RVC-beta-v2-0618-get

Paused

App Files Files Community

RVC-beta-v2-0618-get / runtime /Lib /site-packages /Crypto /PublicKey /DSA.py

arxify

Upload folder using huggingface_hub

ba2f5d6 almost 3 years ago

raw

history blame contribute delete

22.4 kB

	# -- coding: utf-8 --
	#
	# PublicKey/DSA.py : DSA signature primitive
	#
	# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
	#
	# ===================================================================
	# The contents of this file are dedicated to the public domain. To
	# the extent that dedication to the public domain is not available,
	# everyone is granted a worldwide, perpetual, royalty-free,
	# non-exclusive license to exercise all rights associated with the
	# contents of this file for any purpose whatsoever.
	# No rights are reserved.
	#
	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
	# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
	# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
	# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
	# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
	# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	# SOFTWARE.
	# ===================================================================

	__all__ = ['generate', 'construct', 'DsaKey', 'import_key' ]

	import binascii
	import struct
	import itertools

	from Crypto.Util.py3compat import bchr, bord, tobytes, tostr, iter_range

	from Crypto import Random
	from Crypto.IO import PKCS8, PEM
	from Crypto.Hash import SHA256
	from Crypto.Util.asn1 import (
	DerObject, DerSequence,
	DerInteger, DerObjectId,
	DerBitString,
	)

	from Crypto.Math.Numbers import Integer
	from Crypto.Math.Primality import (test_probable_prime, COMPOSITE,
	PROBABLY_PRIME)

	from Crypto.PublicKey import (_expand_subject_public_key_info,
	_create_subject_public_key_info,
	_extract_subject_public_key_info)

	# ; The following ASN.1 types are relevant for DSA
	#
	# SubjectPublicKeyInfo ::= SEQUENCE {
	# algorithm AlgorithmIdentifier,
	# subjectPublicKey BIT STRING
	# }
	#
	# id-dsa ID ::= { iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 1 }
	#
	# ; See RFC3279
	# Dss-Parms ::= SEQUENCE {
	# p INTEGER,
	# q INTEGER,
	# g INTEGER
	# }
	#
	# DSAPublicKey ::= INTEGER
	#
	# DSSPrivatKey_OpenSSL ::= SEQUENCE
	# version INTEGER,
	# p INTEGER,
	# q INTEGER,
	# g INTEGER,
	# y INTEGER,
	# x INTEGER
	# }
	#

	class DsaKey(object):
	r"""Class defining an actual DSA key.
	Do not instantiate directly.
	Use :func:`generate`, :func:`construct` or :func:`import_key` instead.

	:ivar p: DSA modulus
	:vartype p: integer

	:ivar q: Order of the subgroup
	:vartype q: integer

	:ivar g: Generator
	:vartype g: integer

	:ivar y: Public key
	:vartype y: integer

	:ivar x: Private key
	:vartype x: integer

	:undocumented: exportKey, publickey
	"""

	_keydata = ['y', 'g', 'p', 'q', 'x']

	def __init__(self, key_dict):
	input_set = set(key_dict.keys())
	public_set = set(('y' , 'g', 'p', 'q'))
	if not public_set.issubset(input_set):
	raise ValueError("Some DSA components are missing = %s" %
	str(public_set - input_set))
	extra_set = input_set - public_set
	if extra_set and extra_set != set(('x',)):
	raise ValueError("Unknown DSA components = %s" %
	str(extra_set - set(('x',))))
	self._key = dict(key_dict)

	def _sign(self, m, k):
	if not self.has_private():
	raise TypeError("DSA public key cannot be used for signing")
	if not (1 < k < self.q):
	raise ValueError("k is not between 2 and q-1")

	x, q, p, g = [self._key[comp] for comp in ['x', 'q', 'p', 'g']]

	blind_factor = Integer.random_range(min_inclusive=1,
	max_exclusive=q)
	inv_blind_k = (blind_factor * k).inverse(q)
	blind_x = x * blind_factor

	r = pow(g, k, p) % q # r = (g**k mod p) mod q
	s = (inv_blind_k * (blind_factor * m + blind_x * r)) % q
	return map(int, (r, s))

	def _verify(self, m, sig):
	r, s = sig
	y, q, p, g = [self._key[comp] for comp in ['y', 'q', 'p', 'g']]
	if not (0 < r < q) or not (0 < s < q):
	return False
	w = Integer(s).inverse(q)
	u1 = (w * m) % q
	u2 = (w * r) % q
	v = (pow(g, u1, p) * pow(y, u2, p) % p) % q
	return v == r

	def has_private(self):
	"""Whether this is a DSA private key"""

	return 'x' in self._key

	def can_encrypt(self): # legacy
	return False

	def can_sign(self): # legacy
	return True

	def public_key(self):
	"""A matching DSA public key.

	Returns:
	a new :class:`DsaKey` object
	"""

	public_components = dict((k, self._key[k]) for k in ('y', 'g', 'p', 'q'))
	return DsaKey(public_components)

	def __eq__(self, other):
	if bool(self.has_private()) != bool(other.has_private()):
	return False

	result = True
	for comp in self._keydata:
	result = result and (getattr(self._key, comp, None) ==
	getattr(other._key, comp, None))
	return result

	def __ne__(self, other):
	return not self.__eq__(other)

	def __getstate__(self):
	# DSA key is not pickable
	from pickle import PicklingError
	raise PicklingError

	def domain(self):
	"""The DSA domain parameters.

	Returns
	tuple : (p,q,g)
	"""

	return [int(self._key[comp]) for comp in ('p', 'q', 'g')]

	def __repr__(self):
	attrs = []
	for k in self._keydata:
	if k == 'p':
	bits = Integer(self.p).size_in_bits()
	attrs.append("p(%d)" % (bits,))
	elif hasattr(self, k):
	attrs.append(k)
	if self.has_private():
	attrs.append("private")
	# PY3K: This is meant to be text, do not change to bytes (data)
	return "<%s @0x%x %s>" % (self.__class__.__name__, id(self), ",".join(attrs))

	def __getattr__(self, item):
	try:
	return int(self._key[item])
	except KeyError:
	raise AttributeError(item)

	def export_key(self, format='PEM', pkcs8=None, passphrase=None,
	protection=None, randfunc=None):
	"""Export this DSA key.

	Args:
	format (string):
	The encoding for the output:

	- 'PEM' (default). ASCII as per `RFC1421`_/ `RFC1423`_.
	- 'DER'. Binary ASN.1 encoding.
	- 'OpenSSH'. ASCII one-liner as per `RFC4253`_.
	Only suitable for public keys, not for private keys.

	passphrase (string):
	Private keys only. The pass phrase to protect the output.

	pkcs8 (boolean):
	Private keys only. If ``True`` (default), the key is encoded
	with `PKCS#8`_. If ``False``, it is encoded in the custom
	OpenSSL/OpenSSH container.

	protection (string):
	Only in combination with a pass phrase.
	The encryption scheme to use to protect the output.

	If :data:`pkcs8` takes value ``True``, this is the PKCS#8
	algorithm to use for deriving the secret and encrypting
	the private DSA key.
	For a complete list of algorithms, see :mod:`Crypto.IO.PKCS8`.
	The default is PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC.

	If :data:`pkcs8` is ``False``, the obsolete PEM encryption scheme is
	used. It is based on MD5 for key derivation, and Triple DES for
	encryption. Parameter :data:`protection` is then ignored.

	The combination ``format='DER'`` and ``pkcs8=False`` is not allowed
	if a passphrase is present.

	randfunc (callable):
	A function that returns random bytes.
	By default it is :func:`Crypto.Random.get_random_bytes`.

	Returns:
	byte string : the encoded key

	Raises:
	ValueError : when the format is unknown or when you try to encrypt a private
	key with DER format and OpenSSL/OpenSSH.

	.. warning::
	If you don't provide a pass phrase, the private key will be
	exported in the clear!

	.. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt
	.. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt
	.. _RFC4253: http://www.ietf.org/rfc/rfc4253.txt
	.. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt
	"""

	if passphrase is not None:
	passphrase = tobytes(passphrase)

	if randfunc is None:
	randfunc = Random.get_random_bytes

	if format == 'OpenSSH':
	tup1 = [self._key[x].to_bytes() for x in ('p', 'q', 'g', 'y')]

	def func(x):
	if (bord(x[0]) & 0x80):
	return bchr(0) + x
	else:
	return x

	tup2 = [func(x) for x in tup1]
	keyparts = [b'ssh-dss'] + tup2
	keystring = b''.join(
	[struct.pack(">I", len(kp)) + kp for kp in keyparts]
	)
	return b'ssh-dss ' + binascii.b2a_base64(keystring)[:-1]

	# DER format is always used, even in case of PEM, which simply
	# encodes it into BASE64.
	params = DerSequence([self.p, self.q, self.g])
	if self.has_private():
	if pkcs8 is None:
	pkcs8 = True
	if pkcs8:
	if not protection:
	protection = 'PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC'
	private_key = DerInteger(self.x).encode()
	binary_key = PKCS8.wrap(
	private_key, oid, passphrase,
	protection, key_params=params,
	randfunc=randfunc
	)
	if passphrase:
	key_type = 'ENCRYPTED PRIVATE'
	else:
	key_type = 'PRIVATE'
	passphrase = None
	else:
	if format != 'PEM' and passphrase:
	raise ValueError("DSA private key cannot be encrypted")
	ints = [0, self.p, self.q, self.g, self.y, self.x]
	binary_key = DerSequence(ints).encode()
	key_type = "DSA PRIVATE"
	else:
	if pkcs8:
	raise ValueError("PKCS#8 is only meaningful for private keys")

	binary_key = _create_subject_public_key_info(oid,
	DerInteger(self.y), params)
	key_type = "PUBLIC"

	if format == 'DER':
	return binary_key
	if format == 'PEM':
	pem_str = PEM.encode(
	binary_key, key_type + " KEY",
	passphrase, randfunc
	)
	return tobytes(pem_str)
	raise ValueError("Unknown key format '%s'. Cannot export the DSA key." % format)

	# Backward-compatibility
	exportKey = export_key
	publickey = public_key

	# Methods defined in PyCrypto that we don't support anymore

	def sign(self, M, K):
	raise NotImplementedError("Use module Crypto.Signature.DSS instead")

	def verify(self, M, signature):
	raise NotImplementedError("Use module Crypto.Signature.DSS instead")

	def encrypt(self, plaintext, K):
	raise NotImplementedError

	def decrypt(self, ciphertext):
	raise NotImplementedError

	def blind(self, M, B):
	raise NotImplementedError

	def unblind(self, M, B):
	raise NotImplementedError

	def size(self):
	raise NotImplementedError


	def _generate_domain(L, randfunc):
	"""Generate a new set of DSA domain parameters"""

	N = { 1024:160, 2048:224, 3072:256 }.get(L)
	if N is None:
	raise ValueError("Invalid modulus length (%d)" % L)

	outlen = SHA256.digest_size * 8
	n = (L + outlen - 1) // outlen - 1 # ceil(L/outlen) -1
	b_ = L - 1 - (n * outlen)

	# Generate q (A.1.1.2)
	q = Integer(4)
	upper_bit = 1 << (N - 1)
	while test_probable_prime(q, randfunc) != PROBABLY_PRIME:
	seed = randfunc(64)
	U = Integer.from_bytes(SHA256.new(seed).digest()) & (upper_bit - 1)
	q = U \| upper_bit \| 1

	assert(q.size_in_bits() == N)

	# Generate p (A.1.1.2)
	offset = 1
	upper_bit = 1 << (L - 1)
	while True:
	V = [ SHA256.new(seed + Integer(offset + j).to_bytes()).digest()
	for j in iter_range(n + 1) ]
	V = [ Integer.from_bytes(v) for v in V ]
	W = sum([V[i] * (1 << (i * outlen)) for i in iter_range(n)],
	(V[n] & ((1 << b_) - 1)) * (1 << (n * outlen)))

	X = Integer(W + upper_bit) # 2^{L-1} < X < 2^{L}
	assert(X.size_in_bits() == L)

	c = X % (q * 2)
	p = X - (c - 1) # 2q divides (p-1)
	if p.size_in_bits() == L and \
	test_probable_prime(p, randfunc) == PROBABLY_PRIME:
	break
	offset += n + 1

	# Generate g (A.2.3, index=1)
	e = (p - 1) // q
	for count in itertools.count(1):
	U = seed + b"ggen" + bchr(1) + Integer(count).to_bytes()
	W = Integer.from_bytes(SHA256.new(U).digest())
	g = pow(W, e, p)
	if g != 1:
	break

	return (p, q, g, seed)


	def generate(bits, randfunc=None, domain=None):
	"""Generate a new DSA key pair.

	The algorithm follows Appendix A.1/A.2 and B.1 of `FIPS 186-4`_,
	respectively for domain generation and key pair generation.

	Args:
	bits (integer):
	Key length, or size (in bits) of the DSA modulus p.
	It must be 1024, 2048 or 3072.

	randfunc (callable):
	Random number generation function; it accepts a single integer N
	and return a string of random data N bytes long.
	If not specified, :func:`Crypto.Random.get_random_bytes` is used.

	domain (tuple):
	The DSA domain parameters p, q and g as a list of 3
	integers. Size of p and q must comply to `FIPS 186-4`_.
	If not specified, the parameters are created anew.

	Returns:
	:class:`DsaKey` : a new DSA key object

	Raises:
	ValueError : when bits is too little, too big, or not a multiple of 64.

	.. _FIPS 186-4: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
	"""

	if randfunc is None:
	randfunc = Random.get_random_bytes

	if domain:
	p, q, g = map(Integer, domain)

	## Perform consistency check on domain parameters
	# P and Q must be prime
	fmt_error = test_probable_prime(p) == COMPOSITE
	fmt_error \|= test_probable_prime(q) == COMPOSITE
	# Verify Lagrange's theorem for sub-group
	fmt_error \|= ((p - 1) % q) != 0
	fmt_error \|= g <= 1 or g >= p
	fmt_error \|= pow(g, q, p) != 1
	if fmt_error:
	raise ValueError("Invalid DSA domain parameters")
	else:
	p, q, g, _ = _generate_domain(bits, randfunc)

	L = p.size_in_bits()
	N = q.size_in_bits()

	if L != bits:
	raise ValueError("Mismatch between size of modulus (%d)"
	" and 'bits' parameter (%d)" % (L, bits))

	if (L, N) not in [(1024, 160), (2048, 224),
	(2048, 256), (3072, 256)]:
	raise ValueError("Lengths of p and q (%d, %d) are not compatible"
	"to FIPS 186-3" % (L, N))

	if not 1 < g < p:
	raise ValueError("Incorrent DSA generator")

	# B.1.1
	c = Integer.random(exact_bits=N + 64, randfunc=randfunc)
	x = c % (q - 1) + 1 # 1 <= x <= q-1
	y = pow(g, x, p)

	key_dict = { 'y':y, 'g':g, 'p':p, 'q':q, 'x':x }
	return DsaKey(key_dict)


	def construct(tup, consistency_check=True):
	"""Construct a DSA key from a tuple of valid DSA components.

	Args:
	tup (tuple):
	A tuple of long integers, with 4 or 5 items
	in the following order:

	1. Public key (y).
	2. Sub-group generator (g).
	3. Modulus, finite field order (p).
	4. Sub-group order (q).
	5. Private key (x). Optional.

	consistency_check (boolean):
	If ``True``, the library will verify that the provided components
	fulfil the main DSA properties.

	Raises:
	ValueError: when the key being imported fails the most basic DSA validity checks.

	Returns:
	:class:`DsaKey` : a DSA key object
	"""

	key_dict = dict(zip(('y', 'g', 'p', 'q', 'x'), map(Integer, tup)))
	key = DsaKey(key_dict)

	fmt_error = False
	if consistency_check:
	# P and Q must be prime
	fmt_error = test_probable_prime(key.p) == COMPOSITE
	fmt_error \|= test_probable_prime(key.q) == COMPOSITE
	# Verify Lagrange's theorem for sub-group
	fmt_error \|= ((key.p - 1) % key.q) != 0
	fmt_error \|= key.g <= 1 or key.g >= key.p
	fmt_error \|= pow(key.g, key.q, key.p) != 1
	# Public key
	fmt_error \|= key.y <= 0 or key.y >= key.p
	if hasattr(key, 'x'):
	fmt_error \|= key.x <= 0 or key.x >= key.q
	fmt_error \|= pow(key.g, key.x, key.p) != key.y

	if fmt_error:
	raise ValueError("Invalid DSA key components")

	return key


	# Dss-Parms ::= SEQUENCE {
	# p OCTET STRING,
	# q OCTET STRING,
	# g OCTET STRING
	# }
	# DSAPublicKey ::= INTEGER -- public key, y

	def _import_openssl_private(encoded, passphrase, params):
	if params:
	raise ValueError("DSA private key already comes with parameters")
	der = DerSequence().decode(encoded, nr_elements=6, only_ints_expected=True)
	if der[0] != 0:
	raise ValueError("No version found")
	tup = [der[comp] for comp in (4, 3, 1, 2, 5)]
	return construct(tup)


	def _import_subjectPublicKeyInfo(encoded, passphrase, params):

	algoid, encoded_key, emb_params = _expand_subject_public_key_info(encoded)
	if algoid != oid:
	raise ValueError("No DSA subjectPublicKeyInfo")
	if params and emb_params:
	raise ValueError("Too many DSA parameters")

	y = DerInteger().decode(encoded_key).value
	p, q, g = list(DerSequence().decode(params or emb_params))
	tup = (y, g, p, q)
	return construct(tup)


	def _import_x509_cert(encoded, passphrase, params):

	sp_info = _extract_subject_public_key_info(encoded)
	return _import_subjectPublicKeyInfo(sp_info, None, params)


	def _import_pkcs8(encoded, passphrase, params):
	if params:
	raise ValueError("PKCS#8 already includes parameters")
	k = PKCS8.unwrap(encoded, passphrase)
	if k[0] != oid:
	raise ValueError("No PKCS#8 encoded DSA key")
	x = DerInteger().decode(k[1]).value
	p, q, g = list(DerSequence().decode(k[2]))
	tup = (pow(g, x, p), g, p, q, x)
	return construct(tup)


	def _import_key_der(key_data, passphrase, params):
	"""Import a DSA key (public or private half), encoded in DER form."""

	decodings = (_import_openssl_private,
	_import_subjectPublicKeyInfo,
	_import_x509_cert,
	_import_pkcs8)

	for decoding in decodings:
	try:
	return decoding(key_data, passphrase, params)
	except ValueError:
	pass

	raise ValueError("DSA key format is not supported")


	def import_key(extern_key, passphrase=None):
	"""Import a DSA key.

	Args:
	extern_key (string or byte string):
	The DSA key to import.

	The following formats are supported for a DSA public key:

	- X.509 certificate (binary DER or PEM)
	- X.509 ``subjectPublicKeyInfo`` (binary DER or PEM)
	- OpenSSH (ASCII one-liner, see `RFC4253`_)

	The following formats are supported for a DSA private key:

	- `PKCS#8`_ ``PrivateKeyInfo`` or ``EncryptedPrivateKeyInfo``
	DER SEQUENCE (binary or PEM)
	- OpenSSL/OpenSSH custom format (binary or PEM)

	For details about the PEM encoding, see `RFC1421`_/`RFC1423`_.

	passphrase (string):
	In case of an encrypted private key, this is the pass phrase
	from which the decryption key is derived.

	Encryption may be applied either at the `PKCS#8`_ or at the PEM level.

	Returns:
	:class:`DsaKey` : a DSA key object

	Raises:
	ValueError : when the given key cannot be parsed (possibly because
	the pass phrase is wrong).

	.. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt
	.. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt
	.. _RFC4253: http://www.ietf.org/rfc/rfc4253.txt
	.. _PKCS#8: http://www.ietf.org/rfc/rfc5208.txt
	"""

	extern_key = tobytes(extern_key)
	if passphrase is not None:
	passphrase = tobytes(passphrase)

	if extern_key.startswith(b'-----'):
	# This is probably a PEM encoded key
	(der, marker, enc_flag) = PEM.decode(tostr(extern_key), passphrase)
	if enc_flag:
	passphrase = None
	return _import_key_der(der, passphrase, None)

	if extern_key.startswith(b'ssh-dss '):
	# This is probably a public OpenSSH key
	keystring = binascii.a2b_base64(extern_key.split(b' ')[1])
	keyparts = []
	while len(keystring) > 4:
	length = struct.unpack(">I", keystring[:4])[0]
	keyparts.append(keystring[4:4 + length])
	keystring = keystring[4 + length:]
	if keyparts[0] == b"ssh-dss":
	tup = [Integer.from_bytes(keyparts[x]) for x in (4, 3, 1, 2)]
	return construct(tup)

	if len(extern_key) > 0 and bord(extern_key[0]) == 0x30:
	# This is probably a DER encoded key
	return _import_key_der(extern_key, passphrase, None)

	raise ValueError("DSA key format is not supported")


	# Backward compatibility
	importKey = import_key

	#: `Object ID`_ for a DSA key.
	#:
	#: id-dsa ID ::= { iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 1 }
	#:
	#: .. _`Object ID`: http://www.alvestrand.no/objectid/1.2.840.10040.4.1.html
	oid = "1.2.840.10040.4.1"