_augment(RSAPriv, _tmp)
###--------------------------------------------------------------------------
+### Bernstein's elliptic curve crypto and related schemes.
+
+X25519_BASE = \
+ bytes('0900000000000000000000000000000000000000000000000000000000000000')
+
+X448_BASE = \
+ bytes('05000000000000000000000000000000000000000000000000000000'
+ '00000000000000000000000000000000000000000000000000000000')
+
+Z128 = bytes('00000000000000000000000000000000')
+
+class _BoxyPub (object):
+ def __init__(me, pub, *kw, **kwargs):
+ if len(pub) != me._PUBSZ: raise ValueError, 'bad public key'
+ super(_BoxyPub, me).__init__(*kw, **kwargs)
+ me.pub = pub
+
+class _BoxyPriv (_BoxyPub):
+ def __init__(me, priv, pub = None, *kw, **kwargs):
+ if len(priv) != me._KEYSZ: raise ValueError, 'bad private key'
+ if pub is None: pub = me._op(priv, me._BASE)
+ super(_BoxyPriv, me).__init__(pub = pub, *kw, **kwargs)
+ me.priv = priv
+ def agree(me, you): return me._op(me.priv, you.pub)
+ def boxkey(me, recip):
+ return me._hashkey(me.agree(recip))
+ def box(me, recip, n, m):
+ return secret_box(me.boxkey(recip), n, m)
+ def unbox(me, recip, n, c):
+ return secret_unbox(me.boxkey(recip, n, c))
+
+class X25519Pub (_BoxyPub):
+ _PUBSZ = X25519_PUBSZ
+ _BASE = X25519_BASE
+
+class X25519Priv (_BoxyPriv, X25519Pub):
+ _KEYSZ = X25519_KEYSZ
+ def _op(me, k, X): return x25519(k, X)
+ def _hashkey(me, z): return hsalsa20_prf(z, Z128)
+
+class X448Pub (_BoxyPub):
+ _PUBSZ = X448_PUBSZ
+ _BASE = X448_BASE
+
+class X448Priv (_BoxyPriv, X448Pub):
+ _KEYSZ = X448_KEYSZ
+ def _op(me, k, X): return x448(k, X)
+ ##def _hashkey(me, z): return ???
+
+class Ed25519Pub (object):
+ def __init__(me, pub):
+ me.pub = pub
+ def verify(me, msg, sig):
+ return ed25519_verify(me.pub, msg, sig)
+
+class Ed25519Priv (Ed25519Pub):
+ def __init__(me, priv):
+ me.priv = priv
+ Ed25519Pub.__init__(me, ed25519_pubkey(priv))
+ def sign(me, msg):
+ return ed25519_sign(me.priv, msg, pub = me.pub)
+ @classmethod
+ def generate(cls, rng = rand):
+ return cls(rng.block(ED25519_KEYSZ))
+
+###--------------------------------------------------------------------------
### Built-in named curves and prime groups.
class _groupmap (object):
return (rc);
}
+/*----- X25519 and related algorithms -------------------------------------*/
+
+static PyObject *meth_x25519(PyObject *me, PyObject *arg)
+{
+ const char *k, *p;
+ Py_ssize_t ksz, psz;
+ PyObject *rc = 0;
+ if (!PyArg_ParseTuple(arg, "s#s#:x25519", &k, &ksz, &p, &psz)) goto end;
+ if (ksz != X25519_KEYSZ) VALERR("bad key length");
+ if (psz != X25519_PUBSZ) VALERR("bad public length");
+ rc = bytestring_pywrap(0, X25519_OUTSZ);
+ x25519((octet *)PyString_AS_STRING(rc),
+ (const octet *)k, (const octet *)p);
+ return (rc);
+end:
+ return (0);
+}
+
+static PyObject *meth_x448(PyObject *me, PyObject *arg)
+{
+ const char *k, *p;
+ Py_ssize_t ksz, psz;
+ PyObject *rc = 0;
+ if (!PyArg_ParseTuple(arg, "s#s#:x448", &k, &ksz, &p, &psz)) goto end;
+ if (ksz != X448_KEYSZ) VALERR("bad key length");
+ if (psz != X448_PUBSZ) VALERR("bad public length");
+ rc = bytestring_pywrap(0, X448_OUTSZ);
+ x448((octet *)PyString_AS_STRING(rc),
+ (const octet *)k, (const octet *)p);
+ return (rc);
+end:
+ return (0);
+}
+
+/*----- Ed25519 -----------------------------------------------------------*/
+
+static PyObject *meth_ed25519_pubkey(PyObject *me, PyObject *arg)
+{
+ const char *k;
+ Py_ssize_t ksz;
+ PyObject *rc = 0;
+ if (!PyArg_ParseTuple(arg, "s#:ed25519_pubkey", &k, &ksz)) goto end;
+ rc = bytestring_pywrap(0, ED25519_PUBSZ);
+ ed25519_pubkey((octet *)PyString_AS_STRING(rc), k, ksz);
+ return (rc);
+end:
+ return (0);
+}
+
+static PyObject *meth_ed25519_sign(PyObject *me, PyObject *arg, PyObject *kw)
+{
+ const char *k, *p = 0, *m;
+ Py_ssize_t ksz, psz, msz;
+ PyObject *rc = 0;
+ octet pp[ED25519_PUBSZ];
+ char *kwlist[] = { "key", "msg", "pub", 0 };
+ if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#s#|s#:ed25519_sign", kwlist,
+ &k, &ksz, &m, &msz, &p, &psz))
+ goto end;
+ if (p && psz != ED25519_PUBSZ) VALERR("bad public length");
+ if (!p) { p = (const char *)pp; ed25519_pubkey(pp, k, ksz); }
+ rc = bytestring_pywrap(0, ED25519_SIGSZ);
+ ed25519_sign((octet *)PyString_AS_STRING(rc), k, ksz,
+ (const octet *)p, m, msz);
+ return (rc);
+end:
+ return (0);
+}
+
+static PyObject *meth_ed25519_verify(PyObject *me, PyObject *arg)
+{
+ const char *p, *m, *s;
+ Py_ssize_t psz, msz, ssz;
+ PyObject *rc = 0;
+ if (!PyArg_ParseTuple(arg, "s#s#s#:ed25519_verify",
+ &p, &psz, &m, &msz, &s, &ssz))
+ goto end;
+ if (psz != ED25519_PUBSZ) VALERR("bad public length");
+ if (ssz != ED25519_SIGSZ) VALERR("bad signature length");
+ rc = getbool(!ed25519_verify((const octet *)p, m, msz, (const octet *)s));
+ return (rc);
+end:
+ return (0);
+}
+
/*----- Global stuff ------------------------------------------------------*/
static PyMethodDef methods[] = {
KWMETH(_pss_decode, 0)
KWMETH(_RSAPriv_generate, "\
generate(NBITS, [event = pgen_nullev, rng = rand, nsteps = 0]) -> R")
+ METH (x25519, "\
+x25519(KEY, PUBLIC) -> SHARED")
+ METH (x448, "\
+x448(KEY, PUBLIC) -> SHARED")
+ METH (ed25519_pubkey, "\
+ed25519_pubkey(KEY) -> PUBLIC")
+ KWMETH(ed25519_sign, "\
+ed25519_sign(KEY, MSG, [PUBLIC]) -> SIG")
+ METH (ed25519_verify, "\
+ed25519_verify(PUBLIC, MSG, SIG) -> BOOL")
#undef METHNAME
{ 0 }
};