3 * Public-key cryptography
5 * (c) 2004 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of the Python interface to Catacomb.
12 * Catacomb/Python is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
17 * Catacomb/Python is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with Catacomb/Python; if not, write to the Free Software Foundation,
24 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 /*----- Header files ------------------------------------------------------*/
29 #include "catacomb-python.h"
31 /*----- DSA and similar ---------------------------------------------------*/
33 typedef struct dsa_pyobj {
35 PyObject *G, *u, *p, *rng, *hash;
39 static PyTypeObject *dsapub_pytype, *dsapriv_pytype;
40 static PyTypeObject *kcdsapub_pytype, *kcdsapriv_pytype;
41 #define DSA_D(o) (&((dsa_pyobj *)(o))->d)
42 #define DSA_G(o) (((dsa_pyobj *)(o))->G)
43 #define DSA_U(o) (((dsa_pyobj *)(o))->u)
44 #define DSA_P(o) (((dsa_pyobj *)(o))->p)
45 #define DSA_RNG(o) (((dsa_pyobj *)(o))->rng)
46 #define DSA_HASH(o) (((dsa_pyobj *)(o))->hash)
48 static void dsa_pydealloc(PyObject *me)
50 dsa_pyobj *g = (dsa_pyobj *)me;
51 Py_DECREF(g->G); Py_DECREF(g->u); Py_DECREF(g->p);
52 Py_DECREF(g->rng); Py_DECREF(g->hash);
56 static PyObject *dsa_setup(PyTypeObject *ty, PyObject *G, PyObject *u,
57 PyObject *p, PyObject *rng, PyObject *hash,
58 void (*calcpub)(group *, ge *, mp *))
63 g = PyObject_New(dsa_pyobj, ty);
69 if ((g->d.u = getmp(u)) == 0)
71 if (MP_PYCHECK(u)) Py_INCREF(u);
72 else u = mp_pywrap(g->d.u);
75 assert(g->d.u); assert(calcpub);
76 pp = G_CREATE(GROUP_G(G));
77 calcpub(GROUP_G(G), pp, g->d.u);
79 } else if (GROUP_G(G) != GE_G(p) && !group_samep(GROUP_G(G), GE_G(p)))
80 TYERR("public key not from group");
83 g->d.r = GRAND_R(rng);
84 g->d.h = GCHASH_CH(hash);
85 g->G = G; Py_INCREF(G); g->u = u; g->p = p;
86 g->rng = rng; Py_INCREF(rng); g->hash = hash; Py_INCREF(hash);
87 return ((PyObject *)g);
94 static PyObject *dsapub_pynew(PyTypeObject *ty,
95 PyObject *arg, PyObject *kw)
97 PyObject *G, *p, *rng = rand_pyobj, *hash = sha_pyobj;
99 static const char *const kwlist[] = { "G", "p", "hash", "rng", 0 };
101 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O!|O!O!:new", KWLIST,
104 gchash_pytype, &hash,
105 grand_pytype, &rng) ||
106 (rc = dsa_setup(dsapub_pytype, G, 0, p, rng, hash, 0)) == 0)
112 static PyObject *dsameth_beginhash(PyObject *me, PyObject *arg)
114 if (!PyArg_ParseTuple(arg, ":beginhash")) return (0);
115 return (ghash_pywrap(DSA_HASH(me), gdsa_beginhash(DSA_D(me))));
118 static PyObject *dsameth_endhash(PyObject *me, PyObject *arg)
122 if (!PyArg_ParseTuple(arg, "O&:endhash", convghash, &h)) return (0);
123 gdsa_endhash(DSA_D(me), h);
125 rc = bytestring_pywrap(0, GH_CLASS(h)->hashsz);
126 GH_DONE(h, PyString_AS_STRING(rc));
131 static PyObject *dsameth_sign(PyObject *me, PyObject *arg, PyObject *kw)
133 gdsa_sig s = GDSA_SIG_INIT;
138 static const char *const kwlist[] = { "msg", "k", 0 };
140 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#|O&:sign", KWLIST,
143 if (n != DSA_D(me)->h->hashsz)
144 VALERR("bad message length (doesn't match hash size)");
145 gdsa_sign(DSA_D(me), &s, p, k);
146 rc = Py_BuildValue("(NN)", mp_pywrap(s.r), mp_pywrap(s.s));
152 static PyObject *dsameth_verify(PyObject *me, PyObject *arg)
156 gdsa_sig s = GDSA_SIG_INIT;
159 if (!PyArg_ParseTuple(arg, "s#(O&O&):verify",
160 &p, &n, convmp, &s.r, convmp, &s.s))
162 if (n != DSA_D(me)->h->hashsz)
163 VALERR("bad message length (doesn't match hash size)");
164 rc = getbool(!gdsa_verify(DSA_D(me), &s, p));
171 static void dsa_calcpub(group *g, ge *p, mp *u) { G_EXP(g, p, g->g, u); }
173 static PyObject *dsapriv_pynew(PyTypeObject *ty,
174 PyObject *arg, PyObject *kw)
176 PyObject *G, *p = 0, *u, *rng = rand_pyobj, *hash = sha_pyobj;
178 static const char *const kwlist[] = { "G", "u", "p", "hash", "rng", 0 };
180 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O|O!O!O!:new", KWLIST,
184 gchash_pytype, &hash,
185 grand_pytype, &rng) ||
186 (rc = dsa_setup(dsapriv_pytype, G, u, p, rng, hash, dsa_calcpub)) == 0)
192 static PyMethodDef dsapub_pymethods[] = {
193 #define METHNAME(name) dsameth_##name
194 METH (beginhash, "D.beginhash() -> hash object")
195 METH (endhash, "D.endhash(H) -> BYTES")
196 METH (verify, "D.verify(MSG, (R, S)) -> true/false")
201 static PyMethodDef dsapriv_pymethods[] = {
202 #define METHNAME(name) dsameth_##name
203 KWMETH(sign, "D.sign(MSG, k = K) -> R, S")
208 static PyMemberDef dsapub_pymembers[] = {
209 #define MEMBERSTRUCT dsa_pyobj
210 MEMBER(G, T_OBJECT, READONLY, "D.G -> group to work in")
211 MEMBER(p, T_OBJECT, READONLY, "D.p -> public key (group element")
212 MEMBER(rng, T_OBJECT, READONLY, "D.rng -> random number generator")
213 MEMBER(hash, T_OBJECT, READONLY, "D.hash -> hash class")
218 static PyMemberDef dsapriv_pymembers[] = {
219 #define MEMBERSTRUCT dsa_pyobj
220 MEMBER(u, T_OBJECT, READONLY, "D.u -> private key (exponent)")
225 static PyTypeObject dsapub_pytype_skel = {
226 PyObject_HEAD_INIT(0) 0, /* Header */
227 "DSAPub", /* @tp_name@ */
228 sizeof(dsa_pyobj), /* @tp_basicsize@ */
229 0, /* @tp_itemsize@ */
231 dsa_pydealloc, /* @tp_dealloc@ */
233 0, /* @tp_getattr@ */
234 0, /* @tp_setattr@ */
235 0, /* @tp_compare@ */
237 0, /* @tp_as_number@ */
238 0, /* @tp_as_sequence@ */
239 0, /* @tp_as_mapping@ */
243 0, /* @tp_getattro@ */
244 0, /* @tp_setattro@ */
245 0, /* @tp_as_buffer@ */
246 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
250 "DSAPub(GROUP, P, [hash = sha], [rng = rand]): DSA public key.",
252 0, /* @tp_traverse@ */
254 0, /* @tp_richcompare@ */
255 0, /* @tp_weaklistoffset@ */
257 0, /* @tp_iternext@ */
258 dsapub_pymethods, /* @tp_methods@ */
259 dsapub_pymembers, /* @tp_members@ */
263 0, /* @tp_descr_get@ */
264 0, /* @tp_descr_set@ */
265 0, /* @tp_dictoffset@ */
267 PyType_GenericAlloc, /* @tp_alloc@ */
268 dsapub_pynew, /* @tp_new@ */
273 static PyTypeObject dsapriv_pytype_skel = {
274 PyObject_HEAD_INIT(0) 0, /* Header */
275 "DSAPriv", /* @tp_name@ */
276 sizeof(dsa_pyobj), /* @tp_basicsize@ */
277 0, /* @tp_itemsize@ */
279 0, /* @tp_dealloc@ */
281 0, /* @tp_getattr@ */
282 0, /* @tp_setattr@ */
283 0, /* @tp_compare@ */
285 0, /* @tp_as_number@ */
286 0, /* @tp_as_sequence@ */
287 0, /* @tp_as_mapping@ */
291 0, /* @tp_getattro@ */
292 0, /* @tp_setattro@ */
293 0, /* @tp_as_buffer@ */
294 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
298 "DSAPriv(GROUP, U, [p = u G], [hash = sha], [rng = rand]): DSA private key.",
300 0, /* @tp_traverse@ */
302 0, /* @tp_richcompare@ */
303 0, /* @tp_weaklistoffset@ */
305 0, /* @tp_iternext@ */
306 dsapriv_pymethods, /* @tp_methods@ */
307 dsapriv_pymembers, /* @tp_members@ */
311 0, /* @tp_descr_get@ */
312 0, /* @tp_descr_set@ */
313 0, /* @tp_dictoffset@ */
315 PyType_GenericAlloc, /* @tp_alloc@ */
316 dsapriv_pynew, /* @tp_new@ */
321 static PyObject *kcdsapub_pynew(PyTypeObject *ty,
322 PyObject *arg, PyObject *kw)
324 PyObject *G, *p, *rng = rand_pyobj, *hash = has160_pyobj;
326 static const char *const kwlist[] = { "G", "p", "hash", "rng", 0 };
328 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O!|O!O!:new", KWLIST,
331 gchash_pytype, &hash,
332 grand_pytype, &rng) ||
333 (rc = dsa_setup(kcdsapub_pytype, G, 0, p, rng, hash, 0)) == 0)
339 static void kcdsa_calcpub(group *g, ge *p, mp *u)
341 mp *uinv = mp_modinv(MP_NEW, u, g->r);
342 G_EXP(g, p, g->g, uinv);
346 static PyObject *kcdsapriv_pynew(PyTypeObject *ty,
347 PyObject *arg, PyObject *kw)
349 PyObject *G, *u, *p = 0, *rng = rand_pyobj, *hash = has160_pyobj;
351 static const char *const kwlist[] = { "G", "u", "p", "hash", "rng", 0 };
353 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O!O|O!O!O!:new", KWLIST,
357 gchash_pytype, &hash,
358 grand_pytype, &rng) ||
359 (rc = dsa_setup(kcdsapriv_pytype, G, u, p,
360 rng, hash, kcdsa_calcpub)) == 0)
366 static PyObject *kcdsameth_beginhash(PyObject *me, PyObject *arg)
368 if (!PyArg_ParseTuple(arg, ":beginhash")) return (0);
369 return (ghash_pywrap(DSA_HASH(me), gkcdsa_beginhash(DSA_D(me))));
372 static PyObject *kcdsameth_endhash(PyObject *me, PyObject *arg)
376 if (!PyArg_ParseTuple(arg, "O&:endhash", convghash, &h)) return (0);
377 gkcdsa_endhash(DSA_D(me), h);
379 rc = bytestring_pywrap(0, GH_CLASS(h)->hashsz);
380 GH_DONE(h, PyString_AS_STRING(rc));
385 static PyObject *kcdsameth_sign(PyObject *me, PyObject *arg, PyObject *kw)
387 gkcdsa_sig s = GKCDSA_SIG_INIT;
391 PyObject *r = 0, *rc = 0;
392 static const char *const kwlist[] = { "msg", "k", 0 };
394 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#|O&:sign", KWLIST,
397 if (n != DSA_D(me)->h->hashsz)
398 VALERR("bad message length (doesn't match hash size)");
399 r = bytestring_pywrap(0, DSA_D(me)->h->hashsz);
400 s.r = (octet *)PyString_AS_STRING(r);
401 gkcdsa_sign(DSA_D(me), &s, p, k);
402 rc = Py_BuildValue("(ON)", r, mp_pywrap(s.s));
409 static PyObject *kcdsameth_verify(PyObject *me, PyObject *arg)
413 gkcdsa_sig s = GKCDSA_SIG_INIT;
416 if (!PyArg_ParseTuple(arg, "s#(s#O&):verify",
417 &p, &n, &s.r, &rn, convmp, &s.s))
419 if (n != DSA_D(me)->h->hashsz)
420 VALERR("bad message length (doesn't match hash size)");
421 if (rn != DSA_D(me)->h->hashsz)
422 VALERR("bad signature `r' length (doesn't match hash size)");
423 rc = getbool(!gkcdsa_verify(DSA_D(me), &s, p));
429 static PyMethodDef kcdsapub_pymethods[] = {
430 #define METHNAME(name) kcdsameth_##name
431 METH (beginhash, "D.beginhash() -> hash object")
432 METH (endhash, "D.endhash(H) -> BYTES")
433 METH (verify, "D.verify(MSG, (R, S)) -> true/false")
438 static PyMethodDef kcdsapriv_pymethods[] = {
439 #define METHNAME(name) kcdsameth_##name
440 KWMETH(sign, "D.sign(MSG, k = K) -> R, S")
445 static PyTypeObject kcdsapub_pytype_skel = {
446 PyObject_HEAD_INIT(0) 0, /* Header */
447 "KCDSAPub", /* @tp_name@ */
448 sizeof(dsa_pyobj), /* @tp_basicsize@ */
449 0, /* @tp_itemsize@ */
451 dsa_pydealloc, /* @tp_dealloc@ */
453 0, /* @tp_getattr@ */
454 0, /* @tp_setattr@ */
455 0, /* @tp_compare@ */
457 0, /* @tp_as_number@ */
458 0, /* @tp_as_sequence@ */
459 0, /* @tp_as_mapping@ */
463 0, /* @tp_getattro@ */
464 0, /* @tp_setattro@ */
465 0, /* @tp_as_buffer@ */
466 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
470 "KCDSAPub(GROUP, P, [hash = sha], [rng = rand]): KCDSA public key.",
472 0, /* @tp_traverse@ */
474 0, /* @tp_richcompare@ */
475 0, /* @tp_weaklistoffset@ */
477 0, /* @tp_iternext@ */
478 kcdsapub_pymethods, /* @tp_methods@ */
479 dsapub_pymembers, /* @tp_members@ */
483 0, /* @tp_descr_get@ */
484 0, /* @tp_descr_set@ */
485 0, /* @tp_dictoffset@ */
487 PyType_GenericAlloc, /* @tp_alloc@ */
488 kcdsapub_pynew, /* @tp_new@ */
493 static PyTypeObject kcdsapriv_pytype_skel = {
494 PyObject_HEAD_INIT(0) 0, /* Header */
495 "KCDSAPriv", /* @tp_name@ */
496 sizeof(dsa_pyobj), /* @tp_basicsize@ */
497 0, /* @tp_itemsize@ */
499 0, /* @tp_dealloc@ */
501 0, /* @tp_getattr@ */
502 0, /* @tp_setattr@ */
503 0, /* @tp_compare@ */
505 0, /* @tp_as_number@ */
506 0, /* @tp_as_sequence@ */
507 0, /* @tp_as_mapping@ */
511 0, /* @tp_getattro@ */
512 0, /* @tp_setattro@ */
513 0, /* @tp_as_buffer@ */
514 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
518 "KCDSAPriv(GROUP, U, [p = u G], [hash = sha], [rng = rand]): KCDSA private key.",
520 0, /* @tp_traverse@ */
522 0, /* @tp_richcompare@ */
523 0, /* @tp_weaklistoffset@ */
525 0, /* @tp_iternext@ */
526 kcdsapriv_pymethods, /* @tp_methods@ */
527 dsapriv_pymembers, /* @tp_members@ */
531 0, /* @tp_descr_get@ */
532 0, /* @tp_descr_set@ */
533 0, /* @tp_dictoffset@ */
535 PyType_GenericAlloc, /* @tp_alloc@ */
536 kcdsapriv_pynew, /* @tp_new@ */
541 /*----- RSA ---------------------------------------------------------------*/
543 typedef struct rsapub_pyobj {
549 #define RSA_PUB(o) (&((rsapub_pyobj *)(o))->pub)
550 #define RSA_PUBCTX(o) (&((rsapub_pyobj *)(o))->pubctx)
552 typedef struct rsapriv_pyobj {
561 #define RSA_PRIV(o) (&((rsapriv_pyobj *)(o))->priv)
562 #define RSA_PRIVCTX(o) (&((rsapriv_pyobj *)(o))->privctx)
563 #define RSA_RNG(o) (((rsapriv_pyobj *)(o))->rng)
565 static PyTypeObject *rsapub_pytype, *rsapriv_pytype;
567 static PyObject *rsapub_pynew(PyTypeObject *ty,
568 PyObject *arg, PyObject *kw)
572 static const char *const kwlist[] = { "n", "e", 0 };
574 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&O&:new", KWLIST,
575 convmp, &rp.n, convmp, &rp.e))
577 if (!MP_ODDP(rp.n)) VALERR("RSA modulus must be even");
578 o = (rsapub_pyobj *)ty->tp_alloc(ty, 0);
580 rsa_pubcreate(&o->pubctx, &o->pub);
581 return ((PyObject *)o);
587 static void rsapub_pydealloc(PyObject *me)
589 rsa_pubdestroy(RSA_PUBCTX(me));
590 rsa_pubfree(RSA_PUB(me));
594 static PyObject *rsaget_n(PyObject *me, void *hunoz)
595 { return mp_pywrap(MP_COPY(RSA_PUB(me)->n)); }
597 static PyObject *rsaget_e(PyObject *me, void *hunoz)
598 { return mp_pywrap(MP_COPY(RSA_PUB(me)->e)); }
600 static PyObject *rsameth_pubop(PyObject *me, PyObject *arg)
605 if (!PyArg_ParseTuple(arg, "O&:pubop", convmp, &x)) goto end;
606 rc = mp_pywrap(rsa_pubop(RSA_PUBCTX(me), MP_NEW, x));
612 static PyObject *rsapriv_dopywrap(PyTypeObject *ty,
613 rsa_priv *rp, PyObject *rng)
617 o = (rsapriv_pyobj *)ty->tp_alloc(ty, 0);
621 rsa_privcreate(&o->privctx, &o->priv, &rand_global);
622 rsa_pubcreate(&o->pubctx, &o->pub);
628 return ((PyObject *)o);
631 PyObject *rsapriv_pywrap(rsa_priv *rp)
632 { return rsapriv_dopywrap(rsapriv_pytype, rp, 0); }
634 static PyObject *rsapriv_pynew(PyTypeObject *ty,
635 PyObject *arg, PyObject *kw)
638 PyObject *rng = Py_None;
639 static const char *const kwlist[] =
640 { "n", "e", "d", "p", "q", "dp", "dq", "q_inv", "rng", 0 };
642 if (!PyArg_ParseTupleAndKeywords(arg, kw, "|O&O&O&O&O&O&O&O&O:new", KWLIST,
643 convmp, &rp.n, convmp, &rp.e,
645 convmp, &rp.p, convmp, &rp.q,
646 convmp, &rp.dp, convmp, &rp.dq,
650 if ((rp.n && !MP_ODDP(rp.n)) ||
651 (rp.p && !MP_ODDP(rp.p)) ||
652 (rp.p && !MP_ODDP(rp.q)))
653 VALERR("RSA modulus and factors must be odd");
654 if (rsa_recover(&rp)) VALERR("couldn't construct private key");
655 if (rng != Py_None && !GRAND_PYCHECK(rng))
656 TYERR("not a random number source");
658 return (rsapriv_dopywrap(ty, &rp, rng));
664 static void rsapriv_pydealloc(PyObject *me)
666 RSA_PRIVCTX(me)->r = &rand_global;
667 rsa_privdestroy(RSA_PRIVCTX(me));
668 rsa_privfree(RSA_PRIV(me));
669 Py_DECREF(RSA_RNG(me));
673 static PyObject *rsaget_d(PyObject *me, void *hunoz)
674 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->d)); }
676 static PyObject *rsaget_p(PyObject *me, void *hunoz)
677 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->p)); }
679 static PyObject *rsaget_q(PyObject *me, void *hunoz)
680 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->q)); }
682 static PyObject *rsaget_dp(PyObject *me, void *hunoz)
683 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->dp)); }
685 static PyObject *rsaget_dq(PyObject *me, void *hunoz)
686 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->dq)); }
688 static PyObject *rsaget_q_inv(PyObject *me, void *hunoz)
689 { return mp_pywrap(MP_COPY(RSA_PRIV(me)->q_inv)); }
691 static PyObject *rsaget_rng(PyObject *me, void *hunoz)
692 { RETURN_OBJ(RSA_RNG(me)); }
694 static int rsaset_rng(PyObject *me, PyObject *val, void *hunoz)
699 else if (val != Py_None && !GRAND_PYCHECK(val))
700 TYERR("expected grand or None");
701 Py_DECREF(RSA_RNG(me));
709 static PyObject *rsameth_privop(PyObject *me, PyObject *arg, PyObject *kw)
711 PyObject *rng = RSA_RNG(me);
714 static const char *const kwlist[] = { "x", "rng", 0 };
716 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&|O:privop", KWLIST,
719 if (rng != Py_None && !GRAND_PYCHECK(rng))
720 TYERR("not a random number source");
721 RSA_PRIVCTX(me)->r = (rng == Py_None) ? 0 : GRAND_R(rng);
722 rc = mp_pywrap(rsa_privop(RSA_PRIVCTX(me), MP_NEW, x));
728 static PyObject *meth__RSAPriv_generate(PyObject *me,
729 PyObject *arg, PyObject *kw)
731 grand *r = &rand_global;
737 static const char *const kwlist[] =
738 { "class", "nbits", "event", "rng", "nsteps", "e", 0 };
741 if (!PyArg_ParseTupleAndKeywords(arg, kw, "OO&|O&O&O&O&:generate", KWLIST,
742 &me, convuint, &nbits, convpgev, &evt,
743 convgrand, &r, convuint, &n,
747 else e = mp_fromulong(MP_NEW, 65537);
748 if (rsa_gen_e(&rp, nbits, e, r, n, evt.proc, evt.ctx))
750 rc = rsapriv_pywrap(&rp);
757 static PyGetSetDef rsapub_pygetset[] = {
758 #define GETSETNAME(op, name) rsa##op##_##name
765 static PyMethodDef rsapub_pymethods[] = {
766 #define METHNAME(name) rsameth_##name
767 METH (pubop, "R.pubop(X) -> X^E (mod N)")
772 static PyGetSetDef rsapriv_pygetset[] = {
773 #define GETSETNAME(op, name) rsa##op##_##name
777 GET (dp, "R.dp -> D mod (P - 1)")
778 GET (dq, "R.dq -> D mod (Q - 1)")
779 GET (q_inv, "R.q_inv -> Q^{-1} mod P")
780 GETSET(rng, "R.rng -> random number source for blinding")
785 static PyMethodDef rsapriv_pymethods[] = {
786 #define METHNAME(name) rsameth_##name
787 KWMETH(privop, "R.privop(X, rng = None) -> X^D (mod N)")
792 static PyTypeObject rsapub_pytype_skel = {
793 PyObject_HEAD_INIT(0) 0, /* Header */
794 "RSAPub", /* @tp_name@ */
795 sizeof(rsapub_pyobj), /* @tp_basicsize@ */
796 0, /* @tp_itemsize@ */
798 rsapub_pydealloc, /* @tp_dealloc@ */
800 0, /* @tp_getattr@ */
801 0, /* @tp_setattr@ */
802 0, /* @tp_compare@ */
804 0, /* @tp_as_number@ */
805 0, /* @tp_as_sequence@ */
806 0, /* @tp_as_mapping@ */
810 0, /* @tp_getattro@ */
811 0, /* @tp_setattro@ */
812 0, /* @tp_as_buffer@ */
813 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
817 "RSAPub(N, E): RSA public key.",
819 0, /* @tp_traverse@ */
821 0, /* @tp_richcompare@ */
822 0, /* @tp_weaklistoffset@ */
824 0, /* @tp_iternext@ */
825 rsapub_pymethods, /* @tp_methods@ */
826 0, /* @tp_members@ */
827 rsapub_pygetset, /* @tp_getset@ */
830 0, /* @tp_descr_get@ */
831 0, /* @tp_descr_set@ */
832 0, /* @tp_dictoffset@ */
834 PyType_GenericAlloc, /* @tp_alloc@ */
835 rsapub_pynew, /* @tp_new@ */
840 static PyTypeObject rsapriv_pytype_skel = {
841 PyObject_HEAD_INIT(0) 0, /* Header */
842 "RSAPriv", /* @tp_name@ */
843 sizeof(rsapriv_pyobj), /* @tp_basicsize@ */
844 0, /* @tp_itemsize@ */
846 rsapriv_pydealloc, /* @tp_dealloc@ */
848 0, /* @tp_getattr@ */
849 0, /* @tp_setattr@ */
850 0, /* @tp_compare@ */
852 0, /* @tp_as_number@ */
853 0, /* @tp_as_sequence@ */
854 0, /* @tp_as_mapping@ */
858 0, /* @tp_getattro@ */
859 0, /* @tp_setattro@ */
860 0, /* @tp_as_buffer@ */
861 Py_TPFLAGS_DEFAULT | /* @tp_flags@ */
865 "RSAPriv(..., [rng = rand]): RSA private key.\n\
866 Keywords: n, e, d, p, q, dp, dq, q_inv; must provide enough",
868 0, /* @tp_traverse@ */
870 0, /* @tp_richcompare@ */
871 0, /* @tp_weaklistoffset@ */
873 0, /* @tp_iternext@ */
874 rsapriv_pymethods, /* @tp_methods@ */
875 0, /* @tp_members@ */
876 rsapriv_pygetset, /* @tp_getset@ */
879 0, /* @tp_descr_get@ */
880 0, /* @tp_descr_set@ */
881 0, /* @tp_dictoffset@ */
883 PyType_GenericAlloc, /* @tp_alloc@ */
884 rsapriv_pynew, /* @tp_new@ */
889 /*----- RSA padding schemes -----------------------------------------------*/
891 static PyObject *meth__p1crypt_encode(PyObject *me,
892 PyObject *arg, PyObject *kw)
896 Py_ssize_t msz, epsz;
902 static const char *const kwlist[] = { "msg", "nbits", "ep", "rng", 0 };
904 p1.r = &rand_global; ep = 0; epsz = 0;
905 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|s#O&:encode", KWLIST,
906 &m, &msz, convulong, &nbits,
907 &ep, &epsz, convgrand, &p1.r))
910 p1.ep = ep; p1.epsz = epsz;
911 if (epsz + msz + 11 > sz) VALERR("buffer underflow");
913 x = pkcs1_cryptencode(MP_NEW, m, msz, b, sz, nbits, &p1);
920 static PyObject *meth__p1crypt_decode(PyObject *me,
921 PyObject *arg, PyObject *kw)
932 static const char *const kwlist[] = { "ct", "nbits", "ep", "rng", 0 };
934 p1.r = &rand_global; ep = 0; epsz = 0;
935 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&O&|s#O&:decode", KWLIST,
936 convmp, &x, convulong, &nbits,
937 &ep, &epsz, convgrand, &p1.r))
940 p1.ep = ep; p1.epsz = epsz;
941 if (epsz + 11 > sz) VALERR("buffer underflow");
943 if ((n = pkcs1_cryptdecode(x, b, sz, nbits, &p1)) < 0)
944 VALERR("decryption failed");
945 rc = bytestring_pywrap(b, n);
952 static PyObject *meth__p1sig_encode(PyObject *me,
953 PyObject *arg, PyObject *kw)
957 Py_ssize_t msz, epsz;
963 static const char *const kwlist[] = { "msg", "nbits", "ep", "rng", 0 };
965 p1.r = &rand_global; ep = 0; epsz = 0;
966 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|s#O&:encode", KWLIST,
967 &m, &msz, convulong, &nbits,
968 &ep, &epsz, convgrand, &p1.r))
971 p1.ep = ep; p1.epsz = epsz;
972 if (epsz + msz + 11 > sz) VALERR("buffer underflow");
974 x = pkcs1_sigencode(MP_NEW, m, msz, b, sz, nbits, &p1);
981 static PyObject *meth__p1sig_decode(PyObject *me,
982 PyObject *arg, PyObject *kw)
994 static const char *const kwlist[] =
995 { "msg", "sig", "nbits", "ep", "rng", 0 };
997 p1.r = &rand_global; ep = 0; epsz = 0;
998 if (!PyArg_ParseTupleAndKeywords(arg, kw, "OO&O&|s#O&:decode", KWLIST,
999 &hukairz, convmp, &x, convulong, &nbits,
1000 &ep, &epsz, convgrand, &p1.r))
1003 p1.ep = ep; p1.epsz = epsz;
1004 if (epsz + 10 > sz) VALERR("buffer underflow");
1006 if ((n = pkcs1_sigdecode(x, 0, 0, b, sz, nbits, &p1)) < 0)
1007 VALERR("verification failed");
1008 rc = bytestring_pywrap(b, n);
1015 static PyObject *meth__oaep_encode(PyObject *me,
1016 PyObject *arg, PyObject *kw)
1020 Py_ssize_t msz, epsz;
1021 unsigned long nbits;
1026 static const char *const kwlist[] =
1027 { "msg", "nbits", "mgf", "hash", "ep", "rng", 0 };
1029 o.r = &rand_global; o.cc = &sha_mgf; o.ch = &sha; ep = 0; epsz = 0;
1030 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|O&O&s#O&:encode", KWLIST,
1031 &m, &msz, convulong, &nbits,
1032 convgccipher, &o.cc,
1038 o.ep = ep; o.epsz = epsz;
1039 if (2 * o.ch->hashsz + 2 + msz > sz) VALERR("buffer underflow");
1041 x = oaep_encode(MP_NEW, m, msz, b, sz, nbits, &o);
1048 static PyObject *meth__oaep_decode(PyObject *me,
1049 PyObject *arg, PyObject *kw)
1054 unsigned long nbits;
1060 static const char *const kwlist[] =
1061 { "ct", "nbits", "mgf", "hash", "ep", "rng", 0 };
1063 o.r = &rand_global; o.cc = &sha_mgf; o.ch = &sha; ep = 0; epsz = 0;
1064 if (!PyArg_ParseTupleAndKeywords(arg, kw, "O&O&|O&O&s#O&:decode", KWLIST,
1065 convmp, &x, convulong, &nbits,
1066 convgccipher, &o.cc,
1072 o.ep = ep; o.epsz = epsz;
1073 if (2 * o.ch->hashsz > sz) VALERR("buffer underflow");
1075 if ((n = oaep_decode(x, b, sz, nbits, &o)) < 0)
1076 VALERR("decryption failed");
1077 rc = bytestring_pywrap(b, n);
1084 static PyObject *meth__pss_encode(PyObject *me,
1085 PyObject *arg, PyObject *kw)
1090 unsigned long nbits;
1095 static const char *const kwlist[] =
1096 { "msg", "nbits", "mgf", "hash", "saltsz", "rng", 0 };
1098 p.cc = &sha_mgf; p.ch = &sha; p.r = &rand_global; p.ssz = (size_t)-1;
1099 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&|O&O&O&O&:encode", KWLIST,
1100 &m, &msz, convulong, &nbits,
1101 convgccipher, &p.cc,
1107 if (p.ssz == (size_t)-1) p.ssz = p.ch->hashsz;
1108 if (p.ch->hashsz + p.ssz + 2 > sz) VALERR("buffer underflow");
1110 x = pss_encode(MP_NEW, m, msz, b, sz, nbits, &p);
1117 static PyObject *meth__pss_decode(PyObject *me,
1118 PyObject *arg, PyObject *kw)
1123 unsigned long nbits;
1129 static const char *const kwlist[] =
1130 { "msg", "sig", "nbits", "mgf", "hash", "saltsz", "rng", 0 };
1132 p.cc = &sha_mgf; p.ch = &sha; p.r = &rand_global; p.ssz = (size_t)-1;
1133 if (!PyArg_ParseTupleAndKeywords(arg, kw, "s#O&O&|O&O&O&O&:decode", KWLIST,
1134 &m, &msz, convmp, &x, convulong, &nbits,
1135 convgccipher, &p.cc,
1141 if (p.ssz == (size_t)-1) p.ssz = p.ch->hashsz;
1142 if (p.ch->hashsz + p.ssz + 2 > sz) VALERR("buffer underflow");
1144 if ((n = pss_decode(x, m, msz, b, sz, nbits, &p)) < 0)
1145 VALERR("verification failed");
1146 rc = Py_None; Py_INCREF(rc);
1153 /*----- X25519 and related algorithms -------------------------------------*/
1159 #define DEFXDH(X, x) \
1160 static PyObject *meth_##x(PyObject *me, PyObject *arg) \
1162 const char *k, *p; \
1163 Py_ssize_t ksz, psz; \
1165 if (!PyArg_ParseTuple(arg, "s#s#:" #x, &k, &ksz, &p, &psz)) \
1167 if (ksz != X##_KEYSZ) VALERR("bad key length"); \
1168 if (psz != X##_PUBSZ) VALERR("bad public length"); \
1169 rc = bytestring_pywrap(0, X##_OUTSZ); \
1170 x((octet *)PyString_AS_STRING(rc), \
1171 (const octet *)k, (const octet *)p); \
1179 /*----- Ed25519 and related algorithms ------------------------------------*/
1182 _(ED25519, ed25519, -1, ctx) \
1183 _(ED448, ed448, 0, )
1185 #define DEFEDDSA(ED, ed, phdflt, sigver) \
1187 static PyObject *meth_##ed##_pubkey(PyObject *me, PyObject *arg) \
1192 if (!PyArg_ParseTuple(arg, "s#:" #ed "_pubkey", &k, &ksz)) \
1194 rc = bytestring_pywrap(0, ED##_PUBSZ); \
1195 ed##_pubkey((octet *)PyString_AS_STRING(rc), k, ksz); \
1201 static PyObject *meth_##ed##_sign(PyObject *me, PyObject *arg, \
1204 const char *k, *p = 0, *c = 0, *m; \
1205 Py_ssize_t ksz, psz, csz = 0, msz; \
1208 octet pp[ED##_PUBSZ]; \
1209 static const char *const kwlist[] = \
1210 { "key", "msg", "pub", "perso", "phflag", 0 }; \
1211 if (!PyArg_ParseTupleAndKeywords(arg, kw, \
1212 "s#s#|s#s#O&:" #ed "_sign", \
1214 &k, &ksz, &m, &msz, &p, &psz, \
1215 &c, &csz, convbool, &ph)) \
1217 if (p && psz != ED##_PUBSZ) VALERR("bad public length"); \
1218 if (c && csz > ED##_MAXPERSOSZ) \
1219 VALERR("personalization string too long"); \
1220 if (c && ph == -1) ph = 0; \
1221 if (!p) { p = (const char *)pp; ed##_pubkey(pp, k, ksz); } \
1222 rc = bytestring_pywrap(0, ED##_SIGSZ); \
1223 ed##sigver##_sign((octet *)PyString_AS_STRING(rc), k, ksz, \
1224 (const octet *)p, ph, c, csz, m, msz); \
1230 static PyObject *meth_##ed##_verify(PyObject *me, \
1231 PyObject *arg, PyObject *kw) \
1233 const char *p, *c = 0, *m, *s; \
1234 Py_ssize_t psz, csz = 0, msz, ssz; \
1237 static const char *const kwlist[] = \
1238 { "pub", "msg", "sig", "perso", "phflag", 0 }; \
1239 if (!PyArg_ParseTupleAndKeywords(arg, kw, \
1240 "s#s#s#|s#O&:" #ed "_verify", \
1242 &p, &psz, &m, &msz, &s, &ssz, \
1243 &c, &csz, convbool, &ph)) \
1245 if (psz != ED##_PUBSZ) VALERR("bad public length"); \
1246 if (ssz != ED##_SIGSZ) VALERR("bad signature length"); \
1247 if (c && csz > ED##_MAXPERSOSZ) \
1248 VALERR("personalization string too long"); \
1249 if (c && ph == -1) ph = 0; \
1250 rc = getbool(!ed##sigver##_verify((const octet *)p, ph, c, csz, \
1251 m, msz, (const octet *)s)); \
1259 /*----- Global stuff ------------------------------------------------------*/
1261 static PyMethodDef methods[] = {
1262 #define METHNAME(name) meth_##name
1263 KWMETH(_p1crypt_encode, 0)
1264 KWMETH(_p1crypt_decode, 0)
1265 KWMETH(_p1sig_encode, 0)
1266 KWMETH(_p1sig_decode, 0)
1267 KWMETH(_oaep_encode, 0)
1268 KWMETH(_oaep_decode, 0)
1269 KWMETH(_pss_encode, 0)
1270 KWMETH(_pss_decode, 0)
1271 KWMETH(_RSAPriv_generate, "\
1272 generate(NBITS, [event = pgen_nullev, rng = rand, nsteps = 0]) -> R")
1273 #define DEFMETH(X, x) \
1275 " #x "(KEY, PUBLIC) -> SHARED")
1278 #define DEFMETH(ED, ed, phdflt, sigver) \
1279 METH (ed##_pubkey, "\
1280 " #ed "_pubkey(KEY) -> PUBLIC") \
1281 KWMETH(ed##_sign, "\
1282 " #ed "_sign(KEY, MSG, [pub = PUBLIC, " \
1283 "perso = STRING, phflag = BOOL]) -> SIG") \
1284 KWMETH(ed##_verify, "\
1285 " #ed "_verify(PUBLIC, MSG, SIG, " \
1286 "[perso = STRING, phflag = BOOL]) -> BOOL")
1293 void pubkey_pyinit(void)
1295 INITTYPE(dsapub, root);
1296 INITTYPE(dsapriv, dsapub);
1297 INITTYPE(kcdsapub, root);
1298 INITTYPE(kcdsapriv, kcdsapub);
1299 INITTYPE(rsapub, root);
1300 INITTYPE(rsapriv, rsapub);
1301 addmethods(methods);
1304 void pubkey_pyinsert(PyObject *mod)
1306 INSERT("DSAPub", dsapub_pytype);
1307 INSERT("DSAPriv", dsapriv_pytype);
1308 INSERT("KCDSAPub", kcdsapub_pytype);
1309 INSERT("KCDSAPriv", kcdsapriv_pytype);
1310 INSERT("RSAPub", rsapub_pytype);
1311 INSERT("RSAPriv", rsapriv_pytype);
1314 /*----- That's all, folks -------------------------------------------------*/