Issues in key.py (master) - Issues in master - ospaceteam/outerspace - Measure and Improve Code Quality continuously with Scrutinizer

Issues (229)

server/lib/rsa/key.py (1 issue)

Labels

Duplication 1

Severity

Informational 1

# -*- coding: utf-8 -*-
#
#  Copyright 2011 Sybren A. Stüvel <[email protected]>
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.

'''RSA key generation code.

Create new keys with the newkeys() function. It will give you a PublicKey and a
PrivateKey object.

Loading and saving keys requires the pyasn1 module. This module is imported as
late as possible, such that other functionality will remain working in absence
of pyasn1.

'''

import logging

import rsa.prime
import rsa.pem
import rsa.common

log = logging.getLogger(__name__)

class AbstractKey(object):
    '''Abstract superclass for private and public keys.'''

    @classmethod
    def load_pkcs1(cls, keyfile, format='PEM'):
        r'''Loads a key in PKCS#1 DER or PEM format.

        :param keyfile: contents of a DER- or PEM-encoded file that contains
            the public key.
        :param format: the format of the file to load; 'PEM' or 'DER'

        :return: a PublicKey object

        '''

        methods = {
            'PEM': cls._load_pkcs1_pem,
            'DER': cls._load_pkcs1_der,
        }

        if format not in methods:
            formats = ', '.join(sorted(methods.keys()))
            raise ValueError('Unsupported format: %r, try one of %s' % (format,
                formats))

        method = methods[format]
        return method(keyfile)

    def save_pkcs1(self, format='PEM'):
        '''Saves the public key in PKCS#1 DER or PEM format.

        :param format: the format to save; 'PEM' or 'DER'
        :returns: the DER- or PEM-encoded public key.

        '''

        methods = {
            'PEM': self._save_pkcs1_pem,
            'DER': self._save_pkcs1_der,
        }

        if format not in methods:
            formats = ', '.join(sorted(methods.keys()))
            raise ValueError('Unsupported format: %r, try one of %s' % (format,
                formats))

        method = methods[format]
        return method()

class PublicKey(AbstractKey):
    '''Represents a public RSA key.

    This key is also known as the 'encryption key'. It contains the 'n' and 'e'
    values.

    Supports attributes as well as dictionary-like access. Attribute accesss is
    faster, though.

    >>> PublicKey(5, 3)
    PublicKey(5, 3)

    >>> key = PublicKey(5, 3)
    >>> key.n
    5
    >>> key['n']
    5
    >>> key.e
    3
    >>> key['e']
    3

    '''

    __slots__ = ('n', 'e')

    def __init__(self, n, e):
        self.n = n
        self.e = e

    def __getitem__(self, key):
        return getattr(self, key)

    def __repr__(self):
        return u'PublicKey(%i, %i)' % (self.n, self.e)

    def __eq__(self, other):
        if other is None:
            return False

        if not isinstance(other, PublicKey):
            return False

        return self.n == other.n and self.e == other.e

    def __ne__(self, other):
        return not (self == other)

    @classmethod
    def _load_pkcs1_der(cls, keyfile):
        r'''Loads a key in PKCS#1 DER format.

        @param keyfile: contents of a DER-encoded file that contains the public
            key.
        @return: a PublicKey object

        First let's construct a DER encoded key:

        >>> import base64
        >>> b64der = 'MAwCBQCNGmYtAgMBAAE='
        >>> der = base64.decodestring(b64der)

        This loads the file:

        >>> PublicKey._load_pkcs1_der(der)
        PublicKey(2367317549, 65537)

        '''

        from pyasn1.codec.der import decoder
        (priv, _) = decoder.decode(keyfile)

        # ASN.1 contents of DER encoded public key:
        #
        # RSAPublicKey ::= SEQUENCE {
        #     modulus           INTEGER,  -- n
        #     publicExponent    INTEGER,  -- e

        as_ints = tuple(int(x) for x in priv)
        return cls(*as_ints)

    def _save_pkcs1_der(self):
        '''Saves the public key in PKCS#1 DER format.

        @returns: the DER-encoded public key.
        '''

        from pyasn1.type import univ, namedtype
        from pyasn1.codec.der import encoder

        class AsnPubKey(univ.Sequence):
            componentType = namedtype.NamedTypes(
                namedtype.NamedType('modulus', univ.Integer()),
                namedtype.NamedType('publicExponent', univ.Integer()),
            )

        # Create the ASN object
        asn_key = AsnPubKey()
        asn_key.setComponentByName('modulus', self.n)
        asn_key.setComponentByName('publicExponent', self.e)

        return encoder.encode(asn_key)

    @classmethod
    def _load_pkcs1_pem(cls, keyfile):
        '''Loads a PKCS#1 PEM-encoded public key file.

        The contents of the file before the "-----BEGIN RSA PUBLIC KEY-----" and
        after the "-----END RSA PUBLIC KEY-----" lines is ignored.

        @param keyfile: contents of a PEM-encoded file that contains the public
            key.
        @return: a PublicKey object
        '''

        der = rsa.pem.load_pem(keyfile, 'RSA PUBLIC KEY')
        return cls._load_pkcs1_der(der)

    def _save_pkcs1_pem(self):
        '''Saves a PKCS#1 PEM-encoded public key file.

        @return: contents of a PEM-encoded file that contains the public key.
        '''

        der = self._save_pkcs1_der()
        return rsa.pem.save_pem(der, 'RSA PUBLIC KEY')

class PrivateKey(AbstractKey):
    '''Represents a private RSA key.

    This key is also known as the 'decryption key'. It contains the 'n', 'e',
    'd', 'p', 'q' and other values.

    Supports attributes as well as dictionary-like access. Attribute accesss is
    faster, though.

    >>> PrivateKey(3247, 65537, 833, 191, 17)
    PrivateKey(3247, 65537, 833, 191, 17)

    exp1, exp2 and coef don't have to be given, they will be calculated:

    >>> pk = PrivateKey(3727264081, 65537, 3349121513, 65063, 57287)
    >>> pk.exp1
    55063
    >>> pk.exp2
    10095
    >>> pk.coef
    50797

    If you give exp1, exp2 or coef, they will be used as-is:

    >>> pk = PrivateKey(1, 2, 3, 4, 5, 6, 7, 8)
    >>> pk.exp1
    6
    >>> pk.exp2
    7
    >>> pk.coef
    8

    '''

    __slots__ = ('n', 'e', 'd', 'p', 'q', 'exp1', 'exp2', 'coef')

    def __init__(self, n, e, d, p, q, exp1=None, exp2=None, coef=None):
        self.n = n
        self.e = e
        self.d = d
        self.p = p
        self.q = q

        # Calculate the other values if they aren't supplied
        if exp1 is None:
            self.exp1 = int(d % (p - 1))
        else:
            self.exp1 = exp1

        if exp1 is None:
            self.exp2 = int(d % (q - 1))
        else:
            self.exp2 = exp2

        if coef is None:
            (_, self.coef, _) = extended_gcd(q, p)
        else:
            self.coef = coef

    def __getitem__(self, key):
        return getattr(self, key)

    def __repr__(self):
        return u'PrivateKey(%(n)i, %(e)i, %(d)i, %(p)i, %(q)i)' % self

    def __eq__(self, other):
        if other is None:
            return False

        if not isinstance(other, PrivateKey):
            return False

        return (self.n == other.n and
            self.e == other.e and
            self.d == other.d and
            self.p == other.p and
            self.q == other.q and
            self.exp1 == other.exp1 and
            self.exp2 == other.exp2 and
            self.coef == other.coef)

    def __ne__(self, other):
        return not (self == other)

    @classmethod
    def _load_pkcs1_der(cls, keyfile):
        r'''Loads a key in PKCS#1 DER format.

        @param keyfile: contents of a DER-encoded file that contains the private
            key.
        @return: a PrivateKey object

        First let's construct a DER encoded key:

        >>> import base64
        >>> b64der = 'MC4CAQACBQDeKYlRAgMBAAECBQDHn4npAgMA/icCAwDfxwIDANcXAgInbwIDAMZt'
        >>> der = base64.decodestring(b64der)

        This loads the file:

        >>> PrivateKey._load_pkcs1_der(der)
        PrivateKey(3727264081, 65537, 3349121513, 65063, 57287)

        '''

        from pyasn1.codec.der import decoder
        (priv, _) = decoder.decode(keyfile)

        # ASN.1 contents of DER encoded private key:
        #
        # RSAPrivateKey ::= SEQUENCE {
        #     version           Version,
        #     modulus           INTEGER,  -- n
        #     publicExponent    INTEGER,  -- e
        #     privateExponent   INTEGER,  -- d
        #     prime1            INTEGER,  -- p
        #     prime2            INTEGER,  -- q
        #     exponent1         INTEGER,  -- d mod (p-1)
        #     exponent2         INTEGER,  -- d mod (q-1)
        #     coefficient       INTEGER,  -- (inverse of q) mod p
        #     otherPrimeInfos   OtherPrimeInfos OPTIONAL
        # }

        if priv[0] != 0:
            raise ValueError('Unable to read this file, version %s != 0' % priv[0])

        as_ints = tuple(int(x) for x in priv[1:9])
        return cls(*as_ints)

    def _save_pkcs1_der(self):
        '''Saves the private key in PKCS#1 DER format.

        @returns: the DER-encoded private key.
        '''

        from pyasn1.type import univ, namedtype
        from pyasn1.codec.der import encoder

        class AsnPrivKey(univ.Sequence):
            componentType = namedtype.NamedTypes(
                namedtype.NamedType('version', univ.Integer()),
                namedtype.NamedType('modulus', univ.Integer()),
                namedtype.NamedType('publicExponent', univ.Integer()),
                namedtype.NamedType('privateExponent', univ.Integer()),
                namedtype.NamedType('prime1', univ.Integer()),
                namedtype.NamedType('prime2', univ.Integer()),
                namedtype.NamedType('exponent1', univ.Integer()),
                namedtype.NamedType('exponent2', univ.Integer()),
                namedtype.NamedType('coefficient', univ.Integer()),
            )

        # Create the ASN object
        asn_key = AsnPrivKey()
        asn_key.setComponentByName('version', 0)
        asn_key.setComponentByName('modulus', self.n)
        asn_key.setComponentByName('publicExponent', self.e)
        asn_key.setComponentByName('privateExponent', self.d)
        asn_key.setComponentByName('prime1', self.p)
        asn_key.setComponentByName('prime2', self.q)
        asn_key.setComponentByName('exponent1', self.exp1)
        asn_key.setComponentByName('exponent2', self.exp2)
        asn_key.setComponentByName('coefficient', self.coef)

        return encoder.encode(asn_key)

    @classmethod
    def _load_pkcs1_pem(cls, keyfile):
        '''Loads a PKCS#1 PEM-encoded private key file.

        The contents of the file before the "-----BEGIN RSA PRIVATE KEY-----" and
        after the "-----END RSA PRIVATE KEY-----" lines is ignored.

        @param keyfile: contents of a PEM-encoded file that contains the private
            key.
        @return: a PrivateKey object
        '''

        der = rsa.pem.load_pem(keyfile, 'RSA PRIVATE KEY')
        return cls._load_pkcs1_der(der)

    def _save_pkcs1_pem(self):
        '''Saves a PKCS#1 PEM-encoded private key file.

        @return: contents of a PEM-encoded file that contains the private key.
        '''

        der = self._save_pkcs1_der()
        return rsa.pem.save_pem(der, 'RSA PRIVATE KEY')


def extended_gcd(a, b):

    """Returns a tuple (r, i, j) such that r = gcd(a, b) = ia + jb
    """
    # r = gcd(a,b) i = multiplicitive inverse of a mod b
    #      or      j = multiplicitive inverse of b mod a
    # Neg return values for i or j are made positive mod b or a respectively
    # Iterateive Version is faster and uses much less stack space
    x = 0
    y = 1
    lx = 1
    ly = 0
    oa = a                             #Remember original a/b to remove
    ob = b                             #negative values from return results
    while b != 0:
        q = a // b
        (a, b)  = (b, a % b)
        (x, lx) = ((lx - (q * x)),x)
        (y, ly) = ((ly - (q * y)),y)
    if (lx < 0): lx += ob              #If neg wrap modulo orignal b
    if (ly < 0): ly += oa              #If neg wrap modulo orignal a
    return (a, lx, ly)                 #Return only positive values

def find_p_q(nbits, accurate=True):
    ''''Returns a tuple of two different primes of nbits bits each.

    The resulting p * q has exacty 2 * nbits bits, and the returned p and q
    will not be equal.

    @param nbits: the number of bits in each of p and q.
    @param accurate: whether to enable accurate mode or not.
    @returns (p, q), where p > q

    >>> (p, q) = find_p_q(128)
    >>> from rsa import common
    >>> common.bit_size(p * q)
    256

    When not in accurate mode, the number of bits can be slightly less

    >>> (p, q) = find_p_q(128, accurate=False)
    >>> from rsa import common
    >>> common.bit_size(p * q) <= 256
    True
    >>> common.bit_size(p * q) > 240
    True

    '''

    total_bits = nbits * 2

    # Make sure that p and q aren't too close or the factoring programs can
    # factor n.
    shift = nbits // 16
    pbits = nbits + shift
    qbits = nbits - shift

    # Choose the two initial primes
    log.debug('find_p_q(%i): Finding p', nbits)
    p = rsa.prime.getprime(pbits)
    log.debug('find_p_q(%i): Finding q', nbits)
    q = rsa.prime.getprime(qbits)

    def is_acceptable(p, q):
        '''Returns True iff p and q are acceptable:

            - p and q differ
            - (p * q) has the right nr of bits (when accurate=True)
        '''

        if p == q:
            return False

        if not accurate:
            return True

        # Make sure we have just the right amount of bits
        found_size = rsa.common.bit_size(p * q)
        return total_bits == found_size

    # Keep choosing other primes until they match our requirements.
    change_p = False
    tries = 0
    while not is_acceptable(p, q):
        tries += 1
        # Change p on one iteration and q on the other
        if change_p:
            log.debug('   find another p')
            p = rsa.prime.getprime(pbits)
        else:
            log.debug('   find another q')
            q = rsa.prime.getprime(qbits)

        change_p = not change_p

    # We want p > q as described on
    # http://www.di-mgt.com.au/rsa_alg.html#crt
    return (max(p, q), min(p, q))

def calculate_keys(p, q, nbits):
    """Calculates an encryption and a decryption key given p and q, and
    returns them as a tuple (e, d)

    """

    phi_n = (p - 1) * (q - 1)

    # A very common choice for e is 65537
    e = 65537

    (divider, d, _) = extended_gcd(e, phi_n)

    if divider != 1:
        raise ValueError("e (%d) and phi_n (%d) are not relatively prime" %
                (e, phi_n))
    if (d < 0):
        raise ValueError("extended_gcd shouldn't return negative values, "
                "please file a bug")
    if (e * d) % phi_n != 1:
        raise ValueError("e (%d) and d (%d) are not mult. inv. modulo "
                "phi_n (%d)" % (e, d, phi_n))

    return (e, d)

def gen_keys(nbits, accurate=True):
    """Generate RSA keys of nbits bits. Returns (p, q, e, d).

    Note: this can take a long time, depending on the key size.

    @param nbits: the total number of bits in ``p`` and ``q``. Both ``p`` and
        ``q`` will use ``nbits/2`` bits.
    """

    (p, q) = find_p_q(nbits // 2, accurate)
    (e, d) = calculate_keys(p, q, nbits // 2)

    return (p, q, e, d)

def newkeys(nbits, accurate=True):
    """Generates public and private keys, and returns them as (pub, priv).

    The public key is also known as the 'encryption key', and is a
    :py:class:`PublicKey` object. The private key is also known as the
    'decryption key' and is a :py:class:`PrivateKey` object.

    :param nbits: the number of bits required to store ``n = p*q``.
    :param accurate: when True, ``n`` will have exactly the number of bits you
        asked for. However, this makes key generation much slower. When False,
        `n`` may have slightly less bits.

    :returns: a tuple (:py:class:`rsa.PublicKey`, :py:class:`rsa.PrivateKey`)

    """

    if nbits < 16:
        raise ValueError('Key too small')

    (p, q, e, d) = gen_keys(nbits)

    n = p * q

    return (
        PublicKey(n, e),
        PrivateKey(n, e, d, p, q)
    )

__all__ = ['PublicKey', 'PrivateKey', 'newkeys']

if __name__ == '__main__':
    import doctest

    try:
        for count in range(100):
            (failures, tests) = doctest.testmod()
            if failures:
                break

            if (count and count % 10 == 0) or count == 1:
                print '%i times' % count
    except KeyboardInterrupt:
        print 'Aborted'
    else:
        print 'Doctests done'


1		# -- coding: utf-8 --
2		#
3		# Copyright 2011 Sybren A. Stüvel <[email protected]>
4		#
5		# Licensed under the Apache License, Version 2.0 (the "License");
6		# you may not use this file except in compliance with the License.
7		# You may obtain a copy of the License at
8		#
9		# http://www.apache.org/licenses/LICENSE-2.0
10		#
11		# Unless required by applicable law or agreed to in writing, software
12		# distributed under the License is distributed on an "AS IS" BASIS,
13		# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		# See the License for the specific language governing permissions and
15		# limitations under the License.
16
17		'''RSA key generation code.
18
19		Create new keys with the newkeys() function. It will give you a PublicKey and a
20		PrivateKey object.
21
22		Loading and saving keys requires the pyasn1 module. This module is imported as
23		late as possible, such that other functionality will remain working in absence
24		of pyasn1.
25
26		'''
27
28		import logging
29
30		import rsa.prime
31		import rsa.pem
32		import rsa.common
33
34		log = logging.getLogger(__name__)
35
36		class AbstractKey(object):
37		'''Abstract superclass for private and public keys.'''
38
39		@classmethod
40		def load_pkcs1(cls, keyfile, format='PEM'):
41		r'''Loads a key in PKCS#1 DER or PEM format.
42
43		:param keyfile: contents of a DER- or PEM-encoded file that contains
44		the public key.
45		:param format: the format of the file to load; 'PEM' or 'DER'
46
47		:return: a PublicKey object
48
49		'''
50
51		methods = {
52		'PEM': cls._load_pkcs1_pem,
53		'DER': cls._load_pkcs1_der,
54		}
55
56		if format not in methods:
57		formats = ', '.join(sorted(methods.keys()))
58		raise ValueError('Unsupported format: %r, try one of %s' % (format,
59		formats))
60
61		method = methods[format]
62		return method(keyfile)
63
64		def save_pkcs1(self, format='PEM'):
65		'''Saves the public key in PKCS#1 DER or PEM format.
66
67		:param format: the format to save; 'PEM' or 'DER'
68		:returns: the DER- or PEM-encoded public key.
69
70		'''
71
72		methods = {
73		'PEM': self._save_pkcs1_pem,
74		'DER': self._save_pkcs1_der,
75		}
76
77		if format not in methods:
78		formats = ', '.join(sorted(methods.keys()))
79		raise ValueError('Unsupported format: %r, try one of %s' % (format,
80		formats))
81
82		method = methods[format]
83		return method()
84
85		class PublicKey(AbstractKey):
86		'''Represents a public RSA key.
87
88		This key is also known as the 'encryption key'. It contains the 'n' and 'e'
89		values.
90
91		Supports attributes as well as dictionary-like access. Attribute accesss is
92		faster, though.
93
94		>>> PublicKey(5, 3)
95		PublicKey(5, 3)
96
97		>>> key = PublicKey(5, 3)
98		>>> key.n
99		5
100		>>> key['n']
101		5
102		>>> key.e
103		3
104		>>> key['e']
105		3
106
107		'''
108
109		__slots__ = ('n', 'e')
110
111		def __init__(self, n, e):
112		self.n = n
113		self.e = e
114
115		def __getitem__(self, key):
116		return getattr(self, key)
117
118		def __repr__(self):
119		return u'PublicKey(%i, %i)' % (self.n, self.e)
120
121		def __eq__(self, other):
122		if other is None:
123		return False
124
125		if not isinstance(other, PublicKey):
126		return False
127
128		return self.n == other.n and self.e == other.e
129
130		def __ne__(self, other):
131		return not (self == other)
132
133		@classmethod
134		def _load_pkcs1_der(cls, keyfile):
135		r'''Loads a key in PKCS#1 DER format.
136
137		@param keyfile: contents of a DER-encoded file that contains the public
138		key.
139		@return: a PublicKey object
140
141		First let's construct a DER encoded key:
142
143		>>> import base64
144		>>> b64der = 'MAwCBQCNGmYtAgMBAAE='
145		>>> der = base64.decodestring(b64der)
146
147		This loads the file:
148
149		>>> PublicKey._load_pkcs1_der(der)
150		PublicKey(2367317549, 65537)
151
152		'''
153
154		from pyasn1.codec.der import decoder
155		(priv, _) = decoder.decode(keyfile)
156
157		# ASN.1 contents of DER encoded public key:
158		#
159		# RSAPublicKey ::= SEQUENCE {
160		# modulus INTEGER, -- n
161		# publicExponent INTEGER, -- e
162
163		as_ints = tuple(int(x) for x in priv)
164		return cls(*as_ints)
165
166		def _save_pkcs1_der(self):
167		'''Saves the public key in PKCS#1 DER format.
168
169		@returns: the DER-encoded public key.
170		'''
171
172		from pyasn1.type import univ, namedtype
173		from pyasn1.codec.der import encoder
174
175		class AsnPubKey(univ.Sequence):
176		componentType = namedtype.NamedTypes(
177		namedtype.NamedType('modulus', univ.Integer()),
178		namedtype.NamedType('publicExponent', univ.Integer()),
179		)
180
181		# Create the ASN object
182		asn_key = AsnPubKey()
183		asn_key.setComponentByName('modulus', self.n)
184		asn_key.setComponentByName('publicExponent', self.e)
185
186		return encoder.encode(asn_key)
187
188		@classmethod
189		def _load_pkcs1_pem(cls, keyfile):
190		'''Loads a PKCS#1 PEM-encoded public key file.
191
192		The contents of the file before the "-----BEGIN RSA PUBLIC KEY-----" and
193		after the "-----END RSA PUBLIC KEY-----" lines is ignored.
194
195		@param keyfile: contents of a PEM-encoded file that contains the public
196		key.
197		@return: a PublicKey object
198		'''
199
200		der = rsa.pem.load_pem(keyfile, 'RSA PUBLIC KEY')
201		return cls._load_pkcs1_der(der)
202
203		def _save_pkcs1_pem(self):
204		'''Saves a PKCS#1 PEM-encoded public key file.
205
206		@return: contents of a PEM-encoded file that contains the public key.
207		'''
208
209		der = self._save_pkcs1_der()
210		return rsa.pem.save_pem(der, 'RSA PUBLIC KEY')
211
212		class PrivateKey(AbstractKey):
213		'''Represents a private RSA key.
214
215		This key is also known as the 'decryption key'. It contains the 'n', 'e',
216		'd', 'p', 'q' and other values.
217
218		Supports attributes as well as dictionary-like access. Attribute accesss is
219		faster, though.
220
221		>>> PrivateKey(3247, 65537, 833, 191, 17)
222		PrivateKey(3247, 65537, 833, 191, 17)
223
224		exp1, exp2 and coef don't have to be given, they will be calculated:
225
226		>>> pk = PrivateKey(3727264081, 65537, 3349121513, 65063, 57287)
227		>>> pk.exp1
228		55063
229		>>> pk.exp2
230		10095
231		>>> pk.coef
232		50797
233
234		If you give exp1, exp2 or coef, they will be used as-is:
235
236		>>> pk = PrivateKey(1, 2, 3, 4, 5, 6, 7, 8)
237		>>> pk.exp1
238		6
239		>>> pk.exp2
240		7
241		>>> pk.coef
242		8
243
244		'''
245
246		__slots__ = ('n', 'e', 'd', 'p', 'q', 'exp1', 'exp2', 'coef')
247
248		def __init__(self, n, e, d, p, q, exp1=None, exp2=None, coef=None):
249		self.n = n
250		self.e = e
251		self.d = d
252		self.p = p
253		self.q = q
254
255		# Calculate the other values if they aren't supplied
256		if exp1 is None:
257		self.exp1 = int(d % (p - 1))
258		else:
259		self.exp1 = exp1
260
261		if exp1 is None:
262		self.exp2 = int(d % (q - 1))
263		else:
264		self.exp2 = exp2
265
266		if coef is None:
267		(_, self.coef, _) = extended_gcd(q, p)
268		else:
269		self.coef = coef
270
271		def __getitem__(self, key):
272		return getattr(self, key)
273
274		def __repr__(self):
275		return u'PrivateKey(%(n)i, %(e)i, %(d)i, %(p)i, %(q)i)' % self
276
277		def __eq__(self, other):
278		if other is None:
279		return False
280
281		if not isinstance(other, PrivateKey):
282		return False
283
284		return (self.n == other.n and
285		self.e == other.e and
286		self.d == other.d and
287		self.p == other.p and
288		self.q == other.q and
289		self.exp1 == other.exp1 and
290		self.exp2 == other.exp2 and
291		self.coef == other.coef)
292
293		def __ne__(self, other):
294		return not (self == other)
295
296		@classmethod
297		def _load_pkcs1_der(cls, keyfile):
298		r'''Loads a key in PKCS#1 DER format.
299
300		@param keyfile: contents of a DER-encoded file that contains the private
301		key.
302		@return: a PrivateKey object
303
304		First let's construct a DER encoded key:
305
306		>>> import base64
307		>>> b64der = 'MC4CAQACBQDeKYlRAgMBAAECBQDHn4npAgMA/icCAwDfxwIDANcXAgInbwIDAMZt'
308		>>> der = base64.decodestring(b64der)
309
310		This loads the file:
311
312		>>> PrivateKey._load_pkcs1_der(der)
313		PrivateKey(3727264081, 65537, 3349121513, 65063, 57287)
314
315		'''
316
317		from pyasn1.codec.der import decoder
318		(priv, _) = decoder.decode(keyfile)
319
320		# ASN.1 contents of DER encoded private key:
321		#
322		# RSAPrivateKey ::= SEQUENCE {
323		# version Version,
324		# modulus INTEGER, -- n
325		# publicExponent INTEGER, -- e
326		# privateExponent INTEGER, -- d
327		# prime1 INTEGER, -- p
328		# prime2 INTEGER, -- q
329		# exponent1 INTEGER, -- d mod (p-1)
330		# exponent2 INTEGER, -- d mod (q-1)
331		# coefficient INTEGER, -- (inverse of q) mod p
332		# otherPrimeInfos OtherPrimeInfos OPTIONAL
333		# }
334
335		if priv[0] != 0:
336		raise ValueError('Unable to read this file, version %s != 0' % priv[0])
337
338		as_ints = tuple(int(x) for x in priv[1:9])
339		return cls(*as_ints)
340
341		def _save_pkcs1_der(self):
342		'''Saves the private key in PKCS#1 DER format.
343
344		@returns: the DER-encoded private key.
345		'''
346
347		from pyasn1.type import univ, namedtype
348		from pyasn1.codec.der import encoder
349
350		class AsnPrivKey(univ.Sequence):
351		componentType = namedtype.NamedTypes(
352		namedtype.NamedType('version', univ.Integer()),
353		namedtype.NamedType('modulus', univ.Integer()),
354		namedtype.NamedType('publicExponent', univ.Integer()),
355		namedtype.NamedType('privateExponent', univ.Integer()),
356		namedtype.NamedType('prime1', univ.Integer()),
357		namedtype.NamedType('prime2', univ.Integer()),
358		namedtype.NamedType('exponent1', univ.Integer()),
359		namedtype.NamedType('exponent2', univ.Integer()),
360		namedtype.NamedType('coefficient', univ.Integer()),
361		)
362
363		# Create the ASN object
364		asn_key = AsnPrivKey()
365		asn_key.setComponentByName('version', 0)
366		asn_key.setComponentByName('modulus', self.n)
367		asn_key.setComponentByName('publicExponent', self.e)
368		asn_key.setComponentByName('privateExponent', self.d)
369		asn_key.setComponentByName('prime1', self.p)
370		asn_key.setComponentByName('prime2', self.q)
371		asn_key.setComponentByName('exponent1', self.exp1)
372		asn_key.setComponentByName('exponent2', self.exp2)
373		asn_key.setComponentByName('coefficient', self.coef)
374
375		return encoder.encode(asn_key)
376
377		@classmethod
378		def _load_pkcs1_pem(cls, keyfile):
379		'''Loads a PKCS#1 PEM-encoded private key file.
380
381		The contents of the file before the "-----BEGIN RSA PRIVATE KEY-----" and
382		after the "-----END RSA PRIVATE KEY-----" lines is ignored.
383
384		@param keyfile: contents of a PEM-encoded file that contains the private
385		key.
386		@return: a PrivateKey object
387		'''
388
389		der = rsa.pem.load_pem(keyfile, 'RSA PRIVATE KEY')
390		return cls._load_pkcs1_der(der)
391
392		def _save_pkcs1_pem(self):
393		'''Saves a PKCS#1 PEM-encoded private key file.
394
395		@return: contents of a PEM-encoded file that contains the private key.
396		'''
397
398		der = self._save_pkcs1_der()
399		return rsa.pem.save_pem(der, 'RSA PRIVATE KEY')
400
401
402	View Code Duplication	def extended_gcd(a, b):
		0 ignored issues – show Duplication introduced 2018-06-13 22:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated in your project. Loading history...
403		"""Returns a tuple (r, i, j) such that r = gcd(a, b) = ia + jb
404		"""
405		# r = gcd(a,b) i = multiplicitive inverse of a mod b
406		# or j = multiplicitive inverse of b mod a
407		# Neg return values for i or j are made positive mod b or a respectively
408		# Iterateive Version is faster and uses much less stack space
409		x = 0
410		y = 1
411		lx = 1
412		ly = 0
413		oa = a #Remember original a/b to remove
414		ob = b #negative values from return results
415		while b != 0:
416		q = a // b
417		(a, b) = (b, a % b)
418		(x, lx) = ((lx - (q * x)),x)
419		(y, ly) = ((ly - (q * y)),y)
420		if (lx < 0): lx += ob #If neg wrap modulo orignal b
421		if (ly < 0): ly += oa #If neg wrap modulo orignal a
422		return (a, lx, ly) #Return only positive values
423
424		def find_p_q(nbits, accurate=True):
425		''''Returns a tuple of two different primes of nbits bits each.
426
427		The resulting p * q has exacty 2 * nbits bits, and the returned p and q
428		will not be equal.
429
430		@param nbits: the number of bits in each of p and q.
431		@param accurate: whether to enable accurate mode or not.
432		@returns (p, q), where p > q
433
434		>>> (p, q) = find_p_q(128)
435		>>> from rsa import common
436		>>> common.bit_size(p * q)
437		256
438
439		When not in accurate mode, the number of bits can be slightly less
440
441		>>> (p, q) = find_p_q(128, accurate=False)
442		>>> from rsa import common
443		>>> common.bit_size(p * q) <= 256
444		True
445		>>> common.bit_size(p * q) > 240
446		True
447
448		'''
449
450		total_bits = nbits * 2
451
452		# Make sure that p and q aren't too close or the factoring programs can
453		# factor n.
454		shift = nbits // 16
455		pbits = nbits + shift
456		qbits = nbits - shift
457
458		# Choose the two initial primes
459		log.debug('find_p_q(%i): Finding p', nbits)
460		p = rsa.prime.getprime(pbits)
461		log.debug('find_p_q(%i): Finding q', nbits)
462		q = rsa.prime.getprime(qbits)
463
464		def is_acceptable(p, q):
465		'''Returns True iff p and q are acceptable:
466
467		- p and q differ
468		- (p * q) has the right nr of bits (when accurate=True)
469		'''
470
471		if p == q:
472		return False
473
474		if not accurate:
475		return True
476
477		# Make sure we have just the right amount of bits
478		found_size = rsa.common.bit_size(p * q)
479		return total_bits == found_size
480
481		# Keep choosing other primes until they match our requirements.
482		change_p = False
483		tries = 0
484		while not is_acceptable(p, q):
485		tries += 1
486		# Change p on one iteration and q on the other
487		if change_p:
488		log.debug(' find another p')
489		p = rsa.prime.getprime(pbits)
490		else:
491		log.debug(' find another q')
492		q = rsa.prime.getprime(qbits)
493
494		change_p = not change_p
495
496		# We want p > q as described on
497		# http://www.di-mgt.com.au/rsa_alg.html#crt
498		return (max(p, q), min(p, q))
499
500		def calculate_keys(p, q, nbits):
501		"""Calculates an encryption and a decryption key given p and q, and
502		returns them as a tuple (e, d)
503
504		"""
505
506		phi_n = (p - 1) * (q - 1)
507
508		# A very common choice for e is 65537
509		e = 65537
510
511		(divider, d, _) = extended_gcd(e, phi_n)
512
513		if divider != 1:
514		raise ValueError("e (%d) and phi_n (%d) are not relatively prime" %
515		(e, phi_n))
516		if (d < 0):
517		raise ValueError("extended_gcd shouldn't return negative values, "
518		"please file a bug")
519		if (e * d) % phi_n != 1:
520		raise ValueError("e (%d) and d (%d) are not mult. inv. modulo "
521		"phi_n (%d)" % (e, d, phi_n))
522
523		return (e, d)
524
525		def gen_keys(nbits, accurate=True):
526		"""Generate RSA keys of nbits bits. Returns (p, q, e, d).
527
528		Note: this can take a long time, depending on the key size.
529
530		@param nbits: the total number of bits in ``p`` and ``q``. Both ``p`` and
531		``q`` will use ``nbits/2`` bits.
532		"""
533
534		(p, q) = find_p_q(nbits // 2, accurate)
535		(e, d) = calculate_keys(p, q, nbits // 2)
536
537		return (p, q, e, d)
538
539		def newkeys(nbits, accurate=True):
540		"""Generates public and private keys, and returns them as (pub, priv).
541
542		The public key is also known as the 'encryption key', and is a
543		:py:class:`PublicKey` object. The private key is also known as the
544		'decryption key' and is a :py:class:`PrivateKey` object.
545
546		:param nbits: the number of bits required to store ``n = p*q``.
547		:param accurate: when True, ``n`` will have exactly the number of bits you
548		asked for. However, this makes key generation much slower. When False,
549		`n`` may have slightly less bits.
550
551		:returns: a tuple (:py:class:`rsa.PublicKey`, :py:class:`rsa.PrivateKey`)
552
553		"""
554
555		if nbits < 16:
556		raise ValueError('Key too small')
557
558		(p, q, e, d) = gen_keys(nbits)
559
560		n = p * q
561
562		return (
563		PublicKey(n, e),
564		PrivateKey(n, e, d, p, q)
565		)
566
567		__all__ = ['PublicKey', 'PrivateKey', 'newkeys']
568
569		if __name__ == '__main__':
570		import doctest
571
572		try:
573		for count in range(100):
574		(failures, tests) = doctest.testmod()
575		if failures:
576		break
577
578		if (count and count % 10 == 0) or count == 1:
579		print '%i times' % count
580		except KeyboardInterrupt:
581		print 'Aborted'
582		else:
583		print 'Doctests done'
584

ospaceteam / outerspace

Issues (229)

server/lib/rsa/key.py (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like