catacomb/pwsafe.py, pwsafe: Make GDBM support conditional.

[catacomb-python] / catacomb / __init__.py

### -*-python-*-
###
### Setup for Catacomb/Python bindings
###
### (c) 2004 Straylight/Edgeware
###

###----- Licensing notice ---------------------------------------------------
###
### This file is part of the Python interface to Catacomb.
###
### Catacomb/Python is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
### Catacomb/Python is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with Catacomb/Python; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

import _base
import types as _types
from binascii import hexlify as _hexify, unhexlify as _unhexify
from sys import argv as _argv

###--------------------------------------------------------------------------
### Basic stuff.

## For the benefit of the default keyreporter, we need the program na,e.
_base._ego(_argv[0])

## Initialize the module.  Drag in the static methods of the various
## classes; create names for the various known crypto algorithms.
def _init():
  d = globals()
  b = _base.__dict__;
  for i in b:
    if i[0] != '_':
      d[i] = b[i];
  for i in ['MP', 'GF', 'Field',
            'ECPt', 'ECPtCurve', 'ECCurve', 'ECInfo',
            'DHInfo', 'BinDHInfo', 'RSAPriv', 'BBSPriv',
            'PrimeFilter', 'RabinMiller',
            'Group', 'GE',
            'KeyData']:
    c = d[i]
    pre = '_' + i + '_'
    plen = len(pre)
    for j in b:
      if j[:plen] == pre:
        setattr(c, j[plen:], classmethod(b[j]))
  for i in [gcciphers, gchashes, gcmacs, gcprps]:
    for c in i.itervalues():
      d[c.name.replace('-', '_')] = c
  for c in gccrands.itervalues():
    d[c.name.replace('-', '_') + 'rand'] = c
_init()

## A handy function for our work: add the methods of a named class to an
## existing class.  This is how we write the Python-implemented parts of our
## mostly-C types.
def _augment(c, cc):
  for i in cc.__dict__:
    a = cc.__dict__[i]
    if type(a) is _types.MethodType:
      a = a.im_func
    elif type(a) not in (_types.FunctionType, staticmethod, classmethod):
      continue
    setattr(c, i, a)

## Parsing functions tend to return the object parsed and the remainder of
## the input.  This checks that the remainder is input and, if so, returns
## just the object.
def _checkend(r):
  x, rest = r
  if rest != '':
    raise SyntaxError, 'junk at end of string'
  return x

###--------------------------------------------------------------------------
### Bytestrings.

class _tmp:
  def fromhex(x):
    return ByteString(_unhexify(x))
  fromhex = staticmethod(fromhex)
  def __hex__(me):
    return _hexify(me)
  def __repr__(me):
    return 'bytes(%r)' % hex(me)
_augment(ByteString, _tmp)
bytes = ByteString.fromhex

###--------------------------------------------------------------------------
### Multiprecision integers and binary polynomials.

class _tmp:
  def negp(x): return x < 0
  def posp(x): return x > 0
  def zerop(x): return x == 0
  def oddp(x): return x.testbit(0)
  def evenp(x): return not x.testbit(0)
  def mont(x): return MPMont(x)
  def barrett(x): return MPBarrett(x)
  def reduce(x): return MPReduce(x)
  def factorial(x):
    'factorial(X) -> X!'
    if x < 0: raise ValueError, 'factorial argument must be > 0'
    return MPMul.product(xrange(1, x + 1))
  factorial = staticmethod(factorial)
_augment(MP, _tmp)

class _tmp:
  def zerop(x): return x == 0
  def reduce(x): return GFReduce(x)
  def trace(x, y): return x.reduce().trace(y)
  def halftrace(x, y): return x.reduce().halftrace(y)
  def modsqrt(x, y): return x.reduce().sqrt(y)
  def quadsolve(x, y): return x.reduce().quadsolve(y)
_augment(GF, _tmp)

class _tmp:
  def product(*arg):
    'product(ITERABLE) or product(I, ...) -> PRODUCT'
    return MPMul(*arg).done()
  product = staticmethod(product)
_augment(MPMul, _tmp)

###--------------------------------------------------------------------------
### Abstract fields.

class _tmp:
  def fromstring(str): return _checkend(Field.parse(str))
  fromstring = staticmethod(fromstring)
_augment(Field, _tmp)

class _tmp:
  def __repr__(me): return '%s(%sL)' % (type(me).__name__, me.p)
  def ec(me, a, b): return ECPrimeProjCurve(me, a, b)
_augment(PrimeField, _tmp)

class _tmp:
  def __repr__(me): return '%s(%sL)' % (type(me).__name__, hex(me.p))
  def ec(me, a, b): return ECBinProjCurve(me, a, b)
_augment(BinField, _tmp)

class _tmp:
  def __str__(me): return str(me.value)
  def __repr__(me): return '%s(%s)' % (repr(me.field), repr(me.value))
_augment(FE, _tmp)

###--------------------------------------------------------------------------
### Elliptic curves.

class _tmp:
  def __repr__(me):
    return '%s(%r, %s, %s)' % (type(me).__name__, me.field, me.a, me.b)
  def frombuf(me, s):
    return ecpt.frombuf(me, s)
  def fromraw(me, s):
    return ecpt.fromraw(me, s)
  def pt(me, *args):
    return me(*args)
_augment(ECCurve, _tmp)

class _tmp:
  def __repr__(me):
    if not me: return 'ECPt()'
    return 'ECPt(%s, %s)' % (me.ix, me.iy)
  def __str__(me):
    if not me: return 'inf'
    return '(%s, %s)' % (me.ix, me.iy)
_augment(ECPt, _tmp)

class _tmp:
  def __repr__(me):
    return 'ECInfo(curve = %r, G = %r, r = %s, h = %s)' % \
           (me.curve, me.G, me.r, me.h)
  def group(me):
    return ECGroup(me)
_augment(ECInfo, _tmp)

class _tmp:
  def __repr__(me):
    if not me: return '%r()' % (me.curve)
    return '%r(%s, %s)' % (me.curve, me.x, me.y)
  def __str__(me):
    if not me: return 'inf'
    return '(%s, %s)' % (me.x, me.y)
_augment(ECPtCurve, _tmp)

###--------------------------------------------------------------------------
### Key sizes.

class _tmp:
  def __repr__(me): return 'KeySZAny(%d)' % me.default
  def check(me, sz): return True
  def best(me, sz): return sz
_augment(KeySZAny, _tmp)

class _tmp:
  def __repr__(me):
    return 'KeySZRange(%d, %d, %d, %d)' % \
           (me.default, me.min, me.max, me.mod)
  def check(me, sz): return me.min <= sz <= me.max and sz % me.mod == 0
  def best(me, sz):
    if sz < me.min: raise ValueError, 'key too small'
    elif sz > me.max: return me.max
    else: return sz - (sz % me.mod)
_augment(KeySZRange, _tmp)

class _tmp:
  def __repr__(me): return 'KeySZSet(%d, %s)' % (me.default, me.set)
  def check(me, sz): return sz in me.set
  def best(me, sz):
    found = -1
    for i in me.set:
      if found < i <= sz: found = i
    if found < 0: raise ValueError, 'key too small'
    return found
_augment(KeySZSet, _tmp)

###--------------------------------------------------------------------------
### Abstract groups.

class _tmp:
  def __repr__(me):
    return '%s(p = %s, r = %s, g = %s)' % \
           (type(me).__name__, me.p, me.r, me.g)
_augment(FGInfo, _tmp)

class _tmp:
  def group(me): return PrimeGroup(me)
_augment(DHInfo, _tmp)

class _tmp:
  def group(me): return BinGroup(me)
_augment(BinDHInfo, _tmp)

class _tmp:
  def __repr__(me):
    return '%s(%r)' % (type(me).__name__, me.info)
_augment(Group, _tmp)

class _tmp:
  def __repr__(me):
    return '%r(%r)' % (me.group, str(me))
_augment(GE, _tmp)

###--------------------------------------------------------------------------
### RSA encoding techniques.

class PKCS1Crypt (object):
  def __init__(me, ep = '', rng = rand):
    me.ep = ep
    me.rng = rng
  def encode(me, msg, nbits):
    return _base._p1crypt_encode(msg, nbits, me.ep, me.rng)
  def decode(me, ct, nbits):
    return _base._p1crypt_decode(ct, nbits, me.ep, me.rng)

class PKCS1Sig (object):
  def __init__(me, ep = '', rng = rand):
    me.ep = ep
    me.rng = rng
  def encode(me, msg, nbits):
    return _base._p1sig_encode(msg, nbits, me.ep, me.rng)
  def decode(me, msg, sig, nbits):
    return _base._p1sig_decode(msg, sig, nbits, me.ep, me.rng)

class OAEP (object):
  def __init__(me, mgf = sha_mgf, hash = sha, ep = '', rng = rand):
    me.mgf = mgf
    me.hash = hash
    me.ep = ep
    me.rng = rng
  def encode(me, msg, nbits):
    return _base._oaep_encode(msg, nbits, me.mgf, me.hash, me.ep, me.rng)
  def decode(me, ct, nbits):
    return _base._oaep_decode(ct, nbits, me.mgf, me.hash, me.ep, me.rng)

class PSS (object):
  def __init__(me, mgf = sha_mgf, hash = sha, saltsz = None, rng = rand):
    me.mgf = mgf
    me.hash = hash
    if saltsz is None:
      saltsz = hash.hashsz
    me.saltsz = saltsz
    me.rng = rng
  def encode(me, msg, nbits):
    return _base._pss_encode(msg, nbits, me.mgf, me.hash, me.saltsz, me.rng)
  def decode(me, msg, sig, nbits):
    return _base._pss_decode(msg, sig, nbits,
                             me.mgf, me.hash, me.saltsz, me.rng)

class _tmp:
  def encrypt(me, msg, enc):
    return me.pubop(enc.encode(msg, me.n.nbits))
  def verify(me, msg, sig, enc):
    if msg is None: return enc.decode(msg, me.pubop(sig), me.n.nbits)
    try:
      x = enc.decode(msg, me.pubop(sig), me.n.nbits)
      return x is None or x == msg
    except ValueError:
      return False
_augment(RSAPub, _tmp)

class _tmp:
  def decrypt(me, ct, enc): return enc.decode(me.privop(ct), me.n.nbits)
  def sign(me, msg, enc): return me.privop(enc.encode(msg, me.n.nbits))
_augment(RSAPriv, _tmp)

###--------------------------------------------------------------------------
### Built-in named curves and prime groups.

class _groupmap (object):
  def __init__(me, map, nth):
    me.map = map
    me.nth = nth
    me.i = [None] * (max(map.values()) + 1)
  def __repr__(me):
    return '{%s}' % ', '.join(['%r: %r' % (k, me[k]) for k in me])
  def __contains__(me, k):
    return k in me.map
  def __getitem__(me, k):
    i = me.map[k]
    if me.i[i] is None:
      me.i[i] = me.nth(i)
    return me.i[i]
  def __setitem__(me, k, v):
    raise TypeError, "immutable object"
  def __iter__(me):
    return iter(me.map)
  def iterkeys(me):
    return iter(me.map)
  def itervalues(me):
    for k in me:
      yield me[k]
  def iteritems(me):
    for k in me:
      yield k, me[k]
  def keys(me):
    return [k for k in me]
  def values(me):
    return [me[k] for k in me]
  def items(me):
    return [(k, me[k]) for k in me]
eccurves = _groupmap(_base._eccurves, ECInfo._curven)
primegroups = _groupmap(_base._pgroups, DHInfo._groupn)
bingroups = _groupmap(_base._bingroups, BinDHInfo._groupn)

###--------------------------------------------------------------------------
### Prime number generation.

class PrimeGenEventHandler (object):
  def pg_begin(me, ev):
    return me.pg_try(ev)
  def pg_done(me, ev):
    return PGEN_DONE
  def pg_abort(me, ev):
    return PGEN_TRY
  def pg_fail(me, ev):
    return PGEN_TRY
  def pg_pass(me, ev):
    return PGEN_TRY

class SophieGermainStepJump (object):
  def pg_begin(me, ev):
    me.lf = PrimeFilter(ev.x)
    me.hf = me.lf.muladd(2, 1)
    return me.cont(ev)
  def pg_try(me, ev):
    me.step()
    return me.cont(ev)
  def cont(me, ev):
    while me.lf.status == PGEN_FAIL or me.hf.status == PGEN_FAIL:
      me.step()
    if me.lf.status == PGEN_ABORT or me.hf.status == PGEN_ABORT:
      return PGEN_ABORT
    ev.x = me.lf.x
    if me.lf.status == PGEN_DONE and me.hf.status == PGEN_DONE:
      return PGEN_DONE
    return PGEN_TRY
  def pg_done(me, ev):
    del me.lf
    del me.hf

class SophieGermainStepper (SophieGermainStepJump):
  def __init__(me, step):
    me.lstep = step;
    me.hstep = 2 * step
  def step(me):
    me.lf.step(me.lstep)
    me.hf.step(me.hstep)

class SophieGermainJumper (SophieGermainStepJump):
  def __init__(me, jump):
    me.ljump = PrimeFilter(jump);
    me.hjump = me.ljump.muladd(2, 0)
  def step(me):
    me.lf.jump(me.ljump)
    me.hf.jump(me.hjump)
  def pg_done(me, ev):
    del me.ljump
    del me.hjump
    SophieGermainStepJump.pg_done(me, ev)

class SophieGermainTester (object):
  def __init__(me):
    pass
  def pg_begin(me, ev):
    me.lr = RabinMiller(ev.x)
    me.hr = RabinMiller(2 * ev.x + 1)
  def pg_try(me, ev):
    lst = me.lr.test(ev.rng.range(me.lr.x))
    if lst != PGEN_PASS and lst != PGEN_DONE:
      return lst
    rst = me.hr.test(ev.rng.range(me.hr.x))
    if rst != PGEN_PASS and rst != PGEN_DONE:
      return rst
    if lst == PGEN_DONE and rst == PGEN_DONE:
      return PGEN_DONE
    return PGEN_PASS
  def pg_done(me, ev):
    del me.lr
    del me.hr

class PrimitiveStepper (PrimeGenEventHandler):
  def __init__(me):
    pass
  def pg_try(me, ev):
    ev.x = me.i.next()
    return PGEN_TRY
  def pg_begin(me, ev):
    me.i = iter(smallprimes)
    return me.pg_try(ev)

class PrimitiveTester (PrimeGenEventHandler):
  def __init__(me, mod, hh = [], exp = None):
    me.mod = MPMont(mod)
    me.exp = exp
    me.hh = hh
  def pg_try(me, ev):
    x = ev.x
    if me.exp is not None:
      x = me.mod.exp(x, me.exp)
      if x == 1: return PGEN_FAIL
    for h in me.hh:
      if me.mod.exp(x, h) == 1: return PGEN_FAIL
    ev.x = x
    return PGEN_DONE

class SimulStepper (PrimeGenEventHandler):
  def __init__(me, mul = 2, add = 1, step = 2):
    me.step = step
    me.mul = mul
    me.add = add
  def _stepfn(me, step):
    if step <= 0:
      raise ValueError, 'step must be positive'
    if step <= MPW_MAX:
      return lambda f: f.step(step)
    j = PrimeFilter(step)
    return lambda f: f.jump(j)
  def pg_begin(me, ev):
    x = ev.x
    me.lf = PrimeFilter(x)
    me.hf = PrimeFilter(x * me.mul + me.add)
    me.lstep = me._stepfn(me.step)
    me.hstep = me._stepfn(me.step * me.mul)
    SimulStepper._cont(me, ev)
  def pg_try(me, ev):
    me._step()
    me._cont(ev)
  def _step(me):
    me.lstep(me.lf)
    me.hstep(me.hf)
  def _cont(me, ev):
    while me.lf.status == PGEN_FAIL or me.hf.status == PGEN_FAIL:
      me._step()
    if me.lf.status == PGEN_ABORT or me.hf.status == PGEN_ABORT:
      return PGEN_ABORT
    ev.x = me.lf.x
    if me.lf.status == PGEN_DONE and me.hf.status == PGEN_DONE:
      return PGEN_DONE
    return PGEN_TRY
  def pg_done(me, ev):
    del me.lf
    del me.hf
    del me.lstep
    del me.hstep

class SimulTester (PrimeGenEventHandler):
  def __init__(me, mul = 2, add = 1):
    me.mul = mul
    me.add = add
  def pg_begin(me, ev):
    x = ev.x
    me.lr = RabinMiller(x)
    me.hr = RabinMiller(x * me.mul + me.add)
  def pg_try(me, ev):
    lst = me.lr.test(ev.rng.range(me.lr.x))
    if lst != PGEN_PASS and lst != PGEN_DONE:
      return lst
    rst = me.hr.test(ev.rng.range(me.hr.x))
    if rst != PGEN_PASS and rst != PGEN_DONE:
      return rst
    if lst == PGEN_DONE and rst == PGEN_DONE:
      return PGEN_DONE
    return PGEN_PASS
  def pg_done(me, ev):
    del me.lr
    del me.hr

def sgprime(start, step = 2, name = 'p', event = pgen_nullev, nsteps = 0):
  start = MP(start)
  return pgen(start, name, SimulStepper(step = step), SimulTester(), event,
              nsteps, RabinMiller.iters(start.nbits))

def findprimitive(mod, hh = [], exp = None, name = 'g', event = pgen_nullev):
  return pgen(0, name, PrimitiveStepper(), PrimitiveTester(mod, hh, exp),
              event, 0, 1)

def kcdsaprime(pbits, qbits, rng = rand,
               event = pgen_nullev, name = 'p', nsteps = 0):
  hbits = pbits - qbits
  h = pgen(rng.mp(hbits, 1), name + ' [h]',
           PrimeGenStepper(2), PrimeGenTester(),
           event, nsteps, RabinMiller.iters(hbits))
  q = pgen(rng.mp(qbits, 1), name, SimulStepper(2 * h, 1, 2),
           SimulTester(2 * h, 1), event, nsteps, RabinMiller.iters(qbits))
  p = 2 * q * h + 1
  return p, q, h

#----- That's all, folks ----------------------------------------------------