~mdw / catacomb-python / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
*.c: Reformat docstrings.
[catacomb-python] / pubkey.c
1 /* -*-c-*-
2 *
3 * Public-key cryptography
4 *
5 * (c) 2004 Straylight/Edgeware
6 */
7
8 /*----- Licensing notice --------------------------------------------------*
9 *
10 * This file is part of the Python interface to Catacomb.
11 *
12 * Catacomb/Python is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
16 *
17 * Catacomb/Python is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with Catacomb/Python; if not, write to the Free Software Foundation,
24 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25 */
26
27 /*----- Header files ------------------------------------------------------*/
28
29 #include "catacomb-python.h"
30
31 /*----- DSA and similar ---------------------------------------------------*/
32
33 typedef struct dsa_pyobj {
34 PyObject_HEAD
35 PyObject *G, *u, *p, *rng, *hash;
36 gdsa d;
37 } dsa_pyobj;
38
39 static PyTypeObject *dsapub_pytype, *dsapriv_pytype;
40 static PyTypeObject *kcdsapub_pytype, *kcdsapriv_pytype;
41 #define DSA_D(o) (&((dsa_pyobj *)(o))->d)
42 #define DSA_G(o) (((dsa_pyobj *)(o))->G)
43 #define DSA_U(o) (((dsa_pyobj *)(o))->u)
44 #define DSA_P(o) (((dsa_pyobj *)(o))->p)
45 #define DSA_RNG(o) (((dsa_pyobj *)(o))->rng)
46 #define DSA_HASH(o) (((dsa_pyobj *)(o))->hash)
47
48 static void dsa_pydealloc(PyObject *me)
49 {
50 dsa_pyobj *g = (dsa_pyobj *)me;
51 Py_DECREF(g->G); Py_DECREF(g->u); Py_DECREF(g->p);
52 Py_DECREF(g->rng); Py_DECREF(g->hash);
53 FREEOBJ(me);
54 }
55
56 static PyObject *dsa_setup(PyTypeObject *ty, PyObject *G, PyObject *u,
57 PyObject *p, PyObject *rng, PyObject *hash,
58 void (*calcpub)(group *, ge *, mp *))
59 {
60 dsa_pyobj *g;
61 ge *pp;
62
63 g = PyObject_New(dsa_pyobj, ty);
64 if (p) Py_INCREF(p);
65 if (!u) {
66 g->d.u = 0;
67 u = Py_None;
68 } else {
69 if ((g->d.u = getmp(u)) == 0)
70 goto end;
71 if (MP_PYCHECK(u)) Py_INCREF(u);
72 else u = mp_pywrap(g->d.u);
73 }
74 if (!p) {
75 assert(g->d.u); assert(calcpub);
76 pp = G_CREATE(GROUP_G(G));
77 calcpub(GROUP_G(G), pp, g->d.u);
78 p = ge_pywrap(G, pp);
79 } else if (GROUP_G(G) != GE_G(p) && !group_samep(GROUP_G(G), GE_G(p)))
80 TYERR("public key not from group");
81 g->d.g = GROUP_G(G);
82 g->d.p = GE_X(p);
83 g->d.r = GRAND_R(rng);
84 g->d.h = GCHASH_CH(hash);
85 g->G = G; Py_INCREF(G); g->u = u; g->p = p;
86 g->rng = rng; Py_INCREF(rng); g->hash = hash; Py_INCREF(hash);
87 return ((PyObject *)g);
88 end:
89 if (p) Py_DECREF(p);
90 FREEOBJ(g);
91 return (0);
92 }
93
94 static PyObject *dsapub_pynew(PyTypeObject *ty,
95 PyObject *arg, PyObject *kw)
96 {
97 PyObject *G, *p, *rng = rand_pyobj, *hash = sha_pyobj;
98 PyObject *rc = 0;
99 static const char *const kwlist[] = { "G", "p", "hash", "rng", 0 };
100
101 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O!|O!O!:new", KWLIST,
102 group_pytype, &G,
103 ge_pytype, &p,
104 gchash_pytype, &hash,
105 grand_pytype, &rng) ||
106 (rc = dsa_setup(dsapub_pytype, G, 0, p, rng, hash, 0)) == 0)
107 goto end;
108 end:
109 return (rc);
110 }
111
112 static PyObject *dsameth_beginhash(PyObject *me, PyObject *arg)
113 {
114 if (!PyArg_ParseTuple(arg, ":beginhash")) return (0);
115 return (ghash_pywrap(DSA_HASH(me), gdsa_beginhash(DSA_D(me))));
116 }
117
118 static PyObject *dsameth_endhash(PyObject *me, PyObject *arg)
119 {
120 ghash *h;
121 PyObject *rc;
122 if (!PyArg_ParseTuple(arg, "O&:endhash", convghash, &h)) return (0);
123 gdsa_endhash(DSA_D(me), h);
124 h = GH_COPY(h);
125 rc = bytestring_pywrap(0, GH_CLASS(h)->hashsz);
126 GH_DONE(h, PyString_AS_STRING(rc));
127 GH_DESTROY(h);
128 return (rc);
129 }
130
131 static PyObject *dsameth_sign(PyObject *me, PyObject *arg, PyObject *kw)
132 {
133 gdsa_sig s = GDSA_SIG_INIT;
134 char *p;
135 Py_ssize_t n;
136 mp *k = 0;
137 PyObject *rc = 0;
138 static const char *const kwlist[] = { "msg", "k", 0 };
139
140 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#|O&:sign", KWLIST,
141 &p, &n, convmp, &k))
142 goto end;
143 if (n != DSA_D(me)->h->hashsz)
144 VALERR("bad message length (doesn't match hash size)");
145 gdsa_sign(DSA_D(me), &s, p, k);
146 rc = Py_BuildValue("(NN)", mp_pywrap(s.r), mp_pywrap(s.s));
147 end:
148 mp_drop(k);
149 return (rc);
150 }
151
152 static PyObject *dsameth_verify(PyObject *me, PyObject *arg)
153 {
154 char *p;
155 Py_ssize_t n;
156 gdsa_sig s = GDSA_SIG_INIT;
157 PyObject *rc = 0;
158
159 if (!PyArg_ParseTuple(arg, "s#(O&O&):verify",
160 &p, &n, convmp, &s.r, convmp, &s.s))
161 goto end;
162 if (n != DSA_D(me)->h->hashsz)
163 VALERR("bad message length (doesn't match hash size)");
164 rc = getbool(!gdsa_verify(DSA_D(me), &s, p));
165 end:
166 mp_drop(s.r);
167 mp_drop(s.s);
168 return (rc);
169 }
170
171 static void dsa_calcpub(group *g, ge *p, mp *u) { G_EXP(g, p, g->g, u); }
172
173 static PyObject *dsapriv_pynew(PyTypeObject *ty,
174 PyObject *arg, PyObject *kw)
175 {
176 PyObject *G, *p = 0, *u, *rng = rand_pyobj, *hash = sha_pyobj;
177 PyObject *rc = 0;
178 static const char *const kwlist[] = { "G", "u", "p", "hash", "rng", 0 };
179
180 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O|O!O!O!:new", KWLIST,
181 group_pytype, &G,
182 &u,
183 ge_pytype, &p,
184 gchash_pytype, &hash,
185 grand_pytype, &rng) ||
186 (rc = dsa_setup(dsapriv_pytype, G, u, p, rng, hash, dsa_calcpub)) == 0)
187 goto end;
188 end:
189 return (rc);
190 }
191
192 static PyMethodDef dsapub_pymethods[] = {
193 #define METHNAME(name) dsameth_##name
194 METH (beginhash, "D.beginhash() -> hash object")
195 METH (endhash, "D.endhash(H) -> BYTES")
196 METH (verify, "D.verify(MSG, (R, S)) -> true/false")
197 #undef METHNAME
198 { 0 }
199 };
200
201 static PyMethodDef dsapriv_pymethods[] = {
202 #define METHNAME(name) dsameth_##name
203 KWMETH(sign, "D.sign(MSG, [k = K]) -> R, S")
204 #undef METHNAME
205 { 0 }
206 };
207
208 static PyMemberDef dsapub_pymembers[] = {
209 #define MEMBERSTRUCT dsa_pyobj
210 MEMBER(G, T_OBJECT, READONLY, "D.G -> group to work in")
211 MEMBER(p, T_OBJECT, READONLY, "D.p -> public key (group element")
212 MEMBER(rng, T_OBJECT, READONLY, "D.rng -> random number generator")
213 MEMBER(hash, T_OBJECT, READONLY, "D.hash -> hash class")
214 #undef MEMBERSTRUCT
215 { 0 }
216 };
217
218 static PyMemberDef dsapriv_pymembers[] = {
219 #define MEMBERSTRUCT dsa_pyobj
220 MEMBER(u, T_OBJECT, READONLY, "D.u -> private key (exponent)")
221 #undef MEMBERSTRUCT
222 { 0 }
223 };
224
225 static PyTypeObject dsapub_pytype_skel = {
226 PyObject_HEAD_INIT(0) 0, /* Header */
227 "DSAPub", /* @tp_name@ */
228 sizeof(dsa_pyobj), /* @tp_basicsize@ */
229 0, /* @tp_itemsize@ */
230
231 dsa_pydealloc, /* @tp_dealloc@ */
232 0, /* @tp_print@ */
233 0, /* @tp_getattr@ */
234 0, /* @tp_setattr@ */
235 0, /* @tp_compare@ */
236 0, /* @tp_repr@ */
237 0, /* @tp_as_number@ */
238 0, /* @tp_as_sequence@ */
239 0, /* @tp_as_mapping@ */
240 0, /* @tp_hash@ */
241 0, /* @tp_call@ */
242 0, /* @tp_str@ */
243 0, /* @tp_getattro@ */
244 0, /* @tp_setattro@ */
245 0, /* @tp_as_buffer@ */
246 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
247 Py_TPFLAGS_BASETYPE,
248
249 /* @tp_doc@ */
250 "DSAPub(GROUP, P, [hash = sha], [rng = rand]): DSA public key.",
251
252 0, /* @tp_traverse@ */
253 0, /* @tp_clear@ */
254 0, /* @tp_richcompare@ */
255 0, /* @tp_weaklistoffset@ */
256 0, /* @tp_iter@ */
257 0, /* @tp_iternext@ */
258 dsapub_pymethods, /* @tp_methods@ */
259 dsapub_pymembers, /* @tp_members@ */
260 0, /* @tp_getset@ */
261 0, /* @tp_base@ */
262 0, /* @tp_dict@ */
263 0, /* @tp_descr_get@ */
264 0, /* @tp_descr_set@ */
265 0, /* @tp_dictoffset@ */
266 0, /* @tp_init@ */
267 PyType_GenericAlloc, /* @tp_alloc@ */
268 dsapub_pynew, /* @tp_new@ */
269 0, /* @tp_free@ */
270 0 /* @tp_is_gc@ */
271 };
272
273 static PyTypeObject dsapriv_pytype_skel = {
274 PyObject_HEAD_INIT(0) 0, /* Header */
275 "DSAPriv", /* @tp_name@ */
276 sizeof(dsa_pyobj), /* @tp_basicsize@ */
277 0, /* @tp_itemsize@ */
278
279 0, /* @tp_dealloc@ */
280 0, /* @tp_print@ */
281 0, /* @tp_getattr@ */
282 0, /* @tp_setattr@ */
283 0, /* @tp_compare@ */
284 0, /* @tp_repr@ */
285 0, /* @tp_as_number@ */
286 0, /* @tp_as_sequence@ */
287 0, /* @tp_as_mapping@ */
288 0, /* @tp_hash@ */
289 0, /* @tp_call@ */
290 0, /* @tp_str@ */
291 0, /* @tp_getattro@ */
292 0, /* @tp_setattro@ */
293 0, /* @tp_as_buffer@ */
294 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
295 Py_TPFLAGS_BASETYPE,
296
297 /* @tp_doc@ */
298 "DSAPriv(GROUP, U, [p = u G], [hash = sha], [rng = rand]): "
299 "DSA private key.",
300
301 0, /* @tp_traverse@ */
302 0, /* @tp_clear@ */
303 0, /* @tp_richcompare@ */
304 0, /* @tp_weaklistoffset@ */
305 0, /* @tp_iter@ */
306 0, /* @tp_iternext@ */
307 dsapriv_pymethods, /* @tp_methods@ */
308 dsapriv_pymembers, /* @tp_members@ */
309 0, /* @tp_getset@ */
310 0, /* @tp_base@ */
311 0, /* @tp_dict@ */
312 0, /* @tp_descr_get@ */
313 0, /* @tp_descr_set@ */
314 0, /* @tp_dictoffset@ */
315 0, /* @tp_init@ */
316 PyType_GenericAlloc, /* @tp_alloc@ */
317 dsapriv_pynew, /* @tp_new@ */
318 0, /* @tp_free@ */
319 0 /* @tp_is_gc@ */
320 };
321
322 static PyObject *kcdsapub_pynew(PyTypeObject *ty,
323 PyObject *arg, PyObject *kw)
324 {
325 PyObject *G, *p, *rng = rand_pyobj, *hash = has160_pyobj;
326 PyObject *rc = 0;
327 static const char *const kwlist[] = { "G", "p", "hash", "rng", 0 };
328
329 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O!|O!O!:new", KWLIST,
330 group_pytype, &G,
331 ge_pytype, &p,
332 gchash_pytype, &hash,
333 grand_pytype, &rng) ||
334 (rc = dsa_setup(kcdsapub_pytype, G, 0, p, rng, hash, 0)) == 0)
335 goto end;
336 end:
337 return (rc);
338 }
339
340 static void kcdsa_calcpub(group *g, ge *p, mp *u)
341 {
342 mp *uinv = mp_modinv(MP_NEW, u, g->r);
343 G_EXP(g, p, g->g, uinv);
344 mp_drop(uinv);
345 }
346
347 static PyObject *kcdsapriv_pynew(PyTypeObject *ty,
348 PyObject *arg, PyObject *kw)
349 {
350 PyObject *G, *u, *p = 0, *rng = rand_pyobj, *hash = has160_pyobj;
351 PyObject *rc = 0;
352 static const char *const kwlist[] = { "G", "u", "p", "hash", "rng", 0 };
353
354 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O|O!O!O!:new", KWLIST,
355 group_pytype, &G,
356 &u,
357 ge_pytype, &p,
358 gchash_pytype, &hash,
359 grand_pytype, &rng) ||
360 (rc = dsa_setup(kcdsapriv_pytype, G, u, p,
361 rng, hash, kcdsa_calcpub)) == 0)
362 goto end;
363 end:
364 return (rc);
365 }
366
367 static PyObject *kcdsameth_beginhash(PyObject *me, PyObject *arg)
368 {
369 if (!PyArg_ParseTuple(arg, ":beginhash")) return (0);
370 return (ghash_pywrap(DSA_HASH(me), gkcdsa_beginhash(DSA_D(me))));
371 }
372
373 static PyObject *kcdsameth_endhash(PyObject *me, PyObject *arg)
374 {
375 ghash *h;
376 PyObject *rc;
377 if (!PyArg_ParseTuple(arg, "O&:endhash", convghash, &h)) return (0);
378 gkcdsa_endhash(DSA_D(me), h);
379 h = GH_COPY(h);
380 rc = bytestring_pywrap(0, GH_CLASS(h)->hashsz);
381 GH_DONE(h, PyString_AS_STRING(rc));
382 GH_DESTROY(h);
383 return (rc);
384 }
385
386 static PyObject *kcdsameth_sign(PyObject *me, PyObject *arg, PyObject *kw)
387 {
388 gkcdsa_sig s = GKCDSA_SIG_INIT;
389 char *p;
390 Py_ssize_t n;
391 mp *k = 0;
392 PyObject *r = 0, *rc = 0;
393 static const char *const kwlist[] = { "msg", "k", 0 };
394
395 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#|O&:sign", KWLIST,
396 &p, &n, convmp, &k))
397 goto end;
398 if (n != DSA_D(me)->h->hashsz)
399 VALERR("bad message length (doesn't match hash size)");
400 r = bytestring_pywrap(0, DSA_D(me)->h->hashsz);
401 s.r = (octet *)PyString_AS_STRING(r);
402 gkcdsa_sign(DSA_D(me), &s, p, k);
403 rc = Py_BuildValue("(ON)", r, mp_pywrap(s.s));
404 end:
405 Py_XDECREF(r);
406 mp_drop(k);
407 return (rc);
408 }
409
410 static PyObject *kcdsameth_verify(PyObject *me, PyObject *arg)
411 {
412 char *p;
413 Py_ssize_t n, rn;
414 gkcdsa_sig s = GKCDSA_SIG_INIT;
415 PyObject *rc = 0;
416
417 if (!PyArg_ParseTuple(arg, "s#(s#O&):verify",
418 &p, &n, &s.r, &rn, convmp, &s.s))
419 goto end;
420 if (n != DSA_D(me)->h->hashsz)
421 VALERR("bad message length (doesn't match hash size)");
422 if (rn != DSA_D(me)->h->hashsz)
423 VALERR("bad signature `r' length (doesn't match hash size)");
424 rc = getbool(!gkcdsa_verify(DSA_D(me), &s, p));
425 end:
426 mp_drop(s.s);
427 return (rc);
428 }
429
430 static PyMethodDef kcdsapub_pymethods[] = {
431 #define METHNAME(name) kcdsameth_##name
432 METH (beginhash, "D.beginhash() -> hash object")
433 METH (endhash, "D.endhash(H) -> BYTES")
434 METH (verify, "D.verify(MSG, (R, S)) -> true/false")
435 #undef METHNAME
436 { 0 }
437 };
438
439 static PyMethodDef kcdsapriv_pymethods[] = {
440 #define METHNAME(name) kcdsameth_##name
441 KWMETH(sign, "D.sign(MSG, [k = K]) -> R, S")
442 #undef METHNAME
443 { 0 }
444 };
445
446 static PyTypeObject kcdsapub_pytype_skel = {
447 PyObject_HEAD_INIT(0) 0, /* Header */
448 "KCDSAPub", /* @tp_name@ */
449 sizeof(dsa_pyobj), /* @tp_basicsize@ */
450 0, /* @tp_itemsize@ */
451
452 dsa_pydealloc, /* @tp_dealloc@ */
453 0, /* @tp_print@ */
454 0, /* @tp_getattr@ */
455 0, /* @tp_setattr@ */
456 0, /* @tp_compare@ */
457 0, /* @tp_repr@ */
458 0, /* @tp_as_number@ */
459 0, /* @tp_as_sequence@ */
460 0, /* @tp_as_mapping@ */
461 0, /* @tp_hash@ */
462 0, /* @tp_call@ */
463 0, /* @tp_str@ */
464 0, /* @tp_getattro@ */
465 0, /* @tp_setattro@ */
466 0, /* @tp_as_buffer@ */
467 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
468 Py_TPFLAGS_BASETYPE,
469
470 /* @tp_doc@ */
471 "KCDSAPub(GROUP, P, [hash = sha], [rng = rand]): KCDSA public key.",
472
473 0, /* @tp_traverse@ */
474 0, /* @tp_clear@ */
475 0, /* @tp_richcompare@ */
476 0, /* @tp_weaklistoffset@ */
477 0, /* @tp_iter@ */
478 0, /* @tp_iternext@ */
479 kcdsapub_pymethods, /* @tp_methods@ */
480 dsapub_pymembers, /* @tp_members@ */
481 0, /* @tp_getset@ */
482 0, /* @tp_base@ */
483 0, /* @tp_dict@ */
484 0, /* @tp_descr_get@ */
485 0, /* @tp_descr_set@ */
486 0, /* @tp_dictoffset@ */
487 0, /* @tp_init@ */
488 PyType_GenericAlloc, /* @tp_alloc@ */
489 kcdsapub_pynew, /* @tp_new@ */
490 0, /* @tp_free@ */
491 0 /* @tp_is_gc@ */
492 };
493
494 static PyTypeObject kcdsapriv_pytype_skel = {
495 PyObject_HEAD_INIT(0) 0, /* Header */
496 "KCDSAPriv", /* @tp_name@ */
497 sizeof(dsa_pyobj), /* @tp_basicsize@ */
498 0, /* @tp_itemsize@ */
499
500 0, /* @tp_dealloc@ */
501 0, /* @tp_print@ */
502 0, /* @tp_getattr@ */
503 0, /* @tp_setattr@ */
504 0, /* @tp_compare@ */
505 0, /* @tp_repr@ */
506 0, /* @tp_as_number@ */
507 0, /* @tp_as_sequence@ */
508 0, /* @tp_as_mapping@ */
509 0, /* @tp_hash@ */
510 0, /* @tp_call@ */
511 0, /* @tp_str@ */
512 0, /* @tp_getattro@ */
513 0, /* @tp_setattro@ */
514 0, /* @tp_as_buffer@ */
515 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
516 Py_TPFLAGS_BASETYPE,
517
518 /* @tp_doc@ */
519 "KCDSAPriv(GROUP, U, [p = u G], [hash = sha], [rng = rand]): "
520 "KCDSA private key.",
521
522 0, /* @tp_traverse@ */
523 0, /* @tp_clear@ */
524 0, /* @tp_richcompare@ */
525 0, /* @tp_weaklistoffset@ */
526 0, /* @tp_iter@ */
527 0, /* @tp_iternext@ */
528 kcdsapriv_pymethods, /* @tp_methods@ */
529 dsapriv_pymembers, /* @tp_members@ */
530 0, /* @tp_getset@ */
531 0, /* @tp_base@ */
532 0, /* @tp_dict@ */
533 0, /* @tp_descr_get@ */
534 0, /* @tp_descr_set@ */
535 0, /* @tp_dictoffset@ */
536 0, /* @tp_init@ */
537 PyType_GenericAlloc, /* @tp_alloc@ */
538 kcdsapriv_pynew, /* @tp_new@ */
539 0, /* @tp_free@ */
540 0 /* @tp_is_gc@ */
541 };
542
543 /*----- RSA ---------------------------------------------------------------*/
544
545 typedef struct rsapub_pyobj {
546 PyObject_HEAD
547 rsa_pub pub;
548 rsa_pubctx pubctx;
549 } rsapub_pyobj;
550
551 #define RSA_PUB(o) (&((rsapub_pyobj *)(o))->pub)
552 #define RSA_PUBCTX(o) (&((rsapub_pyobj *)(o))->pubctx)
553
554 typedef struct rsapriv_pyobj {
555 PyObject_HEAD
556 rsa_pub pub;
557 rsa_pubctx pubctx;
558 rsa_priv priv;
559 rsa_privctx privctx;
560 PyObject *rng;
561 } rsapriv_pyobj;
562
563 #define RSA_PRIV(o) (&((rsapriv_pyobj *)(o))->priv)
564 #define RSA_PRIVCTX(o) (&((rsapriv_pyobj *)(o))->privctx)
565 #define RSA_RNG(o) (((rsapriv_pyobj *)(o))->rng)
566
567 static PyTypeObject *rsapub_pytype, *rsapriv_pytype;
568
569 static PyObject *rsapub_pynew(PyTypeObject *ty,
570 PyObject *arg, PyObject *kw)
571 {
572 rsa_pub rp = { 0 };
573 rsapub_pyobj *o;
574 static const char *const kwlist[] = { "n", "e", 0 };
575
576 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&O&:new", KWLIST,
577 convmp, &rp.n, convmp, &rp.e))
578 goto end;
579 if (!MP_ODDP(rp.n)) VALERR("RSA modulus must be even");
580 o = (rsapub_pyobj *)ty->tp_alloc(ty, 0);
581 o->pub = rp;
582 rsa_pubcreate(&o->pubctx, &o->pub);
583 return ((PyObject *)o);
584 end:
585 rsa_pubfree(&rp);
586 return (0);
587 }
588
589 static void rsapub_pydealloc(PyObject *me)
590 {
591 rsa_pubdestroy(RSA_PUBCTX(me));
592 rsa_pubfree(RSA_PUB(me));
593 FREEOBJ(me);
594 }
595
596 static PyObject *rsaget_n(PyObject *me, void *hunoz)
597 { return mp_pywrap(MP_COPY(RSA_PUB(me)->n)); }
598
599 static PyObject *rsaget_e(PyObject *me, void *hunoz)
600 { return mp_pywrap(MP_COPY(RSA_PUB(me)->e)); }
601
602 static PyObject *rsameth_pubop(PyObject *me, PyObject *arg)
603 {
604 mp *x = 0;
605 PyObject *rc = 0;
606
607 if (!PyArg_ParseTuple(arg, "O&:pubop", convmp, &x)) goto end;
608 rc = mp_pywrap(rsa_pubop(RSA_PUBCTX(me), MP_NEW, x));
609 end:
610 mp_drop(x);
611 return (rc);
612 }
613
614 static PyObject *rsapriv_dopywrap(PyTypeObject *ty,
615 rsa_priv *rp, PyObject *rng)
616 {
617 rsapriv_pyobj *o;
618
619 o = (rsapriv_pyobj *)ty->tp_alloc(ty, 0);
620 o->priv = *rp;
621 o->pub.n = rp->n;
622 o->pub.e = rp->e;
623 rsa_privcreate(&o->privctx, &o->priv, &rand_global);
624 rsa_pubcreate(&o->pubctx, &o->pub);
625 if (!rng) {
626 rng = Py_None;
627 Py_INCREF(rng);
628 }
629 o->rng = rng;
630 return ((PyObject *)o);
631 }
632
633 PyObject *rsapriv_pywrap(rsa_priv *rp)
634 { return rsapriv_dopywrap(rsapriv_pytype, rp, 0); }
635
636 static PyObject *rsapriv_pynew(PyTypeObject *ty,
637 PyObject *arg, PyObject *kw)
638 {
639 rsa_priv rp = { 0 };
640 PyObject *rng = Py_None;
641 static const char *const kwlist[] =
642 { "n", "e", "d", "p", "q", "dp", "dq", "q_inv", "rng", 0 };
643
644 if (!PyArg_ParseTupleAndKeywords(arg, kw, "|O&O&O&O&O&O&O&O&O:new", KWLIST,
645 convmp, &rp.n, convmp, &rp.e,
646 convmp, &rp.d,
647 convmp, &rp.p, convmp, &rp.q,
648 convmp, &rp.dp, convmp, &rp.dq,
649 convmp, &rp.q_inv,
650 &rng))
651 goto end;
652 if ((rp.n && !MP_ODDP(rp.n)) ||
653 (rp.p && !MP_ODDP(rp.p)) ||
654 (rp.q && !MP_ODDP(rp.q)))
655 VALERR("RSA modulus and factors must be odd");
656 if (rsa_recover(&rp)) VALERR("couldn't construct private key");
657 if (rng != Py_None && !GRAND_PYCHECK(rng))
658 TYERR("not a random number source");
659 Py_INCREF(rng);
660 return (rsapriv_dopywrap(ty, &rp, rng));
661 end:
662 rsa_privfree(&rp);
663 return (0);
664 }
665
666 static void rsapriv_pydealloc(PyObject *me)
667 {
668 RSA_PRIVCTX(me)->r = &rand_global;
669 rsa_privdestroy(RSA_PRIVCTX(me));
670 rsa_privfree(RSA_PRIV(me));
671 Py_DECREF(RSA_RNG(me));
672 FREEOBJ(me);
673 }
674
675 static PyObject *rsaget_d(PyObject *me, void *hunoz)
676 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->d)); }
677
678 static PyObject *rsaget_p(PyObject *me, void *hunoz)
679 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->p)); }
680
681 static PyObject *rsaget_q(PyObject *me, void *hunoz)
682 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->q)); }
683
684 static PyObject *rsaget_dp(PyObject *me, void *hunoz)
685 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->dp)); }
686
687 static PyObject *rsaget_dq(PyObject *me, void *hunoz)
688 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->dq)); }
689
690 static PyObject *rsaget_q_inv(PyObject *me, void *hunoz)
691 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->q_inv)); }
692
693 static PyObject *rsaget_rng(PyObject *me, void *hunoz)
694 { RETURN_OBJ(RSA_RNG(me)); }
695
696 static int rsaset_rng(PyObject *me, PyObject *val, void *hunoz)
697 {
698 int rc = -1;
699 if (!val)
700 val = Py_None;
701 else if (val != Py_None && !GRAND_PYCHECK(val))
702 TYERR("expected grand or None");
703 Py_DECREF(RSA_RNG(me));
704 RSA_RNG(me) = val;
705 Py_INCREF(val);
706 rc = 0;
707 end:
708 return (rc);
709 }
710
711 static PyObject *rsameth_privop(PyObject *me, PyObject *arg, PyObject *kw)
712 {
713 PyObject *rng = RSA_RNG(me);
714 mp *x = 0;
715 PyObject *rc = 0;
716 static const char *const kwlist[] = { "x", "rng", 0 };
717
718 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&|O:privop", KWLIST,
719 convmp, &x, &rng))
720 goto end;
721 if (rng != Py_None && !GRAND_PYCHECK(rng))
722 TYERR("not a random number source");
723 RSA_PRIVCTX(me)->r = (rng == Py_None) ? 0 : GRAND_R(rng);
724 rc = mp_pywrap(rsa_privop(RSA_PRIVCTX(me), MP_NEW, x));
725 end:
726 mp_drop(x);
727 return (rc);
728 }
729
730 static PyObject *meth__RSAPriv_generate(PyObject *me,
731 PyObject *arg, PyObject *kw)
732 {
733 grand *r = &rand_global;
734 unsigned nbits;
735 unsigned n = 0;
736 rsa_priv rp;
737 mp *e = 0;
738 struct excinfo exc = EXCINFO_INIT;
739 pypgev evt = { { 0 } };
740 static const char *const kwlist[] =
741 { "class", "nbits", "event", "rng", "nsteps", "e", 0 };
742 PyObject *rc = 0;
743
744 evt.exc = &exc;
745 if (!PyArg_ParseTupleAndKeywords(arg, kw, "OO&|O&O&O&O&:generate", KWLIST,
746 &me, convuint, &nbits, convpgev, &evt,
747 convgrand, &r, convuint, &n,
748 convmp, &e))
749 goto end;
750 if (e) MP_COPY(e);
751 else e = mp_fromulong(MP_NEW, 65537);
752 if (rsa_gen_e(&rp, nbits, e, r, n, evt.ev.proc, evt.ev.ctx))
753 PGENERR(&exc);
754 rc = rsapriv_pywrap(&rp);
755 end:
756 droppgev(&evt);
757 mp_drop(e);
758 return (rc);
759 }
760
761 static PyGetSetDef rsapub_pygetset[] = {
762 #define GETSETNAME(op, name) rsa##op##_##name
763 GET (n, "R.n -> N")
764 GET (e, "R.e -> E")
765 #undef GETSETNAME
766 { 0 }
767 };
768
769 static PyMethodDef rsapub_pymethods[] = {
770 #define METHNAME(name) rsameth_##name
771 METH (pubop, "R.pubop(X) -> X^E (mod N)")
772 #undef METHNAME
773 { 0 }
774 };
775
776 static PyGetSetDef rsapriv_pygetset[] = {
777 #define GETSETNAME(op, name) rsa##op##_##name
778 GET (d, "R.d -> D")
779 GET (p, "R.p -> P")
780 GET (q, "R.q -> Q")
781 GET (dp, "R.dp -> D mod (P - 1)")
782 GET (dq, "R.dq -> D mod (Q - 1)")
783 GET (q_inv, "R.q_inv -> Q^{-1} mod P")
784 GETSET(rng, "R.rng -> random number source for blinding")
785 #undef GETSETNAME
786 { 0 }
787 };
788
789 static PyMethodDef rsapriv_pymethods[] = {
790 #define METHNAME(name) rsameth_##name
791 KWMETH(privop, "R.privop(X, [rng = None]) -> X^D (mod N)")
792 #undef METHNAME
793 { 0 }
794 };
795
796 static PyTypeObject rsapub_pytype_skel = {
797 PyObject_HEAD_INIT(0) 0, /* Header */
798 "RSAPub", /* @tp_name@ */
799 sizeof(rsapub_pyobj), /* @tp_basicsize@ */
800 0, /* @tp_itemsize@ */
801
802 rsapub_pydealloc, /* @tp_dealloc@ */
803 0, /* @tp_print@ */
804 0, /* @tp_getattr@ */
805 0, /* @tp_setattr@ */
806 0, /* @tp_compare@ */
807 0, /* @tp_repr@ */
808 0, /* @tp_as_number@ */
809 0, /* @tp_as_sequence@ */
810 0, /* @tp_as_mapping@ */
811 0, /* @tp_hash@ */
812 0, /* @tp_call@ */
813 0, /* @tp_str@ */
814 0, /* @tp_getattro@ */
815 0, /* @tp_setattro@ */
816 0, /* @tp_as_buffer@ */
817 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
818 Py_TPFLAGS_BASETYPE,
819
820 /* @tp_doc@ */
821 "RSAPub(N, E): RSA public key.",
822
823 0, /* @tp_traverse@ */
824 0, /* @tp_clear@ */
825 0, /* @tp_richcompare@ */
826 0, /* @tp_weaklistoffset@ */
827 0, /* @tp_iter@ */
828 0, /* @tp_iternext@ */
829 rsapub_pymethods, /* @tp_methods@ */
830 0, /* @tp_members@ */
831 rsapub_pygetset, /* @tp_getset@ */
832 0, /* @tp_base@ */
833 0, /* @tp_dict@ */
834 0, /* @tp_descr_get@ */
835 0, /* @tp_descr_set@ */
836 0, /* @tp_dictoffset@ */
837 0, /* @tp_init@ */
838 PyType_GenericAlloc, /* @tp_alloc@ */
839 rsapub_pynew, /* @tp_new@ */
840 0, /* @tp_free@ */
841 0 /* @tp_is_gc@ */
842 };
843
844 static PyTypeObject rsapriv_pytype_skel = {
845 PyObject_HEAD_INIT(0) 0, /* Header */
846 "RSAPriv", /* @tp_name@ */
847 sizeof(rsapriv_pyobj), /* @tp_basicsize@ */
848 0, /* @tp_itemsize@ */
849
850 rsapriv_pydealloc, /* @tp_dealloc@ */
851 0, /* @tp_print@ */
852 0, /* @tp_getattr@ */
853 0, /* @tp_setattr@ */
854 0, /* @tp_compare@ */
855 0, /* @tp_repr@ */
856 0, /* @tp_as_number@ */
857 0, /* @tp_as_sequence@ */
858 0, /* @tp_as_mapping@ */
859 0, /* @tp_hash@ */
860 0, /* @tp_call@ */
861 0, /* @tp_str@ */
862 0, /* @tp_getattro@ */
863 0, /* @tp_setattro@ */
864 0, /* @tp_as_buffer@ */
865 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
866 Py_TPFLAGS_BASETYPE,
867
868 /* @tp_doc@ */
869 "RSAPriv(..., [rng = rand]): RSA private key.\n"
870 " Keywords: n, e, d, p, q, dp, dq, q_inv; must provide enough",
871
872 0, /* @tp_traverse@ */
873 0, /* @tp_clear@ */
874 0, /* @tp_richcompare@ */
875 0, /* @tp_weaklistoffset@ */
876 0, /* @tp_iter@ */
877 0, /* @tp_iternext@ */
878 rsapriv_pymethods, /* @tp_methods@ */
879 0, /* @tp_members@ */
880 rsapriv_pygetset, /* @tp_getset@ */
881 0, /* @tp_base@ */
882 0, /* @tp_dict@ */
883 0, /* @tp_descr_get@ */
884 0, /* @tp_descr_set@ */
885 0, /* @tp_dictoffset@ */
886 0, /* @tp_init@ */
887 PyType_GenericAlloc, /* @tp_alloc@ */
888 rsapriv_pynew, /* @tp_new@ */
889 0, /* @tp_free@ */
890 0 /* @tp_is_gc@ */
891 };
892
893 /*----- RSA padding schemes -----------------------------------------------*/
894
895 static PyObject *meth__p1crypt_encode(PyObject *me,
896 PyObject *arg, PyObject *kw)
897 {
898 pkcs1 p1;
899 char *m, *ep;
900 Py_ssize_t msz, epsz;
901 unsigned long nbits;
902 PyObject *rc = 0;
903 octet *b = 0;
904 size_t sz;
905 mp *x;
906 static const char *const kwlist[] = { "msg", "nbits", "ep", "rng", 0 };
907
908 p1.r = &rand_global; ep = 0; epsz = 0;
909 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|s#O&:encode", KWLIST,
910 &m, &msz, convulong, &nbits,
911 &ep, &epsz, convgrand, &p1.r))
912 goto end;
913 sz = (nbits + 7)/8;
914 p1.ep = ep; p1.epsz = epsz;
915 if (epsz + msz + 11 > sz) VALERR("buffer underflow");
916 b = xmalloc(sz);
917 x = pkcs1_cryptencode(MP_NEW, m, msz, b, sz, nbits, &p1);
918 rc = mp_pywrap(x);
919 end:
920 xfree(b);
921 return (rc);
922 }
923
924 static PyObject *meth__p1crypt_decode(PyObject *me,
925 PyObject *arg, PyObject *kw)
926 {
927 pkcs1 p1;
928 char *ep;
929 Py_ssize_t epsz;
930 unsigned long nbits;
931 int n;
932 PyObject *rc = 0;
933 octet *b = 0;
934 size_t sz;
935 mp *x = 0;
936 static const char *const kwlist[] = { "ct", "nbits", "ep", "rng", 0 };
937
938 p1.r = &rand_global; ep = 0; epsz = 0;
939 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&O&|s#O&:decode", KWLIST,
940 convmp, &x, convulong, &nbits,
941 &ep, &epsz, convgrand, &p1.r))
942 goto end;
943 sz = (nbits + 7)/8;
944 p1.ep = ep; p1.epsz = epsz;
945 if (epsz + 11 > sz) VALERR("buffer underflow");
946 b = xmalloc(sz);
947 if ((n = pkcs1_cryptdecode(x, b, sz, nbits, &p1)) < 0)
948 VALERR("decryption failed");
949 rc = bytestring_pywrap(b, n);
950 end:
951 mp_drop(x);
952 xfree(b);
953 return (rc);
954 }
955
956 static PyObject *meth__p1sig_encode(PyObject *me,
957 PyObject *arg, PyObject *kw)
958 {
959 pkcs1 p1;
960 char *m, *ep;
961 Py_ssize_t msz, epsz;
962 unsigned long nbits;
963 PyObject *rc = 0;
964 octet *b = 0;
965 size_t sz;
966 mp *x;
967 static const char *const kwlist[] = { "msg", "nbits", "ep", "rng", 0 };
968
969 p1.r = &rand_global; ep = 0; epsz = 0;
970 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|s#O&:encode", KWLIST,
971 &m, &msz, convulong, &nbits,
972 &ep, &epsz, convgrand, &p1.r))
973 goto end;
974 sz = (nbits + 7)/8;
975 p1.ep = ep; p1.epsz = epsz;
976 if (epsz + msz + 11 > sz) VALERR("buffer underflow");
977 b = xmalloc(sz);
978 x = pkcs1_sigencode(MP_NEW, m, msz, b, sz, nbits, &p1);
979 rc = mp_pywrap(x);
980 end:
981 xfree(b);
982 return (rc);
983 }
984
985 static PyObject *meth__p1sig_decode(PyObject *me,
986 PyObject *arg, PyObject *kw)
987 {
988 pkcs1 p1;
989 char *ep;
990 Py_ssize_t epsz;
991 unsigned long nbits;
992 int n;
993 PyObject *hukairz;
994 PyObject *rc = 0;
995 octet *b = 0;
996 size_t sz;
997 mp *x = 0;
998 static const char *const kwlist[] =
999 { "msg", "sig", "nbits", "ep", "rng", 0 };
1000
1001 p1.r = &rand_global; ep = 0; epsz = 0;
1002 if (!PyArg_ParseTupleAndKeywords(arg, kw, "OO&O&|s#O&:decode", KWLIST,
1003 &hukairz, convmp, &x, convulong, &nbits,
1004 &ep, &epsz, convgrand, &p1.r))
1005 goto end;
1006 sz = (nbits + 7)/8;
1007 p1.ep = ep; p1.epsz = epsz;
1008 if (epsz + 10 > sz) VALERR("buffer underflow");
1009 b = xmalloc(sz);
1010 if ((n = pkcs1_sigdecode(x, 0, 0, b, sz, nbits, &p1)) < 0)
1011 VALERR("verification failed");
1012 rc = bytestring_pywrap(b, n);
1013 end:
1014 mp_drop(x);
1015 xfree(b);
1016 return (rc);
1017 }
1018
1019 static PyObject *meth__oaep_encode(PyObject *me,
1020 PyObject *arg, PyObject *kw)
1021 {
1022 oaep o;
1023 char *m, *ep;
1024 Py_ssize_t msz, epsz;
1025 unsigned long nbits;
1026 PyObject *rc = 0;
1027 octet *b = 0;
1028 size_t sz;
1029 mp *x;
1030 static const char *const kwlist[] =
1031 { "msg", "nbits", "mgf", "hash", "ep", "rng", 0 };
1032
1033 o.r = &rand_global; o.cc = &sha_mgf; o.ch = &sha; ep = 0; epsz = 0;
1034 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|O&O&s#O&:encode", KWLIST,
1035 &m, &msz, convulong, &nbits,
1036 convgccipher, &o.cc,
1037 convgchash, &o.ch,
1038 &ep, &epsz,
1039 convgrand, &o.r))
1040 goto end;
1041 sz = (nbits + 7)/8;
1042 o.ep = ep; o.epsz = epsz;
1043 if (2 * o.ch->hashsz + 2 + msz > sz) VALERR("buffer underflow");
1044 b = xmalloc(sz);
1045 x = oaep_encode(MP_NEW, m, msz, b, sz, nbits, &o);
1046 rc = mp_pywrap(x);
1047 end:
1048 xfree(b);
1049 return (rc);
1050 }
1051
1052 static PyObject *meth__oaep_decode(PyObject *me,
1053 PyObject *arg, PyObject *kw)
1054 {
1055 oaep o;
1056 char *ep;
1057 Py_ssize_t epsz;
1058 unsigned long nbits;
1059 int n;
1060 PyObject *rc = 0;
1061 octet *b = 0;
1062 size_t sz;
1063 mp *x = 0;
1064 static const char *const kwlist[] =
1065 { "ct", "nbits", "mgf", "hash", "ep", "rng", 0 };
1066
1067 o.r = &rand_global; o.cc = &sha_mgf; o.ch = &sha; ep = 0; epsz = 0;
1068 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&O&|O&O&s#O&:decode", KWLIST,
1069 convmp, &x, convulong, &nbits,
1070 convgccipher, &o.cc,
1071 convgchash, &o.ch,
1072 &ep, &epsz,
1073 convgrand, &o.r))
1074 goto end;
1075 sz = (nbits + 7)/8;
1076 o.ep = ep; o.epsz = epsz;
1077 if (2 * o.ch->hashsz > sz) VALERR("buffer underflow");
1078 b = xmalloc(sz);
1079 if ((n = oaep_decode(x, b, sz, nbits, &o)) < 0)
1080 VALERR("decryption failed");
1081 rc = bytestring_pywrap(b, n);
1082 end:
1083 mp_drop(x);
1084 xfree(b);
1085 return (rc);
1086 }
1087
1088 static PyObject *meth__pss_encode(PyObject *me,
1089 PyObject *arg, PyObject *kw)
1090 {
1091 pss p;
1092 char *m;
1093 Py_ssize_t msz;
1094 unsigned long nbits;
1095 PyObject *rc = 0;
1096 octet *b = 0;
1097 size_t sz;
1098 mp *x = 0;
1099 static const char *const kwlist[] =
1100 { "msg", "nbits", "mgf", "hash", "saltsz", "rng", 0 };
1101
1102 p.cc = &sha_mgf; p.ch = &sha; p.r = &rand_global; p.ssz = (size_t)-1;
1103 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|O&O&O&O&:encode", KWLIST,
1104 &m, &msz, convulong, &nbits,
1105 convgccipher, &p.cc,
1106 convgchash, &p.ch,
1107 convszt, &p.ssz,
1108 convgrand, &p.r))
1109 goto end;
1110 sz = (nbits + 7)/8;
1111 if (p.ssz == (size_t)-1) p.ssz = p.ch->hashsz;
1112 if (p.ch->hashsz + p.ssz + 2 > sz) VALERR("buffer underflow");
1113 b = xmalloc(sz);
1114 x = pss_encode(MP_NEW, m, msz, b, sz, nbits, &p);
1115 rc = mp_pywrap(x);
1116 end:
1117 xfree(b);
1118 return (rc);
1119 }
1120
1121 static PyObject *meth__pss_decode(PyObject *me,
1122 PyObject *arg, PyObject *kw)
1123 {
1124 pss p;
1125 char *m;
1126 Py_ssize_t msz;
1127 unsigned long nbits;
1128 PyObject *rc = 0;
1129 octet *b = 0;
1130 size_t sz;
1131 int n;
1132 mp *x = 0;
1133 static const char *const kwlist[] =
1134 { "msg", "sig", "nbits", "mgf", "hash", "saltsz", "rng", 0 };
1135
1136 p.cc = &sha_mgf; p.ch = &sha; p.r = &rand_global; p.ssz = (size_t)-1;
1137 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&O&|O&O&O&O&:decode", KWLIST,
1138 &m, &msz, convmp, &x, convulong, &nbits,
1139 convgccipher, &p.cc,
1140 convgchash, &p.ch,
1141 convszt, &p.ssz,
1142 convgrand, &p.r))
1143 goto end;
1144 sz = (nbits + 7)/8;
1145 if (p.ssz == (size_t)-1) p.ssz = p.ch->hashsz;
1146 if (p.ch->hashsz + p.ssz + 2 > sz) VALERR("buffer underflow");
1147 b = xmalloc(sz);
1148 if ((n = pss_decode(x, m, msz, b, sz, nbits, &p)) < 0)
1149 VALERR("verification failed");
1150 rc = Py_None; Py_INCREF(rc);
1151 end:
1152 mp_drop(x);
1153 xfree(b);
1154 return (rc);
1155 }
1156
1157 /*----- X25519 and related algorithms -------------------------------------*/
1158
1159 #define XDHS(_) \
1160 _(X25519, x25519) \
1161 _(X448, x448)
1162
1163 #define DEFXDH(X, x) \
1164 static PyObject *meth_##x(PyObject *me, PyObject *arg) \
1165 { \
1166 const char *k, *p; \
1167 Py_ssize_t ksz, psz; \
1168 PyObject *rc = 0; \
1169 if (!PyArg_ParseTuple(arg, "s#s#:" #x, &k, &ksz, &p, &psz)) \
1170 goto end; \
1171 if (ksz != X##_KEYSZ) VALERR("bad key length"); \
1172 if (psz != X##_PUBSZ) VALERR("bad public length"); \
1173 rc = bytestring_pywrap(0, X##_OUTSZ); \
1174 x((octet *)PyString_AS_STRING(rc), \
1175 (const octet *)k, (const octet *)p); \
1176 return (rc); \
1177 end: \
1178 return (0); \
1179 }
1180 XDHS(DEFXDH)
1181 #undef DEFXDH
1182
1183 /*----- Ed25519 and related algorithms ------------------------------------*/
1184
1185 #define EDDSAS(_) \
1186 _(ED25519, ed25519, -1, ctx) \
1187 _(ED448, ed448, 0, )
1188
1189 #define DEFEDDSA(ED, ed, phdflt, sigver) \
1190 \
1191 static PyObject *meth_##ed##_pubkey(PyObject *me, PyObject *arg) \
1192 { \
1193 const char *k; \
1194 Py_ssize_t ksz; \
1195 PyObject *rc = 0; \
1196 if (!PyArg_ParseTuple(arg, "s#:" #ed "_pubkey", &k, &ksz)) \
1197 goto end; \
1198 rc = bytestring_pywrap(0, ED##_PUBSZ); \
1199 ed##_pubkey((octet *)PyString_AS_STRING(rc), k, ksz); \
1200 return (rc); \
1201 end: \
1202 return (0); \
1203 } \
1204 \
1205 static PyObject *meth_##ed##_sign(PyObject *me, PyObject *arg, \
1206 PyObject *kw) \
1207 { \
1208 const char *k, *p = 0, *c = 0, *m; \
1209 Py_ssize_t ksz, psz, csz = 0, msz; \
1210 int ph = phdflt; \
1211 PyObject *rc = 0; \
1212 octet pp[ED##_PUBSZ]; \
1213 static const char *const kwlist[] = \
1214 { "key", "msg", "pub", "perso", "phflag", 0 }; \
1215 if (!PyArg_ParseTupleAndKeywords(arg, kw, \
1216 "s#s#|s#s#O&:" #ed "_sign", \
1217 KWLIST, \
1218 &k, &ksz, &m, &msz, &p, &psz, \
1219 &c, &csz, convbool, &ph)) \
1220 goto end; \
1221 if (p && psz != ED##_PUBSZ) VALERR("bad public length"); \
1222 if (c && csz > ED##_MAXPERSOSZ) \
1223 VALERR("personalization string too long"); \
1224 if (c && ph == -1) ph = 0; \
1225 if (!p) { p = (const char *)pp; ed##_pubkey(pp, k, ksz); } \
1226 rc = bytestring_pywrap(0, ED##_SIGSZ); \
1227 ed##sigver##_sign((octet *)PyString_AS_STRING(rc), k, ksz, \
1228 (const octet *)p, ph, c, csz, m, msz); \
1229 return (rc); \
1230 end: \
1231 return (0); \
1232 } \
1233 \
1234 static PyObject *meth_##ed##_verify(PyObject *me, \
1235 PyObject *arg, PyObject *kw) \
1236 { \
1237 const char *p, *c = 0, *m, *s; \
1238 Py_ssize_t psz, csz = 0, msz, ssz; \
1239 int ph = phdflt; \
1240 PyObject *rc = 0; \
1241 static const char *const kwlist[] = \
1242 { "pub", "msg", "sig", "perso", "phflag", 0 }; \
1243 if (!PyArg_ParseTupleAndKeywords(arg, kw, \
1244 "s#s#s#|s#O&:" #ed "_verify", \
1245 KWLIST, \
1246 &p, &psz, &m, &msz, &s, &ssz, \
1247 &c, &csz, convbool, &ph)) \
1248 goto end; \
1249 if (psz != ED##_PUBSZ) VALERR("bad public length"); \
1250 if (ssz != ED##_SIGSZ) VALERR("bad signature length"); \
1251 if (c && csz > ED##_MAXPERSOSZ) \
1252 VALERR("personalization string too long"); \
1253 if (c && ph == -1) ph = 0; \
1254 rc = getbool(!ed##sigver##_verify((const octet *)p, ph, c, csz, \
1255 m, msz, (const octet *)s)); \
1256 return (rc); \
1257 end: \
1258 return (0); \
1259 }
1260 EDDSAS(DEFEDDSA)
1261 #undef DEFEDDSA
1262
1263 /*----- Global stuff ------------------------------------------------------*/
1264
1265 static PyMethodDef methods[] = {
1266 #define METHNAME(name) meth_##name
1267 KWMETH(_p1crypt_encode, 0)
1268 KWMETH(_p1crypt_decode, 0)
1269 KWMETH(_p1sig_encode, 0)
1270 KWMETH(_p1sig_decode, 0)
1271 KWMETH(_oaep_encode, 0)
1272 KWMETH(_oaep_decode, 0)
1273 KWMETH(_pss_encode, 0)
1274 KWMETH(_pss_decode, 0)
1275 KWMETH(_RSAPriv_generate, "generate(NBITS, [event = pgen_nullev], "
1276 "[rng = rand], [nsteps = 0]) -> R")
1277 #define DEFMETH(X, x) \
1278 METH (x, "" #x "(KEY, PUBLIC) -> SHARED")
1279 XDHS(DEFMETH)
1280 #undef DEFMETH
1281 #define DEFMETH(ED, ed, phdflt, sigver) \
1282 METH (ed##_pubkey, "" #ed "_pubkey(KEY) -> PUBLIC") \
1283 KWMETH(ed##_sign, "" #ed "_sign(KEY, MSG, [pub = PUBLIC], " \
1284 "[perso = STRING], [phflag = BOOL]) -> SIG") \
1285 KWMETH(ed##_verify, "" #ed "_verify(PUBLIC, MSG, SIG, " \
1286 "[perso = STRING], [phflag = BOOL]) -> BOOL")
1287 EDDSAS(DEFMETH)
1288 #undef DEFMETH
1289 #undef METHNAME
1290 { 0 }
1291 };
1292
1293 void pubkey_pyinit(void)
1294 {
1295 INITTYPE(dsapub, root);
1296 INITTYPE(dsapriv, dsapub);
1297 INITTYPE(kcdsapub, root);
1298 INITTYPE(kcdsapriv, kcdsapub);
1299 INITTYPE(rsapub, root);
1300 INITTYPE(rsapriv, rsapub);
1301 addmethods(methods);
1302 }
1303
1304 void pubkey_pyinsert(PyObject *mod)
1305 {
1306 INSERT("DSAPub", dsapub_pytype);
1307 INSERT("DSAPriv", dsapriv_pytype);
1308 INSERT("KCDSAPub", kcdsapub_pytype);
1309 INSERT("KCDSAPriv", kcdsapriv_pytype);
1310 INSERT("RSAPub", rsapub_pytype);
1311 INSERT("RSAPriv", rsapriv_pytype);
1312 }
1313
1314 /*----- That's all, folks -------------------------------------------------*/
Catacomb cryptographic library -- Python bindings