Spaces:

arxify
/

RVC-beta-v2-0618

Running

App Files Files Community

RVC-beta-v2-0618 / runtime /Lib /site-packages /Crypto /PublicKey /ElGamal.py

arxify

Upload folder using huggingface_hub

ba2f5d6 almost 2 years ago

raw

history blame contribute delete

8.62 kB

	#
	# ElGamal.py : ElGamal encryption/decryption and signatures
	#
	# Part of the Python Cryptography Toolkit
	#
	# Originally written by: A.M. Kuchling
	#
	# ===================================================================
	# The contents of this file are dedicated to the public domain. To
	# the extent that dedication to the public domain is not available,
	# everyone is granted a worldwide, perpetual, royalty-free,
	# non-exclusive license to exercise all rights associated with the
	# contents of this file for any purpose whatsoever.
	# No rights are reserved.
	#
	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
	# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
	# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
	# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
	# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
	# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	# SOFTWARE.
	# ===================================================================

	__all__ = ['generate', 'construct', 'ElGamalKey']

	from Crypto import Random
	from Crypto.Math.Primality import ( generate_probable_safe_prime,
	test_probable_prime, COMPOSITE )
	from Crypto.Math.Numbers import Integer

	# Generate an ElGamal key with N bits
	def generate(bits, randfunc):
	"""Randomly generate a fresh, new ElGamal key.

	The key will be safe for use for both encryption and signature
	(although it should be used for only one purpose).

	Args:
	bits (int):
	Key length, or size (in bits) of the modulus p.
	The recommended value is 2048.
	randfunc (callable):
	Random number generation function; it should accept
	a single integer N and return a string of random
	N random bytes.

	Return:
	an :class:`ElGamalKey` object
	"""

	obj=ElGamalKey()

	# Generate a safe prime p
	# See Algorithm 4.86 in Handbook of Applied Cryptography
	obj.p = generate_probable_safe_prime(exact_bits=bits, randfunc=randfunc)
	q = (obj.p - 1) >> 1

	# Generate generator g
	while 1:
	# Choose a square residue; it will generate a cyclic group of order q.
	obj.g = pow(Integer.random_range(min_inclusive=2,
	max_exclusive=obj.p,
	randfunc=randfunc), 2, obj.p)

	# We must avoid g=2 because of Bleichenbacher's attack described
	# in "Generating ElGamal signatures without knowning the secret key",
	# 1996
	if obj.g in (1, 2):
	continue

	# Discard g if it divides p-1 because of the attack described
	# in Note 11.67 (iii) in HAC
	if (obj.p - 1) % obj.g == 0:
	continue

	# g^{-1} must not divide p-1 because of Khadir's attack
	# described in "Conditions of the generator for forging ElGamal
	# signature", 2011
	ginv = obj.g.inverse(obj.p)
	if (obj.p - 1) % ginv == 0:
	continue

	# Found
	break

	# Generate private key x
	obj.x = Integer.random_range(min_inclusive=2,
	max_exclusive=obj.p-1,
	randfunc=randfunc)
	# Generate public key y
	obj.y = pow(obj.g, obj.x, obj.p)
	return obj

	def construct(tup):
	r"""Construct an ElGamal key from a tuple of valid ElGamal components.

	The modulus p must be a prime.
	The following conditions must apply:

	.. math::

	\begin{align}
	&1 < g < p-1 \\
	&g^{p-1} = 1 \text{ mod } 1 \\
	&1 < x < p-1 \\
	&g^x = y \text{ mod } p
	\end{align}

	Args:
	tup (tuple):
	A tuple with either 3 or 4 integers,
	in the following order:

	1. Modulus (p).
	2. Generator (g).
	3. Public key (y).
	4. Private key (x). Optional.

	Raises:
	ValueError: when the key being imported fails the most basic ElGamal validity checks.

	Returns:
	an :class:`ElGamalKey` object
	"""

	obj=ElGamalKey()
	if len(tup) not in [3,4]:
	raise ValueError('argument for construct() wrong length')
	for i in range(len(tup)):
	field = obj._keydata[i]
	setattr(obj, field, Integer(tup[i]))

	fmt_error = test_probable_prime(obj.p) == COMPOSITE
	fmt_error \|= obj.g<=1 or obj.g>=obj.p
	fmt_error \|= pow(obj.g, obj.p-1, obj.p)!=1
	fmt_error \|= obj.y<1 or obj.y>=obj.p
	if len(tup)==4:
	fmt_error \|= obj.x<=1 or obj.x>=obj.p
	fmt_error \|= pow(obj.g, obj.x, obj.p)!=obj.y

	if fmt_error:
	raise ValueError("Invalid ElGamal key components")

	return obj

	class ElGamalKey(object):
	r"""Class defining an ElGamal key.
	Do not instantiate directly.
	Use :func:`generate` or :func:`construct` instead.

	:ivar p: Modulus
	:vartype d: integer

	:ivar g: Generator
	:vartype e: integer

	:ivar y: Public key component
	:vartype y: integer

	:ivar x: Private key component
	:vartype x: integer
	"""

	#: Dictionary of ElGamal parameters.
	#:
	#: A public key will only have the following entries:
	#:
	#: - y, the public key.
	#: - g, the generator.
	#: - p, the modulus.
	#:
	#: A private key will also have:
	#:
	#: - x, the private key.
	_keydata=['p', 'g', 'y', 'x']

	def __init__(self, randfunc=None):
	if randfunc is None:
	randfunc = Random.new().read
	self._randfunc = randfunc

	def _encrypt(self, M, K):
	a=pow(self.g, K, self.p)
	b=( pow(self.y, K, self.p)*M ) % self.p
	return [int(a), int(b)]

	def _decrypt(self, M):
	if (not hasattr(self, 'x')):
	raise TypeError('Private key not available in this object')
	r = Integer.random_range(min_inclusive=2,
	max_exclusive=self.p-1,
	randfunc=self._randfunc)
	a_blind = (pow(self.g, r, self.p) * M[0]) % self.p
	ax=pow(a_blind, self.x, self.p)
	plaintext_blind = (ax.inverse(self.p) * M[1] ) % self.p
	plaintext = (plaintext_blind * pow(self.y, r, self.p)) % self.p
	return int(plaintext)

	def _sign(self, M, K):
	if (not hasattr(self, 'x')):
	raise TypeError('Private key not available in this object')
	p1=self.p-1
	K = Integer(K)
	if (K.gcd(p1)!=1):
	raise ValueError('Bad K value: GCD(K,p-1)!=1')
	a=pow(self.g, K, self.p)
	t=(Integer(M)-self.x*a) % p1
	while t<0: t=t+p1
	b=(t*K.inverse(p1)) % p1
	return [int(a), int(b)]

	def _verify(self, M, sig):
	sig = [Integer(x) for x in sig]
	if sig[0]<1 or sig[0]>self.p-1:
	return 0
	v1=pow(self.y, sig[0], self.p)
	v1=(v1*pow(sig[0], sig[1], self.p)) % self.p
	v2=pow(self.g, M, self.p)
	if v1==v2:
	return 1
	return 0

	def has_private(self):
	"""Whether this is an ElGamal private key"""

	if hasattr(self, 'x'):
	return 1
	else:
	return 0

	def can_encrypt(self):
	return True

	def can_sign(self):
	return True

	def publickey(self):
	"""A matching ElGamal public key.

	Returns:
	a new :class:`ElGamalKey` object
	"""
	return construct((self.p, self.g, self.y))

	def __eq__(self, other):
	if bool(self.has_private()) != bool(other.has_private()):
	return False

	result = True
	for comp in self._keydata:
	result = result and (getattr(self.key, comp, None) ==
	getattr(other.key, comp, None))
	return result

	def __ne__(self, other):
	return not self.__eq__(other)

	def __getstate__(self):
	# ElGamal key is not pickable
	from pickle import PicklingError
	raise PicklingError

	# Methods defined in PyCrypto that we don't support anymore

	def sign(self, M, K):
	raise NotImplementedError

	def verify(self, M, signature):
	raise NotImplementedError

	def encrypt(self, plaintext, K):
	raise NotImplementedError

	def decrypt(self, ciphertext):
	raise NotImplementedError

	def blind(self, M, B):
	raise NotImplementedError

	def unblind(self, M, B):
	raise NotImplementedError

	def size(self):
	raise NotImplementedError