ok
Direktori : /lib64/python2.7/site-packages/M2Crypto/ |
Current File : //lib64/python2.7/site-packages/M2Crypto/RSA.py |
"""M2Crypto wrapper for OpenSSL RSA API. Copyright (c) 1999-2004 Ng Pheng Siong. All rights reserved.""" import sys import util, BIO, Err, m2 class RSAError(Exception): pass m2.rsa_init(RSAError) no_padding = m2.no_padding pkcs1_padding = m2.pkcs1_padding sslv23_padding = m2.sslv23_padding pkcs1_oaep_padding = m2.pkcs1_oaep_padding class RSA: """ RSA Key Pair. """ m2_rsa_free = m2.rsa_free def __init__(self, rsa, _pyfree=0): assert m2.rsa_type_check(rsa), "'rsa' type error" self.rsa = rsa self._pyfree = _pyfree def __del__(self): if getattr(self, '_pyfree', 0): self.m2_rsa_free(self.rsa) def __len__(self): return m2.rsa_size(self.rsa) << 3 def __getattr__(self, name): if name == 'e': return m2.rsa_get_e(self.rsa) elif name == 'n': return m2.rsa_get_n(self.rsa) else: raise AttributeError def pub(self): assert self.check_key(), 'key is not initialised' return m2.rsa_get_e(self.rsa), m2.rsa_get_n(self.rsa) def public_encrypt(self, data, padding): assert self.check_key(), 'key is not initialised' return m2.rsa_public_encrypt(self.rsa, data, padding) def public_decrypt(self, data, padding): assert self.check_key(), 'key is not initialised' return m2.rsa_public_decrypt(self.rsa, data, padding) def private_encrypt(self, data, padding): assert self.check_key(), 'key is not initialised' return m2.rsa_private_encrypt(self.rsa, data, padding) def private_decrypt(self, data, padding): assert self.check_key(), 'key is not initialised' return m2.rsa_private_decrypt(self.rsa, data, padding) def save_key_bio(self, bio, cipher='aes_128_cbc', callback=util.passphrase_callback): """ Save the key pair to an M2Crypto.BIO.BIO object in PEM format. @type bio: M2Crypto.BIO.BIO @param bio: M2Crypto.BIO.BIO object to save key to. @type cipher: string @param cipher: Symmetric cipher to protect the key. The default cipher is 'aes_128_cbc'. If cipher is None, then the key is saved in the clear. @type callback: Python callable @param callback: A Python callable object that is invoked to acquire a passphrase with which to protect the key. The default is util.passphrase_callback. """ if cipher is None: return m2.rsa_write_key_no_cipher(self.rsa, bio._ptr(), callback) else: ciph = getattr(m2, cipher, None) if ciph is None: raise RSAError, 'not such cipher %s' % cipher else: ciph = ciph() return m2.rsa_write_key(self.rsa, bio._ptr(), ciph, callback) def save_key(self, file, cipher='aes_128_cbc', callback=util.passphrase_callback): """ Save the key pair to a file in PEM format. @type file: string @param file: Name of file to save key to. @type cipher: string @param cipher: Symmetric cipher to protect the key. The default cipher is 'aes_128_cbc'. If cipher is None, then the key is saved in the clear. @type callback: Python callable @param callback: A Python callable object that is invoked to acquire a passphrase with which to protect the key. The default is util.passphrase_callback. """ bio = BIO.openfile(file, 'wb') return self.save_key_bio(bio, cipher, callback) save_pem = save_key def as_pem(self, cipher='aes_128_cbc', callback=util.passphrase_callback): """ Returns the key(pair) as a string in PEM format. """ bio = BIO.MemoryBuffer() self.save_key_bio(bio, cipher, callback) return bio.read() def save_key_der_bio(self, bio): """ Save the key pair to an M2Crypto.BIO.BIO object in DER format. @type bio: M2Crypto.BIO.BIO @param bio: M2Crypto.BIO.BIO object to save key to. """ return m2.rsa_write_key_der(self.rsa, bio._ptr()) def save_key_der(self, file): """ Save the key pair to a file in DER format. @type file: str @param file: Filename to save key to """ bio = BIO.openfile(file, 'wb') return self.save_key_der_bio(bio) def save_pub_key_bio(self, bio): """ Save the public key to an M2Crypto.BIO.BIO object in PEM format. @type bio: M2Crypto.BIO.BIO @param bio: M2Crypto.BIO.BIO object to save key to. """ return m2.rsa_write_pub_key(self.rsa, bio._ptr()) def save_pub_key(self, file): """ Save the public key to a file in PEM format. @type file: string @param file: Name of file to save key to. """ bio = BIO.openfile(file, 'wb') return m2.rsa_write_pub_key(self.rsa, bio._ptr()) def check_key(self): return m2.rsa_check_key(self.rsa) def sign_rsassa_pss(self, digest, algo='sha1', salt_length=20): """ Signs a digest with the private key using RSASSA-PSS @requires: OpenSSL 0.9.7h or later. @type digest: str @param digest: A digest created by using the digest method @type salt_length: int @param salt_length: The length of the salt to use @type algo: str @param algo: The hash algorithm to use @return: a string which is the signature """ hash = getattr(m2, algo, None) if hash is None: raise ValueError('not such hash algorithm %s' % hash_algo) signature = m2.rsa_padding_add_pkcs1_pss(self.rsa, digest, hash(), salt_length) return self.private_encrypt(signature, m2.no_padding) def verify_rsassa_pss(self, data, signature, algo='sha1', salt_length=20): """ Verifies the signature RSASSA-PSS @requires: OpenSSL 0.9.7h or later. @type data: str @param data: Data that has been signed @type signature: str @param signature: The signature signed with RSASSA-PSS @type salt_length: int @param salt_length: The length of the salt that was used @type algo: str @param algo: The hash algorithm to use @return: 1 or 0, depending on whether the signature was verified or not. """ hash = getattr(m2, algo, None) if hash is None: raise ValueError('not such hash algorithm %s' % hash_algo) plain_signature = self.public_decrypt(signature, m2.no_padding) return m2.rsa_verify_pkcs1_pss(self.rsa, data, plain_signature, hash(), salt_length) def sign(self, digest, algo='sha1'): """ Signs a digest with the private key @type digest: str @param digest: A digest created by using the digest method @type algo: str @param algo: The method that created the digest. Legal values are 'sha1','sha224', 'sha256', 'ripemd160', and 'md5'. @return: a string which is the signature """ digest_type = getattr(m2, 'NID_' + algo, None) if digest_type is None: raise ValueError, ('unknown algorithm', algo) return m2.rsa_sign(self.rsa, digest, digest_type) def verify(self, data, signature, algo='sha1'): """ Verifies the signature with the public key @type data: str @param data: Data that has been signed @type signature: str @param signature: The signature signed with the private key @type algo: str @param algo: The method use to create digest from the data before it was signed. Legal values are 'sha1','sha224', 'sha256', 'ripemd160', and 'md5'. @return: True or False, depending on whether the signature was verified. """ digest_type = getattr(m2, 'NID_' + algo, None) if digest_type is None: raise ValueError, ('unknown algorithm', algo) return m2.rsa_verify(self.rsa, data, signature, digest_type) class RSA_pub(RSA): """ Object interface to an RSA public key. """ def __setattr__(self, name, value): if name in ['e', 'n']: raise RSAError, \ 'use factory function new_pub_key() to set (e, n)' else: self.__dict__[name] = value def private_encrypt(self, *argv): raise RSAError, 'RSA_pub object has no private key' def private_decrypt(self, *argv): raise RSAError, 'RSA_pub object has no private key' def save_key(self, file, *args, **kw): """ Save public key to file. """ return self.save_pub_key(file) def save_key_bio(self, bio, *args, **kw): """ Save public key to BIO. """ return self.save_pub_key_bio(bio) #save_key_der #save_key_der_bio def check_key(self): return m2.rsa_check_pub_key(self.rsa) def rsa_error(): raise RSAError, m2.err_reason_error_string(m2.err_get_error()) def keygen_callback(p, n, out=sys.stdout): """ Default callback for gen_key(). """ ch = ['.','+','*','\n'] out.write(ch[p]) out.flush() def gen_key(bits, e, callback=keygen_callback): """ Generate an RSA key pair. @type bits: int @param bits: Key length, in bits. @type e: int @param e: The RSA public exponent. @type callback: Python callable @param callback: A Python callable object that is invoked during key generation; its usual purpose is to provide visual feedback. The default callback is keygen_callback. @rtype: M2Crypto.RSA.RSA @return: M2Crypto.RSA.RSA object. """ return RSA(m2.rsa_generate_key(bits, e, callback), 1) def load_key(file, callback=util.passphrase_callback): """ Load an RSA key pair from file. @type file: string @param file: Name of file containing RSA public key in PEM format. @type callback: Python callable @param callback: A Python callable object that is invoked to acquire a passphrase with which to unlock the key. The default is util.passphrase_callback. @rtype: M2Crypto.RSA.RSA @return: M2Crypto.RSA.RSA object. """ bio = BIO.openfile(file) return load_key_bio(bio, callback) def load_key_bio(bio, callback=util.passphrase_callback): """ Load an RSA key pair from an M2Crypto.BIO.BIO object. @type bio: M2Crypto.BIO.BIO @param bio: M2Crypto.BIO.BIO object containing RSA key pair in PEM format. @type callback: Python callable @param callback: A Python callable object that is invoked to acquire a passphrase with which to unlock the key. The default is util.passphrase_callback. @rtype: M2Crypto.RSA.RSA @return: M2Crypto.RSA.RSA object. """ rsa = m2.rsa_read_key(bio._ptr(), callback) if rsa is None: rsa_error() return RSA(rsa, 1) def load_key_string(string, callback=util.passphrase_callback): """ Load an RSA key pair from a string. @type string: string @param string: String containing RSA key pair in PEM format. @type callback: Python callable @param callback: A Python callable object that is invoked to acquire a passphrase with which to unlock the key. The default is util.passphrase_callback. @rtype: M2Crypto.RSA.RSA @return: M2Crypto.RSA.RSA object. """ bio = BIO.MemoryBuffer(string) return load_key_bio(bio, callback) def load_pub_key(file): """ Load an RSA public key from file. @type file: string @param file: Name of file containing RSA public key in PEM format. @rtype: M2Crypto.RSA.RSA_pub @return: M2Crypto.RSA.RSA_pub object. """ bio = BIO.openfile(file) return load_pub_key_bio(bio) def load_pub_key_bio(bio): """ Load an RSA public key from an M2Crypto.BIO.BIO object. @type bio: M2Crypto.BIO.BIO @param bio: M2Crypto.BIO.BIO object containing RSA public key in PEM format. @rtype: M2Crypto.RSA.RSA_pub @return: M2Crypto.RSA.RSA_pub object. """ rsa = m2.rsa_read_pub_key(bio._ptr()) if rsa is None: rsa_error() return RSA_pub(rsa, 1) def new_pub_key((e, n)): """ Instantiate an RSA_pub object from an (e, n) tuple. @type e: string @param e: The RSA public exponent; it is a string in OpenSSL's MPINT format - 4-byte big-endian bit-count followed by the appropriate number of bits. @type n: string @param n: The RSA composite of primes; it is a string in OpenSSL's MPINT format - 4-byte big-endian bit-count followed by the appropriate number of bits. @rtype: M2Crypto.RSA.RSA_pub @return: M2Crypto.RSA.RSA_pub object. """ rsa = m2.rsa_new() m2.rsa_set_e(rsa, e) m2.rsa_set_n(rsa, n) return RSA_pub(rsa, 1)