.r
= &rand_global
; o
.cc
= &sha_mgf
; o
.ch
= &sha
; ep
= 0; epsz
= 0;
1028 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "s#O&|O&O&s#O&:encode", KWLIST
,
1029 &m
, &msz
, convulong
, &nbits
,
1030 convgccipher
, &o
.cc
,
1036 o
.ep
= ep
; o
.epsz
= epsz
;
1037 if (2 * o
.ch
->hashsz
+ 2 + msz
> sz
) VALERR("buffer underflow");
1039 x
= oaep_encode(MP_NEW
, m
, msz
, b
, sz
, nbits
, &o
);
1046 static PyObject
*meth__oaep_decode(PyObject
*me
,
1047 PyObject
*arg
, PyObject
*kw
)
1052 unsigned long nbits
;
1058 static const char *const kwlist
[] =
1059 { "ct", "nbits", "mgf", "hash", "ep", "rng", 0 };
1061 o
.r
= &rand_global
; o
.cc
= &sha_mgf
; o
.ch
= &sha
; ep
= 0; epsz
= 0;
1062 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&O&|O&O&s#O&:decode", KWLIST
,
1063 convmp
, &x
, convulong
, &nbits
,
1064 convgccipher
, &o
.cc
,
1070 o
.ep
= ep
; o
.epsz
= epsz
;
1071 if (2 * o
.ch
->hashsz
> sz
) VALERR("buffer underflow");
1073 if ((n
= oaep_decode(x
, b
, sz
, nbits
, &o
)) < 0)
1074 VALERR("decryption failed");
1075 rc
= bytestring_pywrap(b
, n
);
1082 static PyObject
*meth__pss_encode(PyObject
*me
,
1083 PyObject
*arg
, PyObject
*kw
)
1088 unsigned long nbits
;
1093 static const char *const kwlist
[] =
1094 { "msg", "nbits", "mgf", "hash", "saltsz", "rng", 0 };
1096 p
.cc
= &sha_mgf
; p
.ch
= &sha
; p
.r
= &rand_global
; p
.ssz
= (size_t)-1;
1097 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "s#O&|O&O&O&O&:encode", KWLIST
,
1098 &m
, &msz
, convulong
, &nbits
,
1099 convgccipher
, &p
.cc
,
1105 if (p
.ssz
== (size_t)-1) p
.ssz
= p
.ch
->hashsz
;
1106 if (p
.ch
->hashsz
+ p
.ssz
+ 2 > sz
) VALERR("buffer underflow");
1108 x
= pss_encode(MP_NEW
, m
, msz
, b
, sz
, nbits
, &p
);
1115 static PyObject
*meth__pss_decode(PyObject
*me
,
1116 PyObject
*arg
, PyObject
*kw
)
1121 unsigned long nbits
;
1127 static const char *const kwlist
[] =
1128 { "msg", "sig", "nbits", "mgf", "hash", "saltsz", "rng", 0 };
1130 p
.cc
= &sha_mgf
; p
.ch
= &sha
; p
.r
= &rand_global
; p
.ssz
= (size_t)-1;
1131 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "s#O&O&|O&O&O&O&:decode", KWLIST
,
1132 &m
, &msz
, convmp
, &x
, convulong
, &nbits
,
1133 convgccipher
, &p
.cc
,
1139 if (p
.ssz
== (size_t)-1) p
.ssz
= p
.ch
->hashsz
;
1140 if (p
.ch
->hashsz
+ p
.ssz
+ 2 > sz
) VALERR("buffer underflow");
1142 if ((n
= pss_decode(x
, m
, msz
, b
, sz
, nbits
, &p
)) < 0)
1143 VALERR("verification failed");
1144 rc
= Py_None
; Py_INCREF(rc
);
1151 /*----- X25519 and related algorithms -------------------------------------*/
1157 #define DEFXDH(X, x) \
1158 static PyObject *meth_##x(PyObject *me, PyObject *arg) \
1160 const char *k, *p; \
1161 Py_ssize_t ksz, psz; \
1163 if (!PyArg_ParseTuple(arg, "s#s#:" #x, &k, &ksz, &p, &psz)) \
1165 if (ksz != X##_KEYSZ) VALERR("bad key length"); \
1166 if (psz != X##_PUBSZ) VALERR("bad public length"); \
1167 rc = bytestring_pywrap(0, X##_OUTSZ); \
1168 x((octet *)PyString_AS_STRING(rc), \
1169 (const octet *)k, (const octet *)p); \
1177 /*----- Ed25519 and related algorithms ------------------------------------*/
1180 _(ED25519, ed25519, -1, ctx) \
1181 _(ED448, ed448, 0, )
1183 #define DEFEDDSA(ED, ed, phdflt, sigver) \
1185 static PyObject *meth_##ed##_pubkey(PyObject *me, PyObject *arg) \
1190 if (!PyArg_ParseTuple(arg, "s#:" #ed "_pubkey", &k, &ksz)) \
1192 rc = bytestring_pywrap(0, ED##_PUBSZ); \
1193 ed##_pubkey((octet *)PyString_AS_STRING(rc), k, ksz); \
1199 static PyObject *meth_##ed##_sign(PyObject *me, PyObject *arg, \
1202 const char *k, *p = 0, *c = 0, *m; \
1203 Py_ssize_t ksz, psz, csz = 0, msz; \
1206 octet pp[ED##_PUBSZ]; \
1207 static const char *const kwlist[] = \
1208 { "key", "msg", "pub", "perso", "phflag", 0 }; \
1209 if (!PyArg_ParseTupleAndKeywords(arg, kw, \
1210 "s#s#|s#s#O&:" #ed "_sign", \
1212 &k, &ksz, &m, &msz, &p, &psz, \
1213 &c, &csz, convbool, &ph)) \
1215 if (p && psz != ED##_PUBSZ) VALERR("bad public length"); \
1216 if (c && csz > ED##_MAXPERSOSZ) \
1217 VALERR("personalization string too long"); \
1218 if (c && ph == -1) ph = 0; \
1219 if (!p) { p = (const char *)pp; ed##_pubkey(pp, k, ksz); } \
1220 rc = bytestring_pywrap(0, ED##_SIGSZ); \
1221 ed##sigver##_sign((octet *)PyString_AS_STRING(rc), k, ksz, \
1222 (const octet *)p, ph, c, csz, m, msz); \
1228 static PyObject *meth_##ed##_verify(PyObject *me, \
1229 PyObject *arg, PyObject *kw) \
1231 const char *p, *c = 0, *m, *s; \
1232 Py_ssize_t psz, csz = 0, msz, ssz; \
1235 static const char *const kwlist[] = \
1236 { "pub", "msg", "sig", "perso", "phflag", 0 }; \
1237 if (!PyArg_ParseTupleAndKeywords(arg, kw, \
1238 "s#s#s#|s#O&:" #ed "_verify", \
1240 &p, &psz, &m, &msz, &s, &ssz, \
1241 &c, &csz, convbool, &ph)) \
1243 if (psz != ED##_PUBSZ) VALERR("bad public length"); \
1244 if (ssz != ED##_SIGSZ) VALERR("bad signature length"); \
1245 if (c && csz > ED##_MAXPERSOSZ) \
1246 VALERR("personalization string too long"); \
1247 if (c && ph == -1) ph = 0; \
1248 rc = getbool(!ed##sigver##_verify((const octet *)p, ph, c, csz, \
1249 m, msz, (const octet *)s)); \
1257 /*----- Global stuff ------------------------------------------------------*/
1259 static const PyMethodDef methods
[] = {
1260 #define METHNAME(name) meth_##name
1261 KWMETH(_p1crypt_encode
, 0)
1262 KWMETH(_p1crypt_decode
, 0)
1263 KWMETH(_p1sig_encode
, 0)
1264 KWMETH(_p1sig_decode
, 0)
1265 KWMETH(_oaep_encode
, 0)
1266 KWMETH(_oaep_decode
, 0)
1267 KWMETH(_pss_encode
, 0)
1268 KWMETH(_pss_decode
, 0)
1269 #define DEFMETH(X, x) \
1270 METH (x, "" #x "(KEY, PUBLIC) -> SHARED")
1273 #define DEFMETH(ED, ed, phdflt, sigver) \
1274 METH (ed##_pubkey, "" #ed "_pubkey(KEY) -> PUBLIC") \
1275 KWMETH(ed##_sign, "" #ed "_sign(KEY, MSG, [pub = PUBLIC], " \
1276 "[perso = STRING], [phflag = BOOL]) -> SIG") \
1277 KWMETH(ed##_verify, "" #ed "_verify(PUBLIC, MSG, SIG, " \
1278 "[perso = STRING], [phflag = BOOL]) -> BOOL")
1285 void pubkey_pyinit(void)
1287 INITTYPE(dsapub
, root
);
1288 INITTYPE(dsapriv
, dsapub
);
1289 INITTYPE(kcdsapub
, root
);
1290 INITTYPE(kcdsapriv
, kcdsapub
);
1291 INITTYPE(rsapub
, root
);
1292 INITTYPE(rsapriv
, rsapub
);
1293 addmethods(methods
);
1296 void pubkey_pyinsert(PyObject
*mod
)
1298 INSERT("DSAPub", dsapub_pytype
);
1299 INSERT("DSAPriv", dsapriv_pytype
);
1300 INSERT("KCDSAPub", kcdsapub_pytype
);
1301 INSERT("KCDSAPriv", kcdsapriv_pytype
);
1302 INSERT("RSAPub", rsapub_pytype
);
1303 INSERT("RSAPriv", rsapriv_pytype
);
1306 /*----- That's all, folks -------------------------------------------------*/