3 * Public-key cryptography
5 * (c) 2004 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of the Python interface to Catacomb.
12 * Catacomb/Python is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
17 * Catacomb/Python is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with Catacomb/Python; if not, write to the Free Software Foundation,
24 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 /*----- Header files ------------------------------------------------------*/
29 #include "catacomb-python.h"
31 /*----- DSA and similar ---------------------------------------------------*/
33 typedef struct dsa_pyobj
{
35 PyObject
*G
, *u
, *p
, *rng
, *hash
;
39 static PyTypeObject
*dsapub_pytype
, *dsapriv_pytype
;
40 static PyTypeObject
*kcdsapub_pytype
, *kcdsapriv_pytype
;
41 #define DSA_D(o) (&((dsa_pyobj *)(o))->d)
42 #define DSA_G(o) (((dsa_pyobj *)(o))->G)
43 #define DSA_U(o) (((dsa_pyobj *)(o))->u)
44 #define DSA_P(o) (((dsa_pyobj *)(o))->p)
45 #define DSA_RNG(o) (((dsa_pyobj *)(o))->rng)
46 #define DSA_HASH(o) (((dsa_pyobj *)(o))->hash)
48 static void dsa_pydealloc(PyObject
*me
)
50 dsa_pyobj
*g
= (dsa_pyobj
*)me
;
51 Py_DECREF(g
->G
); Py_DECREF(g
->u
); Py_DECREF(g
->p
);
52 Py_DECREF(g
->rng
); Py_DECREF(g
->hash
);
56 static PyObject
*dsa_setup(PyTypeObject
*ty
, PyObject
*G
, PyObject
*u
,
57 PyObject
*p
, PyObject
*rng
, PyObject
*hash
,
58 void (*calcpub
)(group
*, ge
*, mp
*))
63 g
= PyObject_New(dsa_pyobj
, ty
);
69 if ((g
->d
.u
= getmp(u
)) == 0)
71 if (MP_PYCHECK(u
)) Py_INCREF(u
);
72 else u
= mp_pywrap(g
->d
.u
);
75 assert(g
->d
.u
); assert(calcpub
);
76 pp
= G_CREATE(GROUP_G(G
));
77 calcpub(GROUP_G(G
), pp
, g
->d
.u
);
79 } else if (GROUP_G(G
) != GE_G(p
) && !group_samep(GROUP_G(G
), GE_G(p
)))
80 TYERR("public key not from group");
83 g
->d
.r
= GRAND_R(rng
);
84 g
->d
.h
= GCHASH_CH(hash
);
85 g
->G
= G
; Py_INCREF(G
); g
->u
= u
; g
->p
= p
;
86 g
->rng
= rng
; Py_INCREF(rng
); g
->hash
= hash
; Py_INCREF(hash
);
87 return ((PyObject
*)g
);
89 Py_XDECREF(p
); FREEOBJ(g
);
93 static PyObject
*dsapub_pynew(PyTypeObject
*ty
,
94 PyObject
*arg
, PyObject
*kw
)
96 PyObject
*G
, *p
, *rng
= rand_pyobj
, *hash
= sha_pyobj
;
98 static const char *const kwlist
[] = { "G", "p", "hash", "rng", 0 };
100 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O!O!|O!O!:new", KWLIST
,
103 gchash_pytype
, &hash
,
104 grand_pytype
, &rng
) ||
105 (rc
= dsa_setup(dsapub_pytype
, G
, 0, p
, rng
, hash
, 0)) == 0)
111 static PyObject
*dsameth_beginhash(PyObject
*me
)
112 { return (ghash_pywrap(DSA_HASH(me
), gdsa_beginhash(DSA_D(me
)))); }
114 static PyObject
*dsameth_endhash(PyObject
*me
, PyObject
*arg
)
118 if (!PyArg_ParseTuple(arg
, "O&:endhash", convghash
, &h
)) return (0);
119 gdsa_endhash(DSA_D(me
), h
);
121 rc
= bytestring_pywrap(0, GH_CLASS(h
)->hashsz
);
122 GH_DONE(h
, BIN_PTR(rc
));
127 static PyObject
*dsameth_sign(PyObject
*me
, PyObject
*arg
, PyObject
*kw
)
129 gdsa_sig s
= GDSA_SIG_INIT
;
133 static const char *const kwlist
[] = { "msg", "k", 0 };
135 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&|O&:sign", KWLIST
,
136 convbin
, &h
, convmp
, &k
))
138 if (h
.sz
!= DSA_D(me
)->h
->hashsz
)
139 VALERR("bad message length (doesn't match hash size)");
140 gdsa_sign(DSA_D(me
), &s
, h
.p
, k
);
141 rc
= Py_BuildValue("(NN)", mp_pywrap(s
.r
), mp_pywrap(s
.s
));
147 static PyObject
*dsameth_verify(PyObject
*me
, PyObject
*arg
)
150 gdsa_sig s
= GDSA_SIG_INIT
;
153 if (!PyArg_ParseTuple(arg
, "O&(O&O&):verify",
154 convbin
, &h
, convmp
, &s
.r
, convmp
, &s
.s
))
156 if (h
.sz
!= DSA_D(me
)->h
->hashsz
)
157 VALERR("bad message length (doesn't match hash size)");
158 rc
= getbool(!gdsa_verify(DSA_D(me
), &s
, h
.p
));
165 static void dsa_calcpub(group
*g
, ge
*p
, mp
*u
) { G_EXP(g
, p
, g
->g
, u
); }
167 static PyObject
*dsapriv_pynew(PyTypeObject
*ty
,
168 PyObject
*arg
, PyObject
*kw
)
170 PyObject
*G
, *p
= 0, *u
, *rng
= rand_pyobj
, *hash
= sha_pyobj
;
172 static const char *const kwlist
[] = { "G", "u", "p", "hash", "rng", 0 };
174 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O!O|O!O!O!:new", KWLIST
,
178 gchash_pytype
, &hash
,
179 grand_pytype
, &rng
) ||
180 (rc
= dsa_setup(dsapriv_pytype
, G
, u
, p
, rng
, hash
, dsa_calcpub
)) == 0)
186 static const PyMethodDef dsapub_pymethods
[] = {
187 #define METHNAME(name) dsameth_##name
188 NAMETH(beginhash
, "D.beginhash() -> hash object")
189 METH (endhash
, "D.endhash(H) -> BYTES")
190 METH (verify
, "D.verify(MSG, (R, S)) -> true/false")
195 static const PyMethodDef dsapriv_pymethods
[] = {
196 #define METHNAME(name) dsameth_##name
197 KWMETH(sign
, "D.sign(MSG, [k = K]) -> R, S")
202 static const PyMemberDef dsapub_pymembers
[] = {
203 #define MEMBERSTRUCT dsa_pyobj
204 MEMBER(G
, T_OBJECT
, READONLY
, "D.G -> group to work in")
205 MEMBER(p
, T_OBJECT
, READONLY
, "D.p -> public key (group element")
206 MEMBER(rng
, T_OBJECT
, READONLY
, "D.rng -> random number generator")
207 MEMBER(hash
, T_OBJECT
, READONLY
, "D.hash -> hash class")
212 static const PyMemberDef dsapriv_pymembers
[] = {
213 #define MEMBERSTRUCT dsa_pyobj
214 MEMBER(u
, T_OBJECT
, READONLY
, "D.u -> private key (exponent)")
219 static const PyTypeObject dsapub_pytype_skel
= {
220 PyVarObject_HEAD_INIT(0, 0) /* Header */
221 "DSAPub", /* @tp_name@ */
222 sizeof(dsa_pyobj
), /* @tp_basicsize@ */
223 0, /* @tp_itemsize@ */
225 dsa_pydealloc
, /* @tp_dealloc@ */
227 0, /* @tp_getattr@ */
228 0, /* @tp_setattr@ */
229 0, /* @tp_compare@ */
231 0, /* @tp_as_number@ */
232 0, /* @tp_as_sequence@ */
233 0, /* @tp_as_mapping@ */
237 0, /* @tp_getattro@ */
238 0, /* @tp_setattro@ */
239 0, /* @tp_as_buffer@ */
240 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
244 "DSAPub(GROUP, P, [hash = sha], [rng = rand]): DSA public key.",
246 0, /* @tp_traverse@ */
248 0, /* @tp_richcompare@ */
249 0, /* @tp_weaklistoffset@ */
251 0, /* @tp_iternext@ */
252 PYMETHODS(dsapub
), /* @tp_methods@ */
253 PYMEMBERS(dsapub
), /* @tp_members@ */
257 0, /* @tp_descr_get@ */
258 0, /* @tp_descr_set@ */
259 0, /* @tp_dictoffset@ */
261 PyType_GenericAlloc
, /* @tp_alloc@ */
262 dsapub_pynew
, /* @tp_new@ */
267 static const PyTypeObject dsapriv_pytype_skel
= {
268 PyVarObject_HEAD_INIT(0, 0) /* Header */
269 "DSAPriv", /* @tp_name@ */
270 sizeof(dsa_pyobj
), /* @tp_basicsize@ */
271 0, /* @tp_itemsize@ */
273 0, /* @tp_dealloc@ */
275 0, /* @tp_getattr@ */
276 0, /* @tp_setattr@ */
277 0, /* @tp_compare@ */
279 0, /* @tp_as_number@ */
280 0, /* @tp_as_sequence@ */
281 0, /* @tp_as_mapping@ */
285 0, /* @tp_getattro@ */
286 0, /* @tp_setattro@ */
287 0, /* @tp_as_buffer@ */
288 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
292 "DSAPriv(GROUP, U, [p = u G], [hash = sha], [rng = rand]): "
295 0, /* @tp_traverse@ */
297 0, /* @tp_richcompare@ */
298 0, /* @tp_weaklistoffset@ */
300 0, /* @tp_iternext@ */
301 PYMETHODS(dsapriv
), /* @tp_methods@ */
302 PYMEMBERS(dsapriv
), /* @tp_members@ */
306 0, /* @tp_descr_get@ */
307 0, /* @tp_descr_set@ */
308 0, /* @tp_dictoffset@ */
310 PyType_GenericAlloc
, /* @tp_alloc@ */
311 dsapriv_pynew
, /* @tp_new@ */
316 static PyObject
*kcdsapub_pynew(PyTypeObject
*ty
,
317 PyObject
*arg
, PyObject
*kw
)
319 PyObject
*G
, *p
, *rng
= rand_pyobj
, *hash
= has160_pyobj
;
321 static const char *const kwlist
[] = { "G", "p", "hash", "rng", 0 };
323 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O!O!|O!O!:new", KWLIST
,
326 gchash_pytype
, &hash
,
327 grand_pytype
, &rng
) ||
328 (rc
= dsa_setup(kcdsapub_pytype
, G
, 0, p
, rng
, hash
, 0)) == 0)
334 static void kcdsa_calcpub(group
*g
, ge
*p
, mp
*u
)
336 mp
*uinv
= mp_modinv(MP_NEW
, u
, g
->r
);
337 G_EXP(g
, p
, g
->g
, uinv
);
341 static PyObject
*kcdsapriv_pynew(PyTypeObject
*ty
,
342 PyObject
*arg
, PyObject
*kw
)
344 PyObject
*G
, *u
, *p
= 0, *rng
= rand_pyobj
, *hash
= has160_pyobj
;
346 static const char *const kwlist
[] = { "G", "u", "p", "hash", "rng", 0 };
348 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O!O|O!O!O!:new", KWLIST
,
352 gchash_pytype
, &hash
,
353 grand_pytype
, &rng
) ||
354 (rc
= dsa_setup(kcdsapriv_pytype
, G
, u
, p
,
355 rng
, hash
, kcdsa_calcpub
)) == 0)
361 static PyObject
*kcdsameth_beginhash(PyObject
*me
)
362 { return (ghash_pywrap(DSA_HASH(me
), gkcdsa_beginhash(DSA_D(me
)))); }
364 static PyObject
*kcdsameth_endhash(PyObject
*me
, PyObject
*arg
)
368 if (!PyArg_ParseTuple(arg
, "O&:endhash", convghash
, &h
)) return (0);
369 gkcdsa_endhash(DSA_D(me
), h
);
371 rc
= bytestring_pywrap(0, GH_CLASS(h
)->hashsz
);
372 GH_DONE(h
, BIN_PTR(rc
));
377 static PyObject
*kcdsameth_sign(PyObject
*me
, PyObject
*arg
, PyObject
*kw
)
379 gkcdsa_sig s
= GKCDSA_SIG_INIT
;
382 PyObject
*r
= 0, *rc
= 0;
383 static const char *const kwlist
[] = { "msg", "k", 0 };
385 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&|O&:sign", KWLIST
,
386 convbin
, &h
, convmp
, &k
))
388 if (h
.sz
!= DSA_D(me
)->h
->hashsz
)
389 VALERR("bad message length (doesn't match hash size)");
390 r
= bytestring_pywrap(0, DSA_D(me
)->h
->hashsz
);
391 s
.r
= (octet
*)BIN_PTR(r
);
392 gkcdsa_sign(DSA_D(me
), &s
, h
.p
, k
);
393 rc
= Py_BuildValue("(ON)", r
, mp_pywrap(s
.s
));
400 static PyObject
*kcdsameth_verify(PyObject
*me
, PyObject
*arg
)
403 gkcdsa_sig s
= GKCDSA_SIG_INIT
;
406 if (!PyArg_ParseTuple(arg
, "O&(O&O&):verify",
407 convbin
, &h
, convbin
, &sr
, convmp
, &s
.s
))
409 if (h
.sz
!= DSA_D(me
)->h
->hashsz
)
410 VALERR("bad message length (doesn't match hash size)");
411 if (sr
.sz
!= DSA_D(me
)->h
->hashsz
)
412 VALERR("bad signature `r' length (doesn't match hash size)");
413 s
.r
= (/*unconst*/ octet
*)sr
.p
;
414 rc
= getbool(!gkcdsa_verify(DSA_D(me
), &s
, h
.p
));
420 static const PyMethodDef kcdsapub_pymethods
[] = {
421 #define METHNAME(name) kcdsameth_##name
422 NAMETH(beginhash
, "D.beginhash() -> hash object")
423 METH (endhash
, "D.endhash(H) -> BYTES")
424 METH (verify
, "D.verify(MSG, (R, S)) -> true/false")
429 static const PyMethodDef kcdsapriv_pymethods
[] = {
430 #define METHNAME(name) kcdsameth_##name
431 KWMETH(sign
, "D.sign(MSG, [k = K]) -> R, S")
436 static const PyTypeObject kcdsapub_pytype_skel
= {
437 PyVarObject_HEAD_INIT(0, 0) /* Header */
438 "KCDSAPub", /* @tp_name@ */
439 sizeof(dsa_pyobj
), /* @tp_basicsize@ */
440 0, /* @tp_itemsize@ */
442 dsa_pydealloc
, /* @tp_dealloc@ */
444 0, /* @tp_getattr@ */
445 0, /* @tp_setattr@ */
446 0, /* @tp_compare@ */
448 0, /* @tp_as_number@ */
449 0, /* @tp_as_sequence@ */
450 0, /* @tp_as_mapping@ */
454 0, /* @tp_getattro@ */
455 0, /* @tp_setattro@ */
456 0, /* @tp_as_buffer@ */
457 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
461 "KCDSAPub(GROUP, P, [hash = sha], [rng = rand]): KCDSA public key.",
463 0, /* @tp_traverse@ */
465 0, /* @tp_richcompare@ */
466 0, /* @tp_weaklistoffset@ */
468 0, /* @tp_iternext@ */
469 PYMETHODS(kcdsapub
), /* @tp_methods@ */
470 PYMEMBERS(dsapub
), /* @tp_members@ */
474 0, /* @tp_descr_get@ */
475 0, /* @tp_descr_set@ */
476 0, /* @tp_dictoffset@ */
478 PyType_GenericAlloc
, /* @tp_alloc@ */
479 kcdsapub_pynew
, /* @tp_new@ */
484 static const PyTypeObject kcdsapriv_pytype_skel
= {
485 PyVarObject_HEAD_INIT(0, 0) /* Header */
486 "KCDSAPriv", /* @tp_name@ */
487 sizeof(dsa_pyobj
), /* @tp_basicsize@ */
488 0, /* @tp_itemsize@ */
490 0, /* @tp_dealloc@ */
492 0, /* @tp_getattr@ */
493 0, /* @tp_setattr@ */
494 0, /* @tp_compare@ */
496 0, /* @tp_as_number@ */
497 0, /* @tp_as_sequence@ */
498 0, /* @tp_as_mapping@ */
502 0, /* @tp_getattro@ */
503 0, /* @tp_setattro@ */
504 0, /* @tp_as_buffer@ */
505 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
509 "KCDSAPriv(GROUP, U, [p = u G], [hash = sha], [rng = rand]): "
510 "KCDSA private key.",
512 0, /* @tp_traverse@ */
514 0, /* @tp_richcompare@ */
515 0, /* @tp_weaklistoffset@ */
517 0, /* @tp_iternext@ */
518 PYMETHODS(kcdsapriv
), /* @tp_methods@ */
519 PYMEMBERS(dsapriv
), /* @tp_members@ */
523 0, /* @tp_descr_get@ */
524 0, /* @tp_descr_set@ */
525 0, /* @tp_dictoffset@ */
527 PyType_GenericAlloc
, /* @tp_alloc@ */
528 kcdsapriv_pynew
, /* @tp_new@ */
533 /*----- RSA ---------------------------------------------------------------*/
535 typedef struct rsapub_pyobj
{
541 #define RSA_PUB(o) (&((rsapub_pyobj *)(o))->pub)
542 #define RSA_PUBCTX(o) (&((rsapub_pyobj *)(o))->pubctx)
544 typedef struct rsapriv_pyobj
{
553 #define RSA_PRIV(o) (&((rsapriv_pyobj *)(o))->priv)
554 #define RSA_PRIVCTX(o) (&((rsapriv_pyobj *)(o))->privctx)
555 #define RSA_RNG(o) (((rsapriv_pyobj *)(o))->rng)
557 static PyTypeObject
*rsapub_pytype
, *rsapriv_pytype
;
559 static PyObject
*rsapub_pynew(PyTypeObject
*ty
,
560 PyObject
*arg
, PyObject
*kw
)
564 static const char *const kwlist
[] = { "n", "e", 0 };
566 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&O&:new", KWLIST
,
567 convmp
, &rp
.n
, convmp
, &rp
.e
))
569 if (!MP_ODDP(rp
.n
)) VALERR("RSA modulus must be even");
570 o
= (rsapub_pyobj
*)ty
->tp_alloc(ty
, 0);
572 rsa_pubcreate(&o
->pubctx
, &o
->pub
);
573 return ((PyObject
*)o
);
579 static void rsapub_pydealloc(PyObject
*me
)
581 rsa_pubdestroy(RSA_PUBCTX(me
));
582 rsa_pubfree(RSA_PUB(me
));
586 static PyObject
*rsaget_n(PyObject
*me
, void *hunoz
)
587 { return mp_pywrap(MP_COPY(RSA_PUB(me
)->n
)); }
589 static PyObject
*rsaget_e(PyObject
*me
, void *hunoz
)
590 { return mp_pywrap(MP_COPY(RSA_PUB(me
)->e
)); }
592 static PyObject
*rsameth_pubop(PyObject
*me
, PyObject
*arg
)
597 if (!PyArg_ParseTuple(arg
, "O&:pubop", convmp
, &x
)) goto end
;
598 rc
= mp_pywrap(rsa_pubop(RSA_PUBCTX(me
), MP_NEW
, x
));
604 static PyObject
*rsapriv_dopywrap(PyTypeObject
*ty
,
605 rsa_priv
*rp
, PyObject
*rng
)
609 o
= (rsapriv_pyobj
*)ty
->tp_alloc(ty
, 0);
613 rsa_privcreate(&o
->privctx
, &o
->priv
, &rand_global
);
614 rsa_pubcreate(&o
->pubctx
, &o
->pub
);
620 return ((PyObject
*)o
);
623 PyObject
*rsapriv_pywrap(rsa_priv
*rp
)
624 { return rsapriv_dopywrap(rsapriv_pytype
, rp
, 0); }
626 static PyObject
*rsapriv_pynew(PyTypeObject
*ty
,
627 PyObject
*arg
, PyObject
*kw
)
630 PyObject
*rng
= Py_None
;
631 static const char *const kwlist
[] =
632 { "n", "e", "d", "p", "q", "dp", "dq", "q_inv", "rng", 0 };
634 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "|O&O&O&O&O&O&O&O&O:new", KWLIST
,
635 convmp
, &rp
.n
, convmp
, &rp
.e
,
637 convmp
, &rp
.p
, convmp
, &rp
.q
,
638 convmp
, &rp
.dp
, convmp
, &rp
.dq
,
642 if ((rp
.n
&& !MP_ODDP(rp
.n
)) ||
643 (rp
.p
&& !MP_ODDP(rp
.p
)) ||
644 (rp
.q
&& !MP_ODDP(rp
.q
)))
645 VALERR("RSA modulus and factors must be odd");
646 if (rsa_recover(&rp
)) VALERR("couldn't construct private key");
647 if (rng
!= Py_None
&& !GRAND_PYCHECK(rng
))
648 TYERR("not a random number source");
650 return (rsapriv_dopywrap(ty
, &rp
, rng
));
656 static void rsapriv_pydealloc(PyObject
*me
)
658 RSA_PRIVCTX(me
)->r
= &rand_global
;
659 rsa_privdestroy(RSA_PRIVCTX(me
));
660 rsa_privfree(RSA_PRIV(me
));
661 Py_DECREF(RSA_RNG(me
));
665 static PyObject
*rsaget_d(PyObject
*me
, void *hunoz
)
666 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->d
)); }
668 static PyObject
*rsaget_p(PyObject
*me
, void *hunoz
)
669 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->p
)); }
671 static PyObject
*rsaget_q(PyObject
*me
, void *hunoz
)
672 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->q
)); }
674 static PyObject
*rsaget_dp(PyObject
*me
, void *hunoz
)
675 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->dp
)); }
677 static PyObject
*rsaget_dq(PyObject
*me
, void *hunoz
)
678 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->dq
)); }
680 static PyObject
*rsaget_q_inv(PyObject
*me
, void *hunoz
)
681 { return mp_pywrap(MP_COPY(RSA_PRIV(me
)->q_inv
)); }
683 static PyObject
*rsaget_rng(PyObject
*me
, void *hunoz
)
684 { RETURN_OBJ(RSA_RNG(me
)); }
686 static int rsaset_rng(PyObject
*me
, PyObject
*val
, void *hunoz
)
691 else if (val
!= Py_None
&& !GRAND_PYCHECK(val
))
692 TYERR("expected grand or None");
693 Py_DECREF(RSA_RNG(me
));
701 static PyObject
*rsameth_privop(PyObject
*me
, PyObject
*arg
, PyObject
*kw
)
703 PyObject
*rng
= RSA_RNG(me
);
706 static const char *const kwlist
[] = { "x", "rng", 0 };
708 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&|O:privop", KWLIST
,
711 if (rng
!= Py_None
&& !GRAND_PYCHECK(rng
))
712 TYERR("not a random number source");
713 RSA_PRIVCTX(me
)->r
= (rng
== Py_None
) ?
0 : GRAND_R(rng
);
714 rc
= mp_pywrap(rsa_privop(RSA_PRIVCTX(me
), MP_NEW
, x
));
720 static PyObject
*rsameth_generate(PyObject
*me
, PyObject
*arg
, PyObject
*kw
)
722 grand
*r
= &rand_global
;
727 struct excinfo exc
= EXCINFO_INIT
;
728 pypgev evt
= { { 0 } };
729 static const char *const kwlist
[] =
730 { "nbits", "event", "rng", "nsteps", "e", 0 };
734 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&|O&O&O&O&:generate", KWLIST
,
735 convuint
, &nbits
, convpgev
, &evt
,
736 convgrand
, &r
, convuint
, &n
,
740 else e
= mp_fromulong(MP_NEW
, 65537);
741 if (rsa_gen_e(&rp
, nbits
, e
, r
, n
, evt
.ev
.proc
, evt
.ev
.ctx
))
743 rc
= rsapriv_pywrap(&rp
);
750 static const PyGetSetDef rsapub_pygetset
[] = {
751 #define GETSETNAME(op, name) rsa##op##_##name
758 static const PyMethodDef rsapub_pymethods
[] = {
759 #define METHNAME(name) rsameth_##name
760 METH (pubop
, "R.pubop(X) -> X^E (mod N)")
765 static const PyGetSetDef rsapriv_pygetset
[] = {
766 #define GETSETNAME(op, name) rsa##op##_##name
770 GET (dp
, "R.dp -> D mod (P - 1)")
771 GET (dq
, "R.dq -> D mod (Q - 1)")
772 GET (q_inv
, "R.q_inv -> Q^{-1} mod P")
773 GETSET(rng
, "R.rng -> random number source for blinding")
778 static const PyMethodDef rsapriv_pymethods
[] = {
779 #define METHNAME(name) rsameth_##name
780 KWMETH(privop
, "R.privop(X, [rng = None]) -> X^D (mod N)")
781 KWSMTH(generate
, "generate(NBITS, [event = pgen_nullev], [rng = rand], "
782 "[nsteps = 0]) -> R")
787 static const PyTypeObject rsapub_pytype_skel
= {
788 PyVarObject_HEAD_INIT(0, 0) /* Header */
789 "RSAPub", /* @tp_name@ */
790 sizeof(rsapub_pyobj
), /* @tp_basicsize@ */
791 0, /* @tp_itemsize@ */
793 rsapub_pydealloc
, /* @tp_dealloc@ */
795 0, /* @tp_getattr@ */
796 0, /* @tp_setattr@ */
797 0, /* @tp_compare@ */
799 0, /* @tp_as_number@ */
800 0, /* @tp_as_sequence@ */
801 0, /* @tp_as_mapping@ */
805 0, /* @tp_getattro@ */
806 0, /* @tp_setattro@ */
807 0, /* @tp_as_buffer@ */
808 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
812 "RSAPub(N, E): RSA public key.",
814 0, /* @tp_traverse@ */
816 0, /* @tp_richcompare@ */
817 0, /* @tp_weaklistoffset@ */
819 0, /* @tp_iternext@ */
820 PYMETHODS(rsapub
), /* @tp_methods@ */
821 0, /* @tp_members@ */
822 PYGETSET(rsapub
), /* @tp_getset@ */
825 0, /* @tp_descr_get@ */
826 0, /* @tp_descr_set@ */
827 0, /* @tp_dictoffset@ */
829 PyType_GenericAlloc
, /* @tp_alloc@ */
830 rsapub_pynew
, /* @tp_new@ */
835 static const PyTypeObject rsapriv_pytype_skel
= {
836 PyVarObject_HEAD_INIT(0, 0) /* Header */
837 "RSAPriv", /* @tp_name@ */
838 sizeof(rsapriv_pyobj
), /* @tp_basicsize@ */
839 0, /* @tp_itemsize@ */
841 rsapriv_pydealloc
, /* @tp_dealloc@ */
843 0, /* @tp_getattr@ */
844 0, /* @tp_setattr@ */
845 0, /* @tp_compare@ */
847 0, /* @tp_as_number@ */
848 0, /* @tp_as_sequence@ */
849 0, /* @tp_as_mapping@ */
853 0, /* @tp_getattro@ */
854 0, /* @tp_setattro@ */
855 0, /* @tp_as_buffer@ */
856 Py_TPFLAGS_DEFAULT
| /* @tp_flags@ */
860 "RSAPriv(..., [rng = rand]): RSA private key.\n"
861 " Keywords: n, e, d, p, q, dp, dq, q_inv; must provide enough",
863 0, /* @tp_traverse@ */
865 0, /* @tp_richcompare@ */
866 0, /* @tp_weaklistoffset@ */
868 0, /* @tp_iternext@ */
869 PYMETHODS(rsapriv
), /* @tp_methods@ */
870 0, /* @tp_members@ */
871 PYGETSET(rsapriv
), /* @tp_getset@ */
874 0, /* @tp_descr_get@ */
875 0, /* @tp_descr_set@ */
876 0, /* @tp_dictoffset@ */
878 PyType_GenericAlloc
, /* @tp_alloc@ */
879 rsapriv_pynew
, /* @tp_new@ */
884 /*----- RSA padding schemes -----------------------------------------------*/
886 static PyObject
*meth__p1crypt_encode(PyObject
*me
,
887 PyObject
*arg
, PyObject
*kw
)
890 struct bin m
, ep
= { 0, 0 };
896 static const char *const kwlist
[] = { "msg", "nbits", "ep", "rng", 0 };
899 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&O&|O&O&:encode", KWLIST
,
900 convbin
, &m
, convulong
, &nbits
,
901 convbin
, &ep
, convgrand
, &p1
.r
))
904 p1
.ep
= ep
.p
; p1
.epsz
= ep
.sz
;
905 if (ep
.sz
+ m
.sz
+ 11 > sz
) VALERR("buffer underflow");
907 x
= pkcs1_cryptencode(MP_NEW
, m
.p
, m
.sz
, b
, sz
, nbits
, &p1
);
914 static PyObject
*meth__p1crypt_decode(PyObject
*me
,
915 PyObject
*arg
, PyObject
*kw
)
918 struct bin ep
= { 0, 0 };
925 static const char *const kwlist
[] = { "ct", "nbits", "ep", "rng", 0 };
928 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&O&|O&O&:decode", KWLIST
,
929 convmp
, &x
, convulong
, &nbits
,
930 convbin
, &ep
, convgrand
, &p1
.r
))
933 p1
.ep
= ep
.p
; p1
.epsz
= ep
.sz
;
934 if (ep
.sz
+ 11 > sz
) VALERR("buffer underflow");
936 if ((n
= pkcs1_cryptdecode(x
, b
, sz
, nbits
, &p1
)) < 0)
937 VALERR("decryption failed");
938 rc
= bytestring_pywrap(b
, n
);
945 static PyObject
*meth__p1sig_encode(PyObject
*me
,
946 PyObject
*arg
, PyObject
*kw
)
949 struct bin m
, ep
= { 0, 0 };
955 static const char *const kwlist
[] = { "msg", "nbits", "ep", "rng", 0 };
958 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&O&|O&O&:encode", KWLIST
,
959 convbin
, &m
, convulong
, &nbits
,
960 convbin
, &ep
, convgrand
, &p1
.r
))
963 p1
.ep
= ep
.p
; p1
.epsz
= ep
.sz
;
964 if (ep
.sz
+ m
.sz
+ 11 > sz
) VALERR("buffer underflow");
966 x
= pkcs1_sigencode(MP_NEW
, m
.p
, m
.sz
, b
, sz
, nbits
, &p1
);
973 static PyObject
*meth__p1sig_decode(PyObject
*me
,
974 PyObject
*arg
, PyObject
*kw
)
977 struct bin ep
= { 0, 0 };
985 static const char *const kwlist
[] =
986 { "msg", "sig", "nbits", "ep", "rng", 0 };
989 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "OO&O&|O&O&:decode", KWLIST
,
990 &hukairz
, convmp
, &x
, convulong
, &nbits
,
991 convbin
, &ep
, convgrand
, &p1
.r
))
994 p1
.ep
= ep
.p
; p1
.epsz
= ep
.sz
;
995 if (ep
.sz
+ 10 > sz
) VALERR("buffer underflow");
997 if ((n
= pkcs1_sigdecode(x
, 0, 0, b
, sz
, nbits
, &p1
)) < 0)
998 VALERR("verification failed");
999 rc
= bytestring_pywrap(b
, n
);
1006 static PyObject
*meth__oaep_encode(PyObject
*me
,
1007 PyObject
*arg
, PyObject
*kw
)
1010 struct bin m
, ep
= { 0, 0 };
1011 unsigned long nbits
;
1016 static const char *const kwlist
[] =
1017 { "msg", "nbits", "mgf", "hash", "ep", "rng", 0 };
1019 o
.r
= &rand_global
; o
.cc
= &sha_mgf
; o
.ch
= &sha
;
1020 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&O&|O&O&O&O&:encode",
1022 convbin
, &m
, convulong
, &nbits
,
1023 convgccipher
, &o
.cc
,
1029 o
.ep
= ep
.p
; o
.epsz
= ep
.sz
;
1030 if (2 * o
.ch
->hashsz
+ 2 + m
.sz
> sz
) VALERR("buffer underflow");
1032 x
= oaep_encode(MP_NEW
, m
.p
, m
.sz
, b
, sz
, nbits
, &o
);
1039 static PyObject
*meth__oaep_decode(PyObject
*me
,
1040 PyObject
*arg
, PyObject
*kw
)
1043 struct bin ep
= { 0, 0 };
1044 unsigned long nbits
;
1050 static const char *const kwlist
[] =
1051 { "ct", "nbits", "mgf", "hash", "ep", "rng", 0 };
1053 o
.r
= &rand_global
; o
.cc
= &sha_mgf
; o
.ch
= &sha
;
1054 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&O&|O&O&O&O&:decode", KWLIST
,
1055 convmp
, &x
, convulong
, &nbits
,
1056 convgccipher
, &o
.cc
,
1062 o
.ep
= ep
.p
; o
.epsz
= ep
.sz
;
1063 if (2 * o
.ch
->hashsz
> sz
) VALERR("buffer underflow");
1065 if ((n
= oaep_decode(x
, b
, sz
, nbits
, &o
)) < 0)
1066 VALERR("decryption failed");
1067 rc
= bytestring_pywrap(b
, n
);
1074 static PyObject
*meth__pss_encode(PyObject
*me
,
1075 PyObject
*arg
, PyObject
*kw
)
1079 unsigned long nbits
;
1084 static const char *const kwlist
[] =
1085 { "msg", "nbits", "mgf", "hash", "saltsz", "rng", 0 };
1087 p
.cc
= &sha_mgf
; p
.ch
= &sha
; p
.r
= &rand_global
; p
.ssz
= (size_t)-1;
1088 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&O&|O&O&O&O&:encode", KWLIST
,
1089 convbin
, &m
, convulong
, &nbits
,
1090 convgccipher
, &p
.cc
,
1096 if (p
.ssz
== (size_t)-1) p
.ssz
= p
.ch
->hashsz
;
1097 if (p
.ch
->hashsz
+ p
.ssz
+ 2 > sz
) VALERR("buffer underflow");
1099 x
= pss_encode(MP_NEW
, m
.p
, m
.sz
, b
, sz
, nbits
, &p
);
1106 static PyObject
*meth__pss_decode(PyObject
*me
,
1107 PyObject
*arg
, PyObject
*kw
)
1111 unsigned long nbits
;
1117 static const char *const kwlist
[] =
1118 { "msg", "sig", "nbits", "mgf", "hash", "saltsz", "rng", 0 };
1120 p
.cc
= &sha_mgf
; p
.ch
= &sha
; p
.r
= &rand_global
; p
.ssz
= (size_t)-1;
1121 if (!PyArg_ParseTupleAndKeywords(arg
, kw
, "O&O&O&|O&O&O&O&:decode",
1123 convbin
, &m
, convmp
, &x
,
1125 convgccipher
, &p
.cc
,
1131 if (p
.ssz
== (size_t)-1) p
.ssz
= p
.ch
->hashsz
;
1132 if (p
.ch
->hashsz
+ p
.ssz
+ 2 > sz
) VALERR("buffer underflow");
1134 if ((n
= pss_decode(x
, m
.p
, m
.sz
, b
, sz
, nbits
, &p
)) < 0)
1135 VALERR("verification failed");
1136 rc
= Py_None
; Py_INCREF(rc
);
1143 /*----- X25519 and related algorithms -------------------------------------*/
1149 #define DEFXDH(X, x) \
1150 static PyObject *meth_##x(PyObject *me, PyObject *arg) \
1154 if (!PyArg_ParseTuple(arg, "O&O&:" #x, convbin, &k, convbin, &p)) \
1156 if (k.sz != X##_KEYSZ) VALERR("bad key length"); \
1157 if (p.sz != X##_PUBSZ) VALERR("bad public length"); \
1158 rc = bytestring_pywrap(0, X##_OUTSZ); \
1159 x((octet *)BIN_PTR(rc), k.p, p.p); \
1167 /*----- Ed25519 and related algorithms ------------------------------------*/
1170 _(ED25519, ed25519, -1, ctx) \
1171 _(ED448, ed448, 0, )
1173 #define DEFEDDSA(ED, ed, phdflt, sigver) \
1175 static PyObject *meth_##ed##_pubkey(PyObject *me, PyObject *arg) \
1179 if (!PyArg_ParseTuple(arg, "O&:" #ed "_pubkey", convbin, &k)) \
1181 rc = bytestring_pywrap(0, ED##_PUBSZ); \
1182 ed##_pubkey((octet *)BIN_PTR(rc), k.p, k.sz); \
1188 static PyObject *meth_##ed##_sign(PyObject *me, PyObject *arg, \
1191 struct bin k, p = { 0, 0}, c = { 0, 0 }, m; \
1194 octet pp[ED##_PUBSZ]; \
1195 static const char *const kwlist[] = \
1196 { "key", "msg", "pub", "perso", "phflag", 0 }; \
1197 if (!PyArg_ParseTupleAndKeywords(arg, kw, \
1198 "O&O&|O&O&O&:" #ed "_sign", \
1200 convbin, &k, convbin, &m, \
1201 convbin, &p, convbin, &c, \
1204 if (p.p && p.sz != ED##_PUBSZ) VALERR("bad public length"); \
1205 if (c.p && c.sz > ED##_MAXPERSOSZ) \
1206 VALERR("personalization string too long"); \
1207 if (c.p && ph == -1) ph = 0; \
1208 if (!p.p) { p.p = pp; ed##_pubkey(pp, k.p, k.sz); } \
1209 rc = bytestring_pywrap(0, ED##_SIGSZ); \
1210 ed##sigver##_sign((octet *)BIN_PTR(rc), k.p, k.sz, \
1211 p.p, ph, c.p, c.sz, m.p, m.sz); \
1217 static PyObject *meth_##ed##_verify(PyObject *me, \
1218 PyObject *arg, PyObject *kw) \
1220 struct bin p, c = { 0, 0 }, m, s; \
1223 static const char *const kwlist[] = \
1224 { "pub", "msg", "sig", "perso", "phflag", 0 }; \
1225 if (!PyArg_ParseTupleAndKeywords(arg, kw, \
1226 "O&O&O&|O&O&:" #ed "_verify", \
1228 convbin, &p, convbin, &m, \
1230 convbin, &c, convbool, &ph)) \
1232 if (p.sz != ED##_PUBSZ) VALERR("bad public length"); \
1233 if (s.sz != ED##_SIGSZ) VALERR("bad signature length"); \
1234 if (c.p && c.sz > ED##_MAXPERSOSZ) \
1235 VALERR("personalization string too long"); \
1236 if (c.p && ph == -1) ph = 0; \
1237 rc = getbool(!ed##sigver##_verify(p.p, ph, c.p, c.sz, \
1246 /*----- Global stuff ------------------------------------------------------*/
1248 static const struct nameval consts
[] = {
1249 CONST(X25519_KEYSZ
), CONST(X25519_PUBSZ
), CONST(X25519_OUTSZ
),
1250 CONST(X448_KEYSZ
), CONST(X448_PUBSZ
), CONST(X448_OUTSZ
),
1251 CONST(ED25519_KEYSZ
), CONST(ED25519_PUBSZ
), CONST(ED25519_SIGSZ
),
1252 CONST(ED25519_MAXPERSOSZ
),
1253 CONST(ED448_KEYSZ
), CONST(ED448_PUBSZ
), CONST(ED448_SIGSZ
),
1254 CONST(ED448_MAXPERSOSZ
),
1258 static const PyMethodDef methods
[] = {
1259 #define METHNAME(name) meth_##name
1260 KWMETH(_p1crypt_encode
, 0)
1261 KWMETH(_p1crypt_decode
, 0)
1262 KWMETH(_p1sig_encode
, 0)
1263 KWMETH(_p1sig_decode
, 0)
1264 KWMETH(_oaep_encode
, 0)
1265 KWMETH(_oaep_decode
, 0)
1266 KWMETH(_pss_encode
, 0)
1267 KWMETH(_pss_decode
, 0)
1268 #define DEFMETH(X, x) \
1269 METH (x, "" #x "(KEY, PUBLIC) -> SHARED")
1272 #define DEFMETH(ED, ed, phdflt, sigver) \
1273 METH (ed##_pubkey, "" #ed "_pubkey(KEY) -> PUBLIC") \
1274 KWMETH(ed##_sign, "" #ed "_sign(KEY, MSG, [pub = PUBLIC], " \
1275 "[perso = STRING], [phflag = BOOL]) -> SIG") \
1276 KWMETH(ed##_verify, "" #ed "_verify(PUBLIC, MSG, SIG, " \
1277 "[perso = STRING], [phflag = BOOL]) -> BOOL")
1284 void pubkey_pyinit(void)
1286 INITTYPE(dsapub
, root
);
1287 INITTYPE(dsapriv
, dsapub
);
1288 INITTYPE(kcdsapub
, root
);
1289 INITTYPE(kcdsapriv
, kcdsapub
);
1290 INITTYPE(rsapub
, root
);
1291 INITTYPE(rsapriv
, rsapub
);
1292 addmethods(methods
);
1295 void pubkey_pyinsert(PyObject
*mod
)
1297 INSERT("DSAPub", dsapub_pytype
);
1298 INSERT("DSAPriv", dsapriv_pytype
);
1299 INSERT("KCDSAPub", kcdsapub_pytype
);
1300 INSERT("KCDSAPriv", kcdsapriv_pytype
);
1301 INSERT("RSAPub", rsapub_pytype
);
1302 INSERT("RSAPriv", rsapriv_pytype
);
1303 setconstants(mod
, consts
);
1306 /*----- That's all, folks -------------------------------------------------*/