| # |
| # pubkey.py : Internal functions for public key operations |
| # |
| # Part of the Python Cryptography Toolkit |
| # |
| # Written by Andrew Kuchling, Paul Swartz, and others |
| # |
| # =================================================================== |
| # The contents of this file are dedicated to the public domain. To |
| # the extent that dedication to the public domain is not available, |
| # everyone is granted a worldwide, perpetual, royalty-free, |
| # non-exclusive license to exercise all rights associated with the |
| # contents of this file for any purpose whatsoever. |
| # No rights are reserved. |
| # |
| # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
| # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
| # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
| # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS |
| # BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
| # ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
| # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
| # SOFTWARE. |
| # =================================================================== |
| # |
| |
| __revision__ = "$Id$" |
| |
| import types, warnings |
| from Crypto.Util.number import * |
| |
| # Basic public key class |
| class pubkey: |
| """An abstract class for a public key object. |
| |
| :undocumented: __getstate__, __setstate__, __eq__, __ne__, validate |
| """ |
| def __init__(self): |
| pass |
| |
| def __getstate__(self): |
| """To keep key objects platform-independent, the key data is |
| converted to standard Python long integers before being |
| written out. It will then be reconverted as necessary on |
| restoration.""" |
| d=self.__dict__ |
| for key in self.keydata: |
| if d.has_key(key): d[key]=long(d[key]) |
| return d |
| |
| def __setstate__(self, d): |
| """On unpickling a key object, the key data is converted to the big |
| number representation being used, whether that is Python long |
| integers, MPZ objects, or whatever.""" |
| for key in self.keydata: |
| if d.has_key(key): self.__dict__[key]=bignum(d[key]) |
| |
| def encrypt(self, plaintext, K): |
| """Encrypt a piece of data. |
| |
| :Parameter plaintext: The piece of data to encrypt. |
| :Type plaintext: byte string or long |
| |
| :Parameter K: A random parameter required by some algorithms |
| :Type K: byte string or long |
| |
| :Return: A tuple with two items. Each item is of the same type as the |
| plaintext (string or long). |
| """ |
| wasString=0 |
| if isinstance(plaintext, types.StringType): |
| plaintext=bytes_to_long(plaintext) ; wasString=1 |
| if isinstance(K, types.StringType): |
| K=bytes_to_long(K) |
| ciphertext=self._encrypt(plaintext, K) |
| if wasString: return tuple(map(long_to_bytes, ciphertext)) |
| else: return ciphertext |
| |
| def decrypt(self, ciphertext): |
| """Decrypt a piece of data. |
| |
| :Parameter ciphertext: The piece of data to decrypt. |
| :Type ciphertext: byte string, long or a 2-item tuple as returned by `encrypt` |
| |
| :Return: A byte string if ciphertext was a byte string or a tuple |
| of byte strings. A long otherwise. |
| """ |
| wasString=0 |
| if not isinstance(ciphertext, types.TupleType): |
| ciphertext=(ciphertext,) |
| if isinstance(ciphertext[0], types.StringType): |
| ciphertext=tuple(map(bytes_to_long, ciphertext)) ; wasString=1 |
| plaintext=self._decrypt(ciphertext) |
| if wasString: return long_to_bytes(plaintext) |
| else: return plaintext |
| |
| def sign(self, M, K): |
| """Sign a piece of data. |
| |
| :Parameter M: The piece of data to encrypt. |
| :Type M: byte string or long |
| |
| :Parameter K: A random parameter required by some algorithms |
| :Type K: byte string or long |
| |
| :Return: A tuple with two items. |
| """ |
| if (not self.has_private()): |
| raise TypeError('Private key not available in this object') |
| if isinstance(M, types.StringType): M=bytes_to_long(M) |
| if isinstance(K, types.StringType): K=bytes_to_long(K) |
| return self._sign(M, K) |
| |
| def verify (self, M, signature): |
| """Verify the validity of a signature. |
| |
| :Parameter M: The expected message. |
| :Type M: byte string or long |
| |
| :Parameter signature: The signature to verify. |
| :Type signature: tuple with two items, as return by `sign` |
| |
| :Return: True if the signature is correct, False otherwise. |
| """ |
| if isinstance(M, types.StringType): M=bytes_to_long(M) |
| return self._verify(M, signature) |
| |
| # alias to compensate for the old validate() name |
| def validate (self, M, signature): |
| warnings.warn("validate() method name is obsolete; use verify()", |
| DeprecationWarning) |
| |
| def blind(self, M, B): |
| """Blind a message to prevent certain side-channel attacks. |
| |
| :Parameter M: The message to blind. |
| :Type M: byte string or long |
| |
| :Parameter B: Blinding factor. |
| :Type B: byte string or long |
| |
| :Return: A byte string if M was so. A long otherwise. |
| """ |
| wasString=0 |
| if isinstance(M, types.StringType): |
| M=bytes_to_long(M) ; wasString=1 |
| if isinstance(B, types.StringType): B=bytes_to_long(B) |
| blindedmessage=self._blind(M, B) |
| if wasString: return long_to_bytes(blindedmessage) |
| else: return blindedmessage |
| |
| def unblind(self, M, B): |
| """Unblind a message after cryptographic processing. |
| |
| :Parameter M: The encoded message to unblind. |
| :Type M: byte string or long |
| |
| :Parameter B: Blinding factor. |
| :Type B: byte string or long |
| """ |
| wasString=0 |
| if isinstance(M, types.StringType): |
| M=bytes_to_long(M) ; wasString=1 |
| if isinstance(B, types.StringType): B=bytes_to_long(B) |
| unblindedmessage=self._unblind(M, B) |
| if wasString: return long_to_bytes(unblindedmessage) |
| else: return unblindedmessage |
| |
| |
| # The following methods will usually be left alone, except for |
| # signature-only algorithms. They both return Boolean values |
| # recording whether this key's algorithm can sign and encrypt. |
| def can_sign (self): |
| """Tell if the algorithm can deal with cryptographic signatures. |
| |
| This property concerns the *algorithm*, not the key itself. |
| It may happen that this particular key object hasn't got |
| the private information required to generate a signature. |
| |
| :Return: boolean |
| """ |
| return 1 |
| |
| def can_encrypt (self): |
| """Tell if the algorithm can deal with data encryption. |
| |
| This property concerns the *algorithm*, not the key itself. |
| It may happen that this particular key object hasn't got |
| the private information required to decrypt data. |
| |
| :Return: boolean |
| """ |
| return 1 |
| |
| def can_blind (self): |
| """Tell if the algorithm can deal with data blinding. |
| |
| This property concerns the *algorithm*, not the key itself. |
| It may happen that this particular key object hasn't got |
| the private information required carry out blinding. |
| |
| :Return: boolean |
| """ |
| return 0 |
| |
| # The following methods will certainly be overridden by |
| # subclasses. |
| |
| def size (self): |
| """Tell the maximum number of bits that can be handled by this key. |
| |
| :Return: int |
| """ |
| return 0 |
| |
| def has_private (self): |
| """Tell if the key object contains private components. |
| |
| :Return: bool |
| """ |
| return 0 |
| |
| def publickey (self): |
| """Construct a new key carrying only the public information. |
| |
| :Return: A new `pubkey` object. |
| """ |
| return self |
| |
| def __eq__ (self, other): |
| """__eq__(other): 0, 1 |
| Compare us to other for equality. |
| """ |
| return self.__getstate__() == other.__getstate__() |
| |
| def __ne__ (self, other): |
| """__ne__(other): 0, 1 |
| Compare us to other for inequality. |
| """ |
| return not self.__eq__(other) |