OpenSSL/crypto/pkey.c - platform/external/python/pyopenssl - Gitiles

 /*
  * pkey.c
  *
  * Copyright (C) AB Strakt
  * Copyright (C) Jean-Paul Calderone
  * See LICENSE for details.
  *
  * Public/rivate key handling code, mostly thin wrappers around OpenSSL.
  * See the file RATIONALE for a short explanation of why this module was written.
  *
  */
 #include <Python.h>
 #define crypto_MODULE
 #include "crypto.h"

 /*
  * This is done every time something fails, so turning it into a macro is
  * really nice.
  *
  * Arguments:   None
  * Returns:     Doesn't return
  */
 #define FAIL() \
 do {                                    \
     exception_from_error_queue(crypto_Error); \
     return NULL;                        \
 } while (0)


 static char crypto_PKey_generate_key_doc[] = "\n\
 Generate a key of a given type, with a given number of a bits\n\
 \n\
 :param type: The key type (TYPE_RSA or TYPE_DSA)\n\
 :param bits: The number of bits\n\
 :return: None\n\
 ";

 static PyObject *
 crypto_PKey_generate_key(crypto_PKeyObj *self, PyObject *args)
 {
     int type, bits;
     RSA *rsa;
     DSA *dsa;

     if (!PyArg_ParseTuple(args, "ii:generate_key", &type, &bits))
         return NULL;

     switch (type)
     {
         case crypto_TYPE_RSA:
             if (bits <= 0) {
                 PyErr_SetString(PyExc_ValueError, "Invalid number of bits");
                 return NULL;
             }
             if ((rsa = RSA_generate_key(bits, 0x10001, NULL, NULL)) == NULL)
                 FAIL();
             if (!EVP_PKEY_assign_RSA(self->pkey, rsa))
                 FAIL();
 	    break;

         case crypto_TYPE_DSA:
             if ((dsa = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL)) == NULL)
                 FAIL();
             if (!DSA_generate_key(dsa))
                 FAIL();
             if (!EVP_PKEY_assign_DSA(self->pkey, dsa))
                 FAIL();
 	    break;

         default:
 	    PyErr_SetString(crypto_Error, "No such key type");
 	    return NULL;

     }
     self->initialized = 1;
     Py_INCREF(Py_None);
     return Py_None;
 }

 static char crypto_PKey_bits_doc[] = "\n\
 Returns the number of bits of the key\n\
 \n\
 :return: The number of bits of the key.\n\
 ";

 static PyObject *
 crypto_PKey_bits(crypto_PKeyObj *self, PyObject *args)
 {
     if (!PyArg_ParseTuple(args, ":bits"))
         return NULL;

     return PyLong_FromLong(EVP_PKEY_bits(self->pkey));
 }

 static char crypto_PKey_type_doc[] = "\n\
 Returns the type of the key\n\
 \n\
 :return: The type of the key.\n\
 ";

 static PyObject *
 crypto_PKey_type(crypto_PKeyObj *self, PyObject *args)
 {
     if (!PyArg_ParseTuple(args, ":type"))
         return NULL;

     return PyLong_FromLong(self->pkey->type);
 }

 static char crypto_PKey_check_doc[] = "\n\
 Check the consistency of an RSA private key.\n\
 \n\
 :return: True if key is consistent.\n\
 :raise Error: if the key is inconsistent.\n\
 :raise TypeError: if the key is of a type which cannot be checked.\n\
     Only RSA keys can currently be checked.\n\
 ";

 static PyObject *
 crypto_PKey_check(crypto_PKeyObj *self, PyObject *args) {
     int r;

     if (!PyArg_ParseTuple(args, ":check")) {
         return NULL;
     }

     if (self->pkey->type == EVP_PKEY_RSA) {
         RSA *rsa;
         rsa = EVP_PKEY_get1_RSA(self->pkey);
         r = RSA_check_key(rsa);
         if (r == 1) {
             return PyBool_FromLong(1L);
         } else {
             FAIL();
         }
     } else {
         PyErr_SetString(PyExc_TypeError, "key type unsupported");
         return NULL;
     }
 }

 /*
  * ADD_METHOD(name) expands to a correct PyMethodDef declaration
  *   {  'name', (PyCFunction)crypto_PKey_name, METH_VARARGS }
  * for convenience
  */
 #define ADD_METHOD(name)        \
     { #name, (PyCFunction)crypto_PKey_##name, METH_VARARGS, crypto_PKey_##name##_doc }
 static PyMethodDef crypto_PKey_methods[] =
 {
     ADD_METHOD(generate_key),
     ADD_METHOD(bits),
     ADD_METHOD(type),
     ADD_METHOD(check),
     { NULL, NULL }
 };
 #undef ADD_METHOD


 /*
  * Constructor for PKey objects, never called by Python code directly
  *
  * Arguments: pkey    - A "real" EVP_PKEY object
  *            dealloc - Boolean value to specify whether the destructor should
  *                      free the "real" EVP_PKEY object
  * Returns:   The newly created PKey object
  */
 crypto_PKeyObj *
 crypto_PKey_New(EVP_PKEY *pkey, int dealloc)
 {
     crypto_PKeyObj *self;

     self = PyObject_New(crypto_PKeyObj, &crypto_PKey_Type);

     if (self == NULL)
         return NULL;

     self->pkey = pkey;
     self->dealloc = dealloc;
     self->only_public = 0;

     /*
      * Heuristic.  Most call-sites pass an initialized EVP_PKEY.  Not
      * necessarily the case that they will, though.  That's part of why this is
      * a hack. -exarkun
      */
     self->initialized = 1;

     return self;
 }

 static char crypto_PKey_doc[] = "\n\
 PKey() -> PKey instance\n\
 \n\
 Create a new PKey object.\n\
 \n\
 :return: The PKey object\n\
 ";
 static PyObject*
 crypto_PKey_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
     crypto_PKeyObj *self;

     if (!PyArg_ParseTuple(args, ":PKey")) {
         return NULL;
     }

     self = crypto_PKey_New(EVP_PKEY_new(), 1);
     if (self) {
 	self->initialized = 0;
     }

     return (PyObject *)self;
 }


 /*
  * Deallocate the memory used by the PKey object
  *
  * Arguments: self - The PKey object
  * Returns:   None
  */
 static void
 crypto_PKey_dealloc(crypto_PKeyObj *self)
 {
     /* Sometimes we don't have to dealloc the "real" EVP_PKEY pointer ourselves */
     if (self->dealloc)
         EVP_PKEY_free(self->pkey);

     PyObject_Del(self);
 }

 PyTypeObject crypto_PKey_Type = {
     PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
     "OpenSSL.crypto.PKey",
     sizeof(crypto_PKeyObj),
     0,
     (destructor)crypto_PKey_dealloc,
     NULL, /* print */
     NULL, /* getattr */
     NULL, /* setattr */
     NULL, /* compare */
     NULL, /* repr */
     NULL, /* as_number */
     NULL, /* as_sequence */
     NULL, /* as_mapping */
     NULL, /* hash */
     NULL, /* call */
     NULL, /* str */
     NULL, /* getattro */
     NULL, /* setattro */
     NULL, /* as_buffer */
     Py_TPFLAGS_DEFAULT,
     crypto_PKey_doc, /* doc */
     NULL, /* traverse */
     NULL, /* clear */
     NULL, /* tp_richcompare */
     0, /* tp_weaklistoffset */
     NULL, /* tp_iter */
     NULL, /* tp_iternext */
     crypto_PKey_methods, /* tp_methods */
     NULL, /* tp_members */
     NULL, /* tp_getset */
     NULL, /* tp_base */
     NULL, /* tp_dict */
     NULL, /* tp_descr_get */
     NULL, /* tp_descr_set */
     0, /* tp_dictoffset */
     NULL, /* tp_init */
     NULL, /* tp_alloc */
     crypto_PKey_new, /* tp_new */
 };


 /*
  * Initialize the PKey part of the crypto sub module
  *
  * Arguments: module - The crypto module
  * Returns:   None
  */
 int
 init_crypto_pkey(PyObject *module)
 {
     if (PyType_Ready(&crypto_PKey_Type) < 0) {
         return 0;
     }

     /* PyModule_AddObject steals a reference.
      */
     Py_INCREF((PyObject *)&crypto_PKey_Type);
     if (PyModule_AddObject(module, "PKey", (PyObject *)&crypto_PKey_Type) != 0) {
         return 0;
     }

     /* PyModule_AddObject steals a reference.
      */
     Py_INCREF((PyObject *)&crypto_PKey_Type);
     if (PyModule_AddObject(module, "PKeyType", (PyObject *)&crypto_PKey_Type) != 0) {
         return 0;
     }

     return 1;
 }
	/*
	* pkey.c
	*
	* Copyright (C) AB Strakt
	* Copyright (C) Jean-Paul Calderone
	* See LICENSE for details.
	*
	* Public/rivate key handling code, mostly thin wrappers around OpenSSL.
	* See the file RATIONALE for a short explanation of why this module was written.
	*
	*/
	#include <Python.h>
	#define crypto_MODULE
	#include "crypto.h"

	/*
	* This is done every time something fails, so turning it into a macro is
	* really nice.
	*
	* Arguments: None
	* Returns: Doesn't return
	*/
	#define FAIL() \
	do { \
	exception_from_error_queue(crypto_Error); \
	return NULL; \
	} while (0)


	static char crypto_PKey_generate_key_doc[] = "\n\
	Generate a key of a given type, with a given number of a bits\n\
	\n\
	:param type: The key type (TYPE_RSA or TYPE_DSA)\n\
	:param bits: The number of bits\n\
	:return: None\n\
	";

	static PyObject *
	crypto_PKey_generate_key(crypto_PKeyObj self, PyObject args)
	{
	int type, bits;
	RSA *rsa;
	DSA *dsa;

	if (!PyArg_ParseTuple(args, "ii:generate_key", &type, &bits))
	return NULL;

	switch (type)
	{
	case crypto_TYPE_RSA:
	if (bits <= 0) {
	PyErr_SetString(PyExc_ValueError, "Invalid number of bits");
	return NULL;
	}
	if ((rsa = RSA_generate_key(bits, 0x10001, NULL, NULL)) == NULL)
	FAIL();
	if (!EVP_PKEY_assign_RSA(self->pkey, rsa))
	FAIL();
	break;

	case crypto_TYPE_DSA:
	if ((dsa = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL)) == NULL)
	FAIL();
	if (!DSA_generate_key(dsa))
	FAIL();
	if (!EVP_PKEY_assign_DSA(self->pkey, dsa))
	FAIL();
	break;

	default:
	PyErr_SetString(crypto_Error, "No such key type");
	return NULL;

	}
	self->initialized = 1;
	Py_INCREF(Py_None);
	return Py_None;
	}

	static char crypto_PKey_bits_doc[] = "\n\
	Returns the number of bits of the key\n\
	\n\
	:return: The number of bits of the key.\n\
	";

	static PyObject *
	crypto_PKey_bits(crypto_PKeyObj self, PyObject args)
	{
	if (!PyArg_ParseTuple(args, ":bits"))
	return NULL;

	return PyLong_FromLong(EVP_PKEY_bits(self->pkey));
	}

	static char crypto_PKey_type_doc[] = "\n\
	Returns the type of the key\n\
	\n\
	:return: The type of the key.\n\
	";

	static PyObject *
	crypto_PKey_type(crypto_PKeyObj self, PyObject args)
	{
	if (!PyArg_ParseTuple(args, ":type"))
	return NULL;

	return PyLong_FromLong(self->pkey->type);
	}

	static char crypto_PKey_check_doc[] = "\n\
	Check the consistency of an RSA private key.\n\
	\n\
	:return: True if key is consistent.\n\
	:raise Error: if the key is inconsistent.\n\
	:raise TypeError: if the key is of a type which cannot be checked.\n\
	Only RSA keys can currently be checked.\n\
	";

	static PyObject *
	crypto_PKey_check(crypto_PKeyObj self, PyObject args) {
	int r;

	if (!PyArg_ParseTuple(args, ":check")) {
	return NULL;
	}

	if (self->pkey->type == EVP_PKEY_RSA) {
	RSA *rsa;
	rsa = EVP_PKEY_get1_RSA(self->pkey);
	r = RSA_check_key(rsa);
	if (r == 1) {
	return PyBool_FromLong(1L);
	} else {
	FAIL();
	}
	} else {
	PyErr_SetString(PyExc_TypeError, "key type unsupported");
	return NULL;
	}
	}

	/*
	* ADD_METHOD(name) expands to a correct PyMethodDef declaration
	* { 'name', (PyCFunction)crypto_PKey_name, METH_VARARGS }
	* for convenience
	*/
	#define ADD_METHOD(name) \
	{ #name, (PyCFunction)crypto_PKey_##name, METH_VARARGS, crypto_PKey_##name##_doc }
	static PyMethodDef crypto_PKey_methods[] =
	{
	ADD_METHOD(generate_key),
	ADD_METHOD(bits),
	ADD_METHOD(type),
	ADD_METHOD(check),
	{ NULL, NULL }
	};
	#undef ADD_METHOD


	/*
	* Constructor for PKey objects, never called by Python code directly
	*
	* Arguments: pkey - A "real" EVP_PKEY object
	* dealloc - Boolean value to specify whether the destructor should
	* free the "real" EVP_PKEY object
	* Returns: The newly created PKey object
	*/
	crypto_PKeyObj *
	crypto_PKey_New(EVP_PKEY *pkey, int dealloc)
	{
	crypto_PKeyObj *self;

	self = PyObject_New(crypto_PKeyObj, &crypto_PKey_Type);

	if (self == NULL)
	return NULL;

	self->pkey = pkey;
	self->dealloc = dealloc;
	self->only_public = 0;

	/*
	* Heuristic. Most call-sites pass an initialized EVP_PKEY. Not
	* necessarily the case that they will, though. That's part of why this is
	* a hack. -exarkun
	*/
	self->initialized = 1;

	return self;
	}

	static char crypto_PKey_doc[] = "\n\
	PKey() -> PKey instance\n\
	\n\
	Create a new PKey object.\n\
	\n\
	:return: The PKey object\n\
	";
	static PyObject*
	crypto_PKey_new(PyTypeObject subtype, PyObject args, PyObject *kwargs) {
	crypto_PKeyObj *self;

	if (!PyArg_ParseTuple(args, ":PKey")) {
	return NULL;
	}

	self = crypto_PKey_New(EVP_PKEY_new(), 1);
	if (self) {
	self->initialized = 0;
	}

	return (PyObject *)self;
	}


	/*
	* Deallocate the memory used by the PKey object
	*
	* Arguments: self - The PKey object
	* Returns: None
	*/
	static void
	crypto_PKey_dealloc(crypto_PKeyObj *self)
	{
	/* Sometimes we don't have to dealloc the "real" EVP_PKEY pointer ourselves */
	if (self->dealloc)
	EVP_PKEY_free(self->pkey);

	PyObject_Del(self);
	}

	PyTypeObject crypto_PKey_Type = {
	PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
	"OpenSSL.crypto.PKey",
	sizeof(crypto_PKeyObj),
	0,
	(destructor)crypto_PKey_dealloc,
	NULL, /* print */
	NULL, /* getattr */
	NULL, /* setattr */
	NULL, /* compare */
	NULL, /* repr */
	NULL, /* as_number */
	NULL, /* as_sequence */
	NULL, /* as_mapping */
	NULL, /* hash */
	NULL, /* call */
	NULL, /* str */
	NULL, /* getattro */
	NULL, /* setattro */
	NULL, /* as_buffer */
	Py_TPFLAGS_DEFAULT,
	crypto_PKey_doc, /* doc */
	NULL, /* traverse */
	NULL, /* clear */
	NULL, /* tp_richcompare */
	0, /* tp_weaklistoffset */
	NULL, /* tp_iter */
	NULL, /* tp_iternext */
	crypto_PKey_methods, /* tp_methods */
	NULL, /* tp_members */
	NULL, /* tp_getset */
	NULL, /* tp_base */
	NULL, /* tp_dict */
	NULL, /* tp_descr_get */
	NULL, /* tp_descr_set */
	0, /* tp_dictoffset */
	NULL, /* tp_init */
	NULL, /* tp_alloc */
	crypto_PKey_new, /* tp_new */
	};


	/*
	* Initialize the PKey part of the crypto sub module
	*
	* Arguments: module - The crypto module
	* Returns: None
	*/
	int
	init_crypto_pkey(PyObject *module)
	{
	if (PyType_Ready(&crypto_PKey_Type) < 0) {
	return 0;
	}

	/* PyModule_AddObject steals a reference.
	*/
	Py_INCREF((PyObject *)&crypto_PKey_Type);
	if (PyModule_AddObject(module, "PKey", (PyObject *)&crypto_PKey_Type) != 0) {
	return 0;
	}

	/* PyModule_AddObject steals a reference.
	*/
	Py_INCREF((PyObject *)&crypto_PKey_Type);
	if (PyModule_AddObject(module, "PKeyType", (PyObject *)&crypto_PKey_Type) != 0) {
	return 0;
	}

	return 1;
	}