from __future__ import with_statement
-import _base
-import types as _types
from binascii import hexlify as _hexify, unhexlify as _unhexify
from contextlib import contextmanager as _ctxmgr
-from sys import argv as _argv
+import DLFCN as _dlfcn
+import os as _os
from struct import pack as _pack
+import sys as _sys
+import types as _types
+
+###--------------------------------------------------------------------------
+### Import the main C extension module.
+
+try:
+ _dlflags = _odlflags = _sys.getdlopenflags()
+except AttributeError:
+ _dlflags = _odlflags = -1
+
+## Set the `deep binding' flag. Python has its own different MD5
+## implementation, and some distributions export `md5_init' and friends so
+## they override our versions, which doesn't end well. Figure out how to
+## turn this flag on so we don't have the problem.
+if _dlflags >= 0:
+ try: _dlflags |= _dlfcn.RTLD_DEEPBIND
+ except AttributeError:
+ try: _dlflags |= _os.RTLD_DEEPBIND
+ except AttributeError:
+ if _os.uname()[0] == 'Linux': _dlflags |= 8 # magic knowledge
+ else: pass # can't do this.
+ _sys.setdlopenflags(_dlflags)
+
+import _base
+
+if _odlflags >= 0:
+ _sys.setdlopenflags(_odlflags)
+
+del _dlflags, _odlflags
###--------------------------------------------------------------------------
### Basic stuff.
-## For the benefit of the default keyreporter, we need the program na,e.
-_base._ego(_argv[0])
+## For the benefit of the default keyreporter, we need the program name.
+_base._ego(_sys.argv[0])
## How to fix a name back into the right identifier. Alas, the rules are not
## consistent.
for j in b:
if j[:plen] == pre:
setattr(c, j[plen:], classmethod(b[j]))
- for i in [gcciphers, gchashes, gcmacs, gcprps]:
+ for i in [gcciphers, gcaeads, gchashes, gcmacs, gcprps]:
for c in i.itervalues():
d[_fixname(c.name)] = c
for c in gccrands.itervalues():
bytes = ByteString.fromhex
###--------------------------------------------------------------------------
+### Symmetric encryption.
+
+class _tmp:
+ def encrypt(me, n, m, tsz = None, h = ByteString('')):
+ if tsz is None: tsz = me.__class__.tagsz.default
+ e = me.enc(n, len(h), len(m), tsz)
+ if not len(h): a = None
+ else: a = e.aad().hash(h)
+ c0 = e.encrypt(m)
+ c1, t = e.done(aad = a)
+ return c0 + c1, t
+ def decrypt(me, n, c, t, h = ByteString('')):
+ d = me.dec(n, len(h), len(c), len(t))
+ if not len(h): a = None
+ else: a = d.aad().hash(h)
+ m = d.decrypt(c)
+ m += d.done(t, aad = a)
+ return m
+_augment(GAEKey, _tmp)
+
+###--------------------------------------------------------------------------
### Hashing.
class _tmp:
me.bytepad_after()
_augment(Shake, _tmp)
_augment(_ShakeBase, _tmp)
-Shake._Z = _ShakeBase._Z = ByteString(200*'\0')
+Shake._Z = _ShakeBase._Z = ByteString.zero(200)
class KMAC (_ShakeBase):
_FUNC = 'KMAC'
### NaCl `secretbox'.
def secret_box(k, n, m):
- E = xsalsa20(k).setiv(n)
- r = E.enczero(poly1305.keysz.default)
- s = E.enczero(poly1305.masksz)
- y = E.encrypt(m)
- t = poly1305(r)(s).hash(y).done()
- return ByteString(t + y)
+ y, t = salsa20_naclbox(k).encrypt(n, m)
+ return t + y
def secret_unbox(k, n, c):
- E = xsalsa20(k).setiv(n)
- r = E.enczero(poly1305.keysz.default)
- s = E.enczero(poly1305.masksz)
- y = c[poly1305.tagsz:]
- if not poly1305(r)(s).hash(y).check(c[0:poly1305.tagsz]):
- raise ValueError, 'decryption failed'
- return E.decrypt(c[poly1305.tagsz:])
+ tsz = poly1305.tagsz
+ return salsa20_naclbox(k).decrypt(n, c[tsz:], c[0:tsz])
###--------------------------------------------------------------------------
### Multiprecision integers and binary polynomials.
def __repr__(me): return '%s(%d)' % (_clsname(me), me.default)
def check(me, sz): return True
def best(me, sz): return sz
+ def pad(me, sz): return sz
_augment(KeySZAny, _tmp)
class _tmp:
pp.pretty(me.max); pp.text(','); pp.breakable()
pp.pretty(me.mod)
pp.end_group(ind, ')')
- def check(me, sz): return me.min <= sz <= me.max and sz % me.mod == 0
+ def check(me, sz): return me.min <= sz <= me.max and sz%me.mod == 0
def best(me, sz):
if sz < me.min: raise ValueError, 'key too small'
elif sz > me.max: return me.max
- else: return sz - (sz % me.mod)
+ else: return sz - sz%me.mod
+ def pad(me, sz):
+ if sz > me.max: raise ValueError, 'key too large'
+ elif sz < me.min: return me.min
+ else: sz += me.mod; return sz - sz%me.mod
_augment(KeySZRange, _tmp)
class _tmp:
if found < i <= sz: found = i
if found < 0: raise ValueError, 'key too small'
return found
+ def pad(me, sz):
+ found = -1
+ for i in me.set:
+ if sz <= i and (found == -1 or i < found): found = i
+ if found < 0: raise ValueError, 'key too large'
+ return found
_augment(KeySZSet, _tmp)
###--------------------------------------------------------------------------
### DSA and related schemes.
class _tmp:
- def __repr__(me): return '%s(G = %r, p = %r)' % (_clsname(me), me.G, me.p)
+ def __repr__(me): return '%s(G = %r, p = %r, hash = %r)' % \
+ (_clsname(me), me.G, me.p, me.hash)
def _repr_pretty_(me, pp, cyclep):
ind = _pp_bgroup_tyname(pp, me)
if cyclep:
pp.text('...')
else:
_pp_kv(pp, 'G', me.G); pp.text(','); pp.breakable()
- _pp_kv(pp, 'p', me.p)
+ _pp_kv(pp, 'p', me.p); pp.text(','); pp.breakable()
+ _pp_kv(pp, 'hash', me.hash)
pp.end_group(ind, ')')
_augment(DSAPub, _tmp)
_augment(KCDSAPub, _tmp)
class _tmp:
- def __repr__(me): return '%s(G = %r, u = %s, p = %r)' % \
- (_clsname(me), me.G, _repr_secret(me.u), me.p)
+ def __repr__(me): return '%s(G = %r, u = %s, p = %r, hash = %r)' % \
+ (_clsname(me), me.G, _repr_secret(me.u), me.p, me.hash)
def _repr_pretty_(me, pp, cyclep):
ind = _pp_bgroup_tyname(pp, me)
if cyclep:
else:
_pp_kv(pp, 'G', me.G); pp.text(','); pp.breakable()
_pp_kv(pp, 'u', me.u, True); pp.text(','); pp.breakable()
- _pp_kv(pp, 'p', me.p)
+ _pp_kv(pp, 'p', me.p); pp.text(','); pp.breakable()
+ _pp_kv(pp, 'hash', me.hash)
pp.end_group(ind, ')')
_augment(DSAPriv, _tmp)
_augment(KCDSAPriv, _tmp)
class X448Priv (_XDHPriv, X448Pub):
_KEYSZ = KeySZSet(X448_KEYSZ)
def _op(me, k, X): return x448(k, X)
- ##def _hashkey(me, z): return ???
+ def _hashkey(me, z): return Shake256().hash(z).done(salsa20.keysz.default)
class _EdDSAPub (_BasePub):
def beginhash(me): return me._HASH()
class Ed25519Pub (_EdDSAPub):
_PUBSZ = KeySZSet(ED25519_PUBSZ)
_HASH = sha512
- def verify(me, msg, sig):
- return ed25519_verify(me.pub, msg, sig)
+ def verify(me, msg, sig, **kw):
+ return ed25519_verify(me.pub, msg, sig, **kw)
class Ed25519Priv (_EdDSAPriv, Ed25519Pub):
_KEYSZ = KeySZAny(ED25519_KEYSZ)
def _pubkey(me, priv): return ed25519_pubkey(priv)
- def sign(me, msg):
- return ed25519_sign(me.priv, msg, pub = me.pub)
+ def sign(me, msg, **kw):
+ return ed25519_sign(me.priv, msg, pub = me.pub, **kw)
+
+class Ed448Pub (_EdDSAPub):
+ _PUBSZ = KeySZSet(ED448_PUBSZ)
+ _HASH = shake256
+ def verify(me, msg, sig, **kw):
+ return ed448_verify(me.pub, msg, sig, **kw)
+
+class Ed448Priv (_EdDSAPriv, Ed448Pub):
+ _KEYSZ = KeySZAny(ED448_KEYSZ)
+ def _pubkey(me, priv): return ed448_pubkey(priv)
+ def sign(me, msg, **kw):
+ return ed448_sign(me.priv, msg, pub = me.pub, **kw)
###--------------------------------------------------------------------------
### Built-in named curves and prime groups.