ctypescrypto/pkey.py

   1 """
   2 This module provides interface for low-level private/public keypair operation
   3
   4 PKey object of this module is wrapper around OpenSSL EVP_PKEY object.
   5 """
   6
   7
   8 from ctypes import c_char_p,c_void_p,byref,c_int,c_long, c_longlong, create_string_buffer,CFUNCTYPE,POINTER
   9 from ctypescrypto import libcrypto
  10 from ctypescrypto.exception import LibCryptoError,clear_err_stack
  11 from ctypescrypto.bio import Membio
  12 import sys
  13
  14 __all__ = ['PKeyError','password_callback','PKey']
  15 class PKeyError(LibCryptoError):
  16     pass
  17
  18 CALLBACK_FUNC=CFUNCTYPE(c_int,c_char_p,c_int,c_int,c_char_p)
  19 def password_callback(buf,length,rwflag,u):
  20     """
  21     Example password callback for private key. Assumes that
  22     password is store in the userdata parameter, so allows to pass password
  23     from constructor arguments to the libcrypto keyloading functions
  24     """
  25     cnt=len(u)
  26     if length<cnt:
  27         cnt=length
  28     memmove(buf,u,cnt)
  29     return cnt
  30
  31 _cb=CALLBACK_FUNC(password_callback)
  32
  33 class PKey(object):
  34     def __init__(self,ptr=None,privkey=None,pubkey=None,format="PEM",cansign=False,password=None):
  35         if not ptr is None:
  36             self.key=ptr
  37             self.cansign=cansign
  38             if not privkey is None or not pubkey is None:
  39                 raise TypeError("Just one of ptr, pubkey or privkey can be specified")
  40         elif not privkey is None:
  41             if not pubkey is None:
  42                 raise TypeError("Just one of ptr, pubkey or privkey can be specified")
  43             b=Membio(privkey)
  44             self.cansign=True
  45             if format == "PEM":
  46                 self.key=libcrypto.PEM_read_bio_PrivateKey(b.bio,None,_cb,c_char_p(password))
  47             else:
  48                 self.key=libcrypto.d2i_PrivateKey_bio(b.bio,None)
  49             if self.key is None:
  50                 raise PKeyError("error parsing private key")
  51         elif not pubkey is None:
  52             b=Membio(pubkey)
  53             self.cansign=False
  54             if format == "PEM":
  55                 self.key=libcrypto.PEM_read_bio_PUBKEY(b.bio,None,_cb,None)
  56             else:
  57                 self.key=libcrypto.d2i_PUBKEY_bio(b.bio,None)
  58             if self.key is None:
  59                 raise PKeyError("error parsing public key")
  60         else:
  61             raise TypeError("Neither public, nor private key is specified")
  62
  63
  64     def __del__(self):
  65         libcrypto.EVP_PKEY_free(self.key)
  66     def __eq__(self,other):
  67         """ Compares two public keys. If one has private key and other
  68             doesn't it doesn't affect result of comparation
  69         """
  70         return libcrypto.EVP_PKEY_cmp(self.key,other.key)==1
  71     def __ne__(self,other):
  72         return not self.__eq__(other)
  73     def __str__(self):
  74         """ printable representation of public key """
  75         b=Membio()
  76         libcrypto.EVP_PKEY_print_public(b.bio,self.key,0,None)
  77         return str(b)
  78
  79     def sign(self,digest,**kwargs):
  80         """
  81             Signs given digest and retirns signature
  82             Keyword arguments allows to set various algorithm-specific
  83             parameters. See pkeyutl(1) manual.
  84         """
  85         ctx=libcrypto.EVP_PKEY_CTX_new(self.key,None)
  86         if ctx is None:
  87             raise PKeyError("Initailizing sign context")
  88         if libcrypto.EVP_PKEY_sign_init(ctx)<1:
  89             raise PKeyError("sign_init")
  90         self._configure_context(ctx,kwargs)
  91         # Find out signature size
  92         siglen=c_long(0)
  93         if libcrypto.EVP_PKEY_sign(ctx,None,byref(siglen),digest,len(digest))<1:
  94             raise PKeyError("signing")
  95         sig=create_string_buffer(siglen.value)
  96         libcrypto.EVP_PKEY_sign(ctx,sig,byref(siglen),digest,len(digest))
  97         libcrypto.EVP_PKEY_CTX_free(ctx)
  98         return sig.raw[:siglen.value]
  99
 100     def verify(self,digest,signature,**kwargs):
 101         """
 102             Verifies given signature on given digest
 103             Returns True if Ok, False if don't match
 104             Keyword arguments allows to set algorithm-specific
 105             parameters
 106         """
 107         ctx=libcrypto.EVP_PKEY_CTX_new(self.key,None)
 108         if ctx is None:
 109             raise PKeyError("Initailizing verify context")
 110         if libcrypto.EVP_PKEY_verify_init(ctx)<1:
 111             raise PKeyError("verify_init")
 112         self._configure_context(ctx,kwargs)
 113         rv=libcrypto.EVP_PKEY_verify(ctx,signature,len(signature),digest,len(digest))
 114         if rv<0:
 115             raise PKeyError("Signature verification")
 116         libcrypto.EVP_PKEY_CTX_free(ctx)
 117         return rv>0
 118     def derive(self,peerkey,**kwargs):
 119         """
 120             Derives shared key (DH,ECDH,VKO 34.10). Requires
 121             private key available
 122
 123             @param peerkey - other key (may be public only)
 124
 125             Keyword parameters are algorithm-specific
 126         """
 127         ctx=libcrypto.EVP_PKEY_CTX_new(self.key,None)
 128         if ctx is None:
 129             raise PKeyError("Initailizing derive context")
 130         if libcrypto.EVP_PKEY_derive_init(ctx)<1:
 131             raise PKeyError("derive_init")
 132
 133
 134         self._configure_context(ctx,kwargs,["ukm"])
 135         if libcrypto.EVP_PKEY_derive_set_peer(ctx,peerkey.key)<=0:
 136             raise PKeyError("Cannot set peer key")
 137         if "ukm" in kwargs:
 138              if libcrypto.EVP_PKEY_CTX_ctrl(ctx,-1,1<<10,8,8,kwargs["ukm"])<=0:
 139                 raise PKeyError("Cannot set UKM")
 140         keylen=c_long(0)
 141         if libcrypto.EVP_PKEY_derive(ctx,None,byref(keylen))<=0:
 142             raise PKeyError("computing shared key length")
 143         buf=create_string_buffer(keylen.value)
 144         if libcrypto.EVP_PKEY_derive(ctx,buf,byref(keylen))<=0:
 145             raise PKeyError("computing actual shared key")
 146         libcrypto.EVP_PKEY_CTX_free(ctx)
 147         return buf.raw[:keylen.value]
 148     @staticmethod
 149     def generate(algorithm,**kwargs):
 150         """
 151             Generates new private-public key pair for given algorithm
 152             (string like 'rsa','ec','gost2001') and algorithm-specific
 153             parameters.
 154
 155             Algorithm specific paramteers for RSA:
 156
 157             rsa_keygen_bits=number - size of key to be generated
 158             rsa_keygen_pubexp - RSA public expontent(default 65537)
 159
 160             Algorithm specific parameters for DSA,DH and EC
 161
 162             paramsfrom=PKey object
 163
 164             copy parameters of newly generated key from existing key
 165
 166             Algorithm specific parameters for GOST2001
 167
 168             paramset= paramset name where name is one of
 169             'A','B','C','XA','XB','test'
 170
 171             paramsfrom does work too
 172         """
 173         tmpeng=c_void_p(None)
 174         ameth=libcrypto.EVP_PKEY_asn1_find_str(byref(tmpeng),algorithm,-1)
 175         if ameth is None:
 176             raise PKeyError("Algorithm %s not foind\n"%(algname))
 177         clear_err_stack()
 178         pkey_id=c_int(0)
 179         libcrypto.EVP_PKEY_asn1_get0_info(byref(pkey_id),None,None,None,None,ameth)
 180         #libcrypto.ENGINE_finish(tmpeng)
 181         if "paramsfrom" in kwargs:
 182             ctx=libcrypto.EVP_PKEY_CTX_new(kwargs["paramsfrom"].key,None)
 183         else:
 184             ctx=libcrypto.EVP_PKEY_CTX_new_id(pkey_id,None)
 185         # FIXME support EC curve as keyword param by invoking paramgen
 186         # operation
 187         if ctx is None:
 188             raise PKeyError("Creating context for key type %d"%(pkey_id.value))
 189         if libcrypto.EVP_PKEY_keygen_init(ctx) <=0 :
 190             raise PKeyError("keygen_init")
 191         PKey._configure_context(ctx,kwargs,["paramsfrom"])
 192         key=c_void_p(None)
 193         if libcrypto.EVP_PKEY_keygen(ctx,byref(key))<=0:
 194             raise PKeyError("Error generating key")
 195         libcrypto.EVP_PKEY_CTX_free(ctx)
 196         return PKey(ptr=key,cansign=True)
 197     def exportpub(self,format="PEM"):
 198         """
 199             Returns public key as PEM or DER structure.
 200         """
 201         b=Membio()
 202         if format == "PEM":
 203             r=libcrypto.PEM_write_bio_PUBKEY(b.bio,self.key)
 204         else:
 205             r=libcrypto.i2d_PUBKEY_bio(b.bio,self.key)
 206         if r==0:
 207             raise PKeyError("error serializing public key")
 208         return str(b)
 209     def exportpriv(self,format="PEM",password=None,cipher=None):
 210         """
 211             Returns private key as PEM or DER Structure.
 212             If password and cipher are specified, encrypts key
 213             on given password, using given algorithm. Cipher must be
 214             an ctypescrypto.cipher.CipherType object
 215         """
 216         b=Membio()
 217         if cipher is None:
 218             evp_cipher=None
 219         else:
 220             if password is None:
 221                 raise NotImplementedError("Interactive password entry is not supported")
 222             evp_cipher=cipher.cipher
 223         if format == "PEM":
 224             r=libcrypto.PEM_write_bio_PrivateKey(b.bio,self.key,evp_cipher,None,0,_cb,
 225                 password)
 226         else:
 227             if cipher is not None:
 228                 raise NotImplementedError("Der-formatted encrypted keys are not supported")
 229             r=libcrypto.i2d_PrivateKey_bio(b.bio,self.key)
 230         if r==0:
 231             raise PKeyError("error serializing private key")
 232         return str(b)
 233     @staticmethod
 234     def _configure_context(ctx,opts,skip=[]):
 235         """
 236             Configures context of public key operations
 237             @param ctx - context to configure
 238             @param opts - dictionary of options (from kwargs of calling
 239                 function)
 240             @param skip - list of options which shouldn't be passed to
 241                 context
 242         """
 243
 244         for oper in opts:
 245             if oper in skip:
 246                 continue
 247             rv=libcrypto.EVP_PKEY_CTX_ctrl_str(ctx,oper,str(opts[oper]))
 248             if rv==-2:
 249                 raise PKeyError("Parameter %s is not supported by key"%(oper,))
 250             if rv<1:
 251                 raise PKeyError("Error setting parameter %s"%(oper,))
 252 # Declare function prototypes
 253 libcrypto.EVP_PKEY_cmp.argtypes=(c_void_p,c_void_p)
 254 libcrypto.PEM_read_bio_PrivateKey.restype=c_void_p
 255 libcrypto.PEM_read_bio_PrivateKey.argtypes=(c_void_p,POINTER(c_void_p),CALLBACK_FUNC,c_char_p)
 256 libcrypto.PEM_read_bio_PUBKEY.restype=c_void_p
 257 libcrypto.PEM_read_bio_PUBKEY.argtypes=(c_void_p,POINTER(c_void_p),CALLBACK_FUNC,c_char_p)
 258 libcrypto.d2i_PUBKEY_bio.restype=c_void_p
 259 libcrypto.d2i_PUBKEY_bio.argtypes=(c_void_p,c_void_p)
 260 libcrypto.d2i_PrivateKey_bio.restype=c_void_p
 261 libcrypto.d2i_PrivateKey_bio.argtypes=(c_void_p,c_void_p)
 262 libcrypto.EVP_PKEY_print_public.argtypes=(c_void_p,c_void_p,c_int,c_void_p)
 263 libcrypto.EVP_PKEY_asn1_find_str.restype=c_void_p
 264 libcrypto.EVP_PKEY_asn1_find_str.argtypes=(c_void_p,c_char_p,c_int)
 265 libcrypto.EVP_PKEY_asn1_get0_info.restype=c_int
 266 libcrypto.EVP_PKEY_asn1_get0_info.argtypes=(POINTER(c_int),POINTER(c_int),POINTER(c_int),POINTER(c_char_p), POINTER(c_char_p),c_void_p)
 267 libcrypto.EVP_PKEY_cmp.restype=c_int
 268 libcrypto.EVP_PKEY_cmp.argtypes=(c_void_p,c_void_p)
 269 libcrypto.EVP_PKEY_CTX_ctrl_str.restype=c_int
 270 libcrypto.EVP_PKEY_CTX_ctrl_str.argtypes=(c_void_p,c_void_p,c_void_p)
 271 libcrypto.EVP_PKEY_CTX_ctrl.restype=c_int
 272 libcrypto.EVP_PKEY_CTX_ctrl.argtypes=(c_void_p,c_int,c_int,c_int,c_int,c_void_p)
 273 libcrypto.EVP_PKEY_CTX_free.argtypes=(c_void_p,)
 274 libcrypto.EVP_PKEY_CTX_new.restype=c_void_p
 275 libcrypto.EVP_PKEY_CTX_new.argtypes=(c_void_p,c_void_p)
 276 libcrypto.EVP_PKEY_CTX_new_id.restype=c_void_p
 277 libcrypto.EVP_PKEY_CTX_new_id.argtypes=(c_int,c_void_p)
 278 libcrypto.EVP_PKEY_derive.restype=c_int
 279 libcrypto.EVP_PKEY_derive.argtypes=(c_void_p,c_char_p,POINTER(c_long))
 280 libcrypto.EVP_PKEY_derive_init.restype=c_int
 281 libcrypto.EVP_PKEY_derive_init.argtypes=(c_void_p,)
 282 libcrypto.EVP_PKEY_derive_set_peer.restype=c_int
 283 libcrypto.EVP_PKEY_derive_set_peer.argtypes=(c_void_p,c_void_p)
 284 libcrypto.EVP_PKEY_free.argtypes=(c_void_p,)
 285 libcrypto.EVP_PKEY_keygen.restype=c_int
 286 libcrypto.EVP_PKEY_keygen.argtypes=(c_void_p,c_void_p)
 287 libcrypto.EVP_PKEY_keygen_init.restype=c_int
 288 libcrypto.EVP_PKEY_keygen_init.argtypes=(c_void_p,)
 289 libcrypto.EVP_PKEY_sign.restype=c_int
 290 libcrypto.EVP_PKEY_sign.argtypes=(c_void_p,c_char_p,POINTER(c_long),c_char_p,c_long)
 291 libcrypto.EVP_PKEY_sign_init.restype=c_int
 292 libcrypto.EVP_PKEY_sign_init.argtypes=(c_void_p,)
 293 libcrypto.EVP_PKEY_verify.restype=c_int
 294 libcrypto.EVP_PKEY_verify.argtypes=(c_void_p,c_char_p,c_long,c_char_p,c_long)
 295 libcrypto.EVP_PKEY_verify_init.restype=c_int
 296 libcrypto.EVP_PKEY_verify_init.argtypes=(c_void_p,)
 297 libcrypto.PEM_write_bio_PrivateKey.argtypes=(c_void_p,c_void_p,c_void_p,c_char_p,c_int,CALLBACK_FUNC,c_char_p)
 298 libcrypto.PEM_write_bio_PUBKEY.argtypes=(c_void_p,c_void_p)
 299 libcrypto.i2d_PUBKEY_bio.argtypes=(c_void_p,c_void_p)
 300 libcrypto.i2d_PrivateKey_bio.argtypes=(c_void_p,c_void_p)
 301 libcrypto.ENGINE_finish.argtypes=(c_void_p,)