X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb-python/blobdiff_plain/5c4c02314ca241c437b28f301658fee743323739..bebf03ab18a3bc9fbb537fcf821b0b53f8db1b81:/catacomb/__init__.py diff --git a/catacomb/__init__.py b/catacomb/__init__.py index 4840eef..8038815 100644 --- a/catacomb/__init__.py +++ b/catacomb/__init__.py @@ -25,18 +25,47 @@ from __future__ import with_statement -import _base -import types as _types from binascii import hexlify as _hexify, unhexlify as _unhexify from contextlib import contextmanager as _ctxmgr -from sys import argv as _argv +import DLFCN as _dlfcn +import os as _os from struct import pack as _pack +import sys as _sys +import types as _types + +###-------------------------------------------------------------------------- +### Import the main C extension module. + +try: + _dlflags = _odlflags = _sys.getdlopenflags() +except AttributeError: + _dlflags = _odlflags = -1 + +## Set the `deep binding' flag. Python has its own different MD5 +## implementation, and some distributions export `md5_init' and friends so +## they override our versions, which doesn't end well. Figure out how to +## turn this flag on so we don't have the problem. +if _dlflags >= 0: + try: _dlflags |= _dlfcn.RTLD_DEEPBIND + except AttributeError: + try: _dlflags |= _os.RTLD_DEEPBIND + except AttributeError: + if _os.uname()[0] == 'Linux': _dlflags |= 8 # magic knowledge + else: pass # can't do this. + _sys.setdlopenflags(_dlflags) + +import _base + +if _odlflags >= 0: + _sys.setdlopenflags(_odlflags) + +del _dlflags, _odlflags ###-------------------------------------------------------------------------- ### Basic stuff. -## For the benefit of the default keyreporter, we need the program na,e. -_base._ego(_argv[0]) +## For the benefit of the default keyreporter, we need the program name. +_base._ego(_sys.argv[0]) ## How to fix a name back into the right identifier. Alas, the rules are not ## consistent. @@ -73,7 +102,7 @@ def _init(): for j in b: if j[:plen] == pre: setattr(c, j[plen:], classmethod(b[j])) - for i in [gcciphers, gchashes, gcmacs, gcprps]: + for i in [gcciphers, gcaeads, gchashes, gcmacs, gcprps]: for c in i.itervalues(): d[_fixname(c.name)] = c for c in gccrands.itervalues(): @@ -155,6 +184,27 @@ ByteString.__hash__ = str.__hash__ bytes = ByteString.fromhex ###-------------------------------------------------------------------------- +### Symmetric encryption. + +class _tmp: + def encrypt(me, n, m, tsz = None, h = ByteString('')): + if tsz is None: tsz = me.__class__.tagsz.default + e = me.enc(n, len(h), len(m), tsz) + if not len(h): a = None + else: a = e.aad().hash(h) + c0 = e.encrypt(m) + c1, t = e.done(aad = a) + return c0 + c1, t + def decrypt(me, n, c, t, h = ByteString('')): + d = me.dec(n, len(h), len(c), len(t)) + if not len(h): a = None + else: a = d.aad().hash(h) + m = d.decrypt(c) + m += d.done(t, aad = a) + return m +_augment(GAEKey, _tmp) + +###-------------------------------------------------------------------------- ### Hashing. class _tmp: @@ -236,7 +286,7 @@ class _tmp: me.bytepad_after() _augment(Shake, _tmp) _augment(_ShakeBase, _tmp) -Shake._Z = _ShakeBase._Z = ByteString(200*'\0') +Shake._Z = _ShakeBase._Z = ByteString.zero(200) class KMAC (_ShakeBase): _FUNC = 'KMAC' @@ -258,21 +308,12 @@ class KMAC256 (KMAC): _SHAKE = Shake256; _TAGSZ = 32 ### NaCl `secretbox'. def secret_box(k, n, m): - E = xsalsa20(k).setiv(n) - r = E.enczero(poly1305.keysz.default) - s = E.enczero(poly1305.masksz) - y = E.encrypt(m) - t = poly1305(r)(s).hash(y).done() - return ByteString(t + y) + y, t = salsa20_naclbox(k).encrypt(n, m) + return t + y def secret_unbox(k, n, c): - E = xsalsa20(k).setiv(n) - r = E.enczero(poly1305.keysz.default) - s = E.enczero(poly1305.masksz) - y = c[poly1305.tagsz:] - if not poly1305(r)(s).hash(y).check(c[0:poly1305.tagsz]): - raise ValueError, 'decryption failed' - return E.decrypt(c[poly1305.tagsz:]) + tsz = poly1305.tagsz + return salsa20_naclbox(k).decrypt(n, c[tsz:], c[0:tsz]) ###-------------------------------------------------------------------------- ### Multiprecision integers and binary polynomials. @@ -520,6 +561,7 @@ class _tmp: def __repr__(me): return '%s(%d)' % (_clsname(me), me.default) def check(me, sz): return True def best(me, sz): return sz + def pad(me, sz): return sz _augment(KeySZAny, _tmp) class _tmp: @@ -536,11 +578,15 @@ class _tmp: pp.pretty(me.max); pp.text(','); pp.breakable() pp.pretty(me.mod) pp.end_group(ind, ')') - def check(me, sz): return me.min <= sz <= me.max and sz % me.mod == 0 + def check(me, sz): return me.min <= sz <= me.max and sz%me.mod == 0 def best(me, sz): if sz < me.min: raise ValueError, 'key too small' elif sz > me.max: return me.max - else: return sz - (sz % me.mod) + else: return sz - sz%me.mod + def pad(me, sz): + if sz > me.max: raise ValueError, 'key too large' + elif sz < me.min: return me.min + else: sz += me.mod; return sz - sz%me.mod _augment(KeySZRange, _tmp) class _tmp: @@ -562,6 +608,12 @@ class _tmp: if found < i <= sz: found = i if found < 0: raise ValueError, 'key too small' return found + def pad(me, sz): + found = -1 + for i in me.set: + if sz <= i and (found == -1 or i < found): found = i + if found < 0: raise ValueError, 'key too large' + return found _augment(KeySZSet, _tmp) ###-------------------------------------------------------------------------- @@ -800,21 +852,23 @@ _augment(RSAPriv, _tmp) ### DSA and related schemes. class _tmp: - def __repr__(me): return '%s(G = %r, p = %r)' % (_clsname(me), me.G, me.p) + def __repr__(me): return '%s(G = %r, p = %r, hash = %r)' % \ + (_clsname(me), me.G, me.p, me.hash) def _repr_pretty_(me, pp, cyclep): ind = _pp_bgroup_tyname(pp, me) if cyclep: pp.text('...') else: _pp_kv(pp, 'G', me.G); pp.text(','); pp.breakable() - _pp_kv(pp, 'p', me.p) + _pp_kv(pp, 'p', me.p); pp.text(','); pp.breakable() + _pp_kv(pp, 'hash', me.hash) pp.end_group(ind, ')') _augment(DSAPub, _tmp) _augment(KCDSAPub, _tmp) class _tmp: - def __repr__(me): return '%s(G = %r, u = %s, p = %r)' % \ - (_clsname(me), me.G, _repr_secret(me.u), me.p) + def __repr__(me): return '%s(G = %r, u = %s, p = %r, hash = %r)' % \ + (_clsname(me), me.G, _repr_secret(me.u), me.p, me.hash) def _repr_pretty_(me, pp, cyclep): ind = _pp_bgroup_tyname(pp, me) if cyclep: @@ -822,7 +876,8 @@ class _tmp: else: _pp_kv(pp, 'G', me.G); pp.text(','); pp.breakable() _pp_kv(pp, 'u', me.u, True); pp.text(','); pp.breakable() - _pp_kv(pp, 'p', me.p) + _pp_kv(pp, 'p', me.p); pp.text(','); pp.breakable() + _pp_kv(pp, 'hash', me.hash) pp.end_group(ind, ')') _augment(DSAPriv, _tmp) _augment(KCDSAPriv, _tmp) @@ -889,7 +944,7 @@ class X448Pub (_XDHPub): class X448Priv (_XDHPriv, X448Pub): _KEYSZ = KeySZSet(X448_KEYSZ) def _op(me, k, X): return x448(k, X) - ##def _hashkey(me, z): return ??? + def _hashkey(me, z): return Shake256().hash(z).done(salsa20.keysz.default) class _EdDSAPub (_BasePub): def beginhash(me): return me._HASH() @@ -910,6 +965,18 @@ class Ed25519Priv (_EdDSAPriv, Ed25519Pub): def sign(me, msg, **kw): return ed25519_sign(me.priv, msg, pub = me.pub, **kw) +class Ed448Pub (_EdDSAPub): + _PUBSZ = KeySZSet(ED448_PUBSZ) + _HASH = shake256 + def verify(me, msg, sig, **kw): + return ed448_verify(me.pub, msg, sig, **kw) + +class Ed448Priv (_EdDSAPriv, Ed448Pub): + _KEYSZ = KeySZAny(ED448_KEYSZ) + def _pubkey(me, priv): return ed448_pubkey(priv) + def sign(me, msg, **kw): + return ed448_sign(me.priv, msg, pub = me.pub, **kw) + ###-------------------------------------------------------------------------- ### Built-in named curves and prime groups.