Extension("allmydata.Crypto.Cipher.AES",
include_dirs=["src/allmydata/Crypto"],
sources=["src/allmydata/Crypto/AES.c"]),
- Extension("allmydata.Crypto.Hash.SHA256",
- include_dirs=["src/allmydata/Crypto"],
- sources=["src/allmydata/Crypto/SHA256.c"]),
- # _fastmath requires gmp. Since we're not using rsa yet, hold off
- # on requiring this. (note that RSA.py doesn't require _fastmath,
- # but I doubt we'd want to use the pure-python version).
-# Extension("allmydata.Crypto.PublicKey._fastmath",
-# sources=["src/allmydata/Crypto/_fastmath.c"]),
],
zip_safe=False, # We prefer unzipped for easier access.
)
+++ /dev/null
-#
-# RSA.py : RSA encryption/decryption
-#
-# Part of the Python Cryptography Toolkit
-#
-# Distribute and use freely; there are no restrictions on further
-# dissemination and usage except those imposed by the laws of your
-# country of residence. This software is provided "as is" without
-# warranty of fitness for use or suitability for any purpose, express
-# or implied. Use at your own risk or not at all.
-#
-
-__revision__ = "$Id: RSA.py,v 1.20 2004/05/06 12:52:54 akuchling Exp $"
-
-from allmydata.Crypto.PublicKey import pubkey
-from allmydata.Crypto.Util import number
-
-_fastmath = None
-try:
- from allmydata.Crypto.PublicKey import _fastmath
-except ImportError:
- pass
-
-class error (Exception):
- pass
-
-def generate(bits, randfunc, progress_func=None):
- """generate(bits:int, randfunc:callable, progress_func:callable)
-
- Generate an RSA key of length 'bits', using 'randfunc' to get
- random data and 'progress_func', if present, to display
- the progress of the key generation.
- """
- obj=RSAobj()
-
- # Generate the prime factors of n
- if progress_func:
- progress_func('p,q\n')
- p = q = 1L
- while number.size(p*q) < bits:
- p = pubkey.getPrime(bits/2, randfunc)
- q = pubkey.getPrime(bits/2, randfunc)
-
- # p shall be smaller than q (for calc of u)
- if p > q:
- (p, q)=(q, p)
- obj.p = p
- obj.q = q
-
- if progress_func:
- progress_func('u\n')
- obj.u = pubkey.inverse(obj.p, obj.q)
- obj.n = obj.p*obj.q
-
- obj.e = 65537L
- if progress_func:
- progress_func('d\n')
- obj.d=pubkey.inverse(obj.e, (obj.p-1)*(obj.q-1))
-
- assert bits <= 1+obj.size(), "Generated key is too small"
-
- return obj
-
-def construct(tuple):
- """construct(tuple:(long,) : RSAobj
- Construct an RSA object from a 2-, 3-, 5-, or 6-tuple of numbers.
- """
-
- obj=RSAobj()
- if len(tuple) not in [2,3,5,6]:
- raise error, 'argument for construct() wrong length'
- for i in range(len(tuple)):
- field = obj.keydata[i]
- setattr(obj, field, tuple[i])
- if len(tuple) >= 5:
- # Ensure p is smaller than q
- if obj.p>obj.q:
- (obj.p, obj.q)=(obj.q, obj.p)
-
- if len(tuple) == 5:
- # u not supplied, so we're going to have to compute it.
- obj.u=pubkey.inverse(obj.p, obj.q)
-
- return obj
-
-class RSAobj(pubkey.pubkey):
- keydata = ['n', 'e', 'd', 'p', 'q', 'u']
- def _encrypt(self, plaintext, K=''):
- if self.n<=plaintext:
- raise error, 'Plaintext too large'
- return (pow(plaintext, self.e, self.n),)
-
- def _decrypt(self, ciphertext):
- if (not hasattr(self, 'd')):
- raise error, 'Private key not available in this object'
- if self.n<=ciphertext[0]:
- raise error, 'Ciphertext too large'
- return pow(ciphertext[0], self.d, self.n)
-
- def _sign(self, M, K=''):
- return (self._decrypt((M,)),)
-
- def _verify(self, M, sig):
- m2=self._encrypt(sig[0])
- if m2[0]==M:
- return 1
- else: return 0
-
- def _blind(self, M, B):
- tmp = pow(B, self.e, self.n)
- return (M * tmp) % self.n
-
- def _unblind(self, M, B):
- tmp = pubkey.inverse(B, self.n)
- return (M * tmp) % self.n
-
- def can_blind (self):
- """can_blind() : bool
- Return a Boolean value recording whether this algorithm can
- blind data. (This does not imply that this
- particular key object has the private information required to
- to blind a message.)
- """
- return 1
-
- def size(self):
- """size() : int
- Return the maximum number of bits that can be handled by this key.
- """
- return number.size(self.n) - 1
-
- def has_private(self):
- """has_private() : bool
- Return a Boolean denoting whether the object contains
- private components.
- """
- if hasattr(self, 'd'):
- return 1
- else: return 0
-
- def publickey(self):
- """publickey(): RSAobj
- Return a new key object containing only the public key information.
- """
- return construct((self.n, self.e))
-
-class RSAobj_c(pubkey.pubkey):
- keydata = ['n', 'e', 'd', 'p', 'q', 'u']
-
- def __init__(self, key):
- self.key = key
-
- def __getattr__(self, attr):
- if attr in self.keydata:
- return getattr(self.key, attr)
- else:
- if self.__dict__.has_key(attr):
- self.__dict__[attr]
- else:
- raise AttributeError, '%s instance has no attribute %s' % (self.__class__, attr)
-
- def __getstate__(self):
- d = {}
- for k in self.keydata:
- if hasattr(self.key, k):
- d[k]=getattr(self.key, k)
- return d
-
- def __setstate__(self, state):
- n,e = state['n'], state['e']
- if not state.has_key('d'):
- self.key = _fastmath.rsa_construct(n,e)
- else:
- d = state['d']
- if not state.has_key('q'):
- self.key = _fastmath.rsa_construct(n,e,d)
- else:
- p, q, u = state['p'], state['q'], state['u']
- self.key = _fastmath.rsa_construct(n,e,d,p,q,u)
-
- def _encrypt(self, plain, K):
- return (self.key._encrypt(plain),)
-
- def _decrypt(self, cipher):
- return self.key._decrypt(cipher[0])
-
- def _sign(self, M, K):
- return (self.key._sign(M),)
-
- def _verify(self, M, sig):
- return self.key._verify(M, sig[0])
-
- def _blind(self, M, B):
- return self.key._blind(M, B)
-
- def _unblind(self, M, B):
- return self.key._unblind(M, B)
-
- def can_blind (self):
- return 1
-
- def size(self):
- return self.key.size()
-
- def has_private(self):
- return self.key.has_private()
-
- def publickey(self):
- return construct_c((self.key.n, self.key.e))
-
-def generate_c(bits, randfunc, progress_func = None):
- # Generate the prime factors of n
- if progress_func:
- progress_func('p,q\n')
-
- p = q = 1L
- while number.size(p*q) < bits:
- p = pubkey.getPrime(bits/2, randfunc)
- q = pubkey.getPrime(bits/2, randfunc)
-
- # p shall be smaller than q (for calc of u)
- if p > q:
- (p, q)=(q, p)
- if progress_func:
- progress_func('u\n')
- u=pubkey.inverse(p, q)
- n=p*q
-
- e = 65537L
- if progress_func:
- progress_func('d\n')
- d=pubkey.inverse(e, (p-1)*(q-1))
- key = _fastmath.rsa_construct(n,e,d,p,q,u)
- obj = RSAobj_c(key)
-
-## print p
-## print q
-## print number.size(p), number.size(q), number.size(q*p),
-## print obj.size(), bits
- assert bits <= 1+obj.size(), "Generated key is too small"
- return obj
-
-
-def construct_c(tuple):
- key = apply(_fastmath.rsa_construct, tuple)
- return RSAobj_c(key)
-
-object = RSAobj
-
-generate_py = generate
-construct_py = construct
-
-if _fastmath:
- #print "using C version of RSA"
- generate = generate_c
- construct = construct_c
- error = _fastmath.error
+++ /dev/null
-"""Public-key encryption and signature algorithms.
-
-Public-key encryption uses two different keys, one for encryption and
-one for decryption. The encryption key can be made public, and the
-decryption key is kept private. Many public-key algorithms can also
-be used to sign messages, and some can *only* be used for signatures.
-
-Crypto.PublicKey.DSA Digital Signature Algorithm. (Signature only)
-Crypto.PublicKey.ElGamal (Signing and encryption)
-Crypto.PublicKey.RSA (Signing, encryption, and blinding)
-Crypto.PublicKey.qNEW (Signature only)
-
-"""
-
-__all__ = ['RSA']
-__revision__ = "$Id: __init__.py,v 1.4 2003/04/03 20:27:13 akuchling Exp $"
-
+++ /dev/null
-#
-# pubkey.py : Internal functions for public key operations
-#
-# Part of the Python Cryptography Toolkit
-#
-# Distribute and use freely; there are no restrictions on further
-# dissemination and usage except those imposed by the laws of your
-# country of residence. This software is provided "as is" without
-# warranty of fitness for use or suitability for any purpose, express
-# or implied. Use at your own risk or not at all.
-#
-
-__revision__ = "$Id: pubkey.py,v 1.11 2003/04/03 20:36:14 akuchling Exp $"
-
-import types, warnings
-from allmydata.Crypto.Util.number import bignum, bytes_to_long, \
- long_to_bytes, error
-
-# Basic public key class
-class pubkey:
- def __init__(self):
- pass
-
- def __getstate__(self):
- """To keep key objects platform-independent, the key data is
- converted to standard Python long integers before being
- written out. It will then be reconverted as necessary on
- restoration."""
- d=self.__dict__
- for key in self.keydata:
- if d.has_key(key): d[key]=long(d[key])
- return d
-
- def __setstate__(self, d):
- """On unpickling a key object, the key data is converted to the big
-number representation being used, whether that is Python long
-integers, MPZ objects, or whatever."""
- for key in self.keydata:
- if d.has_key(key): self.__dict__[key]=bignum(d[key])
-
- def encrypt(self, plaintext, K):
- """encrypt(plaintext:string|long, K:string|long) : tuple
- Encrypt the string or integer plaintext. K is a random
- parameter required by some algorithms.
- """
- wasString=0
- if isinstance(plaintext, types.StringType):
- plaintext=bytes_to_long(plaintext) ; wasString=1
- if isinstance(K, types.StringType):
- K=bytes_to_long(K)
- ciphertext=self._encrypt(plaintext, K)
- if wasString: return tuple(map(long_to_bytes, ciphertext))
- else: return ciphertext
-
- def decrypt(self, ciphertext):
- """decrypt(ciphertext:tuple|string|long): string
- Decrypt 'ciphertext' using this key.
- """
- wasString=0
- if not isinstance(ciphertext, types.TupleType):
- ciphertext=(ciphertext,)
- if isinstance(ciphertext[0], types.StringType):
- ciphertext=tuple(map(bytes_to_long, ciphertext)) ; wasString=1
- plaintext=self._decrypt(ciphertext)
- if wasString: return long_to_bytes(plaintext)
- else: return plaintext
-
- def sign(self, M, K):
- """sign(M : string|long, K:string|long) : tuple
- Return a tuple containing the signature for the message M.
- K is a random parameter required by some algorithms.
- """
- if (not self.has_private()):
- raise error, 'Private key not available in this object'
- if isinstance(M, types.StringType): M=bytes_to_long(M)
- if isinstance(K, types.StringType): K=bytes_to_long(K)
- return self._sign(M, K)
-
- def verify (self, M, signature):
- """verify(M:string|long, signature:tuple) : bool
- Verify that the signature is valid for the message M;
- returns true if the signature checks out.
- """
- if isinstance(M, types.StringType): M=bytes_to_long(M)
- return self._verify(M, signature)
-
- # alias to compensate for the old validate() name
- def validate (self, M, signature):
- warnings.warn("validate() method name is obsolete; use verify()",
- DeprecationWarning)
-
- def blind(self, M, B):
- """blind(M : string|long, B : string|long) : string|long
- Blind message M using blinding factor B.
- """
- wasString=0
- if isinstance(M, types.StringType):
- M=bytes_to_long(M) ; wasString=1
- if isinstance(B, types.StringType): B=bytes_to_long(B)
- blindedmessage=self._blind(M, B)
- if wasString: return long_to_bytes(blindedmessage)
- else: return blindedmessage
-
- def unblind(self, M, B):
- """unblind(M : string|long, B : string|long) : string|long
- Unblind message M using blinding factor B.
- """
- wasString=0
- if isinstance(M, types.StringType):
- M=bytes_to_long(M) ; wasString=1
- if isinstance(B, types.StringType): B=bytes_to_long(B)
- unblindedmessage=self._unblind(M, B)
- if wasString: return long_to_bytes(unblindedmessage)
- else: return unblindedmessage
-
-
- # The following methods will usually be left alone, except for
- # signature-only algorithms. They both return Boolean values
- # recording whether this key's algorithm can sign and encrypt.
- def can_sign (self):
- """can_sign() : bool
- Return a Boolean value recording whether this algorithm can
- generate signatures. (This does not imply that this
- particular key object has the private information required to
- to generate a signature.)
- """
- return 1
-
- def can_encrypt (self):
- """can_encrypt() : bool
- Return a Boolean value recording whether this algorithm can
- encrypt data. (This does not imply that this
- particular key object has the private information required to
- to decrypt a message.)
- """
- return 1
-
- def can_blind (self):
- """can_blind() : bool
- Return a Boolean value recording whether this algorithm can
- blind data. (This does not imply that this
- particular key object has the private information required to
- to blind a message.)
- """
- return 0
-
- # The following methods will certainly be overridden by
- # subclasses.
-
- def size (self):
- """size() : int
- Return the maximum number of bits that can be handled by this key.
- """
- return 0
-
- def has_private (self):
- """has_private() : bool
- Return a Boolean denoting whether the object contains
- private components.
- """
- return 0
-
- def publickey (self):
- """publickey(): object
- Return a new key object containing only the public information.
- """
- return self
-
- def __eq__ (self, other):
- """__eq__(other): 0, 1
- Compare us to other for equality.
- """
- return self.__getstate__() == other.__getstate__()
This directory contains pieces of the PyCrypto package. We've copied just the
-parts we need (AES with zooko's fast-CTR-mode patch, SHA256, Util.number, and
-eventually RSA) into the tahoe tree.
+parts we need (AES with zooko's fast-CTR-mode patch, Util.number) into the tahoe tree.
PyCrypto is published with the following license:
+++ /dev/null
-/*\r
- * An implementation of the SHA-256 hash function, this is endian neutral\r
- * so should work just about anywhere.\r
- *\r
- * This code works much like the MD5 code provided by RSA. You sha_init()\r
- * a "sha_state" then sha_process() the bytes you want and sha_done() to get\r
- * the output.\r
- *\r
- * Revised Code: Complies to SHA-256 standard now.\r
- *\r
- * Tom St Denis -- http://tomstdenis.home.dhs.org\r
- * */\r
-#include "Python.h"\r
-#define MODULE_NAME SHA256\r
-#define DIGEST_SIZE 32\r
-\r
-typedef unsigned char U8;\r
-#ifdef __alpha__\r
-typedef unsigned int U32;\r
-#elif defined(__amd64__)\r
-#include <inttypes.h>\r
-typedef uint32_t U32;\r
-#else\r
-typedef unsigned int U32;\r
-#endif\r
-\r
-typedef struct {\r
- U32 state[8], length, curlen;\r
- unsigned char buf[64];\r
-}\r
-hash_state;\r
-\r
-/* the K array */\r
-static const U32 K[64] = {\r
- 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,\r
- 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,\r
- 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,\r
- 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,\r
- 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,\r
- 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,\r
- 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,\r
- 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,\r
- 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,\r
- 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,\r
- 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,\r
- 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,\r
- 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL\r
-};\r
-\r
-/* Various logical functions */\r
-#define Ch(x,y,z) ((x & y) ^ (~x & z))\r
-#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))\r
-#define S(x, n) (((x)>>((n)&31))|((x)<<(32-((n)&31))))\r
-#define R(x, n) ((x)>>(n))\r
-#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22))\r
-#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25))\r
-#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3))\r
-#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10))\r
-\r
-/* compress 512-bits */\r
-static void sha_compress(hash_state * md)\r
-{\r
- U32 S[8], W[64], t0, t1;\r
- int i;\r
-\r
- /* copy state into S */\r
- for (i = 0; i < 8; i++)\r
- S[i] = md->state[i];\r
-\r
- /* copy the state into 512-bits into W[0..15] */\r
- for (i = 0; i < 16; i++)\r
- W[i] = (((U32) md->buf[(4 * i) + 0]) << 24) |\r
- (((U32) md->buf[(4 * i) + 1]) << 16) |\r
- (((U32) md->buf[(4 * i) + 2]) << 8) |\r
- (((U32) md->buf[(4 * i) + 3]));\r
-\r
- /* fill W[16..63] */\r
- for (i = 16; i < 64; i++)\r
- W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16];\r
-\r
- /* Compress */\r
- for (i = 0; i < 64; i++) {\r
- t0 = S[7] + Sigma1(S[4]) + Ch(S[4], S[5], S[6]) + K[i] + W[i];\r
- t1 = Sigma0(S[0]) + Maj(S[0], S[1], S[2]);\r
- S[7] = S[6];\r
- S[6] = S[5];\r
- S[5] = S[4];\r
- S[4] = S[3] + t0;\r
- S[3] = S[2];\r
- S[2] = S[1];\r
- S[1] = S[0];\r
- S[0] = t0 + t1;\r
- }\r
-\r
- /* feedback */\r
- for (i = 0; i < 8; i++)\r
- md->state[i] += S[i];\r
-}\r
-\r
-/* init the SHA state */\r
-void sha_init(hash_state * md)\r
-{\r
- md->curlen = md->length = 0;\r
- md->state[0] = 0x6A09E667UL;\r
- md->state[1] = 0xBB67AE85UL;\r
- md->state[2] = 0x3C6EF372UL;\r
- md->state[3] = 0xA54FF53AUL;\r
- md->state[4] = 0x510E527FUL;\r
- md->state[5] = 0x9B05688CUL;\r
- md->state[6] = 0x1F83D9ABUL;\r
- md->state[7] = 0x5BE0CD19UL;\r
-}\r
-\r
-void sha_process(hash_state * md, unsigned char *buf, int len)\r
-{\r
- while (len--) {\r
- /* copy byte */\r
- md->buf[md->curlen++] = *buf++;\r
-\r
- /* is 64 bytes full? */\r
- if (md->curlen == 64) {\r
- sha_compress(md);\r
- md->length += 512;\r
- md->curlen = 0;\r
- }\r
- }\r
-}\r
-\r
-void sha_done(hash_state * md, unsigned char *hash)\r
-{\r
- int i;\r
-\r
- /* increase the length of the message */\r
- md->length += md->curlen * 8;\r
-\r
- /* append the '1' bit */\r
- md->buf[md->curlen++] = 0x80;\r
-\r
- /* if the length is currenlly above 56 bytes we append zeros\r
- * then compress. Then we can fall back to padding zeros and length\r
- * encoding like normal.\r
- */\r
- if (md->curlen >= 56) {\r
- for (; md->curlen < 64;)\r
- md->buf[md->curlen++] = 0;\r
- sha_compress(md);\r
- md->curlen = 0;\r
- }\r
-\r
- /* pad upto 56 bytes of zeroes */\r
- for (; md->curlen < 56;)\r
- md->buf[md->curlen++] = 0;\r
-\r
- /* since all messages are under 2^32 bits we mark the top bits zero */\r
- for (i = 56; i < 60; i++)\r
- md->buf[i] = 0;\r
-\r
- /* append length */\r
- for (i = 60; i < 64; i++)\r
- md->buf[i] = (md->length >> ((63 - i) * 8)) & 255;\r
- sha_compress(md);\r
-\r
- /* copy output */\r
- for (i = 0; i < 32; i++)\r
- hash[i] = (md->state[i >> 2] >> (((3 - i) & 3) << 3)) & 255;\r
-}\r
-\r
-// Done\r
-static void hash_init (hash_state *ptr)\r
-{\r
- sha_init(ptr);\r
-}\r
-\r
-// Done\r
-static void \r
-hash_update (hash_state *self, const U8 *buf, U32 len)\r
-{\r
- sha_process(self,(unsigned char *)buf,len);\r
-}\r
-\r
-// Done\r
-static void\r
-hash_copy(hash_state *src, hash_state *dest)\r
-{\r
- memcpy(dest,src,sizeof(hash_state));\r
-}\r
-\r
-// Done\r
-static PyObject *\r
-hash_digest (const hash_state *self)\r
-{\r
- unsigned char digest[32];\r
- hash_state temp;\r
-\r
- hash_copy((hash_state*)self,&temp);\r
- sha_done(&temp,digest);\r
- return PyString_FromStringAndSize((char *)digest, 32);\r
-}\r
-\r
-#include "hash_template.c"\r
projects / tahoe-lafs / tahoe-lafs.git / commitdiff