From: Zooko O'Whielacronx Date: Sat, 10 Nov 2007 01:21:12 +0000 (-0700) Subject: remove parts of pycrypto that we are no longer going to use: SHA256 and RSA X-Git-Tag: allmydata-tahoe-0.7.0~226 X-Git-Url: https://git.rkrishnan.org/components/%22news.html/reliability?a=commitdiff_plain;h=97de6a03d2c725df2cbcb6ee4a02cbe1476fe3c2;p=tahoe-lafs%2Ftahoe-lafs.git remove parts of pycrypto that we are no longer going to use: SHA256 and RSA --- diff --git a/setup.py b/setup.py index b6ecded6..16babab6 100644 --- a/setup.py +++ b/setup.py @@ -122,14 +122,6 @@ setup(name='allmydata-tahoe', Extension("allmydata.Crypto.Cipher.AES", include_dirs=["src/allmydata/Crypto"], sources=["src/allmydata/Crypto/AES.c"]), - Extension("allmydata.Crypto.Hash.SHA256", - include_dirs=["src/allmydata/Crypto"], - sources=["src/allmydata/Crypto/SHA256.c"]), - # _fastmath requires gmp. Since we're not using rsa yet, hold off - # on requiring this. (note that RSA.py doesn't require _fastmath, - # but I doubt we'd want to use the pure-python version). -# Extension("allmydata.Crypto.PublicKey._fastmath", -# sources=["src/allmydata/Crypto/_fastmath.c"]), ], zip_safe=False, # We prefer unzipped for easier access. ) diff --git a/src/allmydata/Crypto/PublicKey/RSA.py b/src/allmydata/Crypto/PublicKey/RSA.py deleted file mode 100644 index b85e3b3a..00000000 --- a/src/allmydata/Crypto/PublicKey/RSA.py +++ /dev/null @@ -1,257 +0,0 @@ -# -# RSA.py : RSA encryption/decryption -# -# Part of the Python Cryptography Toolkit -# -# Distribute and use freely; there are no restrictions on further -# dissemination and usage except those imposed by the laws of your -# country of residence. This software is provided "as is" without -# warranty of fitness for use or suitability for any purpose, express -# or implied. Use at your own risk or not at all. -# - -__revision__ = "$Id: RSA.py,v 1.20 2004/05/06 12:52:54 akuchling Exp $" - -from allmydata.Crypto.PublicKey import pubkey -from allmydata.Crypto.Util import number - -_fastmath = None -try: - from allmydata.Crypto.PublicKey import _fastmath -except ImportError: - pass - -class error (Exception): - pass - -def generate(bits, randfunc, progress_func=None): - """generate(bits:int, randfunc:callable, progress_func:callable) - - Generate an RSA key of length 'bits', using 'randfunc' to get - random data and 'progress_func', if present, to display - the progress of the key generation. - """ - obj=RSAobj() - - # Generate the prime factors of n - if progress_func: - progress_func('p,q\n') - p = q = 1L - while number.size(p*q) < bits: - p = pubkey.getPrime(bits/2, randfunc) - q = pubkey.getPrime(bits/2, randfunc) - - # p shall be smaller than q (for calc of u) - if p > q: - (p, q)=(q, p) - obj.p = p - obj.q = q - - if progress_func: - progress_func('u\n') - obj.u = pubkey.inverse(obj.p, obj.q) - obj.n = obj.p*obj.q - - obj.e = 65537L - if progress_func: - progress_func('d\n') - obj.d=pubkey.inverse(obj.e, (obj.p-1)*(obj.q-1)) - - assert bits <= 1+obj.size(), "Generated key is too small" - - return obj - -def construct(tuple): - """construct(tuple:(long,) : RSAobj - Construct an RSA object from a 2-, 3-, 5-, or 6-tuple of numbers. - """ - - obj=RSAobj() - if len(tuple) not in [2,3,5,6]: - raise error, 'argument for construct() wrong length' - for i in range(len(tuple)): - field = obj.keydata[i] - setattr(obj, field, tuple[i]) - if len(tuple) >= 5: - # Ensure p is smaller than q - if obj.p>obj.q: - (obj.p, obj.q)=(obj.q, obj.p) - - if len(tuple) == 5: - # u not supplied, so we're going to have to compute it. - obj.u=pubkey.inverse(obj.p, obj.q) - - return obj - -class RSAobj(pubkey.pubkey): - keydata = ['n', 'e', 'd', 'p', 'q', 'u'] - def _encrypt(self, plaintext, K=''): - if self.n<=plaintext: - raise error, 'Plaintext too large' - return (pow(plaintext, self.e, self.n),) - - def _decrypt(self, ciphertext): - if (not hasattr(self, 'd')): - raise error, 'Private key not available in this object' - if self.n<=ciphertext[0]: - raise error, 'Ciphertext too large' - return pow(ciphertext[0], self.d, self.n) - - def _sign(self, M, K=''): - return (self._decrypt((M,)),) - - def _verify(self, M, sig): - m2=self._encrypt(sig[0]) - if m2[0]==M: - return 1 - else: return 0 - - def _blind(self, M, B): - tmp = pow(B, self.e, self.n) - return (M * tmp) % self.n - - def _unblind(self, M, B): - tmp = pubkey.inverse(B, self.n) - return (M * tmp) % self.n - - def can_blind (self): - """can_blind() : bool - Return a Boolean value recording whether this algorithm can - blind data. (This does not imply that this - particular key object has the private information required to - to blind a message.) - """ - return 1 - - def size(self): - """size() : int - Return the maximum number of bits that can be handled by this key. - """ - return number.size(self.n) - 1 - - def has_private(self): - """has_private() : bool - Return a Boolean denoting whether the object contains - private components. - """ - if hasattr(self, 'd'): - return 1 - else: return 0 - - def publickey(self): - """publickey(): RSAobj - Return a new key object containing only the public key information. - """ - return construct((self.n, self.e)) - -class RSAobj_c(pubkey.pubkey): - keydata = ['n', 'e', 'd', 'p', 'q', 'u'] - - def __init__(self, key): - self.key = key - - def __getattr__(self, attr): - if attr in self.keydata: - return getattr(self.key, attr) - else: - if self.__dict__.has_key(attr): - self.__dict__[attr] - else: - raise AttributeError, '%s instance has no attribute %s' % (self.__class__, attr) - - def __getstate__(self): - d = {} - for k in self.keydata: - if hasattr(self.key, k): - d[k]=getattr(self.key, k) - return d - - def __setstate__(self, state): - n,e = state['n'], state['e'] - if not state.has_key('d'): - self.key = _fastmath.rsa_construct(n,e) - else: - d = state['d'] - if not state.has_key('q'): - self.key = _fastmath.rsa_construct(n,e,d) - else: - p, q, u = state['p'], state['q'], state['u'] - self.key = _fastmath.rsa_construct(n,e,d,p,q,u) - - def _encrypt(self, plain, K): - return (self.key._encrypt(plain),) - - def _decrypt(self, cipher): - return self.key._decrypt(cipher[0]) - - def _sign(self, M, K): - return (self.key._sign(M),) - - def _verify(self, M, sig): - return self.key._verify(M, sig[0]) - - def _blind(self, M, B): - return self.key._blind(M, B) - - def _unblind(self, M, B): - return self.key._unblind(M, B) - - def can_blind (self): - return 1 - - def size(self): - return self.key.size() - - def has_private(self): - return self.key.has_private() - - def publickey(self): - return construct_c((self.key.n, self.key.e)) - -def generate_c(bits, randfunc, progress_func = None): - # Generate the prime factors of n - if progress_func: - progress_func('p,q\n') - - p = q = 1L - while number.size(p*q) < bits: - p = pubkey.getPrime(bits/2, randfunc) - q = pubkey.getPrime(bits/2, randfunc) - - # p shall be smaller than q (for calc of u) - if p > q: - (p, q)=(q, p) - if progress_func: - progress_func('u\n') - u=pubkey.inverse(p, q) - n=p*q - - e = 65537L - if progress_func: - progress_func('d\n') - d=pubkey.inverse(e, (p-1)*(q-1)) - key = _fastmath.rsa_construct(n,e,d,p,q,u) - obj = RSAobj_c(key) - -## print p -## print q -## print number.size(p), number.size(q), number.size(q*p), -## print obj.size(), bits - assert bits <= 1+obj.size(), "Generated key is too small" - return obj - - -def construct_c(tuple): - key = apply(_fastmath.rsa_construct, tuple) - return RSAobj_c(key) - -object = RSAobj - -generate_py = generate -construct_py = construct - -if _fastmath: - #print "using C version of RSA" - generate = generate_c - construct = construct_c - error = _fastmath.error diff --git a/src/allmydata/Crypto/PublicKey/__init__.py b/src/allmydata/Crypto/PublicKey/__init__.py deleted file mode 100644 index 0d4dfa39..00000000 --- a/src/allmydata/Crypto/PublicKey/__init__.py +++ /dev/null @@ -1,17 +0,0 @@ -"""Public-key encryption and signature algorithms. - -Public-key encryption uses two different keys, one for encryption and -one for decryption. The encryption key can be made public, and the -decryption key is kept private. Many public-key algorithms can also -be used to sign messages, and some can *only* be used for signatures. - -Crypto.PublicKey.DSA Digital Signature Algorithm. (Signature only) -Crypto.PublicKey.ElGamal (Signing and encryption) -Crypto.PublicKey.RSA (Signing, encryption, and blinding) -Crypto.PublicKey.qNEW (Signature only) - -""" - -__all__ = ['RSA'] -__revision__ = "$Id: __init__.py,v 1.4 2003/04/03 20:27:13 akuchling Exp $" - diff --git a/src/allmydata/Crypto/PublicKey/pubkey.py b/src/allmydata/Crypto/PublicKey/pubkey.py deleted file mode 100644 index 091a9c91..00000000 --- a/src/allmydata/Crypto/PublicKey/pubkey.py +++ /dev/null @@ -1,173 +0,0 @@ -# -# pubkey.py : Internal functions for public key operations -# -# Part of the Python Cryptography Toolkit -# -# Distribute and use freely; there are no restrictions on further -# dissemination and usage except those imposed by the laws of your -# country of residence. This software is provided "as is" without -# warranty of fitness for use or suitability for any purpose, express -# or implied. Use at your own risk or not at all. -# - -__revision__ = "$Id: pubkey.py,v 1.11 2003/04/03 20:36:14 akuchling Exp $" - -import types, warnings -from allmydata.Crypto.Util.number import bignum, bytes_to_long, \ - long_to_bytes, error - -# Basic public key class -class pubkey: - def __init__(self): - pass - - def __getstate__(self): - """To keep key objects platform-independent, the key data is - converted to standard Python long integers before being - written out. It will then be reconverted as necessary on - restoration.""" - d=self.__dict__ - for key in self.keydata: - if d.has_key(key): d[key]=long(d[key]) - return d - - def __setstate__(self, d): - """On unpickling a key object, the key data is converted to the big -number representation being used, whether that is Python long -integers, MPZ objects, or whatever.""" - for key in self.keydata: - if d.has_key(key): self.__dict__[key]=bignum(d[key]) - - def encrypt(self, plaintext, K): - """encrypt(plaintext:string|long, K:string|long) : tuple - Encrypt the string or integer plaintext. K is a random - parameter required by some algorithms. - """ - wasString=0 - if isinstance(plaintext, types.StringType): - plaintext=bytes_to_long(plaintext) ; wasString=1 - if isinstance(K, types.StringType): - K=bytes_to_long(K) - ciphertext=self._encrypt(plaintext, K) - if wasString: return tuple(map(long_to_bytes, ciphertext)) - else: return ciphertext - - def decrypt(self, ciphertext): - """decrypt(ciphertext:tuple|string|long): string - Decrypt 'ciphertext' using this key. - """ - wasString=0 - if not isinstance(ciphertext, types.TupleType): - ciphertext=(ciphertext,) - if isinstance(ciphertext[0], types.StringType): - ciphertext=tuple(map(bytes_to_long, ciphertext)) ; wasString=1 - plaintext=self._decrypt(ciphertext) - if wasString: return long_to_bytes(plaintext) - else: return plaintext - - def sign(self, M, K): - """sign(M : string|long, K:string|long) : tuple - Return a tuple containing the signature for the message M. - K is a random parameter required by some algorithms. - """ - if (not self.has_private()): - raise error, 'Private key not available in this object' - if isinstance(M, types.StringType): M=bytes_to_long(M) - if isinstance(K, types.StringType): K=bytes_to_long(K) - return self._sign(M, K) - - def verify (self, M, signature): - """verify(M:string|long, signature:tuple) : bool - Verify that the signature is valid for the message M; - returns true if the signature checks out. - """ - if isinstance(M, types.StringType): M=bytes_to_long(M) - return self._verify(M, signature) - - # alias to compensate for the old validate() name - def validate (self, M, signature): - warnings.warn("validate() method name is obsolete; use verify()", - DeprecationWarning) - - def blind(self, M, B): - """blind(M : string|long, B : string|long) : string|long - Blind message M using blinding factor B. - """ - wasString=0 - if isinstance(M, types.StringType): - M=bytes_to_long(M) ; wasString=1 - if isinstance(B, types.StringType): B=bytes_to_long(B) - blindedmessage=self._blind(M, B) - if wasString: return long_to_bytes(blindedmessage) - else: return blindedmessage - - def unblind(self, M, B): - """unblind(M : string|long, B : string|long) : string|long - Unblind message M using blinding factor B. - """ - wasString=0 - if isinstance(M, types.StringType): - M=bytes_to_long(M) ; wasString=1 - if isinstance(B, types.StringType): B=bytes_to_long(B) - unblindedmessage=self._unblind(M, B) - if wasString: return long_to_bytes(unblindedmessage) - else: return unblindedmessage - - - # The following methods will usually be left alone, except for - # signature-only algorithms. They both return Boolean values - # recording whether this key's algorithm can sign and encrypt. - def can_sign (self): - """can_sign() : bool - Return a Boolean value recording whether this algorithm can - generate signatures. (This does not imply that this - particular key object has the private information required to - to generate a signature.) - """ - return 1 - - def can_encrypt (self): - """can_encrypt() : bool - Return a Boolean value recording whether this algorithm can - encrypt data. (This does not imply that this - particular key object has the private information required to - to decrypt a message.) - """ - return 1 - - def can_blind (self): - """can_blind() : bool - Return a Boolean value recording whether this algorithm can - blind data. (This does not imply that this - particular key object has the private information required to - to blind a message.) - """ - return 0 - - # The following methods will certainly be overridden by - # subclasses. - - def size (self): - """size() : int - Return the maximum number of bits that can be handled by this key. - """ - return 0 - - def has_private (self): - """has_private() : bool - Return a Boolean denoting whether the object contains - private components. - """ - return 0 - - def publickey (self): - """publickey(): object - Return a new key object containing only the public information. - """ - return self - - def __eq__ (self, other): - """__eq__(other): 0, 1 - Compare us to other for equality. - """ - return self.__getstate__() == other.__getstate__() diff --git a/src/allmydata/Crypto/README b/src/allmydata/Crypto/README index 6b4b6a0c..d5f95f63 100644 --- a/src/allmydata/Crypto/README +++ b/src/allmydata/Crypto/README @@ -1,7 +1,6 @@ This directory contains pieces of the PyCrypto package. We've copied just the -parts we need (AES with zooko's fast-CTR-mode patch, SHA256, Util.number, and -eventually RSA) into the tahoe tree. +parts we need (AES with zooko's fast-CTR-mode patch, Util.number) into the tahoe tree. PyCrypto is published with the following license: diff --git a/src/allmydata/Crypto/SHA256.c b/src/allmydata/Crypto/SHA256.c deleted file mode 100644 index 2e61f350..00000000 --- a/src/allmydata/Crypto/SHA256.c +++ /dev/null @@ -1,200 +0,0 @@ -/* - * An implementation of the SHA-256 hash function, this is endian neutral - * so should work just about anywhere. - * - * This code works much like the MD5 code provided by RSA. You sha_init() - * a "sha_state" then sha_process() the bytes you want and sha_done() to get - * the output. - * - * Revised Code: Complies to SHA-256 standard now. - * - * Tom St Denis -- http://tomstdenis.home.dhs.org - * */ -#include "Python.h" -#define MODULE_NAME SHA256 -#define DIGEST_SIZE 32 - -typedef unsigned char U8; -#ifdef __alpha__ -typedef unsigned int U32; -#elif defined(__amd64__) -#include -typedef uint32_t U32; -#else -typedef unsigned int U32; -#endif - -typedef struct { - U32 state[8], length, curlen; - unsigned char buf[64]; -} -hash_state; - -/* the K array */ -static const U32 K[64] = { - 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, - 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, - 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, - 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, - 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL, - 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL, - 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, - 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, - 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL, - 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL, - 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, - 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, - 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL -}; - -/* Various logical functions */ -#define Ch(x,y,z) ((x & y) ^ (~x & z)) -#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) -#define S(x, n) (((x)>>((n)&31))|((x)<<(32-((n)&31)))) -#define R(x, n) ((x)>>(n)) -#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) -#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) -#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) -#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) - -/* compress 512-bits */ -static void sha_compress(hash_state * md) -{ - U32 S[8], W[64], t0, t1; - int i; - - /* copy state into S */ - for (i = 0; i < 8; i++) - S[i] = md->state[i]; - - /* copy the state into 512-bits into W[0..15] */ - for (i = 0; i < 16; i++) - W[i] = (((U32) md->buf[(4 * i) + 0]) << 24) | - (((U32) md->buf[(4 * i) + 1]) << 16) | - (((U32) md->buf[(4 * i) + 2]) << 8) | - (((U32) md->buf[(4 * i) + 3])); - - /* fill W[16..63] */ - for (i = 16; i < 64; i++) - W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; - - /* Compress */ - for (i = 0; i < 64; i++) { - t0 = S[7] + Sigma1(S[4]) + Ch(S[4], S[5], S[6]) + K[i] + W[i]; - t1 = Sigma0(S[0]) + Maj(S[0], S[1], S[2]); - S[7] = S[6]; - S[6] = S[5]; - S[5] = S[4]; - S[4] = S[3] + t0; - S[3] = S[2]; - S[2] = S[1]; - S[1] = S[0]; - S[0] = t0 + t1; - } - - /* feedback */ - for (i = 0; i < 8; i++) - md->state[i] += S[i]; -} - -/* init the SHA state */ -void sha_init(hash_state * md) -{ - md->curlen = md->length = 0; - md->state[0] = 0x6A09E667UL; - md->state[1] = 0xBB67AE85UL; - md->state[2] = 0x3C6EF372UL; - md->state[3] = 0xA54FF53AUL; - md->state[4] = 0x510E527FUL; - md->state[5] = 0x9B05688CUL; - md->state[6] = 0x1F83D9ABUL; - md->state[7] = 0x5BE0CD19UL; -} - -void sha_process(hash_state * md, unsigned char *buf, int len) -{ - while (len--) { - /* copy byte */ - md->buf[md->curlen++] = *buf++; - - /* is 64 bytes full? */ - if (md->curlen == 64) { - sha_compress(md); - md->length += 512; - md->curlen = 0; - } - } -} - -void sha_done(hash_state * md, unsigned char *hash) -{ - int i; - - /* increase the length of the message */ - md->length += md->curlen * 8; - - /* append the '1' bit */ - md->buf[md->curlen++] = 0x80; - - /* if the length is currenlly above 56 bytes we append zeros - * then compress. Then we can fall back to padding zeros and length - * encoding like normal. - */ - if (md->curlen >= 56) { - for (; md->curlen < 64;) - md->buf[md->curlen++] = 0; - sha_compress(md); - md->curlen = 0; - } - - /* pad upto 56 bytes of zeroes */ - for (; md->curlen < 56;) - md->buf[md->curlen++] = 0; - - /* since all messages are under 2^32 bits we mark the top bits zero */ - for (i = 56; i < 60; i++) - md->buf[i] = 0; - - /* append length */ - for (i = 60; i < 64; i++) - md->buf[i] = (md->length >> ((63 - i) * 8)) & 255; - sha_compress(md); - - /* copy output */ - for (i = 0; i < 32; i++) - hash[i] = (md->state[i >> 2] >> (((3 - i) & 3) << 3)) & 255; -} - -// Done -static void hash_init (hash_state *ptr) -{ - sha_init(ptr); -} - -// Done -static void -hash_update (hash_state *self, const U8 *buf, U32 len) -{ - sha_process(self,(unsigned char *)buf,len); -} - -// Done -static void -hash_copy(hash_state *src, hash_state *dest) -{ - memcpy(dest,src,sizeof(hash_state)); -} - -// Done -static PyObject * -hash_digest (const hash_state *self) -{ - unsigned char digest[32]; - hash_state temp; - - hash_copy((hash_state*)self,&temp); - sha_done(&temp,digest); - return PyString_FromStringAndSize((char *)digest, 32); -} - -#include "hash_template.c"