diff options
author | Determinant <[email protected]> | 2020-11-17 20:04:09 -0500 |
---|---|---|
committer | Determinant <[email protected]> | 2020-11-17 20:04:09 -0500 |
commit | c4d90bf4ea0c5b7a016028ed994de19638d3113b (patch) | |
tree | 693279a91311155f565e90ecd2d93bf701d6d4e9 /frozen_deps | |
parent | 3bef51eec2299403467e621ae660cef3f9256ac8 (diff) |
support saving as a keystore file
Diffstat (limited to 'frozen_deps')
293 files changed, 24018 insertions, 8588 deletions
diff --git a/frozen_deps/Crypto/Cipher/AES.py b/frozen_deps/Crypto/Cipher/AES.py deleted file mode 100644 index 14f68d8..0000000 --- a/frozen_deps/Crypto/Cipher/AES.py +++ /dev/null @@ -1,115 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Cipher/AES.py : AES -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== -"""AES symmetric cipher - -AES `(Advanced Encryption Standard)`__ is a symmetric block cipher standardized -by NIST_ . It has a fixed data block size of 16 bytes. -Its keys can be 128, 192, or 256 bits long. - -AES is very fast and secure, and it is the de facto standard for symmetric -encryption. - -As an example, encryption can be done as follows: - - >>> from Crypto.Cipher import AES - >>> from Crypto import Random - >>> - >>> key = b'Sixteen byte key' - >>> iv = Random.new().read(AES.block_size) - >>> cipher = AES.new(key, AES.MODE_CFB, iv) - >>> msg = iv + cipher.encrypt(b'Attack at dawn') - -.. __: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard -.. _NIST: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf - -:undocumented: __revision__, __package__ -""" - -__revision__ = "$Id$" - -from Crypto.Cipher import blockalgo -from Crypto.Cipher import _AES - -class AESCipher (blockalgo.BlockAlgo): - """AES cipher object""" - - def __init__(self, key, *args, **kwargs): - """Initialize an AES cipher object - - See also `new()` at the module level.""" - blockalgo.BlockAlgo.__init__(self, _AES, key, *args, **kwargs) - -def new(key, *args, **kwargs): - """Create a new AES cipher - - :Parameters: - key : byte string - The secret key to use in the symmetric cipher. - It must be 16 (*AES-128*), 24 (*AES-192*), or 32 (*AES-256*) bytes long. - :Keywords: - mode : a *MODE_** constant - The chaining mode to use for encryption or decryption. - Default is `MODE_ECB`. - IV : byte string - The initialization vector to use for encryption or decryption. - - It is ignored for `MODE_ECB` and `MODE_CTR`. - - For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption - and `block_size` +2 bytes for decryption (in the latter case, it is - actually the *encrypted* IV which was prefixed to the ciphertext). - It is mandatory. - - For all other modes, it must be `block_size` bytes longs. It is optional and - when not present it will be given a default value of all zeroes. - counter : callable - (*Only* `MODE_CTR`). A stateful function that returns the next - *counter block*, which is a byte string of `block_size` bytes. - For better performance, use `Crypto.Util.Counter`. - segment_size : integer - (*Only* `MODE_CFB`).The number of bits the plaintext and ciphertext - are segmented in. - It must be a multiple of 8. If 0 or not specified, it will be assumed to be 8. - - :Return: an `AESCipher` object - """ - return AESCipher(key, *args, **kwargs) - -#: Electronic Code Book (ECB). See `blockalgo.MODE_ECB`. -MODE_ECB = 1 -#: Cipher-Block Chaining (CBC). See `blockalgo.MODE_CBC`. -MODE_CBC = 2 -#: Cipher FeedBack (CFB). See `blockalgo.MODE_CFB`. -MODE_CFB = 3 -#: This mode should not be used. -MODE_PGP = 4 -#: Output FeedBack (OFB). See `blockalgo.MODE_OFB`. -MODE_OFB = 5 -#: CounTer Mode (CTR). See `blockalgo.MODE_CTR`. -MODE_CTR = 6 -#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`. -MODE_OPENPGP = 7 -#: Size of a data block (in bytes) -block_size = 16 -#: Size of a key (in bytes) -key_size = ( 16, 24, 32 ) - diff --git a/frozen_deps/Crypto/Cipher/ARC2.py b/frozen_deps/Crypto/Cipher/ARC2.py deleted file mode 100644 index b5234e6..0000000 --- a/frozen_deps/Crypto/Cipher/ARC2.py +++ /dev/null @@ -1,130 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Cipher/ARC2.py : ARC2.py -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== -"""RC2 symmetric cipher - -RC2_ (Rivest's Cipher version 2) is a symmetric block cipher designed -by Ron Rivest in 1987. The cipher started as a proprietary design, -that was reverse engineered and anonymously posted on Usenet in 1996. -For this reason, the algorithm was first called *Alleged* RC2 (ARC2), -since the company that owned RC2 (RSA Data Inc.) did not confirm whether -the details leaked into public domain were really correct. - -The company eventually published its full specification in RFC2268_. - -RC2 has a fixed data block size of 8 bytes. Length of its keys can vary from -8 to 128 bits. One particular property of RC2 is that the actual -cryptographic strength of the key (*effective key length*) can be reduced -via a parameter. - -Even though RC2 is not cryptographically broken, it has not been analyzed as -thoroughly as AES, which is also faster than RC2. - -New designs should not use RC2. - -As an example, encryption can be done as follows: - - >>> from Crypto.Cipher import ARC2 - >>> from Crypto import Random - >>> - >>> key = b'Sixteen byte key' - >>> iv = Random.new().read(ARC2.block_size) - >>> cipher = ARC2.new(key, ARC2.MODE_CFB, iv) - >>> msg = iv + cipher.encrypt(b'Attack at dawn') - -.. _RC2: http://en.wikipedia.org/wiki/RC2 -.. _RFC2268: http://tools.ietf.org/html/rfc2268 - -:undocumented: __revision__, __package__ -""" - -__revision__ = "$Id$" - -from Crypto.Cipher import blockalgo -from Crypto.Cipher import _ARC2 - -class RC2Cipher (blockalgo.BlockAlgo): - """RC2 cipher object""" - - def __init__(self, key, *args, **kwargs): - """Initialize an ARC2 cipher object - - See also `new()` at the module level.""" - blockalgo.BlockAlgo.__init__(self, _ARC2, key, *args, **kwargs) - -def new(key, *args, **kwargs): - """Create a new RC2 cipher - - :Parameters: - key : byte string - The secret key to use in the symmetric cipher. - Its length can vary from 1 to 128 bytes. - :Keywords: - mode : a *MODE_** constant - The chaining mode to use for encryption or decryption. - Default is `MODE_ECB`. - IV : byte string - The initialization vector to use for encryption or decryption. - - It is ignored for `MODE_ECB` and `MODE_CTR`. - - For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption - and `block_size` +2 bytes for decryption (in the latter case, it is - actually the *encrypted* IV which was prefixed to the ciphertext). - It is mandatory. - - For all other modes, it must be `block_size` bytes longs. It is optional and - when not present it will be given a default value of all zeroes. - counter : callable - (*Only* `MODE_CTR`). A stateful function that returns the next - *counter block*, which is a byte string of `block_size` bytes. - For better performance, use `Crypto.Util.Counter`. - segment_size : integer - (*Only* `MODE_CFB`).The number of bits the plaintext and ciphertext - are segmented in. - It must be a multiple of 8. If 0 or not specified, it will be assumed to be 8. - effective_keylen : integer - Maximum cryptographic strength of the key, in bits. - It can vary from 0 to 1024. The default value is 1024. - - :Return: an `RC2Cipher` object - """ - return RC2Cipher(key, *args, **kwargs) - -#: Electronic Code Book (ECB). See `blockalgo.MODE_ECB`. -MODE_ECB = 1 -#: Cipher-Block Chaining (CBC). See `blockalgo.MODE_CBC`. -MODE_CBC = 2 -#: Cipher FeedBack (CFB). See `blockalgo.MODE_CFB`. -MODE_CFB = 3 -#: This mode should not be used. -MODE_PGP = 4 -#: Output FeedBack (OFB). See `blockalgo.MODE_OFB`. -MODE_OFB = 5 -#: CounTer Mode (CTR). See `blockalgo.MODE_CTR`. -MODE_CTR = 6 -#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`. -MODE_OPENPGP = 7 -#: Size of a data block (in bytes) -block_size = 8 -#: Size of a key (in bytes) -key_size = range(1,16+1) - diff --git a/frozen_deps/Crypto/Cipher/ARC4.py b/frozen_deps/Crypto/Cipher/ARC4.py deleted file mode 100644 index d83f75b..0000000 --- a/frozen_deps/Crypto/Cipher/ARC4.py +++ /dev/null @@ -1,120 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Cipher/ARC4.py : ARC4 -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== -"""ARC4 symmetric cipher - -ARC4_ (Alleged RC4) is an implementation of RC4 (Rivest's Cipher version 4), -a symmetric stream cipher designed by Ron Rivest in 1987. - -The cipher started as a proprietary design, that was reverse engineered and -anonymously posted on Usenet in 1994. The company that owns RC4 (RSA Data -Inc.) never confirmed the correctness of the leaked algorithm. - -Unlike RC2, the company has never published the full specification of RC4, -of whom it still holds the trademark. - -ARC4 keys can vary in length from 40 to 2048 bits. - -One problem of ARC4 is that it does not take a nonce or an IV. If it is required -to encrypt multiple messages with the same long-term key, a distinct -independent nonce must be created for each message, and a short-term key must -be derived from the combination of the long-term key and the nonce. -Due to the weak key scheduling algorithm of RC2, the combination must be carried -out with a complex function (e.g. a cryptographic hash) and not by simply -concatenating key and nonce. - -New designs should not use ARC4. A good alternative is AES -(`Crypto.Cipher.AES`) in any of the modes that turn it into a stream cipher (OFB, CFB, or CTR). - -As an example, encryption can be done as follows: - - >>> from Crypto.Cipher import ARC4 - >>> from Crypto.Hash import SHA - >>> from Crypto import Random - >>> - >>> key = b'Very long and confidential key' - >>> nonce = Random.new().read(16) - >>> tempkey = SHA.new(key+nonce).digest() - >>> cipher = ARC4.new(tempkey) - >>> msg = nonce + cipher.encrypt(b'Open the pod bay doors, HAL') - -.. _ARC4: http://en.wikipedia.org/wiki/RC4 - -:undocumented: __revision__, __package__ -""" - -__revision__ = "$Id$" - -from Crypto.Cipher import _ARC4 - -class ARC4Cipher: - """ARC4 cipher object""" - - - def __init__(self, key, *args, **kwargs): - """Initialize an ARC4 cipher object - - See also `new()` at the module level.""" - - self._cipher = _ARC4.new(key, *args, **kwargs) - self.block_size = self._cipher.block_size - self.key_size = self._cipher.key_size - - def encrypt(self, plaintext): - """Encrypt a piece of data. - - :Parameters: - plaintext : byte string - The piece of data to encrypt. It can be of any size. - :Return: the encrypted data (byte string, as long as the - plaintext). - """ - return self._cipher.encrypt(plaintext) - - def decrypt(self, ciphertext): - """Decrypt a piece of data. - - :Parameters: - ciphertext : byte string - The piece of data to decrypt. It can be of any size. - :Return: the decrypted data (byte string, as long as the - ciphertext). - """ - return self._cipher.decrypt(ciphertext) - -def new(key, *args, **kwargs): - """Create a new ARC4 cipher - - :Parameters: - key : byte string - The secret key to use in the symmetric cipher. - It can have any length, with a minimum of 40 bytes. - Its cryptograpic strength is always capped to 2048 bits (256 bytes). - - :Return: an `ARC4Cipher` object - """ - return ARC4Cipher(key, *args, **kwargs) - -#: Size of a data block (in bytes) -block_size = 1 -#: Size of a key (in bytes) -key_size = range(1,256+1) - diff --git a/frozen_deps/Crypto/Cipher/Blowfish.py b/frozen_deps/Crypto/Cipher/Blowfish.py deleted file mode 100644 index 8c81d96..0000000 --- a/frozen_deps/Crypto/Cipher/Blowfish.py +++ /dev/null @@ -1,121 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Cipher/Blowfish.py : Blowfish -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== -"""Blowfish symmetric cipher - -Blowfish_ is a symmetric block cipher designed by Bruce Schneier. - -It has a fixed data block size of 8 bytes and its keys can vary in length -from 32 to 448 bits (4 to 56 bytes). - -Blowfish is deemed secure and it is fast. However, its keys should be chosen -to be big enough to withstand a brute force attack (e.g. at least 16 bytes). - -As an example, encryption can be done as follows: - - >>> from Crypto.Cipher import Blowfish - >>> from Crypto import Random - >>> from struct import pack - >>> - >>> bs = Blowfish.block_size - >>> key = b'An arbitrarily long key' - >>> iv = Random.new().read(bs) - >>> cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv) - >>> plaintext = b'docendo discimus ' - >>> plen = bs - divmod(len(plaintext),bs)[1] - >>> padding = [plen]*plen - >>> padding = pack('b'*plen, *padding) - >>> msg = iv + cipher.encrypt(plaintext + padding) - -.. _Blowfish: http://www.schneier.com/blowfish.html - -:undocumented: __revision__, __package__ -""" - -__revision__ = "$Id$" - -from Crypto.Cipher import blockalgo -from Crypto.Cipher import _Blowfish - -class BlowfishCipher (blockalgo.BlockAlgo): - """Blowfish cipher object""" - - def __init__(self, key, *args, **kwargs): - """Initialize a Blowfish cipher object - - See also `new()` at the module level.""" - blockalgo.BlockAlgo.__init__(self, _Blowfish, key, *args, **kwargs) - -def new(key, *args, **kwargs): - """Create a new Blowfish cipher - - :Parameters: - key : byte string - The secret key to use in the symmetric cipher. - Its length can vary from 4 to 56 bytes. - :Keywords: - mode : a *MODE_** constant - The chaining mode to use for encryption or decryption. - Default is `MODE_ECB`. - IV : byte string - The initialization vector to use for encryption or decryption. - - It is ignored for `MODE_ECB` and `MODE_CTR`. - - For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption - and `block_size` +2 bytes for decryption (in the latter case, it is - actually the *encrypted* IV which was prefixed to the ciphertext). - It is mandatory. - - For all other modes, it must be `block_size` bytes longs. It is optional and - when not present it will be given a default value of all zeroes. - counter : callable - (*Only* `MODE_CTR`). A stateful function that returns the next - *counter block*, which is a byte string of `block_size` bytes. - For better performance, use `Crypto.Util.Counter`. - segment_size : integer - (*Only* `MODE_CFB`).The number of bits the plaintext and ciphertext - are segmented in. - It must be a multiple of 8. If 0 or not specified, it will be assumed to be 8. - - :Return: a `BlowfishCipher` object - """ - return BlowfishCipher(key, *args, **kwargs) - -#: Electronic Code Book (ECB). See `blockalgo.MODE_ECB`. -MODE_ECB = 1 -#: Cipher-Block Chaining (CBC). See `blockalgo.MODE_CBC`. -MODE_CBC = 2 -#: Cipher FeedBack (CFB). See `blockalgo.MODE_CFB`. -MODE_CFB = 3 -#: This mode should not be used. -MODE_PGP = 4 -#: Output FeedBack (OFB). See `blockalgo.MODE_OFB`. -MODE_OFB = 5 -#: CounTer Mode (CTR). See `blockalgo.MODE_CTR`. -MODE_CTR = 6 -#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`. -MODE_OPENPGP = 7 -#: Size of a data block (in bytes) -block_size = 8 -#: Size of a key (in bytes) -key_size = range(4,56+1) - diff --git a/frozen_deps/Crypto/Cipher/CAST.py b/frozen_deps/Crypto/Cipher/CAST.py deleted file mode 100644 index 89543b2..0000000 --- a/frozen_deps/Crypto/Cipher/CAST.py +++ /dev/null @@ -1,123 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Cipher/CAST.py : CAST -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== -"""CAST-128 symmetric cipher - -CAST-128_ (or CAST5) is a symmetric block cipher specified in RFC2144_. - -It has a fixed data block size of 8 bytes. Its key can vary in length -from 40 to 128 bits. - -CAST is deemed to be cryptographically secure, but its usage is not widespread. -Keys of sufficient length should be used to prevent brute force attacks -(128 bits are recommended). - -As an example, encryption can be done as follows: - - >>> from Crypto.Cipher import CAST - >>> from Crypto import Random - >>> - >>> key = b'Sixteen byte key' - >>> iv = Random.new().read(CAST.block_size) - >>> cipher = CAST.new(key, CAST.MODE_OPENPGP, iv) - >>> plaintext = b'sona si latine loqueris ' - >>> msg = cipher.encrypt(plaintext) - >>> - ... - >>> eiv = msg[:CAST.block_size+2] - >>> ciphertext = msg[CAST.block_size+2:] - >>> cipher = CAST.new(key, CAST.MODE_OPENPGP, eiv) - >>> print cipher.decrypt(ciphertext) - -.. _CAST-128: http://en.wikipedia.org/wiki/CAST-128 -.. _RFC2144: http://tools.ietf.org/html/rfc2144 - -:undocumented: __revision__, __package__ -""" - -__revision__ = "$Id$" - -from Crypto.Cipher import blockalgo -from Crypto.Cipher import _CAST - -class CAST128Cipher(blockalgo.BlockAlgo): - """CAST-128 cipher object""" - - def __init__(self, key, *args, **kwargs): - """Initialize a CAST-128 cipher object - - See also `new()` at the module level.""" - blockalgo.BlockAlgo.__init__(self, _CAST, key, *args, **kwargs) - -def new(key, *args, **kwargs): - """Create a new CAST-128 cipher - - :Parameters: - key : byte string - The secret key to use in the symmetric cipher. - Its length may vary from 5 to 16 bytes. - :Keywords: - mode : a *MODE_** constant - The chaining mode to use for encryption or decryption. - Default is `MODE_ECB`. - IV : byte string - The initialization vector to use for encryption or decryption. - - It is ignored for `MODE_ECB` and `MODE_CTR`. - - For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption - and `block_size` +2 bytes for decryption (in the latter case, it is - actually the *encrypted* IV which was prefixed to the ciphertext). - It is mandatory. - - For all other modes, it must be `block_size` bytes longs. It is optional and - when not present it will be given a default value of all zeroes. - counter : callable - (*Only* `MODE_CTR`). A stateful function that returns the next - *counter block*, which is a byte string of `block_size` bytes. - For better performance, use `Crypto.Util.Counter`. - segment_size : integer - (*Only* `MODE_CFB`).The number of bits the plaintext and ciphertext - are segmented in. - It must be a multiple of 8. If 0 or not specified, it will be assumed to be 8. - - :Return: an `CAST128Cipher` object - """ - return CAST128Cipher(key, *args, **kwargs) - -#: Electronic Code Book (ECB). See `blockalgo.MODE_ECB`. -MODE_ECB = 1 -#: Cipher-Block Chaining (CBC). See `blockalgo.MODE_CBC`. -MODE_CBC = 2 -#: Cipher FeedBack (CFB). See `blockalgo.MODE_CFB`. -MODE_CFB = 3 -#: This mode should not be used. -MODE_PGP = 4 -#: Output FeedBack (OFB). See `blockalgo.MODE_OFB`. -MODE_OFB = 5 -#: CounTer Mode (CTR). See `blockalgo.MODE_CTR`. -MODE_CTR = 6 -#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`. -MODE_OPENPGP = 7 -#: Size of a data block (in bytes) -block_size = 8 -#: Size of a key (in bytes) -key_size = range(5,16+1) diff --git a/frozen_deps/Crypto/Cipher/DES.py b/frozen_deps/Crypto/Cipher/DES.py deleted file mode 100644 index 2fae42f..0000000 --- a/frozen_deps/Crypto/Cipher/DES.py +++ /dev/null @@ -1,118 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Cipher/DES.py : DES -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== -"""DES symmetric cipher - -DES `(Data Encryption Standard)`__ is a symmetric block cipher standardized -by NIST_ . It has a fixed data block size of 8 bytes. -Its keys are 64 bits long, even though 8 bits were used for integrity (now they -are ignored) and do not contribute to securty. - -DES is cryptographically secure, but its key length is too short by nowadays -standards and it could be brute forced with some effort. - -DES should not be used for new designs. Use `AES`. - -As an example, encryption can be done as follows: - - >>> from Crypto.Cipher import DES3 - >>> from Crypto import Random - >>> - >>> key = b'Sixteen byte key' - >>> iv = Random.new().read(DES3.block_size) - >>> cipher = DES3.new(key, DES3.MODE_OFB, iv) - >>> plaintext = b'sona si latine loqueris ' - >>> msg = iv + cipher.encrypt(plaintext) - -.. __: http://en.wikipedia.org/wiki/Data_Encryption_Standard -.. _NIST: http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf - -:undocumented: __revision__, __package__ -""" - -__revision__ = "$Id$" - -from Crypto.Cipher import blockalgo -from Crypto.Cipher import _DES - -class DESCipher(blockalgo.BlockAlgo): - """DES cipher object""" - - def __init__(self, key, *args, **kwargs): - """Initialize a DES cipher object - - See also `new()` at the module level.""" - blockalgo.BlockAlgo.__init__(self, _DES, key, *args, **kwargs) - -def new(key, *args, **kwargs): - """Create a new DES cipher - - :Parameters: - key : byte string - The secret key to use in the symmetric cipher. - It must be 8 byte long. The parity bits will be ignored. - :Keywords: - mode : a *MODE_** constant - The chaining mode to use for encryption or decryption. - Default is `MODE_ECB`. - IV : byte string - The initialization vector to use for encryption or decryption. - - It is ignored for `MODE_ECB` and `MODE_CTR`. - - For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption - and `block_size` +2 bytes for decryption (in the latter case, it is - actually the *encrypted* IV which was prefixed to the ciphertext). - It is mandatory. - - For all other modes, it must be `block_size` bytes longs. It is optional and - when not present it will be given a default value of all zeroes. - counter : callable - (*Only* `MODE_CTR`). A stateful function that returns the next - *counter block*, which is a byte string of `block_size` bytes. - For better performance, use `Crypto.Util.Counter`. - segment_size : integer - (*Only* `MODE_CFB`).The number of bits the plaintext and ciphertext - are segmented in. - It must be a multiple of 8. If 0 or not specified, it will be assumed to be 8. - - :Return: an `DESCipher` object - """ - return DESCipher(key, *args, **kwargs) - -#: Electronic Code Book (ECB). See `blockalgo.MODE_ECB`. -MODE_ECB = 1 -#: Cipher-Block Chaining (CBC). See `blockalgo.MODE_CBC`. -MODE_CBC = 2 -#: Cipher FeedBack (CFB). See `blockalgo.MODE_CFB`. -MODE_CFB = 3 -#: This mode should not be used. -MODE_PGP = 4 -#: Output FeedBack (OFB). See `blockalgo.MODE_OFB`. -MODE_OFB = 5 -#: CounTer Mode (CTR). See `blockalgo.MODE_CTR`. -MODE_CTR = 6 -#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`. -MODE_OPENPGP = 7 -#: Size of a data block (in bytes) -block_size = 8 -#: Size of a key (in bytes) -key_size = 8 diff --git a/frozen_deps/Crypto/Cipher/DES3.py b/frozen_deps/Crypto/Cipher/DES3.py deleted file mode 100644 index 7fedac8..0000000 --- a/frozen_deps/Crypto/Cipher/DES3.py +++ /dev/null @@ -1,133 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Cipher/DES3.py : DES3 -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== -"""Triple DES symmetric cipher - -`Triple DES`__ (or TDES or TDEA or 3DES) is a symmetric block cipher standardized by NIST_. -It has a fixed data block size of 8 bytes. Its keys are 128 (*Option 1*) or 192 -bits (*Option 2*) long. -However, 1 out of 8 bits is used for redundancy and do not contribute to -security. The effective key length is respectively 112 or 168 bits. - -TDES consists of the concatenation of 3 simple `DES` ciphers. - -The plaintext is first DES encrypted with *K1*, then decrypted with *K2*, -and finally encrypted again with *K3*. The ciphertext is decrypted in the reverse manner. - -The 192 bit key is a bundle of three 64 bit independent subkeys: *K1*, *K2*, and *K3*. - -The 128 bit key is split into *K1* and *K2*, whereas *K1=K3*. - -It is important that all subkeys are different, otherwise TDES would degrade to -single `DES`. - -TDES is cryptographically secure, even though it is neither as secure nor as fast -as `AES`. - -As an example, encryption can be done as follows: - - >>> from Crypto.Cipher import DES - >>> from Crypto import Random - >>> from Crypto.Util import Counter - >>> - >>> key = b'-8B key-' - >>> nonce = Random.new().read(DES.block_size/2) - >>> ctr = Counter.new(DES.block_size*8/2, prefix=nonce) - >>> cipher = DES.new(key, DES.MODE_CTR, counter=ctr) - >>> plaintext = b'We are no longer the knights who say ni!' - >>> msg = nonce + cipher.encrypt(plaintext) - -.. __: http://en.wikipedia.org/wiki/Triple_DES -.. _NIST: http://csrc.nist.gov/publications/nistpubs/800-67/SP800-67.pdf - -:undocumented: __revision__, __package__ -""" - -__revision__ = "$Id$" - -from Crypto.Cipher import blockalgo -from Crypto.Cipher import _DES3 - -class DES3Cipher(blockalgo.BlockAlgo): - """TDES cipher object""" - - def __init__(self, key, *args, **kwargs): - """Initialize a TDES cipher object - - See also `new()` at the module level.""" - blockalgo.BlockAlgo.__init__(self, _DES3, key, *args, **kwargs) - -def new(key, *args, **kwargs): - """Create a new TDES cipher - - :Parameters: - key : byte string - The secret key to use in the symmetric cipher. - It must be 16 or 24 bytes long. The parity bits will be ignored. - :Keywords: - mode : a *MODE_** constant - The chaining mode to use for encryption or decryption. - Default is `MODE_ECB`. - IV : byte string - The initialization vector to use for encryption or decryption. - - It is ignored for `MODE_ECB` and `MODE_CTR`. - - For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption - and `block_size` +2 bytes for decryption (in the latter case, it is - actually the *encrypted* IV which was prefixed to the ciphertext). - It is mandatory. - - For all other modes, it must be `block_size` bytes longs. It is optional and - when not present it will be given a default value of all zeroes. - counter : callable - (*Only* `MODE_CTR`). A stateful function that returns the next - *counter block*, which is a byte string of `block_size` bytes. - For better performance, use `Crypto.Util.Counter`. - segment_size : integer - (*Only* `MODE_CFB`).The number of bits the plaintext and ciphertext - are segmented in. - It must be a multiple of 8. If 0 or not specified, it will be assumed to be 8. - - :Attention: it is important that all 8 byte subkeys are different, - otherwise TDES would degrade to single `DES`. - :Return: an `DES3Cipher` object - """ - return DES3Cipher(key, *args, **kwargs) - -#: Electronic Code Book (ECB). See `blockalgo.MODE_ECB`. -MODE_ECB = 1 -#: Cipher-Block Chaining (CBC). See `blockalgo.MODE_CBC`. -MODE_CBC = 2 -#: Cipher FeedBack (CFB). See `blockalgo.MODE_CFB`. -MODE_CFB = 3 -#: This mode should not be used. -MODE_PGP = 4 -#: Output FeedBack (OFB). See `blockalgo.MODE_OFB`. -MODE_OFB = 5 -#: CounTer Mode (CTR). See `blockalgo.MODE_CTR`. -MODE_CTR = 6 -#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`. -MODE_OPENPGP = 7 -#: Size of a data block (in bytes) -block_size = 8 -#: Size of a key (in bytes) -key_size = ( 16, 24 ) diff --git a/frozen_deps/Crypto/Cipher/PKCS1_OAEP.py b/frozen_deps/Crypto/Cipher/PKCS1_OAEP.py deleted file mode 100644 index 2738ce3..0000000 --- a/frozen_deps/Crypto/Cipher/PKCS1_OAEP.py +++ /dev/null @@ -1,255 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Cipher/PKCS1_OAEP.py : PKCS#1 OAEP -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""RSA encryption protocol according to PKCS#1 OAEP - -See RFC3447__ or the `original RSA Labs specification`__ . - -This scheme is more properly called ``RSAES-OAEP``. - -As an example, a sender may encrypt a message in this way: - - >>> from Crypto.Cipher import PKCS1_OAEP - >>> from Crypto.PublicKey import RSA - >>> - >>> message = 'To be encrypted' - >>> key = RSA.importKey(open('pubkey.der').read()) - >>> cipher = PKCS1_OAEP.new(key) - >>> ciphertext = cipher.encrypt(message) - -At the receiver side, decryption can be done using the private part of -the RSA key: - - >>> key = RSA.importKey(open('privkey.der').read()) - >>> cipher = PKCS1_OAP.new(key) - >>> message = cipher.decrypt(ciphertext) - -:undocumented: __revision__, __package__ - -.. __: http://www.ietf.org/rfc/rfc3447.txt -.. __: http://www.rsa.com/rsalabs/node.asp?id=2125. -""" - - - -__revision__ = "$Id$" -__all__ = [ 'new', 'PKCS1OAEP_Cipher' ] - -import Crypto.Signature.PKCS1_PSS -import Crypto.Hash.SHA - -from Crypto.Util.py3compat import * -import Crypto.Util.number -from Crypto.Util.number import ceil_div -from Crypto.Util.strxor import strxor - -class PKCS1OAEP_Cipher: - """This cipher can perform PKCS#1 v1.5 OAEP encryption or decryption.""" - - def __init__(self, key, hashAlgo, mgfunc, label): - """Initialize this PKCS#1 OAEP cipher object. - - :Parameters: - key : an RSA key object - If a private half is given, both encryption and decryption are possible. - If a public half is given, only encryption is possible. - hashAlgo : hash object - The hash function to use. This can be a module under `Crypto.Hash` - or an existing hash object created from any of such modules. If not specified, - `Crypto.Hash.SHA` (that is, SHA-1) is used. - mgfunc : callable - A mask generation function that accepts two parameters: a string to - use as seed, and the lenth of the mask to generate, in bytes. - If not specified, the standard MGF1 is used (a safe choice). - label : string - A label to apply to this particular encryption. If not specified, - an empty string is used. Specifying a label does not improve - security. - - :attention: Modify the mask generation function only if you know what you are doing. - Sender and receiver must use the same one. - """ - self._key = key - - if hashAlgo: - self._hashObj = hashAlgo - else: - self._hashObj = Crypto.Hash.SHA - - if mgfunc: - self._mgf = mgfunc - else: - self._mgf = lambda x,y: Crypto.Signature.PKCS1_PSS.MGF1(x,y,self._hashObj) - - self._label = label - - def can_encrypt(self): - """Return True/1 if this cipher object can be used for encryption.""" - return self._key.can_encrypt() - - def can_decrypt(self): - """Return True/1 if this cipher object can be used for decryption.""" - return self._key.can_decrypt() - - def encrypt(self, message): - """Produce the PKCS#1 OAEP encryption of a message. - - This function is named ``RSAES-OAEP-ENCRYPT``, and is specified in - section 7.1.1 of RFC3447. - - :Parameters: - message : string - The message to encrypt, also known as plaintext. It can be of - variable length, but not longer than the RSA modulus (in bytes) - minus 2, minus twice the hash output size. - - :Return: A string, the ciphertext in which the message is encrypted. - It is as long as the RSA modulus (in bytes). - :Raise ValueError: - If the RSA key length is not sufficiently long to deal with the given - message. - """ - # TODO: Verify the key is RSA - - randFunc = self._key._randfunc - - # See 7.1.1 in RFC3447 - modBits = Crypto.Util.number.size(self._key.n) - k = ceil_div(modBits,8) # Convert from bits to bytes - hLen = self._hashObj.digest_size - mLen = len(message) - - # Step 1b - ps_len = k-mLen-2*hLen-2 - if ps_len<0: - raise ValueError("Plaintext is too long.") - # Step 2a - lHash = self._hashObj.new(self._label).digest() - # Step 2b - ps = bchr(0x00)*ps_len - # Step 2c - db = lHash + ps + bchr(0x01) + message - # Step 2d - ros = randFunc(hLen) - # Step 2e - dbMask = self._mgf(ros, k-hLen-1) - # Step 2f - maskedDB = strxor(db, dbMask) - # Step 2g - seedMask = self._mgf(maskedDB, hLen) - # Step 2h - maskedSeed = strxor(ros, seedMask) - # Step 2i - em = bchr(0x00) + maskedSeed + maskedDB - # Step 3a (OS2IP), step 3b (RSAEP), part of step 3c (I2OSP) - m = self._key.encrypt(em, 0)[0] - # Complete step 3c (I2OSP) - c = bchr(0x00)*(k-len(m)) + m - return c - - def decrypt(self, ct): - """Decrypt a PKCS#1 OAEP ciphertext. - - This function is named ``RSAES-OAEP-DECRYPT``, and is specified in - section 7.1.2 of RFC3447. - - :Parameters: - ct : string - The ciphertext that contains the message to recover. - - :Return: A string, the original message. - :Raise ValueError: - If the ciphertext length is incorrect, or if the decryption does not - succeed. - :Raise TypeError: - If the RSA key has no private half. - """ - # TODO: Verify the key is RSA - - # See 7.1.2 in RFC3447 - modBits = Crypto.Util.number.size(self._key.n) - k = ceil_div(modBits,8) # Convert from bits to bytes - hLen = self._hashObj.digest_size - - # Step 1b and 1c - if len(ct) != k or k<hLen+2: - raise ValueError("Ciphertext with incorrect length.") - # Step 2a (O2SIP), 2b (RSADP), and part of 2c (I2OSP) - m = self._key.decrypt(ct) - # Complete step 2c (I2OSP) - em = bchr(0x00)*(k-len(m)) + m - # Step 3a - lHash = self._hashObj.new(self._label).digest() - # Step 3b - y = em[0] - # y must be 0, but we MUST NOT check it here in order not to - # allow attacks like Manger's (http://dl.acm.org/citation.cfm?id=704143) - maskedSeed = em[1:hLen+1] - maskedDB = em[hLen+1:] - # Step 3c - seedMask = self._mgf(maskedDB, hLen) - # Step 3d - seed = strxor(maskedSeed, seedMask) - # Step 3e - dbMask = self._mgf(seed, k-hLen-1) - # Step 3f - db = strxor(maskedDB, dbMask) - # Step 3g - valid = 1 - one = db[hLen:].find(bchr(0x01)) - lHash1 = db[:hLen] - if lHash1!=lHash: - valid = 0 - if one<0: - valid = 0 - if bord(y)!=0: - valid = 0 - if not valid: - raise ValueError("Incorrect decryption.") - # Step 4 - return db[hLen+one+1:] - -def new(key, hashAlgo=None, mgfunc=None, label=b('')): - """Return a cipher object `PKCS1OAEP_Cipher` that can be used to perform PKCS#1 OAEP encryption or decryption. - - :Parameters: - key : RSA key object - The key to use to encrypt or decrypt the message. This is a `Crypto.PublicKey.RSA` object. - Decryption is only possible if *key* is a private RSA key. - hashAlgo : hash object - The hash function to use. This can be a module under `Crypto.Hash` - or an existing hash object created from any of such modules. If not specified, - `Crypto.Hash.SHA` (that is, SHA-1) is used. - mgfunc : callable - A mask generation function that accepts two parameters: a string to - use as seed, and the lenth of the mask to generate, in bytes. - If not specified, the standard MGF1 is used (a safe choice). - label : string - A label to apply to this particular encryption. If not specified, - an empty string is used. Specifying a label does not improve - security. - - :attention: Modify the mask generation function only if you know what you are doing. - Sender and receiver must use the same one. - """ - return PKCS1OAEP_Cipher(key, hashAlgo, mgfunc, label) - diff --git a/frozen_deps/Crypto/Cipher/XOR.py b/frozen_deps/Crypto/Cipher/XOR.py deleted file mode 100644 index 46b8464..0000000 --- a/frozen_deps/Crypto/Cipher/XOR.py +++ /dev/null @@ -1,86 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Cipher/XOR.py : XOR -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== -"""XOR toy cipher - -XOR is one the simplest stream ciphers. Encryption and decryption are -performed by XOR-ing data with a keystream made by contatenating -the key. - -Do not use it for real applications! - -:undocumented: __revision__, __package__ -""" - -__revision__ = "$Id$" - -from Crypto.Cipher import _XOR - -class XORCipher: - """XOR cipher object""" - - def __init__(self, key, *args, **kwargs): - """Initialize a XOR cipher object - - See also `new()` at the module level.""" - self._cipher = _XOR.new(key, *args, **kwargs) - self.block_size = self._cipher.block_size - self.key_size = self._cipher.key_size - - def encrypt(self, plaintext): - """Encrypt a piece of data. - - :Parameters: - plaintext : byte string - The piece of data to encrypt. It can be of any size. - :Return: the encrypted data (byte string, as long as the - plaintext). - """ - return self._cipher.encrypt(plaintext) - - def decrypt(self, ciphertext): - """Decrypt a piece of data. - - :Parameters: - ciphertext : byte string - The piece of data to decrypt. It can be of any size. - :Return: the decrypted data (byte string, as long as the - ciphertext). - """ - return self._cipher.decrypt(ciphertext) - -def new(key, *args, **kwargs): - """Create a new XOR cipher - - :Parameters: - key : byte string - The secret key to use in the symmetric cipher. - Its length may vary from 1 to 32 bytes. - - :Return: an `XORCipher` object - """ - return XORCipher(key, *args, **kwargs) - -#: Size of a data block (in bytes) -block_size = 1 -#: Size of a key (in bytes) -key_size = range(1,32+1) - diff --git a/frozen_deps/Crypto/Cipher/_AES.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/Cipher/_AES.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index e9ffeb9..0000000 --- a/frozen_deps/Crypto/Cipher/_AES.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/Cipher/_ARC2.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/Cipher/_ARC2.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index b325488..0000000 --- a/frozen_deps/Crypto/Cipher/_ARC2.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/Cipher/_ARC4.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/Cipher/_ARC4.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 982a28d..0000000 --- a/frozen_deps/Crypto/Cipher/_ARC4.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/Cipher/_Blowfish.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/Cipher/_Blowfish.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 2648636..0000000 --- a/frozen_deps/Crypto/Cipher/_Blowfish.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/Cipher/_CAST.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/Cipher/_CAST.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 439731a..0000000 --- a/frozen_deps/Crypto/Cipher/_CAST.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/Cipher/_DES3.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/Cipher/_DES3.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index faef3f9..0000000 --- a/frozen_deps/Crypto/Cipher/_DES3.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/Cipher/_XOR.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/Cipher/_XOR.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 43f0560..0000000 --- a/frozen_deps/Crypto/Cipher/_XOR.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/Cipher/__init__.py b/frozen_deps/Crypto/Cipher/__init__.py deleted file mode 100644 index 7afed2d..0000000 --- a/frozen_deps/Crypto/Cipher/__init__.py +++ /dev/null @@ -1,83 +0,0 @@ -# -*- coding: utf-8 -*- -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""Symmetric- and asymmetric-key encryption algorithms. - -Encryption algorithms transform plaintext in some way that -is dependent on a key or key pair, producing ciphertext. - -Symmetric algorithms --------------------- - -Encryption can easily be reversed, if (and, hopefully, only if) -one knows the same key. -In other words, sender and receiver share the same key. - -The symmetric encryption modules here all support the interface described in PEP -272, "API for Block Encryption Algorithms". - -If you don't know which algorithm to choose, use AES because it's -standard and has undergone a fair bit of examination. - -======================== ======= ======================== -Module name Type Description -======================== ======= ======================== -`Crypto.Cipher.AES` Block Advanced Encryption Standard -`Crypto.Cipher.ARC2` Block Alleged RC2 -`Crypto.Cipher.ARC4` Stream Alleged RC4 -`Crypto.Cipher.Blowfish` Block Blowfish -`Crypto.Cipher.CAST` Block CAST -`Crypto.Cipher.DES` Block The Data Encryption Standard. - Very commonly used in the past, - but today its 56-bit keys are too small. -`Crypto.Cipher.DES3` Block Triple DES. -`Crypto.Cipher.XOR` Stream The simple XOR cipher. -======================== ======= ======================== - - -Asymmetric algorithms ---------------------- - -For asymmetric algorithms, the key to be used for decryption is totally -different and cannot be derived in a feasible way from the key used -for encryption. Put differently, sender and receiver each own one half -of a key pair. The encryption key is often called ``public`` whereas -the decryption key is called ``private``. - -========================== ======================= -Module name Description -========================== ======================= -`Crypto.Cipher.PKCS1_v1_5` PKCS#1 v1.5 encryption, based on RSA key pairs -`Crypto.Cipher.PKCS1_OAEP` PKCS#1 OAEP encryption, based on RSA key pairs -========================== ======================= - -:undocumented: __revision__, __package__, _AES, _ARC2, _ARC4, _Blowfish - _CAST, _DES, _DES3, _XOR -""" - -__all__ = ['AES', 'ARC2', 'ARC4', - 'Blowfish', 'CAST', 'DES', 'DES3', - 'XOR', - 'PKCS1_v1_5', 'PKCS1_OAEP' - ] - -__revision__ = "$Id$" - - diff --git a/frozen_deps/Crypto/Cipher/blockalgo.py b/frozen_deps/Crypto/Cipher/blockalgo.py deleted file mode 100644 index dd183dc..0000000 --- a/frozen_deps/Crypto/Cipher/blockalgo.py +++ /dev/null @@ -1,296 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Cipher/blockalgo.py -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== -"""Module with definitions common to all block ciphers.""" - -import sys -if sys.version_info[0] == 2 and sys.version_info[1] == 1: - from Crypto.Util.py21compat import * -from Crypto.Util.py3compat import * - -#: *Electronic Code Book (ECB)*. -#: This is the simplest encryption mode. Each of the plaintext blocks -#: is directly encrypted into a ciphertext block, independently of -#: any other block. This mode exposes frequency of symbols -#: in your plaintext. Other modes (e.g. *CBC*) should be used instead. -#: -#: See `NIST SP800-38A`_ , Section 6.1 . -#: -#: .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf -MODE_ECB = 1 - -#: *Cipher-Block Chaining (CBC)*. Each of the ciphertext blocks depends -#: on the current and all previous plaintext blocks. An Initialization Vector -#: (*IV*) is required. -#: -#: The *IV* is a data block to be transmitted to the receiver. -#: The *IV* can be made public, but it must be authenticated by the receiver and -#: it should be picked randomly. -#: -#: See `NIST SP800-38A`_ , Section 6.2 . -#: -#: .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf -MODE_CBC = 2 - -#: *Cipher FeedBack (CFB)*. This mode is similar to CBC, but it transforms -#: the underlying block cipher into a stream cipher. Plaintext and ciphertext -#: are processed in *segments* of **s** bits. The mode is therefore sometimes -#: labelled **s**-bit CFB. An Initialization Vector (*IV*) is required. -#: -#: When encrypting, each ciphertext segment contributes to the encryption of -#: the next plaintext segment. -#: -#: This *IV* is a data block to be transmitted to the receiver. -#: The *IV* can be made public, but it should be picked randomly. -#: Reusing the same *IV* for encryptions done with the same key lead to -#: catastrophic cryptographic failures. -#: -#: See `NIST SP800-38A`_ , Section 6.3 . -#: -#: .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf -MODE_CFB = 3 - -#: This mode should not be used. -MODE_PGP = 4 - -#: *Output FeedBack (OFB)*. This mode is very similar to CBC, but it -#: transforms the underlying block cipher into a stream cipher. -#: The keystream is the iterated block encryption of an Initialization Vector (*IV*). -#: -#: The *IV* is a data block to be transmitted to the receiver. -#: The *IV* can be made public, but it should be picked randomly. -#: -#: Reusing the same *IV* for encryptions done with the same key lead to -#: catastrophic cryptograhic failures. -#: -#: See `NIST SP800-38A`_ , Section 6.4 . -#: -#: .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf -MODE_OFB = 5 - -#: *CounTeR (CTR)*. This mode is very similar to ECB, in that -#: encryption of one block is done independently of all other blocks. -#: Unlike ECB, the block *position* contributes to the encryption and no -#: information leaks about symbol frequency. -#: -#: Each message block is associated to a *counter* which must be unique -#: across all messages that get encrypted with the same key (not just within -#: the same message). The counter is as big as the block size. -#: -#: Counters can be generated in several ways. The most straightword one is -#: to choose an *initial counter block* (which can be made public, similarly -#: to the *IV* for the other modes) and increment its lowest **m** bits by -#: one (modulo *2^m*) for each block. In most cases, **m** is chosen to be half -#: the block size. -#: -#: Reusing the same *initial counter block* for encryptions done with the same -#: key lead to catastrophic cryptograhic failures. -#: -#: See `NIST SP800-38A`_ , Section 6.5 (for the mode) and Appendix B (for how -#: to manage the *initial counter block*). -#: -#: .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf -MODE_CTR = 6 - -#: OpenPGP. This mode is a variant of CFB, and it is only used in PGP and OpenPGP_ applications. -#: An Initialization Vector (*IV*) is required. -#: -#: Unlike CFB, the IV is not transmitted to the receiver. Instead, the *encrypted* IV is. -#: The IV is a random data block. Two of its bytes are duplicated to act as a checksum -#: for the correctness of the key. The encrypted IV is therefore 2 bytes longer than -#: the clean IV. -#: -#: .. _OpenPGP: http://tools.ietf.org/html/rfc4880 -MODE_OPENPGP = 7 - -def _getParameter(name, index, args, kwargs, default=None): - """Find a parameter in tuple and dictionary arguments a function receives""" - param = kwargs.get(name) - if len(args)>index: - if param: - raise ValueError("Parameter '%s' is specified twice" % name) - param = args[index] - return param or default - -class BlockAlgo: - """Class modelling an abstract block cipher.""" - - def __init__(self, factory, key, *args, **kwargs): - self.mode = _getParameter('mode', 0, args, kwargs, default=MODE_ECB) - self.block_size = factory.block_size - - if self.mode != MODE_OPENPGP: - self._cipher = factory.new(key, *args, **kwargs) - self.IV = self._cipher.IV - else: - # OPENPGP mode. For details, see 13.9 in RCC4880. - # - # A few members are specifically created for this mode: - # - _encrypted_iv, set in this constructor - # - _done_first_block, set to True after the first encryption - # - _done_last_block, set to True after a partial block is processed - - self._done_first_block = False - self._done_last_block = False - self.IV = _getParameter('iv', 1, args, kwargs) - if not self.IV: - raise ValueError("MODE_OPENPGP requires an IV") - - # Instantiate a temporary cipher to process the IV - IV_cipher = factory.new(key, MODE_CFB, - b('\x00')*self.block_size, # IV for CFB - segment_size=self.block_size*8) - - # The cipher will be used for... - if len(self.IV) == self.block_size: - # ... encryption - self._encrypted_IV = IV_cipher.encrypt( - self.IV + self.IV[-2:] + # Plaintext - b('\x00')*(self.block_size-2) # Padding - )[:self.block_size+2] - elif len(self.IV) == self.block_size+2: - # ... decryption - self._encrypted_IV = self.IV - self.IV = IV_cipher.decrypt(self.IV + # Ciphertext - b('\x00')*(self.block_size-2) # Padding - )[:self.block_size+2] - if self.IV[-2:] != self.IV[-4:-2]: - raise ValueError("Failed integrity check for OPENPGP IV") - self.IV = self.IV[:-2] - else: - raise ValueError("Length of IV must be %d or %d bytes for MODE_OPENPGP" - % (self.block_size, self.block_size+2)) - - # Instantiate the cipher for the real PGP data - self._cipher = factory.new(key, MODE_CFB, - self._encrypted_IV[-self.block_size:], - segment_size=self.block_size*8) - - def encrypt(self, plaintext): - """Encrypt data with the key and the parameters set at initialization. - - The cipher object is stateful; encryption of a long block - of data can be broken up in two or more calls to `encrypt()`. - That is, the statement: - - >>> c.encrypt(a) + c.encrypt(b) - - is always equivalent to: - - >>> c.encrypt(a+b) - - That also means that you cannot reuse an object for encrypting - or decrypting other data with the same key. - - This function does not perform any padding. - - - For `MODE_ECB`, `MODE_CBC`, and `MODE_OFB`, *plaintext* length - (in bytes) must be a multiple of *block_size*. - - - For `MODE_CFB`, *plaintext* length (in bytes) must be a multiple - of *segment_size*/8. - - - For `MODE_CTR`, *plaintext* can be of any length. - - - For `MODE_OPENPGP`, *plaintext* must be a multiple of *block_size*, - unless it is the last chunk of the message. - - :Parameters: - plaintext : byte string - The piece of data to encrypt. - :Return: - the encrypted data, as a byte string. It is as long as - *plaintext* with one exception: when encrypting the first message - chunk with `MODE_OPENPGP`, the encypted IV is prepended to the - returned ciphertext. - """ - - if self.mode == MODE_OPENPGP: - padding_length = (self.block_size - len(plaintext) % self.block_size) % self.block_size - if padding_length>0: - # CFB mode requires ciphertext to have length multiple of block size, - # but PGP mode allows the last block to be shorter - if self._done_last_block: - raise ValueError("Only the last chunk is allowed to have length not multiple of %d bytes", - self.block_size) - self._done_last_block = True - padded = plaintext + b('\x00')*padding_length - res = self._cipher.encrypt(padded)[:len(plaintext)] - else: - res = self._cipher.encrypt(plaintext) - if not self._done_first_block: - res = self._encrypted_IV + res - self._done_first_block = True - return res - - return self._cipher.encrypt(plaintext) - - def decrypt(self, ciphertext): - """Decrypt data with the key and the parameters set at initialization. - - The cipher object is stateful; decryption of a long block - of data can be broken up in two or more calls to `decrypt()`. - That is, the statement: - - >>> c.decrypt(a) + c.decrypt(b) - - is always equivalent to: - - >>> c.decrypt(a+b) - - That also means that you cannot reuse an object for encrypting - or decrypting other data with the same key. - - This function does not perform any padding. - - - For `MODE_ECB`, `MODE_CBC`, and `MODE_OFB`, *ciphertext* length - (in bytes) must be a multiple of *block_size*. - - - For `MODE_CFB`, *ciphertext* length (in bytes) must be a multiple - of *segment_size*/8. - - - For `MODE_CTR`, *ciphertext* can be of any length. - - - For `MODE_OPENPGP`, *plaintext* must be a multiple of *block_size*, - unless it is the last chunk of the message. - - :Parameters: - ciphertext : byte string - The piece of data to decrypt. - :Return: the decrypted data (byte string, as long as *ciphertext*). - """ - if self.mode == MODE_OPENPGP: - padding_length = (self.block_size - len(ciphertext) % self.block_size) % self.block_size - if padding_length>0: - # CFB mode requires ciphertext to have length multiple of block size, - # but PGP mode allows the last block to be shorter - if self._done_last_block: - raise ValueError("Only the last chunk is allowed to have length not multiple of %d bytes", - self.block_size) - self._done_last_block = True - padded = ciphertext + b('\x00')*padding_length - res = self._cipher.decrypt(padded)[:len(ciphertext)] - else: - res = self._cipher.decrypt(ciphertext) - return res - - return self._cipher.decrypt(ciphertext) - diff --git a/frozen_deps/Crypto/Hash/HMAC.py b/frozen_deps/Crypto/Hash/HMAC.py deleted file mode 100644 index 324f534..0000000 --- a/frozen_deps/Crypto/Hash/HMAC.py +++ /dev/null @@ -1,212 +0,0 @@ -# HMAC.py - Implements the HMAC algorithm as described by RFC 2104. -# -# =================================================================== -# Portions Copyright (c) 2001, 2002, 2003 Python Software Foundation; -# All Rights Reserved -# -# This file contains code from the Python 2.2 hmac.py module (the -# "Original Code"), with modifications made after it was incorporated -# into PyCrypto (the "Modifications"). -# -# To the best of our knowledge, the Python Software Foundation is the -# copyright holder of the Original Code, and has licensed it under the -# Python 2.2 license. See the file LEGAL/copy/LICENSE.python-2.2 for -# details. -# -# The Modifications to this file are dedicated to the public domain. -# To the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. No rights are -# reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - - -"""HMAC (Hash-based Message Authentication Code) algorithm - -HMAC is a MAC defined in RFC2104_ and FIPS-198_ and constructed using -a cryptograpic hash algorithm. -It is usually named *HMAC-X*, where *X* is the hash algorithm; for -instance *HMAC-SHA1* or *HMAC-MD5*. - -The strength of an HMAC depends on: - - - the strength of the hash algorithm - - the length and entropy of the secret key - -An example of possible usage is the following: - - >>> from Crypto.Hash import HMAC - >>> - >>> secret = b'Swordfish' - >>> h = HMAC.new(secret) - >>> h.update(b'Hello') - >>> print h.hexdigest() - -.. _RFC2104: http://www.ietf.org/rfc/rfc2104.txt -.. _FIPS-198: http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf -""" - -# This is just a copy of the Python 2.2 HMAC module, modified to work when -# used on versions of Python before 2.2. - -__revision__ = "$Id$" - -__all__ = ['new', 'digest_size', 'HMAC' ] - -from Crypto.Util.strxor import strxor_c -from Crypto.Util.py3compat import * - -#: The size of the authentication tag produced by the MAC. -#: It matches the digest size on the underlying -#: hashing module used. -digest_size = None - -class HMAC: - """Class that implements HMAC""" - - #: The size of the authentication tag produced by the MAC. - #: It matches the digest size on the underlying - #: hashing module used. - digest_size = None - - def __init__(self, key, msg = None, digestmod = None): - """Create a new HMAC object. - - :Parameters: - key : byte string - secret key for the MAC object. - It must be long enough to match the expected security level of the - MAC. However, there is no benefit in using keys longer than the - `digest_size` of the underlying hash algorithm. - msg : byte string - The very first chunk of the message to authenticate. - It is equivalent to an early call to `update()`. Optional. - :Parameter digestmod: - The hash algorithm the HMAC is based on. - Default is `Crypto.Hash.MD5`. - :Type digestmod: - A hash module or object instantiated from `Crypto.Hash` - """ - if digestmod is None: - from . import MD5 - digestmod = MD5 - - self.digestmod = digestmod - self.outer = digestmod.new() - self.inner = digestmod.new() - try: - self.digest_size = digestmod.digest_size - except AttributeError: - self.digest_size = len(self.outer.digest()) - - try: - # The block size is 128 bytes for SHA384 and SHA512 and 64 bytes - # for the others hash function - blocksize = digestmod.block_size - except AttributeError: - blocksize = 64 - - ipad = 0x36 - opad = 0x5C - - if len(key) > blocksize: - key = digestmod.new(key).digest() - - key = key + bchr(0) * (blocksize - len(key)) - self.outer.update(strxor_c(key, opad)) - self.inner.update(strxor_c(key, ipad)) - if (msg): - self.update(msg) - - def update(self, msg): - """Continue authentication of a message by consuming the next chunk of data. - - Repeated calls are equivalent to a single call with the concatenation - of all the arguments. In other words: - - >>> m.update(a); m.update(b) - - is equivalent to: - - >>> m.update(a+b) - - :Parameters: - msg : byte string - The next chunk of the message being authenticated - """ - - self.inner.update(msg) - - def copy(self): - """Return a copy ("clone") of the MAC object. - - The copy will have the same internal state as the original MAC - object. - This can be used to efficiently compute the MAC of strings that - share a common initial substring. - - :Returns: An `HMAC` object - """ - other = HMAC(b("")) - other.digestmod = self.digestmod - other.inner = self.inner.copy() - other.outer = self.outer.copy() - return other - - def digest(self): - """Return the **binary** (non-printable) MAC of the message that has - been authenticated so far. - - This method does not change the state of the MAC object. - You can continue updating the object after calling this function. - - :Return: A byte string of `digest_size` bytes. It may contain non-ASCII - characters, including null bytes. - """ - h = self.outer.copy() - h.update(self.inner.digest()) - return h.digest() - - def hexdigest(self): - """Return the **printable** MAC of the message that has been - authenticated so far. - - This method does not change the state of the MAC object. - - :Return: A string of 2* `digest_size` bytes. It contains only - hexadecimal ASCII digits. - """ - return "".join(["%02x" % bord(x) - for x in tuple(self.digest())]) - -def new(key, msg = None, digestmod = None): - """Create a new HMAC object. - - :Parameters: - key : byte string - key for the MAC object. - It must be long enough to match the expected security level of the - MAC. However, there is no benefit in using keys longer than the - `digest_size` of the underlying hash algorithm. - msg : byte string - The very first chunk of the message to authenticate. - It is equivalent to an early call to `HMAC.update()`. - Optional. - :Parameter digestmod: - The hash to use to implement the HMAC. Default is `Crypto.Hash.MD5`. - :Type digestmod: - A hash module or instantiated object from `Crypto.Hash` - :Returns: An `HMAC` object - """ - return HMAC(key, msg, digestmod) - diff --git a/frozen_deps/Crypto/Hash/MD2.py b/frozen_deps/Crypto/Hash/MD2.py deleted file mode 100644 index dac959e..0000000 --- a/frozen_deps/Crypto/Hash/MD2.py +++ /dev/null @@ -1,91 +0,0 @@ -# -*- coding: utf-8 -*- -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""MD2 cryptographic hash algorithm. - -MD2 is specified in RFC1319_ and it produces the 128 bit digest of a message. - - >>> from Crypto.Hash import MD2 - >>> - >>> h = MD2.new() - >>> h.update(b'Hello') - >>> print h.hexdigest() - -MD2 stand for Message Digest version 2, and it was invented by Rivest in 1989. - -This algorithm is both slow and insecure. Do not use it for new designs. - -.. _RFC1319: http://tools.ietf.org/html/rfc1319 -""" - -_revision__ = "$Id$" - -__all__ = ['new', 'digest_size', 'MD2Hash' ] - -from Crypto.Util.py3compat import * -from Crypto.Hash.hashalgo import HashAlgo - -import Crypto.Hash._MD2 as _MD2 -hashFactory = _MD2 - -class MD2Hash(HashAlgo): - """Class that implements an MD2 hash - - :undocumented: block_size - """ - - #: ASN.1 Object identifier (OID):: - #: - #: id-md2 OBJECT IDENTIFIER ::= { - #: iso(1) member-body(2) us(840) rsadsi(113549) - #: digestAlgorithm(2) 2 - #: } - #: - #: This value uniquely identifies the MD2 algorithm. - oid = b('\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x02') - - digest_size = 16 - block_size = 16 - - def __init__(self, data=None): - HashAlgo.__init__(self, hashFactory, data) - - def new(self, data=None): - return MD2Hash(data) - -def new(data=None): - """Return a fresh instance of the hash object. - - :Parameters: - data : byte string - The very first chunk of the message to hash. - It is equivalent to an early call to `MD2Hash.update()`. - Optional. - - :Return: An `MD2Hash` object - """ - return MD2Hash().new(data) - -#: The size of the resulting hash in bytes. -digest_size = MD2Hash.digest_size - -#: The internal block size of the hash algorithm in bytes. -block_size = MD2Hash.block_size - diff --git a/frozen_deps/Crypto/Hash/MD4.py b/frozen_deps/Crypto/Hash/MD4.py deleted file mode 100644 index e28a201..0000000 --- a/frozen_deps/Crypto/Hash/MD4.py +++ /dev/null @@ -1,91 +0,0 @@ -# -*- coding: utf-8 -*- -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""MD4 cryptographic hash algorithm. - -MD4 is specified in RFC1320_ and produces the 128 bit digest of a message. - - >>> from Crypto.Hash import MD4 - >>> - >>> h = MD4.new() - >>> h.update(b'Hello') - >>> print h.hexdigest() - -MD4 stand for Message Digest version 4, and it was invented by Rivest in 1990. - -This algorithm is insecure. Do not use it for new designs. - -.. _RFC1320: http://tools.ietf.org/html/rfc1320 -""" - -_revision__ = "$Id$" - -__all__ = ['new', 'digest_size', 'MD4Hash' ] - -from Crypto.Util.py3compat import * -from Crypto.Hash.hashalgo import HashAlgo - -import Crypto.Hash._MD4 as _MD4 -hashFactory = _MD4 - -class MD4Hash(HashAlgo): - """Class that implements an MD4 hash - - :undocumented: block_size - """ - - #: ASN.1 Object identifier (OID):: - #: - #: id-md2 OBJECT IDENTIFIER ::= { - #: iso(1) member-body(2) us(840) rsadsi(113549) - #: digestAlgorithm(2) 4 - #: } - #: - #: This value uniquely identifies the MD4 algorithm. - oid = b('\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x04') - - digest_size = 16 - block_size = 64 - - def __init__(self, data=None): - HashAlgo.__init__(self, hashFactory, data) - - def new(self, data=None): - return MD4Hash(data) - -def new(data=None): - """Return a fresh instance of the hash object. - - :Parameters: - data : byte string - The very first chunk of the message to hash. - It is equivalent to an early call to `MD4Hash.update()`. - Optional. - - :Return: A `MD4Hash` object - """ - return MD4Hash().new(data) - -#: The size of the resulting hash in bytes. -digest_size = MD4Hash.digest_size - -#: The internal block size of the hash algorithm in bytes. -block_size = MD4Hash.block_size - diff --git a/frozen_deps/Crypto/Hash/MD5.py b/frozen_deps/Crypto/Hash/MD5.py deleted file mode 100644 index 18e9e7b..0000000 --- a/frozen_deps/Crypto/Hash/MD5.py +++ /dev/null @@ -1,97 +0,0 @@ -# -*- coding: utf-8 -*- -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""MD5 cryptographic hash algorithm. - -MD5 is specified in RFC1321_ and produces the 128 bit digest of a message. - - >>> from Crypto.Hash import MD5 - >>> - >>> h = MD5.new() - >>> h.update(b'Hello') - >>> print h.hexdigest() - -MD5 stand for Message Digest version 5, and it was invented by Rivest in 1991. - -This algorithm is insecure. Do not use it for new designs. - -.. _RFC1321: http://tools.ietf.org/html/rfc1321 -""" - -_revision__ = "$Id$" - -__all__ = ['new', 'digest_size', 'MD5Hash' ] - -from Crypto.Util.py3compat import * -from Crypto.Hash.hashalgo import HashAlgo - -try: - # The md5 module is deprecated in Python 2.6, so use hashlib when possible. - import hashlib - hashFactory = hashlib.md5 - -except ImportError: - import md5 - hashFactory = md5 - -class MD5Hash(HashAlgo): - """Class that implements an MD5 hash - - :undocumented: block_size - """ - - #: ASN.1 Object identifier (OID):: - #: - #: id-md5 OBJECT IDENTIFIER ::= { - #: iso(1) member-body(2) us(840) rsadsi(113549) - #: digestAlgorithm(2) 5 - #: } - #: - #: This value uniquely identifies the MD5 algorithm. - oid = b('\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05') - - digest_size = 16 - block_size = 64 - - def __init__(self, data=None): - HashAlgo.__init__(self, hashFactory, data) - - def new(self, data=None): - return MD5Hash(data) - -def new(data=None): - """Return a fresh instance of the hash object. - - :Parameters: - data : byte string - The very first chunk of the message to hash. - It is equivalent to an early call to `MD5Hash.update()`. - Optional. - - :Return: A `MD5Hash` object - """ - return MD5Hash().new(data) - -#: The size of the resulting hash in bytes. -digest_size = MD5Hash.digest_size - -#: The internal block size of the hash algorithm in bytes. -block_size = MD5Hash.block_size - diff --git a/frozen_deps/Crypto/Hash/RIPEMD.py b/frozen_deps/Crypto/Hash/RIPEMD.py deleted file mode 100644 index 33099cb..0000000 --- a/frozen_deps/Crypto/Hash/RIPEMD.py +++ /dev/null @@ -1,94 +0,0 @@ -# -*- coding: utf-8 -*- -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""RIPEMD-160 cryptographic hash algorithm. - -RIPEMD-160_ produces the 160 bit digest of a message. - - >>> from Crypto.Hash import RIPEMD - >>> - >>> h = RIPEMD.new() - >>> h.update(b'Hello') - >>> print h.hexdigest() - -RIPEMD-160 stands for RACE Integrity Primitives Evaluation Message Digest -with a 160 bit digest. It was invented by Dobbertin, Bosselaers, and Preneel. - -This algorithm is considered secure, although it has not been scrutinized as -extensively as SHA-1. Moreover, it provides an informal security level of just -80bits. - -.. _RIPEMD-160: http://homes.esat.kuleuven.be/~bosselae/ripemd160.html -""" - -_revision__ = "$Id$" - -__all__ = ['new', 'digest_size', 'RIPEMD160Hash' ] - -from Crypto.Util.py3compat import * -from Crypto.Hash.hashalgo import HashAlgo - -import Crypto.Hash._RIPEMD160 as _RIPEMD160 -hashFactory = _RIPEMD160 - -class RIPEMD160Hash(HashAlgo): - """Class that implements a RIPMD-160 hash - - :undocumented: block_size - """ - - #: ASN.1 Object identifier (OID):: - #: - #: id-ripemd160 OBJECT IDENTIFIER ::= { - #: iso(1) identified-organization(3) teletrust(36) - #: algorithm(3) hashAlgorithm(2) ripemd160(1) - #: } - #: - #: This value uniquely identifies the RIPMD-160 algorithm. - oid = b("\x06\x05\x2b\x24\x03\x02\x01") - - digest_size = 20 - block_size = 64 - - def __init__(self, data=None): - HashAlgo.__init__(self, hashFactory, data) - - def new(self, data=None): - return RIPEMD160Hash(data) - -def new(data=None): - """Return a fresh instance of the hash object. - - :Parameters: - data : byte string - The very first chunk of the message to hash. - It is equivalent to an early call to `RIPEMD160Hash.update()`. - Optional. - - :Return: A `RIPEMD160Hash` object - """ - return RIPEMD160Hash().new(data) - -#: The size of the resulting hash in bytes. -digest_size = RIPEMD160Hash.digest_size - -#: The internal block size of the hash algorithm in bytes. -block_size = RIPEMD160Hash.block_size - diff --git a/frozen_deps/Crypto/Hash/SHA.py b/frozen_deps/Crypto/Hash/SHA.py deleted file mode 100644 index 0bc5917..0000000 --- a/frozen_deps/Crypto/Hash/SHA.py +++ /dev/null @@ -1,98 +0,0 @@ -# -*- coding: utf-8 -*- -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""SHA-1 cryptographic hash algorithm. - -SHA-1_ produces the 160 bit digest of a message. - - >>> from Crypto.Hash import SHA - >>> - >>> h = SHA.new() - >>> h.update(b'Hello') - >>> print h.hexdigest() - -*SHA* stands for Secure Hash Algorithm. - -This algorithm is not considered secure. Do not use it for new designs. - -.. _SHA-1: http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf -""" - -_revision__ = "$Id$" - -__all__ = ['new', 'digest_size', 'SHA1Hash' ] - -from Crypto.Util.py3compat import * -from Crypto.Hash.hashalgo import HashAlgo - -try: - # The sha module is deprecated in Python 2.6, so use hashlib when possible. - import hashlib - hashFactory = hashlib.sha1 - -except ImportError: - import sha - hashFactory = sha - -class SHA1Hash(HashAlgo): - """Class that implements a SHA-1 hash - - :undocumented: block_size - """ - - #: ASN.1 Object identifier (OID):: - #: - #: id-sha1 OBJECT IDENTIFIER ::= { - #: iso(1) identified-organization(3) oiw(14) secsig(3) - #: algorithms(2) 26 - #: } - #: - #: This value uniquely identifies the SHA-1 algorithm. - oid = b('\x06\x05\x2b\x0e\x03\x02\x1a') - - digest_size = 20 - block_size = 64 - - def __init__(self, data=None): - HashAlgo.__init__(self, hashFactory, data) - - def new(self, data=None): - return SHA1Hash(data) - -def new(data=None): - """Return a fresh instance of the hash object. - - :Parameters: - data : byte string - The very first chunk of the message to hash. - It is equivalent to an early call to `SHA1Hash.update()`. - Optional. - - :Return: A `SHA1Hash` object - """ - return SHA1Hash().new(data) - -#: The size of the resulting hash in bytes. -digest_size = SHA1Hash.digest_size - -#: The internal block size of the hash algorithm in bytes. -block_size = SHA1Hash.block_size - - diff --git a/frozen_deps/Crypto/Hash/SHA224.py b/frozen_deps/Crypto/Hash/SHA224.py deleted file mode 100644 index 959b56d..0000000 --- a/frozen_deps/Crypto/Hash/SHA224.py +++ /dev/null @@ -1,95 +0,0 @@ -# -*- coding: utf-8 -*- -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""SHA-224 cryptographic hash algorithm. - -SHA-224 belongs to the SHA-2_ family of cryptographic hashes. -It produces the 224 bit digest of a message. - - >>> from Crypto.Hash import SHA224 - >>> - >>> h = SHA224.new() - >>> h.update(b'Hello') - >>> print h.hexdigest() - -*SHA* stands for Secure Hash Algorithm. - -.. _SHA-2: http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf -""" - -_revision__ = "$Id$" - -__all__ = ['new', 'digest_size', 'SHA224Hash' ] - -from Crypto.Util.py3compat import * -from Crypto.Hash.hashalgo import HashAlgo - -try: - import hashlib - hashFactory = hashlib.sha224 - -except ImportError: - from Crypto.Hash import _SHA224 - hashFactory = _SHA224 - -class SHA224Hash(HashAlgo): - """Class that implements a SHA-224 hash - - :undocumented: block_size - """ - - #: ASN.1 Object identifier (OID):: - #: - #: id-sha224 OBJECT IDENTIFIER ::= { - #: joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) - #: nistalgorithm(4) hashalgs(2) 4 - #: } - #: - #: This value uniquely identifies the SHA-224 algorithm. - oid = b('\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x04') - - digest_size = 28 - block_size = 64 - - def __init__(self, data=None): - HashAlgo.__init__(self, hashFactory, data) - - def new(self, data=None): - return SHA224Hash(data) - -def new(data=None): - """Return a fresh instance of the hash object. - - :Parameters: - data : byte string - The very first chunk of the message to hash. - It is equivalent to an early call to `SHA224Hash.update()`. - Optional. - - :Return: A `SHA224Hash` object - """ - return SHA224Hash().new(data) - -#: The size of the resulting hash in bytes. -digest_size = SHA224Hash.digest_size - -#: The internal block size of the hash algorithm in bytes. -block_size = SHA224Hash.block_size - diff --git a/frozen_deps/Crypto/Hash/SHA256.py b/frozen_deps/Crypto/Hash/SHA256.py deleted file mode 100644 index b0a99b3..0000000 --- a/frozen_deps/Crypto/Hash/SHA256.py +++ /dev/null @@ -1,95 +0,0 @@ -# -*- coding: utf-8 -*- -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""SHA-256 cryptographic hash algorithm. - -SHA-256 belongs to the SHA-2_ family of cryptographic hashes. -It produces the 256 bit digest of a message. - - >>> from Crypto.Hash import SHA256 - >>> - >>> h = SHA256.new() - >>> h.update(b'Hello') - >>> print h.hexdigest() - -*SHA* stands for Secure Hash Algorithm. - -.. _SHA-2: http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf -""" - -_revision__ = "$Id$" - -__all__ = ['new', 'digest_size', 'SHA256Hash' ] - -from Crypto.Util.py3compat import * -from Crypto.Hash.hashalgo import HashAlgo - -try: - import hashlib - hashFactory = hashlib.sha256 - -except ImportError: - from Crypto.Hash import _SHA256 - hashFactory = _SHA256 - -class SHA256Hash(HashAlgo): - """Class that implements a SHA-256 hash - - :undocumented: block_size - """ - - #: ASN.1 Object identifier (OID):: - #: - #: id-sha256 OBJECT IDENTIFIER ::= { - #: joint-iso-itu-t(2) country(16) us(840) organization(1) - #: gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 - #: } - #: - #: This value uniquely identifies the SHA-256 algorithm. - oid = b('\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01') - - digest_size = 32 - block_size = 64 - - def __init__(self, data=None): - HashAlgo.__init__(self, hashFactory, data) - - def new(self, data=None): - return SHA256Hash(data) - -def new(data=None): - """Return a fresh instance of the hash object. - - :Parameters: - data : byte string - The very first chunk of the message to hash. - It is equivalent to an early call to `SHA256Hash.update()`. - Optional. - - :Return: A `SHA256Hash` object - """ - return SHA256Hash().new(data) - -#: The size of the resulting hash in bytes. -digest_size = SHA256Hash.digest_size - -#: The internal block size of the hash algorithm in bytes. -block_size = SHA256Hash.block_size - diff --git a/frozen_deps/Crypto/Hash/SHA384.py b/frozen_deps/Crypto/Hash/SHA384.py deleted file mode 100644 index 3490b02..0000000 --- a/frozen_deps/Crypto/Hash/SHA384.py +++ /dev/null @@ -1,96 +0,0 @@ -# -*- coding: utf-8 -*- -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""SHA-384 cryptographic hash algorithm. - -SHA-384 belongs to the SHA-2_ family of cryptographic hashes. -It produces the 384 bit digest of a message. - - >>> from Crypto.Hash import SHA384 - >>> - >>> h = SHA384.new() - >>> h.update(b'Hello') - >>> print h.hexdigest() - -*SHA* stands for Secure Hash Algorithm. - -.. _SHA-2: http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf -""" - -_revision__ = "$Id$" - -__all__ = ['new', 'digest_size', 'SHA384Hash' ] - -from Crypto.Util.py3compat import * -from Crypto.Hash.hashalgo import HashAlgo - -try: - import hashlib - hashFactory = hashlib.sha384 - -except ImportError: - from Crypto.Hash import _SHA384 - hashFactory = _SHA384 - -class SHA384Hash(HashAlgo): - """Class that implements a SHA-384 hash - - :undocumented: block_size - """ - - #: ASN.1 Object identifier (OID):: - #: - #: id-sha384 OBJECT IDENTIFIER ::= { - #: joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) - #: nistalgorithm(4) hashalgs(2) 2 - #: } - #: - #: This value uniquely identifies the SHA-384 algorithm. - oid = b('\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02') - - digest_size = 48 - block_size = 128 - - def __init__(self, data=None): - HashAlgo.__init__(self, hashFactory, data) - - def new(self, data=None): - return SHA384Hash(data) - -def new(data=None): - """Return a fresh instance of the hash object. - - :Parameters: - data : byte string - The very first chunk of the message to hash. - It is equivalent to an early call to `SHA384Hash.update()`. - Optional. - - :Return: A `SHA384Hash` object - """ - return SHA384Hash().new(data) - -#: The size of the resulting hash in bytes. -digest_size = SHA384Hash.digest_size - -#: The internal block size of the hash algorithm in bytes. -block_size = SHA384Hash.block_size - - diff --git a/frozen_deps/Crypto/Hash/SHA512.py b/frozen_deps/Crypto/Hash/SHA512.py deleted file mode 100644 index d57548d..0000000 --- a/frozen_deps/Crypto/Hash/SHA512.py +++ /dev/null @@ -1,95 +0,0 @@ -# -*- coding: utf-8 -*- -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""SHA-512 cryptographic hash algorithm. - -SHA-512 belongs to the SHA-2_ family of cryptographic hashes. -It produces the 512 bit digest of a message. - - >>> from Crypto.Hash import SHA512 - >>> - >>> h = SHA512.new() - >>> h.update(b'Hello') - >>> print h.hexdigest() - -*SHA* stands for Secure Hash Algorithm. - -.. _SHA-2: http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf -""" - -_revision__ = "$Id$" - -__all__ = ['new', 'digest_size', 'SHA512Hash' ] - -from Crypto.Util.py3compat import * -from Crypto.Hash.hashalgo import HashAlgo - -try: - import hashlib - hashFactory = hashlib.sha512 - -except ImportError: - from Crypto.Hash import _SHA512 - hashFactory = _SHA512 - -class SHA512Hash(HashAlgo): - """Class that implements a SHA-512 hash - - :undocumented: block_size - """ - - #: ASN.1 Object identifier (OID):: - #: - #: id-sha512 OBJECT IDENTIFIER ::= { - #: joint-iso-itu-t(2) - #: country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 - #: } - #: - #: This value uniquely identifies the SHA-512 algorithm. - oid = b('\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03') - - digest_size = 64 - block_size = 128 - - def __init__(self, data=None): - HashAlgo.__init__(self, hashFactory, data) - - def new(self, data=None): - return SHA512Hash(data) - -def new(data=None): - """Return a fresh instance of the hash object. - - :Parameters: - data : byte string - The very first chunk of the message to hash. - It is equivalent to an early call to `SHA512Hash.update()`. - Optional. - - :Return: A `SHA512Hash` object - """ - return SHA512Hash().new(data) - -#: The size of the resulting hash in bytes. -digest_size = SHA512Hash.digest_size - -#: The internal block size of the hash algorithm in bytes. -block_size = SHA512Hash.block_size - diff --git a/frozen_deps/Crypto/Hash/_MD2.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/Hash/_MD2.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 6fbfc79..0000000 --- a/frozen_deps/Crypto/Hash/_MD2.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/Hash/_MD4.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/Hash/_MD4.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 286f3ec..0000000 --- a/frozen_deps/Crypto/Hash/_MD4.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/Hash/_RIPEMD160.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/Hash/_RIPEMD160.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index a66d804..0000000 --- a/frozen_deps/Crypto/Hash/_RIPEMD160.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/Hash/_SHA224.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/Hash/_SHA224.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index eac6cae..0000000 --- a/frozen_deps/Crypto/Hash/_SHA224.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/Hash/_SHA256.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/Hash/_SHA256.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 0155f47..0000000 --- a/frozen_deps/Crypto/Hash/_SHA256.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/Hash/_SHA384.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/Hash/_SHA384.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 3d1049b..0000000 --- a/frozen_deps/Crypto/Hash/_SHA384.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/Hash/_SHA512.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/Hash/_SHA512.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index e3c5c5c..0000000 --- a/frozen_deps/Crypto/Hash/_SHA512.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/Hash/__init__.py b/frozen_deps/Crypto/Hash/__init__.py deleted file mode 100644 index 4582c66..0000000 --- a/frozen_deps/Crypto/Hash/__init__.py +++ /dev/null @@ -1,56 +0,0 @@ -# -*- coding: utf-8 -*- -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""Hashing algorithms - -Hash functions take arbitrary binary strings as input, and produce a random-like output -of fixed size that is dependent on the input; it should be practically infeasible -to derive the original input data given only the hash function's -output. In other words, the hash function is *one-way*. - -It should also not be practically feasible to find a second piece of data -(a *second pre-image*) whose hash is the same as the original message -(*weak collision resistance*). - -Finally, it should not be feasible to find two arbitrary messages with the -same hash (*strong collision resistance*). - -The output of the hash function is called the *digest* of the input message. -In general, the security of a hash function is related to the length of the -digest. If the digest is *n* bits long, its security level is roughly comparable -to the the one offered by an *n/2* bit encryption algorithm. - -Hash functions can be used simply as a integrity check, or, in -association with a public-key algorithm, can be used to implement -digital signatures. - -The hashing modules here all support the interface described in `PEP -247`_ , "API for Cryptographic Hash Functions". - -.. _`PEP 247` : http://www.python.org/dev/peps/pep-0247/ - -:undocumented: _MD2, _MD4, _RIPEMD160, _SHA224, _SHA256, _SHA384, _SHA512 -""" - -__all__ = ['HMAC', 'MD2', 'MD4', 'MD5', 'RIPEMD', 'SHA', - 'SHA224', 'SHA256', 'SHA384', 'SHA512'] -__revision__ = "$Id$" - - diff --git a/frozen_deps/Crypto/Hash/hashalgo.py b/frozen_deps/Crypto/Hash/hashalgo.py deleted file mode 100644 index b38b3a6..0000000 --- a/frozen_deps/Crypto/Hash/hashalgo.py +++ /dev/null @@ -1,116 +0,0 @@ -# -*- coding: utf-8 -*- -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -from binascii import hexlify - -class HashAlgo: - """A generic class for an abstract cryptographic hash algorithm. - - :undocumented: block_size - """ - - #: The size of the resulting hash in bytes. - digest_size = None - #: The internal block size of the hash algorithm in bytes. - block_size = None - - def __init__(self, hashFactory, data=None): - """Initialize the hash object. - - :Parameters: - hashFactory : callable - An object that will generate the actual hash implementation. - *hashFactory* must have a *new()* method, or must be directly - callable. - data : byte string - The very first chunk of the message to hash. - It is equivalent to an early call to `update()`. - """ - if hasattr(hashFactory, 'new'): - self._hash = hashFactory.new() - else: - self._hash = hashFactory() - if data: - self.update(data) - - def update(self, data): - """Continue hashing of a message by consuming the next chunk of data. - - Repeated calls are equivalent to a single call with the concatenation - of all the arguments. In other words: - - >>> m.update(a); m.update(b) - - is equivalent to: - - >>> m.update(a+b) - - :Parameters: - data : byte string - The next chunk of the message being hashed. - """ - return self._hash.update(data) - - def digest(self): - """Return the **binary** (non-printable) digest of the message that has been hashed so far. - - This method does not change the state of the hash object. - You can continue updating the object after calling this function. - - :Return: A byte string of `digest_size` bytes. It may contain non-ASCII - characters, including null bytes. - """ - return self._hash.digest() - - def hexdigest(self): - """Return the **printable** digest of the message that has been hashed so far. - - This method does not change the state of the hash object. - - :Return: A string of 2* `digest_size` characters. It contains only - hexadecimal ASCII digits. - """ - return self._hash.hexdigest() - - def copy(self): - """Return a copy ("clone") of the hash object. - - The copy will have the same internal state as the original hash - object. - This can be used to efficiently compute the digests of strings that - share a common initial substring. - - :Return: A hash object of the same type - """ - return self._hash.copy() - - def new(self, data=None): - """Return a fresh instance of the hash object. - - Unlike the `copy` method, the internal state of the object is empty. - - :Parameters: - data : byte string - The next chunk of the message being hashed. - - :Return: A hash object of the same type - """ - pass - diff --git a/frozen_deps/Crypto/Protocol/AllOrNothing.py b/frozen_deps/Crypto/Protocol/AllOrNothing.py deleted file mode 100644 index dd20536..0000000 --- a/frozen_deps/Crypto/Protocol/AllOrNothing.py +++ /dev/null @@ -1,320 +0,0 @@ -# -# AllOrNothing.py : all-or-nothing package transformations -# -# Part of the Python Cryptography Toolkit -# -# Written by Andrew M. Kuchling and others -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""This file implements all-or-nothing package transformations. - -An all-or-nothing package transformation is one in which some text is -transformed into message blocks, such that all blocks must be obtained before -the reverse transformation can be applied. Thus, if any blocks are corrupted -or lost, the original message cannot be reproduced. - -An all-or-nothing package transformation is not encryption, although a block -cipher algorithm is used. The encryption key is randomly generated and is -extractable from the message blocks. - -This class implements the All-Or-Nothing package transformation algorithm -described in: - -Ronald L. Rivest. "All-Or-Nothing Encryption and The Package Transform" -http://theory.lcs.mit.edu/~rivest/fusion.pdf - -""" - -__revision__ = "$Id$" - -import operator -import sys -from Crypto.Util.number import bytes_to_long, long_to_bytes -from Crypto.Util.py3compat import * -from functools import reduce - -def isInt(x): - test = 0 - try: - test += x - except TypeError: - return 0 - return 1 - -class AllOrNothing: - """Class implementing the All-or-Nothing package transform. - - Methods for subclassing: - - _inventkey(key_size): - Returns a randomly generated key. Subclasses can use this to - implement better random key generating algorithms. The default - algorithm is probably not very cryptographically secure. - - """ - - def __init__(self, ciphermodule, mode=None, IV=None): - """AllOrNothing(ciphermodule, mode=None, IV=None) - - ciphermodule is a module implementing the cipher algorithm to - use. It must provide the PEP272 interface. - - Note that the encryption key is randomly generated - automatically when needed. Optional arguments mode and IV are - passed directly through to the ciphermodule.new() method; they - are the feedback mode and initialization vector to use. All - three arguments must be the same for the object used to create - the digest, and to undigest'ify the message blocks. - """ - - self.__ciphermodule = ciphermodule - self.__mode = mode - self.__IV = IV - self.__key_size = ciphermodule.key_size - if not isInt(self.__key_size) or self.__key_size==0: - self.__key_size = 16 - - __K0digit = bchr(0x69) - - def digest(self, text): - """digest(text:string) : [string] - - Perform the All-or-Nothing package transform on the given - string. Output is a list of message blocks describing the - transformed text, where each block is a string of bit length equal - to the ciphermodule's block_size. - """ - - # generate a random session key and K0, the key used to encrypt the - # hash blocks. Rivest calls this a fixed, publically-known encryption - # key, but says nothing about the security implications of this key or - # how to choose it. - key = self._inventkey(self.__key_size) - K0 = self.__K0digit * self.__key_size - - # we need two cipher objects here, one that is used to encrypt the - # message blocks and one that is used to encrypt the hashes. The - # former uses the randomly generated key, while the latter uses the - # well-known key. - mcipher = self.__newcipher(key) - hcipher = self.__newcipher(K0) - - # Pad the text so that its length is a multiple of the cipher's - # block_size. Pad with trailing spaces, which will be eliminated in - # the undigest() step. - block_size = self.__ciphermodule.block_size - padbytes = block_size - (len(text) % block_size) - text = text + b(' ') * padbytes - - # Run through the algorithm: - # s: number of message blocks (size of text / block_size) - # input sequence: m1, m2, ... ms - # random key K' (`key' in the code) - # Compute output sequence: m'1, m'2, ... m's' for s' = s + 1 - # Let m'i = mi ^ E(K', i) for i = 1, 2, 3, ..., s - # Let m's' = K' ^ h1 ^ h2 ^ ... hs - # where hi = E(K0, m'i ^ i) for i = 1, 2, ... s - # - # The one complication I add is that the last message block is hard - # coded to the number of padbytes added, so that these can be stripped - # during the undigest() step - s = divmod(len(text), block_size)[0] - blocks = [] - hashes = [] - for i in range(1, s+1): - start = (i-1) * block_size - end = start + block_size - mi = text[start:end] - assert len(mi) == block_size - cipherblock = mcipher.encrypt(long_to_bytes(i, block_size)) - mticki = bytes_to_long(mi) ^ bytes_to_long(cipherblock) - blocks.append(mticki) - # calculate the hash block for this block - hi = hcipher.encrypt(long_to_bytes(mticki ^ i, block_size)) - hashes.append(bytes_to_long(hi)) - - # Add the padbytes length as a message block - i = i + 1 - cipherblock = mcipher.encrypt(long_to_bytes(i, block_size)) - mticki = padbytes ^ bytes_to_long(cipherblock) - blocks.append(mticki) - - # calculate this block's hash - hi = hcipher.encrypt(long_to_bytes(mticki ^ i, block_size)) - hashes.append(bytes_to_long(hi)) - - # Now calculate the last message block of the sequence 1..s'. This - # will contain the random session key XOR'd with all the hash blocks, - # so that for undigest(), once all the hash blocks are calculated, the - # session key can be trivially extracted. Calculating all the hash - # blocks requires that all the message blocks be received, thus the - # All-or-Nothing algorithm succeeds. - mtick_stick = bytes_to_long(key) ^ reduce(operator.xor, hashes) - blocks.append(mtick_stick) - - # we convert the blocks to strings since in Python, byte sequences are - # always represented as strings. This is more consistent with the - # model that encryption and hash algorithms always operate on strings. - return [long_to_bytes(i,self.__ciphermodule.block_size) for i in blocks] - - - def undigest(self, blocks): - """undigest(blocks : [string]) : string - - Perform the reverse package transformation on a list of message - blocks. Note that the ciphermodule used for both transformations - must be the same. blocks is a list of strings of bit length - equal to the ciphermodule's block_size. - """ - - # better have at least 2 blocks, for the padbytes package and the hash - # block accumulator - if len(blocks) < 2: - raise ValueError("List must be at least length 2.") - - # blocks is a list of strings. We need to deal with them as long - # integers - blocks = list(map(bytes_to_long, blocks)) - - # Calculate the well-known key, to which the hash blocks are - # encrypted, and create the hash cipher. - K0 = self.__K0digit * self.__key_size - hcipher = self.__newcipher(K0) - block_size = self.__ciphermodule.block_size - - # Since we have all the blocks (or this method would have been called - # prematurely), we can calculate all the hash blocks. - hashes = [] - for i in range(1, len(blocks)): - mticki = blocks[i-1] ^ i - hi = hcipher.encrypt(long_to_bytes(mticki, block_size)) - hashes.append(bytes_to_long(hi)) - - # now we can calculate K' (key). remember the last block contains - # m's' which we don't include here - key = blocks[-1] ^ reduce(operator.xor, hashes) - - # and now we can create the cipher object - mcipher = self.__newcipher(long_to_bytes(key, self.__key_size)) - - # And we can now decode the original message blocks - parts = [] - for i in range(1, len(blocks)): - cipherblock = mcipher.encrypt(long_to_bytes(i, block_size)) - mi = blocks[i-1] ^ bytes_to_long(cipherblock) - parts.append(mi) - - # The last message block contains the number of pad bytes appended to - # the original text string, such that its length was an even multiple - # of the cipher's block_size. This number should be small enough that - # the conversion from long integer to integer should never overflow - padbytes = int(parts[-1]) - text = b('').join(map(long_to_bytes, parts[:-1])) - return text[:-padbytes] - - def _inventkey(self, key_size): - # Return key_size random bytes - from Crypto import Random - return Random.new().read(key_size) - - def __newcipher(self, key): - if self.__mode is None and self.__IV is None: - return self.__ciphermodule.new(key) - elif self.__IV is None: - return self.__ciphermodule.new(key, self.__mode) - else: - return self.__ciphermodule.new(key, self.__mode, self.__IV) - - - -if __name__ == '__main__': - import sys - import getopt - import base64 - - usagemsg = '''\ -Test module usage: %(program)s [-c cipher] [-l] [-h] - -Where: - --cipher module - -c module - Cipher module to use. Default: %(ciphermodule)s - - --aslong - -l - Print the encoded message blocks as long integers instead of base64 - encoded strings - - --help - -h - Print this help message -''' - - ciphermodule = 'AES' - aslong = 0 - - def usage(code, msg=None): - if msg: - print(msg) - print(usagemsg % {'program': sys.argv[0], - 'ciphermodule': ciphermodule}) - sys.exit(code) - - try: - opts, args = getopt.getopt(sys.argv[1:], - 'c:l', ['cipher=', 'aslong']) - except getopt.error as msg: - usage(1, msg) - - if args: - usage(1, 'Too many arguments') - - for opt, arg in opts: - if opt in ('-h', '--help'): - usage(0) - elif opt in ('-c', '--cipher'): - ciphermodule = arg - elif opt in ('-l', '--aslong'): - aslong = 1 - - # ugly hack to force __import__ to give us the end-path module - module = __import__('Crypto.Cipher.'+ciphermodule, None, None, ['new']) - - x = AllOrNothing(module) - print('Original text:\n==========') - print(__doc__) - print('==========') - msgblocks = x.digest(b(__doc__)) - print('message blocks:') - for i, blk in zip(list(range(len(msgblocks))), msgblocks): - # base64 adds a trailing newline - print(' %3d' % i, end=' ') - if aslong: - print(bytes_to_long(blk)) - else: - print(base64.encodestring(blk)[:-1]) - # - # get a new undigest-only object so there's no leakage - y = AllOrNothing(module) - text = y.undigest(msgblocks) - if text == b(__doc__): - print('They match!') - else: - print('They differ!') diff --git a/frozen_deps/Crypto/Protocol/Chaffing.py b/frozen_deps/Crypto/Protocol/Chaffing.py deleted file mode 100644 index bbfcbda..0000000 --- a/frozen_deps/Crypto/Protocol/Chaffing.py +++ /dev/null @@ -1,245 +0,0 @@ -# -# Chaffing.py : chaffing & winnowing support -# -# Part of the Python Cryptography Toolkit -# -# Written by Andrew M. Kuchling, Barry A. Warsaw, and others -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== -# -"""This file implements the chaffing algorithm. - -Winnowing and chaffing is a technique for enhancing privacy without requiring -strong encryption. In short, the technique takes a set of authenticated -message blocks (the wheat) and adds a number of chaff blocks which have -randomly chosen data and MAC fields. This means that to an adversary, the -chaff blocks look as valid as the wheat blocks, and so the authentication -would have to be performed on every block. By tailoring the number of chaff -blocks added to the message, the sender can make breaking the message -computationally infeasible. There are many other interesting properties of -the winnow/chaff technique. - -For example, say Alice is sending a message to Bob. She packetizes the -message and performs an all-or-nothing transformation on the packets. Then -she authenticates each packet with a message authentication code (MAC). The -MAC is a hash of the data packet, and there is a secret key which she must -share with Bob (key distribution is an exercise left to the reader). She then -adds a serial number to each packet, and sends the packets to Bob. - -Bob receives the packets, and using the shared secret authentication key, -authenticates the MACs for each packet. Those packets that have bad MACs are -simply discarded. The remainder are sorted by serial number, and passed -through the reverse all-or-nothing transform. The transform means that an -eavesdropper (say Eve) must acquire all the packets before any of the data can -be read. If even one packet is missing, the data is useless. - -There's one twist: by adding chaff packets, Alice and Bob can make Eve's job -much harder, since Eve now has to break the shared secret key, or try every -combination of wheat and chaff packet to read any of the message. The cool -thing is that Bob doesn't need to add any additional code; the chaff packets -are already filtered out because their MACs don't match (in all likelihood -- -since the data and MACs for the chaff packets are randomly chosen it is -possible, but very unlikely that a chaff MAC will match the chaff data). And -Alice need not even be the party adding the chaff! She could be completely -unaware that a third party, say Charles, is adding chaff packets to her -messages as they are transmitted. - -For more information on winnowing and chaffing see this paper: - -Ronald L. Rivest, "Chaffing and Winnowing: Confidentiality without Encryption" -http://theory.lcs.mit.edu/~rivest/chaffing.txt - -""" - -__revision__ = "$Id$" - -from Crypto.Util.number import bytes_to_long - -class Chaff: - """Class implementing the chaff adding algorithm. - - Methods for subclasses: - - _randnum(size): - Returns a randomly generated number with a byte-length equal - to size. Subclasses can use this to implement better random - data and MAC generating algorithms. The default algorithm is - probably not very cryptographically secure. It is most - important that the chaff data does not contain any patterns - that can be used to discern it from wheat data without running - the MAC. - - """ - - def __init__(self, factor=1.0, blocksper=1): - """Chaff(factor:float, blocksper:int) - - factor is the number of message blocks to add chaff to, - expressed as a percentage between 0.0 and 1.0. blocksper is - the number of chaff blocks to include for each block being - chaffed. Thus the defaults add one chaff block to every - message block. By changing the defaults, you can adjust how - computationally difficult it could be for an adversary to - brute-force crack the message. The difficulty is expressed - as: - - pow(blocksper, int(factor * number-of-blocks)) - - For ease of implementation, when factor < 1.0, only the first - int(factor*number-of-blocks) message blocks are chaffed. - """ - - if not (0.0<=factor<=1.0): - raise ValueError("'factor' must be between 0.0 and 1.0") - if blocksper < 0: - raise ValueError("'blocksper' must be zero or more") - - self.__factor = factor - self.__blocksper = blocksper - - - def chaff(self, blocks): - """chaff( [(serial-number:int, data:string, MAC:string)] ) - : [(int, string, string)] - - Add chaff to message blocks. blocks is a list of 3-tuples of the - form (serial-number, data, MAC). - - Chaff is created by choosing a random number of the same - byte-length as data, and another random number of the same - byte-length as MAC. The message block's serial number is - placed on the chaff block and all the packet's chaff blocks - are randomly interspersed with the single wheat block. This - method then returns a list of 3-tuples of the same form. - Chaffed blocks will contain multiple instances of 3-tuples - with the same serial number, but the only way to figure out - which blocks are wheat and which are chaff is to perform the - MAC hash and compare values. - """ - - chaffedblocks = [] - - # count is the number of blocks to add chaff to. blocksper is the - # number of chaff blocks to add per message block that is being - # chaffed. - count = len(blocks) * self.__factor - blocksper = list(range(self.__blocksper)) - for i, wheat in zip(list(range(len(blocks))), blocks): - # it shouldn't matter which of the n blocks we add chaff to, so for - # ease of implementation, we'll just add them to the first count - # blocks - if i < count: - serial, data, mac = wheat - datasize = len(data) - macsize = len(mac) - addwheat = 1 - # add chaff to this block - for j in blocksper: - import sys - chaffdata = self._randnum(datasize) - chaffmac = self._randnum(macsize) - chaff = (serial, chaffdata, chaffmac) - # mix up the order, if the 5th bit is on then put the - # wheat on the list - if addwheat and bytes_to_long(self._randnum(16)) & 0x40: - chaffedblocks.append(wheat) - addwheat = 0 - chaffedblocks.append(chaff) - if addwheat: - chaffedblocks.append(wheat) - else: - # just add the wheat - chaffedblocks.append(wheat) - return chaffedblocks - - def _randnum(self, size): - from Crypto import Random - return Random.new().read(size) - - -if __name__ == '__main__': - text = """\ -We hold these truths to be self-evident, that all men are created equal, that -they are endowed by their Creator with certain unalienable Rights, that among -these are Life, Liberty, and the pursuit of Happiness. That to secure these -rights, Governments are instituted among Men, deriving their just powers from -the consent of the governed. That whenever any Form of Government becomes -destructive of these ends, it is the Right of the People to alter or to -abolish it, and to institute new Government, laying its foundation on such -principles and organizing its powers in such form, as to them shall seem most -likely to effect their Safety and Happiness. -""" - print('Original text:\n==========') - print(text) - print('==========') - - # first transform the text into packets - blocks = [] ; size = 40 - for i in range(0, len(text), size): - blocks.append( text[i:i+size] ) - - # now get MACs for all the text blocks. The key is obvious... - print('Calculating MACs...') - from Crypto.Hash import HMAC, SHA - key = 'Jefferson' - macs = [HMAC.new(key, block, digestmod=SHA).digest() - for block in blocks] - - assert len(blocks) == len(macs) - - # put these into a form acceptable as input to the chaffing procedure - source = [] - m = list(zip(list(range(len(blocks))), blocks, macs)) - print(m) - for i, data, mac in m: - source.append((i, data, mac)) - - # now chaff these - print('Adding chaff...') - c = Chaff(factor=0.5, blocksper=2) - chaffed = c.chaff(source) - - from base64 import encodestring - - # print the chaffed message blocks. meanwhile, separate the wheat from - # the chaff - - wheat = [] - print('chaffed message blocks:') - for i, data, mac in chaffed: - # do the authentication - h = HMAC.new(key, data, digestmod=SHA) - pmac = h.digest() - if pmac == mac: - tag = '-->' - wheat.append(data) - else: - tag = ' ' - # base64 adds a trailing newline - print(tag, '%3d' % i, \ - repr(data), encodestring(mac)[:-1]) - - # now decode the message packets and check it against the original text - print('Undigesting wheat...') - # PY3K: This is meant to be text, do not change to bytes (data) - newtext = "".join(wheat) - if newtext == text: - print('They match!') - else: - print('They differ!') diff --git a/frozen_deps/Crypto/Protocol/KDF.py b/frozen_deps/Crypto/Protocol/KDF.py deleted file mode 100644 index af4e2a6..0000000 --- a/frozen_deps/Crypto/Protocol/KDF.py +++ /dev/null @@ -1,123 +0,0 @@ -# -# KDF.py : a collection of Key Derivation Functions -# -# Part of the Python Cryptography Toolkit -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""This file contains a collection of standard key derivation functions. - -A key derivation function derives one or more secondary secret keys from -one primary secret (a master key or a pass phrase). - -This is typically done to insulate the secondary keys from each other, -to avoid that leakage of a secondary key compromises the security of the -master key, or to thwart attacks on pass phrases (e.g. via rainbow tables). - -:undocumented: __revision__ -""" - -__revision__ = "$Id$" - -import math -import struct - -from Crypto.Util.py3compat import * -from Crypto.Hash import SHA as SHA1, HMAC -from Crypto.Util.strxor import strxor - -def PBKDF1(password, salt, dkLen, count=1000, hashAlgo=None): - """Derive one key from a password (or passphrase). - - This function performs key derivation according an old version of - the PKCS#5 standard (v1.5). - - This algorithm is called ``PBKDF1``. Even though it is still described - in the latest version of the PKCS#5 standard (version 2, or RFC2898), - newer applications should use the more secure and versatile `PBKDF2` instead. - - :Parameters: - password : string - The secret password or pass phrase to generate the key from. - salt : byte string - An 8 byte string to use for better protection from dictionary attacks. - This value does not need to be kept secret, but it should be randomly - chosen for each derivation. - dkLen : integer - The length of the desired key. Default is 16 bytes, suitable for instance for `Crypto.Cipher.AES`. - count : integer - The number of iterations to carry out. It's recommended to use at least 1000. - hashAlgo : module - The hash algorithm to use, as a module or an object from the `Crypto.Hash` package. - The digest length must be no shorter than ``dkLen``. - The default algorithm is `SHA1`. - - :Return: A byte string of length `dkLen` that can be used as key. - """ - if not hashAlgo: - hashAlgo = SHA1 - password = tobytes(password) - pHash = hashAlgo.new(password+salt) - digest = pHash.digest_size - if dkLen>digest: - raise ValueError("Selected hash algorithm has a too short digest (%d bytes)." % digest) - if len(salt)!=8: - raise ValueError("Salt is not 8 bytes long.") - for i in range(count-1): - pHash = pHash.new(pHash.digest()) - return pHash.digest()[:dkLen] - -def PBKDF2(password, salt, dkLen=16, count=1000, prf=None): - """Derive one or more keys from a password (or passphrase). - - This performs key derivation according to the PKCS#5 standard (v2.0), - by means of the ``PBKDF2`` algorithm. - - :Parameters: - password : string - The secret password or pass phrase to generate the key from. - salt : string - A string to use for better protection from dictionary attacks. - This value does not need to be kept secret, but it should be randomly - chosen for each derivation. It is recommended to be at least 8 bytes long. - dkLen : integer - The cumulative length of the desired keys. Default is 16 bytes, suitable for instance for `Crypto.Cipher.AES`. - count : integer - The number of iterations to carry out. It's recommended to use at least 1000. - prf : callable - A pseudorandom function. It must be a function that returns a pseudorandom string - from two parameters: a secret and a salt. If not specified, HMAC-SHA1 is used. - - :Return: A byte string of length `dkLen` that can be used as key material. - If you wanted multiple keys, just break up this string into segments of the desired length. -""" - password = tobytes(password) - if prf is None: - prf = lambda p,s: HMAC.new(p,s,SHA1).digest() - key = b('') - i = 1 - while len(key)<dkLen: - U = previousU = prf(password,salt+struct.pack(">I", i)) - for j in range(count-1): - previousU = t = prf(password,previousU) - U = strxor(U,t) - key += U - i = i + 1 - return key[:dkLen] - diff --git a/frozen_deps/Crypto/PublicKey/DSA.py b/frozen_deps/Crypto/PublicKey/DSA.py deleted file mode 100644 index 648f4b2..0000000 --- a/frozen_deps/Crypto/PublicKey/DSA.py +++ /dev/null @@ -1,379 +0,0 @@ -# -*- coding: utf-8 -*- -# -# PublicKey/DSA.py : DSA signature primitive -# -# Written in 2008 by Dwayne C. Litzenberger <[email protected]> -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""DSA public-key signature algorithm. - -DSA_ is a widespread public-key signature algorithm. Its security is -based on the discrete logarithm problem (DLP_). Given a cyclic -group, a generator *g*, and an element *h*, it is hard -to find an integer *x* such that *g^x = h*. The problem is believed -to be difficult, and it has been proved such (and therefore secure) for -more than 30 years. - -The group is actually a sub-group over the integers modulo *p*, with *p* prime. -The sub-group order is *q*, which is prime too; it always holds that *(p-1)* is a multiple of *q*. -The cryptographic strength is linked to the magnitude of *p* and *q*. -The signer holds a value *x* (*0<x<q-1*) as private key, and its public -key (*y* where *y=g^x mod p*) is distributed. - -In 2012, a sufficient size is deemed to be 2048 bits for *p* and 256 bits for *q*. -For more information, see the most recent ECRYPT_ report. - -DSA is reasonably secure for new designs. - -The algorithm can only be used for authentication (digital signature). -DSA cannot be used for confidentiality (encryption). - -The values *(p,q,g)* are called *domain parameters*; -they are not sensitive but must be shared by both parties (the signer and the verifier). -Different signers can share the same domain parameters with no security -concerns. - -The DSA signature is twice as big as the size of *q* (64 bytes if *q* is 256 bit -long). - -This module provides facilities for generating new DSA keys and for constructing -them from known components. DSA keys allows you to perform basic signing and -verification. - - >>> from Crypto.Random import random - >>> from Crypto.PublicKey import DSA - >>> from Crypto.Hash import SHA - >>> - >>> message = "Hello" - >>> key = DSA.generate(1024) - >>> h = SHA.new(message).digest() - >>> k = random.StrongRandom().randint(1,key.q-1) - >>> sig = key.sign(h,k) - >>> ... - >>> if key.verify(h,sig): - >>> print "OK" - >>> else: - >>> print "Incorrect signature" - -.. _DSA: http://en.wikipedia.org/wiki/Digital_Signature_Algorithm -.. _DLP: http://www.cosic.esat.kuleuven.be/publications/talk-78.pdf -.. _ECRYPT: http://www.ecrypt.eu.org/documents/D.SPA.17.pdf -""" - -__revision__ = "$Id$" - -__all__ = ['generate', 'construct', 'error', 'DSAImplementation', '_DSAobj'] - -import sys -if sys.version_info[0] == 2 and sys.version_info[1] == 1: - from Crypto.Util.py21compat import * - -from Crypto.PublicKey import _DSA, _slowmath, pubkey -from Crypto import Random - -try: - from Crypto.PublicKey import _fastmath -except ImportError: - _fastmath = None - -class _DSAobj(pubkey.pubkey): - """Class defining an actual DSA key. - - :undocumented: __getstate__, __setstate__, __repr__, __getattr__ - """ - #: Dictionary of DSA parameters. - #: - #: A public key will only have the following entries: - #: - #: - **y**, the public key. - #: - **g**, the generator. - #: - **p**, the modulus. - #: - **q**, the order of the sub-group. - #: - #: A private key will also have: - #: - #: - **x**, the private key. - keydata = ['y', 'g', 'p', 'q', 'x'] - - def __init__(self, implementation, key): - self.implementation = implementation - self.key = key - - def __getattr__(self, attrname): - if attrname in self.keydata: - # For backward compatibility, allow the user to get (not set) the - # DSA key parameters directly from this object. - return getattr(self.key, attrname) - else: - raise AttributeError("%s object has no %r attribute" % (self.__class__.__name__, attrname,)) - - def sign(self, M, K): - """Sign a piece of data with DSA. - - :Parameter M: The piece of data to sign with DSA. It may - not be longer in bit size than the sub-group order (*q*). - :Type M: byte string or long - - :Parameter K: A secret number, chosen randomly in the closed - range *[1,q-1]*. - :Type K: long (recommended) or byte string (not recommended) - - :attention: selection of *K* is crucial for security. Generating a - random number larger than *q* and taking the modulus by *q* is - **not** secure, since smaller values will occur more frequently. - Generating a random number systematically smaller than *q-1* - (e.g. *floor((q-1)/8)* random bytes) is also **not** secure. In general, - it shall not be possible for an attacker to know the value of `any - bit of K`__. - - :attention: The number *K* shall not be reused for any other - operation and shall be discarded immediately. - - :attention: M must be a digest cryptographic hash, otherwise - an attacker may mount an existential forgery attack. - - :Return: A tuple with 2 longs. - - .. __: http://www.di.ens.fr/~pnguyen/pub_NgSh00.htm - """ - return pubkey.pubkey.sign(self, M, K) - - def verify(self, M, signature): - """Verify the validity of a DSA signature. - - :Parameter M: The expected message. - :Type M: byte string or long - - :Parameter signature: The DSA signature to verify. - :Type signature: A tuple with 2 longs as return by `sign` - - :Return: True if the signature is correct, False otherwise. - """ - return pubkey.pubkey.verify(self, M, signature) - - def _encrypt(self, c, K): - raise TypeError("DSA cannot encrypt") - - def _decrypt(self, c): - raise TypeError("DSA cannot decrypt") - - def _blind(self, m, r): - raise TypeError("DSA cannot blind") - - def _unblind(self, m, r): - raise TypeError("DSA cannot unblind") - - def _sign(self, m, k): - return self.key._sign(m, k) - - def _verify(self, m, sig): - (r, s) = sig - return self.key._verify(m, r, s) - - def has_private(self): - return self.key.has_private() - - def size(self): - return self.key.size() - - def can_blind(self): - return False - - def can_encrypt(self): - return False - - def can_sign(self): - return True - - def publickey(self): - return self.implementation.construct((self.key.y, self.key.g, self.key.p, self.key.q)) - - def __getstate__(self): - d = {} - for k in self.keydata: - try: - d[k] = getattr(self.key, k) - except AttributeError: - pass - return d - - def __setstate__(self, d): - if not hasattr(self, 'implementation'): - self.implementation = DSAImplementation() - t = [] - for k in self.keydata: - if k not in d: - break - t.append(d[k]) - self.key = self.implementation._math.dsa_construct(*tuple(t)) - - def __repr__(self): - attrs = [] - for k in self.keydata: - if k == 'p': - attrs.append("p(%d)" % (self.size()+1,)) - elif hasattr(self.key, k): - attrs.append(k) - if self.has_private(): - attrs.append("private") - # PY3K: This is meant to be text, do not change to bytes (data) - return "<%s @0x%x %s>" % (self.__class__.__name__, id(self), ",".join(attrs)) - -class DSAImplementation(object): - """ - A DSA key factory. - - This class is only internally used to implement the methods of the - `Crypto.PublicKey.DSA` module. - """ - - def __init__(self, **kwargs): - """Create a new DSA key factory. - - :Keywords: - use_fast_math : bool - Specify which mathematic library to use: - - - *None* (default). Use fastest math available. - - *True* . Use fast math. - - *False* . Use slow math. - default_randfunc : callable - Specify how to collect random data: - - - *None* (default). Use Random.new().read(). - - not *None* . Use the specified function directly. - :Raise RuntimeError: - When **use_fast_math** =True but fast math is not available. - """ - use_fast_math = kwargs.get('use_fast_math', None) - if use_fast_math is None: # Automatic - if _fastmath is not None: - self._math = _fastmath - else: - self._math = _slowmath - - elif use_fast_math: # Explicitly select fast math - if _fastmath is not None: - self._math = _fastmath - else: - raise RuntimeError("fast math module not available") - - else: # Explicitly select slow math - self._math = _slowmath - - self.error = self._math.error - - # 'default_randfunc' parameter: - # None (default) - use Random.new().read - # not None - use the specified function - self._default_randfunc = kwargs.get('default_randfunc', None) - self._current_randfunc = None - - def _get_randfunc(self, randfunc): - if randfunc is not None: - return randfunc - elif self._current_randfunc is None: - self._current_randfunc = Random.new().read - return self._current_randfunc - - def generate(self, bits, randfunc=None, progress_func=None): - """Randomly generate a fresh, new DSA key. - - :Parameters: - bits : int - Key length, or size (in bits) of the DSA modulus - *p*. - It must be a multiple of 64, in the closed - interval [512,1024]. - randfunc : callable - Random number generation function; it should accept - a single integer N and return a string of random data - N bytes long. - If not specified, a new one will be instantiated - from ``Crypto.Random``. - progress_func : callable - Optional function that will be called with a short string - containing the key parameter currently being generated; - it's useful for interactive applications where a user is - waiting for a key to be generated. - - :attention: You should always use a cryptographically secure random number generator, - such as the one defined in the ``Crypto.Random`` module; **don't** just use the - current time and the ``random`` module. - - :Return: A DSA key object (`_DSAobj`). - - :Raise ValueError: - When **bits** is too little, too big, or not a multiple of 64. - """ - - # Check against FIPS 186-2, which says that the size of the prime p - # must be a multiple of 64 bits between 512 and 1024 - for i in (0, 1, 2, 3, 4, 5, 6, 7, 8): - if bits == 512 + 64*i: - return self._generate(bits, randfunc, progress_func) - - # The March 2006 draft of FIPS 186-3 also allows 2048 and 3072-bit - # primes, but only with longer q values. Since the current DSA - # implementation only supports a 160-bit q, we don't support larger - # values. - raise ValueError("Number of bits in p must be a multiple of 64 between 512 and 1024, not %d bits" % (bits,)) - - def _generate(self, bits, randfunc=None, progress_func=None): - rf = self._get_randfunc(randfunc) - obj = _DSA.generate_py(bits, rf, progress_func) # TODO: Don't use legacy _DSA module - key = self._math.dsa_construct(obj.y, obj.g, obj.p, obj.q, obj.x) - return _DSAobj(self, key) - - def construct(self, tup): - """Construct a DSA key from a tuple of valid DSA components. - - The modulus *p* must be a prime. - - The following equations must apply: - - - p-1 = 0 mod q - - g^x = y mod p - - 0 < x < q - - 1 < g < p - - :Parameters: - tup : tuple - A tuple of long integers, with 4 or 5 items - in the following order: - - 1. Public key (*y*). - 2. Sub-group generator (*g*). - 3. Modulus, finite field order (*p*). - 4. Sub-group order (*q*). - 5. Private key (*x*). Optional. - - :Return: A DSA key object (`_DSAobj`). - """ - key = self._math.dsa_construct(*tup) - return _DSAobj(self, key) - -_impl = DSAImplementation() -generate = _impl.generate -construct = _impl.construct -error = _impl.error - -# vim:set ts=4 sw=4 sts=4 expandtab: - diff --git a/frozen_deps/Crypto/PublicKey/ElGamal.py b/frozen_deps/Crypto/PublicKey/ElGamal.py deleted file mode 100644 index 99af71c..0000000 --- a/frozen_deps/Crypto/PublicKey/ElGamal.py +++ /dev/null @@ -1,373 +0,0 @@ -# -# ElGamal.py : ElGamal encryption/decryption and signatures -# -# Part of the Python Cryptography Toolkit -# -# Originally written by: A.M. Kuchling -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""ElGamal public-key algorithm (randomized encryption and signature). - -Signature algorithm -------------------- -The security of the ElGamal signature scheme is based (like DSA) on the discrete -logarithm problem (DLP_). Given a cyclic group, a generator *g*, -and an element *h*, it is hard to find an integer *x* such that *g^x = h*. - -The group is the largest multiplicative sub-group of the integers modulo *p*, -with *p* prime. -The signer holds a value *x* (*0<x<p-1*) as private key, and its public -key (*y* where *y=g^x mod p*) is distributed. - -The ElGamal signature is twice as big as *p*. - -Encryption algorithm --------------------- -The security of the ElGamal encryption scheme is based on the computational -Diffie-Hellman problem (CDH_). Given a cyclic group, a generator *g*, -and two integers *a* and *b*, it is difficult to find -the element *g^{ab}* when only *g^a* and *g^b* are known, and not *a* and *b*. - -As before, the group is the largest multiplicative sub-group of the integers -modulo *p*, with *p* prime. -The receiver holds a value *a* (*0<a<p-1*) as private key, and its public key -(*b* where *b*=g^a*) is given to the sender. - -The ElGamal ciphertext is twice as big as *p*. - -Domain parameters ------------------ -For both signature and encryption schemes, the values *(p,g)* are called -*domain parameters*. -They are not sensitive but must be distributed to all parties (senders and -receivers). -Different signers can share the same domain parameters, as can -different recipients of encrypted messages. - -Security --------- -Both DLP and CDH problem are believed to be difficult, and they have been proved -such (and therefore secure) for more than 30 years. - -The cryptographic strength is linked to the magnitude of *p*. -In 2012, a sufficient size for *p* is deemed to be 2048 bits. -For more information, see the most recent ECRYPT_ report. - -Even though ElGamal algorithms are in theory reasonably secure for new designs, -in practice there are no real good reasons for using them. -The signature is four times larger than the equivalent DSA, and the ciphertext -is two times larger than the equivalent RSA. - -Functionality -------------- -This module provides facilities for generating new ElGamal keys and for constructing -them from known components. ElGamal keys allows you to perform basic signing, -verification, encryption, and decryption. - - >>> from Crypto import Random - >>> from Crypto.Random import random - >>> from Crypto.PublicKey import ElGamal - >>> from Crypto.Util.number import GCD - >>> from Crypto.Hash import SHA - >>> - >>> message = "Hello" - >>> key = ElGamal.generate(1024, Random.new().read) - >>> h = SHA.new(message).digest() - >>> while 1: - >>> k = random.StrongRandom().randint(1,key.p-1) - >>> if GCD(k,key.p-1)==1: break - >>> sig = key.sign(h,k) - >>> ... - >>> if key.verify(h,sig): - >>> print "OK" - >>> else: - >>> print "Incorrect signature" - -.. _DLP: http://www.cosic.esat.kuleuven.be/publications/talk-78.pdf -.. _CDH: http://en.wikipedia.org/wiki/Computational_Diffie%E2%80%93Hellman_assumption -.. _ECRYPT: http://www.ecrypt.eu.org/documents/D.SPA.17.pdf -""" - -__revision__ = "$Id$" - -__all__ = ['generate', 'construct', 'error', 'ElGamalobj'] - -from Crypto.PublicKey.pubkey import * -from Crypto.Util import number - -class error (Exception): - pass - -# Generate an ElGamal key with N bits -def generate(bits, randfunc, progress_func=None): - """Randomly generate a fresh, new ElGamal key. - - The key will be safe for use for both encryption and signature - (although it should be used for **only one** purpose). - - :Parameters: - bits : int - Key length, or size (in bits) of the modulus *p*. - Recommended value is 2048. - randfunc : callable - Random number generation function; it should accept - a single integer N and return a string of random data - N bytes long. - progress_func : callable - Optional function that will be called with a short string - containing the key parameter currently being generated; - it's useful for interactive applications where a user is - waiting for a key to be generated. - - :attention: You should always use a cryptographically secure random number generator, - such as the one defined in the ``Crypto.Random`` module; **don't** just use the - current time and the ``random`` module. - - :Return: An ElGamal key object (`ElGamalobj`). - """ - obj=ElGamalobj() - # Generate a safe prime p - # See Algorithm 4.86 in Handbook of Applied Cryptography - if progress_func: - progress_func('p\n') - while 1: - q = bignum(getPrime(bits-1, randfunc)) - obj.p = 2*q+1 - if number.isPrime(obj.p, randfunc=randfunc): - break - # Generate generator g - # See Algorithm 4.80 in Handbook of Applied Cryptography - # Note that the order of the group is n=p-1=2q, where q is prime - if progress_func: - progress_func('g\n') - while 1: - # We must avoid g=2 because of Bleichenbacher's attack described - # in "Generating ElGamal signatures without knowning the secret key", - # 1996 - # - obj.g = number.getRandomRange(3, obj.p, randfunc) - safe = 1 - if pow(obj.g, 2, obj.p)==1: - safe=0 - if safe and pow(obj.g, q, obj.p)==1: - safe=0 - # Discard g if it divides p-1 because of the attack described - # in Note 11.67 (iii) in HAC - if safe and divmod(obj.p-1, obj.g)[1]==0: - safe=0 - # g^{-1} must not divide p-1 because of Khadir's attack - # described in "Conditions of the generator for forging ElGamal - # signature", 2011 - ginv = number.inverse(obj.g, obj.p) - if safe and divmod(obj.p-1, ginv)[1]==0: - safe=0 - if safe: - break - # Generate private key x - if progress_func: - progress_func('x\n') - obj.x=number.getRandomRange(2, obj.p-1, randfunc) - # Generate public key y - if progress_func: - progress_func('y\n') - obj.y = pow(obj.g, obj.x, obj.p) - return obj - -def construct(tup): - """Construct an ElGamal key from a tuple of valid ElGamal components. - - The modulus *p* must be a prime. - - The following conditions must apply: - - - 1 < g < p-1 - - g^{p-1} = 1 mod p - - 1 < x < p-1 - - g^x = y mod p - - :Parameters: - tup : tuple - A tuple of long integers, with 3 or 4 items - in the following order: - - 1. Modulus (*p*). - 2. Generator (*g*). - 3. Public key (*y*). - 4. Private key (*x*). Optional. - - :Return: An ElGamal key object (`ElGamalobj`). - """ - - obj=ElGamalobj() - if len(tup) not in [3,4]: - raise ValueError('argument for construct() wrong length') - for i in range(len(tup)): - field = obj.keydata[i] - setattr(obj, field, tup[i]) - return obj - -class ElGamalobj(pubkey): - """Class defining an ElGamal key. - - :undocumented: __getstate__, __setstate__, __repr__, __getattr__ - """ - - #: Dictionary of ElGamal parameters. - #: - #: A public key will only have the following entries: - #: - #: - **y**, the public key. - #: - **g**, the generator. - #: - **p**, the modulus. - #: - #: A private key will also have: - #: - #: - **x**, the private key. - keydata=['p', 'g', 'y', 'x'] - - def encrypt(self, plaintext, K): - """Encrypt a piece of data with ElGamal. - - :Parameter plaintext: The piece of data to encrypt with ElGamal. - It must be numerically smaller than the module (*p*). - :Type plaintext: byte string or long - - :Parameter K: A secret number, chosen randomly in the closed - range *[1,p-2]*. - :Type K: long (recommended) or byte string (not recommended) - - :Return: A tuple with two items. Each item is of the same type as the - plaintext (string or long). - - :attention: selection of *K* is crucial for security. Generating a - random number larger than *p-1* and taking the modulus by *p-1* is - **not** secure, since smaller values will occur more frequently. - Generating a random number systematically smaller than *p-1* - (e.g. *floor((p-1)/8)* random bytes) is also **not** secure. - In general, it shall not be possible for an attacker to know - the value of any bit of K. - - :attention: The number *K* shall not be reused for any other - operation and shall be discarded immediately. - """ - return pubkey.encrypt(self, plaintext, K) - - def decrypt(self, ciphertext): - """Decrypt a piece of data with ElGamal. - - :Parameter ciphertext: The piece of data to decrypt with ElGamal. - :Type ciphertext: byte string, long or a 2-item tuple as returned - by `encrypt` - - :Return: A byte string if ciphertext was a byte string or a tuple - of byte strings. A long otherwise. - """ - return pubkey.decrypt(self, ciphertext) - - def sign(self, M, K): - """Sign a piece of data with ElGamal. - - :Parameter M: The piece of data to sign with ElGamal. It may - not be longer in bit size than *p-1*. - :Type M: byte string or long - - :Parameter K: A secret number, chosen randomly in the closed - range *[1,p-2]* and such that *gcd(k,p-1)=1*. - :Type K: long (recommended) or byte string (not recommended) - - :attention: selection of *K* is crucial for security. Generating a - random number larger than *p-1* and taking the modulus by *p-1* is - **not** secure, since smaller values will occur more frequently. - Generating a random number systematically smaller than *p-1* - (e.g. *floor((p-1)/8)* random bytes) is also **not** secure. - In general, it shall not be possible for an attacker to know - the value of any bit of K. - - :attention: The number *K* shall not be reused for any other - operation and shall be discarded immediately. - - :attention: M must be be a cryptographic hash, otherwise an - attacker may mount an existential forgery attack. - - :Return: A tuple with 2 longs. - """ - return pubkey.sign(self, M, K) - - def verify(self, M, signature): - """Verify the validity of an ElGamal signature. - - :Parameter M: The expected message. - :Type M: byte string or long - - :Parameter signature: The ElGamal signature to verify. - :Type signature: A tuple with 2 longs as return by `sign` - - :Return: True if the signature is correct, False otherwise. - """ - return pubkey.verify(self, M, signature) - - def _encrypt(self, M, K): - a=pow(self.g, K, self.p) - b=( M*pow(self.y, K, self.p) ) % self.p - return ( a,b ) - - def _decrypt(self, M): - if (not hasattr(self, 'x')): - raise TypeError('Private key not available in this object') - ax=pow(M[0], self.x, self.p) - plaintext=(M[1] * inverse(ax, self.p ) ) % self.p - return plaintext - - def _sign(self, M, K): - if (not hasattr(self, 'x')): - raise TypeError('Private key not available in this object') - p1=self.p-1 - if (GCD(K, p1)!=1): - raise ValueError('Bad K value: GCD(K,p-1)!=1') - a=pow(self.g, K, self.p) - t=(M-self.x*a) % p1 - while t<0: t=t+p1 - b=(t*inverse(K, p1)) % p1 - return (a, b) - - def _verify(self, M, sig): - if sig[0]<1 or sig[0]>self.p-1: - return 0 - v1=pow(self.y, sig[0], self.p) - v1=(v1*pow(sig[0], sig[1], self.p)) % self.p - v2=pow(self.g, M, self.p) - if v1==v2: - return 1 - return 0 - - def size(self): - return number.size(self.p) - 1 - - def has_private(self): - if hasattr(self, 'x'): - return 1 - else: - return 0 - - def publickey(self): - return construct((self.p, self.g, self.y)) - - -object=ElGamalobj diff --git a/frozen_deps/Crypto/PublicKey/RSA.py b/frozen_deps/Crypto/PublicKey/RSA.py deleted file mode 100644 index debe39e..0000000 --- a/frozen_deps/Crypto/PublicKey/RSA.py +++ /dev/null @@ -1,719 +0,0 @@ -# -*- coding: utf-8 -*- -# -# PublicKey/RSA.py : RSA public key primitive -# -# Written in 2008 by Dwayne C. Litzenberger <[email protected]> -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""RSA public-key cryptography algorithm (signature and encryption). - -RSA_ is the most widespread and used public key algorithm. Its security is -based on the difficulty of factoring large integers. The algorithm has -withstood attacks for 30 years, and it is therefore considered reasonably -secure for new designs. - -The algorithm can be used for both confidentiality (encryption) and -authentication (digital signature). It is worth noting that signing and -decryption are significantly slower than verification and encryption. -The cryptograhic strength is primarily linked to the length of the modulus *n*. -In 2012, a sufficient length is deemed to be 2048 bits. For more information, -see the most recent ECRYPT_ report. - -Both RSA ciphertext and RSA signature are as big as the modulus *n* (256 -bytes if *n* is 2048 bit long). - -This module provides facilities for generating fresh, new RSA keys, constructing -them from known components, exporting them, and importing them. - - >>> from Crypto.PublicKey import RSA - >>> - >>> key = RSA.generate(2048) - >>> f = open('mykey.pem','w') - >>> f.write(RSA.exportKey('PEM')) - >>> f.close() - ... - >>> f = open('mykey.pem','r') - >>> key = RSA.importKey(f.read()) - -Even though you may choose to directly use the methods of an RSA key object -to perform the primitive cryptographic operations (e.g. `_RSAobj.encrypt`), -it is recommended to use one of the standardized schemes instead (like -`Crypto.Cipher.PKCS1_v1_5` or `Crypto.Signature.PKCS1_v1_5`). - -.. _RSA: http://en.wikipedia.org/wiki/RSA_%28algorithm%29 -.. _ECRYPT: http://www.ecrypt.eu.org/documents/D.SPA.17.pdf - -:sort: generate,construct,importKey,error -""" - -__revision__ = "$Id$" - -__all__ = ['generate', 'construct', 'error', 'importKey', 'RSAImplementation', '_RSAobj'] - -import sys -if sys.version_info[0] == 2 and sys.version_info[1] == 1: - from Crypto.Util.py21compat import * -from Crypto.Util.py3compat import * -#from Crypto.Util.python_compat import * -from Crypto.Util.number import getRandomRange, bytes_to_long, long_to_bytes - -from Crypto.PublicKey import _RSA, _slowmath, pubkey -from Crypto import Random - -from Crypto.Util.asn1 import DerObject, DerSequence, DerNull -import binascii -import struct - -from Crypto.Util.number import inverse - -from Crypto.Util.number import inverse - -try: - from Crypto.PublicKey import _fastmath -except ImportError: - _fastmath = None - -class _RSAobj(pubkey.pubkey): - """Class defining an actual RSA key. - - :undocumented: __getstate__, __setstate__, __repr__, __getattr__ - """ - #: Dictionary of RSA parameters. - #: - #: A public key will only have the following entries: - #: - #: - **n**, the modulus. - #: - **e**, the public exponent. - #: - #: A private key will also have: - #: - #: - **d**, the private exponent. - #: - **p**, the first factor of n. - #: - **q**, the second factor of n. - #: - **u**, the CRT coefficient (1/p) mod q. - keydata = ['n', 'e', 'd', 'p', 'q', 'u'] - - def __init__(self, implementation, key, randfunc=None): - self.implementation = implementation - self.key = key - if randfunc is None: - randfunc = Random.new().read - self._randfunc = randfunc - - def __getattr__(self, attrname): - if attrname in self.keydata: - # For backward compatibility, allow the user to get (not set) the - # RSA key parameters directly from this object. - return getattr(self.key, attrname) - else: - raise AttributeError("%s object has no %r attribute" % (self.__class__.__name__, attrname,)) - - def encrypt(self, plaintext, K): - """Encrypt a piece of data with RSA. - - :Parameter plaintext: The piece of data to encrypt with RSA. It may not - be numerically larger than the RSA module (**n**). - :Type plaintext: byte string or long - - :Parameter K: A random parameter (*for compatibility only. This - value will be ignored*) - :Type K: byte string or long - - :attention: this function performs the plain, primitive RSA encryption - (*textbook*). In real applications, you always need to use proper - cryptographic padding, and you should not directly encrypt data with - this method. Failure to do so may lead to security vulnerabilities. - It is recommended to use modules - `Crypto.Cipher.PKCS1_OAEP` or `Crypto.Cipher.PKCS1_v1_5` instead. - - :Return: A tuple with two items. The first item is the ciphertext - of the same type as the plaintext (string or long). The second item - is always None. - """ - return pubkey.pubkey.encrypt(self, plaintext, K) - - def decrypt(self, ciphertext): - """Decrypt a piece of data with RSA. - - Decryption always takes place with blinding. - - :attention: this function performs the plain, primitive RSA decryption - (*textbook*). In real applications, you always need to use proper - cryptographic padding, and you should not directly decrypt data with - this method. Failure to do so may lead to security vulnerabilities. - It is recommended to use modules - `Crypto.Cipher.PKCS1_OAEP` or `Crypto.Cipher.PKCS1_v1_5` instead. - - :Parameter ciphertext: The piece of data to decrypt with RSA. It may - not be numerically larger than the RSA module (**n**). If a tuple, - the first item is the actual ciphertext; the second item is ignored. - - :Type ciphertext: byte string, long or a 2-item tuple as returned by - `encrypt` - - :Return: A byte string if ciphertext was a byte string or a tuple - of byte strings. A long otherwise. - """ - return pubkey.pubkey.decrypt(self, ciphertext) - - def sign(self, M, K): - """Sign a piece of data with RSA. - - Signing always takes place with blinding. - - :attention: this function performs the plain, primitive RSA decryption - (*textbook*). In real applications, you always need to use proper - cryptographic padding, and you should not directly sign data with - this method. Failure to do so may lead to security vulnerabilities. - It is recommended to use modules - `Crypto.Signature.PKCS1_PSS` or `Crypto.Signature.PKCS1_v1_5` instead. - - :Parameter M: The piece of data to sign with RSA. It may - not be numerically larger than the RSA module (**n**). - :Type M: byte string or long - - :Parameter K: A random parameter (*for compatibility only. This - value will be ignored*) - :Type K: byte string or long - - :Return: A 2-item tuple. The first item is the actual signature (a - long). The second item is always None. - """ - return pubkey.pubkey.sign(self, M, K) - - def verify(self, M, signature): - """Verify the validity of an RSA signature. - - :attention: this function performs the plain, primitive RSA encryption - (*textbook*). In real applications, you always need to use proper - cryptographic padding, and you should not directly verify data with - this method. Failure to do so may lead to security vulnerabilities. - It is recommended to use modules - `Crypto.Signature.PKCS1_PSS` or `Crypto.Signature.PKCS1_v1_5` instead. - - :Parameter M: The expected message. - :Type M: byte string or long - - :Parameter signature: The RSA signature to verify. The first item of - the tuple is the actual signature (a long not larger than the modulus - **n**), whereas the second item is always ignored. - :Type signature: A 2-item tuple as return by `sign` - - :Return: True if the signature is correct, False otherwise. - """ - return pubkey.pubkey.verify(self, M, signature) - - def _encrypt(self, c, K): - return (self.key._encrypt(c),) - - def _decrypt(self, c): - #(ciphertext,) = c - (ciphertext,) = c[:1] # HACK - We should use the previous line - # instead, but this is more compatible and we're - # going to replace the Crypto.PublicKey API soon - # anyway. - - # Blinded RSA decryption (to prevent timing attacks): - # Step 1: Generate random secret blinding factor r, such that 0 < r < n-1 - r = getRandomRange(1, self.key.n-1, randfunc=self._randfunc) - # Step 2: Compute c' = c * r**e mod n - cp = self.key._blind(ciphertext, r) - # Step 3: Compute m' = c'**d mod n (ordinary RSA decryption) - mp = self.key._decrypt(cp) - # Step 4: Compute m = m**(r-1) mod n - return self.key._unblind(mp, r) - - def _blind(self, m, r): - return self.key._blind(m, r) - - def _unblind(self, m, r): - return self.key._unblind(m, r) - - def _sign(self, m, K=None): - return (self.key._sign(m),) - - def _verify(self, m, sig): - #(s,) = sig - (s,) = sig[:1] # HACK - We should use the previous line instead, but - # this is more compatible and we're going to replace - # the Crypto.PublicKey API soon anyway. - return self.key._verify(m, s) - - def has_private(self): - return self.key.has_private() - - def size(self): - return self.key.size() - - def can_blind(self): - return True - - def can_encrypt(self): - return True - - def can_sign(self): - return True - - def publickey(self): - return self.implementation.construct((self.key.n, self.key.e)) - - def __getstate__(self): - d = {} - for k in self.keydata: - try: - d[k] = getattr(self.key, k) - except AttributeError: - pass - return d - - def __setstate__(self, d): - if not hasattr(self, 'implementation'): - self.implementation = RSAImplementation() - t = [] - for k in self.keydata: - if k not in d: - break - t.append(d[k]) - self.key = self.implementation._math.rsa_construct(*tuple(t)) - - def __repr__(self): - attrs = [] - for k in self.keydata: - if k == 'n': - attrs.append("n(%d)" % (self.size()+1,)) - elif hasattr(self.key, k): - attrs.append(k) - if self.has_private(): - attrs.append("private") - # PY3K: This is meant to be text, do not change to bytes (data) - return "<%s @0x%x %s>" % (self.__class__.__name__, id(self), ",".join(attrs)) - - def exportKey(self, format='PEM', passphrase=None, pkcs=1): - """Export this RSA key. - - :Parameter format: The format to use for wrapping the key. - - - *'DER'*. Binary encoding, always unencrypted. - - *'PEM'*. Textual encoding, done according to `RFC1421`_/`RFC1423`_. - Unencrypted (default) or encrypted. - - *'OpenSSH'*. Textual encoding, done according to OpenSSH specification. - Only suitable for public keys (not private keys). - :Type format: string - - :Parameter passphrase: In case of PEM, the pass phrase to derive the encryption key from. - :Type passphrase: string - - :Parameter pkcs: The PKCS standard to follow for assembling the key. - You have two choices: - - - with **1**, the public key is embedded into an X.509 `SubjectPublicKeyInfo` DER SEQUENCE. - The private key is embedded into a `PKCS#1`_ `RSAPrivateKey` DER SEQUENCE. - This mode is the default. - - with **8**, the private key is embedded into a `PKCS#8`_ `PrivateKeyInfo` DER SEQUENCE. - This mode is not available for public keys. - - PKCS standards are not relevant for the *OpenSSH* format. - :Type pkcs: integer - - :Return: A byte string with the encoded public or private half. - :Raise ValueError: - When the format is unknown. - - .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt - .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt - .. _`PKCS#1`: http://www.ietf.org/rfc/rfc3447.txt - .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt - """ - if passphrase is not None: - passphrase = tobytes(passphrase) - if format=='OpenSSH': - eb = long_to_bytes(self.e) - nb = long_to_bytes(self.n) - if bord(eb[0]) & 0x80: eb=bchr(0x00)+eb - if bord(nb[0]) & 0x80: nb=bchr(0x00)+nb - keyparts = [ 'ssh-rsa', eb, nb ] - keystring = ''.join([ struct.pack(">I",len(kp))+kp for kp in keyparts]) - return 'ssh-rsa '+binascii.b2a_base64(keystring)[:-1] - - # DER format is always used, even in case of PEM, which simply - # encodes it into BASE64. - der = DerSequence() - if self.has_private(): - keyType= { 1: 'RSA PRIVATE', 8: 'PRIVATE' }[pkcs] - der[:] = [ 0, self.n, self.e, self.d, self.p, self.q, - self.d % (self.p-1), self.d % (self.q-1), - inverse(self.q, self.p) ] - if pkcs==8: - derkey = der.encode() - der = DerSequence([0]) - der.append(algorithmIdentifier) - der.append(DerObject('OCTET STRING', derkey).encode()) - else: - keyType = "PUBLIC" - der.append(algorithmIdentifier) - bitmap = DerObject('BIT STRING') - derPK = DerSequence( [ self.n, self.e ] ) - bitmap.payload = bchr(0x00) + derPK.encode() - der.append(bitmap.encode()) - if format=='DER': - return der.encode() - if format=='PEM': - pem = b("-----BEGIN " + keyType + " KEY-----\n") - objenc = None - if passphrase and keyType.endswith('PRIVATE'): - # We only support 3DES for encryption - import Crypto.Hash.MD5 - from Crypto.Cipher import DES3 - from Crypto.Protocol.KDF import PBKDF1 - salt = self._randfunc(8) - key = PBKDF1(passphrase, salt, 16, 1, Crypto.Hash.MD5) - key += PBKDF1(key+passphrase, salt, 8, 1, Crypto.Hash.MD5) - objenc = DES3.new(key, Crypto.Cipher.DES3.MODE_CBC, salt) - pem += b('Proc-Type: 4,ENCRYPTED\n') - pem += b('DEK-Info: DES-EDE3-CBC,') + binascii.b2a_hex(salt).upper() + b('\n\n') - - binaryKey = der.encode() - if objenc: - # Add PKCS#7-like padding - padding = objenc.block_size-len(binaryKey)%objenc.block_size - binaryKey = objenc.encrypt(binaryKey+bchr(padding)*padding) - - # Each BASE64 line can take up to 64 characters (=48 bytes of data) - chunks = [ binascii.b2a_base64(binaryKey[i:i+48]) for i in range(0, len(binaryKey), 48) ] - pem += b('').join(chunks) - pem += b("-----END " + keyType + " KEY-----") - return pem - return ValueError("Unknown key format '%s'. Cannot export the RSA key." % format) - -class RSAImplementation(object): - """ - An RSA key factory. - - This class is only internally used to implement the methods of the `Crypto.PublicKey.RSA` module. - - :sort: __init__,generate,construct,importKey - :undocumented: _g*, _i* - """ - - def __init__(self, **kwargs): - """Create a new RSA key factory. - - :Keywords: - use_fast_math : bool - Specify which mathematic library to use: - - - *None* (default). Use fastest math available. - - *True* . Use fast math. - - *False* . Use slow math. - default_randfunc : callable - Specify how to collect random data: - - - *None* (default). Use Random.new().read(). - - not *None* . Use the specified function directly. - :Raise RuntimeError: - When **use_fast_math** =True but fast math is not available. - """ - use_fast_math = kwargs.get('use_fast_math', None) - if use_fast_math is None: # Automatic - if _fastmath is not None: - self._math = _fastmath - else: - self._math = _slowmath - - elif use_fast_math: # Explicitly select fast math - if _fastmath is not None: - self._math = _fastmath - else: - raise RuntimeError("fast math module not available") - - else: # Explicitly select slow math - self._math = _slowmath - - self.error = self._math.error - - self._default_randfunc = kwargs.get('default_randfunc', None) - self._current_randfunc = None - - def _get_randfunc(self, randfunc): - if randfunc is not None: - return randfunc - elif self._current_randfunc is None: - self._current_randfunc = Random.new().read - return self._current_randfunc - - def generate(self, bits, randfunc=None, progress_func=None, e=65537): - """Randomly generate a fresh, new RSA key. - - :Parameters: - bits : int - Key length, or size (in bits) of the RSA modulus. - It must be a multiple of 256, and no smaller than 1024. - - randfunc : callable - Random number generation function; it should accept - a single integer N and return a string of random data - N bytes long. - If not specified, a new one will be instantiated - from ``Crypto.Random``. - - progress_func : callable - Optional function that will be called with a short string - containing the key parameter currently being generated; - it's useful for interactive applications where a user is - waiting for a key to be generated. - - e : int - Public RSA exponent. It must be an odd positive integer. - It is typically a small number with very few ones in its - binary representation. - The default value 65537 (= ``0b10000000000000001`` ) is a safe - choice: other common values are 5, 7, 17, and 257. - - :attention: You should always use a cryptographically secure random number generator, - such as the one defined in the ``Crypto.Random`` module; **don't** just use the - current time and the ``random`` module. - - :attention: Exponent 3 is also widely used, but it requires very special care when padding - the message. - - :Return: An RSA key object (`_RSAobj`). - - :Raise ValueError: - When **bits** is too little or not a multiple of 256, or when - **e** is not odd or smaller than 2. - """ - if bits < 1024 or (bits & 0xff) != 0: - # pubkey.getStrongPrime doesn't like anything that's not a multiple of 256 and >= 1024 - raise ValueError("RSA modulus length must be a multiple of 256 and >= 1024") - if e%2==0 or e<3: - raise ValueError("RSA public exponent must be a positive, odd integer larger than 2.") - rf = self._get_randfunc(randfunc) - obj = _RSA.generate_py(bits, rf, progress_func, e) # TODO: Don't use legacy _RSA module - key = self._math.rsa_construct(obj.n, obj.e, obj.d, obj.p, obj.q, obj.u) - return _RSAobj(self, key) - - def construct(self, tup): - """Construct an RSA key from a tuple of valid RSA components. - - The modulus **n** must be the product of two primes. - The public exponent **e** must be odd and larger than 1. - - In case of a private key, the following equations must apply: - - - e != 1 - - p*q = n - - e*d = 1 mod (p-1)(q-1) - - p*u = 1 mod q - - :Parameters: - tup : tuple - A tuple of long integers, with at least 2 and no - more than 6 items. The items come in the following order: - - 1. RSA modulus (n). - 2. Public exponent (e). - 3. Private exponent (d). Only required if the key is private. - 4. First factor of n (p). Optional. - 5. Second factor of n (q). Optional. - 6. CRT coefficient, (1/p) mod q (u). Optional. - - :Return: An RSA key object (`_RSAobj`). - """ - key = self._math.rsa_construct(*tup) - return _RSAobj(self, key) - - def _importKeyDER(self, externKey): - """Import an RSA key (public or private half), encoded in DER form.""" - - try: - - der = DerSequence() - der.decode(externKey, True) - - # Try PKCS#1 first, for a private key - if len(der)==9 and der.hasOnlyInts() and der[0]==0: - # ASN.1 RSAPrivateKey element - del der[6:] # Remove d mod (p-1), d mod (q-1), and q^{-1} mod p - der.append(inverse(der[4],der[5])) # Add p^{-1} mod q - del der[0] # Remove version - return self.construct(der[:]) - - # Keep on trying PKCS#1, but now for a public key - if len(der)==2: - # The DER object is an RSAPublicKey SEQUENCE with two elements - if der.hasOnlyInts(): - return self.construct(der[:]) - # The DER object is a SubjectPublicKeyInfo SEQUENCE with two elements: - # an 'algorithm' (or 'algorithmIdentifier') SEQUENCE and a 'subjectPublicKey' BIT STRING. - # 'algorithm' takes the value given a few lines above. - # 'subjectPublicKey' encapsulates the actual ASN.1 RSAPublicKey element. - if der[0]==algorithmIdentifier: - bitmap = DerObject() - bitmap.decode(der[1], True) - if bitmap.isType('BIT STRING') and bord(bitmap.payload[0])==0x00: - der.decode(bitmap.payload[1:], True) - if len(der)==2 and der.hasOnlyInts(): - return self.construct(der[:]) - - # Try unencrypted PKCS#8 - if der[0]==0: - # The second element in the SEQUENCE is algorithmIdentifier. - # It must say RSA (see above for description). - if der[1]==algorithmIdentifier: - privateKey = DerObject() - privateKey.decode(der[2], True) - if privateKey.isType('OCTET STRING'): - return self._importKeyDER(privateKey.payload) - - except ValueError as IndexError: - pass - - raise ValueError("RSA key format is not supported") - - def importKey(self, externKey, passphrase=None): - """Import an RSA key (public or private half), encoded in standard form. - - :Parameter externKey: - The RSA key to import, encoded as a string. - - An RSA public key can be in any of the following formats: - - - X.509 `subjectPublicKeyInfo` DER SEQUENCE (binary or PEM encoding) - - `PKCS#1`_ `RSAPublicKey` DER SEQUENCE (binary or PEM encoding) - - OpenSSH (textual public key only) - - An RSA private key can be in any of the following formats: - - - PKCS#1 `RSAPrivateKey` DER SEQUENCE (binary or PEM encoding) - - `PKCS#8`_ `PrivateKeyInfo` DER SEQUENCE (binary or PEM encoding) - - OpenSSH (textual public key only) - - For details about the PEM encoding, see `RFC1421`_/`RFC1423`_. - - In case of PEM encoding, the private key can be encrypted with DES or 3TDES according to a certain ``pass phrase``. - Only OpenSSL-compatible pass phrases are supported. - :Type externKey: string - - :Parameter passphrase: - In case of an encrypted PEM key, this is the pass phrase from which the encryption key is derived. - :Type passphrase: string - - :Return: An RSA key object (`_RSAobj`). - - :Raise ValueError/IndexError/TypeError: - When the given key cannot be parsed (possibly because the pass phrase is wrong). - - .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt - .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt - .. _`PKCS#1`: http://www.ietf.org/rfc/rfc3447.txt - .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt - """ - externKey = tobytes(externKey) - if passphrase is not None: - passphrase = tobytes(passphrase) - - if externKey.startswith(b('-----')): - # This is probably a PEM encoded key - lines = externKey.replace(b(" "),b('')).split() - keyobj = None - - # The encrypted PEM format - if lines[1].startswith(b('Proc-Type:4,ENCRYPTED')): - DEK = lines[2].split(b(':')) - if len(DEK)!=2 or DEK[0]!=b('DEK-Info') or not passphrase: - raise ValueError("PEM encryption format not supported.") - algo, salt = DEK[1].split(b(',')) - salt = binascii.a2b_hex(salt) - import Crypto.Hash.MD5 - from Crypto.Cipher import DES, DES3 - from Crypto.Protocol.KDF import PBKDF1 - if algo==b("DES-CBC"): - # This is EVP_BytesToKey in OpenSSL - key = PBKDF1(passphrase, salt, 8, 1, Crypto.Hash.MD5) - keyobj = DES.new(key, Crypto.Cipher.DES.MODE_CBC, salt) - elif algo==b("DES-EDE3-CBC"): - # Note that EVP_BytesToKey is note exactly the same as PBKDF1 - key = PBKDF1(passphrase, salt, 16, 1, Crypto.Hash.MD5) - key += PBKDF1(key+passphrase, salt, 8, 1, Crypto.Hash.MD5) - keyobj = DES3.new(key, Crypto.Cipher.DES3.MODE_CBC, salt) - else: - raise ValueError("Unsupport PEM encryption algorithm.") - lines = lines[2:] - - der = binascii.a2b_base64(b('').join(lines[1:-1])) - if keyobj: - der = keyobj.decrypt(der) - padding = bord(der[-1]) - der = der[:-padding] - return self._importKeyDER(der) - - if externKey.startswith(b('ssh-rsa ')): - # This is probably an OpenSSH key - keystring = binascii.a2b_base64(externKey.split(b(' '))[1]) - keyparts = [] - while len(keystring)>4: - l = struct.unpack(">I",keystring[:4])[0] - keyparts.append(keystring[4:4+l]) - keystring = keystring[4+l:] - e = bytes_to_long(keyparts[1]) - n = bytes_to_long(keyparts[2]) - return self.construct([n, e]) - if bord(externKey[0])==0x30: - # This is probably a DER encoded key - return self._importKeyDER(externKey) - - raise ValueError("RSA key format is not supported") - -#: This is the ASN.1 DER object that qualifies an algorithm as -#: compliant to PKCS#1 (that is, the standard RSA). -# It is found in all 'algorithm' fields (also called 'algorithmIdentifier'). -# It is a SEQUENCE with the oid assigned to RSA and with its parameters (none). -# 0x06 0x09 OBJECT IDENTIFIER, 9 bytes of payload -# 0x2A 0x86 0x48 0x86 0xF7 0x0D 0x01 0x01 0x01 -# rsaEncryption (1 2 840 113549 1 1 1) (PKCS #1) -# 0x05 0x00 NULL -algorithmIdentifier = DerSequence( - [ b('\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01'), - DerNull().encode() ] - ).encode() - -_impl = RSAImplementation() -#: -#: Randomly generate a fresh, new RSA key object. -#: -#: See `RSAImplementation.generate`. -#: -generate = _impl.generate -#: -#: Construct an RSA key object from a tuple of valid RSA components. -#: -#: See `RSAImplementation.construct`. -#: -construct = _impl.construct -#: -#: Import an RSA key (public or private half), encoded in standard form. -#: -#: See `RSAImplementation.importKey`. -#: -importKey = _impl.importKey -error = _impl.error - -# vim:set ts=4 sw=4 sts=4 expandtab: - diff --git a/frozen_deps/Crypto/PublicKey/_DSA.py b/frozen_deps/Crypto/PublicKey/_DSA.py deleted file mode 100644 index 1787ced..0000000 --- a/frozen_deps/Crypto/PublicKey/_DSA.py +++ /dev/null @@ -1,115 +0,0 @@ - -# -# DSA.py : Digital Signature Algorithm -# -# Part of the Python Cryptography Toolkit -# -# Written by Andrew Kuchling, Paul Swartz, and others -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== -# - -__revision__ = "$Id$" - -from Crypto.PublicKey.pubkey import * -from Crypto.Util import number -from Crypto.Util.number import bytes_to_long, long_to_bytes -from Crypto.Hash import SHA -from Crypto.Util.py3compat import * - -class error (Exception): - pass - -def generateQ(randfunc): - S=randfunc(20) - hash1=SHA.new(S).digest() - hash2=SHA.new(long_to_bytes(bytes_to_long(S)+1)).digest() - q = bignum(0) - for i in range(0,20): - c=bord(hash1[i])^bord(hash2[i]) - if i==0: - c=c | 128 - if i==19: - c= c | 1 - q=q*256+c - while (not isPrime(q)): - q=q+2 - if pow(2,159) < q < pow(2,160): - return S, q - raise RuntimeError('Bad q value generated') - -def generate_py(bits, randfunc, progress_func=None): - """generate(bits:int, randfunc:callable, progress_func:callable) - - Generate a DSA key of length 'bits', using 'randfunc' to get - random data and 'progress_func', if present, to display - the progress of the key generation. - """ - - if bits<160: - raise ValueError('Key length < 160 bits') - obj=DSAobj() - # Generate string S and prime q - if progress_func: - progress_func('p,q\n') - while (1): - S, obj.q = generateQ(randfunc) - n=divmod(bits-1, 160)[0] - C, N, V = 0, 2, {} - b=(obj.q >> 5) & 15 - powb=pow(bignum(2), b) - powL1=pow(bignum(2), bits-1) - while C<4096: - for k in range(0, n+1): - V[k]=bytes_to_long(SHA.new(S+bstr(N)+bstr(k)).digest()) - W=V[n] % powb - for k in range(n-1, -1, -1): - W=(W<<160)+V[k] - X=W+powL1 - p=X-(X%(2*obj.q)-1) - if powL1<=p and isPrime(p): - break - C, N = C+1, N+n+1 - if C<4096: - break - if progress_func: - progress_func('4096 multiples failed\n') - - obj.p = p - power=divmod(p-1, obj.q)[0] - if progress_func: - progress_func('h,g\n') - while (1): - h=bytes_to_long(randfunc(bits)) % (p-1) - g=pow(h, power, p) - if 1<h<p-1 and g>1: - break - obj.g=g - if progress_func: - progress_func('x,y\n') - while (1): - x=bytes_to_long(randfunc(20)) - if 0 < x < obj.q: - break - obj.x, obj.y = x, pow(g, x, p) - return obj - -class DSAobj: - pass - diff --git a/frozen_deps/Crypto/PublicKey/_RSA.py b/frozen_deps/Crypto/PublicKey/_RSA.py deleted file mode 100644 index 601ab7c..0000000 --- a/frozen_deps/Crypto/PublicKey/_RSA.py +++ /dev/null @@ -1,81 +0,0 @@ -# -# RSA.py : RSA encryption/decryption -# -# Part of the Python Cryptography Toolkit -# -# Written by Andrew Kuchling, Paul Swartz, and others -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== -# - -__revision__ = "$Id$" - -from Crypto.PublicKey import pubkey -from Crypto.Util import number - -def generate_py(bits, randfunc, progress_func=None, e=65537): - """generate(bits:int, randfunc:callable, progress_func:callable, e:int) - - Generate an RSA key of length 'bits', public exponent 'e'(which must be - odd), using 'randfunc' to get random data and 'progress_func', - if present, to display the progress of the key generation. - """ - obj=RSAobj() - obj.e = int(e) - - # Generate the prime factors of n - if progress_func: - progress_func('p,q\n') - p = q = 1 - while number.size(p*q) < bits: - # Note that q might be one bit longer than p if somebody specifies an odd - # number of bits for the key. (Why would anyone do that? You don't get - # more security.) - p = pubkey.getStrongPrime(bits>>1, obj.e, 1e-12, randfunc) - q = pubkey.getStrongPrime(bits - (bits>>1), obj.e, 1e-12, randfunc) - - # It's OK for p to be larger than q, but let's be - # kind to the function that will invert it for - # th calculation of u. - if p > q: - (p, q)=(q, p) - obj.p = p - obj.q = q - - if progress_func: - progress_func('u\n') - obj.u = pubkey.inverse(obj.p, obj.q) - obj.n = obj.p*obj.q - - if progress_func: - progress_func('d\n') - obj.d=pubkey.inverse(obj.e, (obj.p-1)*(obj.q-1)) - - assert bits <= 1+obj.size(), "Generated key is too small" - - return obj - -class RSAobj(pubkey.pubkey): - - def size(self): - """size() : int - Return the maximum number of bits that can be handled by this key. - """ - return number.size(self.n) - 1 - diff --git a/frozen_deps/Crypto/PublicKey/__init__.py b/frozen_deps/Crypto/PublicKey/__init__.py deleted file mode 100644 index 503809f..0000000 --- a/frozen_deps/Crypto/PublicKey/__init__.py +++ /dev/null @@ -1,41 +0,0 @@ -# -*- coding: utf-8 -*- -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""Public-key encryption and signature algorithms. - -Public-key encryption uses two different keys, one for encryption and -one for decryption. The encryption key can be made public, and the -decryption key is kept private. Many public-key algorithms can also -be used to sign messages, and some can *only* be used for signatures. - -======================== ============================================= -Module Description -======================== ============================================= -Crypto.PublicKey.DSA Digital Signature Algorithm (Signature only) -Crypto.PublicKey.ElGamal (Signing and encryption) -Crypto.PublicKey.RSA (Signing, encryption, and blinding) -======================== ============================================= - -:undocumented: _DSA, _RSA, _fastmath, _slowmath, pubkey -""" - -__all__ = ['RSA', 'DSA', 'ElGamal'] -__revision__ = "$Id$" - diff --git a/frozen_deps/Crypto/PublicKey/_fastmath.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/PublicKey/_fastmath.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index f0fe708..0000000 --- a/frozen_deps/Crypto/PublicKey/_fastmath.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/PublicKey/_slowmath.py b/frozen_deps/Crypto/PublicKey/_slowmath.py deleted file mode 100644 index c87bdd2..0000000 --- a/frozen_deps/Crypto/PublicKey/_slowmath.py +++ /dev/null @@ -1,187 +0,0 @@ -# -*- coding: utf-8 -*- -# -# PubKey/RSA/_slowmath.py : Pure Python implementation of the RSA portions of _fastmath -# -# Written in 2008 by Dwayne C. Litzenberger <[email protected]> -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""Pure Python implementation of the RSA-related portions of Crypto.PublicKey._fastmath.""" - -__revision__ = "$Id$" - -__all__ = ['rsa_construct'] - -import sys - -if sys.version_info[0] == 2 and sys.version_info[1] == 1: - from Crypto.Util.py21compat import * -from Crypto.Util.number import size, inverse, GCD - -class error(Exception): - pass - -class _RSAKey(object): - def _blind(self, m, r): - # compute r**e * m (mod n) - return m * pow(r, self.e, self.n) - - def _unblind(self, m, r): - # compute m / r (mod n) - return inverse(r, self.n) * m % self.n - - def _decrypt(self, c): - # compute c**d (mod n) - if not self.has_private(): - raise TypeError("No private key") - if (hasattr(self,'p') and hasattr(self,'q') and hasattr(self,'u')): - m1 = pow(c, self.d % (self.p-1), self.p) - m2 = pow(c, self.d % (self.q-1), self.q) - h = m2 - m1 - if (h<0): - h = h + self.q - h = h*self.u % self.q - return h*self.p+m1 - return pow(c, self.d, self.n) - - def _encrypt(self, m): - # compute m**d (mod n) - return pow(m, self.e, self.n) - - def _sign(self, m): # alias for _decrypt - if not self.has_private(): - raise TypeError("No private key") - return self._decrypt(m) - - def _verify(self, m, sig): - return self._encrypt(sig) == m - - def has_private(self): - return hasattr(self, 'd') - - def size(self): - """Return the maximum number of bits that can be encrypted""" - return size(self.n) - 1 - -def rsa_construct(n, e, d=None, p=None, q=None, u=None): - """Construct an RSAKey object""" - assert isinstance(n, int) - assert isinstance(e, int) - assert isinstance(d, (int, type(None))) - assert isinstance(p, (int, type(None))) - assert isinstance(q, (int, type(None))) - assert isinstance(u, (int, type(None))) - obj = _RSAKey() - obj.n = n - obj.e = e - if d is None: - return obj - obj.d = d - if p is not None and q is not None: - obj.p = p - obj.q = q - else: - # Compute factors p and q from the private exponent d. - # We assume that n has no more than two factors. - # See 8.2.2(i) in Handbook of Applied Cryptography. - ktot = d*e-1 - # The quantity d*e-1 is a multiple of phi(n), even, - # and can be represented as t*2^s. - t = ktot - while t%2==0: - t=divmod(t,2)[0] - # Cycle through all multiplicative inverses in Zn. - # The algorithm is non-deterministic, but there is a 50% chance - # any candidate a leads to successful factoring. - # See "Digitalized Signatures and Public Key Functions as Intractable - # as Factorization", M. Rabin, 1979 - spotted = 0 - a = 2 - while not spotted and a<100: - k = t - # Cycle through all values a^{t*2^i}=a^k - while k<ktot: - cand = pow(a,k,n) - # Check if a^k is a non-trivial root of unity (mod n) - if cand!=1 and cand!=(n-1) and pow(cand,2,n)==1: - # We have found a number such that (cand-1)(cand+1)=0 (mod n). - # Either of the terms divides n. - obj.p = GCD(cand+1,n) - spotted = 1 - break - k = k*2 - # This value was not any good... let's try another! - a = a+2 - if not spotted: - raise ValueError("Unable to compute factors p and q from exponent d.") - # Found ! - assert ((n % obj.p)==0) - obj.q = divmod(n,obj.p)[0] - if u is not None: - obj.u = u - else: - obj.u = inverse(obj.p, obj.q) - return obj - -class _DSAKey(object): - def size(self): - """Return the maximum number of bits that can be encrypted""" - return size(self.p) - 1 - - def has_private(self): - return hasattr(self, 'x') - - def _sign(self, m, k): # alias for _decrypt - # SECURITY TODO - We _should_ be computing SHA1(m), but we don't because that's the API. - if not self.has_private(): - raise TypeError("No private key") - if not (1 < k < self.q): - raise ValueError("k is not between 2 and q-1") - inv_k = inverse(k, self.q) # Compute k**-1 mod q - r = pow(self.g, k, self.p) % self.q # r = (g**k mod p) mod q - s = (inv_k * (m + self.x * r)) % self.q - return (r, s) - - def _verify(self, m, r, s): - # SECURITY TODO - We _should_ be computing SHA1(m), but we don't because that's the API. - if not (0 < r < self.q) or not (0 < s < self.q): - return False - w = inverse(s, self.q) - u1 = (m*w) % self.q - u2 = (r*w) % self.q - v = (pow(self.g, u1, self.p) * pow(self.y, u2, self.p) % self.p) % self.q - return v == r - -def dsa_construct(y, g, p, q, x=None): - assert isinstance(y, int) - assert isinstance(g, int) - assert isinstance(p, int) - assert isinstance(q, int) - assert isinstance(x, (int, type(None))) - obj = _DSAKey() - obj.y = y - obj.g = g - obj.p = p - obj.q = q - if x is not None: obj.x = x - return obj - - -# vim:set ts=4 sw=4 sts=4 expandtab: - diff --git a/frozen_deps/Crypto/PublicKey/pubkey.py b/frozen_deps/Crypto/PublicKey/pubkey.py deleted file mode 100644 index e46b076..0000000 --- a/frozen_deps/Crypto/PublicKey/pubkey.py +++ /dev/null @@ -1,240 +0,0 @@ -# -# pubkey.py : Internal functions for public key operations -# -# Part of the Python Cryptography Toolkit -# -# Written by Andrew Kuchling, Paul Swartz, and others -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== -# - -__revision__ = "$Id$" - -import types, warnings -from Crypto.Util.number import * - -# Basic public key class -class pubkey: - """An abstract class for a public key object. - - :undocumented: __getstate__, __setstate__, __eq__, __ne__, validate - """ - def __init__(self): - pass - - def __getstate__(self): - """To keep key objects platform-independent, the key data is - converted to standard Python long integers before being - written out. It will then be reconverted as necessary on - restoration.""" - d=self.__dict__ - for key in self.keydata: - if key in d: d[key]=int(d[key]) - return d - - def __setstate__(self, d): - """On unpickling a key object, the key data is converted to the big -number representation being used, whether that is Python long -integers, MPZ objects, or whatever.""" - for key in self.keydata: - if key in d: self.__dict__[key]=bignum(d[key]) - - def encrypt(self, plaintext, K): - """Encrypt a piece of data. - - :Parameter plaintext: The piece of data to encrypt. - :Type plaintext: byte string or long - - :Parameter K: A random parameter required by some algorithms - :Type K: byte string or long - - :Return: A tuple with two items. Each item is of the same type as the - plaintext (string or long). - """ - wasString=0 - if isinstance(plaintext, bytes): - plaintext=bytes_to_long(plaintext) ; wasString=1 - if isinstance(K, bytes): - K=bytes_to_long(K) - ciphertext=self._encrypt(plaintext, K) - if wasString: return tuple(map(long_to_bytes, ciphertext)) - else: return ciphertext - - def decrypt(self, ciphertext): - """Decrypt a piece of data. - - :Parameter ciphertext: The piece of data to decrypt. - :Type ciphertext: byte string, long or a 2-item tuple as returned by `encrypt` - - :Return: A byte string if ciphertext was a byte string or a tuple - of byte strings. A long otherwise. - """ - wasString=0 - if not isinstance(ciphertext, tuple): - ciphertext=(ciphertext,) - if isinstance(ciphertext[0], bytes): - ciphertext=tuple(map(bytes_to_long, ciphertext)) ; wasString=1 - plaintext=self._decrypt(ciphertext) - if wasString: return long_to_bytes(plaintext) - else: return plaintext - - def sign(self, M, K): - """Sign a piece of data. - - :Parameter M: The piece of data to encrypt. - :Type M: byte string or long - - :Parameter K: A random parameter required by some algorithms - :Type K: byte string or long - - :Return: A tuple with two items. - """ - if (not self.has_private()): - raise TypeError('Private key not available in this object') - if isinstance(M, bytes): M=bytes_to_long(M) - if isinstance(K, bytes): K=bytes_to_long(K) - return self._sign(M, K) - - def verify (self, M, signature): - """Verify the validity of a signature. - - :Parameter M: The expected message. - :Type M: byte string or long - - :Parameter signature: The signature to verify. - :Type signature: tuple with two items, as return by `sign` - - :Return: True if the signature is correct, False otherwise. - """ - if isinstance(M, bytes): M=bytes_to_long(M) - return self._verify(M, signature) - - # alias to compensate for the old validate() name - def validate (self, M, signature): - warnings.warn("validate() method name is obsolete; use verify()", - DeprecationWarning) - - def blind(self, M, B): - """Blind a message to prevent certain side-channel attacks. - - :Parameter M: The message to blind. - :Type M: byte string or long - - :Parameter B: Blinding factor. - :Type B: byte string or long - - :Return: A byte string if M was so. A long otherwise. - """ - wasString=0 - if isinstance(M, bytes): - M=bytes_to_long(M) ; wasString=1 - if isinstance(B, bytes): B=bytes_to_long(B) - blindedmessage=self._blind(M, B) - if wasString: return long_to_bytes(blindedmessage) - else: return blindedmessage - - def unblind(self, M, B): - """Unblind a message after cryptographic processing. - - :Parameter M: The encoded message to unblind. - :Type M: byte string or long - - :Parameter B: Blinding factor. - :Type B: byte string or long - """ - wasString=0 - if isinstance(M, bytes): - M=bytes_to_long(M) ; wasString=1 - if isinstance(B, bytes): B=bytes_to_long(B) - unblindedmessage=self._unblind(M, B) - if wasString: return long_to_bytes(unblindedmessage) - else: return unblindedmessage - - - # The following methods will usually be left alone, except for - # signature-only algorithms. They both return Boolean values - # recording whether this key's algorithm can sign and encrypt. - def can_sign (self): - """Tell if the algorithm can deal with cryptographic signatures. - - This property concerns the *algorithm*, not the key itself. - It may happen that this particular key object hasn't got - the private information required to generate a signature. - - :Return: boolean - """ - return 1 - - def can_encrypt (self): - """Tell if the algorithm can deal with data encryption. - - This property concerns the *algorithm*, not the key itself. - It may happen that this particular key object hasn't got - the private information required to decrypt data. - - :Return: boolean - """ - return 1 - - def can_blind (self): - """Tell if the algorithm can deal with data blinding. - - This property concerns the *algorithm*, not the key itself. - It may happen that this particular key object hasn't got - the private information required carry out blinding. - - :Return: boolean - """ - return 0 - - # The following methods will certainly be overridden by - # subclasses. - - def size (self): - """Tell the maximum number of bits that can be handled by this key. - - :Return: int - """ - return 0 - - def has_private (self): - """Tell if the key object contains private components. - - :Return: bool - """ - return 0 - - def publickey (self): - """Construct a new key carrying only the public information. - - :Return: A new `pubkey` object. - """ - return self - - def __eq__ (self, other): - """__eq__(other): 0, 1 - Compare us to other for equality. - """ - return self.__getstate__() == other.__getstate__() - - def __ne__ (self, other): - """__ne__(other): 0, 1 - Compare us to other for inequality. - """ - return not self.__eq__(other) diff --git a/frozen_deps/Crypto/Random/Fortuna/FortunaAccumulator.py b/frozen_deps/Crypto/Random/Fortuna/FortunaAccumulator.py deleted file mode 100644 index 5c6beb0..0000000 --- a/frozen_deps/Crypto/Random/Fortuna/FortunaAccumulator.py +++ /dev/null @@ -1,171 +0,0 @@ -# -*- coding: ascii -*- -# -# FortunaAccumulator.py : Fortuna's internal accumulator -# -# Written in 2008 by Dwayne C. Litzenberger <[email protected]> -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -__revision__ = "$Id$" - -import sys -if sys.version_info[0] == 2 and sys.version_info[1] == 1: - from Crypto.Util.py21compat import * -from Crypto.Util.py3compat import * - -from binascii import b2a_hex -import time -import warnings - -from Crypto.pct_warnings import ClockRewindWarning -from . import SHAd256 - -from . import FortunaGenerator - -class FortunaPool(object): - """Fortuna pool type - - This object acts like a hash object, with the following differences: - - - It keeps a count (the .length attribute) of the number of bytes that - have been added to the pool - - It supports a .reset() method for in-place reinitialization - - The method to add bytes to the pool is .append(), not .update(). - """ - - digest_size = SHAd256.digest_size - - def __init__(self): - self.reset() - - def append(self, data): - self._h.update(data) - self.length += len(data) - - def digest(self): - return self._h.digest() - - def hexdigest(self): - if sys.version_info[0] == 2: - return b2a_hex(self.digest()) - else: - return b2a_hex(self.digest()).decode() - - def reset(self): - self._h = SHAd256.new() - self.length = 0 - -def which_pools(r): - """Return a list of pools indexes (in range(32)) that are to be included during reseed number r. - - According to _Practical Cryptography_, chapter 10.5.2 "Pools": - - "Pool P_i is included if 2**i is a divisor of r. Thus P_0 is used - every reseed, P_1 every other reseed, P_2 every fourth reseed, etc." - """ - # This is a separate function so that it can be unit-tested. - assert r >= 1 - retval = [] - mask = 0 - for i in range(32): - # "Pool P_i is included if 2**i is a divisor of [reseed_count]" - if (r & mask) == 0: - retval.append(i) - else: - break # optimization. once this fails, it always fails - mask = (mask << 1) | 1 - return retval - -class FortunaAccumulator(object): - - # An estimate of how many bytes we must append to pool 0 before it will - # contain 128 bits of entropy (with respect to an attack). We reseed the - # generator only after pool 0 contains `min_pool_size` bytes. Note that - # unlike with some other PRNGs, Fortuna's security does not rely on the - # accuracy of this estimate---we can accord to be optimistic here. - min_pool_size = 64 # size in bytes - - # If an attacker can predict some (but not all) of our entropy sources, the - # `min_pool_size` check may not be sufficient to prevent a successful state - # compromise extension attack. To resist this attack, Fortuna spreads the - # input across 32 pools, which are then consumed (to reseed the output - # generator) with exponentially decreasing frequency. - # - # In order to prevent an attacker from gaining knowledge of all 32 pools - # before we have a chance to fill them with enough information that the - # attacker cannot predict, we impose a rate limit of 10 reseeds/second (one - # per 100 ms). This ensures that a hypothetical 33rd pool would only be - # needed after a minimum of 13 years of sustained attack. - reseed_interval = 0.100 # time in seconds - - def __init__(self): - self.reseed_count = 0 - self.generator = FortunaGenerator.AESGenerator() - self.last_reseed = None - - # Initialize 32 FortunaPool instances. - # NB: This is _not_ equivalent to [FortunaPool()]*32, which would give - # us 32 references to the _same_ FortunaPool instance (and cause the - # assertion below to fail). - self.pools = [FortunaPool() for i in range(32)] # 32 pools - assert(self.pools[0] is not self.pools[1]) - - def _forget_last_reseed(self): - # This is not part of the standard Fortuna definition, and using this - # function frequently can weaken Fortuna's ability to resist a state - # compromise extension attack, but we need this in order to properly - # implement Crypto.Random.atfork(). Otherwise, forked child processes - # might continue to use their parent's PRNG state for up to 100ms in - # some cases. (e.g. CVE-2013-1445) - self.last_reseed = None - - def random_data(self, bytes): - current_time = time.time() - if (self.last_reseed is not None and self.last_reseed > current_time): # Avoid float comparison to None to make Py3k happy - warnings.warn("Clock rewind detected. Resetting last_reseed.", ClockRewindWarning) - self.last_reseed = None - if (self.pools[0].length >= self.min_pool_size and - (self.last_reseed is None or - current_time > self.last_reseed + self.reseed_interval)): - self._reseed(current_time) - # The following should fail if we haven't seeded the pool yet. - return self.generator.pseudo_random_data(bytes) - - def _reseed(self, current_time=None): - if current_time is None: - current_time = time.time() - seed = [] - self.reseed_count += 1 - self.last_reseed = current_time - for i in which_pools(self.reseed_count): - seed.append(self.pools[i].digest()) - self.pools[i].reset() - - seed = b("").join(seed) - self.generator.reseed(seed) - - def add_random_event(self, source_number, pool_number, data): - assert 1 <= len(data) <= 32 - assert 0 <= source_number <= 255 - assert 0 <= pool_number <= 31 - self.pools[pool_number].append(bchr(source_number)) - self.pools[pool_number].append(bchr(len(data))) - self.pools[pool_number].append(data) - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/frozen_deps/Crypto/Random/Fortuna/FortunaGenerator.py b/frozen_deps/Crypto/Random/Fortuna/FortunaGenerator.py deleted file mode 100644 index 489c81e..0000000 --- a/frozen_deps/Crypto/Random/Fortuna/FortunaGenerator.py +++ /dev/null @@ -1,132 +0,0 @@ -# -*- coding: ascii -*- -# -# FortunaGenerator.py : Fortuna's internal PRNG -# -# Written in 2008 by Dwayne C. Litzenberger <[email protected]> -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -__revision__ = "$Id$" - -import sys -if sys.version_info[0] is 2 and sys.version_info[1] is 1: - from Crypto.Util.py21compat import * -from Crypto.Util.py3compat import * - -import struct - -from Crypto.Util.number import ceil_shift, exact_log2, exact_div -from Crypto.Util import Counter -from Crypto.Cipher import AES - -from . import SHAd256 - -class AESGenerator(object): - """The Fortuna "generator" - - This is used internally by the Fortuna PRNG to generate arbitrary amounts - of pseudorandom data from a smaller amount of seed data. - - The output is generated by running AES-256 in counter mode and re-keying - after every mebibyte (2**16 blocks) of output. - """ - - block_size = AES.block_size # output block size in octets (128 bits) - key_size = 32 # key size in octets (256 bits) - - # Because of the birthday paradox, we expect to find approximately one - # collision for every 2**64 blocks of output from a real random source. - # However, this code generates pseudorandom data by running AES in - # counter mode, so there will be no collisions until the counter - # (theoretically) wraps around at 2**128 blocks. Thus, in order to prevent - # Fortuna's pseudorandom output from deviating perceptibly from a true - # random source, Ferguson and Schneier specify a limit of 2**16 blocks - # without rekeying. - max_blocks_per_request = 2**16 # Allow no more than this number of blocks per _pseudo_random_data request - - _four_kiblocks_of_zeros = b("\0") * block_size * 4096 - - def __init__(self): - self.counter = Counter.new(nbits=self.block_size*8, initial_value=0, little_endian=True) - self.key = None - - # Set some helper constants - self.block_size_shift = exact_log2(self.block_size) - assert (1 << self.block_size_shift) == self.block_size - - self.blocks_per_key = exact_div(self.key_size, self.block_size) - assert self.key_size == self.blocks_per_key * self.block_size - - self.max_bytes_per_request = self.max_blocks_per_request * self.block_size - - def reseed(self, seed): - if self.key is None: - self.key = b("\0") * self.key_size - - self._set_key(SHAd256.new(self.key + seed).digest()) - self.counter() # increment counter - assert len(self.key) == self.key_size - - def pseudo_random_data(self, bytes): - assert bytes >= 0 - - num_full_blocks = bytes >> 20 - remainder = bytes & ((1<<20)-1) - - retval = [] - for i in range(num_full_blocks): - retval.append(self._pseudo_random_data(1<<20)) - retval.append(self._pseudo_random_data(remainder)) - - return b("").join(retval) - - def _set_key(self, key): - self.key = key - self._cipher = AES.new(key, AES.MODE_CTR, counter=self.counter) - - def _pseudo_random_data(self, bytes): - if not (0 <= bytes <= self.max_bytes_per_request): - raise AssertionError("You cannot ask for more than 1 MiB of data per request") - - num_blocks = ceil_shift(bytes, self.block_size_shift) # num_blocks = ceil(bytes / self.block_size) - - # Compute the output - retval = self._generate_blocks(num_blocks)[:bytes] - - # Switch to a new key to avoid later compromises of this output (i.e. - # state compromise extension attacks) - self._set_key(self._generate_blocks(self.blocks_per_key)) - - assert len(retval) == bytes - assert len(self.key) == self.key_size - - return retval - - def _generate_blocks(self, num_blocks): - if self.key is None: - raise AssertionError("generator must be seeded before use") - assert 0 <= num_blocks <= self.max_blocks_per_request - retval = [] - for i in range(num_blocks >> 12): # xrange(num_blocks / 4096) - retval.append(self._cipher.encrypt(self._four_kiblocks_of_zeros)) - remaining_bytes = (num_blocks & 4095) << self.block_size_shift # (num_blocks % 4095) * self.block_size - retval.append(self._cipher.encrypt(self._four_kiblocks_of_zeros[:remaining_bytes])) - return b("").join(retval) - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/frozen_deps/Crypto/Random/Fortuna/SHAd256.py b/frozen_deps/Crypto/Random/Fortuna/SHAd256.py deleted file mode 100644 index 2e135c9..0000000 --- a/frozen_deps/Crypto/Random/Fortuna/SHAd256.py +++ /dev/null @@ -1,98 +0,0 @@ -# -*- coding: ascii -*- -# -# Random/Fortuna/SHAd256.py : SHA_d-256 hash function implementation -# -# Written in 2008 by Dwayne C. Litzenberger <[email protected]> -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""\ -SHA_d-256 hash function implementation. - -This module should comply with PEP 247. -""" - -__revision__ = "$Id$" -__all__ = ['new', 'digest_size'] - -import sys -if sys.version_info[0] == 2 and sys.version_info[1] == 1: - from Crypto.Util.py21compat import * -from Crypto.Util.py3compat import * - -from binascii import b2a_hex - -from Crypto.Hash import SHA256 - -assert SHA256.digest_size == 32 - -class _SHAd256(object): - """SHA-256, doubled. - - Returns SHA-256(SHA-256(data)). - """ - - digest_size = SHA256.digest_size - - _internal = object() - - def __init__(self, internal_api_check, sha256_hash_obj): - if internal_api_check is not self._internal: - raise AssertionError("Do not instantiate this class directly. Use %s.new()" % (__name__,)) - self._h = sha256_hash_obj - - # PEP 247 "copy" method - def copy(self): - """Return a copy of this hashing object""" - return _SHAd256(SHAd256._internal, self._h.copy()) - - # PEP 247 "digest" method - def digest(self): - """Return the hash value of this object as a binary string""" - retval = SHA256.new(self._h.digest()).digest() - assert len(retval) == 32 - return retval - - # PEP 247 "hexdigest" method - def hexdigest(self): - """Return the hash value of this object as a (lowercase) hexadecimal string""" - retval = b2a_hex(self.digest()) - assert len(retval) == 64 - if sys.version_info[0] == 2: - return retval - else: - return retval.decode() - - # PEP 247 "update" method - def update(self, data): - self._h.update(data) - -# PEP 247 module-level "digest_size" variable -digest_size = _SHAd256.digest_size - -# PEP 247 module-level "new" function -def new(data=None): - """Return a new SHAd256 hashing object""" - if not data: - data=b("") - sha = _SHAd256(_SHAd256._internal, SHA256.new(data)) - sha.new = globals()['new'] - return sha - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/frozen_deps/Crypto/Random/OSRNG/__init__.py b/frozen_deps/Crypto/Random/OSRNG/__init__.py deleted file mode 100644 index 2fbbecb..0000000 --- a/frozen_deps/Crypto/Random/OSRNG/__init__.py +++ /dev/null @@ -1,40 +0,0 @@ -# -# Random/OSRNG/__init__.py : Platform-independent OS RNG API -# -# Written in 2008 by Dwayne C. Litzenberger <[email protected]> -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""Provides a platform-independent interface to the random number generators -supplied by various operating systems.""" - -__revision__ = "$Id$" - -import os - -if os.name == 'posix': - from Crypto.Random.OSRNG.posix import new -elif os.name == 'nt': - from Crypto.Random.OSRNG.nt import new -elif hasattr(os, 'urandom'): - from Crypto.Random.OSRNG.fallback import new -else: - raise ImportError("Not implemented") - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/frozen_deps/Crypto/Random/OSRNG/fallback.py b/frozen_deps/Crypto/Random/OSRNG/fallback.py deleted file mode 100644 index 6d4130d..0000000 --- a/frozen_deps/Crypto/Random/OSRNG/fallback.py +++ /dev/null @@ -1,46 +0,0 @@ -# -# Random/OSRNG/fallback.py : Fallback entropy source for systems with os.urandom -# -# Written in 2008 by Dwayne C. Litzenberger <[email protected]> -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - - -__revision__ = "$Id$" -__all__ = ['PythonOSURandomRNG'] - -import os - -from .rng_base import BaseRNG - -class PythonOSURandomRNG(BaseRNG): - - name = "<os.urandom>" - - def __init__(self): - self._read = os.urandom - BaseRNG.__init__(self) - - def _close(self): - self._read = None - -def new(*args, **kwargs): - return PythonOSURandomRNG(*args, **kwargs) - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/frozen_deps/Crypto/Random/OSRNG/posix.py b/frozen_deps/Crypto/Random/OSRNG/posix.py deleted file mode 100644 index ceea7b7..0000000 --- a/frozen_deps/Crypto/Random/OSRNG/posix.py +++ /dev/null @@ -1,86 +0,0 @@ -# -# Random/OSRNG/posix.py : OS entropy source for POSIX systems -# -# Written in 2008 by Dwayne C. Litzenberger <[email protected]> -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - - -__revision__ = "$Id$" -__all__ = ['DevURandomRNG'] - -import errno -import os -import stat - -from .rng_base import BaseRNG -from Crypto.Util.py3compat import b - -class DevURandomRNG(BaseRNG): - - def __init__(self, devname=None): - if devname is None: - self.name = "/dev/urandom" - else: - self.name = devname - - # Test that /dev/urandom is a character special device - f = open(self.name, "rb", 0) - fmode = os.fstat(f.fileno())[stat.ST_MODE] - if not stat.S_ISCHR(fmode): - f.close() - raise TypeError("%r is not a character special device" % (self.name,)) - - self.__file = f - - BaseRNG.__init__(self) - - def _close(self): - self.__file.close() - - def _read(self, N): - # Starting with Python 3 open with buffering=0 returns a FileIO object. - # FileIO.read behaves like read(2) and not like fread(3) and thus we - # have to handle the case that read returns less data as requested here - # more carefully. - data = b("") - while len(data) < N: - try: - d = self.__file.read(N - len(data)) - except IOError as e: - # read(2) has been interrupted by a signal; redo the read - if e.errno == errno.EINTR: - continue - raise - - if d is None: - # __file is in non-blocking mode and no data is available - return data - if len(d) == 0: - # __file is in blocking mode and arrived at EOF - return data - - data += d - return data - -def new(*args, **kwargs): - return DevURandomRNG(*args, **kwargs) - - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/frozen_deps/Crypto/Random/OSRNG/rng_base.py b/frozen_deps/Crypto/Random/OSRNG/rng_base.py deleted file mode 100644 index 546f2e9..0000000 --- a/frozen_deps/Crypto/Random/OSRNG/rng_base.py +++ /dev/null @@ -1,88 +0,0 @@ -# -# Random/OSRNG/rng_base.py : Base class for OSRNG -# -# Written in 2008 by Dwayne C. Litzenberger <[email protected]> -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -__revision__ = "$Id$" - -import sys -if sys.version_info[0] == 2 and sys.version_info[1] == 1: - from Crypto.Util.py21compat import * - -class BaseRNG(object): - - def __init__(self): - self.closed = False - self._selftest() - - def __del__(self): - self.close() - - def _selftest(self): - # Test that urandom can return data - data = self.read(16) - if len(data) != 16: - raise AssertionError("read truncated") - - # Test that we get different data every time (if we don't, the RNG is - # probably malfunctioning) - data2 = self.read(16) - if data == data2: - raise AssertionError("OS RNG returned duplicate data") - - # PEP 343: Support for the "with" statement - def __enter__(self): - pass - def __exit__(self): - """PEP 343 support""" - self.close() - - def close(self): - if not self.closed: - self._close() - self.closed = True - - def flush(self): - pass - - def read(self, N=-1): - """Return N bytes from the RNG.""" - if self.closed: - raise ValueError("I/O operation on closed file") - if not isinstance(N, int): - raise TypeError("an integer is required") - if N < 0: - raise ValueError("cannot read to end of infinite stream") - elif N == 0: - return "" - data = self._read(N) - if len(data) != N: - raise AssertionError("%s produced truncated output (requested %d, got %d)" % (self.name, N, len(data))) - return data - - def _close(self): - raise NotImplementedError("child class must implement this") - - def _read(self, N): - raise NotImplementedError("child class must implement this") - - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/frozen_deps/Crypto/Random/_UserFriendlyRNG.py b/frozen_deps/Crypto/Random/_UserFriendlyRNG.py deleted file mode 100644 index 937c17d..0000000 --- a/frozen_deps/Crypto/Random/_UserFriendlyRNG.py +++ /dev/null @@ -1,230 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Random/_UserFriendlyRNG.py : A user-friendly random number generator -# -# Written in 2008 by Dwayne C. Litzenberger <[email protected]> -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -__revision__ = "$Id$" - -import sys -if sys.version_info[0] == 2 and sys.version_info[1] == 1: - from Crypto.Util.py21compat import * - -import os -import threading -import struct -import time -from math import floor - -from Crypto.Random import OSRNG -from Crypto.Random.Fortuna import FortunaAccumulator - -class _EntropySource(object): - def __init__(self, accumulator, src_num): - self._fortuna = accumulator - self._src_num = src_num - self._pool_num = 0 - - def feed(self, data): - self._fortuna.add_random_event(self._src_num, self._pool_num, data) - self._pool_num = (self._pool_num + 1) & 31 - -class _EntropyCollector(object): - - def __init__(self, accumulator): - self._osrng = OSRNG.new() - self._osrng_es = _EntropySource(accumulator, 255) - self._time_es = _EntropySource(accumulator, 254) - self._clock_es = _EntropySource(accumulator, 253) - - def reinit(self): - # Add 256 bits to each of the 32 pools, twice. (For a total of 16384 - # bits collected from the operating system.) - for i in range(2): - block = self._osrng.read(32*32) - for p in range(32): - self._osrng_es.feed(block[p*32:(p+1)*32]) - block = None - self._osrng.flush() - - def collect(self): - # Collect 64 bits of entropy from the operating system and feed it to Fortuna. - self._osrng_es.feed(self._osrng.read(8)) - - # Add the fractional part of time.time() - t = time.time() - self._time_es.feed(struct.pack("@I", int(2**30 * (t - floor(t))))) - - # Add the fractional part of time.clock() - t = time.clock() - self._clock_es.feed(struct.pack("@I", int(2**30 * (t - floor(t))))) - - -class _UserFriendlyRNG(object): - - def __init__(self): - self.closed = False - self._fa = FortunaAccumulator.FortunaAccumulator() - self._ec = _EntropyCollector(self._fa) - self.reinit() - - def reinit(self): - """Initialize the random number generator and seed it with entropy from - the operating system. - """ - - # Save the pid (helps ensure that Crypto.Random.atfork() gets called) - self._pid = os.getpid() - - # Collect entropy from the operating system and feed it to - # FortunaAccumulator - self._ec.reinit() - - # Override FortunaAccumulator's 100ms minimum re-seed interval. This - # is necessary to avoid a race condition between this function and - # self.read(), which that can otherwise cause forked child processes to - # produce identical output. (e.g. CVE-2013-1445) - # - # Note that if this function can be called frequently by an attacker, - # (and if the bits from OSRNG are insufficiently random) it will weaken - # Fortuna's ability to resist a state compromise extension attack. - self._fa._forget_last_reseed() - - def close(self): - self.closed = True - self._osrng = None - self._fa = None - - def flush(self): - pass - - def read(self, N): - """Return N bytes from the RNG.""" - if self.closed: - raise ValueError("I/O operation on closed file") - if not isinstance(N, int): - raise TypeError("an integer is required") - if N < 0: - raise ValueError("cannot read to end of infinite stream") - - # Collect some entropy and feed it to Fortuna - self._ec.collect() - - # Ask Fortuna to generate some bytes - retval = self._fa.random_data(N) - - # Check that we haven't forked in the meantime. (If we have, we don't - # want to use the data, because it might have been duplicated in the - # parent process. - self._check_pid() - - # Return the random data. - return retval - - def _check_pid(self): - # Lame fork detection to remind developers to invoke Random.atfork() - # after every call to os.fork(). Note that this check is not reliable, - # since process IDs can be reused on most operating systems. - # - # You need to do Random.atfork() in the child process after every call - # to os.fork() to avoid reusing PRNG state. If you want to avoid - # leaking PRNG state to child processes (for example, if you are using - # os.setuid()) then you should also invoke Random.atfork() in the - # *parent* process. - if os.getpid() != self._pid: - raise AssertionError("PID check failed. RNG must be re-initialized after fork(). Hint: Try Random.atfork()") - - -class _LockingUserFriendlyRNG(_UserFriendlyRNG): - def __init__(self): - self._lock = threading.Lock() - _UserFriendlyRNG.__init__(self) - - def close(self): - self._lock.acquire() - try: - return _UserFriendlyRNG.close(self) - finally: - self._lock.release() - - def reinit(self): - self._lock.acquire() - try: - return _UserFriendlyRNG.reinit(self) - finally: - self._lock.release() - - def read(self, bytes): - self._lock.acquire() - try: - return _UserFriendlyRNG.read(self, bytes) - finally: - self._lock.release() - -class RNGFile(object): - def __init__(self, singleton): - self.closed = False - self._singleton = singleton - - # PEP 343: Support for the "with" statement - def __enter__(self): - """PEP 343 support""" - def __exit__(self): - """PEP 343 support""" - self.close() - - def close(self): - # Don't actually close the singleton, just close this RNGFile instance. - self.closed = True - self._singleton = None - - def read(self, bytes): - if self.closed: - raise ValueError("I/O operation on closed file") - return self._singleton.read(bytes) - - def flush(self): - if self.closed: - raise ValueError("I/O operation on closed file") - -_singleton_lock = threading.Lock() -_singleton = None -def _get_singleton(): - global _singleton - _singleton_lock.acquire() - try: - if _singleton is None: - _singleton = _LockingUserFriendlyRNG() - return _singleton - finally: - _singleton_lock.release() - -def new(): - return RNGFile(_get_singleton()) - -def reinit(): - _get_singleton().reinit() - -def get_random_bytes(n): - """Return the specified number of cryptographically-strong random bytes.""" - return _get_singleton().read(n) - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/frozen_deps/Crypto/Signature/PKCS1_PSS.py b/frozen_deps/Crypto/Signature/PKCS1_PSS.py deleted file mode 100644 index 319851e..0000000 --- a/frozen_deps/Crypto/Signature/PKCS1_PSS.py +++ /dev/null @@ -1,355 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Signature/PKCS1_PSS.py : PKCS#1 PPS -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""RSA digital signature protocol with appendix according to PKCS#1 PSS. - -See RFC3447__ or the `original RSA Labs specification`__. - -This scheme is more properly called ``RSASSA-PSS``. - -For example, a sender may authenticate a message using SHA-1 and PSS like -this: - - >>> from Crypto.Signature import PKCS1_PSS - >>> from Crypto.Hash import SHA - >>> from Crypto.PublicKey import RSA - >>> from Crypto import Random - >>> - >>> message = 'To be signed' - >>> key = RSA.importKey(open('privkey.der').read()) - >>> h = SHA.new() - >>> h.update(message) - >>> signer = PKCS1_PSS.new(key) - >>> signature = PKCS1_PSS.sign(key) - -At the receiver side, verification can be done like using the public part of -the RSA key: - - >>> key = RSA.importKey(open('pubkey.der').read()) - >>> h = SHA.new() - >>> h.update(message) - >>> verifier = PKCS1_PSS.new(key) - >>> if verifier.verify(h, signature): - >>> print "The signature is authentic." - >>> else: - >>> print "The signature is not authentic." - -:undocumented: __revision__, __package__ - -.. __: http://www.ietf.org/rfc/rfc3447.txt -.. __: http://www.rsa.com/rsalabs/node.asp?id=2125 -""" - -# Allow nested scopes in Python 2.1 -# See http://oreilly.com/pub/a/python/2001/04/19/pythonnews.html - - -__revision__ = "$Id$" -__all__ = [ 'new', 'PSS_SigScheme' ] - -from Crypto.Util.py3compat import * -if sys.version_info[0] == 2 and sys.version_info[1] == 1: - from Crypto.Util.py21compat import * -import Crypto.Util.number -from Crypto.Util.number import ceil_shift, ceil_div, long_to_bytes -from Crypto.Util.strxor import strxor - -class PSS_SigScheme: - """This signature scheme can perform PKCS#1 PSS RSA signature or verification.""" - - def __init__(self, key, mgfunc, saltLen): - """Initialize this PKCS#1 PSS signature scheme object. - - :Parameters: - key : an RSA key object - If a private half is given, both signature and verification are possible. - If a public half is given, only verification is possible. - mgfunc : callable - A mask generation function that accepts two parameters: a string to - use as seed, and the lenth of the mask to generate, in bytes. - saltLen : int - Length of the salt, in bytes. - """ - self._key = key - self._saltLen = saltLen - self._mgfunc = mgfunc - - def can_sign(self): - """Return True if this cipher object can be used for signing messages.""" - return self._key.has_private() - - def sign(self, mhash): - """Produce the PKCS#1 PSS signature of a message. - - This function is named ``RSASSA-PSS-SIGN``, and is specified in - section 8.1.1 of RFC3447. - - :Parameters: - mhash : hash object - The hash that was carried out over the message. This is an object - belonging to the `Crypto.Hash` module. - - :Return: The PSS signature encoded as a string. - :Raise ValueError: - If the RSA key length is not sufficiently long to deal with the given - hash algorithm. - :Raise TypeError: - If the RSA key has no private half. - - :attention: Modify the salt length and the mask generation function only - if you know what you are doing. - The receiver must use the same parameters too. - """ - # TODO: Verify the key is RSA - - randfunc = self._key._randfunc - - # Set defaults for salt length and mask generation function - if self._saltLen == None: - sLen = mhash.digest_size - else: - sLen = self._saltLen - if self._mgfunc: - mgf = self._mgfunc - else: - mgf = lambda x,y: MGF1(x,y,mhash) - - modBits = Crypto.Util.number.size(self._key.n) - - # See 8.1.1 in RFC3447 - k = ceil_div(modBits,8) # Convert from bits to bytes - # Step 1 - em = EMSA_PSS_ENCODE(mhash, modBits-1, randfunc, mgf, sLen) - # Step 2a (OS2IP) and 2b (RSASP1) - m = self._key.decrypt(em) - # Step 2c (I2OSP) - S = bchr(0x00)*(k-len(m)) + m - return S - - def verify(self, mhash, S): - """Verify that a certain PKCS#1 PSS signature is authentic. - - This function checks if the party holding the private half of the given - RSA key has really signed the message. - - This function is called ``RSASSA-PSS-VERIFY``, and is specified in section - 8.1.2 of RFC3447. - - :Parameters: - mhash : hash object - The hash that was carried out over the message. This is an object - belonging to the `Crypto.Hash` module. - S : string - The signature that needs to be validated. - - :Return: True if verification is correct. False otherwise. - """ - # TODO: Verify the key is RSA - - # Set defaults for salt length and mask generation function - if self._saltLen == None: - sLen = mhash.digest_size - else: - sLen = self._saltLen - if self._mgfunc: - mgf = self._mgfunc - else: - mgf = lambda x,y: MGF1(x,y,mhash) - - modBits = Crypto.Util.number.size(self._key.n) - - # See 8.1.2 in RFC3447 - k = ceil_div(modBits,8) # Convert from bits to bytes - # Step 1 - if len(S) != k: - return False - # Step 2a (O2SIP), 2b (RSAVP1), and partially 2c (I2OSP) - # Note that signature must be smaller than the module - # but RSA.py won't complain about it. - # TODO: Fix RSA object; don't do it here. - em = self._key.encrypt(S, 0)[0] - # Step 2c - emLen = ceil_div(modBits-1,8) - em = bchr(0x00)*(emLen-len(em)) + em - # Step 3 - try: - result = EMSA_PSS_VERIFY(mhash, em, modBits-1, mgf, sLen) - except ValueError: - return False - # Step 4 - return result - -def MGF1(mgfSeed, maskLen, hash): - """Mask Generation Function, described in B.2.1""" - T = b("") - for counter in range(ceil_div(maskLen, hash.digest_size)): - c = long_to_bytes(counter, 4) - T = T + hash.new(mgfSeed + c).digest() - assert(len(T)>=maskLen) - return T[:maskLen] - -def EMSA_PSS_ENCODE(mhash, emBits, randFunc, mgf, sLen): - """ - Implement the ``EMSA-PSS-ENCODE`` function, as defined - in PKCS#1 v2.1 (RFC3447, 9.1.1). - - The original ``EMSA-PSS-ENCODE`` actually accepts the message ``M`` as input, - and hash it internally. Here, we expect that the message has already - been hashed instead. - - :Parameters: - mhash : hash object - The hash object that holds the digest of the message being signed. - emBits : int - Maximum length of the final encoding, in bits. - randFunc : callable - An RNG function that accepts as only parameter an int, and returns - a string of random bytes, to be used as salt. - mgf : callable - A mask generation function that accepts two parameters: a string to - use as seed, and the lenth of the mask to generate, in bytes. - sLen : int - Length of the salt, in bytes. - - :Return: An ``emLen`` byte long string that encodes the hash - (with ``emLen = \ceil(emBits/8)``). - - :Raise ValueError: - When digest or salt length are too big. - """ - - emLen = ceil_div(emBits,8) - - # Bitmask of digits that fill up - lmask = 0 - for i in range(8*emLen-emBits): - lmask = lmask>>1 | 0x80 - - # Step 1 and 2 have been already done - # Step 3 - if emLen < mhash.digest_size+sLen+2: - raise ValueError("Digest or salt length are too long for given key size.") - # Step 4 - salt = b("") - if randFunc and sLen>0: - salt = randFunc(sLen) - # Step 5 and 6 - h = mhash.new(bchr(0x00)*8 + mhash.digest() + salt) - # Step 7 and 8 - db = bchr(0x00)*(emLen-sLen-mhash.digest_size-2) + bchr(0x01) + salt - # Step 9 - dbMask = mgf(h.digest(), emLen-mhash.digest_size-1) - # Step 10 - maskedDB = strxor(db,dbMask) - # Step 11 - maskedDB = bchr(bord(maskedDB[0]) & ~lmask) + maskedDB[1:] - # Step 12 - em = maskedDB + h.digest() + bchr(0xBC) - return em - -def EMSA_PSS_VERIFY(mhash, em, emBits, mgf, sLen): - """ - Implement the ``EMSA-PSS-VERIFY`` function, as defined - in PKCS#1 v2.1 (RFC3447, 9.1.2). - - ``EMSA-PSS-VERIFY`` actually accepts the message ``M`` as input, - and hash it internally. Here, we expect that the message has already - been hashed instead. - - :Parameters: - mhash : hash object - The hash object that holds the digest of the message to be verified. - em : string - The signature to verify, therefore proving that the sender really signed - the message that was received. - emBits : int - Length of the final encoding (em), in bits. - mgf : callable - A mask generation function that accepts two parameters: a string to - use as seed, and the lenth of the mask to generate, in bytes. - sLen : int - Length of the salt, in bytes. - - :Return: 0 if the encoding is consistent, 1 if it is inconsistent. - - :Raise ValueError: - When digest or salt length are too big. - """ - - emLen = ceil_div(emBits,8) - - # Bitmask of digits that fill up - lmask = 0 - for i in range(8*emLen-emBits): - lmask = lmask>>1 | 0x80 - - # Step 1 and 2 have been already done - # Step 3 - if emLen < mhash.digest_size+sLen+2: - return False - # Step 4 - if ord(em[-1:])!=0xBC: - return False - # Step 5 - maskedDB = em[:emLen-mhash.digest_size-1] - h = em[emLen-mhash.digest_size-1:-1] - # Step 6 - if lmask & bord(em[0]): - return False - # Step 7 - dbMask = mgf(h, emLen-mhash.digest_size-1) - # Step 8 - db = strxor(maskedDB, dbMask) - # Step 9 - db = bchr(bord(db[0]) & ~lmask) + db[1:] - # Step 10 - if not db.startswith(bchr(0x00)*(emLen-mhash.digest_size-sLen-2) + bchr(0x01)): - return False - # Step 11 - salt = b("") - if sLen: salt = db[-sLen:] - # Step 12 and 13 - hp = mhash.new(bchr(0x00)*8 + mhash.digest() + salt).digest() - # Step 14 - if h!=hp: - return False - return True - -def new(key, mgfunc=None, saltLen=None): - """Return a signature scheme object `PSS_SigScheme` that - can be used to perform PKCS#1 PSS signature or verification. - - :Parameters: - key : RSA key object - The key to use to sign or verify the message. This is a `Crypto.PublicKey.RSA` object. - Signing is only possible if *key* is a private RSA key. - mgfunc : callable - A mask generation function that accepts two parameters: a string to - use as seed, and the lenth of the mask to generate, in bytes. - If not specified, the standard MGF1 is used. - saltLen : int - Length of the salt, in bytes. If not specified, it matches the output - size of the hash function. - - """ - return PSS_SigScheme(key, mgfunc, saltLen) - diff --git a/frozen_deps/Crypto/Signature/PKCS1_v1_5.py b/frozen_deps/Crypto/Signature/PKCS1_v1_5.py deleted file mode 100644 index 73ac251..0000000 --- a/frozen_deps/Crypto/Signature/PKCS1_v1_5.py +++ /dev/null @@ -1,236 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Signature/PKCS1-v1_5.py : PKCS#1 v1.5 -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -""" -RSA digital signature protocol according to PKCS#1 v1.5 - -See RFC3447__ or the `original RSA Labs specification`__. - -This scheme is more properly called ``RSASSA-PKCS1-v1_5``. - -For example, a sender may authenticate a message using SHA-1 like -this: - - >>> from Crypto.Signature import PKCS1_v1_5 - >>> from Crypto.Hash import SHA - >>> from Crypto.PublicKey import RSA - >>> - >>> message = 'To be signed' - >>> key = RSA.importKey(open('privkey.der').read()) - >>> h = SHA.new(message) - >>> signer = PKCS1_v1_5.new(key) - >>> signature = signer.sign(h) - -At the receiver side, verification can be done using the public part of -the RSA key: - - >>> key = RSA.importKey(open('pubkey.der').read()) - >>> h = SHA.new(message) - >>> verifier = PKCS1_v1_5.new(key) - >>> if verifier.verify(h, signature): - >>> print "The signature is authentic." - >>> else: - >>> print "The signature is not authentic." - -:undocumented: __revision__, __package__ - -.. __: http://www.ietf.org/rfc/rfc3447.txt -.. __: http://www.rsa.com/rsalabs/node.asp?id=2125 -""" - -__revision__ = "$Id$" -__all__ = [ 'new', 'PKCS115_SigScheme' ] - -import Crypto.Util.number -from Crypto.Util.number import ceil_div -from Crypto.Util.asn1 import DerSequence, DerNull, DerOctetString -from Crypto.Util.py3compat import * - -class PKCS115_SigScheme: - """This signature scheme can perform PKCS#1 v1.5 RSA signature or verification.""" - - def __init__(self, key): - """Initialize this PKCS#1 v1.5 signature scheme object. - - :Parameters: - key : an RSA key object - If a private half is given, both signature and verification are possible. - If a public half is given, only verification is possible. - """ - self._key = key - - def can_sign(self): - """Return True if this cipher object can be used for signing messages.""" - return self._key.has_private() - - def sign(self, mhash): - """Produce the PKCS#1 v1.5 signature of a message. - - This function is named ``RSASSA-PKCS1-V1_5-SIGN``, and is specified in - section 8.2.1 of RFC3447. - - :Parameters: - mhash : hash object - The hash that was carried out over the message. This is an object - belonging to the `Crypto.Hash` module. - - :Return: The signature encoded as a string. - :Raise ValueError: - If the RSA key length is not sufficiently long to deal with the given - hash algorithm. - :Raise TypeError: - If the RSA key has no private half. - """ - # TODO: Verify the key is RSA - - # See 8.2.1 in RFC3447 - modBits = Crypto.Util.number.size(self._key.n) - k = ceil_div(modBits,8) # Convert from bits to bytes - - # Step 1 - em = EMSA_PKCS1_V1_5_ENCODE(mhash, k) - # Step 2a (OS2IP) and 2b (RSASP1) - m = self._key.decrypt(em) - # Step 2c (I2OSP) - S = bchr(0x00)*(k-len(m)) + m - return S - - def verify(self, mhash, S): - """Verify that a certain PKCS#1 v1.5 signature is authentic. - - This function checks if the party holding the private half of the key - really signed the message. - - This function is named ``RSASSA-PKCS1-V1_5-VERIFY``, and is specified in - section 8.2.2 of RFC3447. - - :Parameters: - mhash : hash object - The hash that was carried out over the message. This is an object - belonging to the `Crypto.Hash` module. - S : string - The signature that needs to be validated. - - :Return: True if verification is correct. False otherwise. - """ - # TODO: Verify the key is RSA - - # See 8.2.2 in RFC3447 - modBits = Crypto.Util.number.size(self._key.n) - k = ceil_div(modBits,8) # Convert from bits to bytes - - # Step 1 - if len(S) != k: - return 0 - # Step 2a (O2SIP) and 2b (RSAVP1) - # Note that signature must be smaller than the module - # but RSA.py won't complain about it. - # TODO: Fix RSA object; don't do it here. - m = self._key.encrypt(S, 0)[0] - # Step 2c (I2OSP) - em1 = bchr(0x00)*(k-len(m)) + m - # Step 3 - try: - em2 = EMSA_PKCS1_V1_5_ENCODE(mhash, k) - except ValueError: - return 0 - # Step 4 - # By comparing the full encodings (as opposed to checking each - # of its components one at a time) we avoid attacks to the padding - # scheme like Bleichenbacher's (see http://www.mail-archive.com/[email protected]/msg06537). - # - return em1==em2 - -def EMSA_PKCS1_V1_5_ENCODE(hash, emLen): - """ - Implement the ``EMSA-PKCS1-V1_5-ENCODE`` function, as defined - in PKCS#1 v2.1 (RFC3447, 9.2). - - ``EMSA-PKCS1-V1_5-ENCODE`` actually accepts the message ``M`` as input, - and hash it internally. Here, we expect that the message has already - been hashed instead. - - :Parameters: - hash : hash object - The hash object that holds the digest of the message being signed. - emLen : int - The length the final encoding must have, in bytes. - - :attention: the early standard (RFC2313) stated that ``DigestInfo`` - had to be BER-encoded. This means that old signatures - might have length tags in indefinite form, which - is not supported in DER. Such encoding cannot be - reproduced by this function. - - :attention: the same standard defined ``DigestAlgorithm`` to be - of ``AlgorithmIdentifier`` type, where the PARAMETERS - item is optional. Encodings for ``MD2/4/5`` without - ``PARAMETERS`` cannot be reproduced by this function. - - :Return: An ``emLen`` byte long string that encodes the hash. - """ - - # First, build the ASN.1 DER object DigestInfo: - # - # DigestInfo ::= SEQUENCE { - # digestAlgorithm AlgorithmIdentifier, - # digest OCTET STRING - # } - # - # where digestAlgorithm identifies the hash function and shall be an - # algorithm ID with an OID in the set PKCS1-v1-5DigestAlgorithms. - # - # PKCS1-v1-5DigestAlgorithms ALGORITHM-IDENTIFIER ::= { - # { OID id-md2 PARAMETERS NULL }| - # { OID id-md5 PARAMETERS NULL }| - # { OID id-sha1 PARAMETERS NULL }| - # { OID id-sha256 PARAMETERS NULL }| - # { OID id-sha384 PARAMETERS NULL }| - # { OID id-sha512 PARAMETERS NULL } - # } - # - digestAlgo = DerSequence([hash.oid, DerNull().encode()]) - digest = DerOctetString(hash.digest()) - digestInfo = DerSequence([ - digestAlgo.encode(), - digest.encode() - ]).encode() - - # We need at least 11 bytes for the remaining data: 3 fixed bytes and - # at least 8 bytes of padding). - if emLen<len(digestInfo)+11: - raise ValueError("Selected hash algorith has a too long digest (%d bytes)." % len(digest)) - PS = bchr(0xFF) * (emLen - len(digestInfo) - 3) - return b("\x00\x01") + PS + bchr(0x00) + digestInfo - -def new(key): - """Return a signature scheme object `PKCS115_SigScheme` that - can be used to perform PKCS#1 v1.5 signature or verification. - - :Parameters: - key : RSA key object - The key to use to sign or verify the message. This is a `Crypto.PublicKey.RSA` object. - Signing is only possible if *key* is a private RSA key. - - """ - return PKCS115_SigScheme(key) - diff --git a/frozen_deps/Crypto/Util/Counter.py b/frozen_deps/Crypto/Util/Counter.py deleted file mode 100644 index f0460e5..0000000 --- a/frozen_deps/Crypto/Util/Counter.py +++ /dev/null @@ -1,127 +0,0 @@ -# -*- coding: ascii -*- -# -# Util/Counter.py : Fast counter for use with CTR-mode ciphers -# -# Written in 2008 by Dwayne C. Litzenberger <[email protected]> -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== -"""Fast counter functions for CTR cipher modes. - -CTR is a chaining mode for symmetric block encryption or decryption. -Messages are divideded into blocks, and the cipher operation takes -place on each block using the secret key and a unique *counter block*. - -The most straightforward way to fulfil the uniqueness property is -to start with an initial, random *counter block* value, and increment it as -the next block is processed. - -The block ciphers from `Crypto.Cipher` (when configured in *MODE_CTR* mode) -invoke a callable object (the *counter* parameter) to get the next *counter block*. -Unfortunately, the Python calling protocol leads to major performance degradations. - -The counter functions instantiated by this module will be invoked directly -by the ciphers in `Crypto.Cipher`. The fact that the Python layer is bypassed -lead to more efficient (and faster) execution of CTR cipher modes. - -An example of usage is the following: - - >>> from Crypto.Cipher import AES - >>> from Crypto.Util import Counter - >>> - >>> pt = b'\x00'*1000000 - >>> ctr = Counter.new(128) - >>> cipher = AES.new(b'\x00'*16, AES.MODE_CTR, counter=ctr) - >>> ct = cipher.encrypt(pt) - -:undocumented: __package__ -""" -import sys -if sys.version_info[0] == 2 and sys.version_info[1] == 1: - from Crypto.Util.py21compat import * -from Crypto.Util.py3compat import * - -from Crypto.Util import _counter -import struct - -# Factory function -def new(nbits, prefix=b(""), suffix=b(""), initial_value=1, overflow=0, little_endian=False, allow_wraparound=False, disable_shortcut=False): - """Create a stateful counter block function suitable for CTR encryption modes. - - Each call to the function returns the next counter block. - Each counter block is made up by three parts:: - - prefix || counter value || postfix - - The counter value is incremented by one at each call. - - :Parameters: - nbits : integer - Length of the desired counter, in bits. It must be a multiple of 8. - prefix : byte string - The constant prefix of the counter block. By default, no prefix is - used. - suffix : byte string - The constant postfix of the counter block. By default, no suffix is - used. - initial_value : integer - The initial value of the counter. Default value is 1. - little_endian : boolean - If True, the counter number will be encoded in little endian format. - If False (default), in big endian format. - allow_wraparound : boolean - If True, the function will raise an *OverflowError* exception as soon - as the counter wraps around. If False (default), the counter will - simply restart from zero. - disable_shortcut : boolean - If True, do not make ciphers from `Crypto.Cipher` bypass the Python - layer when invoking the counter block function. - If False (default), bypass the Python layer. - :Returns: - The counter block function. - """ - - # Sanity-check the message size - (nbytes, remainder) = divmod(nbits, 8) - if remainder != 0: - # In the future, we might support arbitrary bit lengths, but for now we don't. - raise ValueError("nbits must be a multiple of 8; got %d" % (nbits,)) - if nbytes < 1: - raise ValueError("nbits too small") - elif nbytes > 0xffff: - raise ValueError("nbits too large") - - initval = _encode(initial_value, nbytes, little_endian) - - if little_endian: - return _counter._newLE(bstr(prefix), bstr(suffix), initval, allow_wraparound=allow_wraparound, disable_shortcut=disable_shortcut) - else: - return _counter._newBE(bstr(prefix), bstr(suffix), initval, allow_wraparound=allow_wraparound, disable_shortcut=disable_shortcut) - -def _encode(n, nbytes, little_endian=False): - retval = [] - n = int(n) - for i in range(nbytes): - if little_endian: - retval.append(bchr(n & 0xff)) - else: - retval.insert(0, bchr(n & 0xff)) - n >>= 8 - return b("").join(retval) - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/frozen_deps/Crypto/Util/_counter.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/Util/_counter.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 77cd132..0000000 --- a/frozen_deps/Crypto/Util/_counter.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/Util/_number_new.py b/frozen_deps/Crypto/Util/_number_new.py deleted file mode 100644 index 5f29176..0000000 --- a/frozen_deps/Crypto/Util/_number_new.py +++ /dev/null @@ -1,119 +0,0 @@ -# -*- coding: ascii -*- -# -# Util/_number_new.py : utility functions -# -# Written in 2008 by Dwayne C. Litzenberger <[email protected]> -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -## NOTE: Do not import this module directly. Import these functions from Crypto.Util.number. - -__revision__ = "$Id$" -__all__ = ['ceil_shift', 'ceil_div', 'floor_div', 'exact_log2', 'exact_div'] - -import sys -if sys.version_info[0] == 2 and sys.version_info[1] == 1: - from Crypto.Util.py21compat import * - -def ceil_shift(n, b): - """Return ceil(n / 2**b) without performing any floating-point or division operations. - - This is done by right-shifting n by b bits and incrementing the result by 1 - if any '1' bits were shifted out. - """ - if not isinstance(n, int) or not isinstance(b, int): - raise TypeError("unsupported operand type(s): %r and %r" % (type(n).__name__, type(b).__name__)) - - assert n >= 0 and b >= 0 # I haven't tested or even thought about negative values - mask = (1 << b) - 1 - if n & mask: - return (n >> b) + 1 - else: - return n >> b - -def ceil_div(a, b): - """Return ceil(a / b) without performing any floating-point operations.""" - - if not isinstance(a, int) or not isinstance(b, int): - raise TypeError("unsupported operand type(s): %r and %r" % (type(a).__name__, type(b).__name__)) - - (q, r) = divmod(a, b) - if r: - return q + 1 - else: - return q - -def floor_div(a, b): - if not isinstance(a, int) or not isinstance(b, int): - raise TypeError("unsupported operand type(s): %r and %r" % (type(a).__name__, type(b).__name__)) - - (q, r) = divmod(a, b) - return q - -def exact_log2(num): - """Find and return an integer i >= 0 such that num == 2**i. - - If no such integer exists, this function raises ValueError. - """ - - if not isinstance(num, int): - raise TypeError("unsupported operand type: %r" % (type(num).__name__,)) - - n = int(num) - if n <= 0: - raise ValueError("cannot compute logarithm of non-positive number") - - i = 0 - while n != 0: - if (n & 1) and n != 1: - raise ValueError("No solution could be found") - i += 1 - n >>= 1 - i -= 1 - - assert num == (1 << i) - return i - -def exact_div(p, d, allow_divzero=False): - """Find and return an integer n such that p == n * d - - If no such integer exists, this function raises ValueError. - - Both operands must be integers. - - If the second operand is zero, this function will raise ZeroDivisionError - unless allow_divzero is true (default: False). - """ - - if not isinstance(p, int) or not isinstance(d, int): - raise TypeError("unsupported operand type(s): %r and %r" % (type(p).__name__, type(d).__name__)) - - if d == 0 and allow_divzero: - n = 0 - if p != n * d: - raise ValueError("No solution could be found") - else: - (n, r) = divmod(p, d) - if r != 0: - raise ValueError("No solution could be found") - - assert p == n * d - return n - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/frozen_deps/Crypto/Util/asn1.py b/frozen_deps/Crypto/Util/asn1.py deleted file mode 100644 index 9a97d97..0000000 --- a/frozen_deps/Crypto/Util/asn1.py +++ /dev/null @@ -1,286 +0,0 @@ -# -*- coding: ascii -*- -# -# Util/asn1.py : Minimal support for ASN.1 DER binary encoding. -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -from Crypto.Util.number import long_to_bytes, bytes_to_long -import sys -from Crypto.Util.py3compat import * - -__all__ = [ 'DerObject', 'DerInteger', 'DerOctetString', 'DerNull', 'DerSequence', 'DerObjectId' ] - -class DerObject: - """Base class for defining a single DER object. - - Instantiate this class ONLY when you have to decode a DER element. - """ - - # Known TAG types - typeTags = { 'SEQUENCE': 0x30, 'BIT STRING': 0x03, 'INTEGER': 0x02, - 'OCTET STRING': 0x04, 'NULL': 0x05, 'OBJECT IDENTIFIER': 0x06 } - - def __init__(self, ASN1Type=None, payload=b('')): - """Initialize the DER object according to a specific type. - - The ASN.1 type is either specified as the ASN.1 string (e.g. - 'SEQUENCE'), directly with its numerical tag or with no tag - at all (None).""" - if isInt(ASN1Type) or ASN1Type is None: - self.typeTag = ASN1Type - else: - if len(ASN1Type)==1: - self.typeTag = ord(ASN1Type) - else: - self.typeTag = self.typeTags.get(ASN1Type) - self.payload = payload - - def isType(self, ASN1Type): - return self.typeTags[ASN1Type]==self.typeTag - - def _lengthOctets(self, payloadLen): - """Return a byte string that encodes the given payload length (in - bytes) in a format suitable for a DER length tag (L). - """ - if payloadLen>127: - encoding = long_to_bytes(payloadLen) - return bchr(len(encoding)+128) + encoding - return bchr(payloadLen) - - def encode(self): - """Return a complete DER element, fully encoded as a TLV.""" - return bchr(self.typeTag) + self._lengthOctets(len(self.payload)) + self.payload - - def _decodeLen(self, idx, der): - """Given a (part of a) DER element, and an index to the first byte of - a DER length tag (L), return a tuple with the payload size, - and the index of the first byte of the such payload (V). - - Raises a ValueError exception if the DER length is invalid. - Raises an IndexError exception if the DER element is too short. - """ - length = bord(der[idx]) - if length<=127: - return (length,idx+1) - payloadLength = bytes_to_long(der[idx+1:idx+1+(length & 0x7F)]) - if payloadLength<=127: - raise ValueError("Not a DER length tag.") - return (payloadLength, idx+1+(length & 0x7F)) - - def decode(self, derEle, noLeftOvers=0): - """Decode a complete DER element, and re-initializes this - object with it. - - @param derEle A complete DER element. It must start with a DER T - tag. - @param noLeftOvers Indicate whether it is acceptable to complete the - parsing of the DER element and find that not all - bytes in derEle have been used. - @return Index of the first unused byte in the given DER element. - - Raises a ValueError exception in case of parsing errors. - Raises an IndexError exception if the DER element is too short. - """ - try: - self.typeTag = bord(derEle[0]) - if (self.typeTag & 0x1F)==0x1F: - raise ValueError("Unsupported DER tag") - (length,idx) = self._decodeLen(1, derEle) - if noLeftOvers and len(derEle) != (idx+length): - raise ValueError("Not a DER structure") - self.payload = derEle[idx:idx+length] - except IndexError: - raise ValueError("Not a valid DER SEQUENCE.") - return idx+length - -class DerInteger(DerObject): - def __init__(self, value = 0): - """Class to model an INTEGER DER element. - - Limitation: only non-negative values are supported. - """ - DerObject.__init__(self, 'INTEGER') - self.value = value - - def encode(self): - """Return a complete INTEGER DER element, fully encoded as a TLV.""" - self.payload = long_to_bytes(self.value) - if bord(self.payload[0])>127: - self.payload = bchr(0x00) + self.payload - return DerObject.encode(self) - - def decode(self, derEle, noLeftOvers=0): - """Decode a complete INTEGER DER element, and re-initializes this - object with it. - - @param derEle A complete INTEGER DER element. It must start with a DER - INTEGER tag. - @param noLeftOvers Indicate whether it is acceptable to complete the - parsing of the DER element and find that not all - bytes in derEle have been used. - @return Index of the first unused byte in the given DER element. - - Raises a ValueError exception if the DER element is not a - valid non-negative INTEGER. - Raises an IndexError exception if the DER element is too short. - """ - tlvLength = DerObject.decode(self, derEle, noLeftOvers) - if self.typeTag!=self.typeTags['INTEGER']: - raise ValueError ("Not a DER INTEGER.") - if bord(self.payload[0])>127: - raise ValueError ("Negative INTEGER.") - self.value = bytes_to_long(self.payload) - return tlvLength - -class DerSequence(DerObject): - """Class to model a SEQUENCE DER element. - - This object behave like a dynamic Python sequence. - Sub-elements that are INTEGERs, look like Python integers. - Any other sub-element is a binary string encoded as the complete DER - sub-element (TLV). - """ - - def __init__(self, startSeq=None): - """Initialize the SEQUENCE DER object. Always empty - initially.""" - DerObject.__init__(self, 'SEQUENCE') - if startSeq==None: - self._seq = [] - else: - self._seq = startSeq - - ## A few methods to make it behave like a python sequence - - def __delitem__(self, n): - del self._seq[n] - def __getitem__(self, n): - return self._seq[n] - def __setitem__(self, key, value): - self._seq[key] = value - def __setslice__(self,i,j,sequence): - self._seq[i:j] = sequence - def __delslice__(self,i,j): - del self._seq[i:j] - def __getslice__(self, i, j): - return self._seq[max(0, i):max(0, j)] - def __len__(self): - return len(self._seq) - def append(self, item): - return self._seq.append(item) - - def hasInts(self): - """Return the number of items in this sequence that are numbers.""" - return len(list(filter(isInt, self._seq))) - - def hasOnlyInts(self): - """Return True if all items in this sequence are numbers.""" - return self._seq and self.hasInts()==len(self._seq) - - def encode(self): - """Return the DER encoding for the ASN.1 SEQUENCE, containing - the non-negative integers and longs added to this object. - - Limitation: Raises a ValueError exception if it some elements - in the sequence are neither Python integers nor complete DER INTEGERs. - """ - self.payload = b('') - for item in self._seq: - try: - self.payload += item - except: - try: - self.payload += DerInteger(item).encode() - except: - raise ValueError("Trying to DER encode an unknown object") - return DerObject.encode(self) - - def decode(self, derEle, noLeftOvers=0): - """Decode a complete SEQUENCE DER element, and re-initializes this - object with it. - - @param derEle A complete SEQUENCE DER element. It must start with a DER - SEQUENCE tag. - @param noLeftOvers Indicate whether it is acceptable to complete the - parsing of the DER element and find that not all - bytes in derEle have been used. - @return Index of the first unused byte in the given DER element. - - DER INTEGERs are decoded into Python integers. Any other DER - element is not decoded. Its validity is not checked. - - Raises a ValueError exception if the DER element is not a - valid DER SEQUENCE. - Raises an IndexError exception if the DER element is too short. - """ - - self._seq = [] - try: - tlvLength = DerObject.decode(self, derEle, noLeftOvers) - if self.typeTag!=self.typeTags['SEQUENCE']: - raise ValueError("Not a DER SEQUENCE.") - # Scan one TLV at once - idx = 0 - while idx<len(self.payload): - typeTag = bord(self.payload[idx]) - if typeTag==self.typeTags['INTEGER']: - newInteger = DerInteger() - idx += newInteger.decode(self.payload[idx:]) - self._seq.append(newInteger.value) - else: - itemLen,itemIdx = self._decodeLen(idx+1,self.payload) - self._seq.append(self.payload[idx:itemIdx+itemLen]) - idx = itemIdx + itemLen - except IndexError: - raise ValueError("Not a valid DER SEQUENCE.") - return tlvLength - -class DerOctetString(DerObject): - def __init__(self, value = b('')): - DerObject.__init__(self, 'OCTET STRING') - self.payload = value - - def decode(self, derEle, noLeftOvers=0): - p = DerObject.decode(derEle, noLeftOvers) - if not self.isType("OCTET STRING"): - raise ValueError("Not a valid OCTET STRING.") - return p - -class DerNull(DerObject): - def __init__(self): - DerObject.__init__(self, 'NULL') - -class DerObjectId(DerObject): - def __init__(self): - DerObject.__init__(self, 'OBJECT IDENTIFIER') - - def decode(self, derEle, noLeftOvers=0): - p = DerObject.decode(derEle, noLeftOvers) - if not self.isType("OBJECT IDENTIFIER"): - raise ValueError("Not a valid OBJECT IDENTIFIER.") - return p - -def isInt(x): - test = 0 - try: - test += x - except TypeError: - return 0 - return 1 - diff --git a/frozen_deps/Crypto/Util/randpool.py b/frozen_deps/Crypto/Util/randpool.py deleted file mode 100644 index 8b5a0b7..0000000 --- a/frozen_deps/Crypto/Util/randpool.py +++ /dev/null @@ -1,82 +0,0 @@ -# -# randpool.py : Cryptographically strong random number generation -# -# Part of the Python Cryptography Toolkit -# -# Written by Andrew M. Kuchling, Mark Moraes, and others -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== -# - -__revision__ = "$Id$" - -from Crypto.pct_warnings import RandomPool_DeprecationWarning -import Crypto.Random -import warnings - -class RandomPool: - """Deprecated. Use Random.new() instead. - - See http://www.pycrypto.org/randpool-broken - """ - def __init__(self, numbytes = 160, cipher=None, hash=None, file=None): - warnings.warn("This application uses RandomPool, which is BROKEN in older releases. See http://www.pycrypto.org/randpool-broken", - RandomPool_DeprecationWarning) - self.__rng = Crypto.Random.new() - self.bytes = numbytes - self.bits = self.bytes * 8 - self.entropy = self.bits - - def get_bytes(self, N): - return self.__rng.read(N) - - def _updateEntropyEstimate(self, nbits): - self.entropy += nbits - if self.entropy < 0: - self.entropy = 0 - elif self.entropy > self.bits: - self.entropy = self.bits - - def _randomize(self, N=0, devname="/dev/urandom"): - """Dummy _randomize() function""" - self.__rng.flush() - - def randomize(self, N=0): - """Dummy randomize() function""" - self.__rng.flush() - - def stir(self, s=''): - """Dummy stir() function""" - self.__rng.flush() - - def stir_n(self, N=3): - """Dummy stir_n() function""" - self.__rng.flush() - - def add_event(self, s=''): - """Dummy add_event() function""" - self.__rng.flush() - - def getBytes(self, N): - """Dummy getBytes() function""" - return self.get_bytes(N) - - def addEvent(self, event, s=""): - """Dummy addEvent() function""" - return self.add_event() diff --git a/frozen_deps/Crypto/Util/strxor.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Crypto/Util/strxor.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 8358023..0000000 --- a/frozen_deps/Crypto/Util/strxor.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Crypto/__init__.py b/frozen_deps/Crypto/__init__.py deleted file mode 100644 index c27402e..0000000 --- a/frozen_deps/Crypto/__init__.py +++ /dev/null @@ -1,51 +0,0 @@ -# -*- coding: utf-8 -*- -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -"""Python Cryptography Toolkit - -A collection of cryptographic modules implementing various algorithms -and protocols. - -Subpackages: - -Crypto.Cipher - Secret-key (AES, DES, ARC4) and public-key encryption (RSA PKCS#1) algorithms -Crypto.Hash - Hashing algorithms (MD5, SHA, HMAC) -Crypto.Protocol - Cryptographic protocols (Chaffing, all-or-nothing transform, key derivation - functions). This package does not contain any network protocols. -Crypto.PublicKey - Public-key encryption and signature algorithms (RSA, DSA) -Crypto.Signature - Public-key signature algorithms (RSA PKCS#1) -Crypto.Util - Various useful modules and functions (long-to-string conversion, random number - generation, number theoretic functions) -""" - -__all__ = ['Cipher', 'Hash', 'Protocol', 'PublicKey', 'Util', 'Signature'] - -__version__ = '2.6.1' # See also below and setup.py -__revision__ = "$Id$" - -# New software should look at this instead of at __version__ above. -version_info = (2, 6, 1, 'final', 0) # See also above and setup.py - diff --git a/frozen_deps/Crypto/pct_warnings.py b/frozen_deps/Crypto/pct_warnings.py deleted file mode 100644 index 9b4361e..0000000 --- a/frozen_deps/Crypto/pct_warnings.py +++ /dev/null @@ -1,60 +0,0 @@ -# -*- coding: ascii -*- -# -# pct_warnings.py : PyCrypto warnings file -# -# Written in 2008 by Dwayne C. Litzenberger <[email protected]> -# -# =================================================================== -# The contents of this file are dedicated to the public domain. To -# the extent that dedication to the public domain is not available, -# everyone is granted a worldwide, perpetual, royalty-free, -# non-exclusive license to exercise all rights associated with the -# contents of this file for any purpose whatsoever. -# No rights are reserved. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. -# =================================================================== - -# -# Base classes. All our warnings inherit from one of these in order to allow -# the user to specifically filter them. -# - -class CryptoWarning(Warning): - """Base class for PyCrypto warnings""" - -class CryptoDeprecationWarning(DeprecationWarning, CryptoWarning): - """Base PyCrypto DeprecationWarning class""" - -class CryptoRuntimeWarning(RuntimeWarning, CryptoWarning): - """Base PyCrypto RuntimeWarning class""" - -# -# Warnings that we might actually use -# - -class RandomPool_DeprecationWarning(CryptoDeprecationWarning): - """Issued when Crypto.Util.randpool.RandomPool is instantiated.""" - -class ClockRewindWarning(CryptoRuntimeWarning): - """Warning for when the system clock moves backwards.""" - -class GetRandomNumber_DeprecationWarning(CryptoDeprecationWarning): - """Issued when Crypto.Util.number.getRandomNumber is invoked.""" - -class PowmInsecureWarning(CryptoRuntimeWarning): - """Warning for when _fastmath is built without mpz_powm_sec""" - -# By default, we want this warning to be shown every time we compensate for -# clock rewinding. -import warnings as _warnings -_warnings.filterwarnings('always', category=ClockRewindWarning, append=1) - -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/frozen_deps/Cryptodome/Cipher/AES.py b/frozen_deps/Cryptodome/Cipher/AES.py new file mode 100644 index 0000000..dd2671a --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/AES.py @@ -0,0 +1,250 @@ +# -*- coding: utf-8 -*- +# +# Cipher/AES.py : AES +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== +""" +Module's constants for the modes of operation supported with AES: + +:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>` +:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>` +:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>` +:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>` +:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>` +:var MODE_OPENPGP: :ref:`OpenPGP Mode <openpgp_mode>` +:var MODE_CCM: :ref:`Counter with CBC-MAC (CCM) Mode <ccm_mode>` +:var MODE_EAX: :ref:`EAX Mode <eax_mode>` +:var MODE_GCM: :ref:`Galois Counter Mode (GCM) <gcm_mode>` +:var MODE_SIV: :ref:`Syntethic Initialization Vector (SIV) <siv_mode>` +:var MODE_OCB: :ref:`Offset Code Book (OCB) <ocb_mode>` +""" + +import sys + +from Cryptodome.Cipher import _create_cipher +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + c_size_t, c_uint8_ptr) + +from Cryptodome.Util import _cpu_features +from Cryptodome.Random import get_random_bytes + + +_cproto = """ + int AES_start_operation(const uint8_t key[], + size_t key_len, + void **pResult); + int AES_encrypt(const void *state, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int AES_decrypt(const void *state, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int AES_stop_operation(void *state); + """ + + +# Load portable AES +_raw_aes_lib = load_pycryptodome_raw_lib("Cryptodome.Cipher._raw_aes", + _cproto) + +# Try to load AES with AES NI instructions +try: + _raw_aesni_lib = None + if _cpu_features.have_aes_ni(): + _raw_aesni_lib = load_pycryptodome_raw_lib("Cryptodome.Cipher._raw_aesni", + _cproto.replace("AES", + "AESNI")) +# _raw_aesni may not have been compiled in +except OSError: + pass + + +def _create_base_cipher(dict_parameters): + """This method instantiates and returns a handle to a low-level + base cipher. It will absorb named parameters in the process.""" + + use_aesni = dict_parameters.pop("use_aesni", True) + + try: + key = dict_parameters.pop("key") + except KeyError: + raise TypeError("Missing 'key' parameter") + + if len(key) not in key_size: + raise ValueError("Incorrect AES key length (%d bytes)" % len(key)) + + if use_aesni and _raw_aesni_lib: + start_operation = _raw_aesni_lib.AESNI_start_operation + stop_operation = _raw_aesni_lib.AESNI_stop_operation + else: + start_operation = _raw_aes_lib.AES_start_operation + stop_operation = _raw_aes_lib.AES_stop_operation + + cipher = VoidPointer() + result = start_operation(c_uint8_ptr(key), + c_size_t(len(key)), + cipher.address_of()) + if result: + raise ValueError("Error %X while instantiating the AES cipher" + % result) + return SmartPointer(cipher.get(), stop_operation) + + +def _derive_Poly1305_key_pair(key, nonce): + """Derive a tuple (r, s, nonce) for a Poly1305 MAC. + + If nonce is ``None``, a new 16-byte nonce is generated. + """ + + if len(key) != 32: + raise ValueError("Poly1305 with AES requires a 32-byte key") + + if nonce is None: + nonce = get_random_bytes(16) + elif len(nonce) != 16: + raise ValueError("Poly1305 with AES requires a 16-byte nonce") + + s = new(key[:16], MODE_ECB).encrypt(nonce) + return key[16:], s, nonce + + +def new(key, mode, *args, **kwargs): + """Create a new AES cipher. + + :param key: + The secret key to use in the symmetric cipher. + + It must be 16, 24 or 32 bytes long (respectively for *AES-128*, + *AES-192* or *AES-256*). + + For ``MODE_SIV`` only, it doubles to 32, 48, or 64 bytes. + :type key: bytes/bytearray/memoryview + + :param mode: + The chaining mode to use for encryption or decryption. + If in doubt, use ``MODE_EAX``. + :type mode: One of the supported ``MODE_*`` constants + + :Keyword Arguments: + * **iv** (*bytes*, *bytearray*, *memoryview*) -- + (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``, + and ``MODE_OPENPGP`` modes). + + The initialization vector to use for encryption or decryption. + + For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 16 bytes long. + + For ``MODE_OPENPGP`` mode only, + it must be 16 bytes long for encryption + and 18 bytes for decryption (in the latter case, it is + actually the *encrypted* IV which was prefixed to the ciphertext). + + If not provided, a random byte string is generated (you must then + read its value with the :attr:`iv` attribute). + + * **nonce** (*bytes*, *bytearray*, *memoryview*) -- + (Only applicable for ``MODE_CCM``, ``MODE_EAX``, ``MODE_GCM``, + ``MODE_SIV``, ``MODE_OCB``, and ``MODE_CTR``). + + A value that must never be reused for any other encryption done + with this key (except possibly for ``MODE_SIV``, see below). + + For ``MODE_EAX``, ``MODE_GCM`` and ``MODE_SIV`` there are no + restrictions on its length (recommended: **16** bytes). + + For ``MODE_CCM``, its length must be in the range **[7..13]**. + Bear in mind that with CCM there is a trade-off between nonce + length and maximum message size. Recommendation: **11** bytes. + + For ``MODE_OCB``, its length must be in the range **[1..15]** + (recommended: **15**). + + For ``MODE_CTR``, its length must be in the range **[0..15]** + (recommended: **8**). + + For ``MODE_SIV``, the nonce is optional, if it is not specified, + then no nonce is being used, which renders the encryption + deterministic. + + If not provided, for modes other than ``MODE_SIV```, a random + byte string of the recommended length is used (you must then + read its value with the :attr:`nonce` attribute). + + * **segment_size** (*integer*) -- + (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext + are segmented in. It must be a multiple of 8. + If not specified, it will be assumed to be 8. + + * **mac_len** : (*integer*) -- + (Only ``MODE_EAX``, ``MODE_GCM``, ``MODE_OCB``, ``MODE_CCM``) + Length of the authentication tag, in bytes. + + It must be even and in the range **[4..16]**. + The recommended value (and the default, if not specified) is **16**. + + * **msg_len** : (*integer*) -- + (Only ``MODE_CCM``). Length of the message to (de)cipher. + If not specified, ``encrypt`` must be called with the entire message. + Similarly, ``decrypt`` can only be called once. + + * **assoc_len** : (*integer*) -- + (Only ``MODE_CCM``). Length of the associated data. + If not specified, all associated data is buffered internally, + which may represent a problem for very large messages. + + * **initial_value** : (*integer* or *bytes/bytearray/memoryview*) -- + (Only ``MODE_CTR``). + The initial value for the counter. If not present, the cipher will + start counting from 0. The value is incremented by one for each block. + The counter number is encoded in big endian mode. + + * **counter** : (*object*) -- + Instance of ``Cryptodome.Util.Counter``, which allows full customization + of the counter block. This parameter is incompatible to both ``nonce`` + and ``initial_value``. + + * **use_aesni** : (*boolean*) -- + Use Intel AES-NI hardware extensions (default: use if available). + + :Return: an AES object, of the applicable mode. + """ + + kwargs["add_aes_modes"] = True + return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs) + + +MODE_ECB = 1 +MODE_CBC = 2 +MODE_CFB = 3 +MODE_OFB = 5 +MODE_CTR = 6 +MODE_OPENPGP = 7 +MODE_CCM = 8 +MODE_EAX = 9 +MODE_SIV = 10 +MODE_GCM = 11 +MODE_OCB = 12 + +# Size of a data block (in bytes) +block_size = 16 +# Size of a key (in bytes) +key_size = (16, 24, 32) diff --git a/frozen_deps/Cryptodome/Cipher/AES.pyi b/frozen_deps/Cryptodome/Cipher/AES.pyi new file mode 100644 index 0000000..c150efb --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/AES.pyi @@ -0,0 +1,47 @@ +from typing import Union, Tuple, Optional, Dict + +from Cryptodome.Cipher._mode_ecb import EcbMode +from Cryptodome.Cipher._mode_cbc import CbcMode +from Cryptodome.Cipher._mode_cfb import CfbMode +from Cryptodome.Cipher._mode_ofb import OfbMode +from Cryptodome.Cipher._mode_ctr import CtrMode +from Cryptodome.Cipher._mode_openpgp import OpenPgpMode +from Cryptodome.Cipher._mode_ccm import CcmMode +from Cryptodome.Cipher._mode_eax import EaxMode +from Cryptodome.Cipher._mode_gcm import GcmMode +from Cryptodome.Cipher._mode_siv import SivMode +from Cryptodome.Cipher._mode_ocb import OcbMode + +AESMode = int + +MODE_ECB: AESMode +MODE_CBC: AESMode +MODE_CFB: AESMode +MODE_OFB: AESMode +MODE_CTR: AESMode +MODE_OPENPGP: AESMode +MODE_CCM: AESMode +MODE_EAX: AESMode +MODE_GCM: AESMode +MODE_SIV: AESMode +MODE_OCB: AESMode + +Buffer = Union[bytes, bytearray, memoryview] + +def new(key: Buffer, + mode: AESMode, + iv : Buffer = ..., + IV : Buffer = ..., + nonce : Buffer = ..., + segment_size : int = ..., + mac_len : int = ..., + assoc_len : int = ..., + initial_value : Union[int, Buffer] = ..., + counter : Dict = ..., + use_aesni : bool = ...) -> \ + Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, + OpenPgpMode, CcmMode, EaxMode, GcmMode, + SivMode, OcbMode]: ... + +block_size: int +key_size: Tuple[int, int, int] diff --git a/frozen_deps/Cryptodome/Cipher/ARC2.py b/frozen_deps/Cryptodome/Cipher/ARC2.py new file mode 100644 index 0000000..4dc1bb8 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/ARC2.py @@ -0,0 +1,175 @@ +# -*- coding: utf-8 -*- +# +# Cipher/ARC2.py : ARC2.py +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== +""" +Module's constants for the modes of operation supported with ARC2: + +:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>` +:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>` +:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>` +:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>` +:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>` +:var MODE_OPENPGP: :ref:`OpenPGP Mode <openpgp_mode>` +:var MODE_EAX: :ref:`EAX Mode <eax_mode>` +""" + +import sys + +from Cryptodome.Cipher import _create_cipher +from Cryptodome.Util.py3compat import byte_string +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + c_size_t, c_uint8_ptr) + +_raw_arc2_lib = load_pycryptodome_raw_lib( + "Cryptodome.Cipher._raw_arc2", + """ + int ARC2_start_operation(const uint8_t key[], + size_t key_len, + size_t effective_key_len, + void **pResult); + int ARC2_encrypt(const void *state, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int ARC2_decrypt(const void *state, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int ARC2_stop_operation(void *state); + """ + ) + + +def _create_base_cipher(dict_parameters): + """This method instantiates and returns a handle to a low-level + base cipher. It will absorb named parameters in the process.""" + + try: + key = dict_parameters.pop("key") + except KeyError: + raise TypeError("Missing 'key' parameter") + + effective_keylen = dict_parameters.pop("effective_keylen", 1024) + + if len(key) not in key_size: + raise ValueError("Incorrect ARC2 key length (%d bytes)" % len(key)) + + if not (40 <= effective_keylen <= 1024): + raise ValueError("'effective_key_len' must be at least 40 and no larger than 1024 " + "(not %d)" % effective_keylen) + + start_operation = _raw_arc2_lib.ARC2_start_operation + stop_operation = _raw_arc2_lib.ARC2_stop_operation + + cipher = VoidPointer() + result = start_operation(c_uint8_ptr(key), + c_size_t(len(key)), + c_size_t(effective_keylen), + cipher.address_of()) + if result: + raise ValueError("Error %X while instantiating the ARC2 cipher" + % result) + + return SmartPointer(cipher.get(), stop_operation) + + +def new(key, mode, *args, **kwargs): + """Create a new RC2 cipher. + + :param key: + The secret key to use in the symmetric cipher. + Its length can vary from 5 to 128 bytes; the actual search space + (and the cipher strength) can be reduced with the ``effective_keylen`` parameter. + :type key: bytes, bytearray, memoryview + + :param mode: + The chaining mode to use for encryption or decryption. + :type mode: One of the supported ``MODE_*`` constants + + :Keyword Arguments: + * **iv** (*bytes*, *bytearray*, *memoryview*) -- + (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``, + and ``MODE_OPENPGP`` modes). + + The initialization vector to use for encryption or decryption. + + For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 8 bytes long. + + For ``MODE_OPENPGP`` mode only, + it must be 8 bytes long for encryption + and 10 bytes for decryption (in the latter case, it is + actually the *encrypted* IV which was prefixed to the ciphertext). + + If not provided, a random byte string is generated (you must then + read its value with the :attr:`iv` attribute). + + * **nonce** (*bytes*, *bytearray*, *memoryview*) -- + (Only applicable for ``MODE_EAX`` and ``MODE_CTR``). + + A value that must never be reused for any other encryption done + with this key. + + For ``MODE_EAX`` there are no + restrictions on its length (recommended: **16** bytes). + + For ``MODE_CTR``, its length must be in the range **[0..7]**. + + If not provided for ``MODE_EAX``, a random byte string is generated (you + can read it back via the ``nonce`` attribute). + + * **effective_keylen** (*integer*) -- + Optional. Maximum strength in bits of the actual key used by the ARC2 algorithm. + If the supplied ``key`` parameter is longer (in bits) of the value specified + here, it will be weakened to match it. + If not specified, no limitation is applied. + + * **segment_size** (*integer*) -- + (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext + are segmented in. It must be a multiple of 8. + If not specified, it will be assumed to be 8. + + * **mac_len** : (*integer*) -- + (Only ``MODE_EAX``) + Length of the authentication tag, in bytes. + It must be no longer than 8 (default). + + * **initial_value** : (*integer*) -- + (Only ``MODE_CTR``). The initial value for the counter within + the counter block. By default it is **0**. + + :Return: an ARC2 object, of the applicable mode. + """ + + return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs) + +MODE_ECB = 1 +MODE_CBC = 2 +MODE_CFB = 3 +MODE_OFB = 5 +MODE_CTR = 6 +MODE_OPENPGP = 7 +MODE_EAX = 9 + +# Size of a data block (in bytes) +block_size = 8 +# Size of a key (in bytes) +key_size = range(5, 128 + 1) diff --git a/frozen_deps/Cryptodome/Cipher/ARC2.pyi b/frozen_deps/Cryptodome/Cipher/ARC2.pyi new file mode 100644 index 0000000..9659c68 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/ARC2.pyi @@ -0,0 +1,35 @@ +from typing import Union, Dict, Iterable + +from Cryptodome.Cipher._mode_ecb import EcbMode +from Cryptodome.Cipher._mode_cbc import CbcMode +from Cryptodome.Cipher._mode_cfb import CfbMode +from Cryptodome.Cipher._mode_ofb import OfbMode +from Cryptodome.Cipher._mode_ctr import CtrMode +from Cryptodome.Cipher._mode_openpgp import OpenPgpMode +from Cryptodome.Cipher._mode_eax import EaxMode + +ARC2Mode = int + +MODE_ECB: ARC2Mode +MODE_CBC: ARC2Mode +MODE_CFB: ARC2Mode +MODE_OFB: ARC2Mode +MODE_CTR: ARC2Mode +MODE_OPENPGP: ARC2Mode +MODE_EAX: ARC2Mode + +Buffer = Union[bytes, bytearray, memoryview] + +def new(key: Buffer, + mode: ARC2Mode, + iv : Buffer = ..., + IV : Buffer = ..., + nonce : Buffer = ..., + segment_size : int = ..., + mac_len : int = ..., + initial_value : Union[int, Buffer] = ..., + counter : Dict = ...) -> \ + Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: ... + +block_size: int +key_size: Iterable[int] diff --git a/frozen_deps/Cryptodome/Cipher/ARC4.py b/frozen_deps/Cryptodome/Cipher/ARC4.py new file mode 100644 index 0000000..e640e77 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/ARC4.py @@ -0,0 +1,137 @@ +# -*- coding: utf-8 -*- +# +# Cipher/ARC4.py : ARC4 +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +from Cryptodome.Util.py3compat import b + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer, + create_string_buffer, get_raw_buffer, + SmartPointer, c_size_t, c_uint8_ptr) + + +_raw_arc4_lib = load_pycryptodome_raw_lib("Cryptodome.Cipher._ARC4", """ + int ARC4_stream_encrypt(void *rc4State, const uint8_t in[], + uint8_t out[], size_t len); + int ARC4_stream_init(uint8_t *key, size_t keylen, + void **pRc4State); + int ARC4_stream_destroy(void *rc4State); + """) + + +class ARC4Cipher: + """ARC4 cipher object. Do not create it directly. Use + :func:`Cryptodome.Cipher.ARC4.new` instead. + """ + + def __init__(self, key, *args, **kwargs): + """Initialize an ARC4 cipher object + + See also `new()` at the module level.""" + + if len(args) > 0: + ndrop = args[0] + args = args[1:] + else: + ndrop = kwargs.pop('drop', 0) + + if len(key) not in key_size: + raise ValueError("Incorrect ARC4 key length (%d bytes)" % + len(key)) + + self._state = VoidPointer() + result = _raw_arc4_lib.ARC4_stream_init(c_uint8_ptr(key), + c_size_t(len(key)), + self._state.address_of()) + if result != 0: + raise ValueError("Error %d while creating the ARC4 cipher" + % result) + self._state = SmartPointer(self._state.get(), + _raw_arc4_lib.ARC4_stream_destroy) + + if ndrop > 0: + # This is OK even if the cipher is used for decryption, + # since encrypt and decrypt are actually the same thing + # with ARC4. + self.encrypt(b'\x00' * ndrop) + + self.block_size = 1 + self.key_size = len(key) + + def encrypt(self, plaintext): + """Encrypt a piece of data. + + :param plaintext: The data to encrypt, of any size. + :type plaintext: bytes, bytearray, memoryview + :returns: the encrypted byte string, of equal length as the + plaintext. + """ + + ciphertext = create_string_buffer(len(plaintext)) + result = _raw_arc4_lib.ARC4_stream_encrypt(self._state.get(), + c_uint8_ptr(plaintext), + ciphertext, + c_size_t(len(plaintext))) + if result: + raise ValueError("Error %d while encrypting with RC4" % result) + return get_raw_buffer(ciphertext) + + def decrypt(self, ciphertext): + """Decrypt a piece of data. + + :param ciphertext: The data to decrypt, of any size. + :type ciphertext: bytes, bytearray, memoryview + :returns: the decrypted byte string, of equal length as the + ciphertext. + """ + + try: + return self.encrypt(ciphertext) + except ValueError as e: + raise ValueError(str(e).replace("enc", "dec")) + + +def new(key, *args, **kwargs): + """Create a new ARC4 cipher. + + :param key: + The secret key to use in the symmetric cipher. + Its length must be in the range ``[5..256]``. + The recommended length is 16 bytes. + :type key: bytes, bytearray, memoryview + + :Keyword Arguments: + * *drop* (``integer``) -- + The amount of bytes to discard from the initial part of the keystream. + In fact, such part has been found to be distinguishable from random + data (while it shouldn't) and also correlated to key. + + The recommended value is 3072_ bytes. The default value is 0. + + :Return: an `ARC4Cipher` object + + .. _3072: http://eprint.iacr.org/2002/067.pdf + """ + return ARC4Cipher(key, *args, **kwargs) + +# Size of a data block (in bytes) +block_size = 1 +# Size of a key (in bytes) +key_size = range(5, 256+1) diff --git a/frozen_deps/Cryptodome/Cipher/ARC4.pyi b/frozen_deps/Cryptodome/Cipher/ARC4.pyi new file mode 100644 index 0000000..2e75d6f --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/ARC4.pyi @@ -0,0 +1,16 @@ +from typing import Any, Union, Iterable + +Buffer = Union[bytes, bytearray, memoryview] + +class ARC4Cipher: + block_size: int + key_size: int + + def __init__(self, key: Buffer, *args: Any, **kwargs: Any) -> None: ... + def encrypt(self, plaintext: Buffer) -> bytes: ... + def decrypt(self, ciphertext: Buffer) -> bytes: ... + +def new(key: Buffer, drop : int = ...) -> ARC4Cipher: ... + +block_size: int +key_size: Iterable[int] diff --git a/frozen_deps/Cryptodome/Cipher/Blowfish.py b/frozen_deps/Cryptodome/Cipher/Blowfish.py new file mode 100644 index 0000000..536cbc8 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/Blowfish.py @@ -0,0 +1,159 @@ +# -*- coding: utf-8 -*- +# +# Cipher/Blowfish.py : Blowfish +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== +""" +Module's constants for the modes of operation supported with Blowfish: + +:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>` +:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>` +:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>` +:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>` +:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>` +:var MODE_OPENPGP: :ref:`OpenPGP Mode <openpgp_mode>` +:var MODE_EAX: :ref:`EAX Mode <eax_mode>` +""" + +import sys + +from Cryptodome.Cipher import _create_cipher +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, c_size_t, + c_uint8_ptr) + +_raw_blowfish_lib = load_pycryptodome_raw_lib( + "Cryptodome.Cipher._raw_blowfish", + """ + int Blowfish_start_operation(const uint8_t key[], + size_t key_len, + void **pResult); + int Blowfish_encrypt(const void *state, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int Blowfish_decrypt(const void *state, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int Blowfish_stop_operation(void *state); + """ + ) + + +def _create_base_cipher(dict_parameters): + """This method instantiates and returns a smart pointer to + a low-level base cipher. It will absorb named parameters in + the process.""" + + try: + key = dict_parameters.pop("key") + except KeyError: + raise TypeError("Missing 'key' parameter") + + if len(key) not in key_size: + raise ValueError("Incorrect Blowfish key length (%d bytes)" % len(key)) + + start_operation = _raw_blowfish_lib.Blowfish_start_operation + stop_operation = _raw_blowfish_lib.Blowfish_stop_operation + + void_p = VoidPointer() + result = start_operation(c_uint8_ptr(key), + c_size_t(len(key)), + void_p.address_of()) + if result: + raise ValueError("Error %X while instantiating the Blowfish cipher" + % result) + return SmartPointer(void_p.get(), stop_operation) + + +def new(key, mode, *args, **kwargs): + """Create a new Blowfish cipher + + :param key: + The secret key to use in the symmetric cipher. + Its length can vary from 5 to 56 bytes. + :type key: bytes, bytearray, memoryview + + :param mode: + The chaining mode to use for encryption or decryption. + :type mode: One of the supported ``MODE_*`` constants + + :Keyword Arguments: + * **iv** (*bytes*, *bytearray*, *memoryview*) -- + (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``, + and ``MODE_OPENPGP`` modes). + + The initialization vector to use for encryption or decryption. + + For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 8 bytes long. + + For ``MODE_OPENPGP`` mode only, + it must be 8 bytes long for encryption + and 10 bytes for decryption (in the latter case, it is + actually the *encrypted* IV which was prefixed to the ciphertext). + + If not provided, a random byte string is generated (you must then + read its value with the :attr:`iv` attribute). + + * **nonce** (*bytes*, *bytearray*, *memoryview*) -- + (Only applicable for ``MODE_EAX`` and ``MODE_CTR``). + + A value that must never be reused for any other encryption done + with this key. + + For ``MODE_EAX`` there are no + restrictions on its length (recommended: **16** bytes). + + For ``MODE_CTR``, its length must be in the range **[0..7]**. + + If not provided for ``MODE_EAX``, a random byte string is generated (you + can read it back via the ``nonce`` attribute). + + * **segment_size** (*integer*) -- + (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext + are segmented in. It must be a multiple of 8. + If not specified, it will be assumed to be 8. + + * **mac_len** : (*integer*) -- + (Only ``MODE_EAX``) + Length of the authentication tag, in bytes. + It must be no longer than 8 (default). + + * **initial_value** : (*integer*) -- + (Only ``MODE_CTR``). The initial value for the counter within + the counter block. By default it is **0**. + + :Return: a Blowfish object, of the applicable mode. + """ + + return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs) + +MODE_ECB = 1 +MODE_CBC = 2 +MODE_CFB = 3 +MODE_OFB = 5 +MODE_CTR = 6 +MODE_OPENPGP = 7 +MODE_EAX = 9 + +# Size of a data block (in bytes) +block_size = 8 +# Size of a key (in bytes) +key_size = range(4, 56 + 1) diff --git a/frozen_deps/Cryptodome/Cipher/Blowfish.pyi b/frozen_deps/Cryptodome/Cipher/Blowfish.pyi new file mode 100644 index 0000000..a669240 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/Blowfish.pyi @@ -0,0 +1,35 @@ +from typing import Union, Dict, Iterable + +from Cryptodome.Cipher._mode_ecb import EcbMode +from Cryptodome.Cipher._mode_cbc import CbcMode +from Cryptodome.Cipher._mode_cfb import CfbMode +from Cryptodome.Cipher._mode_ofb import OfbMode +from Cryptodome.Cipher._mode_ctr import CtrMode +from Cryptodome.Cipher._mode_openpgp import OpenPgpMode +from Cryptodome.Cipher._mode_eax import EaxMode + +BlowfishMode = int + +MODE_ECB: BlowfishMode +MODE_CBC: BlowfishMode +MODE_CFB: BlowfishMode +MODE_OFB: BlowfishMode +MODE_CTR: BlowfishMode +MODE_OPENPGP: BlowfishMode +MODE_EAX: BlowfishMode + +Buffer = Union[bytes, bytearray, memoryview] + +def new(key: Buffer, + mode: BlowfishMode, + iv : Buffer = ..., + IV : Buffer = ..., + nonce : Buffer = ..., + segment_size : int = ..., + mac_len : int = ..., + initial_value : Union[int, Buffer] = ..., + counter : Dict = ...) -> \ + Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: ... + +block_size: int +key_size: Iterable[int] diff --git a/frozen_deps/Cryptodome/Cipher/CAST.py b/frozen_deps/Cryptodome/Cipher/CAST.py new file mode 100644 index 0000000..84eb88e --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/CAST.py @@ -0,0 +1,159 @@ +# -*- coding: utf-8 -*- +# +# Cipher/CAST.py : CAST +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== +""" +Module's constants for the modes of operation supported with CAST: + +:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>` +:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>` +:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>` +:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>` +:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>` +:var MODE_OPENPGP: :ref:`OpenPGP Mode <openpgp_mode>` +:var MODE_EAX: :ref:`EAX Mode <eax_mode>` +""" + +import sys + +from Cryptodome.Cipher import _create_cipher +from Cryptodome.Util.py3compat import byte_string +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + c_size_t, c_uint8_ptr) + +_raw_cast_lib = load_pycryptodome_raw_lib( + "Cryptodome.Cipher._raw_cast", + """ + int CAST_start_operation(const uint8_t key[], + size_t key_len, + void **pResult); + int CAST_encrypt(const void *state, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int CAST_decrypt(const void *state, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int CAST_stop_operation(void *state); + """) + + +def _create_base_cipher(dict_parameters): + """This method instantiates and returns a handle to a low-level + base cipher. It will absorb named parameters in the process.""" + + try: + key = dict_parameters.pop("key") + except KeyError: + raise TypeError("Missing 'key' parameter") + + if len(key) not in key_size: + raise ValueError("Incorrect CAST key length (%d bytes)" % len(key)) + + start_operation = _raw_cast_lib.CAST_start_operation + stop_operation = _raw_cast_lib.CAST_stop_operation + + cipher = VoidPointer() + result = start_operation(c_uint8_ptr(key), + c_size_t(len(key)), + cipher.address_of()) + if result: + raise ValueError("Error %X while instantiating the CAST cipher" + % result) + + return SmartPointer(cipher.get(), stop_operation) + + +def new(key, mode, *args, **kwargs): + """Create a new CAST cipher + + :param key: + The secret key to use in the symmetric cipher. + Its length can vary from 5 to 16 bytes. + :type key: bytes, bytearray, memoryview + + :param mode: + The chaining mode to use for encryption or decryption. + :type mode: One of the supported ``MODE_*`` constants + + :Keyword Arguments: + * **iv** (*bytes*, *bytearray*, *memoryview*) -- + (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``, + and ``MODE_OPENPGP`` modes). + + The initialization vector to use for encryption or decryption. + + For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 8 bytes long. + + For ``MODE_OPENPGP`` mode only, + it must be 8 bytes long for encryption + and 10 bytes for decryption (in the latter case, it is + actually the *encrypted* IV which was prefixed to the ciphertext). + + If not provided, a random byte string is generated (you must then + read its value with the :attr:`iv` attribute). + + * **nonce** (*bytes*, *bytearray*, *memoryview*) -- + (Only applicable for ``MODE_EAX`` and ``MODE_CTR``). + + A value that must never be reused for any other encryption done + with this key. + + For ``MODE_EAX`` there are no + restrictions on its length (recommended: **16** bytes). + + For ``MODE_CTR``, its length must be in the range **[0..7]**. + + If not provided for ``MODE_EAX``, a random byte string is generated (you + can read it back via the ``nonce`` attribute). + + * **segment_size** (*integer*) -- + (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext + are segmented in. It must be a multiple of 8. + If not specified, it will be assumed to be 8. + + * **mac_len** : (*integer*) -- + (Only ``MODE_EAX``) + Length of the authentication tag, in bytes. + It must be no longer than 8 (default). + + * **initial_value** : (*integer*) -- + (Only ``MODE_CTR``). The initial value for the counter within + the counter block. By default it is **0**. + + :Return: a CAST object, of the applicable mode. + """ + + return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs) + +MODE_ECB = 1 +MODE_CBC = 2 +MODE_CFB = 3 +MODE_OFB = 5 +MODE_CTR = 6 +MODE_OPENPGP = 7 +MODE_EAX = 9 + +# Size of a data block (in bytes) +block_size = 8 +# Size of a key (in bytes) +key_size = range(5, 16 + 1) diff --git a/frozen_deps/Cryptodome/Cipher/CAST.pyi b/frozen_deps/Cryptodome/Cipher/CAST.pyi new file mode 100644 index 0000000..6b411cf --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/CAST.pyi @@ -0,0 +1,35 @@ +from typing import Union, Dict, Iterable + +from Cryptodome.Cipher._mode_ecb import EcbMode +from Cryptodome.Cipher._mode_cbc import CbcMode +from Cryptodome.Cipher._mode_cfb import CfbMode +from Cryptodome.Cipher._mode_ofb import OfbMode +from Cryptodome.Cipher._mode_ctr import CtrMode +from Cryptodome.Cipher._mode_openpgp import OpenPgpMode +from Cryptodome.Cipher._mode_eax import EaxMode + +CASTMode = int + +MODE_ECB: CASTMode +MODE_CBC: CASTMode +MODE_CFB: CASTMode +MODE_OFB: CASTMode +MODE_CTR: CASTMode +MODE_OPENPGP: CASTMode +MODE_EAX: CASTMode + +Buffer = Union[bytes, bytearray, memoryview] + +def new(key: Buffer, + mode: CASTMode, + iv : Buffer = ..., + IV : Buffer = ..., + nonce : Buffer = ..., + segment_size : int = ..., + mac_len : int = ..., + initial_value : Union[int, Buffer] = ..., + counter : Dict = ...) -> \ + Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: ... + +block_size: int +key_size : Iterable[int] diff --git a/frozen_deps/Cryptodome/Cipher/ChaCha20.py b/frozen_deps/Cryptodome/Cipher/ChaCha20.py new file mode 100644 index 0000000..0cd9102 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/ChaCha20.py @@ -0,0 +1,286 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from Cryptodome.Random import get_random_bytes + +from Cryptodome.Util.py3compat import _copy_bytes +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + create_string_buffer, + get_raw_buffer, VoidPointer, + SmartPointer, c_size_t, + c_uint8_ptr, c_ulong, + is_writeable_buffer) + +_raw_chacha20_lib = load_pycryptodome_raw_lib("Cryptodome.Cipher._chacha20", + """ + int chacha20_init(void **pState, + const uint8_t *key, + size_t keySize, + const uint8_t *nonce, + size_t nonceSize); + + int chacha20_destroy(void *state); + + int chacha20_encrypt(void *state, + const uint8_t in[], + uint8_t out[], + size_t len); + + int chacha20_seek(void *state, + unsigned long block_high, + unsigned long block_low, + unsigned offset); + int hchacha20( const uint8_t key[32], + const uint8_t nonce16[16], + uint8_t subkey[32]); + """) + + +def _HChaCha20(key, nonce): + + assert(len(key) == 32) + assert(len(nonce) == 16) + + subkey = bytearray(32) + result = _raw_chacha20_lib.hchacha20( + c_uint8_ptr(key), + c_uint8_ptr(nonce), + c_uint8_ptr(subkey)) + if result: + raise ValueError("Error %d when deriving subkey with HChaCha20" % result) + + return subkey + + +class ChaCha20Cipher(object): + """ChaCha20 (or XChaCha20) cipher object. + Do not create it directly. Use :py:func:`new` instead. + + :var nonce: The nonce with length 8, 12 or 24 bytes + :vartype nonce: bytes + """ + + block_size = 1 + + def __init__(self, key, nonce): + """Initialize a ChaCha20/XChaCha20 cipher object + + See also `new()` at the module level.""" + + # XChaCha20 requires a key derivation with HChaCha20 + # See 2.3 in https://tools.ietf.org/html/draft-arciszewski-xchacha-03 + if len(nonce) == 24: + key = _HChaCha20(key, nonce[:16]) + nonce = b'\x00' * 4 + nonce[16:] + self._name = "XChaCha20" + else: + self._name = "ChaCha20" + + self.nonce = _copy_bytes(None, None, nonce) + + self._next = ( self.encrypt, self.decrypt ) + + self._state = VoidPointer() + result = _raw_chacha20_lib.chacha20_init( + self._state.address_of(), + c_uint8_ptr(key), + c_size_t(len(key)), + self.nonce, + c_size_t(len(nonce))) + if result: + raise ValueError("Error %d instantiating a %s cipher" % (result, + self._name)) + self._state = SmartPointer(self._state.get(), + _raw_chacha20_lib.chacha20_destroy) + + def encrypt(self, plaintext, output=None): + """Encrypt a piece of data. + + Args: + plaintext(bytes/bytearray/memoryview): The data to encrypt, of any size. + Keyword Args: + output(bytes/bytearray/memoryview): The location where the ciphertext + is written to. If ``None``, the ciphertext is returned. + Returns: + If ``output`` is ``None``, the ciphertext is returned as ``bytes``. + Otherwise, ``None``. + """ + + if self.encrypt not in self._next: + raise TypeError("Cipher object can only be used for decryption") + self._next = ( self.encrypt, ) + return self._encrypt(plaintext, output) + + def _encrypt(self, plaintext, output): + """Encrypt without FSM checks""" + + if output is None: + ciphertext = create_string_buffer(len(plaintext)) + else: + ciphertext = output + + if not is_writeable_buffer(output): + raise TypeError("output must be a bytearray or a writeable memoryview") + + if len(plaintext) != len(output): + raise ValueError("output must have the same length as the input" + " (%d bytes)" % len(plaintext)) + + result = _raw_chacha20_lib.chacha20_encrypt( + self._state.get(), + c_uint8_ptr(plaintext), + c_uint8_ptr(ciphertext), + c_size_t(len(plaintext))) + if result: + raise ValueError("Error %d while encrypting with %s" % (result, self._name)) + + if output is None: + return get_raw_buffer(ciphertext) + else: + return None + + def decrypt(self, ciphertext, output=None): + """Decrypt a piece of data. + + Args: + ciphertext(bytes/bytearray/memoryview): The data to decrypt, of any size. + Keyword Args: + output(bytes/bytearray/memoryview): The location where the plaintext + is written to. If ``None``, the plaintext is returned. + Returns: + If ``output`` is ``None``, the plaintext is returned as ``bytes``. + Otherwise, ``None``. + """ + + if self.decrypt not in self._next: + raise TypeError("Cipher object can only be used for encryption") + self._next = ( self.decrypt, ) + + try: + return self._encrypt(ciphertext, output) + except ValueError as e: + raise ValueError(str(e).replace("enc", "dec")) + + def seek(self, position): + """Seek to a certain position in the key stream. + + Args: + position (integer): + The absolute position within the key stream, in bytes. + """ + + position, offset = divmod(position, 64) + block_low = position & 0xFFFFFFFF + block_high = position >> 32 + + result = _raw_chacha20_lib.chacha20_seek( + self._state.get(), + c_ulong(block_high), + c_ulong(block_low), + offset + ) + if result: + raise ValueError("Error %d while seeking with %s" % (result, self._name)) + + +def _derive_Poly1305_key_pair(key, nonce): + """Derive a tuple (r, s, nonce) for a Poly1305 MAC. + + If nonce is ``None``, a new 12-byte nonce is generated. + """ + + if len(key) != 32: + raise ValueError("Poly1305 with ChaCha20 requires a 32-byte key") + + if nonce is None: + padded_nonce = nonce = get_random_bytes(12) + elif len(nonce) == 8: + # See RFC7538, 2.6: [...] ChaCha20 as specified here requires a 96-bit + # nonce. So if the provided nonce is only 64-bit, then the first 32 + # bits of the nonce will be set to a constant number. + # This will usually be zero, but for protocols with multiple senders it may be + # different for each sender, but should be the same for all + # invocations of the function with the same key by a particular + # sender. + padded_nonce = b'\x00\x00\x00\x00' + nonce + elif len(nonce) == 12: + padded_nonce = nonce + else: + raise ValueError("Poly1305 with ChaCha20 requires an 8- or 12-byte nonce") + + rs = new(key=key, nonce=padded_nonce).encrypt(b'\x00' * 32) + return rs[:16], rs[16:], nonce + + +def new(**kwargs): + """Create a new ChaCha20 or XChaCha20 cipher + + Keyword Args: + key (bytes/bytearray/memoryview): The secret key to use. + It must be 32 bytes long. + nonce (bytes/bytearray/memoryview): A mandatory value that + must never be reused for any other encryption + done with this key. + + For ChaCha20, it must be 8 or 12 bytes long. + + For XChaCha20, it must be 24 bytes long. + + If not provided, 8 bytes will be randomly generated + (you can find them back in the ``nonce`` attribute). + + :Return: a :class:`Cryptodome.Cipher.ChaCha20.ChaCha20Cipher` object + """ + + try: + key = kwargs.pop("key") + except KeyError as e: + raise TypeError("Missing parameter %s" % e) + + nonce = kwargs.pop("nonce", None) + if nonce is None: + nonce = get_random_bytes(8) + + if len(key) != 32: + raise ValueError("ChaCha20/XChaCha20 key must be 32 bytes long") + + if len(nonce) not in (8, 12, 24): + raise ValueError("Nonce must be 8/12 bytes(ChaCha20) or 24 bytes (XChaCha20)") + + if kwargs: + raise TypeError("Unknown parameters: " + str(kwargs)) + + return ChaCha20Cipher(key, nonce) + +# Size of a data block (in bytes) +block_size = 1 + +# Size of a key (in bytes) +key_size = 32 diff --git a/frozen_deps/Cryptodome/Cipher/ChaCha20.pyi b/frozen_deps/Cryptodome/Cipher/ChaCha20.pyi new file mode 100644 index 0000000..3d00a1d --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/ChaCha20.pyi @@ -0,0 +1,25 @@ +from typing import Union, overload + +Buffer = Union[bytes, bytearray, memoryview] + +def _HChaCha20(key: Buffer, nonce: Buffer) -> bytearray: ... + +class ChaCha20Cipher: + block_size: int + nonce: bytes + + def __init__(self, key: Buffer, nonce: Buffer) -> None: ... + @overload + def encrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + @overload + def decrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + def seek(self, position: int) -> None: ... + +def new(key: Buffer, nonce: Buffer = ...) -> ChaCha20Cipher: ... + +block_size: int +key_size: int diff --git a/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.py b/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.py new file mode 100644 index 0000000..b6bc7a6 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.py @@ -0,0 +1,336 @@ +# =================================================================== +# +# Copyright (c) 2018, Helder Eijs <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from binascii import unhexlify + +from Cryptodome.Cipher import ChaCha20 +from Cryptodome.Cipher.ChaCha20 import _HChaCha20 +from Cryptodome.Hash import Poly1305, BLAKE2s + +from Cryptodome.Random import get_random_bytes + +from Cryptodome.Util.number import long_to_bytes +from Cryptodome.Util.py3compat import _copy_bytes, bord +from Cryptodome.Util._raw_api import is_buffer + + +def _enum(**enums): + return type('Enum', (), enums) + + +_CipherStatus = _enum(PROCESSING_AUTH_DATA=1, + PROCESSING_CIPHERTEXT=2, + PROCESSING_DONE=3) + + +class ChaCha20Poly1305Cipher(object): + """ChaCha20-Poly1305 and XChaCha20-Poly1305 cipher object. + Do not create it directly. Use :py:func:`new` instead. + + :var nonce: The nonce with length 8, 12 or 24 bytes + :vartype nonce: byte string + """ + + def __init__(self, key, nonce): + """Initialize a ChaCha20-Poly1305 AEAD cipher object + + See also `new()` at the module level.""" + + self.nonce = _copy_bytes(None, None, nonce) + + self._next = (self.update, self.encrypt, self.decrypt, self.digest, + self.verify) + + self._authenticator = Poly1305.new(key=key, nonce=nonce, cipher=ChaCha20) + + self._cipher = ChaCha20.new(key=key, nonce=nonce) + self._cipher.seek(64) # Block counter starts at 1 + + self._len_aad = 0 + self._len_ct = 0 + self._mac_tag = None + self._status = _CipherStatus.PROCESSING_AUTH_DATA + + def update(self, data): + """Protect the associated data. + + Associated data (also known as *additional authenticated data* - AAD) + is the piece of the message that must stay in the clear, while + still allowing the receiver to verify its integrity. + An example is packet headers. + + The associated data (possibly split into multiple segments) is + fed into :meth:`update` before any call to :meth:`decrypt` or :meth:`encrypt`. + If there is no associated data, :meth:`update` is not called. + + :param bytes/bytearray/memoryview assoc_data: + A piece of associated data. There are no restrictions on its size. + """ + + if self.update not in self._next: + raise TypeError("update() method cannot be called") + + self._len_aad += len(data) + self._authenticator.update(data) + + def _pad_aad(self): + + assert(self._status == _CipherStatus.PROCESSING_AUTH_DATA) + if self._len_aad & 0x0F: + self._authenticator.update(b'\x00' * (16 - (self._len_aad & 0x0F))) + self._status = _CipherStatus.PROCESSING_CIPHERTEXT + + def encrypt(self, plaintext, output=None): + """Encrypt a piece of data. + + Args: + plaintext(bytes/bytearray/memoryview): The data to encrypt, of any size. + Keyword Args: + output(bytes/bytearray/memoryview): The location where the ciphertext + is written to. If ``None``, the ciphertext is returned. + Returns: + If ``output`` is ``None``, the ciphertext is returned as ``bytes``. + Otherwise, ``None``. + """ + + if self.encrypt not in self._next: + raise TypeError("encrypt() method cannot be called") + + if self._status == _CipherStatus.PROCESSING_AUTH_DATA: + self._pad_aad() + + self._next = (self.encrypt, self.digest) + + result = self._cipher.encrypt(plaintext, output=output) + self._len_ct += len(plaintext) + if output is None: + self._authenticator.update(result) + else: + self._authenticator.update(output) + return result + + def decrypt(self, ciphertext, output=None): + """Decrypt a piece of data. + + Args: + ciphertext(bytes/bytearray/memoryview): The data to decrypt, of any size. + Keyword Args: + output(bytes/bytearray/memoryview): The location where the plaintext + is written to. If ``None``, the plaintext is returned. + Returns: + If ``output`` is ``None``, the plaintext is returned as ``bytes``. + Otherwise, ``None``. + """ + + if self.decrypt not in self._next: + raise TypeError("decrypt() method cannot be called") + + if self._status == _CipherStatus.PROCESSING_AUTH_DATA: + self._pad_aad() + + self._next = (self.decrypt, self.verify) + + self._len_ct += len(ciphertext) + self._authenticator.update(ciphertext) + return self._cipher.decrypt(ciphertext, output=output) + + def _compute_mac(self): + """Finalize the cipher (if not done already) and return the MAC.""" + + if self._mac_tag: + assert(self._status == _CipherStatus.PROCESSING_DONE) + return self._mac_tag + + assert(self._status != _CipherStatus.PROCESSING_DONE) + + if self._status == _CipherStatus.PROCESSING_AUTH_DATA: + self._pad_aad() + + if self._len_ct & 0x0F: + self._authenticator.update(b'\x00' * (16 - (self._len_ct & 0x0F))) + + self._status = _CipherStatus.PROCESSING_DONE + + self._authenticator.update(long_to_bytes(self._len_aad, 8)[::-1]) + self._authenticator.update(long_to_bytes(self._len_ct, 8)[::-1]) + self._mac_tag = self._authenticator.digest() + return self._mac_tag + + def digest(self): + """Compute the *binary* authentication tag (MAC). + + :Return: the MAC tag, as 16 ``bytes``. + """ + + if self.digest not in self._next: + raise TypeError("digest() method cannot be called") + self._next = (self.digest,) + + return self._compute_mac() + + def hexdigest(self): + """Compute the *printable* authentication tag (MAC). + + This method is like :meth:`digest`. + + :Return: the MAC tag, as a hexadecimal string. + """ + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def verify(self, received_mac_tag): + """Validate the *binary* authentication tag (MAC). + + The receiver invokes this method at the very end, to + check if the associated data (if any) and the decrypted + messages are valid. + + :param bytes/bytearray/memoryview received_mac_tag: + This is the 16-byte *binary* MAC, as received from the sender. + :Raises ValueError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + if self.verify not in self._next: + raise TypeError("verify() cannot be called" + " when encrypting a message") + self._next = (self.verify,) + + secret = get_random_bytes(16) + + self._compute_mac() + + mac1 = BLAKE2s.new(digest_bits=160, key=secret, + data=self._mac_tag) + mac2 = BLAKE2s.new(digest_bits=160, key=secret, + data=received_mac_tag) + + if mac1.digest() != mac2.digest(): + raise ValueError("MAC check failed") + + def hexverify(self, hex_mac_tag): + """Validate the *printable* authentication tag (MAC). + + This method is like :meth:`verify`. + + :param string hex_mac_tag: + This is the *printable* MAC. + :Raises ValueError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + self.verify(unhexlify(hex_mac_tag)) + + def encrypt_and_digest(self, plaintext): + """Perform :meth:`encrypt` and :meth:`digest` in one step. + + :param plaintext: The data to encrypt, of any size. + :type plaintext: bytes/bytearray/memoryview + :return: a tuple with two ``bytes`` objects: + + - the ciphertext, of equal length as the plaintext + - the 16-byte MAC tag + """ + + return self.encrypt(plaintext), self.digest() + + def decrypt_and_verify(self, ciphertext, received_mac_tag): + """Perform :meth:`decrypt` and :meth:`verify` in one step. + + :param ciphertext: The piece of data to decrypt. + :type ciphertext: bytes/bytearray/memoryview + :param bytes received_mac_tag: + This is the 16-byte *binary* MAC, as received from the sender. + :return: the decrypted data (as ``bytes``) + :raises ValueError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + plaintext = self.decrypt(ciphertext) + self.verify(received_mac_tag) + return plaintext + + +def new(**kwargs): + """Create a new ChaCha20-Poly1305 or XChaCha20-Poly1305 AEAD cipher. + + :keyword key: The secret key to use. It must be 32 bytes long. + :type key: byte string + + :keyword nonce: + A value that must never be reused for any other encryption + done with this key. + + For ChaCha20-Poly1305, it must be 8 or 12 bytes long. + + For XChaCha20-Poly1305, it must be 24 bytes long. + + If not provided, 12 ``bytes`` will be generated randomly + (you can find them back in the ``nonce`` attribute). + :type nonce: bytes, bytearray, memoryview + + :Return: a :class:`Cryptodome.Cipher.ChaCha20.ChaCha20Poly1305Cipher` object + """ + + try: + key = kwargs.pop("key") + except KeyError as e: + raise TypeError("Missing parameter %s" % e) + + self._len_ct += len(plaintext) + + if len(key) != 32: + raise ValueError("Key must be 32 bytes long") + + nonce = kwargs.pop("nonce", None) + if nonce is None: + nonce = get_random_bytes(12) + + if len(nonce) in (8, 12): + pass + elif len(nonce) == 24: + key = _HChaCha20(key, nonce[:16]) + nonce = b'\x00\x00\x00\x00' + nonce[16:] + else: + raise ValueError("Nonce must be 8, 12 or 24 bytes long") + + if not is_buffer(nonce): + raise TypeError("nonce must be bytes, bytearray or memoryview") + + if kwargs: + raise TypeError("Unknown parameters: " + str(kwargs)) + + return ChaCha20Poly1305Cipher(key, nonce) + + +# Size of a key (in bytes) +key_size = 32 diff --git a/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.pyi b/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.pyi new file mode 100644 index 0000000..ef0450f --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.pyi @@ -0,0 +1,28 @@ +from typing import Union, Tuple, overload + +Buffer = Union[bytes, bytearray, memoryview] + +class ChaCha20Poly1305Cipher: + nonce: bytes + + def __init__(self, key: Buffer, nonce: Buffer) -> None: ... + def update(self, data: Buffer) -> None: ... + @overload + def encrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + @overload + def decrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def verify(self, received_mac_tag: Buffer) -> None: ... + def hexverify(self, received_mac_tag: str) -> None: ... + def encrypt_and_digest(self, plaintext: Buffer) -> Tuple[bytes, bytes]: ... + def decrypt_and_verify(self, ciphertext: Buffer, received_mac_tag: Buffer) -> bytes: ... + +def new(key: Buffer, nonce: Buffer = ...) -> ChaCha20Poly1305Cipher: ... + +block_size: int +key_size: int diff --git a/frozen_deps/Cryptodome/Cipher/DES.py b/frozen_deps/Cryptodome/Cipher/DES.py new file mode 100644 index 0000000..026b491 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/DES.py @@ -0,0 +1,158 @@ +# -*- coding: utf-8 -*- +# +# Cipher/DES.py : DES +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== +""" +Module's constants for the modes of operation supported with Single DES: + +:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>` +:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>` +:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>` +:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>` +:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>` +:var MODE_OPENPGP: :ref:`OpenPGP Mode <openpgp_mode>` +:var MODE_EAX: :ref:`EAX Mode <eax_mode>` +""" + +import sys + +from Cryptodome.Cipher import _create_cipher +from Cryptodome.Util.py3compat import byte_string +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + c_size_t, c_uint8_ptr) + +_raw_des_lib = load_pycryptodome_raw_lib( + "Cryptodome.Cipher._raw_des", + """ + int DES_start_operation(const uint8_t key[], + size_t key_len, + void **pResult); + int DES_encrypt(const void *state, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int DES_decrypt(const void *state, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int DES_stop_operation(void *state); + """) + + +def _create_base_cipher(dict_parameters): + """This method instantiates and returns a handle to a low-level + base cipher. It will absorb named parameters in the process.""" + + try: + key = dict_parameters.pop("key") + except KeyError: + raise TypeError("Missing 'key' parameter") + + if len(key) != key_size: + raise ValueError("Incorrect DES key length (%d bytes)" % len(key)) + + start_operation = _raw_des_lib.DES_start_operation + stop_operation = _raw_des_lib.DES_stop_operation + + cipher = VoidPointer() + result = start_operation(c_uint8_ptr(key), + c_size_t(len(key)), + cipher.address_of()) + if result: + raise ValueError("Error %X while instantiating the DES cipher" + % result) + return SmartPointer(cipher.get(), stop_operation) + + +def new(key, mode, *args, **kwargs): + """Create a new DES cipher. + + :param key: + The secret key to use in the symmetric cipher. + It must be 8 byte long. The parity bits will be ignored. + :type key: bytes/bytearray/memoryview + + :param mode: + The chaining mode to use for encryption or decryption. + :type mode: One of the supported ``MODE_*`` constants + + :Keyword Arguments: + * **iv** (*byte string*) -- + (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``, + and ``MODE_OPENPGP`` modes). + + The initialization vector to use for encryption or decryption. + + For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 8 bytes long. + + For ``MODE_OPENPGP`` mode only, + it must be 8 bytes long for encryption + and 10 bytes for decryption (in the latter case, it is + actually the *encrypted* IV which was prefixed to the ciphertext). + + If not provided, a random byte string is generated (you must then + read its value with the :attr:`iv` attribute). + + * **nonce** (*byte string*) -- + (Only applicable for ``MODE_EAX`` and ``MODE_CTR``). + + A value that must never be reused for any other encryption done + with this key. + + For ``MODE_EAX`` there are no + restrictions on its length (recommended: **16** bytes). + + For ``MODE_CTR``, its length must be in the range **[0..7]**. + + If not provided for ``MODE_EAX``, a random byte string is generated (you + can read it back via the ``nonce`` attribute). + + * **segment_size** (*integer*) -- + (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext + are segmented in. It must be a multiple of 8. + If not specified, it will be assumed to be 8. + + * **mac_len** : (*integer*) -- + (Only ``MODE_EAX``) + Length of the authentication tag, in bytes. + It must be no longer than 8 (default). + + * **initial_value** : (*integer*) -- + (Only ``MODE_CTR``). The initial value for the counter within + the counter block. By default it is **0**. + + :Return: a DES object, of the applicable mode. + """ + + return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs) + +MODE_ECB = 1 +MODE_CBC = 2 +MODE_CFB = 3 +MODE_OFB = 5 +MODE_CTR = 6 +MODE_OPENPGP = 7 +MODE_EAX = 9 + +# Size of a data block (in bytes) +block_size = 8 +# Size of a key (in bytes) +key_size = 8 diff --git a/frozen_deps/Cryptodome/Cipher/DES.pyi b/frozen_deps/Cryptodome/Cipher/DES.pyi new file mode 100644 index 0000000..1ba2752 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/DES.pyi @@ -0,0 +1,35 @@ +from typing import Union, Dict, Iterable + +from Cryptodome.Cipher._mode_ecb import EcbMode +from Cryptodome.Cipher._mode_cbc import CbcMode +from Cryptodome.Cipher._mode_cfb import CfbMode +from Cryptodome.Cipher._mode_ofb import OfbMode +from Cryptodome.Cipher._mode_ctr import CtrMode +from Cryptodome.Cipher._mode_openpgp import OpenPgpMode +from Cryptodome.Cipher._mode_eax import EaxMode + +DESMode = int + +MODE_ECB: DESMode +MODE_CBC: DESMode +MODE_CFB: DESMode +MODE_OFB: DESMode +MODE_CTR: DESMode +MODE_OPENPGP: DESMode +MODE_EAX: DESMode + +Buffer = Union[bytes, bytearray, memoryview] + +def new(key: Buffer, + mode: DESMode, + iv : Buffer = ..., + IV : Buffer = ..., + nonce : Buffer = ..., + segment_size : int = ..., + mac_len : int = ..., + initial_value : Union[int, Buffer] = ..., + counter : Dict = ...) -> \ + Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: ... + +block_size: int +key_size: int diff --git a/frozen_deps/Cryptodome/Cipher/DES3.py b/frozen_deps/Cryptodome/Cipher/DES3.py new file mode 100644 index 0000000..3b2828e --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/DES3.py @@ -0,0 +1,187 @@ +# -*- coding: utf-8 -*- +# +# Cipher/DES3.py : DES3 +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== +""" +Module's constants for the modes of operation supported with Triple DES: + +:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>` +:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>` +:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>` +:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>` +:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>` +:var MODE_OPENPGP: :ref:`OpenPGP Mode <openpgp_mode>` +:var MODE_EAX: :ref:`EAX Mode <eax_mode>` +""" + +import sys + +from Cryptodome.Cipher import _create_cipher +from Cryptodome.Util.py3compat import byte_string, bchr, bord, bstr +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + c_size_t) + +_raw_des3_lib = load_pycryptodome_raw_lib( + "Cryptodome.Cipher._raw_des3", + """ + int DES3_start_operation(const uint8_t key[], + size_t key_len, + void **pResult); + int DES3_encrypt(const void *state, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int DES3_decrypt(const void *state, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int DES3_stop_operation(void *state); + """) + + +def adjust_key_parity(key_in): + """Set the parity bits in a TDES key. + + :param key_in: the TDES key whose bits need to be adjusted + :type key_in: byte string + + :returns: a copy of ``key_in``, with the parity bits correctly set + :rtype: byte string + + :raises ValueError: if the TDES key is not 16 or 24 bytes long + :raises ValueError: if the TDES key degenerates into Single DES + """ + + def parity_byte(key_byte): + parity = 1 + for i in range(1, 8): + parity ^= (key_byte >> i) & 1 + return (key_byte & 0xFE) | parity + + if len(key_in) not in key_size: + raise ValueError("Not a valid TDES key") + + key_out = b"".join([ bchr(parity_byte(bord(x))) for x in key_in ]) + + if key_out[:8] == key_out[8:16] or key_out[-16:-8] == key_out[-8:]: + raise ValueError("Triple DES key degenerates to single DES") + + return key_out + + +def _create_base_cipher(dict_parameters): + """This method instantiates and returns a handle to a low-level base cipher. + It will absorb named parameters in the process.""" + + try: + key_in = dict_parameters.pop("key") + except KeyError: + raise TypeError("Missing 'key' parameter") + + key = adjust_key_parity(bstr(key_in)) + + start_operation = _raw_des3_lib.DES3_start_operation + stop_operation = _raw_des3_lib.DES3_stop_operation + + cipher = VoidPointer() + result = start_operation(key, + c_size_t(len(key)), + cipher.address_of()) + if result: + raise ValueError("Error %X while instantiating the TDES cipher" + % result) + return SmartPointer(cipher.get(), stop_operation) + + +def new(key, mode, *args, **kwargs): + """Create a new Triple DES cipher. + + :param key: + The secret key to use in the symmetric cipher. + It must be 16 or 24 byte long. The parity bits will be ignored. + :type key: bytes/bytearray/memoryview + + :param mode: + The chaining mode to use for encryption or decryption. + :type mode: One of the supported ``MODE_*`` constants + + :Keyword Arguments: + * **iv** (*bytes*, *bytearray*, *memoryview*) -- + (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``, + and ``MODE_OPENPGP`` modes). + + The initialization vector to use for encryption or decryption. + + For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 8 bytes long. + + For ``MODE_OPENPGP`` mode only, + it must be 8 bytes long for encryption + and 10 bytes for decryption (in the latter case, it is + actually the *encrypted* IV which was prefixed to the ciphertext). + + If not provided, a random byte string is generated (you must then + read its value with the :attr:`iv` attribute). + + * **nonce** (*bytes*, *bytearray*, *memoryview*) -- + (Only applicable for ``MODE_EAX`` and ``MODE_CTR``). + + A value that must never be reused for any other encryption done + with this key. + + For ``MODE_EAX`` there are no + restrictions on its length (recommended: **16** bytes). + + For ``MODE_CTR``, its length must be in the range **[0..7]**. + + If not provided for ``MODE_EAX``, a random byte string is generated (you + can read it back via the ``nonce`` attribute). + + * **segment_size** (*integer*) -- + (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext + are segmented in. It must be a multiple of 8. + If not specified, it will be assumed to be 8. + + * **mac_len** : (*integer*) -- + (Only ``MODE_EAX``) + Length of the authentication tag, in bytes. + It must be no longer than 8 (default). + + * **initial_value** : (*integer*) -- + (Only ``MODE_CTR``). The initial value for the counter within + the counter block. By default it is **0**. + + :Return: a Triple DES object, of the applicable mode. + """ + + return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs) + +MODE_ECB = 1 +MODE_CBC = 2 +MODE_CFB = 3 +MODE_OFB = 5 +MODE_CTR = 6 +MODE_OPENPGP = 7 +MODE_EAX = 9 + +# Size of a data block (in bytes) +block_size = 8 +# Size of a key (in bytes) +key_size = (16, 24) diff --git a/frozen_deps/Cryptodome/Cipher/DES3.pyi b/frozen_deps/Cryptodome/Cipher/DES3.pyi new file mode 100644 index 0000000..c1a524f --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/DES3.pyi @@ -0,0 +1,37 @@ +from typing import Union, Dict, Tuple + +from Cryptodome.Cipher._mode_ecb import EcbMode +from Cryptodome.Cipher._mode_cbc import CbcMode +from Cryptodome.Cipher._mode_cfb import CfbMode +from Cryptodome.Cipher._mode_ofb import OfbMode +from Cryptodome.Cipher._mode_ctr import CtrMode +from Cryptodome.Cipher._mode_openpgp import OpenPgpMode +from Cryptodome.Cipher._mode_eax import EaxMode + +def adjust_key_parity(key_in: bytes) -> bytes: ... + +DES3Mode = int + +MODE_ECB: DES3Mode +MODE_CBC: DES3Mode +MODE_CFB: DES3Mode +MODE_OFB: DES3Mode +MODE_CTR: DES3Mode +MODE_OPENPGP: DES3Mode +MODE_EAX: DES3Mode + +Buffer = Union[bytes, bytearray, memoryview] + +def new(key: Buffer, + mode: DES3Mode, + iv : Buffer = ..., + IV : Buffer = ..., + nonce : Buffer = ..., + segment_size : int = ..., + mac_len : int = ..., + initial_value : Union[int, Buffer] = ..., + counter : Dict = ...) -> \ + Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: ... + +block_size: int +key_size: Tuple[int, int] diff --git a/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py b/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py new file mode 100644 index 0000000..3207bbe --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py @@ -0,0 +1,239 @@ +# -*- coding: utf-8 -*- +# +# Cipher/PKCS1_OAEP.py : PKCS#1 OAEP +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +from Cryptodome.Signature.pss import MGF1 +import Cryptodome.Hash.SHA1 + +from Cryptodome.Util.py3compat import bord, _copy_bytes +import Cryptodome.Util.number +from Cryptodome.Util.number import ceil_div, bytes_to_long, long_to_bytes +from Cryptodome.Util.strxor import strxor +from Cryptodome import Random + +class PKCS1OAEP_Cipher: + """Cipher object for PKCS#1 v1.5 OAEP. + Do not create directly: use :func:`new` instead.""" + + def __init__(self, key, hashAlgo, mgfunc, label, randfunc): + """Initialize this PKCS#1 OAEP cipher object. + + :Parameters: + key : an RSA key object + If a private half is given, both encryption and decryption are possible. + If a public half is given, only encryption is possible. + hashAlgo : hash object + The hash function to use. This can be a module under `Cryptodome.Hash` + or an existing hash object created from any of such modules. If not specified, + `Cryptodome.Hash.SHA1` is used. + mgfunc : callable + A mask generation function that accepts two parameters: a string to + use as seed, and the lenth of the mask to generate, in bytes. + If not specified, the standard MGF1 consistent with ``hashAlgo`` is used (a safe choice). + label : bytes/bytearray/memoryview + A label to apply to this particular encryption. If not specified, + an empty string is used. Specifying a label does not improve + security. + randfunc : callable + A function that returns random bytes. + + :attention: Modify the mask generation function only if you know what you are doing. + Sender and receiver must use the same one. + """ + self._key = key + + if hashAlgo: + self._hashObj = hashAlgo + else: + self._hashObj = Cryptodome.Hash.SHA1 + + if mgfunc: + self._mgf = mgfunc + else: + self._mgf = lambda x,y: MGF1(x,y,self._hashObj) + + self._label = _copy_bytes(None, None, label) + self._randfunc = randfunc + + def can_encrypt(self): + """Legacy function to check if you can call :meth:`encrypt`. + + .. deprecated:: 3.0""" + return self._key.can_encrypt() + + def can_decrypt(self): + """Legacy function to check if you can call :meth:`decrypt`. + + .. deprecated:: 3.0""" + return self._key.can_decrypt() + + def encrypt(self, message): + """Encrypt a message with PKCS#1 OAEP. + + :param message: + The message to encrypt, also known as plaintext. It can be of + variable length, but not longer than the RSA modulus (in bytes) + minus 2, minus twice the hash output size. + For instance, if you use RSA 2048 and SHA-256, the longest message + you can encrypt is 190 byte long. + :type message: bytes/bytearray/memoryview + + :returns: The ciphertext, as large as the RSA modulus. + :rtype: bytes + + :raises ValueError: + if the message is too long. + """ + + # See 7.1.1 in RFC3447 + modBits = Cryptodome.Util.number.size(self._key.n) + k = ceil_div(modBits, 8) # Convert from bits to bytes + hLen = self._hashObj.digest_size + mLen = len(message) + + # Step 1b + ps_len = k - mLen - 2 * hLen - 2 + if ps_len < 0: + raise ValueError("Plaintext is too long.") + # Step 2a + lHash = self._hashObj.new(self._label).digest() + # Step 2b + ps = b'\x00' * ps_len + # Step 2c + db = lHash + ps + b'\x01' + _copy_bytes(None, None, message) + # Step 2d + ros = self._randfunc(hLen) + # Step 2e + dbMask = self._mgf(ros, k-hLen-1) + # Step 2f + maskedDB = strxor(db, dbMask) + # Step 2g + seedMask = self._mgf(maskedDB, hLen) + # Step 2h + maskedSeed = strxor(ros, seedMask) + # Step 2i + em = b'\x00' + maskedSeed + maskedDB + # Step 3a (OS2IP) + em_int = bytes_to_long(em) + # Step 3b (RSAEP) + m_int = self._key._encrypt(em_int) + # Step 3c (I2OSP) + c = long_to_bytes(m_int, k) + return c + + def decrypt(self, ciphertext): + """Decrypt a message with PKCS#1 OAEP. + + :param ciphertext: The encrypted message. + :type ciphertext: bytes/bytearray/memoryview + + :returns: The original message (plaintext). + :rtype: bytes + + :raises ValueError: + if the ciphertext has the wrong length, or if decryption + fails the integrity check (in which case, the decryption + key is probably wrong). + :raises TypeError: + if the RSA key has no private half (i.e. you are trying + to decrypt using a public key). + """ + + # See 7.1.2 in RFC3447 + modBits = Cryptodome.Util.number.size(self._key.n) + k = ceil_div(modBits,8) # Convert from bits to bytes + hLen = self._hashObj.digest_size + + # Step 1b and 1c + if len(ciphertext) != k or k<hLen+2: + raise ValueError("Ciphertext with incorrect length.") + # Step 2a (O2SIP) + ct_int = bytes_to_long(ciphertext) + # Step 2b (RSADP) + m_int = self._key._decrypt(ct_int) + # Complete step 2c (I2OSP) + em = long_to_bytes(m_int, k) + # Step 3a + lHash = self._hashObj.new(self._label).digest() + # Step 3b + y = em[0] + # y must be 0, but we MUST NOT check it here in order not to + # allow attacks like Manger's (http://dl.acm.org/citation.cfm?id=704143) + maskedSeed = em[1:hLen+1] + maskedDB = em[hLen+1:] + # Step 3c + seedMask = self._mgf(maskedDB, hLen) + # Step 3d + seed = strxor(maskedSeed, seedMask) + # Step 3e + dbMask = self._mgf(seed, k-hLen-1) + # Step 3f + db = strxor(maskedDB, dbMask) + # Step 3g + one_pos = db[hLen:].find(b'\x01') + lHash1 = db[:hLen] + invalid = bord(y) | int(one_pos < 0) + hash_compare = strxor(lHash1, lHash) + for x in hash_compare: + invalid |= bord(x) + for x in db[hLen:one_pos]: + invalid |= bord(x) + if invalid != 0: + raise ValueError("Incorrect decryption.") + # Step 4 + return db[hLen + one_pos + 1:] + +def new(key, hashAlgo=None, mgfunc=None, label=b'', randfunc=None): + """Return a cipher object :class:`PKCS1OAEP_Cipher` that can be used to perform PKCS#1 OAEP encryption or decryption. + + :param key: + The key object to use to encrypt or decrypt the message. + Decryption is only possible with a private RSA key. + :type key: RSA key object + + :param hashAlgo: + The hash function to use. This can be a module under `Cryptodome.Hash` + or an existing hash object created from any of such modules. + If not specified, `Cryptodome.Hash.SHA1` is used. + :type hashAlgo: hash object + + :param mgfunc: + A mask generation function that accepts two parameters: a string to + use as seed, and the lenth of the mask to generate, in bytes. + If not specified, the standard MGF1 consistent with ``hashAlgo`` is used (a safe choice). + :type mgfunc: callable + + :param label: + A label to apply to this particular encryption. If not specified, + an empty string is used. Specifying a label does not improve + security. + :type label: bytes/bytearray/memoryview + + :param randfunc: + A function that returns random bytes. + The default is `Random.get_random_bytes`. + :type randfunc: callable + """ + + if randfunc is None: + randfunc = Random.get_random_bytes + return PKCS1OAEP_Cipher(key, hashAlgo, mgfunc, label, randfunc) + diff --git a/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.pyi b/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.pyi new file mode 100644 index 0000000..b54cd3f --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.pyi @@ -0,0 +1,35 @@ +from typing import Optional, Union, Callable, Any, overload +from typing_extensions import Protocol + +from Cryptodome.PublicKey.RSA import RsaKey + +class HashLikeClass(Protocol): + digest_size : int + def new(self, data: Optional[bytes] = ...) -> Any: ... + +class HashLikeModule(Protocol): + digest_size : int + @staticmethod + def new(data: Optional[bytes] = ...) -> Any: ... + +HashLike = Union[HashLikeClass, HashLikeModule] + +Buffer = Union[bytes, bytearray, memoryview] + +class PKCS1OAEP_Cipher: + def __init__(self, + key: RsaKey, + hashAlgo: HashLike, + mgfunc: Callable[[bytes, int], bytes], + label: Buffer, + randfunc: Callable[[int], bytes]) -> None: ... + def can_encrypt(self) -> bool: ... + def can_decrypt(self) -> bool: ... + def encrypt(self, message: Buffer) -> bytes: ... + def decrypt(self, ciphertext: Buffer) -> bytes: ... + +def new(key: RsaKey, + hashAlgo: Optional[HashLike] = ..., + mgfunc: Optional[Callable[[bytes, int], bytes]] = ..., + label: Optional[Buffer] = ..., + randfunc: Optional[Callable[[int], bytes]] = ...) -> PKCS1OAEP_Cipher: ... diff --git a/frozen_deps/Crypto/Cipher/PKCS1_v1_5.py b/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.py index 3602cb0..1fd1626 100644 --- a/frozen_deps/Crypto/Cipher/PKCS1_v1_5.py +++ b/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.py @@ -20,72 +20,30 @@ # SOFTWARE. # =================================================================== -"""RSA encryption protocol according to PKCS#1 v1.5 - -See RFC3447__ or the `original RSA Labs specification`__ . - -This scheme is more properly called ``RSAES-PKCS1-v1_5``. - -**If you are designing a new protocol, consider using the more robust PKCS#1 OAEP.** - -As an example, a sender may encrypt a message in this way: - - >>> from Crypto.Cipher import PKCS1_v1_5 - >>> from Crypto.PublicKey import RSA - >>> from Crypto.Hash import SHA - >>> - >>> message = 'To be encrypted' - >>> h = SHA.new(message) - >>> - >>> key = RSA.importKey(open('pubkey.der').read()) - >>> cipher = PKCS1_v1_5.new(key) - >>> ciphertext = cipher.encrypt(message+h.digest()) - -At the receiver side, decryption can be done using the private part of -the RSA key: - - >>> From Crypto.Hash import SHA - >>> from Crypto import Random - >>> - >>> key = RSA.importKey(open('privkey.der').read()) - >>> - >>> dsize = SHA.digest_size - >>> sentinel = Random.new().read(15+dsize) # Let's assume that average data length is 15 - >>> - >>> cipher = PKCS1_v1_5.new(key) - >>> message = cipher.decrypt(ciphertext, sentinel) - >>> - >>> digest = SHA.new(message[:-dsize]).digest() - >>> if digest==message[-dsize:]: # Note how we DO NOT look for the sentinel - >>> print "Encryption was correct." - >>> else: - >>> print "Encryption was not correct." - -:undocumented: __revision__, __package__ - -.. __: http://www.ietf.org/rfc/rfc3447.txt -.. __: http://www.rsa.com/rsalabs/node.asp?id=2125. -""" - -__revision__ = "$Id$" __all__ = [ 'new', 'PKCS115_Cipher' ] -from Crypto.Util.number import ceil_div -from Crypto.Util.py3compat import * -import Crypto.Util.number +from Cryptodome.Util.number import ceil_div, bytes_to_long, long_to_bytes +from Cryptodome.Util.py3compat import bord, _copy_bytes +import Cryptodome.Util.number +from Cryptodome import Random class PKCS115_Cipher: - """This cipher can perform PKCS#1 v1.5 RSA encryption or decryption.""" + """This cipher can perform PKCS#1 v1.5 RSA encryption or decryption. + Do not instantiate directly. Use :func:`Cryptodome.Cipher.PKCS1_v1_5.new` instead.""" - def __init__(self, key): + def __init__(self, key, randfunc): """Initialize this PKCS#1 v1.5 cipher object. - + :Parameters: key : an RSA key object If a private half is given, both encryption and decryption are possible. If a public half is given, only encryption is possible. + randfunc : callable + Function that returns random bytes. """ + self._key = key + self._randfunc = randfunc def can_encrypt(self): """Return True if this cipher object can be used for encryption.""" @@ -97,87 +55,92 @@ class PKCS115_Cipher: def encrypt(self, message): """Produce the PKCS#1 v1.5 encryption of a message. - - This function is named ``RSAES-PKCS1-V1_5-ENCRYPT``, and is specified in - section 7.2.1 of RFC3447. - For a complete example see `Crypto.Cipher.PKCS1_v1_5`. - - :Parameters: - message : byte string - The message to encrypt, also known as plaintext. It can be of - variable length, but not longer than the RSA modulus (in bytes) minus 11. - - :Return: A byte string, the ciphertext in which the message is encrypted. + + This function is named ``RSAES-PKCS1-V1_5-ENCRYPT``, and it is specified in + `section 7.2.1 of RFC8017 + <https://tools.ietf.org/html/rfc8017#page-28>`_. + + :param message: + The message to encrypt, also known as plaintext. It can be of + variable length, but not longer than the RSA modulus (in bytes) minus 11. + :type message: bytes/bytearray/memoryview + + :Returns: A byte string, the ciphertext in which the message is encrypted. It is as long as the RSA modulus (in bytes). - :Raise ValueError: + + :Raises ValueError: If the RSA key length is not sufficiently long to deal with the given message. - """ - # TODO: Verify the key is RSA - - randFunc = self._key._randfunc - - # See 7.2.1 in RFC3447 - modBits = Crypto.Util.number.size(self._key.n) + + # See 7.2.1 in RFC8017 + modBits = Cryptodome.Util.number.size(self._key.n) k = ceil_div(modBits,8) # Convert from bits to bytes mLen = len(message) - + # Step 1 - if mLen > k-11: + if mLen > k - 11: raise ValueError("Plaintext is too long.") # Step 2a - class nonZeroRandByte: - def __init__(self, rf): self.rf=rf - def __call__(self, c): - while bord(c)==0x00: c=self.rf(1)[0] - return c - ps = tobytes(list(map(nonZeroRandByte(randFunc), randFunc(k-mLen-3)))) + ps = [] + while len(ps) != k - mLen - 3: + new_byte = self._randfunc(1) + if bord(new_byte[0]) == 0x00: + continue + ps.append(new_byte) + ps = b"".join(ps) + assert(len(ps) == k - mLen - 3) # Step 2b - em = b('\x00\x02') + ps + bchr(0x00) + message - # Step 3a (OS2IP), step 3b (RSAEP), part of step 3c (I2OSP) - m = self._key.encrypt(em, 0)[0] - # Complete step 3c (I2OSP) - c = bchr(0x00)*(k-len(m)) + m + em = b'\x00\x02' + ps + b'\x00' + _copy_bytes(None, None, message) + # Step 3a (OS2IP) + em_int = bytes_to_long(em) + # Step 3b (RSAEP) + m_int = self._key._encrypt(em_int) + # Step 3c (I2OSP) + c = long_to_bytes(m_int, k) return c - - def decrypt(self, ct, sentinel): - """Decrypt a PKCS#1 v1.5 ciphertext. - + + def decrypt(self, ciphertext, sentinel): + r"""Decrypt a PKCS#1 v1.5 ciphertext. + This function is named ``RSAES-PKCS1-V1_5-DECRYPT``, and is specified in - section 7.2.2 of RFC3447. - For a complete example see `Crypto.Cipher.PKCS1_v1_5`. - - :Parameters: - ct : byte string - The ciphertext that contains the message to recover. - sentinel : any type - The object to return to indicate that an error was detected during decryption. - - :Return: A byte string. It is either the original message or the ``sentinel`` (in case of an error). - :Raise ValueError: + `section 7.2.2 of RFC8017 + <https://tools.ietf.org/html/rfc8017#page-29>`_. + + :param ciphertext: + The ciphertext that contains the message to recover. + :type ciphertext: bytes/bytearray/memoryview + + :param sentinel: + The object to return whenever an error is detected. + :type sentinel: any type + + :Returns: A byte string. It is either the original message or the ``sentinel`` (in case of an error). + + :Raises ValueError: If the ciphertext length is incorrect - :Raise TypeError: - If the RSA key has no private half. - - :attention: + :Raises TypeError: + If the RSA key has no private half (i.e. it cannot be used for + decyption). + + .. warning:: You should **never** let the party who submitted the ciphertext know that this function returned the ``sentinel`` value. Armed with such knowledge (for a fair amount of carefully crafted but invalid ciphertexts), an attacker is able to recontruct the plaintext of any other encryption that were carried out with the same RSA public key (see `Bleichenbacher's`__ attack). - + In general, it should not be possible for the other party to distinguish whether processing at the server side failed because the value returned was a ``sentinel`` as opposed to a random, invalid message. - + In fact, the second option is not that unlikely: encryption done according to PKCS#1 v1.5 embeds no good integrity check. There is roughly one chance - in 2^16 for a random ciphertext to be returned as a valid message + in 2\ :sup:`16` for a random ciphertext to be returned as a valid message (although random looking). - + It is therefore advisabled to: - + 1. Select as ``sentinel`` a value that resembles a plausable random, invalid message. 2. Not report back an error as soon as you detect a ``sentinel`` value. Put differently, you should not explicitly check if the returned value is the ``sentinel`` or not. @@ -186,41 +149,51 @@ class PKCS115_Cipher: It is recommended for it to be the rightmost part ``message``. 5. Where possible, monitor the number of errors due to ciphertexts originating from the same party, and slow down the rate of the requests from such party (or even blacklist it altogether). - + **If you are designing a new protocol, consider using the more robust PKCS#1 OAEP.** - + .. __: http://www.bell-labs.com/user/bleichen/papers/pkcs.ps - + """ - - # TODO: Verify the key is RSA - + # See 7.2.1 in RFC3447 - modBits = Crypto.Util.number.size(self._key.n) + modBits = Cryptodome.Util.number.size(self._key.n) k = ceil_div(modBits,8) # Convert from bits to bytes - + # Step 1 - if len(ct) != k: + if len(ciphertext) != k: raise ValueError("Ciphertext with incorrect length.") - # Step 2a (O2SIP), 2b (RSADP), and part of 2c (I2OSP) - m = self._key.decrypt(ct) + # Step 2a (O2SIP) + ct_int = bytes_to_long(ciphertext) + # Step 2b (RSADP) + m_int = self._key._decrypt(ct_int) # Complete step 2c (I2OSP) - em = bchr(0x00)*(k-len(m)) + m + em = long_to_bytes(m_int, k) # Step 3 - sep = em.find(bchr(0x00),2) - if not em.startswith(b('\x00\x02')) or sep<10: + sep = em.find(b'\x00', 2) + if not em.startswith(b'\x00\x02') or sep < 10: return sentinel # Step 4 - return em[sep+1:] + return em[sep + 1:] -def new(key): - """Return a cipher object `PKCS115_Cipher` that can be used to perform PKCS#1 v1.5 encryption or decryption. - :Parameters: - key : RSA key object - The key to use to encrypt or decrypt the message. This is a `Crypto.PublicKey.RSA` object. +def new(key, randfunc=None): + """Create a cipher for performing PKCS#1 v1.5 encryption or decryption. + + :param key: + The key to use to encrypt or decrypt the message. This is a `Cryptodome.PublicKey.RSA` object. Decryption is only possible if *key* is a private RSA key. + :type key: RSA key object + + :param randfunc: + Function that return random bytes. + The default is :func:`Cryptodome.Random.get_random_bytes`. + :type randfunc: callable + :returns: A cipher object `PKCS115_Cipher`. """ - return PKCS115_Cipher(key) + + if randfunc is None: + randfunc = Random.get_random_bytes + return PKCS115_Cipher(key, randfunc) diff --git a/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.pyi b/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.pyi new file mode 100644 index 0000000..ff4e3f2 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.pyi @@ -0,0 +1,17 @@ +from typing import Callable, Union, Any, Optional + +from Cryptodome.PublicKey.RSA import RsaKey + +Buffer = Union[bytes, bytearray, memoryview] + +class PKCS115_Cipher: + def __init__(self, + key: RsaKey, + randfunc: Callable[[int], bytes]) -> None: ... + def can_encrypt(self) -> bool: ... + def can_decrypt(self) -> bool: ... + def encrypt(self, message: Buffer) -> bytes: ... + def decrypt(self, ciphertext: Buffer) -> bytes: ... + +def new(key: RsaKey, + randfunc: Optional[Callable[[int], bytes]] = ...) -> PKCS115_Cipher: ... diff --git a/frozen_deps/Cryptodome/Cipher/Salsa20.py b/frozen_deps/Cryptodome/Cipher/Salsa20.py new file mode 100644 index 0000000..79e6701 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/Salsa20.py @@ -0,0 +1,167 @@ +# -*- coding: utf-8 -*- +# +# Cipher/Salsa20.py : Salsa20 stream cipher (http://cr.yp.to/snuffle.html) +# +# Contributed by Fabrizio Tarizzo <[email protected]>. +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +from Cryptodome.Util.py3compat import _copy_bytes +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + create_string_buffer, + get_raw_buffer, VoidPointer, + SmartPointer, c_size_t, + c_uint8_ptr, is_writeable_buffer) + +from Cryptodome.Random import get_random_bytes + +_raw_salsa20_lib = load_pycryptodome_raw_lib("Cryptodome.Cipher._Salsa20", + """ + int Salsa20_stream_init(uint8_t *key, size_t keylen, + uint8_t *nonce, size_t nonce_len, + void **pSalsaState); + int Salsa20_stream_destroy(void *salsaState); + int Salsa20_stream_encrypt(void *salsaState, + const uint8_t in[], + uint8_t out[], size_t len); + """) + + +class Salsa20Cipher: + """Salsa20 cipher object. Do not create it directly. Use :py:func:`new` + instead. + + :var nonce: The nonce with length 8 + :vartype nonce: byte string + """ + + def __init__(self, key, nonce): + """Initialize a Salsa20 cipher object + + See also `new()` at the module level.""" + + if len(key) not in key_size: + raise ValueError("Incorrect key length for Salsa20 (%d bytes)" % len(key)) + + if len(nonce) != 8: + raise ValueError("Incorrect nonce length for Salsa20 (%d bytes)" % + len(nonce)) + + self.nonce = _copy_bytes(None, None, nonce) + + self._state = VoidPointer() + result = _raw_salsa20_lib.Salsa20_stream_init( + c_uint8_ptr(key), + c_size_t(len(key)), + c_uint8_ptr(nonce), + c_size_t(len(nonce)), + self._state.address_of()) + if result: + raise ValueError("Error %d instantiating a Salsa20 cipher") + self._state = SmartPointer(self._state.get(), + _raw_salsa20_lib.Salsa20_stream_destroy) + + self.block_size = 1 + self.key_size = len(key) + + def encrypt(self, plaintext, output=None): + """Encrypt a piece of data. + + Args: + plaintext(bytes/bytearray/memoryview): The data to encrypt, of any size. + Keyword Args: + output(bytes/bytearray/memoryview): The location where the ciphertext + is written to. If ``None``, the ciphertext is returned. + Returns: + If ``output`` is ``None``, the ciphertext is returned as ``bytes``. + Otherwise, ``None``. + """ + + if output is None: + ciphertext = create_string_buffer(len(plaintext)) + else: + ciphertext = output + + if not is_writeable_buffer(output): + raise TypeError("output must be a bytearray or a writeable memoryview") + + if len(plaintext) != len(output): + raise ValueError("output must have the same length as the input" + " (%d bytes)" % len(plaintext)) + + result = _raw_salsa20_lib.Salsa20_stream_encrypt( + self._state.get(), + c_uint8_ptr(plaintext), + c_uint8_ptr(ciphertext), + c_size_t(len(plaintext))) + if result: + raise ValueError("Error %d while encrypting with Salsa20" % result) + + if output is None: + return get_raw_buffer(ciphertext) + else: + return None + + def decrypt(self, ciphertext, output=None): + """Decrypt a piece of data. + + Args: + ciphertext(bytes/bytearray/memoryview): The data to decrypt, of any size. + Keyword Args: + output(bytes/bytearray/memoryview): The location where the plaintext + is written to. If ``None``, the plaintext is returned. + Returns: + If ``output`` is ``None``, the plaintext is returned as ``bytes``. + Otherwise, ``None``. + """ + + try: + return self.encrypt(ciphertext, output=output) + except ValueError as e: + raise ValueError(str(e).replace("enc", "dec")) + + +def new(key, nonce=None): + """Create a new Salsa20 cipher + + :keyword key: The secret key to use. It must be 16 or 32 bytes long. + :type key: bytes/bytearray/memoryview + + :keyword nonce: + A value that must never be reused for any other encryption + done with this key. It must be 8 bytes long. + + If not provided, a random byte string will be generated (you can read + it back via the ``nonce`` attribute of the returned object). + :type nonce: bytes/bytearray/memoryview + + :Return: a :class:`Cryptodome.Cipher.Salsa20.Salsa20Cipher` object + """ + + if nonce is None: + nonce = get_random_bytes(8) + + return Salsa20Cipher(key, nonce) + +# Size of a data block (in bytes) +block_size = 1 + +# Size of a key (in bytes) +key_size = (16, 32) + diff --git a/frozen_deps/Cryptodome/Cipher/Salsa20.pyi b/frozen_deps/Cryptodome/Cipher/Salsa20.pyi new file mode 100644 index 0000000..9178f0d --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/Salsa20.pyi @@ -0,0 +1,27 @@ +from typing import Union, Tuple, Optional, overload + + +Buffer = Union[bytes, bytearray, memoryview] + +class Salsa20Cipher: + nonce: bytes + block_size: int + key_size: int + + def __init__(self, + key: Buffer, + nonce: Buffer) -> None: ... + @overload + def encrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + @overload + def decrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + +def new(key: Buffer, nonce: Optional[Buffer] = ...) -> Salsa20Cipher: ... + +block_size: int +key_size: Tuple[int, int] + diff --git a/frozen_deps/Cryptodome/Cipher/_ARC4.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_ARC4.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..e4d89af --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_ARC4.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Cipher/_EKSBlowfish.py b/frozen_deps/Cryptodome/Cipher/_EKSBlowfish.py new file mode 100644 index 0000000..c1c3249 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_EKSBlowfish.py @@ -0,0 +1,131 @@ +# =================================================================== +# +# Copyright (c) 2019, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +import sys + +from Cryptodome.Cipher import _create_cipher +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, c_size_t, + c_uint8_ptr, c_uint) + +_raw_blowfish_lib = load_pycryptodome_raw_lib( + "Cryptodome.Cipher._raw_eksblowfish", + """ + int EKSBlowfish_start_operation(const uint8_t key[], + size_t key_len, + const uint8_t salt[16], + size_t salt_len, + unsigned cost, + unsigned invert, + void **pResult); + int EKSBlowfish_encrypt(const void *state, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int EKSBlowfish_decrypt(const void *state, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int EKSBlowfish_stop_operation(void *state); + """ + ) + + +def _create_base_cipher(dict_parameters): + """This method instantiates and returns a smart pointer to + a low-level base cipher. It will absorb named parameters in + the process.""" + + try: + key = dict_parameters.pop("key") + salt = dict_parameters.pop("salt") + cost = dict_parameters.pop("cost") + except KeyError as e: + raise TypeError("Missing EKSBlowfish parameter: " + str(e)) + invert = dict_parameters.pop("invert", True) + + if len(key) not in key_size: + raise ValueError("Incorrect EKSBlowfish key length (%d bytes)" % len(key)) + + start_operation = _raw_blowfish_lib.EKSBlowfish_start_operation + stop_operation = _raw_blowfish_lib.EKSBlowfish_stop_operation + + void_p = VoidPointer() + result = start_operation(c_uint8_ptr(key), + c_size_t(len(key)), + c_uint8_ptr(salt), + c_size_t(len(salt)), + c_uint(cost), + c_uint(int(invert)), + void_p.address_of()) + if result: + raise ValueError("Error %X while instantiating the EKSBlowfish cipher" + % result) + return SmartPointer(void_p.get(), stop_operation) + + +def new(key, mode, salt, cost, invert): + """Create a new EKSBlowfish cipher + + Args: + + key (bytes, bytearray, memoryview): + The secret key to use in the symmetric cipher. + Its length can vary from 0 to 72 bytes. + + mode (one of the supported ``MODE_*`` constants): + The chaining mode to use for encryption or decryption. + + salt (bytes, bytearray, memoryview): + The salt that bcrypt uses to thwart rainbow table attacks + + cost (integer): + The complexity factor in bcrypt + + invert (bool): + If ``False``, in the inner loop use ``ExpandKey`` first over the salt + and then over the key, as defined in + the `original bcrypt specification <https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node4.html>`_. + If ``True``, reverse the order, as in the first implementation of + `bcrypt` in OpenBSD. + + :Return: an EKSBlowfish object + """ + + kwargs = { 'salt':salt, 'cost':cost, 'invert':invert } + return _create_cipher(sys.modules[__name__], key, mode, **kwargs) + + +MODE_ECB = 1 + +# Size of a data block (in bytes) +block_size = 8 +# Size of a key (in bytes) +key_size = range(0, 72 + 1) diff --git a/frozen_deps/Cryptodome/Cipher/_EKSBlowfish.pyi b/frozen_deps/Cryptodome/Cipher/_EKSBlowfish.pyi new file mode 100644 index 0000000..49c8448 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_EKSBlowfish.pyi @@ -0,0 +1,15 @@ +from typing import Union, Iterable + +from Cryptodome.Cipher._mode_ecb import EcbMode + +MODE_ECB: int + +Buffer = Union[bytes, bytearray, memoryview] + +def new(key: Buffer, + mode: int, + salt: Buffer, + cost: int) -> EcbMode: ... + +block_size: int +key_size: Iterable[int] diff --git a/frozen_deps/Cryptodome/Cipher/_Salsa20.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_Salsa20.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..df9884e --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_Salsa20.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Cipher/__init__.py b/frozen_deps/Cryptodome/Cipher/__init__.py new file mode 100644 index 0000000..9bf067f --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/__init__.py @@ -0,0 +1,79 @@ +# +# A block cipher is instantiated as a combination of: +# 1. A base cipher (such as AES) +# 2. A mode of operation (such as CBC) +# +# Both items are implemented as C modules. +# +# The API of #1 is (replace "AES" with the name of the actual cipher): +# - AES_start_operaion(key) --> base_cipher_state +# - AES_encrypt(base_cipher_state, in, out, length) +# - AES_decrypt(base_cipher_state, in, out, length) +# - AES_stop_operation(base_cipher_state) +# +# Where base_cipher_state is AES_State, a struct with BlockBase (set of +# pointers to encrypt/decrypt/stop) followed by cipher-specific data. +# +# The API of #2 is (replace "CBC" with the name of the actual mode): +# - CBC_start_operation(base_cipher_state) --> mode_state +# - CBC_encrypt(mode_state, in, out, length) +# - CBC_decrypt(mode_state, in, out, length) +# - CBC_stop_operation(mode_state) +# +# where mode_state is a a pointer to base_cipher_state plus mode-specific data. + +import os + +from Cryptodome.Cipher._mode_ecb import _create_ecb_cipher +from Cryptodome.Cipher._mode_cbc import _create_cbc_cipher +from Cryptodome.Cipher._mode_cfb import _create_cfb_cipher +from Cryptodome.Cipher._mode_ofb import _create_ofb_cipher +from Cryptodome.Cipher._mode_ctr import _create_ctr_cipher +from Cryptodome.Cipher._mode_openpgp import _create_openpgp_cipher +from Cryptodome.Cipher._mode_ccm import _create_ccm_cipher +from Cryptodome.Cipher._mode_eax import _create_eax_cipher +from Cryptodome.Cipher._mode_siv import _create_siv_cipher +from Cryptodome.Cipher._mode_gcm import _create_gcm_cipher +from Cryptodome.Cipher._mode_ocb import _create_ocb_cipher + +_modes = { 1:_create_ecb_cipher, + 2:_create_cbc_cipher, + 3:_create_cfb_cipher, + 5:_create_ofb_cipher, + 6:_create_ctr_cipher, + 7:_create_openpgp_cipher, + 9:_create_eax_cipher + } + +_extra_modes = { 8:_create_ccm_cipher, + 10:_create_siv_cipher, + 11:_create_gcm_cipher, + 12:_create_ocb_cipher + } + +def _create_cipher(factory, key, mode, *args, **kwargs): + + kwargs["key"] = key + + modes = dict(_modes) + if kwargs.pop("add_aes_modes", False): + modes.update(_extra_modes) + if not mode in modes: + raise ValueError("Mode not supported") + + if args: + if mode in (8, 9, 10, 11, 12): + if len(args) > 1: + raise TypeError("Too many arguments for this mode") + kwargs["nonce"] = args[0] + elif mode in (2, 3, 5, 7): + if len(args) > 1: + raise TypeError("Too many arguments for this mode") + kwargs["IV"] = args[0] + elif mode == 6: + if len(args) > 0: + raise TypeError("Too many arguments for this mode") + elif mode == 1: + raise TypeError("IV is not meaningful for the ECB mode") + + return modes[mode](factory, **kwargs) diff --git a/frozen_deps/Crypto/Random/Fortuna/__init__.py b/frozen_deps/Cryptodome/Cipher/__init__.pyi index e69de29..e69de29 100644 --- a/frozen_deps/Crypto/Random/Fortuna/__init__.py +++ b/frozen_deps/Cryptodome/Cipher/__init__.pyi diff --git a/frozen_deps/Cryptodome/Cipher/_chacha20.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_chacha20.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..ded8fd8 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_chacha20.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Cipher/_mode_cbc.py b/frozen_deps/Cryptodome/Cipher/_mode_cbc.py new file mode 100644 index 0000000..edc29ca --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_cbc.py @@ -0,0 +1,293 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +""" +Ciphertext Block Chaining (CBC) mode. +""" + +__all__ = ['CbcMode'] + +from Cryptodome.Util.py3compat import _copy_bytes +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer, + create_string_buffer, get_raw_buffer, + SmartPointer, c_size_t, c_uint8_ptr, + is_writeable_buffer) + +from Cryptodome.Random import get_random_bytes + +raw_cbc_lib = load_pycryptodome_raw_lib("Cryptodome.Cipher._raw_cbc", """ + int CBC_start_operation(void *cipher, + const uint8_t iv[], + size_t iv_len, + void **pResult); + int CBC_encrypt(void *cbcState, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int CBC_decrypt(void *cbcState, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int CBC_stop_operation(void *state); + """ + ) + + +class CbcMode(object): + """*Cipher-Block Chaining (CBC)*. + + Each of the ciphertext blocks depends on the current + and all previous plaintext blocks. + + An Initialization Vector (*IV*) is required. + + See `NIST SP800-38A`_ , Section 6.2 . + + .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf + + :undocumented: __init__ + """ + + def __init__(self, block_cipher, iv): + """Create a new block cipher, configured in CBC mode. + + :Parameters: + block_cipher : C pointer + A smart pointer to the low-level block cipher instance. + + iv : bytes/bytearray/memoryview + The initialization vector to use for encryption or decryption. + It is as long as the cipher block. + + **The IV must be unpredictable**. Ideally it is picked randomly. + + Reusing the *IV* for encryptions performed with the same key + compromises confidentiality. + """ + + self._state = VoidPointer() + result = raw_cbc_lib.CBC_start_operation(block_cipher.get(), + c_uint8_ptr(iv), + c_size_t(len(iv)), + self._state.address_of()) + if result: + raise ValueError("Error %d while instantiating the CBC mode" + % result) + + # Ensure that object disposal of this Python object will (eventually) + # free the memory allocated by the raw library for the cipher mode + self._state = SmartPointer(self._state.get(), + raw_cbc_lib.CBC_stop_operation) + + # Memory allocated for the underlying block cipher is now owed + # by the cipher mode + block_cipher.release() + + self.block_size = len(iv) + """The block size of the underlying cipher, in bytes.""" + + self.iv = _copy_bytes(None, None, iv) + """The Initialization Vector originally used to create the object. + The value does not change.""" + + self.IV = self.iv + """Alias for `iv`""" + + self._next = [ self.encrypt, self.decrypt ] + + def encrypt(self, plaintext, output=None): + """Encrypt data with the key and the parameters set at initialization. + + A cipher object is stateful: once you have encrypted a message + you cannot encrypt (or decrypt) another message using the same + object. + + The data to encrypt can be broken up in two or + more pieces and `encrypt` can be called multiple times. + + That is, the statement: + + >>> c.encrypt(a) + c.encrypt(b) + + is equivalent to: + + >>> c.encrypt(a+b) + + That also means that you cannot reuse an object for encrypting + or decrypting other data with the same key. + + This function does not add any padding to the plaintext. + + :Parameters: + plaintext : bytes/bytearray/memoryview + The piece of data to encrypt. + Its lenght must be multiple of the cipher block size. + :Keywords: + output : bytearray/memoryview + The location where the ciphertext must be written to. + If ``None``, the ciphertext is returned. + :Return: + If ``output`` is ``None``, the ciphertext is returned as ``bytes``. + Otherwise, ``None``. + """ + + if self.encrypt not in self._next: + raise TypeError("encrypt() cannot be called after decrypt()") + self._next = [ self.encrypt ] + + if output is None: + ciphertext = create_string_buffer(len(plaintext)) + else: + ciphertext = output + + if not is_writeable_buffer(output): + raise TypeError("output must be a bytearray or a writeable memoryview") + + if len(plaintext) != len(output): + raise ValueError("output must have the same length as the input" + " (%d bytes)" % len(plaintext)) + + result = raw_cbc_lib.CBC_encrypt(self._state.get(), + c_uint8_ptr(plaintext), + c_uint8_ptr(ciphertext), + c_size_t(len(plaintext))) + if result: + if result == 3: + raise ValueError("Data must be padded to %d byte boundary in CBC mode" % self.block_size) + raise ValueError("Error %d while encrypting in CBC mode" % result) + + if output is None: + return get_raw_buffer(ciphertext) + else: + return None + + def decrypt(self, ciphertext, output=None): + """Decrypt data with the key and the parameters set at initialization. + + A cipher object is stateful: once you have decrypted a message + you cannot decrypt (or encrypt) another message with the same + object. + + The data to decrypt can be broken up in two or + more pieces and `decrypt` can be called multiple times. + + That is, the statement: + + >>> c.decrypt(a) + c.decrypt(b) + + is equivalent to: + + >>> c.decrypt(a+b) + + This function does not remove any padding from the plaintext. + + :Parameters: + ciphertext : bytes/bytearray/memoryview + The piece of data to decrypt. + Its length must be multiple of the cipher block size. + :Keywords: + output : bytearray/memoryview + The location where the plaintext must be written to. + If ``None``, the plaintext is returned. + :Return: + If ``output`` is ``None``, the plaintext is returned as ``bytes``. + Otherwise, ``None``. + """ + + if self.decrypt not in self._next: + raise TypeError("decrypt() cannot be called after encrypt()") + self._next = [ self.decrypt ] + + if output is None: + plaintext = create_string_buffer(len(ciphertext)) + else: + plaintext = output + + if not is_writeable_buffer(output): + raise TypeError("output must be a bytearray or a writeable memoryview") + + if len(ciphertext) != len(output): + raise ValueError("output must have the same length as the input" + " (%d bytes)" % len(plaintext)) + + result = raw_cbc_lib.CBC_decrypt(self._state.get(), + c_uint8_ptr(ciphertext), + c_uint8_ptr(plaintext), + c_size_t(len(ciphertext))) + if result: + if result == 3: + raise ValueError("Data must be padded to %d byte boundary in CBC mode" % self.block_size) + raise ValueError("Error %d while decrypting in CBC mode" % result) + + if output is None: + return get_raw_buffer(plaintext) + else: + return None + + +def _create_cbc_cipher(factory, **kwargs): + """Instantiate a cipher object that performs CBC encryption/decryption. + + :Parameters: + factory : module + The underlying block cipher, a module from ``Cryptodome.Cipher``. + + :Keywords: + iv : bytes/bytearray/memoryview + The IV to use for CBC. + + IV : bytes/bytearray/memoryview + Alias for ``iv``. + + Any other keyword will be passed to the underlying block cipher. + See the relevant documentation for details (at least ``key`` will need + to be present). + """ + + cipher_state = factory._create_base_cipher(kwargs) + iv = kwargs.pop("IV", None) + IV = kwargs.pop("iv", None) + + if (None, None) == (iv, IV): + iv = get_random_bytes(factory.block_size) + if iv is not None: + if IV is not None: + raise TypeError("You must either use 'iv' or 'IV', not both") + else: + iv = IV + + if len(iv) != factory.block_size: + raise ValueError("Incorrect IV length (it must be %d bytes long)" % + factory.block_size) + + if kwargs: + raise TypeError("Unknown parameters for CBC: %s" % str(kwargs)) + + return CbcMode(cipher_state, iv) diff --git a/frozen_deps/Cryptodome/Cipher/_mode_cbc.pyi b/frozen_deps/Cryptodome/Cipher/_mode_cbc.pyi new file mode 100644 index 0000000..526632e --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_cbc.pyi @@ -0,0 +1,25 @@ +from typing import Union, overload + +from Cryptodome.Util._raw_api import SmartPointer + +Buffer = Union[bytes, bytearray, memoryview] + +__all__ = ['CbcMode'] + +class CbcMode(object): + block_size: int + iv: Buffer + IV: Buffer + + def __init__(self, + block_cipher: SmartPointer, + iv: Buffer) -> None: ... + @overload + def encrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + @overload + def decrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ccm.py b/frozen_deps/Cryptodome/Cipher/_mode_ccm.py new file mode 100644 index 0000000..0e1c2f6 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_ccm.py @@ -0,0 +1,650 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +""" +Counter with CBC-MAC (CCM) mode. +""" + +__all__ = ['CcmMode'] + +import struct +from binascii import unhexlify + +from Cryptodome.Util.py3compat import (byte_string, bord, + _copy_bytes) +from Cryptodome.Util._raw_api import is_writeable_buffer + +from Cryptodome.Util.strxor import strxor +from Cryptodome.Util.number import long_to_bytes + +from Cryptodome.Hash import BLAKE2s +from Cryptodome.Random import get_random_bytes + + +def enum(**enums): + return type('Enum', (), enums) + +MacStatus = enum(NOT_STARTED=0, PROCESSING_AUTH_DATA=1, PROCESSING_PLAINTEXT=2) + + +class CcmMode(object): + """Counter with CBC-MAC (CCM). + + This is an Authenticated Encryption with Associated Data (`AEAD`_) mode. + It provides both confidentiality and authenticity. + + The header of the message may be left in the clear, if needed, and it will + still be subject to authentication. The decryption step tells the receiver + if the message comes from a source that really knowns the secret key. + Additionally, decryption detects if any part of the message - including the + header - has been modified or corrupted. + + This mode requires a nonce. The nonce shall never repeat for two + different messages encrypted with the same key, but it does not need + to be random. + Note that there is a trade-off between the size of the nonce and the + maximum size of a single message you can encrypt. + + It is important to use a large nonce if the key is reused across several + messages and the nonce is chosen randomly. + + It is acceptable to us a short nonce if the key is only used a few times or + if the nonce is taken from a counter. + + The following table shows the trade-off when the nonce is chosen at + random. The column on the left shows how many messages it takes + for the keystream to repeat **on average**. In practice, you will want to + stop using the key way before that. + + +--------------------+---------------+-------------------+ + | Avg. # of messages | nonce | Max. message | + | before keystream | size | size | + | repeats | (bytes) | (bytes) | + +====================+===============+===================+ + | 2^52 | 13 | 64K | + +--------------------+---------------+-------------------+ + | 2^48 | 12 | 16M | + +--------------------+---------------+-------------------+ + | 2^44 | 11 | 4G | + +--------------------+---------------+-------------------+ + | 2^40 | 10 | 1T | + +--------------------+---------------+-------------------+ + | 2^36 | 9 | 64P | + +--------------------+---------------+-------------------+ + | 2^32 | 8 | 16E | + +--------------------+---------------+-------------------+ + + This mode is only available for ciphers that operate on 128 bits blocks + (e.g. AES but not TDES). + + See `NIST SP800-38C`_ or RFC3610_. + + .. _`NIST SP800-38C`: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf + .. _RFC3610: https://tools.ietf.org/html/rfc3610 + .. _AEAD: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html + + :undocumented: __init__ + """ + + def __init__(self, factory, key, nonce, mac_len, msg_len, assoc_len, + cipher_params): + + self.block_size = factory.block_size + """The block size of the underlying cipher, in bytes.""" + + self.nonce = _copy_bytes(None, None, nonce) + """The nonce used for this cipher instance""" + + self._factory = factory + self._key = _copy_bytes(None, None, key) + self._mac_len = mac_len + self._msg_len = msg_len + self._assoc_len = assoc_len + self._cipher_params = cipher_params + + self._mac_tag = None # Cache for MAC tag + + if self.block_size != 16: + raise ValueError("CCM mode is only available for ciphers" + " that operate on 128 bits blocks") + + # MAC tag length (Tlen) + if mac_len not in (4, 6, 8, 10, 12, 14, 16): + raise ValueError("Parameter 'mac_len' must be even" + " and in the range 4..16 (not %d)" % mac_len) + + # Nonce value + if not (nonce and 7 <= len(nonce) <= 13): + raise ValueError("Length of parameter 'nonce' must be" + " in the range 7..13 bytes") + + # Create MAC object (the tag will be the last block + # bytes worth of ciphertext) + self._mac = self._factory.new(key, + factory.MODE_CBC, + iv=b'\x00' * 16, + **cipher_params) + self._mac_status = MacStatus.NOT_STARTED + self._t = None + + # Allowed transitions after initialization + self._next = [self.update, self.encrypt, self.decrypt, + self.digest, self.verify] + + # Cumulative lengths + self._cumul_assoc_len = 0 + self._cumul_msg_len = 0 + + # Cache for unaligned associated data/plaintext. + # This is a list with byte strings, but when the MAC starts, + # it will become a binary string no longer than the block size. + self._cache = [] + + # Start CTR cipher, by formatting the counter (A.3) + q = 15 - len(nonce) # length of Q, the encoded message length + self._cipher = self._factory.new(key, + self._factory.MODE_CTR, + nonce=struct.pack("B", q - 1) + self.nonce, + **cipher_params) + + # S_0, step 6 in 6.1 for j=0 + self._s_0 = self._cipher.encrypt(b'\x00' * 16) + + # Try to start the MAC + if None not in (assoc_len, msg_len): + self._start_mac() + + def _start_mac(self): + + assert(self._mac_status == MacStatus.NOT_STARTED) + assert(None not in (self._assoc_len, self._msg_len)) + assert(isinstance(self._cache, list)) + + # Formatting control information and nonce (A.2.1) + q = 15 - len(self.nonce) # length of Q, the encoded message length + flags = (64 * (self._assoc_len > 0) + 8 * ((self._mac_len - 2) // 2) + + (q - 1)) + b_0 = struct.pack("B", flags) + self.nonce + long_to_bytes(self._msg_len, q) + + # Formatting associated data (A.2.2) + # Encoded 'a' is concatenated with the associated data 'A' + assoc_len_encoded = b'' + if self._assoc_len > 0: + if self._assoc_len < (2 ** 16 - 2 ** 8): + enc_size = 2 + elif self._assoc_len < (2 ** 32): + assoc_len_encoded = b'\xFF\xFE' + enc_size = 4 + else: + assoc_len_encoded = b'\xFF\xFF' + enc_size = 8 + assoc_len_encoded += long_to_bytes(self._assoc_len, enc_size) + + # b_0 and assoc_len_encoded must be processed first + self._cache.insert(0, b_0) + self._cache.insert(1, assoc_len_encoded) + + # Process all the data cached so far + first_data_to_mac = b"".join(self._cache) + self._cache = b"" + self._mac_status = MacStatus.PROCESSING_AUTH_DATA + self._update(first_data_to_mac) + + def _pad_cache_and_update(self): + + assert(self._mac_status != MacStatus.NOT_STARTED) + assert(len(self._cache) < self.block_size) + + # Associated data is concatenated with the least number + # of zero bytes (possibly none) to reach alignment to + # the 16 byte boundary (A.2.3) + len_cache = len(self._cache) + if len_cache > 0: + self._update(b'\x00' * (self.block_size - len_cache)) + + def update(self, assoc_data): + """Protect associated data + + If there is any associated data, the caller has to invoke + this function one or more times, before using + ``decrypt`` or ``encrypt``. + + By *associated data* it is meant any data (e.g. packet headers) that + will not be encrypted and will be transmitted in the clear. + However, the receiver is still able to detect any modification to it. + In CCM, the *associated data* is also called + *additional authenticated data* (AAD). + + If there is no associated data, this method must not be called. + + The caller may split associated data in segments of any size, and + invoke this method multiple times, each time with the next segment. + + :Parameters: + assoc_data : bytes/bytearray/memoryview + A piece of associated data. There are no restrictions on its size. + """ + + if self.update not in self._next: + raise TypeError("update() can only be called" + " immediately after initialization") + + self._next = [self.update, self.encrypt, self.decrypt, + self.digest, self.verify] + + self._cumul_assoc_len += len(assoc_data) + if self._assoc_len is not None and \ + self._cumul_assoc_len > self._assoc_len: + raise ValueError("Associated data is too long") + + self._update(assoc_data) + return self + + def _update(self, assoc_data_pt=b""): + """Update the MAC with associated data or plaintext + (without FSM checks)""" + + # If MAC has not started yet, we just park the data into a list. + # If the data is mutable, we create a copy and store that instead. + if self._mac_status == MacStatus.NOT_STARTED: + if is_writeable_buffer(assoc_data_pt): + assoc_data_pt = _copy_bytes(None, None, assoc_data_pt) + self._cache.append(assoc_data_pt) + return + + assert(len(self._cache) < self.block_size) + + if len(self._cache) > 0: + filler = min(self.block_size - len(self._cache), + len(assoc_data_pt)) + self._cache += _copy_bytes(None, filler, assoc_data_pt) + assoc_data_pt = _copy_bytes(filler, None, assoc_data_pt) + + if len(self._cache) < self.block_size: + return + + # The cache is exactly one block + self._t = self._mac.encrypt(self._cache) + self._cache = b"" + + update_len = len(assoc_data_pt) // self.block_size * self.block_size + self._cache = _copy_bytes(update_len, None, assoc_data_pt) + if update_len > 0: + self._t = self._mac.encrypt(assoc_data_pt[:update_len])[-16:] + + def encrypt(self, plaintext, output=None): + """Encrypt data with the key set at initialization. + + A cipher object is stateful: once you have encrypted a message + you cannot encrypt (or decrypt) another message using the same + object. + + This method can be called only **once** if ``msg_len`` was + not passed at initialization. + + If ``msg_len`` was given, the data to encrypt can be broken + up in two or more pieces and `encrypt` can be called + multiple times. + + That is, the statement: + + >>> c.encrypt(a) + c.encrypt(b) + + is equivalent to: + + >>> c.encrypt(a+b) + + This function does not add any padding to the plaintext. + + :Parameters: + plaintext : bytes/bytearray/memoryview + The piece of data to encrypt. + It can be of any length. + :Keywords: + output : bytearray/memoryview + The location where the ciphertext must be written to. + If ``None``, the ciphertext is returned. + :Return: + If ``output`` is ``None``, the ciphertext as ``bytes``. + Otherwise, ``None``. + """ + + if self.encrypt not in self._next: + raise TypeError("encrypt() can only be called after" + " initialization or an update()") + self._next = [self.encrypt, self.digest] + + # No more associated data allowed from now + if self._assoc_len is None: + assert(isinstance(self._cache, list)) + self._assoc_len = sum([len(x) for x in self._cache]) + if self._msg_len is not None: + self._start_mac() + else: + if self._cumul_assoc_len < self._assoc_len: + raise ValueError("Associated data is too short") + + # Only once piece of plaintext accepted if message length was + # not declared in advance + if self._msg_len is None: + self._msg_len = len(plaintext) + self._start_mac() + self._next = [self.digest] + + self._cumul_msg_len += len(plaintext) + if self._cumul_msg_len > self._msg_len: + raise ValueError("Message is too long") + + if self._mac_status == MacStatus.PROCESSING_AUTH_DATA: + # Associated data is concatenated with the least number + # of zero bytes (possibly none) to reach alignment to + # the 16 byte boundary (A.2.3) + self._pad_cache_and_update() + self._mac_status = MacStatus.PROCESSING_PLAINTEXT + + self._update(plaintext) + return self._cipher.encrypt(plaintext, output=output) + + def decrypt(self, ciphertext, output=None): + """Decrypt data with the key set at initialization. + + A cipher object is stateful: once you have decrypted a message + you cannot decrypt (or encrypt) another message with the same + object. + + This method can be called only **once** if ``msg_len`` was + not passed at initialization. + + If ``msg_len`` was given, the data to decrypt can be + broken up in two or more pieces and `decrypt` can be + called multiple times. + + That is, the statement: + + >>> c.decrypt(a) + c.decrypt(b) + + is equivalent to: + + >>> c.decrypt(a+b) + + This function does not remove any padding from the plaintext. + + :Parameters: + ciphertext : bytes/bytearray/memoryview + The piece of data to decrypt. + It can be of any length. + :Keywords: + output : bytearray/memoryview + The location where the plaintext must be written to. + If ``None``, the plaintext is returned. + :Return: + If ``output`` is ``None``, the plaintext as ``bytes``. + Otherwise, ``None``. + """ + + if self.decrypt not in self._next: + raise TypeError("decrypt() can only be called" + " after initialization or an update()") + self._next = [self.decrypt, self.verify] + + # No more associated data allowed from now + if self._assoc_len is None: + assert(isinstance(self._cache, list)) + self._assoc_len = sum([len(x) for x in self._cache]) + if self._msg_len is not None: + self._start_mac() + else: + if self._cumul_assoc_len < self._assoc_len: + raise ValueError("Associated data is too short") + + # Only once piece of ciphertext accepted if message length was + # not declared in advance + if self._msg_len is None: + self._msg_len = len(ciphertext) + self._start_mac() + self._next = [self.verify] + + self._cumul_msg_len += len(ciphertext) + if self._cumul_msg_len > self._msg_len: + raise ValueError("Message is too long") + + if self._mac_status == MacStatus.PROCESSING_AUTH_DATA: + # Associated data is concatenated with the least number + # of zero bytes (possibly none) to reach alignment to + # the 16 byte boundary (A.2.3) + self._pad_cache_and_update() + self._mac_status = MacStatus.PROCESSING_PLAINTEXT + + # Encrypt is equivalent to decrypt with the CTR mode + plaintext = self._cipher.encrypt(ciphertext, output=output) + if output is None: + self._update(plaintext) + else: + self._update(output) + return plaintext + + def digest(self): + """Compute the *binary* MAC tag. + + The caller invokes this function at the very end. + + This method returns the MAC that shall be sent to the receiver, + together with the ciphertext. + + :Return: the MAC, as a byte string. + """ + + if self.digest not in self._next: + raise TypeError("digest() cannot be called when decrypting" + " or validating a message") + self._next = [self.digest] + return self._digest() + + def _digest(self): + if self._mac_tag: + return self._mac_tag + + if self._assoc_len is None: + assert(isinstance(self._cache, list)) + self._assoc_len = sum([len(x) for x in self._cache]) + if self._msg_len is not None: + self._start_mac() + else: + if self._cumul_assoc_len < self._assoc_len: + raise ValueError("Associated data is too short") + + if self._msg_len is None: + self._msg_len = 0 + self._start_mac() + + if self._cumul_msg_len != self._msg_len: + raise ValueError("Message is too short") + + # Both associated data and payload are concatenated with the least + # number of zero bytes (possibly none) that align it to the + # 16 byte boundary (A.2.2 and A.2.3) + self._pad_cache_and_update() + + # Step 8 in 6.1 (T xor MSB_Tlen(S_0)) + self._mac_tag = strxor(self._t, self._s_0)[:self._mac_len] + + return self._mac_tag + + def hexdigest(self): + """Compute the *printable* MAC tag. + + This method is like `digest`. + + :Return: the MAC, as a hexadecimal string. + """ + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def verify(self, received_mac_tag): + """Validate the *binary* MAC tag. + + The caller invokes this function at the very end. + + This method checks if the decrypted message is indeed valid + (that is, if the key is correct) and it has not been + tampered with while in transit. + + :Parameters: + received_mac_tag : bytes/bytearray/memoryview + This is the *binary* MAC, as received from the sender. + :Raises ValueError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + if self.verify not in self._next: + raise TypeError("verify() cannot be called" + " when encrypting a message") + self._next = [self.verify] + + self._digest() + secret = get_random_bytes(16) + + mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=self._mac_tag) + mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=received_mac_tag) + + if mac1.digest() != mac2.digest(): + raise ValueError("MAC check failed") + + def hexverify(self, hex_mac_tag): + """Validate the *printable* MAC tag. + + This method is like `verify`. + + :Parameters: + hex_mac_tag : string + This is the *printable* MAC, as received from the sender. + :Raises ValueError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + self.verify(unhexlify(hex_mac_tag)) + + def encrypt_and_digest(self, plaintext, output=None): + """Perform encrypt() and digest() in one step. + + :Parameters: + plaintext : bytes/bytearray/memoryview + The piece of data to encrypt. + :Keywords: + output : bytearray/memoryview + The location where the ciphertext must be written to. + If ``None``, the ciphertext is returned. + :Return: + a tuple with two items: + + - the ciphertext, as ``bytes`` + - the MAC tag, as ``bytes`` + + The first item becomes ``None`` when the ``output`` parameter + specified a location for the result. + """ + + return self.encrypt(plaintext, output=output), self.digest() + + def decrypt_and_verify(self, ciphertext, received_mac_tag, output=None): + """Perform decrypt() and verify() in one step. + + :Parameters: + ciphertext : bytes/bytearray/memoryview + The piece of data to decrypt. + received_mac_tag : bytes/bytearray/memoryview + This is the *binary* MAC, as received from the sender. + :Keywords: + output : bytearray/memoryview + The location where the plaintext must be written to. + If ``None``, the plaintext is returned. + :Return: the plaintext as ``bytes`` or ``None`` when the ``output`` + parameter specified a location for the result. + :Raises ValueError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + plaintext = self.decrypt(ciphertext, output=output) + self.verify(received_mac_tag) + return plaintext + + +def _create_ccm_cipher(factory, **kwargs): + """Create a new block cipher, configured in CCM mode. + + :Parameters: + factory : module + A symmetric cipher module from `Cryptodome.Cipher` (like + `Cryptodome.Cipher.AES`). + + :Keywords: + key : bytes/bytearray/memoryview + The secret key to use in the symmetric cipher. + + nonce : bytes/bytearray/memoryview + A value that must never be reused for any other encryption. + + Its length must be in the range ``[7..13]``. + 11 or 12 bytes are reasonable values in general. Bear in + mind that with CCM there is a trade-off between nonce length and + maximum message size. + + If not specified, a 11 byte long random string is used. + + mac_len : integer + Length of the MAC, in bytes. It must be even and in + the range ``[4..16]``. The default is 16. + + msg_len : integer + Length of the message to (de)cipher. + If not specified, ``encrypt`` or ``decrypt`` may only be called once. + + assoc_len : integer + Length of the associated data. + If not specified, all data is internally buffered. + """ + + try: + key = key = kwargs.pop("key") + except KeyError as e: + raise TypeError("Missing parameter: " + str(e)) + + nonce = kwargs.pop("nonce", None) # N + if nonce is None: + nonce = get_random_bytes(11) + mac_len = kwargs.pop("mac_len", factory.block_size) + msg_len = kwargs.pop("msg_len", None) # p + assoc_len = kwargs.pop("assoc_len", None) # a + cipher_params = dict(kwargs) + + return CcmMode(factory, key, nonce, mac_len, msg_len, + assoc_len, cipher_params) diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ccm.pyi b/frozen_deps/Cryptodome/Cipher/_mode_ccm.pyi new file mode 100644 index 0000000..4b9f620 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_ccm.pyi @@ -0,0 +1,47 @@ +from types import ModuleType +from typing import Union, overload, Dict, Tuple, Optional + +Buffer = Union[bytes, bytearray, memoryview] + +__all__ = ['CcmMode'] + +class CcmMode(object): + block_size: int + nonce: bytes + + def __init__(self, + factory: ModuleType, + key: Buffer, + nonce: Buffer, + mac_len: int, + msg_len: int, + assoc_len: int, + cipher_params: Dict) -> None: ... + + def update(self, assoc_data: Buffer) -> CcmMode: ... + + @overload + def encrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + @overload + def decrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def verify(self, received_mac_tag: Buffer) -> None: ... + def hexverify(self, hex_mac_tag: str) -> None: ... + + @overload + def encrypt_and_digest(self, + plaintext: Buffer) -> Tuple[bytes, bytes]: ... + @overload + def encrypt_and_digest(self, + plaintext: Buffer, + output: Buffer) -> Tuple[None, bytes]: ... + def decrypt_and_verify(self, + ciphertext: Buffer, + received_mac_tag: Buffer, + output: Optional[Union[bytearray, memoryview]] = ...) -> bytes: ... diff --git a/frozen_deps/Cryptodome/Cipher/_mode_cfb.py b/frozen_deps/Cryptodome/Cipher/_mode_cfb.py new file mode 100644 index 0000000..b790dd4 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_cfb.py @@ -0,0 +1,293 @@ +# -*- coding: utf-8 -*- +# +# Cipher/mode_cfb.py : CFB mode +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +""" +Counter Feedback (CFB) mode. +""" + +__all__ = ['CfbMode'] + +from Cryptodome.Util.py3compat import _copy_bytes +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer, + create_string_buffer, get_raw_buffer, + SmartPointer, c_size_t, c_uint8_ptr, + is_writeable_buffer) + +from Cryptodome.Random import get_random_bytes + +raw_cfb_lib = load_pycryptodome_raw_lib("Cryptodome.Cipher._raw_cfb",""" + int CFB_start_operation(void *cipher, + const uint8_t iv[], + size_t iv_len, + size_t segment_len, /* In bytes */ + void **pResult); + int CFB_encrypt(void *cfbState, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int CFB_decrypt(void *cfbState, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int CFB_stop_operation(void *state);""" + ) + + +class CfbMode(object): + """*Cipher FeedBack (CFB)*. + + This mode is similar to CFB, but it transforms + the underlying block cipher into a stream cipher. + + Plaintext and ciphertext are processed in *segments* + of **s** bits. The mode is therefore sometimes + labelled **s**-bit CFB. + + An Initialization Vector (*IV*) is required. + + See `NIST SP800-38A`_ , Section 6.3. + + .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf + + :undocumented: __init__ + """ + + def __init__(self, block_cipher, iv, segment_size): + """Create a new block cipher, configured in CFB mode. + + :Parameters: + block_cipher : C pointer + A smart pointer to the low-level block cipher instance. + + iv : bytes/bytearray/memoryview + The initialization vector to use for encryption or decryption. + It is as long as the cipher block. + + **The IV must be unpredictable**. Ideally it is picked randomly. + + Reusing the *IV* for encryptions performed with the same key + compromises confidentiality. + + segment_size : integer + The number of bytes the plaintext and ciphertext are segmented in. + """ + + self._state = VoidPointer() + result = raw_cfb_lib.CFB_start_operation(block_cipher.get(), + c_uint8_ptr(iv), + c_size_t(len(iv)), + c_size_t(segment_size), + self._state.address_of()) + if result: + raise ValueError("Error %d while instantiating the CFB mode" % result) + + # Ensure that object disposal of this Python object will (eventually) + # free the memory allocated by the raw library for the cipher mode + self._state = SmartPointer(self._state.get(), + raw_cfb_lib.CFB_stop_operation) + + # Memory allocated for the underlying block cipher is now owed + # by the cipher mode + block_cipher.release() + + self.block_size = len(iv) + """The block size of the underlying cipher, in bytes.""" + + self.iv = _copy_bytes(None, None, iv) + """The Initialization Vector originally used to create the object. + The value does not change.""" + + self.IV = self.iv + """Alias for `iv`""" + + self._next = [ self.encrypt, self.decrypt ] + + def encrypt(self, plaintext, output=None): + """Encrypt data with the key and the parameters set at initialization. + + A cipher object is stateful: once you have encrypted a message + you cannot encrypt (or decrypt) another message using the same + object. + + The data to encrypt can be broken up in two or + more pieces and `encrypt` can be called multiple times. + + That is, the statement: + + >>> c.encrypt(a) + c.encrypt(b) + + is equivalent to: + + >>> c.encrypt(a+b) + + This function does not add any padding to the plaintext. + + :Parameters: + plaintext : bytes/bytearray/memoryview + The piece of data to encrypt. + It can be of any length. + :Keywords: + output : bytearray/memoryview + The location where the ciphertext must be written to. + If ``None``, the ciphertext is returned. + :Return: + If ``output`` is ``None``, the ciphertext is returned as ``bytes``. + Otherwise, ``None``. + """ + + if self.encrypt not in self._next: + raise TypeError("encrypt() cannot be called after decrypt()") + self._next = [ self.encrypt ] + + if output is None: + ciphertext = create_string_buffer(len(plaintext)) + else: + ciphertext = output + + if not is_writeable_buffer(output): + raise TypeError("output must be a bytearray or a writeable memoryview") + + if len(plaintext) != len(output): + raise ValueError("output must have the same length as the input" + " (%d bytes)" % len(plaintext)) + + result = raw_cfb_lib.CFB_encrypt(self._state.get(), + c_uint8_ptr(plaintext), + c_uint8_ptr(ciphertext), + c_size_t(len(plaintext))) + if result: + raise ValueError("Error %d while encrypting in CFB mode" % result) + + if output is None: + return get_raw_buffer(ciphertext) + else: + return None + + def decrypt(self, ciphertext, output=None): + """Decrypt data with the key and the parameters set at initialization. + + A cipher object is stateful: once you have decrypted a message + you cannot decrypt (or encrypt) another message with the same + object. + + The data to decrypt can be broken up in two or + more pieces and `decrypt` can be called multiple times. + + That is, the statement: + + >>> c.decrypt(a) + c.decrypt(b) + + is equivalent to: + + >>> c.decrypt(a+b) + + This function does not remove any padding from the plaintext. + + :Parameters: + ciphertext : bytes/bytearray/memoryview + The piece of data to decrypt. + It can be of any length. + :Keywords: + output : bytearray/memoryview + The location where the plaintext must be written to. + If ``None``, the plaintext is returned. + :Return: + If ``output`` is ``None``, the plaintext is returned as ``bytes``. + Otherwise, ``None``. + """ + + if self.decrypt not in self._next: + raise TypeError("decrypt() cannot be called after encrypt()") + self._next = [ self.decrypt ] + + if output is None: + plaintext = create_string_buffer(len(ciphertext)) + else: + plaintext = output + + if not is_writeable_buffer(output): + raise TypeError("output must be a bytearray or a writeable memoryview") + + if len(ciphertext) != len(output): + raise ValueError("output must have the same length as the input" + " (%d bytes)" % len(plaintext)) + + result = raw_cfb_lib.CFB_decrypt(self._state.get(), + c_uint8_ptr(ciphertext), + c_uint8_ptr(plaintext), + c_size_t(len(ciphertext))) + if result: + raise ValueError("Error %d while decrypting in CFB mode" % result) + + if output is None: + return get_raw_buffer(plaintext) + else: + return None + + +def _create_cfb_cipher(factory, **kwargs): + """Instantiate a cipher object that performs CFB encryption/decryption. + + :Parameters: + factory : module + The underlying block cipher, a module from ``Cryptodome.Cipher``. + + :Keywords: + iv : bytes/bytearray/memoryview + The IV to use for CFB. + + IV : bytes/bytearray/memoryview + Alias for ``iv``. + + segment_size : integer + The number of bit the plaintext and ciphertext are segmented in. + If not present, the default is 8. + + Any other keyword will be passed to the underlying block cipher. + See the relevant documentation for details (at least ``key`` will need + to be present). + """ + + cipher_state = factory._create_base_cipher(kwargs) + + iv = kwargs.pop("IV", None) + IV = kwargs.pop("iv", None) + + if (None, None) == (iv, IV): + iv = get_random_bytes(factory.block_size) + if iv is not None: + if IV is not None: + raise TypeError("You must either use 'iv' or 'IV', not both") + else: + iv = IV + + if len(iv) != factory.block_size: + raise ValueError("Incorrect IV length (it must be %d bytes long)" % + factory.block_size) + + segment_size_bytes, rem = divmod(kwargs.pop("segment_size", 8), 8) + if segment_size_bytes == 0 or rem != 0: + raise ValueError("'segment_size' must be positive and multiple of 8 bits") + + if kwargs: + raise TypeError("Unknown parameters for CFB: %s" % str(kwargs)) + return CfbMode(cipher_state, iv, segment_size_bytes) diff --git a/frozen_deps/Cryptodome/Cipher/_mode_cfb.pyi b/frozen_deps/Cryptodome/Cipher/_mode_cfb.pyi new file mode 100644 index 0000000..228e464 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_cfb.pyi @@ -0,0 +1,26 @@ +from typing import Union, overload + +from Cryptodome.Util._raw_api import SmartPointer + +Buffer = Union[bytes, bytearray, memoryview] + +__all__ = ['CfbMode'] + + +class CfbMode(object): + block_size: int + iv: Buffer + IV: Buffer + + def __init__(self, + block_cipher: SmartPointer, + iv: Buffer, + segment_size: int) -> None: ... + @overload + def encrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + @overload + def decrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ctr.py b/frozen_deps/Cryptodome/Cipher/_mode_ctr.py new file mode 100644 index 0000000..99712d0 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_ctr.py @@ -0,0 +1,393 @@ +# -*- coding: utf-8 -*- +# +# Cipher/mode_ctr.py : CTR mode +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +""" +Counter (CTR) mode. +""" + +__all__ = ['CtrMode'] + +import struct + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer, + create_string_buffer, get_raw_buffer, + SmartPointer, c_size_t, c_uint8_ptr, + is_writeable_buffer) + +from Cryptodome.Random import get_random_bytes +from Cryptodome.Util.py3compat import _copy_bytes, is_native_int +from Cryptodome.Util.number import long_to_bytes + +raw_ctr_lib = load_pycryptodome_raw_lib("Cryptodome.Cipher._raw_ctr", """ + int CTR_start_operation(void *cipher, + uint8_t initialCounterBlock[], + size_t initialCounterBlock_len, + size_t prefix_len, + unsigned counter_len, + unsigned littleEndian, + void **pResult); + int CTR_encrypt(void *ctrState, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int CTR_decrypt(void *ctrState, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int CTR_stop_operation(void *ctrState);""" + ) + + +class CtrMode(object): + """*CounTeR (CTR)* mode. + + This mode is very similar to ECB, in that + encryption of one block is done independently of all other blocks. + + Unlike ECB, the block *position* contributes to the encryption + and no information leaks about symbol frequency. + + Each message block is associated to a *counter* which + must be unique across all messages that get encrypted + with the same key (not just within the same message). + The counter is as big as the block size. + + Counters can be generated in several ways. The most + straightword one is to choose an *initial counter block* + (which can be made public, similarly to the *IV* for the + other modes) and increment its lowest **m** bits by one + (modulo *2^m*) for each block. In most cases, **m** is + chosen to be half the block size. + + See `NIST SP800-38A`_, Section 6.5 (for the mode) and + Appendix B (for how to manage the *initial counter block*). + + .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf + + :undocumented: __init__ + """ + + def __init__(self, block_cipher, initial_counter_block, + prefix_len, counter_len, little_endian): + """Create a new block cipher, configured in CTR mode. + + :Parameters: + block_cipher : C pointer + A smart pointer to the low-level block cipher instance. + + initial_counter_block : bytes/bytearray/memoryview + The initial plaintext to use to generate the key stream. + + It is as large as the cipher block, and it embeds + the initial value of the counter. + + This value must not be reused. + It shall contain a nonce or a random component. + Reusing the *initial counter block* for encryptions + performed with the same key compromises confidentiality. + + prefix_len : integer + The amount of bytes at the beginning of the counter block + that never change. + + counter_len : integer + The length in bytes of the counter embedded in the counter + block. + + little_endian : boolean + True if the counter in the counter block is an integer encoded + in little endian mode. If False, it is big endian. + """ + + if len(initial_counter_block) == prefix_len + counter_len: + self.nonce = _copy_bytes(None, prefix_len, initial_counter_block) + """Nonce; not available if there is a fixed suffix""" + + self._state = VoidPointer() + result = raw_ctr_lib.CTR_start_operation(block_cipher.get(), + c_uint8_ptr(initial_counter_block), + c_size_t(len(initial_counter_block)), + c_size_t(prefix_len), + counter_len, + little_endian, + self._state.address_of()) + if result: + raise ValueError("Error %X while instantiating the CTR mode" + % result) + + # Ensure that object disposal of this Python object will (eventually) + # free the memory allocated by the raw library for the cipher mode + self._state = SmartPointer(self._state.get(), + raw_ctr_lib.CTR_stop_operation) + + # Memory allocated for the underlying block cipher is now owed + # by the cipher mode + block_cipher.release() + + self.block_size = len(initial_counter_block) + """The block size of the underlying cipher, in bytes.""" + + self._next = [self.encrypt, self.decrypt] + + def encrypt(self, plaintext, output=None): + """Encrypt data with the key and the parameters set at initialization. + + A cipher object is stateful: once you have encrypted a message + you cannot encrypt (or decrypt) another message using the same + object. + + The data to encrypt can be broken up in two or + more pieces and `encrypt` can be called multiple times. + + That is, the statement: + + >>> c.encrypt(a) + c.encrypt(b) + + is equivalent to: + + >>> c.encrypt(a+b) + + This function does not add any padding to the plaintext. + + :Parameters: + plaintext : bytes/bytearray/memoryview + The piece of data to encrypt. + It can be of any length. + :Keywords: + output : bytearray/memoryview + The location where the ciphertext must be written to. + If ``None``, the ciphertext is returned. + :Return: + If ``output`` is ``None``, the ciphertext is returned as ``bytes``. + Otherwise, ``None``. + """ + + if self.encrypt not in self._next: + raise TypeError("encrypt() cannot be called after decrypt()") + self._next = [self.encrypt] + + if output is None: + ciphertext = create_string_buffer(len(plaintext)) + else: + ciphertext = output + + if not is_writeable_buffer(output): + raise TypeError("output must be a bytearray or a writeable memoryview") + + if len(plaintext) != len(output): + raise ValueError("output must have the same length as the input" + " (%d bytes)" % len(plaintext)) + + result = raw_ctr_lib.CTR_encrypt(self._state.get(), + c_uint8_ptr(plaintext), + c_uint8_ptr(ciphertext), + c_size_t(len(plaintext))) + if result: + if result == 0x60002: + raise OverflowError("The counter has wrapped around in" + " CTR mode") + raise ValueError("Error %X while encrypting in CTR mode" % result) + + if output is None: + return get_raw_buffer(ciphertext) + else: + return None + + def decrypt(self, ciphertext, output=None): + """Decrypt data with the key and the parameters set at initialization. + + A cipher object is stateful: once you have decrypted a message + you cannot decrypt (or encrypt) another message with the same + object. + + The data to decrypt can be broken up in two or + more pieces and `decrypt` can be called multiple times. + + That is, the statement: + + >>> c.decrypt(a) + c.decrypt(b) + + is equivalent to: + + >>> c.decrypt(a+b) + + This function does not remove any padding from the plaintext. + + :Parameters: + ciphertext : bytes/bytearray/memoryview + The piece of data to decrypt. + It can be of any length. + :Keywords: + output : bytearray/memoryview + The location where the plaintext must be written to. + If ``None``, the plaintext is returned. + :Return: + If ``output`` is ``None``, the plaintext is returned as ``bytes``. + Otherwise, ``None``. + """ + + if self.decrypt not in self._next: + raise TypeError("decrypt() cannot be called after encrypt()") + self._next = [self.decrypt] + + if output is None: + plaintext = create_string_buffer(len(ciphertext)) + else: + plaintext = output + + if not is_writeable_buffer(output): + raise TypeError("output must be a bytearray or a writeable memoryview") + + if len(ciphertext) != len(output): + raise ValueError("output must have the same length as the input" + " (%d bytes)" % len(plaintext)) + + + result = raw_ctr_lib.CTR_decrypt(self._state.get(), + c_uint8_ptr(ciphertext), + c_uint8_ptr(plaintext), + c_size_t(len(ciphertext))) + if result: + if result == 0x60002: + raise OverflowError("The counter has wrapped around in" + " CTR mode") + raise ValueError("Error %X while decrypting in CTR mode" % result) + + if output is None: + return get_raw_buffer(plaintext) + else: + return None + + +def _create_ctr_cipher(factory, **kwargs): + """Instantiate a cipher object that performs CTR encryption/decryption. + + :Parameters: + factory : module + The underlying block cipher, a module from ``Cryptodome.Cipher``. + + :Keywords: + nonce : bytes/bytearray/memoryview + The fixed part at the beginning of the counter block - the rest is + the counter number that gets increased when processing the next block. + The nonce must be such that no two messages are encrypted under the + same key and the same nonce. + + The nonce must be shorter than the block size (it can have + zero length; the counter is then as long as the block). + + If this parameter is not present, a random nonce will be created with + length equal to half the block size. No random nonce shorter than + 64 bits will be created though - you must really think through all + security consequences of using such a short block size. + + initial_value : posive integer or bytes/bytearray/memoryview + The initial value for the counter. If not present, the cipher will + start counting from 0. The value is incremented by one for each block. + The counter number is encoded in big endian mode. + + counter : object + Instance of ``Cryptodome.Util.Counter``, which allows full customization + of the counter block. This parameter is incompatible to both ``nonce`` + and ``initial_value``. + + Any other keyword will be passed to the underlying block cipher. + See the relevant documentation for details (at least ``key`` will need + to be present). + """ + + cipher_state = factory._create_base_cipher(kwargs) + + counter = kwargs.pop("counter", None) + nonce = kwargs.pop("nonce", None) + initial_value = kwargs.pop("initial_value", None) + if kwargs: + raise TypeError("Invalid parameters for CTR mode: %s" % str(kwargs)) + + if counter is not None and (nonce, initial_value) != (None, None): + raise TypeError("'counter' and 'nonce'/'initial_value'" + " are mutually exclusive") + + if counter is None: + # Cryptodome.Util.Counter is not used + if nonce is None: + if factory.block_size < 16: + raise TypeError("Impossible to create a safe nonce for short" + " block sizes") + nonce = get_random_bytes(factory.block_size // 2) + else: + if len(nonce) >= factory.block_size: + raise ValueError("Nonce is too long") + + # What is not nonce is counter + counter_len = factory.block_size - len(nonce) + + if initial_value is None: + initial_value = 0 + + if is_native_int(initial_value): + if (1 << (counter_len * 8)) - 1 < initial_value: + raise ValueError("Initial counter value is too large") + initial_counter_block = nonce + long_to_bytes(initial_value, counter_len) + else: + if len(initial_value) != counter_len: + raise ValueError("Incorrect length for counter byte string (%d bytes, expected %d)" % (len(initial_value), counter_len)) + initial_counter_block = nonce + initial_value + + return CtrMode(cipher_state, + initial_counter_block, + len(nonce), # prefix + counter_len, + False) # little_endian + + # Cryptodome.Util.Counter is used + + # 'counter' used to be a callable object, but now it is + # just a dictionary for backward compatibility. + _counter = dict(counter) + try: + counter_len = _counter.pop("counter_len") + prefix = _counter.pop("prefix") + suffix = _counter.pop("suffix") + initial_value = _counter.pop("initial_value") + little_endian = _counter.pop("little_endian") + except KeyError: + raise TypeError("Incorrect counter object" + " (use Cryptodome.Util.Counter.new)") + + # Compute initial counter block + words = [] + while initial_value > 0: + words.append(struct.pack('B', initial_value & 255)) + initial_value >>= 8 + words += [ b'\x00' ] * max(0, counter_len - len(words)) + if not little_endian: + words.reverse() + initial_counter_block = prefix + b"".join(words) + suffix + + if len(initial_counter_block) != factory.block_size: + raise ValueError("Size of the counter block (%d bytes) must match" + " block size (%d)" % (len(initial_counter_block), + factory.block_size)) + + return CtrMode(cipher_state, initial_counter_block, + len(prefix), counter_len, little_endian) diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ctr.pyi b/frozen_deps/Cryptodome/Cipher/_mode_ctr.pyi new file mode 100644 index 0000000..a68a890 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_ctr.pyi @@ -0,0 +1,27 @@ +from typing import Union, overload + +from Cryptodome.Util._raw_api import SmartPointer + +Buffer = Union[bytes, bytearray, memoryview] + +__all__ = ['CtrMode'] + +class CtrMode(object): + block_size: int + nonce: bytes + + def __init__(self, + block_cipher: SmartPointer, + initial_counter_block: Buffer, + prefix_len: int, + counter_len: int, + little_endian: bool) -> None: ... + @overload + def encrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + @overload + def decrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + diff --git a/frozen_deps/Cryptodome/Cipher/_mode_eax.py b/frozen_deps/Cryptodome/Cipher/_mode_eax.py new file mode 100644 index 0000000..8efb77a --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_eax.py @@ -0,0 +1,408 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +""" +EAX mode. +""" + +__all__ = ['EaxMode'] + +import struct +from binascii import unhexlify + +from Cryptodome.Util.py3compat import byte_string, bord, _copy_bytes + +from Cryptodome.Util._raw_api import is_buffer + +from Cryptodome.Util.strxor import strxor +from Cryptodome.Util.number import long_to_bytes, bytes_to_long + +from Cryptodome.Hash import CMAC, BLAKE2s +from Cryptodome.Random import get_random_bytes + + +class EaxMode(object): + """*EAX* mode. + + This is an Authenticated Encryption with Associated Data + (`AEAD`_) mode. It provides both confidentiality and authenticity. + + The header of the message may be left in the clear, if needed, + and it will still be subject to authentication. + + The decryption step tells the receiver if the message comes + from a source that really knowns the secret key. + Additionally, decryption detects if any part of the message - + including the header - has been modified or corrupted. + + This mode requires a *nonce*. + + This mode is only available for ciphers that operate on 64 or + 128 bits blocks. + + There are no official standards defining EAX. + The implementation is based on `a proposal`__ that + was presented to NIST. + + .. _AEAD: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html + .. __: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf + + :undocumented: __init__ + """ + + def __init__(self, factory, key, nonce, mac_len, cipher_params): + """EAX cipher mode""" + + self.block_size = factory.block_size + """The block size of the underlying cipher, in bytes.""" + + self.nonce = _copy_bytes(None, None, nonce) + """The nonce originally used to create the object.""" + + self._mac_len = mac_len + self._mac_tag = None # Cache for MAC tag + + # Allowed transitions after initialization + self._next = [self.update, self.encrypt, self.decrypt, + self.digest, self.verify] + + # MAC tag length + if not (4 <= self._mac_len <= self.block_size): + raise ValueError("Parameter 'mac_len' must not be larger than %d" + % self.block_size) + + # Nonce cannot be empty and must be a byte string + if len(self.nonce) == 0: + raise ValueError("Nonce cannot be empty in EAX mode") + if not is_buffer(nonce): + raise TypeError("nonce must be bytes, bytearray or memoryview") + + self._omac = [ + CMAC.new(key, + b'\x00' * (self.block_size - 1) + struct.pack('B', i), + ciphermod=factory, + cipher_params=cipher_params) + for i in range(0, 3) + ] + + # Compute MAC of nonce + self._omac[0].update(self.nonce) + self._signer = self._omac[1] + + # MAC of the nonce is also the initial counter for CTR encryption + counter_int = bytes_to_long(self._omac[0].digest()) + self._cipher = factory.new(key, + factory.MODE_CTR, + initial_value=counter_int, + nonce=b"", + **cipher_params) + + def update(self, assoc_data): + """Protect associated data + + If there is any associated data, the caller has to invoke + this function one or more times, before using + ``decrypt`` or ``encrypt``. + + By *associated data* it is meant any data (e.g. packet headers) that + will not be encrypted and will be transmitted in the clear. + However, the receiver is still able to detect any modification to it. + + If there is no associated data, this method must not be called. + + The caller may split associated data in segments of any size, and + invoke this method multiple times, each time with the next segment. + + :Parameters: + assoc_data : bytes/bytearray/memoryview + A piece of associated data. There are no restrictions on its size. + """ + + if self.update not in self._next: + raise TypeError("update() can only be called" + " immediately after initialization") + + self._next = [self.update, self.encrypt, self.decrypt, + self.digest, self.verify] + + self._signer.update(assoc_data) + return self + + def encrypt(self, plaintext, output=None): + """Encrypt data with the key and the parameters set at initialization. + + A cipher object is stateful: once you have encrypted a message + you cannot encrypt (or decrypt) another message using the same + object. + + The data to encrypt can be broken up in two or + more pieces and `encrypt` can be called multiple times. + + That is, the statement: + + >>> c.encrypt(a) + c.encrypt(b) + + is equivalent to: + + >>> c.encrypt(a+b) + + This function does not add any padding to the plaintext. + + :Parameters: + plaintext : bytes/bytearray/memoryview + The piece of data to encrypt. + It can be of any length. + :Keywords: + output : bytearray/memoryview + The location where the ciphertext must be written to. + If ``None``, the ciphertext is returned. + :Return: + If ``output`` is ``None``, the ciphertext as ``bytes``. + Otherwise, ``None``. + """ + + if self.encrypt not in self._next: + raise TypeError("encrypt() can only be called after" + " initialization or an update()") + self._next = [self.encrypt, self.digest] + ct = self._cipher.encrypt(plaintext, output=output) + if output is None: + self._omac[2].update(ct) + else: + self._omac[2].update(output) + return ct + + def decrypt(self, ciphertext, output=None): + """Decrypt data with the key and the parameters set at initialization. + + A cipher object is stateful: once you have decrypted a message + you cannot decrypt (or encrypt) another message with the same + object. + + The data to decrypt can be broken up in two or + more pieces and `decrypt` can be called multiple times. + + That is, the statement: + + >>> c.decrypt(a) + c.decrypt(b) + + is equivalent to: + + >>> c.decrypt(a+b) + + This function does not remove any padding from the plaintext. + + :Parameters: + ciphertext : bytes/bytearray/memoryview + The piece of data to decrypt. + It can be of any length. + :Keywords: + output : bytearray/memoryview + The location where the plaintext must be written to. + If ``None``, the plaintext is returned. + :Return: + If ``output`` is ``None``, the plaintext as ``bytes``. + Otherwise, ``None``. + """ + + if self.decrypt not in self._next: + raise TypeError("decrypt() can only be called" + " after initialization or an update()") + self._next = [self.decrypt, self.verify] + self._omac[2].update(ciphertext) + return self._cipher.decrypt(ciphertext, output=output) + + def digest(self): + """Compute the *binary* MAC tag. + + The caller invokes this function at the very end. + + This method returns the MAC that shall be sent to the receiver, + together with the ciphertext. + + :Return: the MAC, as a byte string. + """ + + if self.digest not in self._next: + raise TypeError("digest() cannot be called when decrypting" + " or validating a message") + self._next = [self.digest] + + if not self._mac_tag: + tag = b'\x00' * self.block_size + for i in range(3): + tag = strxor(tag, self._omac[i].digest()) + self._mac_tag = tag[:self._mac_len] + + return self._mac_tag + + def hexdigest(self): + """Compute the *printable* MAC tag. + + This method is like `digest`. + + :Return: the MAC, as a hexadecimal string. + """ + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def verify(self, received_mac_tag): + """Validate the *binary* MAC tag. + + The caller invokes this function at the very end. + + This method checks if the decrypted message is indeed valid + (that is, if the key is correct) and it has not been + tampered with while in transit. + + :Parameters: + received_mac_tag : bytes/bytearray/memoryview + This is the *binary* MAC, as received from the sender. + :Raises MacMismatchError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + if self.verify not in self._next: + raise TypeError("verify() cannot be called" + " when encrypting a message") + self._next = [self.verify] + + if not self._mac_tag: + tag = b'\x00' * self.block_size + for i in range(3): + tag = strxor(tag, self._omac[i].digest()) + self._mac_tag = tag[:self._mac_len] + + secret = get_random_bytes(16) + + mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=self._mac_tag) + mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=received_mac_tag) + + if mac1.digest() != mac2.digest(): + raise ValueError("MAC check failed") + + def hexverify(self, hex_mac_tag): + """Validate the *printable* MAC tag. + + This method is like `verify`. + + :Parameters: + hex_mac_tag : string + This is the *printable* MAC, as received from the sender. + :Raises MacMismatchError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + self.verify(unhexlify(hex_mac_tag)) + + def encrypt_and_digest(self, plaintext, output=None): + """Perform encrypt() and digest() in one step. + + :Parameters: + plaintext : bytes/bytearray/memoryview + The piece of data to encrypt. + :Keywords: + output : bytearray/memoryview + The location where the ciphertext must be written to. + If ``None``, the ciphertext is returned. + :Return: + a tuple with two items: + + - the ciphertext, as ``bytes`` + - the MAC tag, as ``bytes`` + + The first item becomes ``None`` when the ``output`` parameter + specified a location for the result. + """ + + return self.encrypt(plaintext, output=output), self.digest() + + def decrypt_and_verify(self, ciphertext, received_mac_tag, output=None): + """Perform decrypt() and verify() in one step. + + :Parameters: + ciphertext : bytes/bytearray/memoryview + The piece of data to decrypt. + received_mac_tag : bytes/bytearray/memoryview + This is the *binary* MAC, as received from the sender. + :Keywords: + output : bytearray/memoryview + The location where the plaintext must be written to. + If ``None``, the plaintext is returned. + :Return: the plaintext as ``bytes`` or ``None`` when the ``output`` + parameter specified a location for the result. + :Raises MacMismatchError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + pt = self.decrypt(ciphertext, output=output) + self.verify(received_mac_tag) + return pt + + +def _create_eax_cipher(factory, **kwargs): + """Create a new block cipher, configured in EAX mode. + + :Parameters: + factory : module + A symmetric cipher module from `Cryptodome.Cipher` (like + `Cryptodome.Cipher.AES`). + + :Keywords: + key : bytes/bytearray/memoryview + The secret key to use in the symmetric cipher. + + nonce : bytes/bytearray/memoryview + A value that must never be reused for any other encryption. + There are no restrictions on its length, but it is recommended to use + at least 16 bytes. + + The nonce shall never repeat for two different messages encrypted with + the same key, but it does not need to be random. + + If not specified, a 16 byte long random string is used. + + mac_len : integer + Length of the MAC, in bytes. It must be no larger than the cipher + block bytes (which is the default). + """ + + try: + key = kwargs.pop("key") + nonce = kwargs.pop("nonce", None) + if nonce is None: + nonce = get_random_bytes(16) + mac_len = kwargs.pop("mac_len", factory.block_size) + except KeyError as e: + raise TypeError("Missing parameter: " + str(e)) + + return EaxMode(factory, key, nonce, mac_len, kwargs) diff --git a/frozen_deps/Cryptodome/Cipher/_mode_eax.pyi b/frozen_deps/Cryptodome/Cipher/_mode_eax.pyi new file mode 100644 index 0000000..cbfa467 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_eax.pyi @@ -0,0 +1,45 @@ +from types import ModuleType +from typing import Any, Union, Tuple, Dict, overload, Optional + +Buffer = Union[bytes, bytearray, memoryview] + +__all__ = ['EaxMode'] + +class EaxMode(object): + block_size: int + nonce: bytes + + def __init__(self, + factory: ModuleType, + key: Buffer, + nonce: Buffer, + mac_len: int, + cipher_params: Dict) -> None: ... + + def update(self, assoc_data: Buffer) -> EaxMode: ... + + @overload + def encrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + @overload + def decrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def verify(self, received_mac_tag: Buffer) -> None: ... + def hexverify(self, hex_mac_tag: str) -> None: ... + + @overload + def encrypt_and_digest(self, + plaintext: Buffer) -> Tuple[bytes, bytes]: ... + @overload + def encrypt_and_digest(self, + plaintext: Buffer, + output: Buffer) -> Tuple[None, bytes]: ... + def decrypt_and_verify(self, + ciphertext: Buffer, + received_mac_tag: Buffer, + output: Optional[Union[bytearray, memoryview]] = ...) -> bytes: ... diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ecb.py b/frozen_deps/Cryptodome/Cipher/_mode_ecb.py new file mode 100644 index 0000000..4c381f7 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_ecb.py @@ -0,0 +1,218 @@ +# -*- coding: utf-8 -*- +# +# Cipher/mode_ecb.py : ECB mode +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +""" +Electronic Code Book (ECB) mode. +""" + +__all__ = [ 'EcbMode' ] + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, create_string_buffer, + get_raw_buffer, SmartPointer, + c_size_t, c_uint8_ptr, + is_writeable_buffer) + +raw_ecb_lib = load_pycryptodome_raw_lib("Cryptodome.Cipher._raw_ecb", """ + int ECB_start_operation(void *cipher, + void **pResult); + int ECB_encrypt(void *ecbState, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int ECB_decrypt(void *ecbState, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int ECB_stop_operation(void *state); + """ + ) + + +class EcbMode(object): + """*Electronic Code Book (ECB)*. + + This is the simplest encryption mode. Each of the plaintext blocks + is directly encrypted into a ciphertext block, independently of + any other block. + + This mode is dangerous because it exposes frequency of symbols + in your plaintext. Other modes (e.g. *CBC*) should be used instead. + + See `NIST SP800-38A`_ , Section 6.1. + + .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf + + :undocumented: __init__ + """ + + def __init__(self, block_cipher): + """Create a new block cipher, configured in ECB mode. + + :Parameters: + block_cipher : C pointer + A smart pointer to the low-level block cipher instance. + """ + + self._state = VoidPointer() + result = raw_ecb_lib.ECB_start_operation(block_cipher.get(), + self._state.address_of()) + if result: + raise ValueError("Error %d while instantiating the ECB mode" + % result) + + # Ensure that object disposal of this Python object will (eventually) + # free the memory allocated by the raw library for the cipher + # mode + self._state = SmartPointer(self._state.get(), + raw_ecb_lib.ECB_stop_operation) + + # Memory allocated for the underlying block cipher is now owned + # by the cipher mode + block_cipher.release() + + def encrypt(self, plaintext, output=None): + """Encrypt data with the key set at initialization. + + The data to encrypt can be broken up in two or + more pieces and `encrypt` can be called multiple times. + + That is, the statement: + + >>> c.encrypt(a) + c.encrypt(b) + + is equivalent to: + + >>> c.encrypt(a+b) + + This function does not add any padding to the plaintext. + + :Parameters: + plaintext : bytes/bytearray/memoryview + The piece of data to encrypt. + The length must be multiple of the cipher block length. + :Keywords: + output : bytearray/memoryview + The location where the ciphertext must be written to. + If ``None``, the ciphertext is returned. + :Return: + If ``output`` is ``None``, the ciphertext is returned as ``bytes``. + Otherwise, ``None``. + """ + + if output is None: + ciphertext = create_string_buffer(len(plaintext)) + else: + ciphertext = output + + if not is_writeable_buffer(output): + raise TypeError("output must be a bytearray or a writeable memoryview") + + if len(plaintext) != len(output): + raise ValueError("output must have the same length as the input" + " (%d bytes)" % len(plaintext)) + + result = raw_ecb_lib.ECB_encrypt(self._state.get(), + c_uint8_ptr(plaintext), + c_uint8_ptr(ciphertext), + c_size_t(len(plaintext))) + if result: + if result == 3: + raise ValueError("Data must be aligned to block boundary in ECB mode") + raise ValueError("Error %d while encrypting in ECB mode" % result) + + if output is None: + return get_raw_buffer(ciphertext) + else: + return None + + def decrypt(self, ciphertext, output=None): + """Decrypt data with the key set at initialization. + + The data to decrypt can be broken up in two or + more pieces and `decrypt` can be called multiple times. + + That is, the statement: + + >>> c.decrypt(a) + c.decrypt(b) + + is equivalent to: + + >>> c.decrypt(a+b) + + This function does not remove any padding from the plaintext. + + :Parameters: + ciphertext : bytes/bytearray/memoryview + The piece of data to decrypt. + The length must be multiple of the cipher block length. + :Keywords: + output : bytearray/memoryview + The location where the plaintext must be written to. + If ``None``, the plaintext is returned. + :Return: + If ``output`` is ``None``, the plaintext is returned as ``bytes``. + Otherwise, ``None``. + """ + + if output is None: + plaintext = create_string_buffer(len(ciphertext)) + else: + plaintext = output + + if not is_writeable_buffer(output): + raise TypeError("output must be a bytearray or a writeable memoryview") + + if len(ciphertext) != len(output): + raise ValueError("output must have the same length as the input" + " (%d bytes)" % len(plaintext)) + + result = raw_ecb_lib.ECB_decrypt(self._state.get(), + c_uint8_ptr(ciphertext), + c_uint8_ptr(plaintext), + c_size_t(len(ciphertext))) + if result: + if result == 3: + raise ValueError("Data must be aligned to block boundary in ECB mode") + raise ValueError("Error %d while decrypting in ECB mode" % result) + + if output is None: + return get_raw_buffer(plaintext) + else: + return None + + +def _create_ecb_cipher(factory, **kwargs): + """Instantiate a cipher object that performs ECB encryption/decryption. + + :Parameters: + factory : module + The underlying block cipher, a module from ``Cryptodome.Cipher``. + + All keywords are passed to the underlying block cipher. + See the relevant documentation for details (at least ``key`` will need + to be present""" + + cipher_state = factory._create_base_cipher(kwargs) + if kwargs: + raise TypeError("Unknown parameters for ECB: %s" % str(kwargs)) + return EcbMode(cipher_state) diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ecb.pyi b/frozen_deps/Cryptodome/Cipher/_mode_ecb.pyi new file mode 100644 index 0000000..936195f --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_ecb.pyi @@ -0,0 +1,19 @@ +from typing import Union, overload + +from Cryptodome.Util._raw_api import SmartPointer + +Buffer = Union[bytes, bytearray, memoryview] + +__all__ = [ 'EcbMode' ] + +class EcbMode(object): + def __init__(self, block_cipher: SmartPointer) -> None: ... + @overload + def encrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + @overload + def decrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + diff --git a/frozen_deps/Cryptodome/Cipher/_mode_gcm.py b/frozen_deps/Cryptodome/Cipher/_mode_gcm.py new file mode 100644 index 0000000..c90061b --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_gcm.py @@ -0,0 +1,620 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +""" +Galois/Counter Mode (GCM). +""" + +__all__ = ['GcmMode'] + +from binascii import unhexlify + +from Cryptodome.Util.py3compat import bord, _copy_bytes + +from Cryptodome.Util._raw_api import is_buffer + +from Cryptodome.Util.number import long_to_bytes, bytes_to_long +from Cryptodome.Hash import BLAKE2s +from Cryptodome.Random import get_random_bytes + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer, + create_string_buffer, get_raw_buffer, + SmartPointer, c_size_t, c_uint8_ptr) + +from Cryptodome.Util import _cpu_features + + +# C API by module implementing GHASH +_ghash_api_template = """ + int ghash_%imp%(uint8_t y_out[16], + const uint8_t block_data[], + size_t len, + const uint8_t y_in[16], + const void *exp_key); + int ghash_expand_%imp%(const uint8_t h[16], + void **ghash_tables); + int ghash_destroy_%imp%(void *ghash_tables); +""" + +def _build_impl(lib, postfix): + from collections import namedtuple + + funcs = ( "ghash", "ghash_expand", "ghash_destroy" ) + GHASH_Imp = namedtuple('_GHash_Imp', funcs) + try: + imp_funcs = [ getattr(lib, x + "_" + postfix) for x in funcs ] + except AttributeError: # Make sphinx stop complaining with its mocklib + imp_funcs = [ None ] * 3 + params = dict(zip(funcs, imp_funcs)) + return GHASH_Imp(**params) + + +def _get_ghash_portable(): + api = _ghash_api_template.replace("%imp%", "portable") + lib = load_pycryptodome_raw_lib("Cryptodome.Hash._ghash_portable", api) + result = _build_impl(lib, "portable") + return result +_ghash_portable = _get_ghash_portable() + + +def _get_ghash_clmul(): + """Return None if CLMUL implementation is not available""" + + if not _cpu_features.have_clmul(): + return None + try: + api = _ghash_api_template.replace("%imp%", "clmul") + lib = load_pycryptodome_raw_lib("Cryptodome.Hash._ghash_clmul", api) + result = _build_impl(lib, "clmul") + except OSError: + result = None + return result +_ghash_clmul = _get_ghash_clmul() + + +class _GHASH(object): + """GHASH function defined in NIST SP 800-38D, Algorithm 2. + + If X_1, X_2, .. X_m are the blocks of input data, the function + computes: + + X_1*H^{m} + X_2*H^{m-1} + ... + X_m*H + + in the Galois field GF(2^256) using the reducing polynomial + (x^128 + x^7 + x^2 + x + 1). + """ + + def __init__(self, subkey, ghash_c): + assert len(subkey) == 16 + + self.ghash_c = ghash_c + + self._exp_key = VoidPointer() + result = ghash_c.ghash_expand(c_uint8_ptr(subkey), + self._exp_key.address_of()) + if result: + raise ValueError("Error %d while expanding the GHASH key" % result) + + self._exp_key = SmartPointer(self._exp_key.get(), + ghash_c.ghash_destroy) + + # create_string_buffer always returns a string of zeroes + self._last_y = create_string_buffer(16) + + def update(self, block_data): + assert len(block_data) % 16 == 0 + + result = self.ghash_c.ghash(self._last_y, + c_uint8_ptr(block_data), + c_size_t(len(block_data)), + self._last_y, + self._exp_key.get()) + if result: + raise ValueError("Error %d while updating GHASH" % result) + + return self + + def digest(self): + return get_raw_buffer(self._last_y) + + +def enum(**enums): + return type('Enum', (), enums) + + +MacStatus = enum(PROCESSING_AUTH_DATA=1, PROCESSING_CIPHERTEXT=2) + + +class GcmMode(object): + """Galois Counter Mode (GCM). + + This is an Authenticated Encryption with Associated Data (`AEAD`_) mode. + It provides both confidentiality and authenticity. + + The header of the message may be left in the clear, if needed, and it will + still be subject to authentication. The decryption step tells the receiver + if the message comes from a source that really knowns the secret key. + Additionally, decryption detects if any part of the message - including the + header - has been modified or corrupted. + + This mode requires a *nonce*. + + This mode is only available for ciphers that operate on 128 bits blocks + (e.g. AES but not TDES). + + See `NIST SP800-38D`_. + + .. _`NIST SP800-38D`: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf + .. _AEAD: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html + + :undocumented: __init__ + """ + + def __init__(self, factory, key, nonce, mac_len, cipher_params, ghash_c): + + self.block_size = factory.block_size + if self.block_size != 16: + raise ValueError("GCM mode is only available for ciphers" + " that operate on 128 bits blocks") + + if len(nonce) == 0: + raise ValueError("Nonce cannot be empty") + + if not is_buffer(nonce): + raise TypeError("Nonce must be bytes, bytearray or memoryview") + + # See NIST SP 800 38D, 5.2.1.1 + if len(nonce) > 2**64 - 1: + raise ValueError("Nonce exceeds maximum length") + + + self.nonce = _copy_bytes(None, None, nonce) + """Nonce""" + + self._factory = factory + self._key = _copy_bytes(None, None, key) + self._tag = None # Cache for MAC tag + + self._mac_len = mac_len + if not (4 <= mac_len <= 16): + raise ValueError("Parameter 'mac_len' must be in the range 4..16") + + # Allowed transitions after initialization + self._next = [self.update, self.encrypt, self.decrypt, + self.digest, self.verify] + + self._no_more_assoc_data = False + + # Length of associated data + self._auth_len = 0 + + # Length of the ciphertext or plaintext + self._msg_len = 0 + + # Step 1 in SP800-38D, Algorithm 4 (encryption) - Compute H + # See also Algorithm 5 (decryption) + hash_subkey = factory.new(key, + self._factory.MODE_ECB, + **cipher_params + ).encrypt(b'\x00' * 16) + + # Step 2 - Compute J0 + if len(self.nonce) == 12: + j0 = self.nonce + b"\x00\x00\x00\x01" + else: + fill = (16 - (len(nonce) % 16)) % 16 + 8 + ghash_in = (self.nonce + + b'\x00' * fill + + long_to_bytes(8 * len(nonce), 8)) + j0 = _GHASH(hash_subkey, ghash_c).update(ghash_in).digest() + + # Step 3 - Prepare GCTR cipher for encryption/decryption + nonce_ctr = j0[:12] + iv_ctr = (bytes_to_long(j0) + 1) & 0xFFFFFFFF + self._cipher = factory.new(key, + self._factory.MODE_CTR, + initial_value=iv_ctr, + nonce=nonce_ctr, + **cipher_params) + + # Step 5 - Bootstrat GHASH + self._signer = _GHASH(hash_subkey, ghash_c) + + # Step 6 - Prepare GCTR cipher for GMAC + self._tag_cipher = factory.new(key, + self._factory.MODE_CTR, + initial_value=j0, + nonce=b"", + **cipher_params) + + # Cache for data to authenticate + self._cache = b"" + + self._status = MacStatus.PROCESSING_AUTH_DATA + + def update(self, assoc_data): + """Protect associated data + + If there is any associated data, the caller has to invoke + this function one or more times, before using + ``decrypt`` or ``encrypt``. + + By *associated data* it is meant any data (e.g. packet headers) that + will not be encrypted and will be transmitted in the clear. + However, the receiver is still able to detect any modification to it. + In GCM, the *associated data* is also called + *additional authenticated data* (AAD). + + If there is no associated data, this method must not be called. + + The caller may split associated data in segments of any size, and + invoke this method multiple times, each time with the next segment. + + :Parameters: + assoc_data : bytes/bytearray/memoryview + A piece of associated data. There are no restrictions on its size. + """ + + if self.update not in self._next: + raise TypeError("update() can only be called" + " immediately after initialization") + + self._next = [self.update, self.encrypt, self.decrypt, + self.digest, self.verify] + + self._update(assoc_data) + self._auth_len += len(assoc_data) + + # See NIST SP 800 38D, 5.2.1.1 + if self._auth_len > 2**64 - 1: + raise ValueError("Additional Authenticated Data exceeds maximum length") + + return self + + def _update(self, data): + assert(len(self._cache) < 16) + + if len(self._cache) > 0: + filler = min(16 - len(self._cache), len(data)) + self._cache += _copy_bytes(None, filler, data) + data = data[filler:] + + if len(self._cache) < 16: + return + + # The cache is exactly one block + self._signer.update(self._cache) + self._cache = b"" + + update_len = len(data) // 16 * 16 + self._cache = _copy_bytes(update_len, None, data) + if update_len > 0: + self._signer.update(data[:update_len]) + + def _pad_cache_and_update(self): + assert(len(self._cache) < 16) + + # The authenticated data A is concatenated to the minimum + # number of zero bytes (possibly none) such that the + # - ciphertext C is aligned to the 16 byte boundary. + # See step 5 in section 7.1 + # - ciphertext C is aligned to the 16 byte boundary. + # See step 6 in section 7.2 + len_cache = len(self._cache) + if len_cache > 0: + self._update(b'\x00' * (16 - len_cache)) + + def encrypt(self, plaintext, output=None): + """Encrypt data with the key and the parameters set at initialization. + + A cipher object is stateful: once you have encrypted a message + you cannot encrypt (or decrypt) another message using the same + object. + + The data to encrypt can be broken up in two or + more pieces and `encrypt` can be called multiple times. + + That is, the statement: + + >>> c.encrypt(a) + c.encrypt(b) + + is equivalent to: + + >>> c.encrypt(a+b) + + This function does not add any padding to the plaintext. + + :Parameters: + plaintext : bytes/bytearray/memoryview + The piece of data to encrypt. + It can be of any length. + :Keywords: + output : bytearray/memoryview + The location where the ciphertext must be written to. + If ``None``, the ciphertext is returned. + :Return: + If ``output`` is ``None``, the ciphertext as ``bytes``. + Otherwise, ``None``. + """ + + if self.encrypt not in self._next: + raise TypeError("encrypt() can only be called after" + " initialization or an update()") + self._next = [self.encrypt, self.digest] + + ciphertext = self._cipher.encrypt(plaintext, output=output) + + if self._status == MacStatus.PROCESSING_AUTH_DATA: + self._pad_cache_and_update() + self._status = MacStatus.PROCESSING_CIPHERTEXT + + self._update(ciphertext if output is None else output) + self._msg_len += len(plaintext) + + # See NIST SP 800 38D, 5.2.1.1 + if self._msg_len > 2**39 - 256: + raise ValueError("Plaintext exceeds maximum length") + + return ciphertext + + def decrypt(self, ciphertext, output=None): + """Decrypt data with the key and the parameters set at initialization. + + A cipher object is stateful: once you have decrypted a message + you cannot decrypt (or encrypt) another message with the same + object. + + The data to decrypt can be broken up in two or + more pieces and `decrypt` can be called multiple times. + + That is, the statement: + + >>> c.decrypt(a) + c.decrypt(b) + + is equivalent to: + + >>> c.decrypt(a+b) + + This function does not remove any padding from the plaintext. + + :Parameters: + ciphertext : bytes/bytearray/memoryview + The piece of data to decrypt. + It can be of any length. + :Keywords: + output : bytearray/memoryview + The location where the plaintext must be written to. + If ``None``, the plaintext is returned. + :Return: + If ``output`` is ``None``, the plaintext as ``bytes``. + Otherwise, ``None``. + """ + + if self.decrypt not in self._next: + raise TypeError("decrypt() can only be called" + " after initialization or an update()") + self._next = [self.decrypt, self.verify] + + if self._status == MacStatus.PROCESSING_AUTH_DATA: + self._pad_cache_and_update() + self._status = MacStatus.PROCESSING_CIPHERTEXT + + self._update(ciphertext) + self._msg_len += len(ciphertext) + + return self._cipher.decrypt(ciphertext, output=output) + + def digest(self): + """Compute the *binary* MAC tag in an AEAD mode. + + The caller invokes this function at the very end. + + This method returns the MAC that shall be sent to the receiver, + together with the ciphertext. + + :Return: the MAC, as a byte string. + """ + + if self.digest not in self._next: + raise TypeError("digest() cannot be called when decrypting" + " or validating a message") + self._next = [self.digest] + + return self._compute_mac() + + def _compute_mac(self): + """Compute MAC without any FSM checks.""" + + if self._tag: + return self._tag + + # Step 5 in NIST SP 800-38D, Algorithm 4 - Compute S + self._pad_cache_and_update() + self._update(long_to_bytes(8 * self._auth_len, 8)) + self._update(long_to_bytes(8 * self._msg_len, 8)) + s_tag = self._signer.digest() + + # Step 6 - Compute T + self._tag = self._tag_cipher.encrypt(s_tag)[:self._mac_len] + + return self._tag + + def hexdigest(self): + """Compute the *printable* MAC tag. + + This method is like `digest`. + + :Return: the MAC, as a hexadecimal string. + """ + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def verify(self, received_mac_tag): + """Validate the *binary* MAC tag. + + The caller invokes this function at the very end. + + This method checks if the decrypted message is indeed valid + (that is, if the key is correct) and it has not been + tampered with while in transit. + + :Parameters: + received_mac_tag : bytes/bytearray/memoryview + This is the *binary* MAC, as received from the sender. + :Raises ValueError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + if self.verify not in self._next: + raise TypeError("verify() cannot be called" + " when encrypting a message") + self._next = [self.verify] + + secret = get_random_bytes(16) + + mac1 = BLAKE2s.new(digest_bits=160, key=secret, + data=self._compute_mac()) + mac2 = BLAKE2s.new(digest_bits=160, key=secret, + data=received_mac_tag) + + if mac1.digest() != mac2.digest(): + raise ValueError("MAC check failed") + + def hexverify(self, hex_mac_tag): + """Validate the *printable* MAC tag. + + This method is like `verify`. + + :Parameters: + hex_mac_tag : string + This is the *printable* MAC, as received from the sender. + :Raises ValueError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + self.verify(unhexlify(hex_mac_tag)) + + def encrypt_and_digest(self, plaintext, output=None): + """Perform encrypt() and digest() in one step. + + :Parameters: + plaintext : bytes/bytearray/memoryview + The piece of data to encrypt. + :Keywords: + output : bytearray/memoryview + The location where the ciphertext must be written to. + If ``None``, the ciphertext is returned. + :Return: + a tuple with two items: + + - the ciphertext, as ``bytes`` + - the MAC tag, as ``bytes`` + + The first item becomes ``None`` when the ``output`` parameter + specified a location for the result. + """ + + return self.encrypt(plaintext, output=output), self.digest() + + def decrypt_and_verify(self, ciphertext, received_mac_tag, output=None): + """Perform decrypt() and verify() in one step. + + :Parameters: + ciphertext : bytes/bytearray/memoryview + The piece of data to decrypt. + received_mac_tag : byte string + This is the *binary* MAC, as received from the sender. + :Keywords: + output : bytearray/memoryview + The location where the plaintext must be written to. + If ``None``, the plaintext is returned. + :Return: the plaintext as ``bytes`` or ``None`` when the ``output`` + parameter specified a location for the result. + :Raises ValueError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + plaintext = self.decrypt(ciphertext, output=output) + self.verify(received_mac_tag) + return plaintext + + +def _create_gcm_cipher(factory, **kwargs): + """Create a new block cipher, configured in Galois Counter Mode (GCM). + + :Parameters: + factory : module + A block cipher module, taken from `Cryptodome.Cipher`. + The cipher must have block length of 16 bytes. + GCM has been only defined for `Cryptodome.Cipher.AES`. + + :Keywords: + key : bytes/bytearray/memoryview + The secret key to use in the symmetric cipher. + It must be 16 (e.g. *AES-128*), 24 (e.g. *AES-192*) + or 32 (e.g. *AES-256*) bytes long. + + nonce : bytes/bytearray/memoryview + A value that must never be reused for any other encryption. + + There are no restrictions on its length, + but it is recommended to use at least 16 bytes. + + The nonce shall never repeat for two + different messages encrypted with the same key, + but it does not need to be random. + + If not provided, a 16 byte nonce will be randomly created. + + mac_len : integer + Length of the MAC, in bytes. + It must be no larger than 16 bytes (which is the default). + """ + + try: + key = kwargs.pop("key") + except KeyError as e: + raise TypeError("Missing parameter:" + str(e)) + + nonce = kwargs.pop("nonce", None) + if nonce is None: + nonce = get_random_bytes(16) + mac_len = kwargs.pop("mac_len", 16) + + # Not documented - only used for testing + use_clmul = kwargs.pop("use_clmul", True) + if use_clmul and _ghash_clmul: + ghash_c = _ghash_clmul + else: + ghash_c = _ghash_portable + + return GcmMode(factory, key, nonce, mac_len, kwargs, ghash_c) diff --git a/frozen_deps/Cryptodome/Cipher/_mode_gcm.pyi b/frozen_deps/Cryptodome/Cipher/_mode_gcm.pyi new file mode 100644 index 0000000..8912955 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_gcm.pyi @@ -0,0 +1,45 @@ +from types import ModuleType +from typing import Union, Tuple, Dict, overload, Optional + +__all__ = ['GcmMode'] + +Buffer = Union[bytes, bytearray, memoryview] + +class GcmMode(object): + block_size: int + nonce: Buffer + + def __init__(self, + factory: ModuleType, + key: Buffer, + nonce: Buffer, + mac_len: int, + cipher_params: Dict) -> None: ... + + def update(self, assoc_data: Buffer) -> GcmMode: ... + + @overload + def encrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + @overload + def decrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def verify(self, received_mac_tag: Buffer) -> None: ... + def hexverify(self, hex_mac_tag: str) -> None: ... + + @overload + def encrypt_and_digest(self, + plaintext: Buffer) -> Tuple[bytes, bytes]: ... + @overload + def encrypt_and_digest(self, + plaintext: Buffer, + output: Buffer) -> Tuple[None, bytes]: ... + def decrypt_and_verify(self, + ciphertext: Buffer, + received_mac_tag: Buffer, + output: Optional[Union[bytearray, memoryview]] = ...) -> bytes: ... diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ocb.py b/frozen_deps/Cryptodome/Cipher/_mode_ocb.py new file mode 100644 index 0000000..27c2797 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_ocb.py @@ -0,0 +1,525 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +""" +Offset Codebook (OCB) mode. + +OCB is Authenticated Encryption with Associated Data (AEAD) cipher mode +designed by Prof. Phillip Rogaway and specified in `RFC7253`_. + +The algorithm provides both authenticity and privacy, it is very efficient, +it uses only one key and it can be used in online mode (so that encryption +or decryption can start before the end of the message is available). + +This module implements the third and last variant of OCB (OCB3) and it only +works in combination with a 128-bit block symmetric cipher, like AES. + +OCB is patented in US but `free licenses`_ exist for software implementations +meant for non-military purposes. + +Example: + >>> from Cryptodome.Cipher import AES + >>> from Cryptodome.Random import get_random_bytes + >>> + >>> key = get_random_bytes(32) + >>> cipher = AES.new(key, AES.MODE_OCB) + >>> plaintext = b"Attack at dawn" + >>> ciphertext, mac = cipher.encrypt_and_digest(plaintext) + >>> # Deliver cipher.nonce, ciphertext and mac + ... + >>> cipher = AES.new(key, AES.MODE_OCB, nonce=nonce) + >>> try: + >>> plaintext = cipher.decrypt_and_verify(ciphertext, mac) + >>> except ValueError: + >>> print "Invalid message" + >>> else: + >>> print plaintext + +:undocumented: __package__ + +.. _RFC7253: http://www.rfc-editor.org/info/rfc7253 +.. _free licenses: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm +""" + +import struct +from binascii import unhexlify + +from Cryptodome.Util.py3compat import bord, _copy_bytes +from Cryptodome.Util.number import long_to_bytes, bytes_to_long +from Cryptodome.Util.strxor import strxor + +from Cryptodome.Hash import BLAKE2s +from Cryptodome.Random import get_random_bytes + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer, + create_string_buffer, get_raw_buffer, + SmartPointer, c_size_t, c_uint8_ptr, + is_buffer) + +_raw_ocb_lib = load_pycryptodome_raw_lib("Cryptodome.Cipher._raw_ocb", """ + int OCB_start_operation(void *cipher, + const uint8_t *offset_0, + size_t offset_0_len, + void **pState); + int OCB_encrypt(void *state, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int OCB_decrypt(void *state, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int OCB_update(void *state, + const uint8_t *in, + size_t data_len); + int OCB_digest(void *state, + uint8_t *tag, + size_t tag_len); + int OCB_stop_operation(void *state); + """) + + +class OcbMode(object): + """Offset Codebook (OCB) mode. + + :undocumented: __init__ + """ + + def __init__(self, factory, nonce, mac_len, cipher_params): + + if factory.block_size != 16: + raise ValueError("OCB mode is only available for ciphers" + " that operate on 128 bits blocks") + + self.block_size = 16 + """The block size of the underlying cipher, in bytes.""" + + self.nonce = _copy_bytes(None, None, nonce) + """Nonce used for this session.""" + if len(nonce) not in range(1, 16): + raise ValueError("Nonce must be at most 15 bytes long") + if not is_buffer(nonce): + raise TypeError("Nonce must be bytes, bytearray or memoryview") + + self._mac_len = mac_len + if not 8 <= mac_len <= 16: + raise ValueError("MAC tag must be between 8 and 16 bytes long") + + # Cache for MAC tag + self._mac_tag = None + + # Cache for unaligned associated data + self._cache_A = b"" + + # Cache for unaligned ciphertext/plaintext + self._cache_P = b"" + + # Allowed transitions after initialization + self._next = [self.update, self.encrypt, self.decrypt, + self.digest, self.verify] + + # Compute Offset_0 + params_without_key = dict(cipher_params) + key = params_without_key.pop("key") + nonce = (struct.pack('B', self._mac_len << 4 & 0xFF) + + b'\x00' * (14 - len(nonce)) + + b'\x01' + self.nonce) + + bottom_bits = bord(nonce[15]) & 0x3F # 6 bits, 0..63 + top_bits = bord(nonce[15]) & 0xC0 # 2 bits + + ktop_cipher = factory.new(key, + factory.MODE_ECB, + **params_without_key) + ktop = ktop_cipher.encrypt(struct.pack('15sB', + nonce[:15], + top_bits)) + + stretch = ktop + strxor(ktop[:8], ktop[1:9]) # 192 bits + offset_0 = long_to_bytes(bytes_to_long(stretch) >> + (64 - bottom_bits), 24)[8:] + + # Create low-level cipher instance + raw_cipher = factory._create_base_cipher(cipher_params) + if cipher_params: + raise TypeError("Unknown keywords: " + str(cipher_params)) + + self._state = VoidPointer() + result = _raw_ocb_lib.OCB_start_operation(raw_cipher.get(), + offset_0, + c_size_t(len(offset_0)), + self._state.address_of()) + if result: + raise ValueError("Error %d while instantiating the OCB mode" + % result) + + # Ensure that object disposal of this Python object will (eventually) + # free the memory allocated by the raw library for the cipher mode + self._state = SmartPointer(self._state.get(), + _raw_ocb_lib.OCB_stop_operation) + + # Memory allocated for the underlying block cipher is now owed + # by the cipher mode + raw_cipher.release() + + def _update(self, assoc_data, assoc_data_len): + result = _raw_ocb_lib.OCB_update(self._state.get(), + c_uint8_ptr(assoc_data), + c_size_t(assoc_data_len)) + if result: + raise ValueError("Error %d while computing MAC in OCB mode" % result) + + def update(self, assoc_data): + """Process the associated data. + + If there is any associated data, the caller has to invoke + this method one or more times, before using + ``decrypt`` or ``encrypt``. + + By *associated data* it is meant any data (e.g. packet headers) that + will not be encrypted and will be transmitted in the clear. + However, the receiver shall still able to detect modifications. + + If there is no associated data, this method must not be called. + + The caller may split associated data in segments of any size, and + invoke this method multiple times, each time with the next segment. + + :Parameters: + assoc_data : bytes/bytearray/memoryview + A piece of associated data. + """ + + if self.update not in self._next: + raise TypeError("update() can only be called" + " immediately after initialization") + + self._next = [self.encrypt, self.decrypt, self.digest, + self.verify, self.update] + + if len(self._cache_A) > 0: + filler = min(16 - len(self._cache_A), len(assoc_data)) + self._cache_A += _copy_bytes(None, filler, assoc_data) + assoc_data = assoc_data[filler:] + + if len(self._cache_A) < 16: + return self + + # Clear the cache, and proceeding with any other aligned data + self._cache_A, seg = b"", self._cache_A + self.update(seg) + + update_len = len(assoc_data) // 16 * 16 + self._cache_A = _copy_bytes(update_len, None, assoc_data) + self._update(assoc_data, update_len) + return self + + def _transcrypt_aligned(self, in_data, in_data_len, + trans_func, trans_desc): + + out_data = create_string_buffer(in_data_len) + result = trans_func(self._state.get(), + in_data, + out_data, + c_size_t(in_data_len)) + if result: + raise ValueError("Error %d while %sing in OCB mode" + % (result, trans_desc)) + return get_raw_buffer(out_data) + + def _transcrypt(self, in_data, trans_func, trans_desc): + # Last piece to encrypt/decrypt + if in_data is None: + out_data = self._transcrypt_aligned(self._cache_P, + len(self._cache_P), + trans_func, + trans_desc) + self._cache_P = b"" + return out_data + + # Try to fill up the cache, if it already contains something + prefix = b"" + if len(self._cache_P) > 0: + filler = min(16 - len(self._cache_P), len(in_data)) + self._cache_P += _copy_bytes(None, filler, in_data) + in_data = in_data[filler:] + + if len(self._cache_P) < 16: + # We could not manage to fill the cache, so there is certainly + # no output yet. + return b"" + + # Clear the cache, and proceeding with any other aligned data + prefix = self._transcrypt_aligned(self._cache_P, + len(self._cache_P), + trans_func, + trans_desc) + self._cache_P = b"" + + # Process data in multiples of the block size + trans_len = len(in_data) // 16 * 16 + result = self._transcrypt_aligned(c_uint8_ptr(in_data), + trans_len, + trans_func, + trans_desc) + if prefix: + result = prefix + result + + # Left-over + self._cache_P = _copy_bytes(trans_len, None, in_data) + + return result + + def encrypt(self, plaintext=None): + """Encrypt the next piece of plaintext. + + After the entire plaintext has been passed (but before `digest`), + you **must** call this method one last time with no arguments to collect + the final piece of ciphertext. + + If possible, use the method `encrypt_and_digest` instead. + + :Parameters: + plaintext : bytes/bytearray/memoryview + The next piece of data to encrypt or ``None`` to signify + that encryption has finished and that any remaining ciphertext + has to be produced. + :Return: + the ciphertext, as a byte string. + Its length may not match the length of the *plaintext*. + """ + + if self.encrypt not in self._next: + raise TypeError("encrypt() can only be called after" + " initialization or an update()") + + if plaintext is None: + self._next = [self.digest] + else: + self._next = [self.encrypt] + return self._transcrypt(plaintext, _raw_ocb_lib.OCB_encrypt, "encrypt") + + def decrypt(self, ciphertext=None): + """Decrypt the next piece of ciphertext. + + After the entire ciphertext has been passed (but before `verify`), + you **must** call this method one last time with no arguments to collect + the remaining piece of plaintext. + + If possible, use the method `decrypt_and_verify` instead. + + :Parameters: + ciphertext : bytes/bytearray/memoryview + The next piece of data to decrypt or ``None`` to signify + that decryption has finished and that any remaining plaintext + has to be produced. + :Return: + the plaintext, as a byte string. + Its length may not match the length of the *ciphertext*. + """ + + if self.decrypt not in self._next: + raise TypeError("decrypt() can only be called after" + " initialization or an update()") + + if ciphertext is None: + self._next = [self.verify] + else: + self._next = [self.decrypt] + return self._transcrypt(ciphertext, + _raw_ocb_lib.OCB_decrypt, + "decrypt") + + def _compute_mac_tag(self): + + if self._mac_tag is not None: + return + + if self._cache_A: + self._update(self._cache_A, len(self._cache_A)) + self._cache_A = b"" + + mac_tag = create_string_buffer(16) + result = _raw_ocb_lib.OCB_digest(self._state.get(), + mac_tag, + c_size_t(len(mac_tag)) + ) + if result: + raise ValueError("Error %d while computing digest in OCB mode" + % result) + self._mac_tag = get_raw_buffer(mac_tag)[:self._mac_len] + + def digest(self): + """Compute the *binary* MAC tag. + + Call this method after the final `encrypt` (the one with no arguments) + to obtain the MAC tag. + + The MAC tag is needed by the receiver to determine authenticity + of the message. + + :Return: the MAC, as a byte string. + """ + + if self.digest not in self._next: + raise TypeError("digest() cannot be called now for this cipher") + + assert(len(self._cache_P) == 0) + + self._next = [self.digest] + + if self._mac_tag is None: + self._compute_mac_tag() + + return self._mac_tag + + def hexdigest(self): + """Compute the *printable* MAC tag. + + This method is like `digest`. + + :Return: the MAC, as a hexadecimal string. + """ + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def verify(self, received_mac_tag): + """Validate the *binary* MAC tag. + + Call this method after the final `decrypt` (the one with no arguments) + to check if the message is authentic and valid. + + :Parameters: + received_mac_tag : bytes/bytearray/memoryview + This is the *binary* MAC, as received from the sender. + :Raises ValueError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + if self.verify not in self._next: + raise TypeError("verify() cannot be called now for this cipher") + + assert(len(self._cache_P) == 0) + + self._next = [self.verify] + + if self._mac_tag is None: + self._compute_mac_tag() + + secret = get_random_bytes(16) + mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=self._mac_tag) + mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=received_mac_tag) + + if mac1.digest() != mac2.digest(): + raise ValueError("MAC check failed") + + def hexverify(self, hex_mac_tag): + """Validate the *printable* MAC tag. + + This method is like `verify`. + + :Parameters: + hex_mac_tag : string + This is the *printable* MAC, as received from the sender. + :Raises ValueError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + self.verify(unhexlify(hex_mac_tag)) + + def encrypt_and_digest(self, plaintext): + """Encrypt the message and create the MAC tag in one step. + + :Parameters: + plaintext : bytes/bytearray/memoryview + The entire message to encrypt. + :Return: + a tuple with two byte strings: + + - the encrypted data + - the MAC + """ + + return self.encrypt(plaintext) + self.encrypt(), self.digest() + + def decrypt_and_verify(self, ciphertext, received_mac_tag): + """Decrypted the message and verify its authenticity in one step. + + :Parameters: + ciphertext : bytes/bytearray/memoryview + The entire message to decrypt. + received_mac_tag : byte string + This is the *binary* MAC, as received from the sender. + + :Return: the decrypted data (byte string). + :Raises ValueError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + plaintext = self.decrypt(ciphertext) + self.decrypt() + self.verify(received_mac_tag) + return plaintext + + +def _create_ocb_cipher(factory, **kwargs): + """Create a new block cipher, configured in OCB mode. + + :Parameters: + factory : module + A symmetric cipher module from `Cryptodome.Cipher` + (like `Cryptodome.Cipher.AES`). + + :Keywords: + nonce : bytes/bytearray/memoryview + A value that must never be reused for any other encryption. + Its length can vary from 1 to 15 bytes. + If not specified, a random 15 bytes long nonce is generated. + + mac_len : integer + Length of the MAC, in bytes. + It must be in the range ``[8..16]``. + The default is 16 (128 bits). + + Any other keyword will be passed to the underlying block cipher. + See the relevant documentation for details (at least ``key`` will need + to be present). + """ + + try: + nonce = kwargs.pop("nonce", None) + if nonce is None: + nonce = get_random_bytes(15) + mac_len = kwargs.pop("mac_len", 16) + except KeyError as e: + raise TypeError("Keyword missing: " + str(e)) + + return OcbMode(factory, nonce, mac_len, kwargs) diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ocb.pyi b/frozen_deps/Cryptodome/Cipher/_mode_ocb.pyi new file mode 100644 index 0000000..a1909fc --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_ocb.pyi @@ -0,0 +1,36 @@ +from types import ModuleType +from typing import Union, Any, Optional, Tuple, Dict, overload + +Buffer = Union[bytes, bytearray, memoryview] + +class OcbMode(object): + block_size: int + nonce: Buffer + + def __init__(self, + factory: ModuleType, + nonce: Buffer, + mac_len: int, + cipher_params: Dict) -> None: ... + + def update(self, assoc_data: Buffer) -> OcbMode: ... + + @overload + def encrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + @overload + def decrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def verify(self, received_mac_tag: Buffer) -> None: ... + def hexverify(self, hex_mac_tag: str) -> None: ... + + def encrypt_and_digest(self, + plaintext: Buffer) -> Tuple[bytes, bytes]: ... + def decrypt_and_verify(self, + ciphertext: Buffer, + received_mac_tag: Buffer) -> bytes: ... diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ofb.py b/frozen_deps/Cryptodome/Cipher/_mode_ofb.py new file mode 100644 index 0000000..04aaccf --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_ofb.py @@ -0,0 +1,282 @@ +# -*- coding: utf-8 -*- +# +# Cipher/mode_ofb.py : OFB mode +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +""" +Output Feedback (CFB) mode. +""" + +__all__ = ['OfbMode'] + +from Cryptodome.Util.py3compat import _copy_bytes +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer, + create_string_buffer, get_raw_buffer, + SmartPointer, c_size_t, c_uint8_ptr, + is_writeable_buffer) + +from Cryptodome.Random import get_random_bytes + +raw_ofb_lib = load_pycryptodome_raw_lib("Cryptodome.Cipher._raw_ofb", """ + int OFB_start_operation(void *cipher, + const uint8_t iv[], + size_t iv_len, + void **pResult); + int OFB_encrypt(void *ofbState, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int OFB_decrypt(void *ofbState, + const uint8_t *in, + uint8_t *out, + size_t data_len); + int OFB_stop_operation(void *state); + """ + ) + + +class OfbMode(object): + """*Output FeedBack (OFB)*. + + This mode is very similar to CBC, but it + transforms the underlying block cipher into a stream cipher. + + The keystream is the iterated block encryption of the + previous ciphertext block. + + An Initialization Vector (*IV*) is required. + + See `NIST SP800-38A`_ , Section 6.4. + + .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf + + :undocumented: __init__ + """ + + def __init__(self, block_cipher, iv): + """Create a new block cipher, configured in OFB mode. + + :Parameters: + block_cipher : C pointer + A smart pointer to the low-level block cipher instance. + + iv : bytes/bytearray/memoryview + The initialization vector to use for encryption or decryption. + It is as long as the cipher block. + + **The IV must be a nonce, to to be reused for any other + message**. It shall be a nonce or a random value. + + Reusing the *IV* for encryptions performed with the same key + compromises confidentiality. + """ + + self._state = VoidPointer() + result = raw_ofb_lib.OFB_start_operation(block_cipher.get(), + c_uint8_ptr(iv), + c_size_t(len(iv)), + self._state.address_of()) + if result: + raise ValueError("Error %d while instantiating the OFB mode" + % result) + + # Ensure that object disposal of this Python object will (eventually) + # free the memory allocated by the raw library for the cipher mode + self._state = SmartPointer(self._state.get(), + raw_ofb_lib.OFB_stop_operation) + + # Memory allocated for the underlying block cipher is now owed + # by the cipher mode + block_cipher.release() + + self.block_size = len(iv) + """The block size of the underlying cipher, in bytes.""" + + self.iv = _copy_bytes(None, None, iv) + """The Initialization Vector originally used to create the object. + The value does not change.""" + + self.IV = self.iv + """Alias for `iv`""" + + self._next = [ self.encrypt, self.decrypt ] + + def encrypt(self, plaintext, output=None): + """Encrypt data with the key and the parameters set at initialization. + + A cipher object is stateful: once you have encrypted a message + you cannot encrypt (or decrypt) another message using the same + object. + + The data to encrypt can be broken up in two or + more pieces and `encrypt` can be called multiple times. + + That is, the statement: + + >>> c.encrypt(a) + c.encrypt(b) + + is equivalent to: + + >>> c.encrypt(a+b) + + This function does not add any padding to the plaintext. + + :Parameters: + plaintext : bytes/bytearray/memoryview + The piece of data to encrypt. + It can be of any length. + :Keywords: + output : bytearray/memoryview + The location where the ciphertext must be written to. + If ``None``, the ciphertext is returned. + :Return: + If ``output`` is ``None``, the ciphertext is returned as ``bytes``. + Otherwise, ``None``. + """ + + if self.encrypt not in self._next: + raise TypeError("encrypt() cannot be called after decrypt()") + self._next = [ self.encrypt ] + + if output is None: + ciphertext = create_string_buffer(len(plaintext)) + else: + ciphertext = output + + if not is_writeable_buffer(output): + raise TypeError("output must be a bytearray or a writeable memoryview") + + if len(plaintext) != len(output): + raise ValueError("output must have the same length as the input" + " (%d bytes)" % len(plaintext)) + + result = raw_ofb_lib.OFB_encrypt(self._state.get(), + c_uint8_ptr(plaintext), + c_uint8_ptr(ciphertext), + c_size_t(len(plaintext))) + if result: + raise ValueError("Error %d while encrypting in OFB mode" % result) + + if output is None: + return get_raw_buffer(ciphertext) + else: + return None + + def decrypt(self, ciphertext, output=None): + """Decrypt data with the key and the parameters set at initialization. + + A cipher object is stateful: once you have decrypted a message + you cannot decrypt (or encrypt) another message with the same + object. + + The data to decrypt can be broken up in two or + more pieces and `decrypt` can be called multiple times. + + That is, the statement: + + >>> c.decrypt(a) + c.decrypt(b) + + is equivalent to: + + >>> c.decrypt(a+b) + + This function does not remove any padding from the plaintext. + + :Parameters: + ciphertext : bytes/bytearray/memoryview + The piece of data to decrypt. + It can be of any length. + :Keywords: + output : bytearray/memoryview + The location where the plaintext is written to. + If ``None``, the plaintext is returned. + :Return: + If ``output`` is ``None``, the plaintext is returned as ``bytes``. + Otherwise, ``None``. + """ + + if self.decrypt not in self._next: + raise TypeError("decrypt() cannot be called after encrypt()") + self._next = [ self.decrypt ] + + if output is None: + plaintext = create_string_buffer(len(ciphertext)) + else: + plaintext = output + + if not is_writeable_buffer(output): + raise TypeError("output must be a bytearray or a writeable memoryview") + + if len(ciphertext) != len(output): + raise ValueError("output must have the same length as the input" + " (%d bytes)" % len(plaintext)) + + result = raw_ofb_lib.OFB_decrypt(self._state.get(), + c_uint8_ptr(ciphertext), + c_uint8_ptr(plaintext), + c_size_t(len(ciphertext))) + if result: + raise ValueError("Error %d while decrypting in OFB mode" % result) + + if output is None: + return get_raw_buffer(plaintext) + else: + return None + + +def _create_ofb_cipher(factory, **kwargs): + """Instantiate a cipher object that performs OFB encryption/decryption. + + :Parameters: + factory : module + The underlying block cipher, a module from ``Cryptodome.Cipher``. + + :Keywords: + iv : bytes/bytearray/memoryview + The IV to use for OFB. + + IV : bytes/bytearray/memoryview + Alias for ``iv``. + + Any other keyword will be passed to the underlying block cipher. + See the relevant documentation for details (at least ``key`` will need + to be present). + """ + + cipher_state = factory._create_base_cipher(kwargs) + iv = kwargs.pop("IV", None) + IV = kwargs.pop("iv", None) + + if (None, None) == (iv, IV): + iv = get_random_bytes(factory.block_size) + if iv is not None: + if IV is not None: + raise TypeError("You must either use 'iv' or 'IV', not both") + else: + iv = IV + + if len(iv) != factory.block_size: + raise ValueError("Incorrect IV length (it must be %d bytes long)" % + factory.block_size) + + if kwargs: + raise TypeError("Unknown parameters for OFB: %s" % str(kwargs)) + + return OfbMode(cipher_state, iv) diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ofb.pyi b/frozen_deps/Cryptodome/Cipher/_mode_ofb.pyi new file mode 100644 index 0000000..d28608e --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_ofb.pyi @@ -0,0 +1,25 @@ +from typing import Union, overload + +from Cryptodome.Util._raw_api import SmartPointer + +Buffer = Union[bytes, bytearray, memoryview] + +__all__ = ['OfbMode'] + +class OfbMode(object): + block_size: int + iv: Buffer + IV: Buffer + + def __init__(self, + block_cipher: SmartPointer, + iv: Buffer) -> None: ... + @overload + def encrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + @overload + def decrypt(self, plaintext: Buffer) -> bytes: ... + @overload + def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... + diff --git a/frozen_deps/Cryptodome/Cipher/_mode_openpgp.py b/frozen_deps/Cryptodome/Cipher/_mode_openpgp.py new file mode 100644 index 0000000..d86ed19 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_openpgp.py @@ -0,0 +1,206 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +""" +OpenPGP mode. +""" + +__all__ = ['OpenPgpMode'] + +from Cryptodome.Util.py3compat import _copy_bytes +from Cryptodome.Random import get_random_bytes + +class OpenPgpMode(object): + """OpenPGP mode. + + This mode is a variant of CFB, and it is only used in PGP and + OpenPGP_ applications. If in doubt, use another mode. + + An Initialization Vector (*IV*) is required. + + Unlike CFB, the *encrypted* IV (not the IV itself) is + transmitted to the receiver. + + The IV is a random data block. For legacy reasons, two of its bytes are + duplicated to act as a checksum for the correctness of the key, which is now + known to be insecure and is ignored. The encrypted IV is therefore 2 bytes + longer than the clean IV. + + .. _OpenPGP: http://tools.ietf.org/html/rfc4880 + + :undocumented: __init__ + """ + + def __init__(self, factory, key, iv, cipher_params): + + #: The block size of the underlying cipher, in bytes. + self.block_size = factory.block_size + + self._done_first_block = False # True after the first encryption + + # Instantiate a temporary cipher to process the IV + IV_cipher = factory.new( + key, + factory.MODE_CFB, + IV=b'\x00' * self.block_size, + segment_size=self.block_size * 8, + **cipher_params) + + iv = _copy_bytes(None, None, iv) + + # The cipher will be used for... + if len(iv) == self.block_size: + # ... encryption + self._encrypted_IV = IV_cipher.encrypt(iv + iv[-2:]) + elif len(iv) == self.block_size + 2: + # ... decryption + self._encrypted_IV = iv + # Last two bytes are for a deprecated "quick check" feature that + # should not be used. (https://eprint.iacr.org/2005/033) + iv = IV_cipher.decrypt(iv)[:-2] + else: + raise ValueError("Length of IV must be %d or %d bytes" + " for MODE_OPENPGP" + % (self.block_size, self.block_size + 2)) + + self.iv = self.IV = iv + + # Instantiate the cipher for the real PGP data + self._cipher = factory.new( + key, + factory.MODE_CFB, + IV=self._encrypted_IV[-self.block_size:], + segment_size=self.block_size * 8, + **cipher_params) + + def encrypt(self, plaintext): + """Encrypt data with the key and the parameters set at initialization. + + A cipher object is stateful: once you have encrypted a message + you cannot encrypt (or decrypt) another message using the same + object. + + The data to encrypt can be broken up in two or + more pieces and `encrypt` can be called multiple times. + + That is, the statement: + + >>> c.encrypt(a) + c.encrypt(b) + + is equivalent to: + + >>> c.encrypt(a+b) + + This function does not add any padding to the plaintext. + + :Parameters: + plaintext : bytes/bytearray/memoryview + The piece of data to encrypt. + + :Return: + the encrypted data, as a byte string. + It is as long as *plaintext* with one exception: + when encrypting the first message chunk, + the encypted IV is prepended to the returned ciphertext. + """ + + res = self._cipher.encrypt(plaintext) + if not self._done_first_block: + res = self._encrypted_IV + res + self._done_first_block = True + return res + + def decrypt(self, ciphertext): + """Decrypt data with the key and the parameters set at initialization. + + A cipher object is stateful: once you have decrypted a message + you cannot decrypt (or encrypt) another message with the same + object. + + The data to decrypt can be broken up in two or + more pieces and `decrypt` can be called multiple times. + + That is, the statement: + + >>> c.decrypt(a) + c.decrypt(b) + + is equivalent to: + + >>> c.decrypt(a+b) + + This function does not remove any padding from the plaintext. + + :Parameters: + ciphertext : bytes/bytearray/memoryview + The piece of data to decrypt. + + :Return: the decrypted data (byte string). + """ + + return self._cipher.decrypt(ciphertext) + + +def _create_openpgp_cipher(factory, **kwargs): + """Create a new block cipher, configured in OpenPGP mode. + + :Parameters: + factory : module + The module. + + :Keywords: + key : bytes/bytearray/memoryview + The secret key to use in the symmetric cipher. + + IV : bytes/bytearray/memoryview + The initialization vector to use for encryption or decryption. + + For encryption, the IV must be as long as the cipher block size. + + For decryption, it must be 2 bytes longer (it is actually the + *encrypted* IV which was prefixed to the ciphertext). + """ + + iv = kwargs.pop("IV", None) + IV = kwargs.pop("iv", None) + + if (None, None) == (iv, IV): + iv = get_random_bytes(factory.block_size) + if iv is not None: + if IV is not None: + raise TypeError("You must either use 'iv' or 'IV', not both") + else: + iv = IV + + try: + key = kwargs.pop("key") + except KeyError as e: + raise TypeError("Missing component: " + str(e)) + + return OpenPgpMode(factory, key, iv, kwargs) diff --git a/frozen_deps/Cryptodome/Cipher/_mode_openpgp.pyi b/frozen_deps/Cryptodome/Cipher/_mode_openpgp.pyi new file mode 100644 index 0000000..14b8105 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_openpgp.pyi @@ -0,0 +1,20 @@ +from types import ModuleType +from typing import Union, Dict + +Buffer = Union[bytes, bytearray, memoryview] + +__all__ = ['OpenPgpMode'] + +class OpenPgpMode(object): + block_size: int + iv: Union[bytes, bytearray, memoryview] + IV: Union[bytes, bytearray, memoryview] + + def __init__(self, + factory: ModuleType, + key: Buffer, + iv: Buffer, + cipher_params: Dict) -> None: ... + def encrypt(self, plaintext: Buffer) -> bytes: ... + def decrypt(self, plaintext: Buffer) -> bytes: ... + diff --git a/frozen_deps/Cryptodome/Cipher/_mode_siv.py b/frozen_deps/Cryptodome/Cipher/_mode_siv.py new file mode 100644 index 0000000..d10c4dc --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_siv.py @@ -0,0 +1,392 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +""" +Synthetic Initialization Vector (SIV) mode. +""" + +__all__ = ['SivMode'] + +from binascii import hexlify, unhexlify + +from Cryptodome.Util.py3compat import bord, _copy_bytes + +from Cryptodome.Util._raw_api import is_buffer + +from Cryptodome.Util.number import long_to_bytes, bytes_to_long +from Cryptodome.Protocol.KDF import _S2V +from Cryptodome.Hash import BLAKE2s +from Cryptodome.Random import get_random_bytes + + +class SivMode(object): + """Synthetic Initialization Vector (SIV). + + This is an Authenticated Encryption with Associated Data (`AEAD`_) mode. + It provides both confidentiality and authenticity. + + The header of the message may be left in the clear, if needed, and it will + still be subject to authentication. The decryption step tells the receiver + if the message comes from a source that really knowns the secret key. + Additionally, decryption detects if any part of the message - including the + header - has been modified or corrupted. + + Unlike other AEAD modes such as CCM, EAX or GCM, accidental reuse of a + nonce is not catastrophic for the confidentiality of the message. The only + effect is that an attacker can tell when the same plaintext (and same + associated data) is protected with the same key. + + The length of the MAC is fixed to the block size of the underlying cipher. + The key size is twice the length of the key of the underlying cipher. + + This mode is only available for AES ciphers. + + +--------------------+---------------+-------------------+ + | Cipher | SIV MAC size | SIV key length | + | | (bytes) | (bytes) | + +====================+===============+===================+ + | AES-128 | 16 | 32 | + +--------------------+---------------+-------------------+ + | AES-192 | 16 | 48 | + +--------------------+---------------+-------------------+ + | AES-256 | 16 | 64 | + +--------------------+---------------+-------------------+ + + See `RFC5297`_ and the `original paper`__. + + .. _RFC5297: https://tools.ietf.org/html/rfc5297 + .. _AEAD: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html + .. __: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf + + :undocumented: __init__ + """ + + def __init__(self, factory, key, nonce, kwargs): + + self.block_size = factory.block_size + """The block size of the underlying cipher, in bytes.""" + + self._factory = factory + + self._cipher_params = kwargs + + if len(key) not in (32, 48, 64): + raise ValueError("Incorrect key length (%d bytes)" % len(key)) + + if nonce is not None: + if not is_buffer(nonce): + raise TypeError("When provided, the nonce must be bytes, bytearray or memoryview") + + if len(nonce) == 0: + raise ValueError("When provided, the nonce must be non-empty") + + self.nonce = _copy_bytes(None, None, nonce) + """Public attribute is only available in case of non-deterministic + encryption.""" + + subkey_size = len(key) // 2 + + self._mac_tag = None # Cache for MAC tag + self._kdf = _S2V(key[:subkey_size], + ciphermod=factory, + cipher_params=self._cipher_params) + self._subkey_cipher = key[subkey_size:] + + # Purely for the purpose of verifying that cipher_params are OK + factory.new(key[:subkey_size], factory.MODE_ECB, **kwargs) + + # Allowed transitions after initialization + self._next = [self.update, self.encrypt, self.decrypt, + self.digest, self.verify] + + def _create_ctr_cipher(self, v): + """Create a new CTR cipher from V in SIV mode""" + + v_int = bytes_to_long(v) + q = v_int & 0xFFFFFFFFFFFFFFFF7FFFFFFF7FFFFFFF + return self._factory.new( + self._subkey_cipher, + self._factory.MODE_CTR, + initial_value=q, + nonce=b"", + **self._cipher_params) + + def update(self, component): + """Protect one associated data component + + For SIV, the associated data is a sequence (*vector*) of non-empty + byte strings (*components*). + + This method consumes the next component. It must be called + once for each of the components that constitue the associated data. + + Note that the components have clear boundaries, so that: + + >>> cipher.update(b"builtin") + >>> cipher.update(b"securely") + + is not equivalent to: + + >>> cipher.update(b"built") + >>> cipher.update(b"insecurely") + + If there is no associated data, this method must not be called. + + :Parameters: + component : bytes/bytearray/memoryview + The next associated data component. + """ + + if self.update not in self._next: + raise TypeError("update() can only be called" + " immediately after initialization") + + self._next = [self.update, self.encrypt, self.decrypt, + self.digest, self.verify] + + return self._kdf.update(component) + + def encrypt(self, plaintext): + """ + For SIV, encryption and MAC authentication must take place at the same + point. This method shall not be used. + + Use `encrypt_and_digest` instead. + """ + + raise TypeError("encrypt() not allowed for SIV mode." + " Use encrypt_and_digest() instead.") + + def decrypt(self, ciphertext): + """ + For SIV, decryption and verification must take place at the same + point. This method shall not be used. + + Use `decrypt_and_verify` instead. + """ + + raise TypeError("decrypt() not allowed for SIV mode." + " Use decrypt_and_verify() instead.") + + def digest(self): + """Compute the *binary* MAC tag. + + The caller invokes this function at the very end. + + This method returns the MAC that shall be sent to the receiver, + together with the ciphertext. + + :Return: the MAC, as a byte string. + """ + + if self.digest not in self._next: + raise TypeError("digest() cannot be called when decrypting" + " or validating a message") + self._next = [self.digest] + if self._mac_tag is None: + self._mac_tag = self._kdf.derive() + return self._mac_tag + + def hexdigest(self): + """Compute the *printable* MAC tag. + + This method is like `digest`. + + :Return: the MAC, as a hexadecimal string. + """ + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def verify(self, received_mac_tag): + """Validate the *binary* MAC tag. + + The caller invokes this function at the very end. + + This method checks if the decrypted message is indeed valid + (that is, if the key is correct) and it has not been + tampered with while in transit. + + :Parameters: + received_mac_tag : bytes/bytearray/memoryview + This is the *binary* MAC, as received from the sender. + :Raises ValueError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + if self.verify not in self._next: + raise TypeError("verify() cannot be called" + " when encrypting a message") + self._next = [self.verify] + + if self._mac_tag is None: + self._mac_tag = self._kdf.derive() + + secret = get_random_bytes(16) + + mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=self._mac_tag) + mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=received_mac_tag) + + if mac1.digest() != mac2.digest(): + raise ValueError("MAC check failed") + + def hexverify(self, hex_mac_tag): + """Validate the *printable* MAC tag. + + This method is like `verify`. + + :Parameters: + hex_mac_tag : string + This is the *printable* MAC, as received from the sender. + :Raises ValueError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + self.verify(unhexlify(hex_mac_tag)) + + def encrypt_and_digest(self, plaintext, output=None): + """Perform encrypt() and digest() in one step. + + :Parameters: + plaintext : bytes/bytearray/memoryview + The piece of data to encrypt. + :Keywords: + output : bytearray/memoryview + The location where the ciphertext must be written to. + If ``None``, the ciphertext is returned. + :Return: + a tuple with two items: + + - the ciphertext, as ``bytes`` + - the MAC tag, as ``bytes`` + + The first item becomes ``None`` when the ``output`` parameter + specified a location for the result. + """ + + if self.encrypt not in self._next: + raise TypeError("encrypt() can only be called after" + " initialization or an update()") + + self._next = [ self.digest ] + + # Compute V (MAC) + if hasattr(self, 'nonce'): + self._kdf.update(self.nonce) + self._kdf.update(plaintext) + self._mac_tag = self._kdf.derive() + + cipher = self._create_ctr_cipher(self._mac_tag) + + return cipher.encrypt(plaintext, output=output), self._mac_tag + + def decrypt_and_verify(self, ciphertext, mac_tag, output=None): + """Perform decryption and verification in one step. + + A cipher object is stateful: once you have decrypted a message + you cannot decrypt (or encrypt) another message with the same + object. + + You cannot reuse an object for encrypting + or decrypting other data with the same key. + + This function does not remove any padding from the plaintext. + + :Parameters: + ciphertext : bytes/bytearray/memoryview + The piece of data to decrypt. + It can be of any length. + mac_tag : bytes/bytearray/memoryview + This is the *binary* MAC, as received from the sender. + :Keywords: + output : bytearray/memoryview + The location where the plaintext must be written to. + If ``None``, the plaintext is returned. + :Return: the plaintext as ``bytes`` or ``None`` when the ``output`` + parameter specified a location for the result. + :Raises ValueError: + if the MAC does not match. The message has been tampered with + or the key is incorrect. + """ + + if self.decrypt not in self._next: + raise TypeError("decrypt() can only be called" + " after initialization or an update()") + self._next = [ self.verify ] + + # Take the MAC and start the cipher for decryption + self._cipher = self._create_ctr_cipher(mac_tag) + + plaintext = self._cipher.decrypt(ciphertext, output=output) + + if hasattr(self, 'nonce'): + self._kdf.update(self.nonce) + self._kdf.update(plaintext if output is None else output) + self.verify(mac_tag) + + return plaintext + + +def _create_siv_cipher(factory, **kwargs): + """Create a new block cipher, configured in + Synthetic Initializaton Vector (SIV) mode. + + :Parameters: + + factory : object + A symmetric cipher module from `Cryptodome.Cipher` + (like `Cryptodome.Cipher.AES`). + + :Keywords: + + key : bytes/bytearray/memoryview + The secret key to use in the symmetric cipher. + It must be 32, 48 or 64 bytes long. + If AES is the chosen cipher, the variants *AES-128*, + *AES-192* and or *AES-256* will be used internally. + + nonce : bytes/bytearray/memoryview + For deterministic encryption, it is not present. + + Otherwise, it is a value that must never be reused + for encrypting message under this key. + + There are no restrictions on its length, + but it is recommended to use at least 16 bytes. + """ + + try: + key = kwargs.pop("key") + except KeyError as e: + raise TypeError("Missing parameter: " + str(e)) + + nonce = kwargs.pop("nonce", None) + + return SivMode(factory, key, nonce, kwargs) diff --git a/frozen_deps/Cryptodome/Cipher/_mode_siv.pyi b/frozen_deps/Cryptodome/Cipher/_mode_siv.pyi new file mode 100644 index 0000000..2934f23 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_mode_siv.pyi @@ -0,0 +1,38 @@ +from types import ModuleType +from typing import Union, Tuple, Dict, Optional, overload + +Buffer = Union[bytes, bytearray, memoryview] + +__all__ = ['SivMode'] + +class SivMode(object): + block_size: int + nonce: bytes + + def __init__(self, + factory: ModuleType, + key: Buffer, + nonce: Buffer, + kwargs: Dict) -> None: ... + + def update(self, component: Buffer) -> SivMode: ... + + def encrypt(self, plaintext: Buffer) -> bytes: ... + def decrypt(self, plaintext: Buffer) -> bytes: ... + + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def verify(self, received_mac_tag: Buffer) -> None: ... + def hexverify(self, hex_mac_tag: str) -> None: ... + + @overload + def encrypt_and_digest(self, + plaintext: Buffer) -> Tuple[bytes, bytes]: ... + @overload + def encrypt_and_digest(self, + plaintext: Buffer, + output: Buffer) -> Tuple[None, bytes]: ... + def decrypt_and_verify(self, + ciphertext: Buffer, + received_mac_tag: Buffer, + output: Optional[Union[bytearray, memoryview]] = ...) -> bytes: ... diff --git a/frozen_deps/Cryptodome/Cipher/_raw_aes.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_aes.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..e62f4d1 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_aes.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_aesni.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_aesni.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..b92e170 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_aesni.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_arc2.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_arc2.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..07a720a --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_arc2.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_blowfish.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_blowfish.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..05abfd1 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_blowfish.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_cast.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_cast.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..2523fcb --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_cast.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_cbc.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_cbc.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..1b013f3 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_cbc.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_cfb.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_cfb.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..6a28991 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_cfb.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ctr.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_ctr.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..0529cf8 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_ctr.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Crypto/Cipher/_DES.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_des.cpython-38-x86_64-linux-gnu.so Binary files differindex e025c0d..1d73854 100755 --- a/frozen_deps/Crypto/Cipher/_DES.cpython-38-x86_64-linux-gnu.so +++ b/frozen_deps/Cryptodome/Cipher/_raw_des.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_des3.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_des3.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..8c4afa5 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_des3.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ecb.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_ecb.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..0775c0b --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_ecb.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_eksblowfish.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_eksblowfish.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..979fe63 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_eksblowfish.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ocb.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_ocb.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..d545618 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_ocb.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ofb.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_ofb.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..7157784 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_ofb.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Hash/BLAKE2b.py b/frozen_deps/Cryptodome/Hash/BLAKE2b.py new file mode 100644 index 0000000..d7e968f --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/BLAKE2b.py @@ -0,0 +1,247 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from binascii import unhexlify + +from Cryptodome.Util.py3compat import bord, tobytes + +from Cryptodome.Random import get_random_bytes +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +_raw_blake2b_lib = load_pycryptodome_raw_lib("Cryptodome.Hash._BLAKE2b", + """ + int blake2b_init(void **state, + const uint8_t *key, + size_t key_size, + size_t digest_size); + int blake2b_destroy(void *state); + int blake2b_update(void *state, + const uint8_t *buf, + size_t len); + int blake2b_digest(const void *state, + uint8_t digest[64]); + int blake2b_copy(const void *src, void *dst); + """) + + +class BLAKE2b_Hash(object): + """A BLAKE2b hash object. + Do not instantiate directly. Use the :func:`new` function. + + :ivar oid: ASN.1 Object ID + :vartype oid: string + + :ivar block_size: the size in bytes of the internal message block, + input to the compression function + :vartype block_size: integer + + :ivar digest_size: the size in bytes of the resulting hash + :vartype digest_size: integer + """ + + # The internal block size of the hash algorithm in bytes. + block_size = 64 + + def __init__(self, data, key, digest_bytes, update_after_digest): + + # The size of the resulting hash in bytes. + self.digest_size = digest_bytes + + self._update_after_digest = update_after_digest + self._digest_done = False + + # See https://tools.ietf.org/html/rfc7693 + if digest_bytes in (20, 32, 48, 64) and not key: + self.oid = "1.3.6.1.4.1.1722.12.2.1." + str(digest_bytes) + + state = VoidPointer() + result = _raw_blake2b_lib.blake2b_init(state.address_of(), + c_uint8_ptr(key), + c_size_t(len(key)), + c_size_t(digest_bytes) + ) + if result: + raise ValueError("Error %d while instantiating BLAKE2b" % result) + self._state = SmartPointer(state.get(), + _raw_blake2b_lib.blake2b_destroy) + if data: + self.update(data) + + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (bytes/bytearray/memoryview): The next chunk of the message being hashed. + """ + + if self._digest_done and not self._update_after_digest: + raise TypeError("You can only call 'digest' or 'hexdigest' on this object") + + result = _raw_blake2b_lib.blake2b_update(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while hashing BLAKE2b data" % result) + return self + + + def digest(self): + """Return the **binary** (non-printable) digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + bfr = create_string_buffer(64) + result = _raw_blake2b_lib.blake2b_digest(self._state.get(), + bfr) + if result: + raise ValueError("Error %d while creating BLAKE2b digest" % result) + + self._digest_done = True + + return get_raw_buffer(bfr)[:self.digest_size] + + + def hexdigest(self): + """Return the **printable** digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) for x in tuple(self.digest())]) + + + def verify(self, mac_tag): + """Verify that a given **binary** MAC (computed by another party) + is valid. + + Args: + mac_tag (bytes/bytearray/memoryview): the expected MAC of the message. + + Raises: + ValueError: if the MAC does not match. It means that the message + has been tampered with or that the MAC key is incorrect. + """ + + secret = get_random_bytes(16) + + mac1 = new(digest_bits=160, key=secret, data=mac_tag) + mac2 = new(digest_bits=160, key=secret, data=self.digest()) + + if mac1.digest() != mac2.digest(): + raise ValueError("MAC check failed") + + + def hexverify(self, hex_mac_tag): + """Verify that a given **printable** MAC (computed by another party) + is valid. + + Args: + hex_mac_tag (string): the expected MAC of the message, as a hexadecimal string. + + Raises: + ValueError: if the MAC does not match. It means that the message + has been tampered with or that the MAC key is incorrect. + """ + + self.verify(unhexlify(tobytes(hex_mac_tag))) + + + def new(self, **kwargs): + """Return a new instance of a BLAKE2b hash object. + See :func:`new`. + """ + + if "digest_bytes" not in kwargs and "digest_bits" not in kwargs: + kwargs["digest_bytes"] = self.digest_size + + return new(**kwargs) + + +def new(**kwargs): + """Create a new hash object. + + Args: + data (bytes/bytearray/memoryview): + Optional. The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`BLAKE2b_Hash.update`. + digest_bytes (integer): + Optional. The size of the digest, in bytes (1 to 64). Default is 64. + digest_bits (integer): + Optional and alternative to ``digest_bytes``. + The size of the digest, in bits (8 to 512, in steps of 8). + Default is 512. + key (bytes/bytearray/memoryview): + Optional. The key to use to compute the MAC (1 to 64 bytes). + If not specified, no key will be used. + update_after_digest (boolean): + Optional. By default, a hash object cannot be updated anymore after + the digest is computed. When this flag is ``True``, such check + is no longer enforced. + + Returns: + A :class:`BLAKE2b_Hash` hash object + """ + + data = kwargs.pop("data", None) + update_after_digest = kwargs.pop("update_after_digest", False) + + digest_bytes = kwargs.pop("digest_bytes", None) + digest_bits = kwargs.pop("digest_bits", None) + if None not in (digest_bytes, digest_bits): + raise TypeError("Only one digest parameter must be provided") + if (None, None) == (digest_bytes, digest_bits): + digest_bytes = 64 + if digest_bytes is not None: + if not (1 <= digest_bytes <= 64): + raise ValueError("'digest_bytes' not in range 1..64") + else: + if not (8 <= digest_bits <= 512) or (digest_bits % 8): + raise ValueError("'digest_bytes' not in range 8..512, " + "with steps of 8") + digest_bytes = digest_bits // 8 + + key = kwargs.pop("key", b"") + if len(key) > 64: + raise ValueError("BLAKE2s key cannot exceed 64 bytes") + + if kwargs: + raise TypeError("Unknown parameters: " + str(kwargs)) + + return BLAKE2b_Hash(data, key, digest_bytes, update_after_digest) diff --git a/frozen_deps/Cryptodome/Hash/BLAKE2b.pyi b/frozen_deps/Cryptodome/Hash/BLAKE2b.pyi new file mode 100644 index 0000000..ac3bf57 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/BLAKE2b.pyi @@ -0,0 +1,31 @@ +from typing import Any, Union + +Buffer = Union[bytes, bytearray, memoryview] + +class BLAKE2b_Hash(object): + block_size: int + digest_size: int + oid: str + + def __init__(self, + data: Buffer, + key: Buffer, + digest_bytes: bytes, + update_after_digest: bool) -> None: ... + def update(self, data: Buffer) -> BLAKE2b_Hash: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def verify(self, mac_tag: Buffer) -> None: ... + def hexverify(self, hex_mac_tag: str) -> None: ... + def new(self, + data: Buffer = ..., + digest_bytes: int = ..., + digest_bits: int = ..., + key: Buffer = ..., + update_after_digest: bool = ...) -> BLAKE2b_Hash: ... + +def new(data: Buffer = ..., + digest_bytes: int = ..., + digest_bits: int = ..., + key: Buffer = ..., + update_after_digest: bool = ...) -> BLAKE2b_Hash: ... diff --git a/frozen_deps/Cryptodome/Hash/BLAKE2s.py b/frozen_deps/Cryptodome/Hash/BLAKE2s.py new file mode 100644 index 0000000..a16b515 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/BLAKE2s.py @@ -0,0 +1,247 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from binascii import unhexlify + +from Cryptodome.Util.py3compat import bord, tobytes + +from Cryptodome.Random import get_random_bytes +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +_raw_blake2s_lib = load_pycryptodome_raw_lib("Cryptodome.Hash._BLAKE2s", + """ + int blake2s_init(void **state, + const uint8_t *key, + size_t key_size, + size_t digest_size); + int blake2s_destroy(void *state); + int blake2s_update(void *state, + const uint8_t *buf, + size_t len); + int blake2s_digest(const void *state, + uint8_t digest[32]); + int blake2s_copy(const void *src, void *dst); + """) + + +class BLAKE2s_Hash(object): + """A BLAKE2s hash object. + Do not instantiate directly. Use the :func:`new` function. + + :ivar oid: ASN.1 Object ID + :vartype oid: string + + :ivar block_size: the size in bytes of the internal message block, + input to the compression function + :vartype block_size: integer + + :ivar digest_size: the size in bytes of the resulting hash + :vartype digest_size: integer + """ + + # The internal block size of the hash algorithm in bytes. + block_size = 32 + + def __init__(self, data, key, digest_bytes, update_after_digest): + + # The size of the resulting hash in bytes. + self.digest_size = digest_bytes + + self._update_after_digest = update_after_digest + self._digest_done = False + + # See https://tools.ietf.org/html/rfc7693 + if digest_bytes in (16, 20, 28, 32) and not key: + self.oid = "1.3.6.1.4.1.1722.12.2.2." + str(digest_bytes) + + state = VoidPointer() + result = _raw_blake2s_lib.blake2s_init(state.address_of(), + c_uint8_ptr(key), + c_size_t(len(key)), + c_size_t(digest_bytes) + ) + if result: + raise ValueError("Error %d while instantiating BLAKE2s" % result) + self._state = SmartPointer(state.get(), + _raw_blake2s_lib.blake2s_destroy) + if data: + self.update(data) + + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (byte string/byte array/memoryview): The next chunk of the message being hashed. + """ + + if self._digest_done and not self._update_after_digest: + raise TypeError("You can only call 'digest' or 'hexdigest' on this object") + + result = _raw_blake2s_lib.blake2s_update(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while hashing BLAKE2s data" % result) + return self + + + def digest(self): + """Return the **binary** (non-printable) digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + bfr = create_string_buffer(32) + result = _raw_blake2s_lib.blake2s_digest(self._state.get(), + bfr) + if result: + raise ValueError("Error %d while creating BLAKE2s digest" % result) + + self._digest_done = True + + return get_raw_buffer(bfr)[:self.digest_size] + + + def hexdigest(self): + """Return the **printable** digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) for x in tuple(self.digest())]) + + + def verify(self, mac_tag): + """Verify that a given **binary** MAC (computed by another party) + is valid. + + Args: + mac_tag (byte string/byte array/memoryview): the expected MAC of the message. + + Raises: + ValueError: if the MAC does not match. It means that the message + has been tampered with or that the MAC key is incorrect. + """ + + secret = get_random_bytes(16) + + mac1 = new(digest_bits=160, key=secret, data=mac_tag) + mac2 = new(digest_bits=160, key=secret, data=self.digest()) + + if mac1.digest() != mac2.digest(): + raise ValueError("MAC check failed") + + + def hexverify(self, hex_mac_tag): + """Verify that a given **printable** MAC (computed by another party) + is valid. + + Args: + hex_mac_tag (string): the expected MAC of the message, as a hexadecimal string. + + Raises: + ValueError: if the MAC does not match. It means that the message + has been tampered with or that the MAC key is incorrect. + """ + + self.verify(unhexlify(tobytes(hex_mac_tag))) + + + def new(self, **kwargs): + """Return a new instance of a BLAKE2s hash object. + See :func:`new`. + """ + + if "digest_bytes" not in kwargs and "digest_bits" not in kwargs: + kwargs["digest_bytes"] = self.digest_size + + return new(**kwargs) + + +def new(**kwargs): + """Create a new hash object. + + Args: + data (byte string/byte array/memoryview): + Optional. The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`BLAKE2s_Hash.update`. + digest_bytes (integer): + Optional. The size of the digest, in bytes (1 to 32). Default is 32. + digest_bits (integer): + Optional and alternative to ``digest_bytes``. + The size of the digest, in bits (8 to 256, in steps of 8). + Default is 256. + key (byte string): + Optional. The key to use to compute the MAC (1 to 64 bytes). + If not specified, no key will be used. + update_after_digest (boolean): + Optional. By default, a hash object cannot be updated anymore after + the digest is computed. When this flag is ``True``, such check + is no longer enforced. + + Returns: + A :class:`BLAKE2s_Hash` hash object + """ + + data = kwargs.pop("data", None) + update_after_digest = kwargs.pop("update_after_digest", False) + + digest_bytes = kwargs.pop("digest_bytes", None) + digest_bits = kwargs.pop("digest_bits", None) + if None not in (digest_bytes, digest_bits): + raise TypeError("Only one digest parameter must be provided") + if (None, None) == (digest_bytes, digest_bits): + digest_bytes = 32 + if digest_bytes is not None: + if not (1 <= digest_bytes <= 32): + raise ValueError("'digest_bytes' not in range 1..32") + else: + if not (8 <= digest_bits <= 256) or (digest_bits % 8): + raise ValueError("'digest_bytes' not in range 8..256, " + "with steps of 8") + digest_bytes = digest_bits // 8 + + key = kwargs.pop("key", b"") + if len(key) > 32: + raise ValueError("BLAKE2s key cannot exceed 32 bytes") + + if kwargs: + raise TypeError("Unknown parameters: " + str(kwargs)) + + return BLAKE2s_Hash(data, key, digest_bytes, update_after_digest) diff --git a/frozen_deps/Cryptodome/Hash/BLAKE2s.pyi b/frozen_deps/Cryptodome/Hash/BLAKE2s.pyi new file mode 100644 index 0000000..374b3a4 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/BLAKE2s.pyi @@ -0,0 +1,26 @@ +from typing import Any, Union + +Buffer = Union[bytes, bytearray, memoryview] + +class BLAKE2s_Hash(object): + block_size: int + digest_size: int + oid: str + + def __init__(self, + data: Buffer, + key: Buffer, + digest_bytes: bytes, + update_after_digest: bool) -> None: ... + def update(self, data: Buffer) -> BLAKE2s_Hash: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def verify(self, mac_tag: Buffer) -> None: ... + def hexverify(self, hex_mac_tag: str) -> None: ... + def new(self, **kwargs: Any) -> BLAKE2s_Hash: ... + +def new(data: Buffer = ..., + digest_bytes: int = ..., + digest_bits: int = ..., + key: Buffer = ..., + update_after_digest: bool = ...) -> BLAKE2s_Hash: ... diff --git a/frozen_deps/Cryptodome/Hash/CMAC.py b/frozen_deps/Cryptodome/Hash/CMAC.py new file mode 100644 index 0000000..df69f00 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/CMAC.py @@ -0,0 +1,305 @@ +# -*- coding: utf-8 -*- +# +# Hash/CMAC.py - Implements the CMAC algorithm +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +import sys +from binascii import unhexlify + +from Cryptodome.Hash import BLAKE2s +from Cryptodome.Util.strxor import strxor +from Cryptodome.Util.number import long_to_bytes, bytes_to_long +from Cryptodome.Util.py3compat import bord, tobytes, _copy_bytes +from Cryptodome.Random import get_random_bytes + +if sys.version_info[:2] == (2, 6): + memoryview = bytes + +# The size of the authentication tag produced by the MAC. +digest_size = None + + +def _shift_bytes(bs, xor_lsb=0): + num = (bytes_to_long(bs) << 1) ^ xor_lsb + return long_to_bytes(num, len(bs))[-len(bs):] + + +class CMAC(object): + """A CMAC hash object. + Do not instantiate directly. Use the :func:`new` function. + + :ivar digest_size: the size in bytes of the resulting MAC tag + :vartype digest_size: integer + """ + + digest_size = None + + def __init__(self, key, msg, ciphermod, cipher_params, mac_len, + update_after_digest): + + self.digest_size = mac_len + + self._key = _copy_bytes(None, None, key) + self._factory = ciphermod + self._cipher_params = cipher_params + self._block_size = bs = ciphermod.block_size + self._mac_tag = None + self._update_after_digest = update_after_digest + + # Section 5.3 of NIST SP 800 38B and Appendix B + if bs == 8: + const_Rb = 0x1B + self._max_size = 8 * (2 ** 21) + elif bs == 16: + const_Rb = 0x87 + self._max_size = 16 * (2 ** 48) + else: + raise TypeError("CMAC requires a cipher with a block size" + " of 8 or 16 bytes, not %d" % bs) + + # Compute sub-keys + zero_block = b'\x00' * bs + self._ecb = ciphermod.new(key, + ciphermod.MODE_ECB, + **self._cipher_params) + L = self._ecb.encrypt(zero_block) + if bord(L[0]) & 0x80: + self._k1 = _shift_bytes(L, const_Rb) + else: + self._k1 = _shift_bytes(L) + if bord(self._k1[0]) & 0x80: + self._k2 = _shift_bytes(self._k1, const_Rb) + else: + self._k2 = _shift_bytes(self._k1) + + # Initialize CBC cipher with zero IV + self._cbc = ciphermod.new(key, + ciphermod.MODE_CBC, + zero_block, + **self._cipher_params) + + # Cache for outstanding data to authenticate + self._cache = bytearray(bs) + self._cache_n = 0 + + # Last piece of ciphertext produced + self._last_ct = zero_block + + # Last block that was encrypted with AES + self._last_pt = None + + # Counter for total message size + self._data_size = 0 + + if msg: + self.update(msg) + + def update(self, msg): + """Authenticate the next chunk of message. + + Args: + data (byte string/byte array/memoryview): The next chunk of data + """ + + if self._mac_tag is not None and not self._update_after_digest: + raise TypeError("update() cannot be called after digest() or verify()") + + self._data_size += len(msg) + bs = self._block_size + + if self._cache_n > 0: + filler = min(bs - self._cache_n, len(msg)) + self._cache[self._cache_n:self._cache_n+filler] = msg[:filler] + self._cache_n += filler + + if self._cache_n < bs: + return self + + msg = memoryview(msg)[filler:] + self._update(self._cache) + self._cache_n = 0 + + remain = len(msg) % bs + if remain > 0: + self._update(msg[:-remain]) + self._cache[:remain] = msg[-remain:] + else: + self._update(msg) + self._cache_n = remain + return self + + def _update(self, data_block): + """Update a block aligned to the block boundary""" + + bs = self._block_size + assert len(data_block) % bs == 0 + + if len(data_block) == 0: + return + + ct = self._cbc.encrypt(data_block) + if len(data_block) == bs: + second_last = self._last_ct + else: + second_last = ct[-bs*2:-bs] + self._last_ct = ct[-bs:] + self._last_pt = strxor(second_last, data_block[-bs:]) + + def copy(self): + """Return a copy ("clone") of the CMAC object. + + The copy will have the same internal state as the original CMAC + object. + This can be used to efficiently compute the MAC tag of byte + strings that share a common initial substring. + + :return: An :class:`CMAC` + """ + + obj = self.__new__(CMAC) + obj.__dict__ = self.__dict__.copy() + obj._cbc = self._factory.new(self._key, + self._factory.MODE_CBC, + self._last_ct, + **self._cipher_params) + obj._cache = self._cache[:] + obj._last_ct = self._last_ct[:] + return obj + + def digest(self): + """Return the **binary** (non-printable) MAC tag of the message + that has been authenticated so far. + + :return: The MAC tag, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + bs = self._block_size + + if self._mac_tag is not None and not self._update_after_digest: + return self._mac_tag + + if self._data_size > self._max_size: + raise ValueError("MAC is unsafe for this message") + + if self._cache_n == 0 and self._data_size > 0: + # Last block was full + pt = strxor(self._last_pt, self._k1) + else: + # Last block is partial (or message length is zero) + partial = self._cache[:] + partial[self._cache_n:] = b'\x80' + b'\x00' * (bs - self._cache_n - 1) + pt = strxor(strxor(self._last_ct, partial), self._k2) + + self._mac_tag = self._ecb.encrypt(pt)[:self.digest_size] + + return self._mac_tag + + def hexdigest(self): + """Return the **printable** MAC tag of the message authenticated so far. + + :return: The MAC tag, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) + for x in tuple(self.digest())]) + + def verify(self, mac_tag): + """Verify that a given **binary** MAC (computed by another party) + is valid. + + Args: + mac_tag (byte string/byte array/memoryview): the expected MAC of the message. + + Raises: + ValueError: if the MAC does not match. It means that the message + has been tampered with or that the MAC key is incorrect. + """ + + secret = get_random_bytes(16) + + mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=mac_tag) + mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=self.digest()) + + if mac1.digest() != mac2.digest(): + raise ValueError("MAC check failed") + + def hexverify(self, hex_mac_tag): + """Return the **printable** MAC tag of the message authenticated so far. + + :return: The MAC tag, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + self.verify(unhexlify(tobytes(hex_mac_tag))) + + +def new(key, msg=None, ciphermod=None, cipher_params=None, mac_len=None, + update_after_digest=False): + """Create a new MAC object. + + Args: + key (byte string/byte array/memoryview): + key for the CMAC object. + The key must be valid for the underlying cipher algorithm. + For instance, it must be 16 bytes long for AES-128. + ciphermod (module): + A cipher module from :mod:`Cryptodome.Cipher`. + The cipher's block size has to be 128 bits, + like :mod:`Cryptodome.Cipher.AES`, to reduce the probability + of collisions. + msg (byte string/byte array/memoryview): + Optional. The very first chunk of the message to authenticate. + It is equivalent to an early call to `CMAC.update`. Optional. + cipher_params (dict): + Optional. A set of parameters to use when instantiating a cipher + object. + mac_len (integer): + Length of the MAC, in bytes. + It must be at least 4 bytes long. + The default (and recommended) length matches the size of a cipher block. + update_after_digest (boolean): + Optional. By default, a hash object cannot be updated anymore after + the digest is computed. When this flag is ``True``, such check + is no longer enforced. + Returns: + A :class:`CMAC` object + """ + + if ciphermod is None: + raise TypeError("ciphermod must be specified (try AES)") + + cipher_params = {} if cipher_params is None else dict(cipher_params) + + if mac_len is None: + mac_len = ciphermod.block_size + + if mac_len < 4: + raise ValueError("MAC tag length must be at least 4 bytes long") + + if mac_len > ciphermod.block_size: + raise ValueError("MAC tag length cannot be larger than a cipher block (%d) bytes" % ciphermod.block_size) + + return CMAC(key, msg, ciphermod, cipher_params, mac_len, + update_after_digest) diff --git a/frozen_deps/Cryptodome/Hash/CMAC.pyi b/frozen_deps/Cryptodome/Hash/CMAC.pyi new file mode 100644 index 0000000..33773aa --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/CMAC.pyi @@ -0,0 +1,30 @@ +from types import ModuleType +from typing import Union, Dict + +Buffer = Union[bytes, bytearray, memoryview] + +digest_size: int + +class CMAC(object): + digest_size: int + + def __init__(self, + key: Buffer, + msg: Buffer, + ciphermod: ModuleType, + cipher_params: dict, + mac_len: int, update_after_digest: bool) -> None: ... + def update(self, data: Buffer) -> CMAC: ... + def copy(self) -> CMAC: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def verify(self, mac_tag: Buffer) -> None: ... + def hexverify(self, hex_mac_tag: str) -> None: ... + + +def new(key: Buffer, + msg: Buffer = ..., + ciphermod: ModuleType = ..., + cipher_params: Dict = ..., + mac_len: int = ..., + update_after_digest: bool = ...) -> CMAC: ... diff --git a/frozen_deps/Cryptodome/Hash/HMAC.py b/frozen_deps/Cryptodome/Hash/HMAC.py new file mode 100644 index 0000000..ac94b20 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/HMAC.py @@ -0,0 +1,213 @@ +# +# HMAC.py - Implements the HMAC algorithm as described by RFC 2104. +# +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from Cryptodome.Util.py3compat import bord, tobytes, _memoryview + +from binascii import unhexlify + +from Cryptodome.Hash import MD5 +from Cryptodome.Hash import BLAKE2s +from Cryptodome.Util.strxor import strxor +from Cryptodome.Random import get_random_bytes + +__all__ = ['new', 'HMAC'] + + +class HMAC(object): + """An HMAC hash object. + Do not instantiate directly. Use the :func:`new` function. + + :ivar digest_size: the size in bytes of the resulting MAC tag + :vartype digest_size: integer + """ + + def __init__(self, key, msg=b"", digestmod=None): + + if digestmod is None: + digestmod = MD5 + + if msg is None: + msg = b"" + + # Size of the MAC tag + self.digest_size = digestmod.digest_size + + self._digestmod = digestmod + + if isinstance(key, _memoryview): + key = key.tobytes() + + try: + if len(key) <= digestmod.block_size: + # Step 1 or 2 + key_0 = key + b"\x00" * (digestmod.block_size - len(key)) + else: + # Step 3 + hash_k = digestmod.new(key).digest() + key_0 = hash_k + b"\x00" * (digestmod.block_size - len(hash_k)) + except AttributeError: + # Not all hash types have "block_size" + raise ValueError("Hash type incompatible to HMAC") + + # Step 4 + key_0_ipad = strxor(key_0, b"\x36" * len(key_0)) + + # Start step 5 and 6 + self._inner = digestmod.new(key_0_ipad) + self._inner.update(msg) + + # Step 7 + key_0_opad = strxor(key_0, b"\x5c" * len(key_0)) + + # Start step 8 and 9 + self._outer = digestmod.new(key_0_opad) + + def update(self, msg): + """Authenticate the next chunk of message. + + Args: + data (byte string/byte array/memoryview): The next chunk of data + """ + + self._inner.update(msg) + return self + + def _pbkdf2_hmac_assist(self, first_digest, iterations): + """Carry out the expensive inner loop for PBKDF2-HMAC""" + + result = self._digestmod._pbkdf2_hmac_assist( + self._inner, + self._outer, + first_digest, + iterations) + return result + + def copy(self): + """Return a copy ("clone") of the HMAC object. + + The copy will have the same internal state as the original HMAC + object. + This can be used to efficiently compute the MAC tag of byte + strings that share a common initial substring. + + :return: An :class:`HMAC` + """ + + new_hmac = HMAC(b"fake key", digestmod=self._digestmod) + + # Syncronize the state + new_hmac._inner = self._inner.copy() + new_hmac._outer = self._outer.copy() + + return new_hmac + + def digest(self): + """Return the **binary** (non-printable) MAC tag of the message + authenticated so far. + + :return: The MAC tag digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + frozen_outer_hash = self._outer.copy() + frozen_outer_hash.update(self._inner.digest()) + return frozen_outer_hash.digest() + + def verify(self, mac_tag): + """Verify that a given **binary** MAC (computed by another party) + is valid. + + Args: + mac_tag (byte string/byte string/memoryview): the expected MAC of the message. + + Raises: + ValueError: if the MAC does not match. It means that the message + has been tampered with or that the MAC key is incorrect. + """ + + secret = get_random_bytes(16) + + mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=mac_tag) + mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=self.digest()) + + if mac1.digest() != mac2.digest(): + raise ValueError("MAC check failed") + + def hexdigest(self): + """Return the **printable** MAC tag of the message authenticated so far. + + :return: The MAC tag, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) + for x in tuple(self.digest())]) + + def hexverify(self, hex_mac_tag): + """Verify that a given **printable** MAC (computed by another party) + is valid. + + Args: + hex_mac_tag (string): the expected MAC of the message, + as a hexadecimal string. + + Raises: + ValueError: if the MAC does not match. It means that the message + has been tampered with or that the MAC key is incorrect. + """ + + self.verify(unhexlify(tobytes(hex_mac_tag))) + + +def new(key, msg=b"", digestmod=None): + """Create a new MAC object. + + Args: + key (bytes/bytearray/memoryview): + key for the MAC object. + It must be long enough to match the expected security level of the + MAC. + msg (bytes/bytearray/memoryview): + Optional. The very first chunk of the message to authenticate. + It is equivalent to an early call to :meth:`HMAC.update`. + digestmod (module): + The hash to use to implement the HMAC. + Default is :mod:`Cryptodome.Hash.MD5`. + + Returns: + An :class:`HMAC` object + """ + + return HMAC(key, msg, digestmod) diff --git a/frozen_deps/Cryptodome/Hash/HMAC.pyi b/frozen_deps/Cryptodome/Hash/HMAC.pyi new file mode 100644 index 0000000..b577230 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/HMAC.pyi @@ -0,0 +1,25 @@ +from types import ModuleType +from typing import Union, Dict + +Buffer = Union[bytes, bytearray, memoryview] + +digest_size: int + +class HMAC(object): + digest_size: int + + def __init__(self, + key: Buffer, + msg: Buffer, + digestmod: ModuleType) -> None: ... + def update(self, msg: Buffer) -> HMAC: ... + def copy(self) -> HMAC: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def verify(self, mac_tag: Buffer) -> None: ... + def hexverify(self, hex_mac_tag: str) -> None: ... + + +def new(key: Buffer, + msg: Buffer = ..., + digestmod: ModuleType = ...) -> HMAC: ... diff --git a/frozen_deps/Cryptodome/Hash/MD2.py b/frozen_deps/Cryptodome/Hash/MD2.py new file mode 100644 index 0000000..47ecc05 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/MD2.py @@ -0,0 +1,166 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from Cryptodome.Util.py3compat import bord + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +_raw_md2_lib = load_pycryptodome_raw_lib( + "Cryptodome.Hash._MD2", + """ + int md2_init(void **shaState); + int md2_destroy(void *shaState); + int md2_update(void *hs, + const uint8_t *buf, + size_t len); + int md2_digest(const void *shaState, + uint8_t digest[20]); + int md2_copy(const void *src, void *dst); + """) + + +class MD2Hash(object): + """An MD2 hash object. + Do not instantiate directly. Use the :func:`new` function. + + :ivar oid: ASN.1 Object ID + :vartype oid: string + + :ivar block_size: the size in bytes of the internal message block, + input to the compression function + :vartype block_size: integer + + :ivar digest_size: the size in bytes of the resulting hash + :vartype digest_size: integer + """ + + # The size of the resulting hash in bytes. + digest_size = 16 + # The internal block size of the hash algorithm in bytes. + block_size = 16 + # ASN.1 Object ID + oid = "1.2.840.113549.2.2" + + def __init__(self, data=None): + state = VoidPointer() + result = _raw_md2_lib.md2_init(state.address_of()) + if result: + raise ValueError("Error %d while instantiating MD2" + % result) + self._state = SmartPointer(state.get(), + _raw_md2_lib.md2_destroy) + if data: + self.update(data) + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (byte string/byte array/memoryview): The next chunk of the message being hashed. + """ + + result = _raw_md2_lib.md2_update(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while instantiating MD2" + % result) + + def digest(self): + """Return the **binary** (non-printable) digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + bfr = create_string_buffer(self.digest_size) + result = _raw_md2_lib.md2_digest(self._state.get(), + bfr) + if result: + raise ValueError("Error %d while instantiating MD2" + % result) + + return get_raw_buffer(bfr) + + def hexdigest(self): + """Return the **printable** digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def copy(self): + """Return a copy ("clone") of the hash object. + + The copy will have the same internal state as the original hash + object. + This can be used to efficiently compute the digests of strings that + share a common initial substring. + + :return: A hash object of the same type + """ + + clone = MD2Hash() + result = _raw_md2_lib.md2_copy(self._state.get(), + clone._state.get()) + if result: + raise ValueError("Error %d while copying MD2" % result) + return clone + + def new(self, data=None): + return MD2Hash(data) + + +def new(data=None): + """Create a new hash object. + + :parameter data: + Optional. The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`MD2Hash.update`. + :type data: bytes/bytearray/memoryview + + :Return: A :class:`MD2Hash` hash object + """ + + return MD2Hash().new(data) + +# The size of the resulting hash in bytes. +digest_size = MD2Hash.digest_size + +# The internal block size of the hash algorithm in bytes. +block_size = MD2Hash.block_size diff --git a/frozen_deps/Cryptodome/Hash/MD2.pyi b/frozen_deps/Cryptodome/Hash/MD2.pyi new file mode 100644 index 0000000..95a97a9 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/MD2.pyi @@ -0,0 +1,19 @@ +from typing import Union + +Buffer = Union[bytes, bytearray, memoryview] + +class MD4Hash(object): + digest_size: int + block_size: int + oid: str + + def __init__(self, data: Buffer = ...) -> None: ... + def update(self, data: Buffer) -> None: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def copy(self) -> MD4Hash: ... + def new(self, data: Buffer = ...) -> MD4Hash: ... + +def new(data: Buffer = ...) -> MD4Hash: ... +digest_size: int +block_size: int diff --git a/frozen_deps/Cryptodome/Hash/MD4.py b/frozen_deps/Cryptodome/Hash/MD4.py new file mode 100644 index 0000000..668fa65 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/MD4.py @@ -0,0 +1,185 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +""" +MD4 is specified in RFC1320_ and produces the 128 bit digest of a message. + + >>> from Cryptodome.Hash import MD4 + >>> + >>> h = MD4.new() + >>> h.update(b'Hello') + >>> print h.hexdigest() + +MD4 stand for Message Digest version 4, and it was invented by Rivest in 1990. +This algorithm is insecure. Do not use it for new designs. + +.. _RFC1320: http://tools.ietf.org/html/rfc1320 +""" + +from Cryptodome.Util.py3compat import bord + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +_raw_md4_lib = load_pycryptodome_raw_lib( + "Cryptodome.Hash._MD4", + """ + int md4_init(void **shaState); + int md4_destroy(void *shaState); + int md4_update(void *hs, + const uint8_t *buf, + size_t len); + int md4_digest(const void *shaState, + uint8_t digest[20]); + int md4_copy(const void *src, void *dst); + """) + + +class MD4Hash(object): + """Class that implements an MD4 hash + """ + + #: The size of the resulting hash in bytes. + digest_size = 16 + #: The internal block size of the hash algorithm in bytes. + block_size = 64 + #: ASN.1 Object ID + oid = "1.2.840.113549.2.4" + + def __init__(self, data=None): + state = VoidPointer() + result = _raw_md4_lib.md4_init(state.address_of()) + if result: + raise ValueError("Error %d while instantiating MD4" + % result) + self._state = SmartPointer(state.get(), + _raw_md4_lib.md4_destroy) + if data: + self.update(data) + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Repeated calls are equivalent to a single call with the concatenation + of all the arguments. In other words: + + >>> m.update(a); m.update(b) + + is equivalent to: + + >>> m.update(a+b) + + :Parameters: + data : byte string/byte array/memoryview + The next chunk of the message being hashed. + """ + + result = _raw_md4_lib.md4_update(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while instantiating MD4" + % result) + + def digest(self): + """Return the **binary** (non-printable) digest of the message that + has been hashed so far. + + This method does not change the state of the hash object. + You can continue updating the object after calling this function. + + :Return: A byte string of `digest_size` bytes. It may contain non-ASCII + characters, including null bytes. + """ + + bfr = create_string_buffer(self.digest_size) + result = _raw_md4_lib.md4_digest(self._state.get(), + bfr) + if result: + raise ValueError("Error %d while instantiating MD4" + % result) + + return get_raw_buffer(bfr) + + def hexdigest(self): + """Return the **printable** digest of the message that has been + hashed so far. + + This method does not change the state of the hash object. + + :Return: A string of 2* `digest_size` characters. It contains only + hexadecimal ASCII digits. + """ + + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def copy(self): + """Return a copy ("clone") of the hash object. + + The copy will have the same internal state as the original hash + object. + This can be used to efficiently compute the digests of strings that + share a common initial substring. + + :Return: A hash object of the same type + """ + + clone = MD4Hash() + result = _raw_md4_lib.md4_copy(self._state.get(), + clone._state.get()) + if result: + raise ValueError("Error %d while copying MD4" % result) + return clone + + def new(self, data=None): + return MD4Hash(data) + + +def new(data=None): + """Return a fresh instance of the hash object. + + :Parameters: + data : byte string/byte array/memoryview + The very first chunk of the message to hash. + It is equivalent to an early call to `MD4Hash.update()`. + Optional. + + :Return: A `MD4Hash` object + """ + return MD4Hash().new(data) + +#: The size of the resulting hash in bytes. +digest_size = MD4Hash.digest_size + +#: The internal block size of the hash algorithm in bytes. +block_size = MD4Hash.block_size diff --git a/frozen_deps/Cryptodome/Hash/MD4.pyi b/frozen_deps/Cryptodome/Hash/MD4.pyi new file mode 100644 index 0000000..a9a7295 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/MD4.pyi @@ -0,0 +1,19 @@ +from typing import Union, Optional + +Buffer = Union[bytes, bytearray, memoryview] + +class MD4Hash(object): + digest_size: int + block_size: int + oid: str + + def __init__(self, data: Optional[Buffer] = ...) -> None: ... + def update(self, data: Buffer) -> None: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def copy(self) -> MD4Hash: ... + def new(self, data: Optional[Buffer] = ...) -> MD4Hash: ... + +def new(data: Optional[Buffer] = ...) -> MD4Hash: ... +digest_size: int +block_size: int diff --git a/frozen_deps/Cryptodome/Hash/MD5.py b/frozen_deps/Cryptodome/Hash/MD5.py new file mode 100644 index 0000000..8f573a9 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/MD5.py @@ -0,0 +1,184 @@ +# -*- coding: utf-8 -*- +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +from Cryptodome.Util.py3compat import * + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +_raw_md5_lib = load_pycryptodome_raw_lib("Cryptodome.Hash._MD5", + """ + #define MD5_DIGEST_SIZE 16 + + int MD5_init(void **shaState); + int MD5_destroy(void *shaState); + int MD5_update(void *hs, + const uint8_t *buf, + size_t len); + int MD5_digest(const void *shaState, + uint8_t digest[MD5_DIGEST_SIZE]); + int MD5_copy(const void *src, void *dst); + + int MD5_pbkdf2_hmac_assist(const void *inner, + const void *outer, + const uint8_t first_digest[MD5_DIGEST_SIZE], + uint8_t final_digest[MD5_DIGEST_SIZE], + size_t iterations); + """) + +class MD5Hash(object): + """A MD5 hash object. + Do not instantiate directly. + Use the :func:`new` function. + + :ivar oid: ASN.1 Object ID + :vartype oid: string + + :ivar block_size: the size in bytes of the internal message block, + input to the compression function + :vartype block_size: integer + + :ivar digest_size: the size in bytes of the resulting hash + :vartype digest_size: integer + """ + + # The size of the resulting hash in bytes. + digest_size = 16 + # The internal block size of the hash algorithm in bytes. + block_size = 64 + # ASN.1 Object ID + oid = "1.2.840.113549.2.5" + + def __init__(self, data=None): + state = VoidPointer() + result = _raw_md5_lib.MD5_init(state.address_of()) + if result: + raise ValueError("Error %d while instantiating MD5" + % result) + self._state = SmartPointer(state.get(), + _raw_md5_lib.MD5_destroy) + if data: + self.update(data) + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (byte string/byte array/memoryview): The next chunk of the message being hashed. + """ + + result = _raw_md5_lib.MD5_update(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while instantiating MD5" + % result) + + def digest(self): + """Return the **binary** (non-printable) digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + bfr = create_string_buffer(self.digest_size) + result = _raw_md5_lib.MD5_digest(self._state.get(), + bfr) + if result: + raise ValueError("Error %d while instantiating MD5" + % result) + + return get_raw_buffer(bfr) + + def hexdigest(self): + """Return the **printable** digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def copy(self): + """Return a copy ("clone") of the hash object. + + The copy will have the same internal state as the original hash + object. + This can be used to efficiently compute the digests of strings that + share a common initial substring. + + :return: A hash object of the same type + """ + + clone = MD5Hash() + result = _raw_md5_lib.MD5_copy(self._state.get(), + clone._state.get()) + if result: + raise ValueError("Error %d while copying MD5" % result) + return clone + + def new(self, data=None): + """Create a fresh SHA-1 hash object.""" + + return MD5Hash(data) + + +def new(data=None): + """Create a new hash object. + + :parameter data: + Optional. The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`MD5Hash.update`. + :type data: byte string/byte array/memoryview + + :Return: A :class:`MD5Hash` hash object + """ + return MD5Hash().new(data) + +# The size of the resulting hash in bytes. +digest_size = 16 + +# The internal block size of the hash algorithm in bytes. +block_size = 64 + + +def _pbkdf2_hmac_assist(inner, outer, first_digest, iterations): + """Compute the expensive inner loop in PBKDF-HMAC.""" + + assert len(first_digest) == digest_size + assert iterations > 0 + + bfr = create_string_buffer(digest_size); + result = _raw_md5_lib.MD5_pbkdf2_hmac_assist( + inner._state.get(), + outer._state.get(), + first_digest, + bfr, + c_size_t(iterations)) + + if result: + raise ValueError("Error %d with PBKDF2-HMAC assis for MD5" % result) + + return get_raw_buffer(bfr) diff --git a/frozen_deps/Cryptodome/Hash/MD5.pyi b/frozen_deps/Cryptodome/Hash/MD5.pyi new file mode 100644 index 0000000..d819556 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/MD5.pyi @@ -0,0 +1,19 @@ +from typing import Union + +Buffer = Union[bytes, bytearray, memoryview] + +class MD5Hash(object): + digest_size: int + block_size: int + oid: str + + def __init__(self, data: Buffer = ...) -> None: ... + def update(self, data: Buffer) -> None: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def copy(self) -> MD5Hash: ... + def new(self, data: Buffer = ...) -> MD5Hash: ... + +def new(data: Buffer = ...) -> MD5Hash: ... +digest_size: int +block_size: int diff --git a/frozen_deps/Cryptodome/Hash/Poly1305.py b/frozen_deps/Cryptodome/Hash/Poly1305.py new file mode 100644 index 0000000..c03f522 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/Poly1305.py @@ -0,0 +1,217 @@ +# -*- coding: utf-8 -*- +# +# Hash/Poly1305.py - Implements the Poly1305 MAC +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +from binascii import unhexlify + +from Cryptodome.Util.py3compat import bord, tobytes, _copy_bytes + +from Cryptodome.Hash import BLAKE2s +from Cryptodome.Random import get_random_bytes +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + + +_raw_poly1305 = load_pycryptodome_raw_lib("Cryptodome.Hash._poly1305", + """ + int poly1305_init(void **state, + const uint8_t *r, + size_t r_len, + const uint8_t *s, + size_t s_len); + int poly1305_destroy(void *state); + int poly1305_update(void *state, + const uint8_t *in, + size_t len); + int poly1305_digest(const void *state, + uint8_t *digest, + size_t len); + """) + + +class Poly1305_MAC(object): + """An Poly1305 MAC object. + Do not instantiate directly. Use the :func:`new` function. + + :ivar digest_size: the size in bytes of the resulting MAC tag + :vartype digest_size: integer + """ + + digest_size = 16 + + def __init__(self, r, s, data): + + if len(r) != 16: + raise ValueError("Parameter r is not 16 bytes long") + if len(s) != 16: + raise ValueError("Parameter s is not 16 bytes long") + + self._mac_tag = None + + state = VoidPointer() + result = _raw_poly1305.poly1305_init(state.address_of(), + c_uint8_ptr(r), + c_size_t(len(r)), + c_uint8_ptr(s), + c_size_t(len(s)) + ) + if result: + raise ValueError("Error %d while instantiating Poly1305" % result) + self._state = SmartPointer(state.get(), + _raw_poly1305.poly1305_destroy) + if data: + self.update(data) + + def update(self, data): + """Authenticate the next chunk of message. + + Args: + data (byte string/byte array/memoryview): The next chunk of data + """ + + if self._mac_tag: + raise TypeError("You can only call 'digest' or 'hexdigest' on this object") + + result = _raw_poly1305.poly1305_update(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while hashing Poly1305 data" % result) + return self + + def copy(self): + raise NotImplementedError() + + def digest(self): + """Return the **binary** (non-printable) MAC tag of the message + authenticated so far. + + :return: The MAC tag digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + if self._mac_tag: + return self._mac_tag + + bfr = create_string_buffer(16) + result = _raw_poly1305.poly1305_digest(self._state.get(), + bfr, + c_size_t(len(bfr))) + if result: + raise ValueError("Error %d while creating Poly1305 digest" % result) + + self._mac_tag = get_raw_buffer(bfr) + return self._mac_tag + + def hexdigest(self): + """Return the **printable** MAC tag of the message authenticated so far. + + :return: The MAC tag, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) + for x in tuple(self.digest())]) + + def verify(self, mac_tag): + """Verify that a given **binary** MAC (computed by another party) + is valid. + + Args: + mac_tag (byte string/byte string/memoryview): the expected MAC of the message. + + Raises: + ValueError: if the MAC does not match. It means that the message + has been tampered with or that the MAC key is incorrect. + """ + + secret = get_random_bytes(16) + + mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=mac_tag) + mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=self.digest()) + + if mac1.digest() != mac2.digest(): + raise ValueError("MAC check failed") + + def hexverify(self, hex_mac_tag): + """Verify that a given **printable** MAC (computed by another party) + is valid. + + Args: + hex_mac_tag (string): the expected MAC of the message, + as a hexadecimal string. + + Raises: + ValueError: if the MAC does not match. It means that the message + has been tampered with or that the MAC key is incorrect. + """ + + self.verify(unhexlify(tobytes(hex_mac_tag))) + + + +def new(**kwargs): + """Create a new Poly1305 MAC object. + + Args: + key (bytes/bytearray/memoryview): + The 32-byte key for the Poly1305 object. + cipher (module from ``Cryptodome.Cipher``): + The cipher algorithm to use for deriving the Poly1305 + key pair *(r, s)*. + It can only be ``Cryptodome.Cipher.AES`` or ``Cryptodome.Cipher.ChaCha20``. + nonce (bytes/bytearray/memoryview): + Optional. The non-repeatable value to use for the MAC of this message. + It must be 16 bytes long for ``AES`` and 8 or 12 bytes for ``ChaCha20``. + If not passed, a random nonce is created; you will find it in the + ``nonce`` attribute of the new object. + data (bytes/bytearray/memoryview): + Optional. The very first chunk of the message to authenticate. + It is equivalent to an early call to ``update()``. + + Returns: + A :class:`Poly1305_MAC` object + """ + + cipher = kwargs.pop("cipher", None) + if not hasattr(cipher, '_derive_Poly1305_key_pair'): + raise ValueError("Parameter 'cipher' must be AES or ChaCha20") + + cipher_key = kwargs.pop("key", None) + if cipher_key is None: + raise TypeError("You must pass a parameter 'key'") + + nonce = kwargs.pop("nonce", None) + data = kwargs.pop("data", None) + + if kwargs: + raise TypeError("Unknown parameters: " + str(kwargs)) + + r, s, nonce = cipher._derive_Poly1305_key_pair(cipher_key, nonce) + + new_mac = Poly1305_MAC(r, s, data) + new_mac.nonce = _copy_bytes(None, None, nonce) # nonce may still be just a memoryview + return new_mac diff --git a/frozen_deps/Cryptodome/Hash/Poly1305.pyi b/frozen_deps/Cryptodome/Hash/Poly1305.pyi new file mode 100644 index 0000000..f97a14a --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/Poly1305.pyi @@ -0,0 +1,24 @@ +from types import ModuleType +from typing import Union + +Buffer = Union[bytes, bytearray, memoryview] + +class Poly1305_MAC(object): + block_size: int + digest_size: int + oid: str + + def __init__(self, + r : int, + s : int, + data : Buffer) -> None: ... + def update(self, data: Buffer) -> Poly1305_MAC: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def verify(self, mac_tag: Buffer) -> None: ... + def hexverify(self, hex_mac_tag: str) -> None: ... + +def new(key: Buffer, + cipher: ModuleType, + nonce: Buffer = ..., + data: Buffer = ...) -> Poly1305_MAC: ... diff --git a/frozen_deps/Crypto/Util/__init__.py b/frozen_deps/Cryptodome/Hash/RIPEMD.py index a3bef8a..35ad576 100644 --- a/frozen_deps/Crypto/Util/__init__.py +++ b/frozen_deps/Cryptodome/Hash/RIPEMD.py @@ -18,20 +18,9 @@ # SOFTWARE. # =================================================================== -"""Miscellaneous modules +# This file exists for backward compatibility with old code that refers to +# Cryptodome.Hash.RIPEMD -Contains useful modules that don't belong into any of the -other Crypto.* subpackages. - -Crypto.Util.number Number-theoretic functions (primality testing, etc.) -Crypto.Util.randpool Random number generation -Crypto.Util.RFC1751 Converts between 128-bit keys and human-readable - strings of words. -Crypto.Util.asn1 Minimal support for ASN.1 DER encoding - -""" - -__all__ = ['randpool', 'RFC1751', 'number', 'strxor', 'asn1' ] - -__revision__ = "$Id$" +"""Deprecated alias for `Cryptodome.Hash.RIPEMD160`""" +from Cryptodome.Hash.RIPEMD160 import new, block_size, digest_size diff --git a/frozen_deps/Cryptodome/Hash/RIPEMD.pyi b/frozen_deps/Cryptodome/Hash/RIPEMD.pyi new file mode 100644 index 0000000..cfb2252 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/RIPEMD.pyi @@ -0,0 +1,3 @@ +# This file exists for backward compatibility with old code that refers to +# Cryptodome.Hash.SHA + diff --git a/frozen_deps/Cryptodome/Hash/RIPEMD160.py b/frozen_deps/Cryptodome/Hash/RIPEMD160.py new file mode 100644 index 0000000..f959027 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/RIPEMD160.py @@ -0,0 +1,169 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from Cryptodome.Util.py3compat import bord + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +_raw_ripemd160_lib = load_pycryptodome_raw_lib( + "Cryptodome.Hash._RIPEMD160", + """ + int ripemd160_init(void **shaState); + int ripemd160_destroy(void *shaState); + int ripemd160_update(void *hs, + const uint8_t *buf, + size_t len); + int ripemd160_digest(const void *shaState, + uint8_t digest[20]); + int ripemd160_copy(const void *src, void *dst); + """) + + +class RIPEMD160Hash(object): + """A RIPEMD-160 hash object. + Do not instantiate directly. + Use the :func:`new` function. + + :ivar oid: ASN.1 Object ID + :vartype oid: string + + :ivar block_size: the size in bytes of the internal message block, + input to the compression function + :vartype block_size: integer + + :ivar digest_size: the size in bytes of the resulting hash + :vartype digest_size: integer + """ + + # The size of the resulting hash in bytes. + digest_size = 20 + # The internal block size of the hash algorithm in bytes. + block_size = 64 + # ASN.1 Object ID + oid = "1.3.36.3.2.1" + + def __init__(self, data=None): + state = VoidPointer() + result = _raw_ripemd160_lib.ripemd160_init(state.address_of()) + if result: + raise ValueError("Error %d while instantiating RIPEMD160" + % result) + self._state = SmartPointer(state.get(), + _raw_ripemd160_lib.ripemd160_destroy) + if data: + self.update(data) + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (byte string/byte array/memoryview): The next chunk of the message being hashed. + """ + + result = _raw_ripemd160_lib.ripemd160_update(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while instantiating ripemd160" + % result) + + def digest(self): + """Return the **binary** (non-printable) digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + bfr = create_string_buffer(self.digest_size) + result = _raw_ripemd160_lib.ripemd160_digest(self._state.get(), + bfr) + if result: + raise ValueError("Error %d while instantiating ripemd160" + % result) + + return get_raw_buffer(bfr) + + def hexdigest(self): + """Return the **printable** digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def copy(self): + """Return a copy ("clone") of the hash object. + + The copy will have the same internal state as the original hash + object. + This can be used to efficiently compute the digests of strings that + share a common initial substring. + + :return: A hash object of the same type + """ + + clone = RIPEMD160Hash() + result = _raw_ripemd160_lib.ripemd160_copy(self._state.get(), + clone._state.get()) + if result: + raise ValueError("Error %d while copying ripemd160" % result) + return clone + + def new(self, data=None): + """Create a fresh RIPEMD-160 hash object.""" + + return RIPEMD160Hash(data) + + +def new(data=None): + """Create a new hash object. + + :parameter data: + Optional. The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`RIPEMD160Hash.update`. + :type data: byte string/byte array/memoryview + + :Return: A :class:`RIPEMD160Hash` hash object + """ + + return RIPEMD160Hash().new(data) + +# The size of the resulting hash in bytes. +digest_size = RIPEMD160Hash.digest_size + +# The internal block size of the hash algorithm in bytes. +block_size = RIPEMD160Hash.block_size diff --git a/frozen_deps/Cryptodome/Hash/RIPEMD160.pyi b/frozen_deps/Cryptodome/Hash/RIPEMD160.pyi new file mode 100644 index 0000000..b619473 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/RIPEMD160.pyi @@ -0,0 +1,19 @@ +from typing import Union + +Buffer = Union[bytes, bytearray, memoryview] + +class RIPEMD160Hash(object): + digest_size: int + block_size: int + oid: str + + def __init__(self, data: Buffer = ...) -> None: ... + def update(self, data: Buffer) -> None: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def copy(self) -> RIPEMD160Hash: ... + def new(self, data: Buffer = ...) -> RIPEMD160Hash: ... + +def new(data: Buffer = ...) -> RIPEMD160Hash: ... +digest_size: int +block_size: int diff --git a/frozen_deps/Crypto/Signature/__init__.py b/frozen_deps/Cryptodome/Hash/SHA.py index ed523b4..95f8745 100644 --- a/frozen_deps/Crypto/Signature/__init__.py +++ b/frozen_deps/Cryptodome/Hash/SHA.py @@ -18,14 +18,7 @@ # SOFTWARE. # =================================================================== -"""Digital signature protocols - -A collection of standardized protocols to carry out digital signatures. - -:undocumented: __revision__, __package__ -""" - -__all__ = [ 'PKCS1_v1_5', 'PKCS1_PSS' ] -__revision__ = "$Id$" - +# This file exists for backward compatibility with old code that refers to +# Cryptodome.Hash.SHA +from Cryptodome.Hash.SHA1 import __doc__, new, block_size, digest_size diff --git a/frozen_deps/Cryptodome/Hash/SHA.pyi b/frozen_deps/Cryptodome/Hash/SHA.pyi new file mode 100644 index 0000000..7d01a5f --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA.pyi @@ -0,0 +1,4 @@ +# This file exists for backward compatibility with old code that refers to +# Cryptodome.Hash.SHA + +from Cryptodome.Hash.SHA1 import __doc__, new, block_size, digest_size diff --git a/frozen_deps/Cryptodome/Hash/SHA1.py b/frozen_deps/Cryptodome/Hash/SHA1.py new file mode 100644 index 0000000..dea51bc --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA1.py @@ -0,0 +1,185 @@ +# -*- coding: utf-8 -*- +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +from Cryptodome.Util.py3compat import * + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +_raw_sha1_lib = load_pycryptodome_raw_lib("Cryptodome.Hash._SHA1", + """ + #define SHA1_DIGEST_SIZE 20 + + int SHA1_init(void **shaState); + int SHA1_destroy(void *shaState); + int SHA1_update(void *hs, + const uint8_t *buf, + size_t len); + int SHA1_digest(const void *shaState, + uint8_t digest[SHA1_DIGEST_SIZE]); + int SHA1_copy(const void *src, void *dst); + + int SHA1_pbkdf2_hmac_assist(const void *inner, + const void *outer, + const uint8_t first_digest[SHA1_DIGEST_SIZE], + uint8_t final_digest[SHA1_DIGEST_SIZE], + size_t iterations); + """) + +class SHA1Hash(object): + """A SHA-1 hash object. + Do not instantiate directly. + Use the :func:`new` function. + + :ivar oid: ASN.1 Object ID + :vartype oid: string + + :ivar block_size: the size in bytes of the internal message block, + input to the compression function + :vartype block_size: integer + + :ivar digest_size: the size in bytes of the resulting hash + :vartype digest_size: integer + """ + + # The size of the resulting hash in bytes. + digest_size = 20 + # The internal block size of the hash algorithm in bytes. + block_size = 64 + # ASN.1 Object ID + oid = "1.3.14.3.2.26" + + def __init__(self, data=None): + state = VoidPointer() + result = _raw_sha1_lib.SHA1_init(state.address_of()) + if result: + raise ValueError("Error %d while instantiating SHA1" + % result) + self._state = SmartPointer(state.get(), + _raw_sha1_lib.SHA1_destroy) + if data: + self.update(data) + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (byte string/byte array/memoryview): The next chunk of the message being hashed. + """ + + result = _raw_sha1_lib.SHA1_update(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while instantiating SHA1" + % result) + + def digest(self): + """Return the **binary** (non-printable) digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + bfr = create_string_buffer(self.digest_size) + result = _raw_sha1_lib.SHA1_digest(self._state.get(), + bfr) + if result: + raise ValueError("Error %d while instantiating SHA1" + % result) + + return get_raw_buffer(bfr) + + def hexdigest(self): + """Return the **printable** digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def copy(self): + """Return a copy ("clone") of the hash object. + + The copy will have the same internal state as the original hash + object. + This can be used to efficiently compute the digests of strings that + share a common initial substring. + + :return: A hash object of the same type + """ + + clone = SHA1Hash() + result = _raw_sha1_lib.SHA1_copy(self._state.get(), + clone._state.get()) + if result: + raise ValueError("Error %d while copying SHA1" % result) + return clone + + def new(self, data=None): + """Create a fresh SHA-1 hash object.""" + + return SHA1Hash(data) + + +def new(data=None): + """Create a new hash object. + + :parameter data: + Optional. The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`SHA1Hash.update`. + :type data: byte string/byte array/memoryview + + :Return: A :class:`SHA1Hash` hash object + """ + return SHA1Hash().new(data) + + +# The size of the resulting hash in bytes. +digest_size = SHA1Hash.digest_size + +# The internal block size of the hash algorithm in bytes. +block_size = SHA1Hash.block_size + + +def _pbkdf2_hmac_assist(inner, outer, first_digest, iterations): + """Compute the expensive inner loop in PBKDF-HMAC.""" + + assert len(first_digest) == digest_size + assert iterations > 0 + + bfr = create_string_buffer(digest_size); + result = _raw_sha1_lib.SHA1_pbkdf2_hmac_assist( + inner._state.get(), + outer._state.get(), + first_digest, + bfr, + c_size_t(iterations)) + + if result: + raise ValueError("Error %d with PBKDF2-HMAC assis for SHA1" % result) + + return get_raw_buffer(bfr) diff --git a/frozen_deps/Cryptodome/Hash/SHA1.pyi b/frozen_deps/Cryptodome/Hash/SHA1.pyi new file mode 100644 index 0000000..d6c8e25 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA1.pyi @@ -0,0 +1,19 @@ +from typing import Union, Optional + +Buffer = Union[bytes, bytearray, memoryview] + +class SHA1Hash(object): + digest_size: int + block_size: int + oid: str + + def __init__(self, data: Optional[Buffer] = ...) -> None: ... + def update(self, data: Buffer) -> None: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def copy(self) -> SHA1Hash: ... + def new(self, data: Optional[Buffer] = ...) -> SHA1Hash: ... + +def new(data: Optional[Buffer] = ...) -> SHA1Hash: ... +digest_size: int +block_size: int diff --git a/frozen_deps/Cryptodome/Hash/SHA224.py b/frozen_deps/Cryptodome/Hash/SHA224.py new file mode 100644 index 0000000..fca7622 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA224.py @@ -0,0 +1,186 @@ +# -*- coding: utf-8 -*- +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +from Cryptodome.Util.py3compat import bord + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +_raw_sha224_lib = load_pycryptodome_raw_lib("Cryptodome.Hash._SHA224", + """ + int SHA224_init(void **shaState); + int SHA224_destroy(void *shaState); + int SHA224_update(void *hs, + const uint8_t *buf, + size_t len); + int SHA224_digest(const void *shaState, + uint8_t *digest, + size_t digest_size); + int SHA224_copy(const void *src, void *dst); + + int SHA224_pbkdf2_hmac_assist(const void *inner, + const void *outer, + const uint8_t *first_digest, + uint8_t *final_digest, + size_t iterations, + size_t digest_size); + """) + +class SHA224Hash(object): + """A SHA-224 hash object. + Do not instantiate directly. + Use the :func:`new` function. + + :ivar oid: ASN.1 Object ID + :vartype oid: string + + :ivar block_size: the size in bytes of the internal message block, + input to the compression function + :vartype block_size: integer + + :ivar digest_size: the size in bytes of the resulting hash + :vartype digest_size: integer + """ + + # The size of the resulting hash in bytes. + digest_size = 28 + # The internal block size of the hash algorithm in bytes. + block_size = 64 + # ASN.1 Object ID + oid = '2.16.840.1.101.3.4.2.4' + + def __init__(self, data=None): + state = VoidPointer() + result = _raw_sha224_lib.SHA224_init(state.address_of()) + if result: + raise ValueError("Error %d while instantiating SHA224" + % result) + self._state = SmartPointer(state.get(), + _raw_sha224_lib.SHA224_destroy) + if data: + self.update(data) + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (byte string/byte array/memoryview): The next chunk of the message being hashed. + """ + + result = _raw_sha224_lib.SHA224_update(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while hashing data with SHA224" + % result) + + def digest(self): + """Return the **binary** (non-printable) digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + bfr = create_string_buffer(self.digest_size) + result = _raw_sha224_lib.SHA224_digest(self._state.get(), + bfr, + c_size_t(self.digest_size)) + if result: + raise ValueError("Error %d while making SHA224 digest" + % result) + + return get_raw_buffer(bfr) + + def hexdigest(self): + """Return the **printable** digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def copy(self): + """Return a copy ("clone") of the hash object. + + The copy will have the same internal state as the original hash + object. + This can be used to efficiently compute the digests of strings that + share a common initial substring. + + :return: A hash object of the same type + """ + + clone = SHA224Hash() + result = _raw_sha224_lib.SHA224_copy(self._state.get(), + clone._state.get()) + if result: + raise ValueError("Error %d while copying SHA224" % result) + return clone + + def new(self, data=None): + """Create a fresh SHA-224 hash object.""" + + return SHA224Hash(data) + + +def new(data=None): + """Create a new hash object. + + :parameter data: + Optional. The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`SHA224Hash.update`. + :type data: byte string/byte array/memoryview + + :Return: A :class:`SHA224Hash` hash object + """ + return SHA224Hash().new(data) + + +# The size of the resulting hash in bytes. +digest_size = SHA224Hash.digest_size + +# The internal block size of the hash algorithm in bytes. +block_size = SHA224Hash.block_size + + +def _pbkdf2_hmac_assist(inner, outer, first_digest, iterations): + """Compute the expensive inner loop in PBKDF-HMAC.""" + + assert iterations > 0 + + bfr = create_string_buffer(len(first_digest)); + result = _raw_sha224_lib.SHA224_pbkdf2_hmac_assist( + inner._state.get(), + outer._state.get(), + first_digest, + bfr, + c_size_t(iterations), + c_size_t(len(first_digest))) + + if result: + raise ValueError("Error %d with PBKDF2-HMAC assist for SHA224" % result) + + return get_raw_buffer(bfr) diff --git a/frozen_deps/Cryptodome/Hash/SHA224.pyi b/frozen_deps/Cryptodome/Hash/SHA224.pyi new file mode 100644 index 0000000..613a7f9 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA224.pyi @@ -0,0 +1,19 @@ +from typing import Union, Optional + +Buffer = Union[bytes, bytearray, memoryview] + +class SHA224Hash(object): + digest_size: int + block_size: int + oid: str + + def __init__(self, data: Optional[Buffer] = ...) -> None: ... + def update(self, data: Buffer) -> None: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def copy(self) -> SHA224Hash: ... + def new(self, data: Optional[Buffer] = ...) -> SHA224Hash: ... + +def new(data: Optional[Buffer] = ...) -> SHA224Hash: ... +digest_size: int +block_size: int diff --git a/frozen_deps/Cryptodome/Hash/SHA256.py b/frozen_deps/Cryptodome/Hash/SHA256.py new file mode 100644 index 0000000..c1a81b1 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA256.py @@ -0,0 +1,185 @@ +# -*- coding: utf-8 -*- +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +from Cryptodome.Util.py3compat import bord + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +_raw_sha256_lib = load_pycryptodome_raw_lib("Cryptodome.Hash._SHA256", + """ + int SHA256_init(void **shaState); + int SHA256_destroy(void *shaState); + int SHA256_update(void *hs, + const uint8_t *buf, + size_t len); + int SHA256_digest(const void *shaState, + uint8_t *digest, + size_t digest_size); + int SHA256_copy(const void *src, void *dst); + + int SHA256_pbkdf2_hmac_assist(const void *inner, + const void *outer, + const uint8_t *first_digest, + uint8_t *final_digest, + size_t iterations, + size_t digest_size); + """) + +class SHA256Hash(object): + """A SHA-256 hash object. + Do not instantiate directly. Use the :func:`new` function. + + :ivar oid: ASN.1 Object ID + :vartype oid: string + + :ivar block_size: the size in bytes of the internal message block, + input to the compression function + :vartype block_size: integer + + :ivar digest_size: the size in bytes of the resulting hash + :vartype digest_size: integer + """ + + # The size of the resulting hash in bytes. + digest_size = 32 + # The internal block size of the hash algorithm in bytes. + block_size = 64 + # ASN.1 Object ID + oid = "2.16.840.1.101.3.4.2.1" + + def __init__(self, data=None): + state = VoidPointer() + result = _raw_sha256_lib.SHA256_init(state.address_of()) + if result: + raise ValueError("Error %d while instantiating SHA256" + % result) + self._state = SmartPointer(state.get(), + _raw_sha256_lib.SHA256_destroy) + if data: + self.update(data) + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (byte string/byte array/memoryview): The next chunk of the message being hashed. + """ + + result = _raw_sha256_lib.SHA256_update(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while hashing data with SHA256" + % result) + + def digest(self): + """Return the **binary** (non-printable) digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + bfr = create_string_buffer(self.digest_size) + result = _raw_sha256_lib.SHA256_digest(self._state.get(), + bfr, + c_size_t(self.digest_size)) + if result: + raise ValueError("Error %d while making SHA256 digest" + % result) + + return get_raw_buffer(bfr) + + def hexdigest(self): + """Return the **printable** digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def copy(self): + """Return a copy ("clone") of the hash object. + + The copy will have the same internal state as the original hash + object. + This can be used to efficiently compute the digests of strings that + share a common initial substring. + + :return: A hash object of the same type + """ + + clone = SHA256Hash() + result = _raw_sha256_lib.SHA256_copy(self._state.get(), + clone._state.get()) + if result: + raise ValueError("Error %d while copying SHA256" % result) + return clone + + def new(self, data=None): + """Create a fresh SHA-256 hash object.""" + + return SHA256Hash(data) + +def new(data=None): + """Create a new hash object. + + :parameter data: + Optional. The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`SHA256Hash.update`. + :type data: byte string/byte array/memoryview + + :Return: A :class:`SHA256Hash` hash object + """ + + return SHA256Hash().new(data) + + +# The size of the resulting hash in bytes. +digest_size = SHA256Hash.digest_size + +# The internal block size of the hash algorithm in bytes. +block_size = SHA256Hash.block_size + + +def _pbkdf2_hmac_assist(inner, outer, first_digest, iterations): + """Compute the expensive inner loop in PBKDF-HMAC.""" + + assert iterations > 0 + + bfr = create_string_buffer(len(first_digest)); + result = _raw_sha256_lib.SHA256_pbkdf2_hmac_assist( + inner._state.get(), + outer._state.get(), + first_digest, + bfr, + c_size_t(iterations), + c_size_t(len(first_digest))) + + if result: + raise ValueError("Error %d with PBKDF2-HMAC assist for SHA256" % result) + + return get_raw_buffer(bfr) diff --git a/frozen_deps/Cryptodome/Hash/SHA256.pyi b/frozen_deps/Cryptodome/Hash/SHA256.pyi new file mode 100644 index 0000000..cbf21bf --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA256.pyi @@ -0,0 +1,18 @@ +from typing import Union, Optional + + +class SHA256Hash(object): + digest_size: int + block_size: int + oid: str + def __init__(self, data: Optional[Union[bytes, bytearray, memoryview]]=None) -> None: ... + def update(self, data: Union[bytes, bytearray, memoryview]) -> None: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def copy(self) -> SHA256Hash: ... + def new(self, data: Optional[Union[bytes, bytearray, memoryview]]=None) -> SHA256Hash: ... + +def new(data: Optional[Union[bytes, bytearray, memoryview]]=None) -> SHA256Hash: ... + +digest_size: int +block_size: int diff --git a/frozen_deps/Cryptodome/Hash/SHA384.py b/frozen_deps/Cryptodome/Hash/SHA384.py new file mode 100644 index 0000000..711aa73 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA384.py @@ -0,0 +1,186 @@ +# -*- coding: utf-8 -*- +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +from Cryptodome.Util.py3compat import bord + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +_raw_sha384_lib = load_pycryptodome_raw_lib("Cryptodome.Hash._SHA384", + """ + int SHA384_init(void **shaState); + int SHA384_destroy(void *shaState); + int SHA384_update(void *hs, + const uint8_t *buf, + size_t len); + int SHA384_digest(const void *shaState, + uint8_t *digest, + size_t digest_size); + int SHA384_copy(const void *src, void *dst); + + int SHA384_pbkdf2_hmac_assist(const void *inner, + const void *outer, + const uint8_t *first_digest, + uint8_t *final_digest, + size_t iterations, + size_t digest_size); + """) + +class SHA384Hash(object): + """A SHA-384 hash object. + Do not instantiate directly. Use the :func:`new` function. + + :ivar oid: ASN.1 Object ID + :vartype oid: string + + :ivar block_size: the size in bytes of the internal message block, + input to the compression function + :vartype block_size: integer + + :ivar digest_size: the size in bytes of the resulting hash + :vartype digest_size: integer + """ + + # The size of the resulting hash in bytes. + digest_size = 48 + # The internal block size of the hash algorithm in bytes. + block_size = 128 + # ASN.1 Object ID + oid = '2.16.840.1.101.3.4.2.2' + + def __init__(self, data=None): + state = VoidPointer() + result = _raw_sha384_lib.SHA384_init(state.address_of()) + if result: + raise ValueError("Error %d while instantiating SHA384" + % result) + self._state = SmartPointer(state.get(), + _raw_sha384_lib.SHA384_destroy) + if data: + self.update(data) + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (byte string/byte array/memoryview): The next chunk of the message being hashed. + """ + + result = _raw_sha384_lib.SHA384_update(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while hashing data with SHA384" + % result) + + def digest(self): + """Return the **binary** (non-printable) digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + bfr = create_string_buffer(self.digest_size) + result = _raw_sha384_lib.SHA384_digest(self._state.get(), + bfr, + c_size_t(self.digest_size)) + if result: + raise ValueError("Error %d while making SHA384 digest" + % result) + + return get_raw_buffer(bfr) + + def hexdigest(self): + """Return the **printable** digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def copy(self): + """Return a copy ("clone") of the hash object. + + The copy will have the same internal state as the original hash + object. + This can be used to efficiently compute the digests of strings that + share a common initial substring. + + :return: A hash object of the same type + """ + + clone = SHA384Hash() + result = _raw_sha384_lib.SHA384_copy(self._state.get(), + clone._state.get()) + if result: + raise ValueError("Error %d while copying SHA384" % result) + return clone + + def new(self, data=None): + """Create a fresh SHA-384 hash object.""" + + return SHA384Hash(data) + + +def new(data=None): + """Create a new hash object. + + :parameter data: + Optional. The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`SHA384Hash.update`. + :type data: byte string/byte array/memoryview + + :Return: A :class:`SHA384Hash` hash object + """ + + return SHA384Hash().new(data) + + +# The size of the resulting hash in bytes. +digest_size = SHA384Hash.digest_size + +# The internal block size of the hash algorithm in bytes. +block_size = SHA384Hash.block_size + + +def _pbkdf2_hmac_assist(inner, outer, first_digest, iterations): + """Compute the expensive inner loop in PBKDF-HMAC.""" + + assert iterations > 0 + + bfr = create_string_buffer(len(first_digest)); + result = _raw_sha384_lib.SHA384_pbkdf2_hmac_assist( + inner._state.get(), + outer._state.get(), + first_digest, + bfr, + c_size_t(iterations), + c_size_t(len(first_digest))) + + if result: + raise ValueError("Error %d with PBKDF2-HMAC assist for SHA384" % result) + + return get_raw_buffer(bfr) diff --git a/frozen_deps/Cryptodome/Hash/SHA384.pyi b/frozen_deps/Cryptodome/Hash/SHA384.pyi new file mode 100644 index 0000000..c2aab9e --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA384.pyi @@ -0,0 +1,19 @@ +from typing import Union, Optional + +Buffer = Union[bytes, bytearray, memoryview] + +class SHA384Hash(object): + digest_size: int + block_size: int + oid: str + + def __init__(self, data: Optional[Buffer] = ...) -> None: ... + def update(self, data: Buffer) -> None: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def copy(self) -> SHA384Hash: ... + def new(self, data: Optional[Buffer] = ...) -> SHA384Hash: ... + +def new(data: Optional[Buffer] = ...) -> SHA384Hash: ... +digest_size: int +block_size: int diff --git a/frozen_deps/Cryptodome/Hash/SHA3_224.py b/frozen_deps/Cryptodome/Hash/SHA3_224.py new file mode 100644 index 0000000..3196bd6 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA3_224.py @@ -0,0 +1,147 @@ +# -*- coding: utf-8 -*- +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +from Cryptodome.Util.py3compat import bord + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +from Cryptodome.Hash.keccak import _raw_keccak_lib + +class SHA3_224_Hash(object): + """A SHA3-224 hash object. + Do not instantiate directly. + Use the :func:`new` function. + + :ivar oid: ASN.1 Object ID + :vartype oid: string + + :ivar digest_size: the size in bytes of the resulting hash + :vartype digest_size: integer + """ + + # The size of the resulting hash in bytes. + digest_size = 28 + + # ASN.1 Object ID + oid = "2.16.840.1.101.3.4.2.7" + + def __init__(self, data, update_after_digest): + self._update_after_digest = update_after_digest + self._digest_done = False + + state = VoidPointer() + result = _raw_keccak_lib.keccak_init(state.address_of(), + c_size_t(self.digest_size * 2), + 0x06) + if result: + raise ValueError("Error %d while instantiating SHA-3/224" + % result) + self._state = SmartPointer(state.get(), + _raw_keccak_lib.keccak_destroy) + if data: + self.update(data) + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (byte string/byte array/memoryview): The next chunk of the message being hashed. + """ + + if self._digest_done and not self._update_after_digest: + raise TypeError("You can only call 'digest' or 'hexdigest' on this object") + + result = _raw_keccak_lib.keccak_absorb(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while updating SHA-3/224" + % result) + return self + + def digest(self): + """Return the **binary** (non-printable) digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + self._digest_done = True + + bfr = create_string_buffer(self.digest_size) + result = _raw_keccak_lib.keccak_digest(self._state.get(), + bfr, + c_size_t(self.digest_size)) + if result: + raise ValueError("Error %d while instantiating SHA-3/224" + % result) + + self._digest_value = get_raw_buffer(bfr) + return self._digest_value + + def hexdigest(self): + """Return the **printable** digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def new(self): + """Create a fresh SHA3-224 hash object.""" + + return type(self)(None, self._update_after_digest) + + +def new(*args, **kwargs): + """Create a new hash object. + + Args: + data (byte string/byte array/memoryview): + The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`update`. + update_after_digest (boolean): + Whether :meth:`digest` can be followed by another :meth:`update` + (default: ``False``). + + :Return: A :class:`SHA3_224_Hash` hash object + """ + + data = kwargs.pop("data", None) + update_after_digest = kwargs.pop("update_after_digest", False) + if len(args) == 1: + if data: + raise ValueError("Initial data for hash specified twice") + data = args[0] + + if kwargs: + raise TypeError("Unknown parameters: " + str(kwargs)) + + return SHA3_224_Hash(data, update_after_digest) + +# The size of the resulting hash in bytes. +digest_size = SHA3_224_Hash.digest_size diff --git a/frozen_deps/Cryptodome/Hash/SHA3_224.pyi b/frozen_deps/Cryptodome/Hash/SHA3_224.pyi new file mode 100644 index 0000000..3437042 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA3_224.pyi @@ -0,0 +1,16 @@ +from typing import Union, Optional + +Buffer = Union[bytes, bytearray, memoryview] + +class SHA3_224_Hash(object): + digest_size: int + oid: str + def __init__(self, data: Optional[Buffer], update_after_digest: bool) -> None: ... + def update(self, data: Buffer) -> SHA3_224_Hash: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def new(self) -> SHA3_224_Hash: ... + +def new(__data: Buffer = ..., update_after_digest: bool = ...) -> SHA3_224_Hash: ... + +digest_size: int diff --git a/frozen_deps/Cryptodome/Hash/SHA3_256.py b/frozen_deps/Cryptodome/Hash/SHA3_256.py new file mode 100644 index 0000000..89e3b42 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA3_256.py @@ -0,0 +1,147 @@ +# -*- coding: utf-8 -*- +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +from Cryptodome.Util.py3compat import bord + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +from Cryptodome.Hash.keccak import _raw_keccak_lib + +class SHA3_256_Hash(object): + """A SHA3-256 hash object. + Do not instantiate directly. + Use the :func:`new` function. + + :ivar oid: ASN.1 Object ID + :vartype oid: string + + :ivar digest_size: the size in bytes of the resulting hash + :vartype digest_size: integer + """ + + # The size of the resulting hash in bytes. + digest_size = 32 + + # ASN.1 Object ID + oid = "2.16.840.1.101.3.4.2.8" + + def __init__(self, data, update_after_digest): + self._update_after_digest = update_after_digest + self._digest_done = False + + state = VoidPointer() + result = _raw_keccak_lib.keccak_init(state.address_of(), + c_size_t(self.digest_size * 2), + 0x06) + if result: + raise ValueError("Error %d while instantiating SHA-3/256" + % result) + self._state = SmartPointer(state.get(), + _raw_keccak_lib.keccak_destroy) + if data: + self.update(data) + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (byte string/byte array/memoryview): The next chunk of the message being hashed. + """ + + if self._digest_done and not self._update_after_digest: + raise TypeError("You can only call 'digest' or 'hexdigest' on this object") + + result = _raw_keccak_lib.keccak_absorb(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while updating SHA-3/256" + % result) + return self + + def digest(self): + """Return the **binary** (non-printable) digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + self._digest_done = True + + bfr = create_string_buffer(self.digest_size) + result = _raw_keccak_lib.keccak_digest(self._state.get(), + bfr, + c_size_t(self.digest_size)) + if result: + raise ValueError("Error %d while instantiating SHA-3/256" + % result) + + self._digest_value = get_raw_buffer(bfr) + return self._digest_value + + def hexdigest(self): + """Return the **printable** digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def new(self): + """Create a fresh SHA3-256 hash object.""" + + return type(self)(None, self._update_after_digest) + + +def new(*args, **kwargs): + """Create a new hash object. + + Args: + data (byte string/byte array/memoryview): + The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`update`. + update_after_digest (boolean): + Whether :meth:`digest` can be followed by another :meth:`update` + (default: ``False``). + + :Return: A :class:`SHA3_256_Hash` hash object + """ + + data = kwargs.pop("data", None) + update_after_digest = kwargs.pop("update_after_digest", False) + if len(args) == 1: + if data: + raise ValueError("Initial data for hash specified twice") + data = args[0] + + if kwargs: + raise TypeError("Unknown parameters: " + str(kwargs)) + + return SHA3_256_Hash(data, update_after_digest) + +# The size of the resulting hash in bytes. +digest_size = SHA3_256_Hash.digest_size diff --git a/frozen_deps/Cryptodome/Hash/SHA3_256.pyi b/frozen_deps/Cryptodome/Hash/SHA3_256.pyi new file mode 100644 index 0000000..c1a07fa --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA3_256.pyi @@ -0,0 +1,16 @@ +from typing import Union, Optional + +Buffer = Union[bytes, bytearray, memoryview] + +class SHA3_256_Hash(object): + digest_size: int + oid: str + def __init__(self, data: Optional[Buffer], update_after_digest: bool) -> None: ... + def update(self, data: Buffer) -> SHA3_256_Hash: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def new(self) -> SHA3_256_Hash: ... + +def new(__data: Buffer = ..., update_after_digest: bool = ...) -> SHA3_256_Hash: ... + +digest_size: int diff --git a/frozen_deps/Cryptodome/Hash/SHA3_384.py b/frozen_deps/Cryptodome/Hash/SHA3_384.py new file mode 100644 index 0000000..e6baf3f --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA3_384.py @@ -0,0 +1,147 @@ +# -*- coding: utf-8 -*- +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +from Cryptodome.Util.py3compat import bord + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +from Cryptodome.Hash.keccak import _raw_keccak_lib + +class SHA3_384_Hash(object): + """A SHA3-384 hash object. + Do not instantiate directly. + Use the :func:`new` function. + + :ivar oid: ASN.1 Object ID + :vartype oid: string + + :ivar digest_size: the size in bytes of the resulting hash + :vartype digest_size: integer + """ + + # The size of the resulting hash in bytes. + digest_size = 48 + + # ASN.1 Object ID + oid = "2.16.840.1.101.3.4.2.9" + + def __init__(self, data, update_after_digest): + self._update_after_digest = update_after_digest + self._digest_done = False + + state = VoidPointer() + result = _raw_keccak_lib.keccak_init(state.address_of(), + c_size_t(self.digest_size * 2), + 0x06) + if result: + raise ValueError("Error %d while instantiating SHA-3/384" + % result) + self._state = SmartPointer(state.get(), + _raw_keccak_lib.keccak_destroy) + if data: + self.update(data) + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (byte string/byte array/memoryview): The next chunk of the message being hashed. + """ + + if self._digest_done and not self._update_after_digest: + raise TypeError("You can only call 'digest' or 'hexdigest' on this object") + + result = _raw_keccak_lib.keccak_absorb(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while updating SHA-3/384" + % result) + return self + + def digest(self): + """Return the **binary** (non-printable) digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + self._digest_done = True + + bfr = create_string_buffer(self.digest_size) + result = _raw_keccak_lib.keccak_digest(self._state.get(), + bfr, + c_size_t(self.digest_size)) + if result: + raise ValueError("Error %d while instantiating SHA-3/384" + % result) + + self._digest_value = get_raw_buffer(bfr) + return self._digest_value + + def hexdigest(self): + """Return the **printable** digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def new(self): + """Create a fresh SHA3-384 hash object.""" + + return type(self)(None, self._update_after_digest) + + +def new(*args, **kwargs): + """Create a new hash object. + + Args: + data (byte string/byte array/memoryview): + The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`update`. + update_after_digest (boolean): + Whether :meth:`digest` can be followed by another :meth:`update` + (default: ``False``). + + :Return: A :class:`SHA3_384_Hash` hash object + """ + + data = kwargs.pop("data", None) + update_after_digest = kwargs.pop("update_after_digest", False) + if len(args) == 1: + if data: + raise ValueError("Initial data for hash specified twice") + data = args[0] + + if kwargs: + raise TypeError("Unknown parameters: " + str(kwargs)) + + return SHA3_384_Hash(data, update_after_digest) + +# The size of the resulting hash in bytes. +digest_size = SHA3_384_Hash.digest_size diff --git a/frozen_deps/Cryptodome/Hash/SHA3_384.pyi b/frozen_deps/Cryptodome/Hash/SHA3_384.pyi new file mode 100644 index 0000000..d029ab6 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA3_384.pyi @@ -0,0 +1,16 @@ +from typing import Union, Optional + +Buffer = Union[bytes, bytearray, memoryview] + +class SHA3_384_Hash(object): + digest_size: int + oid: str + def __init__(self, data: Optional[Buffer], update_after_digest: bool) -> None: ... + def update(self, data: Buffer) -> SHA3_384_Hash: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def new(self) -> SHA3_384_Hash: ... + +def new(__data: Buffer = ..., update_after_digest: bool = ...) -> SHA3_384_Hash: ... + +digest_size: int diff --git a/frozen_deps/Cryptodome/Hash/SHA3_512.py b/frozen_deps/Cryptodome/Hash/SHA3_512.py new file mode 100644 index 0000000..676ce2f --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA3_512.py @@ -0,0 +1,148 @@ +# -*- coding: utf-8 -*- +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +from Cryptodome.Util.py3compat import bord + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +from Cryptodome.Hash.keccak import _raw_keccak_lib + +class SHA3_512_Hash(object): + """A SHA3-512 hash object. + Do not instantiate directly. + Use the :func:`new` function. + + :ivar oid: ASN.1 Object ID + :vartype oid: string + + :ivar digest_size: the size in bytes of the resulting hash + :vartype digest_size: integer + """ + + # The size of the resulting hash in bytes. + digest_size = 64 + + # ASN.1 Object ID + oid = "2.16.840.1.101.3.4.2.10" + + def __init__(self, data, update_after_digest): + self._update_after_digest = update_after_digest + self._digest_done = False + + state = VoidPointer() + result = _raw_keccak_lib.keccak_init(state.address_of(), + c_size_t(self.digest_size * 2), + 0x06) + if result: + raise ValueError("Error %d while instantiating SHA-3/512" + % result) + self._state = SmartPointer(state.get(), + _raw_keccak_lib.keccak_destroy) + if data: + self.update(data) + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (byte string/byte array/memoryview): The next chunk of the message being hashed. + """ + + if self._digest_done and not self._update_after_digest: + raise TypeError("You can only call 'digest' or 'hexdigest' on this object") + + result = _raw_keccak_lib.keccak_absorb(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while updating SHA-3/512" + % result) + return self + + def digest(self): + + """Return the **binary** (non-printable) digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + self._digest_done = True + + bfr = create_string_buffer(self.digest_size) + result = _raw_keccak_lib.keccak_digest(self._state.get(), + bfr, + c_size_t(self.digest_size)) + if result: + raise ValueError("Error %d while instantiating SHA-3/512" + % result) + + self._digest_value = get_raw_buffer(bfr) + return self._digest_value + + def hexdigest(self): + """Return the **printable** digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def new(self): + """Create a fresh SHA3-512 hash object.""" + + return type(self)(None, self._update_after_digest) + + +def new(*args, **kwargs): + """Create a new hash object. + + Args: + data (byte string/byte array/memoryview): + The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`update`. + update_after_digest (boolean): + Whether :meth:`digest` can be followed by another :meth:`update` + (default: ``False``). + + :Return: A :class:`SHA3_512_Hash` hash object + """ + + data = kwargs.pop("data", None) + update_after_digest = kwargs.pop("update_after_digest", False) + if len(args) == 1: + if data: + raise ValueError("Initial data for hash specified twice") + data = args[0] + + if kwargs: + raise TypeError("Unknown parameters: " + str(kwargs)) + + return SHA3_512_Hash(data, update_after_digest) + +# The size of the resulting hash in bytes. +digest_size = SHA3_512_Hash.digest_size diff --git a/frozen_deps/Cryptodome/Hash/SHA3_512.pyi b/frozen_deps/Cryptodome/Hash/SHA3_512.pyi new file mode 100644 index 0000000..2c5403b --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA3_512.pyi @@ -0,0 +1,16 @@ +from typing import Union, Optional + +Buffer = Union[bytes, bytearray, memoryview] + +class SHA3_512_Hash(object): + digest_size: int + oid: str + def __init__(self, data: Optional[Buffer], update_after_digest: bool) -> None: ... + def update(self, data: Buffer) -> SHA3_512_Hash: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def new(self) -> SHA3_512_Hash: ... + +def new(__data: Buffer = ..., update_after_digest: bool = ...) -> SHA3_512_Hash: ... + +digest_size: int diff --git a/frozen_deps/Cryptodome/Hash/SHA512.py b/frozen_deps/Cryptodome/Hash/SHA512.py new file mode 100644 index 0000000..5066197 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA512.py @@ -0,0 +1,204 @@ +# -*- coding: utf-8 -*- +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +from Cryptodome.Util.py3compat import bord + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +_raw_sha512_lib = load_pycryptodome_raw_lib("Cryptodome.Hash._SHA512", + """ + int SHA512_init(void **shaState, + size_t digest_size); + int SHA512_destroy(void *shaState); + int SHA512_update(void *hs, + const uint8_t *buf, + size_t len); + int SHA512_digest(const void *shaState, + uint8_t *digest, + size_t digest_size); + int SHA512_copy(const void *src, void *dst); + + int SHA512_pbkdf2_hmac_assist(const void *inner, + const void *outer, + const uint8_t *first_digest, + uint8_t *final_digest, + size_t iterations, + size_t digest_size); + """) + +class SHA512Hash(object): + """A SHA-512 hash object (possibly in its truncated version SHA-512/224 or + SHA-512/256. + Do not instantiate directly. Use the :func:`new` function. + + :ivar oid: ASN.1 Object ID + :vartype oid: string + + :ivar block_size: the size in bytes of the internal message block, + input to the compression function + :vartype block_size: integer + + :ivar digest_size: the size in bytes of the resulting hash + :vartype digest_size: integer + """ + + # The internal block size of the hash algorithm in bytes. + block_size = 128 + + def __init__(self, data, truncate): + self._truncate = truncate + + if truncate is None: + self.oid = "2.16.840.1.101.3.4.2.3" + self.digest_size = 64 + elif truncate == "224": + self.oid = "2.16.840.1.101.3.4.2.5" + self.digest_size = 28 + elif truncate == "256": + self.oid = "2.16.840.1.101.3.4.2.6" + self.digest_size = 32 + else: + raise ValueError("Incorrect truncation length. It must be '224' or '256'.") + + state = VoidPointer() + result = _raw_sha512_lib.SHA512_init(state.address_of(), + c_size_t(self.digest_size)) + if result: + raise ValueError("Error %d while instantiating SHA-512" + % result) + self._state = SmartPointer(state.get(), + _raw_sha512_lib.SHA512_destroy) + if data: + self.update(data) + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (byte string/byte array/memoryview): The next chunk of the message being hashed. + """ + + result = _raw_sha512_lib.SHA512_update(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while hashing data with SHA512" + % result) + + def digest(self): + """Return the **binary** (non-printable) digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + bfr = create_string_buffer(self.digest_size) + result = _raw_sha512_lib.SHA512_digest(self._state.get(), + bfr, + c_size_t(self.digest_size)) + if result: + raise ValueError("Error %d while making SHA512 digest" + % result) + + return get_raw_buffer(bfr) + + def hexdigest(self): + """Return the **printable** digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def copy(self): + """Return a copy ("clone") of the hash object. + + The copy will have the same internal state as the original hash + object. + This can be used to efficiently compute the digests of strings that + share a common initial substring. + + :return: A hash object of the same type + """ + + clone = SHA512Hash(None, self._truncate) + result = _raw_sha512_lib.SHA512_copy(self._state.get(), + clone._state.get()) + if result: + raise ValueError("Error %d while copying SHA512" % result) + return clone + + def new(self, data=None): + """Create a fresh SHA-512 hash object.""" + + return SHA512Hash(data, self._truncate) + + +def new(data=None, truncate=None): + """Create a new hash object. + + Args: + data (bytes/bytearray/memoryview): + Optional. The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`SHA512Hash.update`. + truncate (string): + Optional. The desired length of the digest. It can be either "224" or + "256". If not present, the digest is 512 bits long. + Passing this parameter is **not** equivalent to simply truncating + the output digest. + + :Return: A :class:`SHA512Hash` hash object + """ + + return SHA512Hash(data, truncate) + + +# The size of the full SHA-512 hash in bytes. +digest_size = 64 + +# The internal block size of the hash algorithm in bytes. +block_size = 128 + + +def _pbkdf2_hmac_assist(inner, outer, first_digest, iterations): + """Compute the expensive inner loop in PBKDF-HMAC.""" + + assert iterations > 0 + + bfr = create_string_buffer(len(first_digest)); + result = _raw_sha512_lib.SHA512_pbkdf2_hmac_assist( + inner._state.get(), + outer._state.get(), + first_digest, + bfr, + c_size_t(iterations), + c_size_t(len(first_digest))) + + if result: + raise ValueError("Error %d with PBKDF2-HMAC assist for SHA512" % result) + + return get_raw_buffer(bfr) diff --git a/frozen_deps/Cryptodome/Hash/SHA512.pyi b/frozen_deps/Cryptodome/Hash/SHA512.pyi new file mode 100644 index 0000000..f219ee9 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHA512.pyi @@ -0,0 +1,22 @@ +from typing import Union, Optional + +Buffer = Union[bytes, bytearray, memoryview] + +class SHA512Hash(object): + digest_size: int + block_size: int + oid: str + + def __init__(self, + data: Optional[Buffer], + truncate: Optional[str]) -> None: ... + def update(self, data: Buffer) -> None: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def copy(self) -> SHA512Hash: ... + def new(self, data: Optional[Buffer] = ...) -> SHA512Hash: ... + +def new(data: Optional[Buffer] = ..., + truncate: Optional[str] = ...) -> SHA512Hash: ... +digest_size: int +block_size: int diff --git a/frozen_deps/Cryptodome/Hash/SHAKE128.py b/frozen_deps/Cryptodome/Hash/SHAKE128.py new file mode 100644 index 0000000..be2b22e --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHAKE128.py @@ -0,0 +1,127 @@ +# =================================================================== +# +# Copyright (c) 2015, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from Cryptodome.Util.py3compat import bord + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +from Cryptodome.Hash.keccak import _raw_keccak_lib + +class SHAKE128_XOF(object): + """A SHAKE128 hash object. + Do not instantiate directly. + Use the :func:`new` function. + + :ivar oid: ASN.1 Object ID + :vartype oid: string + """ + + # ASN.1 Object ID + oid = "2.16.840.1.101.3.4.2.11" + + def __init__(self, data=None): + state = VoidPointer() + result = _raw_keccak_lib.keccak_init(state.address_of(), + c_size_t(32), + 0x1F) + if result: + raise ValueError("Error %d while instantiating SHAKE128" + % result) + self._state = SmartPointer(state.get(), + _raw_keccak_lib.keccak_destroy) + self._is_squeezing = False + if data: + self.update(data) + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (byte string/byte array/memoryview): The next chunk of the message being hashed. + """ + + if self._is_squeezing: + raise TypeError("You cannot call 'update' after the first 'read'") + + result = _raw_keccak_lib.keccak_absorb(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while updating SHAKE128 state" + % result) + return self + + def read(self, length): + """ + Compute the next piece of XOF output. + + .. note:: + You cannot use :meth:`update` anymore after the first call to + :meth:`read`. + + Args: + length (integer): the amount of bytes this method must return + + :return: the next piece of XOF output (of the given length) + :rtype: byte string + """ + + self._is_squeezing = True + bfr = create_string_buffer(length) + result = _raw_keccak_lib.keccak_squeeze(self._state.get(), + bfr, + c_size_t(length)) + if result: + raise ValueError("Error %d while extracting from SHAKE128" + % result) + + return get_raw_buffer(bfr) + + def new(self, data=None): + return type(self)(data=data) + + +def new(data=None): + """Return a fresh instance of a SHAKE128 object. + + Args: + data (bytes/bytearray/memoryview): + The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`update`. + Optional. + + :Return: A :class:`SHAKE128_XOF` object + """ + + return SHAKE128_XOF(data=data) diff --git a/frozen_deps/Cryptodome/Hash/SHAKE128.pyi b/frozen_deps/Cryptodome/Hash/SHAKE128.pyi new file mode 100644 index 0000000..f618881 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHAKE128.pyi @@ -0,0 +1,13 @@ +from typing import Union, Optional + +Buffer = Union[bytes, bytearray, memoryview] + +class SHAKE128_XOF(object): + oid: str + def __init__(self, + data: Optional[Buffer] = ...) -> None: ... + def update(self, data: Buffer) -> SHAKE128_XOF: ... + def read(self, length: int) -> bytes: ... + def new(self, data: Optional[Buffer] = ...) -> SHAKE128_XOF: ... + +def new(data: Optional[Buffer] = ...) -> SHAKE128_XOF: ... diff --git a/frozen_deps/Cryptodome/Hash/SHAKE256.py b/frozen_deps/Cryptodome/Hash/SHAKE256.py new file mode 100644 index 0000000..46040e1 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHAKE256.py @@ -0,0 +1,127 @@ +# =================================================================== +# +# Copyright (c) 2015, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from Cryptodome.Util.py3compat import bord + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +from Cryptodome.Hash.keccak import _raw_keccak_lib + +class SHAKE256_XOF(object): + """A SHAKE256 hash object. + Do not instantiate directly. + Use the :func:`new` function. + + :ivar oid: ASN.1 Object ID + :vartype oid: string + """ + + # ASN.1 Object ID + oid = "2.16.840.1.101.3.4.2.12" + + def __init__(self, data=None): + state = VoidPointer() + result = _raw_keccak_lib.keccak_init(state.address_of(), + c_size_t(64), + 0x1F) + if result: + raise ValueError("Error %d while instantiating SHAKE256" + % result) + self._state = SmartPointer(state.get(), + _raw_keccak_lib.keccak_destroy) + self._is_squeezing = False + if data: + self.update(data) + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (byte string/byte array/memoryview): The next chunk of the message being hashed. + """ + + if self._is_squeezing: + raise TypeError("You cannot call 'update' after the first 'read'") + + result = _raw_keccak_lib.keccak_absorb(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while updating SHAKE256 state" + % result) + return self + + def read(self, length): + """ + Compute the next piece of XOF output. + + .. note:: + You cannot use :meth:`update` anymore after the first call to + :meth:`read`. + + Args: + length (integer): the amount of bytes this method must return + + :return: the next piece of XOF output (of the given length) + :rtype: byte string + """ + + self._is_squeezing = True + bfr = create_string_buffer(length) + result = _raw_keccak_lib.keccak_squeeze(self._state.get(), + bfr, + c_size_t(length)) + if result: + raise ValueError("Error %d while extracting from SHAKE256" + % result) + + return get_raw_buffer(bfr) + + def new(self, data=None): + return type(self)(data=data) + + +def new(data=None): + """Return a fresh instance of a SHAKE256 object. + + Args: + data (bytes/bytearray/memoryview): + The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`update`. + Optional. + + :Return: A :class:`SHAKE256_XOF` object + """ + + return SHAKE256_XOF(data=data) diff --git a/frozen_deps/Cryptodome/Hash/SHAKE256.pyi b/frozen_deps/Cryptodome/Hash/SHAKE256.pyi new file mode 100644 index 0000000..029347a --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/SHAKE256.pyi @@ -0,0 +1,13 @@ +from typing import Union, Optional + +Buffer = Union[bytes, bytearray, memoryview] + +class SHAKE256_XOF(object): + oid: str + def __init__(self, + data: Optional[Buffer] = ...) -> None: ... + def update(self, data: Buffer) -> SHAKE256_XOF: ... + def read(self, length: int) -> bytes: ... + def new(self, data: Optional[Buffer] = ...) -> SHAKE256_XOF: ... + +def new(data: Optional[Buffer] = ...) -> SHAKE256_XOF: ... diff --git a/frozen_deps/Cryptodome/Hash/_BLAKE2b.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Hash/_BLAKE2b.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..35ee701 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/_BLAKE2b.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Hash/_BLAKE2s.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Hash/_BLAKE2s.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..7f391c9 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/_BLAKE2s.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Hash/_MD2.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Hash/_MD2.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..8fffa21 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/_MD2.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Hash/_MD4.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Hash/_MD4.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..12b4c06 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/_MD4.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Hash/_MD5.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Hash/_MD5.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..6fb6942 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/_MD5.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Hash/_RIPEMD160.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Hash/_RIPEMD160.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..2d8928d --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/_RIPEMD160.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Hash/_SHA1.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Hash/_SHA1.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..7324a29 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/_SHA1.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Hash/_SHA224.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Hash/_SHA224.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..c60f2ae --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/_SHA224.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Hash/_SHA256.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Hash/_SHA256.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..0b8212d --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/_SHA256.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Hash/_SHA384.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Hash/_SHA384.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..b3ef7ab --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/_SHA384.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Hash/_SHA512.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Hash/_SHA512.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..424a00b --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/_SHA512.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Crypto/Util/winrandom.py b/frozen_deps/Cryptodome/Hash/__init__.py index 0242815..719cd8d 100644 --- a/frozen_deps/Crypto/Util/winrandom.py +++ b/frozen_deps/Cryptodome/Hash/__init__.py @@ -1,7 +1,4 @@ -# -# Util/winrandom.py : Stub for Crypto.Random.OSRNG.winrandom -# -# Written in 2008 by Dwayne C. Litzenberger <[email protected]> +# -*- coding: utf-8 -*- # # =================================================================== # The contents of this file are dedicated to the public domain. To @@ -21,8 +18,5 @@ # SOFTWARE. # =================================================================== -__revision__ = "$Id$" - -from Crypto.Random.OSRNG.winrandom import * - -# vim:set ts=4 sw=4 sts=4 expandtab: +__all__ = ['HMAC', 'MD2', 'MD4', 'MD5', 'RIPEMD160', 'SHA1', + 'SHA224', 'SHA256', 'SHA384', 'SHA512', 'CMAC', 'Poly1305'] diff --git a/frozen_deps/Cryptodome/Hash/__init__.pyi b/frozen_deps/Cryptodome/Hash/__init__.pyi new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/__init__.pyi diff --git a/frozen_deps/Cryptodome/Hash/_ghash_clmul.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Hash/_ghash_clmul.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..c4387d7 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/_ghash_clmul.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Hash/_ghash_portable.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Hash/_ghash_portable.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..ed1479f --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/_ghash_portable.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Hash/_keccak.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Hash/_keccak.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..074d7c4 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/_keccak.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Hash/_poly1305.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Hash/_poly1305.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..b9ae83f --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/_poly1305.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Hash/keccak.py b/frozen_deps/Cryptodome/Hash/keccak.py new file mode 100644 index 0000000..9ae8ec5 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/keccak.py @@ -0,0 +1,173 @@ +# =================================================================== +# +# Copyright (c) 2015, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from Cryptodome.Util.py3compat import bord + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + VoidPointer, SmartPointer, + create_string_buffer, + get_raw_buffer, c_size_t, + c_uint8_ptr) + +_raw_keccak_lib = load_pycryptodome_raw_lib("Cryptodome.Hash._keccak", + """ + int keccak_init(void **state, + size_t capacity_bytes, + uint8_t padding_byte); + int keccak_destroy(void *state); + int keccak_absorb(void *state, + const uint8_t *in, + size_t len); + int keccak_squeeze(const void *state, + uint8_t *out, + size_t len); + int keccak_digest(void *state, uint8_t *digest, size_t len); + """) + +class Keccak_Hash(object): + """A Keccak hash object. + Do not instantiate directly. + Use the :func:`new` function. + + :ivar digest_size: the size in bytes of the resulting hash + :vartype digest_size: integer + """ + + def __init__(self, data, digest_bytes, update_after_digest): + # The size of the resulting hash in bytes. + self.digest_size = digest_bytes + + self._update_after_digest = update_after_digest + self._digest_done = False + + state = VoidPointer() + result = _raw_keccak_lib.keccak_init(state.address_of(), + c_size_t(self.digest_size * 2), + 0x01) + if result: + raise ValueError("Error %d while instantiating keccak" % result) + self._state = SmartPointer(state.get(), + _raw_keccak_lib.keccak_destroy) + if data: + self.update(data) + + def update(self, data): + """Continue hashing of a message by consuming the next chunk of data. + + Args: + data (byte string/byte array/memoryview): The next chunk of the message being hashed. + """ + + if self._digest_done and not self._update_after_digest: + raise TypeError("You can only call 'digest' or 'hexdigest' on this object") + + result = _raw_keccak_lib.keccak_absorb(self._state.get(), + c_uint8_ptr(data), + c_size_t(len(data))) + if result: + raise ValueError("Error %d while updating keccak" % result) + return self + + def digest(self): + """Return the **binary** (non-printable) digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Binary form. + :rtype: byte string + """ + + self._digest_done = True + bfr = create_string_buffer(self.digest_size) + result = _raw_keccak_lib.keccak_digest(self._state.get(), + bfr, + c_size_t(self.digest_size)) + if result: + raise ValueError("Error %d while squeezing keccak" % result) + + return get_raw_buffer(bfr) + + def hexdigest(self): + """Return the **printable** digest of the message that has been hashed so far. + + :return: The hash digest, computed over the data processed so far. + Hexadecimal encoded. + :rtype: string + """ + + return "".join(["%02x" % bord(x) for x in self.digest()]) + + def new(self, **kwargs): + """Create a fresh Keccak hash object.""" + + if "digest_bytes" not in kwargs and "digest_bits" not in kwargs: + kwargs["digest_bytes"] = self.digest_size + + return new(**kwargs) + + +def new(**kwargs): + """Create a new hash object. + + Args: + data (bytes/bytearray/memoryview): + The very first chunk of the message to hash. + It is equivalent to an early call to :meth:`Keccak_Hash.update`. + digest_bytes (integer): + The size of the digest, in bytes (28, 32, 48, 64). + digest_bits (integer): + The size of the digest, in bits (224, 256, 384, 512). + update_after_digest (boolean): + Whether :meth:`Keccak.digest` can be followed by another + :meth:`Keccak.update` (default: ``False``). + + :Return: A :class:`Keccak_Hash` hash object + """ + + data = kwargs.pop("data", None) + update_after_digest = kwargs.pop("update_after_digest", False) + + digest_bytes = kwargs.pop("digest_bytes", None) + digest_bits = kwargs.pop("digest_bits", None) + if None not in (digest_bytes, digest_bits): + raise TypeError("Only one digest parameter must be provided") + if (None, None) == (digest_bytes, digest_bits): + raise TypeError("Digest size (bits, bytes) not provided") + if digest_bytes is not None: + if digest_bytes not in (28, 32, 48, 64): + raise ValueError("'digest_bytes' must be: 28, 32, 48 or 64") + else: + if digest_bits not in (224, 256, 384, 512): + raise ValueError("'digest_bytes' must be: 224, 256, 384 or 512") + digest_bytes = digest_bits // 8 + + if kwargs: + raise TypeError("Unknown parameters: " + str(kwargs)) + + return Keccak_Hash(data, digest_bytes, update_after_digest) diff --git a/frozen_deps/Cryptodome/Hash/keccak.pyi b/frozen_deps/Cryptodome/Hash/keccak.pyi new file mode 100644 index 0000000..844d256 --- /dev/null +++ b/frozen_deps/Cryptodome/Hash/keccak.pyi @@ -0,0 +1,23 @@ +from typing import Union, Any + +Buffer = Union[bytes, bytearray, memoryview] + +class Keccak_Hash(object): + digest_size: int + def __init__(self, + data: Buffer, + digest_bytes: int, + update_after_digest: bool) -> None: ... + def update(self, data: Buffer) -> Keccak_Hash: ... + def digest(self) -> bytes: ... + def hexdigest(self) -> str: ... + def new(self, + data: Buffer = ..., + digest_bytes: int = ..., + digest_bits: int = ..., + update_after_digest: bool = ...) -> Keccak_Hash: ... + +def new(data: Buffer = ..., + digest_bytes: int = ..., + digest_bits: int = ..., + update_after_digest: bool = ...) -> Keccak_Hash: ... diff --git a/frozen_deps/Cryptodome/IO/PEM.py b/frozen_deps/Cryptodome/IO/PEM.py new file mode 100644 index 0000000..7655368 --- /dev/null +++ b/frozen_deps/Cryptodome/IO/PEM.py @@ -0,0 +1,189 @@ +# +# Util/PEM.py : Privacy Enhanced Mail utilities +# +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +__all__ = ['encode', 'decode'] + +import re +from binascii import a2b_base64, b2a_base64, hexlify, unhexlify + +from Cryptodome.Hash import MD5 +from Cryptodome.Util.Padding import pad, unpad +from Cryptodome.Cipher import DES, DES3, AES +from Cryptodome.Protocol.KDF import PBKDF1 +from Cryptodome.Random import get_random_bytes +from Cryptodome.Util.py3compat import tobytes, tostr + + +def encode(data, marker, passphrase=None, randfunc=None): + """Encode a piece of binary data into PEM format. + + Args: + data (byte string): + The piece of binary data to encode. + marker (string): + The marker for the PEM block (e.g. "PUBLIC KEY"). + Note that there is no official master list for all allowed markers. + Still, you can refer to the OpenSSL_ source code. + passphrase (byte string): + If given, the PEM block will be encrypted. The key is derived from + the passphrase. + randfunc (callable): + Random number generation function; it accepts an integer N and returns + a byte string of random data, N bytes long. If not given, a new one is + instantiated. + + Returns: + The PEM block, as a string. + + .. _OpenSSL: https://github.com/openssl/openssl/blob/master/include/openssl/pem.h + """ + + if randfunc is None: + randfunc = get_random_bytes + + out = "-----BEGIN %s-----\n" % marker + if passphrase: + # We only support 3DES for encryption + salt = randfunc(8) + key = PBKDF1(passphrase, salt, 16, 1, MD5) + key += PBKDF1(key + passphrase, salt, 8, 1, MD5) + objenc = DES3.new(key, DES3.MODE_CBC, salt) + out += "Proc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,%s\n\n" %\ + tostr(hexlify(salt).upper()) + # Encrypt with PKCS#7 padding + data = objenc.encrypt(pad(data, objenc.block_size)) + elif passphrase is not None: + raise ValueError("Empty password") + + # Each BASE64 line can take up to 64 characters (=48 bytes of data) + # b2a_base64 adds a new line character! + chunks = [tostr(b2a_base64(data[i:i + 48])) + for i in range(0, len(data), 48)] + out += "".join(chunks) + out += "-----END %s-----" % marker + return out + + +def _EVP_BytesToKey(data, salt, key_len): + d = [ b'' ] + m = (key_len + 15 ) // 16 + for _ in range(m): + nd = MD5.new(d[-1] + data + salt).digest() + d.append(nd) + return b"".join(d)[:key_len] + + +def decode(pem_data, passphrase=None): + """Decode a PEM block into binary. + + Args: + pem_data (string): + The PEM block. + passphrase (byte string): + If given and the PEM block is encrypted, + the key will be derived from the passphrase. + + Returns: + A tuple with the binary data, the marker string, and a boolean to + indicate if decryption was performed. + + Raises: + ValueError: if decoding fails, if the PEM file is encrypted and no passphrase has + been provided or if the passphrase is incorrect. + """ + + # Verify Pre-Encapsulation Boundary + r = re.compile(r"\s*-----BEGIN (.*)-----\s+") + m = r.match(pem_data) + if not m: + raise ValueError("Not a valid PEM pre boundary") + marker = m.group(1) + + # Verify Post-Encapsulation Boundary + r = re.compile(r"-----END (.*)-----\s*$") + m = r.search(pem_data) + if not m or m.group(1) != marker: + raise ValueError("Not a valid PEM post boundary") + + # Removes spaces and slit on lines + lines = pem_data.replace(" ", '').split() + + # Decrypts, if necessary + if lines[1].startswith('Proc-Type:4,ENCRYPTED'): + if not passphrase: + raise ValueError("PEM is encrypted, but no passphrase available") + DEK = lines[2].split(':') + if len(DEK) != 2 or DEK[0] != 'DEK-Info': + raise ValueError("PEM encryption format not supported.") + algo, salt = DEK[1].split(',') + salt = unhexlify(tobytes(salt)) + + padding = True + + if algo == "DES-CBC": + key = _EVP_BytesToKey(passphrase, salt, 8) + objdec = DES.new(key, DES.MODE_CBC, salt) + elif algo == "DES-EDE3-CBC": + key = _EVP_BytesToKey(passphrase, salt, 24) + objdec = DES3.new(key, DES3.MODE_CBC, salt) + elif algo == "AES-128-CBC": + key = _EVP_BytesToKey(passphrase, salt[:8], 16) + objdec = AES.new(key, AES.MODE_CBC, salt) + elif algo == "AES-192-CBC": + key = _EVP_BytesToKey(passphrase, salt[:8], 24) + objdec = AES.new(key, AES.MODE_CBC, salt) + elif algo == "AES-256-CBC": + key = _EVP_BytesToKey(passphrase, salt[:8], 32) + objdec = AES.new(key, AES.MODE_CBC, salt) + elif algo.lower() == "id-aes256-gcm": + key = _EVP_BytesToKey(passphrase, salt[:8], 32) + objdec = AES.new(key, AES.MODE_GCM, nonce=salt) + padding = False + else: + raise ValueError("Unsupport PEM encryption algorithm (%s)." % algo) + lines = lines[2:] + else: + objdec = None + + # Decode body + data = a2b_base64(''.join(lines[1:-1])) + enc_flag = False + if objdec: + if padding: + data = unpad(objdec.decrypt(data), objdec.block_size) + else: + # There is no tag, so we don't use decrypt_and_verify + data = objdec.decrypt(data) + enc_flag = True + + return (data, marker, enc_flag) diff --git a/frozen_deps/Cryptodome/IO/PEM.pyi b/frozen_deps/Cryptodome/IO/PEM.pyi new file mode 100644 index 0000000..2e324c4 --- /dev/null +++ b/frozen_deps/Cryptodome/IO/PEM.pyi @@ -0,0 +1,10 @@ +from typing import Tuple, Optional, Callable + +def encode(data: bytes, + marke: str, + passphrase: Optional[bytes] = ..., + randfunc: Optional[Callable[[int],bytes]] = ...) -> str: ... + + +def decode(pem_data: str, + passphrase: Optional[bytes] = ...) -> Tuple[bytes, str, bool]: ... diff --git a/frozen_deps/Cryptodome/IO/PKCS8.py b/frozen_deps/Cryptodome/IO/PKCS8.py new file mode 100644 index 0000000..7365476 --- /dev/null +++ b/frozen_deps/Cryptodome/IO/PKCS8.py @@ -0,0 +1,231 @@ +# +# PublicKey/PKCS8.py : PKCS#8 functions +# +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + + +from Cryptodome.Util.py3compat import * + +from Cryptodome.Util.asn1 import ( + DerNull, + DerSequence, + DerObjectId, + DerOctetString, + ) + +from Cryptodome.IO._PBES import PBES1, PBES2, PbesError + + +__all__ = ['wrap', 'unwrap'] + + +def wrap(private_key, key_oid, passphrase=None, protection=None, + prot_params=None, key_params=None, randfunc=None): + """Wrap a private key into a PKCS#8 blob (clear or encrypted). + + Args: + + private_key (byte string): + The private key encoded in binary form. The actual encoding is + algorithm specific. In most cases, it is DER. + + key_oid (string): + The object identifier (OID) of the private key to wrap. + It is a dotted string, like ``1.2.840.113549.1.1.1`` (for RSA keys). + + passphrase (bytes string or string): + The secret passphrase from which the wrapping key is derived. + Set it only if encryption is required. + + protection (string): + The identifier of the algorithm to use for securely wrapping the key. + The default value is ``PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC``. + + prot_params (dictionary): + Parameters for the protection algorithm. + + +------------------+-----------------------------------------------+ + | Key | Description | + +==================+===============================================+ + | iteration_count | The KDF algorithm is repeated several times to| + | | slow down brute force attacks on passwords | + | | (called *N* or CPU/memory cost in scrypt). | + | | The default value for PBKDF2 is 1000. | + | | The default value for scrypt is 16384. | + +------------------+-----------------------------------------------+ + | salt_size | Salt is used to thwart dictionary and rainbow | + | | attacks on passwords. The default value is 8 | + | | bytes. | + +------------------+-----------------------------------------------+ + | block_size | *(scrypt only)* Memory-cost (r). The default | + | | value is 8. | + +------------------+-----------------------------------------------+ + | parallelization | *(scrypt only)* CPU-cost (p). The default | + | | value is 1. | + +------------------+-----------------------------------------------+ + + key_params (DER object): + The algorithm parameters associated to the private key. + It is required for algorithms like DSA, but not for others like RSA. + + randfunc (callable): + Random number generation function; it should accept a single integer + N and return a string of random data, N bytes long. + If not specified, a new RNG will be instantiated + from :mod:`Cryptodome.Random`. + + Return: + The PKCS#8-wrapped private key (possibly encrypted), as a byte string. + """ + + if key_params is None: + key_params = DerNull() + + # + # PrivateKeyInfo ::= SEQUENCE { + # version Version, + # privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, + # privateKey PrivateKey, + # attributes [0] IMPLICIT Attributes OPTIONAL + # } + # + pk_info = DerSequence([ + 0, + DerSequence([ + DerObjectId(key_oid), + key_params + ]), + DerOctetString(private_key) + ]) + pk_info_der = pk_info.encode() + + if passphrase is None: + return pk_info_der + + if not passphrase: + raise ValueError("Empty passphrase") + + # Encryption with PBES2 + passphrase = tobytes(passphrase) + if protection is None: + protection = 'PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC' + return PBES2.encrypt(pk_info_der, passphrase, + protection, prot_params, randfunc) + + +def unwrap(p8_private_key, passphrase=None): + """Unwrap a private key from a PKCS#8 blob (clear or encrypted). + + Args: + p8_private_key (byte string): + The private key wrapped into a PKCS#8 blob, DER encoded. + passphrase (byte string or string): + The passphrase to use to decrypt the blob (if it is encrypted). + + Return: + A tuple containing + + #. the algorithm identifier of the wrapped key (OID, dotted string) + #. the private key (byte string, DER encoded) + #. the associated parameters (byte string, DER encoded) or ``None`` + + Raises: + ValueError : if decoding fails + """ + + if passphrase: + passphrase = tobytes(passphrase) + + found = False + try: + p8_private_key = PBES1.decrypt(p8_private_key, passphrase) + found = True + except PbesError as e: + error_str = "PBES1[%s]" % str(e) + except ValueError: + error_str = "PBES1[Invalid]" + + if not found: + try: + p8_private_key = PBES2.decrypt(p8_private_key, passphrase) + found = True + except PbesError as e: + error_str += ",PBES2[%s]" % str(e) + except ValueError: + error_str += ",PBES2[Invalid]" + + if not found: + raise ValueError("Error decoding PKCS#8 (%s)" % error_str) + + pk_info = DerSequence().decode(p8_private_key, nr_elements=(2, 3, 4)) + if len(pk_info) == 2 and not passphrase: + raise ValueError("Not a valid clear PKCS#8 structure " + "(maybe it is encrypted?)") + + # + # PrivateKeyInfo ::= SEQUENCE { + # version Version, + # privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, + # privateKey PrivateKey, + # attributes [0] IMPLICIT Attributes OPTIONAL + # } + # Version ::= INTEGER + if pk_info[0] != 0: + raise ValueError("Not a valid PrivateKeyInfo SEQUENCE") + + # PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier + # + # EncryptedPrivateKeyInfo ::= SEQUENCE { + # encryptionAlgorithm EncryptionAlgorithmIdentifier, + # encryptedData EncryptedData + # } + # EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + + # AlgorithmIdentifier ::= SEQUENCE { + # algorithm OBJECT IDENTIFIER, + # parameters ANY DEFINED BY algorithm OPTIONAL + # } + + algo = DerSequence().decode(pk_info[1], nr_elements=(1, 2)) + algo_oid = DerObjectId().decode(algo[0]).value + if len(algo) == 1: + algo_params = None + else: + try: + DerNull().decode(algo[1]) + algo_params = None + except: + algo_params = algo[1] + + # EncryptedData ::= OCTET STRING + private_key = DerOctetString().decode(pk_info[2]).payload + + return (algo_oid, private_key, algo_params) diff --git a/frozen_deps/Cryptodome/IO/PKCS8.pyi b/frozen_deps/Cryptodome/IO/PKCS8.pyi new file mode 100644 index 0000000..135b638 --- /dev/null +++ b/frozen_deps/Cryptodome/IO/PKCS8.pyi @@ -0,0 +1,14 @@ +from typing import Dict, Tuple, Optional, Union, Callable + +from Cryptodome.Util.asn1 import DerObject + +def wrap(private_key: bytes, + key_oid: str, + passphrase: Union[bytes, str] = ..., + protection: str = ..., + prot_params: Dict = ..., + key_params: DerObject = ..., + randfunc: Optional[Callable[[int],str]] = ...) -> bytes: ... + + +def unwrap(p8_private_key: bytes, passphrase: Optional[Union[bytes, str]] = ...) -> Tuple[str, bytes, Optional[bytes]]: ... diff --git a/frozen_deps/Cryptodome/IO/_PBES.py b/frozen_deps/Cryptodome/IO/_PBES.py new file mode 100644 index 0000000..9ee5385 --- /dev/null +++ b/frozen_deps/Cryptodome/IO/_PBES.py @@ -0,0 +1,435 @@ +# +# PublicKey/_PBES.py : Password-Based Encryption functions +# +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from Cryptodome import Random +from Cryptodome.Util.asn1 import ( + DerSequence, DerOctetString, + DerObjectId, DerInteger, + ) + +from Cryptodome.Util.Padding import pad, unpad +from Cryptodome.Hash import MD5, SHA1, SHA224, SHA256, SHA384, SHA512 +from Cryptodome.Cipher import DES, ARC2, DES3, AES +from Cryptodome.Protocol.KDF import PBKDF1, PBKDF2, scrypt + +_OID_PBE_WITH_MD5_AND_DES_CBC = "1.2.840.113549.1.5.3" +_OID_PBE_WITH_MD5_AND_RC2_CBC = "1.2.840.113549.1.5.6" +_OID_PBE_WITH_SHA1_AND_DES_CBC = "1.2.840.113549.1.5.10" +_OID_PBE_WITH_SHA1_AND_RC2_CBC = "1.2.840.113549.1.5.11" + +_OID_PBES2 = "1.2.840.113549.1.5.13" + +_OID_PBKDF2 = "1.2.840.113549.1.5.12" +_OID_SCRYPT = "1.3.6.1.4.1.11591.4.11" + +_OID_HMAC_SHA1 = "1.2.840.113549.2.7" +_OID_HMAC_SHA224 = "1.2.840.113549.2.8" +_OID_HMAC_SHA256 = "1.2.840.113549.2.9" +_OID_HMAC_SHA384 = "1.2.840.113549.2.10" +_OID_HMAC_SHA512 = "1.2.840.113549.2.11" + +_OID_DES_EDE3_CBC = "1.2.840.113549.3.7" +_OID_AES128_CBC = "2.16.840.1.101.3.4.1.2" +_OID_AES192_CBC = "2.16.840.1.101.3.4.1.22" +_OID_AES256_CBC = "2.16.840.1.101.3.4.1.42" + + +class PbesError(ValueError): + pass + +# These are the ASN.1 definitions used by the PBES1/2 logic: +# +# EncryptedPrivateKeyInfo ::= SEQUENCE { +# encryptionAlgorithm EncryptionAlgorithmIdentifier, +# encryptedData EncryptedData +# } +# +# EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier +# +# EncryptedData ::= OCTET STRING +# +# AlgorithmIdentifier ::= SEQUENCE { +# algorithm OBJECT IDENTIFIER, +# parameters ANY DEFINED BY algorithm OPTIONAL +# } +# +# PBEParameter ::= SEQUENCE { +# salt OCTET STRING (SIZE(8)), +# iterationCount INTEGER +# } +# +# PBES2-params ::= SEQUENCE { +# keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, +# encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} +# } +# +# PBKDF2-params ::= SEQUENCE { +# salt CHOICE { +# specified OCTET STRING, +# otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}} +# }, +# iterationCount INTEGER (1..MAX), +# keyLength INTEGER (1..MAX) OPTIONAL, +# prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 +# } +# +# scrypt-params ::= SEQUENCE { +# salt OCTET STRING, +# costParameter INTEGER (1..MAX), +# blockSize INTEGER (1..MAX), +# parallelizationParameter INTEGER (1..MAX), +# keyLength INTEGER (1..MAX) OPTIONAL +# } + +class PBES1(object): + """Deprecated encryption scheme with password-based key derivation + (originally defined in PKCS#5 v1.5, but still present in `v2.0`__). + + .. __: http://www.ietf.org/rfc/rfc2898.txt + """ + + @staticmethod + def decrypt(data, passphrase): + """Decrypt a piece of data using a passphrase and *PBES1*. + + The algorithm to use is automatically detected. + + :Parameters: + data : byte string + The piece of data to decrypt. + passphrase : byte string + The passphrase to use for decrypting the data. + :Returns: + The decrypted data, as a binary string. + """ + + enc_private_key_info = DerSequence().decode(data) + encrypted_algorithm = DerSequence().decode(enc_private_key_info[0]) + encrypted_data = DerOctetString().decode(enc_private_key_info[1]).payload + + pbe_oid = DerObjectId().decode(encrypted_algorithm[0]).value + cipher_params = {} + if pbe_oid == _OID_PBE_WITH_MD5_AND_DES_CBC: + # PBE_MD5_DES_CBC + hashmod = MD5 + ciphermod = DES + elif pbe_oid == _OID_PBE_WITH_MD5_AND_RC2_CBC: + # PBE_MD5_RC2_CBC + hashmod = MD5 + ciphermod = ARC2 + cipher_params['effective_keylen'] = 64 + elif pbe_oid == _OID_PBE_WITH_SHA1_AND_DES_CBC: + # PBE_SHA1_DES_CBC + hashmod = SHA1 + ciphermod = DES + elif pbe_oid == _OID_PBE_WITH_SHA1_AND_RC2_CBC: + # PBE_SHA1_RC2_CBC + hashmod = SHA1 + ciphermod = ARC2 + cipher_params['effective_keylen'] = 64 + else: + raise PbesError("Unknown OID for PBES1") + + pbe_params = DerSequence().decode(encrypted_algorithm[1], nr_elements=2) + salt = DerOctetString().decode(pbe_params[0]).payload + iterations = pbe_params[1] + + key_iv = PBKDF1(passphrase, salt, 16, iterations, hashmod) + key, iv = key_iv[:8], key_iv[8:] + + cipher = ciphermod.new(key, ciphermod.MODE_CBC, iv, **cipher_params) + pt = cipher.decrypt(encrypted_data) + return unpad(pt, cipher.block_size) + + +class PBES2(object): + """Encryption scheme with password-based key derivation + (defined in `PKCS#5 v2.0`__). + + .. __: http://www.ietf.org/rfc/rfc2898.txt.""" + + @staticmethod + def encrypt(data, passphrase, protection, prot_params=None, randfunc=None): + """Encrypt a piece of data using a passphrase and *PBES2*. + + :Parameters: + data : byte string + The piece of data to encrypt. + passphrase : byte string + The passphrase to use for encrypting the data. + protection : string + The identifier of the encryption algorithm to use. + The default value is '``PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC``'. + prot_params : dictionary + Parameters of the protection algorithm. + + +------------------+-----------------------------------------------+ + | Key | Description | + +==================+===============================================+ + | iteration_count | The KDF algorithm is repeated several times to| + | | slow down brute force attacks on passwords | + | | (called *N* or CPU/memory cost in scrypt). | + | | | + | | The default value for PBKDF2 is 1 000. | + | | The default value for scrypt is 16 384. | + +------------------+-----------------------------------------------+ + | salt_size | Salt is used to thwart dictionary and rainbow | + | | attacks on passwords. The default value is 8 | + | | bytes. | + +------------------+-----------------------------------------------+ + | block_size | *(scrypt only)* Memory-cost (r). The default | + | | value is 8. | + +------------------+-----------------------------------------------+ + | parallelization | *(scrypt only)* CPU-cost (p). The default | + | | value is 1. | + +------------------+-----------------------------------------------+ + + + randfunc : callable + Random number generation function; it should accept + a single integer N and return a string of random data, + N bytes long. If not specified, a new RNG will be + instantiated from ``Cryptodome.Random``. + + :Returns: + The encrypted data, as a binary string. + """ + + if prot_params is None: + prot_params = {} + + if randfunc is None: + randfunc = Random.new().read + + if protection == 'PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC': + key_size = 24 + module = DES3 + cipher_mode = DES3.MODE_CBC + enc_oid = _OID_DES_EDE3_CBC + elif protection in ('PBKDF2WithHMAC-SHA1AndAES128-CBC', + 'scryptAndAES128-CBC'): + key_size = 16 + module = AES + cipher_mode = AES.MODE_CBC + enc_oid = _OID_AES128_CBC + elif protection in ('PBKDF2WithHMAC-SHA1AndAES192-CBC', + 'scryptAndAES192-CBC'): + key_size = 24 + module = AES + cipher_mode = AES.MODE_CBC + enc_oid = _OID_AES192_CBC + elif protection in ('PBKDF2WithHMAC-SHA1AndAES256-CBC', + 'scryptAndAES256-CBC'): + key_size = 32 + module = AES + cipher_mode = AES.MODE_CBC + enc_oid = _OID_AES256_CBC + else: + raise ValueError("Unknown PBES2 mode") + + # Get random data + iv = randfunc(module.block_size) + salt = randfunc(prot_params.get("salt_size", 8)) + + # Derive key from password + if protection.startswith('PBKDF2'): + count = prot_params.get("iteration_count", 1000) + key = PBKDF2(passphrase, salt, key_size, count) + kdf_info = DerSequence([ + DerObjectId(_OID_PBKDF2), # PBKDF2 + DerSequence([ + DerOctetString(salt), + DerInteger(count) + ]) + ]) + else: + # It must be scrypt + count = prot_params.get("iteration_count", 16384) + scrypt_r = prot_params.get('block_size', 8) + scrypt_p = prot_params.get('parallelization', 1) + key = scrypt(passphrase, salt, key_size, + count, scrypt_r, scrypt_p) + kdf_info = DerSequence([ + DerObjectId(_OID_SCRYPT), # scrypt + DerSequence([ + DerOctetString(salt), + DerInteger(count), + DerInteger(scrypt_r), + DerInteger(scrypt_p) + ]) + ]) + + # Create cipher and use it + cipher = module.new(key, cipher_mode, iv) + encrypted_data = cipher.encrypt(pad(data, cipher.block_size)) + enc_info = DerSequence([ + DerObjectId(enc_oid), + DerOctetString(iv) + ]) + + # Result + enc_private_key_info = DerSequence([ + # encryptionAlgorithm + DerSequence([ + DerObjectId(_OID_PBES2), + DerSequence([ + kdf_info, + enc_info + ]), + ]), + DerOctetString(encrypted_data) + ]) + return enc_private_key_info.encode() + + @staticmethod + def decrypt(data, passphrase): + """Decrypt a piece of data using a passphrase and *PBES2*. + + The algorithm to use is automatically detected. + + :Parameters: + data : byte string + The piece of data to decrypt. + passphrase : byte string + The passphrase to use for decrypting the data. + :Returns: + The decrypted data, as a binary string. + """ + + enc_private_key_info = DerSequence().decode(data, nr_elements=2) + enc_algo = DerSequence().decode(enc_private_key_info[0]) + encrypted_data = DerOctetString().decode(enc_private_key_info[1]).payload + + pbe_oid = DerObjectId().decode(enc_algo[0]).value + if pbe_oid != _OID_PBES2: + raise PbesError("Not a PBES2 object") + + pbes2_params = DerSequence().decode(enc_algo[1], nr_elements=2) + + ### Key Derivation Function selection + kdf_info = DerSequence().decode(pbes2_params[0], nr_elements=2) + kdf_oid = DerObjectId().decode(kdf_info[0]).value + + kdf_key_length = None + + # We only support PBKDF2 or scrypt + if kdf_oid == _OID_PBKDF2: + + pbkdf2_params = DerSequence().decode(kdf_info[1], nr_elements=(2, 3, 4)) + salt = DerOctetString().decode(pbkdf2_params[0]).payload + iteration_count = pbkdf2_params[1] + + left = len(pbkdf2_params) - 2 + idx = 2 + + if left > 0: + try: + kdf_key_length = pbkdf2_params[idx] - 0 + left -= 1 + idx += 1 + except TypeError: + pass + + # Default is HMAC-SHA1 + pbkdf2_prf_oid = "1.2.840.113549.2.7" + if left > 0: + pbkdf2_prf_algo_id = DerSequence().decode(pbkdf2_params[idx]) + pbkdf2_prf_oid = DerObjectId().decode(pbkdf2_prf_algo_id[0]).value + + elif kdf_oid == _OID_SCRYPT: + + scrypt_params = DerSequence().decode(kdf_info[1], nr_elements=(4, 5)) + salt = DerOctetString().decode(scrypt_params[0]).payload + iteration_count, scrypt_r, scrypt_p = [scrypt_params[x] + for x in (1, 2, 3)] + if len(scrypt_params) > 4: + kdf_key_length = scrypt_params[4] + else: + kdf_key_length = None + else: + raise PbesError("Unsupported PBES2 KDF") + + ### Cipher selection + enc_info = DerSequence().decode(pbes2_params[1]) + enc_oid = DerObjectId().decode(enc_info[0]).value + + if enc_oid == _OID_DES_EDE3_CBC: + # DES_EDE3_CBC + ciphermod = DES3 + key_size = 24 + elif enc_oid == _OID_AES128_CBC: + # AES128_CBC + ciphermod = AES + key_size = 16 + elif enc_oid == _OID_AES192_CBC: + # AES192_CBC + ciphermod = AES + key_size = 24 + elif enc_oid == _OID_AES256_CBC: + # AES256_CBC + ciphermod = AES + key_size = 32 + else: + raise PbesError("Unsupported PBES2 cipher") + + if kdf_key_length and kdf_key_length != key_size: + raise PbesError("Mismatch between PBES2 KDF parameters" + " and selected cipher") + + IV = DerOctetString().decode(enc_info[1]).payload + + # Create cipher + if kdf_oid == _OID_PBKDF2: + if pbkdf2_prf_oid == _OID_HMAC_SHA1: + hmac_hash_module = SHA1 + elif pbkdf2_prf_oid == _OID_HMAC_SHA224: + hmac_hash_module = SHA224 + elif pbkdf2_prf_oid == _OID_HMAC_SHA256: + hmac_hash_module = SHA256 + elif pbkdf2_prf_oid == _OID_HMAC_SHA384: + hmac_hash_module = SHA384 + elif pbkdf2_prf_oid == _OID_HMAC_SHA512: + hmac_hash_module = SHA512 + else: + raise PbesError("Unsupported HMAC %s" % pbkdf2_prf_oid) + + key = PBKDF2(passphrase, salt, key_size, iteration_count, + hmac_hash_module=hmac_hash_module) + else: + key = scrypt(passphrase, salt, key_size, iteration_count, + scrypt_r, scrypt_p) + cipher = ciphermod.new(key, ciphermod.MODE_CBC, IV) + + # Decrypt data + pt = cipher.decrypt(encrypted_data) + return unpad(pt, cipher.block_size) diff --git a/frozen_deps/Cryptodome/IO/_PBES.pyi b/frozen_deps/Cryptodome/IO/_PBES.pyi new file mode 100644 index 0000000..a8a34ce --- /dev/null +++ b/frozen_deps/Cryptodome/IO/_PBES.pyi @@ -0,0 +1,19 @@ +from typing import Dict, Optional, Callable + +class PbesError(ValueError): + ... + +class PBES1(object): + @staticmethod + def decrypt(data: bytes, passphrase: bytes) -> bytes: ... + +class PBES2(object): + @staticmethod + def encrypt(data: bytes, + passphrase: bytes, + protection: str, + prot_params: Optional[Dict] = ..., + randfunc: Optional[Callable[[int],bytes]] = ...) -> bytes: ... + + @staticmethod + def decrypt(data:bytes, passphrase: bytes) -> bytes: ... diff --git a/frozen_deps/Cryptodome/IO/__init__.py b/frozen_deps/Cryptodome/IO/__init__.py new file mode 100644 index 0000000..85a0d0b --- /dev/null +++ b/frozen_deps/Cryptodome/IO/__init__.py @@ -0,0 +1,31 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +__all__ = ['PEM', 'PKCS8'] diff --git a/frozen_deps/Cryptodome/Math/Numbers.py b/frozen_deps/Cryptodome/Math/Numbers.py new file mode 100644 index 0000000..c9ff848 --- /dev/null +++ b/frozen_deps/Cryptodome/Math/Numbers.py @@ -0,0 +1,42 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +__all__ = ["Integer"] + +try: + from Cryptodome.Math._IntegerGMP import IntegerGMP as Integer + from Cryptodome.Math._IntegerGMP import implementation as _implementation +except (ImportError, OSError, AttributeError): + try: + from Cryptodome.Math._IntegerCustom import IntegerCustom as Integer + from Cryptodome.Math._IntegerCustom import implementation as _implementation + except (ImportError, OSError): + from Cryptodome.Math._IntegerNative import IntegerNative as Integer + _implementation = {} diff --git a/frozen_deps/Cryptodome/Math/Numbers.pyi b/frozen_deps/Cryptodome/Math/Numbers.pyi new file mode 100644 index 0000000..2285a3b --- /dev/null +++ b/frozen_deps/Cryptodome/Math/Numbers.pyi @@ -0,0 +1,4 @@ +from Cryptodome.Math._IntegerBase import IntegerBase + +class Integer(IntegerBase): + pass diff --git a/frozen_deps/Cryptodome/Math/Primality.py b/frozen_deps/Cryptodome/Math/Primality.py new file mode 100644 index 0000000..08ea3ff --- /dev/null +++ b/frozen_deps/Cryptodome/Math/Primality.py @@ -0,0 +1,368 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +"""Functions to create and test prime numbers. + +:undocumented: __package__ +""" + +from Cryptodome import Random +from Cryptodome.Math.Numbers import Integer + +from Cryptodome.Util.py3compat import iter_range + +COMPOSITE = 0 +PROBABLY_PRIME = 1 + + +def miller_rabin_test(candidate, iterations, randfunc=None): + """Perform a Miller-Rabin primality test on an integer. + + The test is specified in Section C.3.1 of `FIPS PUB 186-4`__. + + :Parameters: + candidate : integer + The number to test for primality. + iterations : integer + The maximum number of iterations to perform before + declaring a candidate a probable prime. + randfunc : callable + An RNG function where bases are taken from. + + :Returns: + ``Primality.COMPOSITE`` or ``Primality.PROBABLY_PRIME``. + + .. __: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + """ + + if not isinstance(candidate, Integer): + candidate = Integer(candidate) + + if candidate in (1, 2, 3, 5): + return PROBABLY_PRIME + + if candidate.is_even(): + return COMPOSITE + + one = Integer(1) + minus_one = Integer(candidate - 1) + + if randfunc is None: + randfunc = Random.new().read + + # Step 1 and 2 + m = Integer(minus_one) + a = 0 + while m.is_even(): + m >>= 1 + a += 1 + + # Skip step 3 + + # Step 4 + for i in iter_range(iterations): + + # Step 4.1-2 + base = 1 + while base in (one, minus_one): + base = Integer.random_range(min_inclusive=2, + max_inclusive=candidate - 2) + assert(2 <= base <= candidate - 2) + + # Step 4.3-4.4 + z = pow(base, m, candidate) + if z in (one, minus_one): + continue + + # Step 4.5 + for j in iter_range(1, a): + z = pow(z, 2, candidate) + if z == minus_one: + break + if z == one: + return COMPOSITE + else: + return COMPOSITE + + # Step 5 + return PROBABLY_PRIME + + +def lucas_test(candidate): + """Perform a Lucas primality test on an integer. + + The test is specified in Section C.3.3 of `FIPS PUB 186-4`__. + + :Parameters: + candidate : integer + The number to test for primality. + + :Returns: + ``Primality.COMPOSITE`` or ``Primality.PROBABLY_PRIME``. + + .. __: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + """ + + if not isinstance(candidate, Integer): + candidate = Integer(candidate) + + # Step 1 + if candidate in (1, 2, 3, 5): + return PROBABLY_PRIME + if candidate.is_even() or candidate.is_perfect_square(): + return COMPOSITE + + # Step 2 + def alternate(): + value = 5 + while True: + yield value + if value > 0: + value += 2 + else: + value -= 2 + value = -value + + for D in alternate(): + if candidate in (D, -D): + continue + js = Integer.jacobi_symbol(D, candidate) + if js == 0: + return COMPOSITE + if js == -1: + break + # Found D. P=1 and Q=(1-D)/4 (note that Q is guaranteed to be an integer) + + # Step 3 + # This is \delta(n) = n - jacobi(D/n) + K = candidate + 1 + # Step 4 + r = K.size_in_bits() - 1 + # Step 5 + # U_1=1 and V_1=P + U_i = Integer(1) + V_i = Integer(1) + U_temp = Integer(0) + V_temp = Integer(0) + # Step 6 + for i in iter_range(r - 1, -1, -1): + # Square + # U_temp = U_i * V_i % candidate + U_temp.set(U_i) + U_temp *= V_i + U_temp %= candidate + # V_temp = (((V_i ** 2 + (U_i ** 2 * D)) * K) >> 1) % candidate + V_temp.set(U_i) + V_temp *= U_i + V_temp *= D + V_temp.multiply_accumulate(V_i, V_i) + if V_temp.is_odd(): + V_temp += candidate + V_temp >>= 1 + V_temp %= candidate + # Multiply + if K.get_bit(i): + # U_i = (((U_temp + V_temp) * K) >> 1) % candidate + U_i.set(U_temp) + U_i += V_temp + if U_i.is_odd(): + U_i += candidate + U_i >>= 1 + U_i %= candidate + # V_i = (((V_temp + U_temp * D) * K) >> 1) % candidate + V_i.set(V_temp) + V_i.multiply_accumulate(U_temp, D) + if V_i.is_odd(): + V_i += candidate + V_i >>= 1 + V_i %= candidate + else: + U_i.set(U_temp) + V_i.set(V_temp) + # Step 7 + if U_i == 0: + return PROBABLY_PRIME + return COMPOSITE + + +from Cryptodome.Util.number import sieve_base as _sieve_base_large +## The optimal number of small primes to use for the sieve +## is probably dependent on the platform and the candidate size +_sieve_base = set(_sieve_base_large[:100]) + + +def test_probable_prime(candidate, randfunc=None): + """Test if a number is prime. + + A number is qualified as prime if it passes a certain + number of Miller-Rabin tests (dependent on the size + of the number, but such that probability of a false + positive is less than 10^-30) and a single Lucas test. + + For instance, a 1024-bit candidate will need to pass + 4 Miller-Rabin tests. + + :Parameters: + candidate : integer + The number to test for primality. + randfunc : callable + The routine to draw random bytes from to select Miller-Rabin bases. + :Returns: + ``PROBABLE_PRIME`` if the number if prime with very high probability. + ``COMPOSITE`` if the number is a composite. + For efficiency reasons, ``COMPOSITE`` is also returned for small primes. + """ + + if randfunc is None: + randfunc = Random.new().read + + if not isinstance(candidate, Integer): + candidate = Integer(candidate) + + # First, check trial division by the smallest primes + if int(candidate) in _sieve_base: + return PROBABLY_PRIME + try: + map(candidate.fail_if_divisible_by, _sieve_base) + except ValueError: + return COMPOSITE + + # These are the number of Miller-Rabin iterations s.t. p(k, t) < 1E-30, + # with p(k, t) being the probability that a randomly chosen k-bit number + # is composite but still survives t MR iterations. + mr_ranges = ((220, 30), (280, 20), (390, 15), (512, 10), + (620, 7), (740, 6), (890, 5), (1200, 4), + (1700, 3), (3700, 2)) + + bit_size = candidate.size_in_bits() + try: + mr_iterations = list(filter(lambda x: bit_size < x[0], + mr_ranges))[0][1] + except IndexError: + mr_iterations = 1 + + if miller_rabin_test(candidate, mr_iterations, + randfunc=randfunc) == COMPOSITE: + return COMPOSITE + if lucas_test(candidate) == COMPOSITE: + return COMPOSITE + return PROBABLY_PRIME + + +def generate_probable_prime(**kwargs): + """Generate a random probable prime. + + The prime will not have any specific properties + (e.g. it will not be a *strong* prime). + + Random numbers are evaluated for primality until one + passes all tests, consisting of a certain number of + Miller-Rabin tests with random bases followed by + a single Lucas test. + + The number of Miller-Rabin iterations is chosen such that + the probability that the output number is a non-prime is + less than 1E-30 (roughly 2^{-100}). + + This approach is compliant to `FIPS PUB 186-4`__. + + :Keywords: + exact_bits : integer + The desired size in bits of the probable prime. + It must be at least 160. + randfunc : callable + An RNG function where candidate primes are taken from. + prime_filter : callable + A function that takes an Integer as parameter and returns + True if the number can be passed to further primality tests, + False if it should be immediately discarded. + + :Return: + A probable prime in the range 2^exact_bits > p > 2^(exact_bits-1). + + .. __: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + """ + + exact_bits = kwargs.pop("exact_bits", None) + randfunc = kwargs.pop("randfunc", None) + prime_filter = kwargs.pop("prime_filter", lambda x: True) + if kwargs: + raise ValueError("Unknown parameters: " + kwargs.keys()) + + if exact_bits is None: + raise ValueError("Missing exact_bits parameter") + if exact_bits < 160: + raise ValueError("Prime number is not big enough.") + + if randfunc is None: + randfunc = Random.new().read + + result = COMPOSITE + while result == COMPOSITE: + candidate = Integer.random(exact_bits=exact_bits, + randfunc=randfunc) | 1 + if not prime_filter(candidate): + continue + result = test_probable_prime(candidate, randfunc) + return candidate + + +def generate_probable_safe_prime(**kwargs): + """Generate a random, probable safe prime. + + Note this operation is much slower than generating a simple prime. + + :Keywords: + exact_bits : integer + The desired size in bits of the probable safe prime. + randfunc : callable + An RNG function where candidate primes are taken from. + + :Return: + A probable safe prime in the range + 2^exact_bits > p > 2^(exact_bits-1). + """ + + exact_bits = kwargs.pop("exact_bits", None) + randfunc = kwargs.pop("randfunc", None) + if kwargs: + raise ValueError("Unknown parameters: " + kwargs.keys()) + + if randfunc is None: + randfunc = Random.new().read + + result = COMPOSITE + while result == COMPOSITE: + q = generate_probable_prime(exact_bits=exact_bits - 1, randfunc=randfunc) + candidate = q * 2 + 1 + if candidate.size_in_bits() != exact_bits: + continue + result = test_probable_prime(candidate, randfunc=randfunc) + return candidate diff --git a/frozen_deps/Cryptodome/Math/Primality.pyi b/frozen_deps/Cryptodome/Math/Primality.pyi new file mode 100644 index 0000000..7813483 --- /dev/null +++ b/frozen_deps/Cryptodome/Math/Primality.pyi @@ -0,0 +1,18 @@ +from typing import Callable, Optional, Union, Set + +PrimeResult = int + +COMPOSITE: PrimeResult +PROBABLY_PRIME: PrimeResult + +def miller_rabin_test(candidate: int, iterations: int, randfunc: Optional[Callable[[int],bytes]]=None) -> PrimeResult: ... +def lucas_test(candidate: int) -> PrimeResult: ... +_sieve_base: Set[int] +def test_probable_prime(candidate: int, randfunc: Optional[Callable[[int],bytes]]=None) -> PrimeResult: ... +def generate_probable_prime(*, + exact_bits: int = ..., + randfunc: Callable[[int],bytes] = ..., + prime_filter: Callable[[int],bool] = ...) -> int: ... +def generate_probable_safe_prime(*, + exact_bits: int = ..., + randfunc: Callable[[int],bytes] = ...) -> int: ... diff --git a/frozen_deps/Cryptodome/Math/_IntegerBase.py b/frozen_deps/Cryptodome/Math/_IntegerBase.py new file mode 100644 index 0000000..f8cf333 --- /dev/null +++ b/frozen_deps/Cryptodome/Math/_IntegerBase.py @@ -0,0 +1,392 @@ +# =================================================================== +# +# Copyright (c) 2018, Helder Eijs <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +import abc + +from Cryptodome.Util.py3compat import iter_range, bord, bchr, ABC + +from Cryptodome import Random + + +class IntegerBase(ABC): + + # Conversions + @abc.abstractmethod + def __int__(self): + pass + + @abc.abstractmethod + def __str__(self): + pass + + @abc.abstractmethod + def __repr__(self): + pass + + @abc.abstractmethod + def to_bytes(self, block_size=0): + pass + + @staticmethod + @abc.abstractmethod + def from_bytes(byte_string): + pass + + # Relations + @abc.abstractmethod + def __eq__(self, term): + pass + + @abc.abstractmethod + def __ne__(self, term): + pass + + @abc.abstractmethod + def __lt__(self, term): + pass + + @abc.abstractmethod + def __le__(self, term): + pass + + @abc.abstractmethod + def __gt__(self, term): + pass + + @abc.abstractmethod + def __ge__(self, term): + pass + + @abc.abstractmethod + def __nonzero__(self): + pass + __bool__ = __nonzero__ + + @abc.abstractmethod + def is_negative(self): + pass + + # Arithmetic operations + @abc.abstractmethod + def __add__(self, term): + pass + + @abc.abstractmethod + def __sub__(self, term): + pass + + @abc.abstractmethod + def __mul__(self, factor): + pass + + @abc.abstractmethod + def __floordiv__(self, divisor): + pass + + @abc.abstractmethod + def __mod__(self, divisor): + pass + + @abc.abstractmethod + def inplace_pow(self, exponent, modulus=None): + pass + + @abc.abstractmethod + def __pow__(self, exponent, modulus=None): + pass + + @abc.abstractmethod + def __abs__(self): + pass + + @abc.abstractmethod + def sqrt(self, modulus=None): + pass + + @abc.abstractmethod + def __iadd__(self, term): + pass + + @abc.abstractmethod + def __isub__(self, term): + pass + + @abc.abstractmethod + def __imul__(self, term): + pass + + @abc.abstractmethod + def __imod__(self, term): + pass + + # Boolean/bit operations + @abc.abstractmethod + def __and__(self, term): + pass + + @abc.abstractmethod + def __or__(self, term): + pass + + @abc.abstractmethod + def __rshift__(self, pos): + pass + + @abc.abstractmethod + def __irshift__(self, pos): + pass + + @abc.abstractmethod + def __lshift__(self, pos): + pass + + @abc.abstractmethod + def __ilshift__(self, pos): + pass + + @abc.abstractmethod + def get_bit(self, n): + pass + + # Extra + @abc.abstractmethod + def is_odd(self): + pass + + @abc.abstractmethod + def is_even(self): + pass + + @abc.abstractmethod + def size_in_bits(self): + pass + + @abc.abstractmethod + def size_in_bytes(self): + pass + + @abc.abstractmethod + def is_perfect_square(self): + pass + + @abc.abstractmethod + def fail_if_divisible_by(self, small_prime): + pass + + @abc.abstractmethod + def multiply_accumulate(self, a, b): + pass + + @abc.abstractmethod + def set(self, source): + pass + + @abc.abstractmethod + def inplace_inverse(self, modulus): + pass + + @abc.abstractmethod + def inverse(self, modulus): + pass + + @abc.abstractmethod + def gcd(self, term): + pass + + @abc.abstractmethod + def lcm(self, term): + pass + + @staticmethod + @abc.abstractmethod + def jacobi_symbol(a, n): + pass + + @staticmethod + def _tonelli_shanks(n, p): + """Tonelli-shanks algorithm for computing the square root + of n modulo a prime p. + + n must be in the range [0..p-1]. + p must be at least even. + + The return value r is the square root of modulo p. If non-zero, + another solution will also exist (p-r). + + Note we cannot assume that p is really a prime: if it's not, + we can either raise an exception or return the correct value. + """ + + # See https://rosettacode.org/wiki/Tonelli-Shanks_algorithm + + if n in (0, 1): + return n + + if p % 4 == 3: + root = pow(n, (p + 1) // 4, p) + if pow(root, 2, p) != n: + raise ValueError("Cannot compute square root") + return root + + s = 1 + q = (p - 1) // 2 + while not (q & 1): + s += 1 + q >>= 1 + + z = n.__class__(2) + while True: + euler = pow(z, (p - 1) // 2, p) + if euler == 1: + z += 1 + continue + if euler == p - 1: + break + # Most probably p is not a prime + raise ValueError("Cannot compute square root") + + m = s + c = pow(z, q, p) + t = pow(n, q, p) + r = pow(n, (q + 1) // 2, p) + + while t != 1: + for i in iter_range(0, m): + if pow(t, 2**i, p) == 1: + break + if i == m: + raise ValueError("Cannot compute square root of %d mod %d" % (n, p)) + b = pow(c, 2**(m - i - 1), p) + m = i + c = b**2 % p + t = (t * b**2) % p + r = (r * b) % p + + if pow(r, 2, p) != n: + raise ValueError("Cannot compute square root") + + return r + + @classmethod + def random(cls, **kwargs): + """Generate a random natural integer of a certain size. + + :Keywords: + exact_bits : positive integer + The length in bits of the resulting random Integer number. + The number is guaranteed to fulfil the relation: + + 2^bits > result >= 2^(bits - 1) + + max_bits : positive integer + The maximum length in bits of the resulting random Integer number. + The number is guaranteed to fulfil the relation: + + 2^bits > result >=0 + + randfunc : callable + A function that returns a random byte string. The length of the + byte string is passed as parameter. Optional. + If not provided (or ``None``), randomness is read from the system RNG. + + :Return: a Integer object + """ + + exact_bits = kwargs.pop("exact_bits", None) + max_bits = kwargs.pop("max_bits", None) + randfunc = kwargs.pop("randfunc", None) + + if randfunc is None: + randfunc = Random.new().read + + if exact_bits is None and max_bits is None: + raise ValueError("Either 'exact_bits' or 'max_bits' must be specified") + + if exact_bits is not None and max_bits is not None: + raise ValueError("'exact_bits' and 'max_bits' are mutually exclusive") + + bits = exact_bits or max_bits + bytes_needed = ((bits - 1) // 8) + 1 + significant_bits_msb = 8 - (bytes_needed * 8 - bits) + msb = bord(randfunc(1)[0]) + if exact_bits is not None: + msb |= 1 << (significant_bits_msb - 1) + msb &= (1 << significant_bits_msb) - 1 + + return cls.from_bytes(bchr(msb) + randfunc(bytes_needed - 1)) + + @classmethod + def random_range(cls, **kwargs): + """Generate a random integer within a given internal. + + :Keywords: + min_inclusive : integer + The lower end of the interval (inclusive). + max_inclusive : integer + The higher end of the interval (inclusive). + max_exclusive : integer + The higher end of the interval (exclusive). + randfunc : callable + A function that returns a random byte string. The length of the + byte string is passed as parameter. Optional. + If not provided (or ``None``), randomness is read from the system RNG. + :Returns: + An Integer randomly taken in the given interval. + """ + + min_inclusive = kwargs.pop("min_inclusive", None) + max_inclusive = kwargs.pop("max_inclusive", None) + max_exclusive = kwargs.pop("max_exclusive", None) + randfunc = kwargs.pop("randfunc", None) + + if kwargs: + raise ValueError("Unknown keywords: " + str(kwargs.keys)) + if None not in (max_inclusive, max_exclusive): + raise ValueError("max_inclusive and max_exclusive cannot be both" + " specified") + if max_exclusive is not None: + max_inclusive = max_exclusive - 1 + if None in (min_inclusive, max_inclusive): + raise ValueError("Missing keyword to identify the interval") + + if randfunc is None: + randfunc = Random.new().read + + norm_maximum = max_inclusive - min_inclusive + bits_needed = cls(norm_maximum).size_in_bits() + + norm_candidate = -1 + while not 0 <= norm_candidate <= norm_maximum: + norm_candidate = cls.random( + max_bits=bits_needed, + randfunc=randfunc + ) + return norm_candidate + min_inclusive + diff --git a/frozen_deps/Cryptodome/Math/_IntegerBase.pyi b/frozen_deps/Cryptodome/Math/_IntegerBase.pyi new file mode 100644 index 0000000..3f534db --- /dev/null +++ b/frozen_deps/Cryptodome/Math/_IntegerBase.pyi @@ -0,0 +1,61 @@ +from typing import Optional, Union, Callable + +RandFunc = Callable[[int],int] + +class IntegerBase: + + def __int__(self) -> int: ... + def __str__(self) -> str: ... + def __repr__(self) -> str: ... + def to_bytes(self, block_size: Optional[int]=0) -> bytes: ... + @staticmethod + def from_bytes(byte_string: bytes) -> IntegerBase: ... + def __eq__(self, term: object) -> bool: ... + def __ne__(self, term: object) -> bool: ... + def __lt__(self, term: Union[IntegerBase, int]) -> bool: ... + def __le__(self, term: Union[IntegerBase, int]) -> bool: ... + def __gt__(self, term: Union[IntegerBase, int]) -> bool: ... + def __ge__(self, term: Union[IntegerBase, int]) -> bool: ... + def __nonzero__(self) -> bool: ... + def is_negative(self) -> bool: ... + def __add__(self, term: Union[IntegerBase, int]) -> IntegerBase: ... + def __sub__(self, term: Union[IntegerBase, int]) -> IntegerBase: ... + def __mul__(self, term: Union[IntegerBase, int]) -> IntegerBase: ... + def __floordiv__(self, divisor: Union[IntegerBase, int]) -> IntegerBase: ... + def __mod__(self, divisor: Union[IntegerBase, int]) -> IntegerBase: ... + def inplace_pow(self, exponent: int, modulus: Optional[Union[IntegerBase, int]]=None) -> IntegerBase: ... + def __pow__(self, exponent: int, modulus: Optional[int]) -> IntegerBase: ... + def __abs__(self) -> IntegerBase: ... + def sqrt(self, modulus: Optional[int]) -> IntegerBase: ... + def __iadd__(self, term: Union[IntegerBase, int]) -> IntegerBase: ... + def __isub__(self, term: Union[IntegerBase, int]) -> IntegerBase: ... + def __imul__(self, term: Union[IntegerBase, int]) -> IntegerBase: ... + def __imod__(self, divisor: Union[IntegerBase, int]) -> IntegerBase: ... + def __and__(self, term: Union[IntegerBase, int]) -> IntegerBase: ... + def __or__(self, term: Union[IntegerBase, int]) -> IntegerBase: ... + def __rshift__(self, pos: Union[IntegerBase, int]) -> IntegerBase: ... + def __irshift__(self, pos: Union[IntegerBase, int]) -> IntegerBase: ... + def __lshift__(self, pos: Union[IntegerBase, int]) -> IntegerBase: ... + def __ilshift__(self, pos: Union[IntegerBase, int]) -> IntegerBase: ... + def get_bit(self, n: int) -> bool: ... + def is_odd(self) -> bool: ... + def is_even(self) -> bool: ... + def size_in_bits(self) -> int: ... + def size_in_bytes(self) -> int: ... + def is_perfect_square(self) -> bool: ... + def fail_if_divisible_by(self, small_prime: Union[IntegerBase, int]) -> None: ... + def multiply_accumulate(self, a: Union[IntegerBase, int], b: Union[IntegerBase, int]) -> IntegerBase: ... + def set(self, source: Union[IntegerBase, int]) -> IntegerBase: ... + def inplace_inverse(self, modulus: Union[IntegerBase, int]) -> IntegerBase: ... + def inverse(self, modulus: Union[IntegerBase, int]) -> IntegerBase: ... + def gcd(self, term: Union[IntegerBase, int]) -> IntegerBase: ... + def lcm(self, term: Union[IntegerBase, int]) -> IntegerBase: ... + @staticmethod + def jacobi_symbol(a: Union[IntegerBase, int], n: Union[IntegerBase, int]) -> IntegerBase: ... + @staticmethod + def _tonelli_shanks(n: Union[IntegerBase, int], p: Union[IntegerBase, int]) -> IntegerBase : ... + @classmethod + def random(cls, **kwargs: Union[int,RandFunc]) -> IntegerBase : ... + @classmethod + def random_range(cls, **kwargs: Union[int,RandFunc]) -> IntegerBase : ... + diff --git a/frozen_deps/Cryptodome/Math/_IntegerCustom.py b/frozen_deps/Cryptodome/Math/_IntegerCustom.py new file mode 100644 index 0000000..b626014 --- /dev/null +++ b/frozen_deps/Cryptodome/Math/_IntegerCustom.py @@ -0,0 +1,111 @@ +# =================================================================== +# +# Copyright (c) 2018, Helder Eijs <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from ._IntegerNative import IntegerNative + +from Cryptodome.Util.number import long_to_bytes, bytes_to_long + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + create_string_buffer, + get_raw_buffer, backend, + c_size_t, c_ulonglong) + + +from Cryptodome.Random.random import getrandbits + +c_defs = """ +int monty_pow(const uint8_t *base, + const uint8_t *exp, + const uint8_t *modulus, + uint8_t *out, + size_t len, + uint64_t seed); +""" + + +_raw_montgomery = load_pycryptodome_raw_lib("Cryptodome.Math._modexp", c_defs) +implementation = {"library": "custom", "api": backend} + + +class IntegerCustom(IntegerNative): + + @staticmethod + def from_bytes(byte_string): + return IntegerCustom(bytes_to_long(byte_string)) + + def inplace_pow(self, exponent, modulus=None): + exp_value = int(exponent) + if exp_value < 0: + raise ValueError("Exponent must not be negative") + + # No modular reduction + if modulus is None: + self._value = pow(self._value, exp_value) + return self + + # With modular reduction + mod_value = int(modulus) + if mod_value < 0: + raise ValueError("Modulus must be positive") + if mod_value == 0: + raise ZeroDivisionError("Modulus cannot be zero") + + # C extension only works with odd moduli + if (mod_value & 1) == 0: + self._value = pow(self._value, exp_value, mod_value) + return self + + # C extension only works with bases smaller than modulus + if self._value >= mod_value: + self._value %= mod_value + + max_len = len(long_to_bytes(max(self._value, exp_value, mod_value))) + + base_b = long_to_bytes(self._value, max_len) + exp_b = long_to_bytes(exp_value, max_len) + modulus_b = long_to_bytes(mod_value, max_len) + + out = create_string_buffer(max_len) + + error = _raw_montgomery.monty_pow( + out, + base_b, + exp_b, + modulus_b, + c_size_t(max_len), + c_ulonglong(getrandbits(64)) + ) + + if error: + raise ValueError("monty_pow failed with error: %d" % error) + + result = bytes_to_long(get_raw_buffer(out)) + self._value = result + return self diff --git a/frozen_deps/Cryptodome/Math/_IntegerCustom.pyi b/frozen_deps/Cryptodome/Math/_IntegerCustom.pyi new file mode 100644 index 0000000..2dd75c7 --- /dev/null +++ b/frozen_deps/Cryptodome/Math/_IntegerCustom.pyi @@ -0,0 +1,8 @@ +from typing import Any + +from ._IntegerNative import IntegerNative + +_raw_montgomery = Any + +class IntegerCustom(IntegerNative): + pass diff --git a/frozen_deps/Cryptodome/Math/_IntegerGMP.py b/frozen_deps/Cryptodome/Math/_IntegerGMP.py new file mode 100644 index 0000000..c860020 --- /dev/null +++ b/frozen_deps/Cryptodome/Math/_IntegerGMP.py @@ -0,0 +1,708 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +import sys + +from Cryptodome.Util.py3compat import tobytes, is_native_int + +from Cryptodome.Util._raw_api import (backend, load_lib, + get_raw_buffer, get_c_string, + null_pointer, create_string_buffer, + c_ulong, c_size_t) + +from ._IntegerBase import IntegerBase + +gmp_defs = """typedef unsigned long UNIX_ULONG; + typedef struct { int a; int b; void *c; } MPZ; + typedef MPZ mpz_t[1]; + typedef UNIX_ULONG mp_bitcnt_t; + void __gmpz_init (mpz_t x); + void __gmpz_init_set (mpz_t rop, const mpz_t op); + void __gmpz_init_set_ui (mpz_t rop, UNIX_ULONG op); + int __gmp_sscanf (const char *s, const char *fmt, ...); + void __gmpz_set (mpz_t rop, const mpz_t op); + int __gmp_snprintf (uint8_t *buf, size_t size, const char *fmt, ...); + void __gmpz_add (mpz_t rop, const mpz_t op1, const mpz_t op2); + void __gmpz_add_ui (mpz_t rop, const mpz_t op1, UNIX_ULONG op2); + void __gmpz_sub_ui (mpz_t rop, const mpz_t op1, UNIX_ULONG op2); + void __gmpz_addmul (mpz_t rop, const mpz_t op1, const mpz_t op2); + void __gmpz_addmul_ui (mpz_t rop, const mpz_t op1, UNIX_ULONG op2); + void __gmpz_submul_ui (mpz_t rop, const mpz_t op1, UNIX_ULONG op2); + void __gmpz_import (mpz_t rop, size_t count, int order, size_t size, + int endian, size_t nails, const void *op); + void * __gmpz_export (void *rop, size_t *countp, int order, + size_t size, + int endian, size_t nails, const mpz_t op); + size_t __gmpz_sizeinbase (const mpz_t op, int base); + void __gmpz_sub (mpz_t rop, const mpz_t op1, const mpz_t op2); + void __gmpz_mul (mpz_t rop, const mpz_t op1, const mpz_t op2); + void __gmpz_mul_ui (mpz_t rop, const mpz_t op1, UNIX_ULONG op2); + int __gmpz_cmp (const mpz_t op1, const mpz_t op2); + void __gmpz_powm (mpz_t rop, const mpz_t base, const mpz_t exp, const + mpz_t mod); + void __gmpz_powm_ui (mpz_t rop, const mpz_t base, UNIX_ULONG exp, + const mpz_t mod); + void __gmpz_pow_ui (mpz_t rop, const mpz_t base, UNIX_ULONG exp); + void __gmpz_sqrt(mpz_t rop, const mpz_t op); + void __gmpz_mod (mpz_t r, const mpz_t n, const mpz_t d); + void __gmpz_neg (mpz_t rop, const mpz_t op); + void __gmpz_abs (mpz_t rop, const mpz_t op); + void __gmpz_and (mpz_t rop, const mpz_t op1, const mpz_t op2); + void __gmpz_ior (mpz_t rop, const mpz_t op1, const mpz_t op2); + void __gmpz_clear (mpz_t x); + void __gmpz_tdiv_q_2exp (mpz_t q, const mpz_t n, mp_bitcnt_t b); + void __gmpz_fdiv_q (mpz_t q, const mpz_t n, const mpz_t d); + void __gmpz_mul_2exp (mpz_t rop, const mpz_t op1, mp_bitcnt_t op2); + int __gmpz_tstbit (const mpz_t op, mp_bitcnt_t bit_index); + int __gmpz_perfect_square_p (const mpz_t op); + int __gmpz_jacobi (const mpz_t a, const mpz_t b); + void __gmpz_gcd (mpz_t rop, const mpz_t op1, const mpz_t op2); + UNIX_ULONG __gmpz_gcd_ui (mpz_t rop, const mpz_t op1, + UNIX_ULONG op2); + void __gmpz_lcm (mpz_t rop, const mpz_t op1, const mpz_t op2); + int __gmpz_invert (mpz_t rop, const mpz_t op1, const mpz_t op2); + int __gmpz_divisible_p (const mpz_t n, const mpz_t d); + int __gmpz_divisible_ui_p (const mpz_t n, UNIX_ULONG d); + """ + +if sys.platform == "win32": + raise ImportError("Not using GMP on Windows") + +lib = load_lib("gmp", gmp_defs) +implementation = {"library": "gmp", "api": backend} + +if hasattr(lib, "__mpir_version"): + raise ImportError("MPIR library detected") + +# In order to create a function that returns a pointer to +# a new MPZ structure, we need to break the abstraction +# and know exactly what ffi backend we have +if implementation["api"] == "ctypes": + from ctypes import Structure, c_int, c_void_p, byref + + class _MPZ(Structure): + _fields_ = [('_mp_alloc', c_int), + ('_mp_size', c_int), + ('_mp_d', c_void_p)] + + def new_mpz(): + return byref(_MPZ()) + +else: + # We are using CFFI + from Cryptodome.Util._raw_api import ffi + + def new_mpz(): + return ffi.new("MPZ*") + + +# Lazy creation of GMP methods +class _GMP(object): + + def __getattr__(self, name): + if name.startswith("mpz_"): + func_name = "__gmpz_" + name[4:] + elif name.startswith("gmp_"): + func_name = "__gmp_" + name[4:] + else: + raise AttributeError("Attribute %s is invalid" % name) + func = getattr(lib, func_name) + setattr(self, name, func) + return func + + +_gmp = _GMP() + + +class IntegerGMP(IntegerBase): + """A fast, arbitrary precision integer""" + + _zero_mpz_p = new_mpz() + _gmp.mpz_init_set_ui(_zero_mpz_p, c_ulong(0)) + + def __init__(self, value): + """Initialize the integer to the given value.""" + + self._mpz_p = new_mpz() + self._initialized = False + + if isinstance(value, float): + raise ValueError("A floating point type is not a natural number") + + self._initialized = True + + if is_native_int(value): + _gmp.mpz_init(self._mpz_p) + result = _gmp.gmp_sscanf(tobytes(str(value)), b"%Zd", self._mpz_p) + if result != 1: + raise ValueError("Error converting '%d'" % value) + elif isinstance(value, IntegerGMP): + _gmp.mpz_init_set(self._mpz_p, value._mpz_p) + else: + raise NotImplementedError + + # Conversions + def __int__(self): + # buf will contain the integer encoded in decimal plus the trailing + # zero, and possibly the negative sign. + # dig10(x) < log10(x) + 1 = log2(x)/log2(10) + 1 < log2(x)/3 + 1 + buf_len = _gmp.mpz_sizeinbase(self._mpz_p, 2) // 3 + 3 + buf = create_string_buffer(buf_len) + + _gmp.gmp_snprintf(buf, c_size_t(buf_len), b"%Zd", self._mpz_p) + return int(get_c_string(buf)) + + def __str__(self): + return str(int(self)) + + def __repr__(self): + return "Integer(%s)" % str(self) + + # Only Python 2.x + def __hex__(self): + return hex(int(self)) + + # Only Python 3.x + def __index__(self): + return int(self) + + def to_bytes(self, block_size=0): + """Convert the number into a byte string. + + This method encodes the number in network order and prepends + as many zero bytes as required. It only works for non-negative + values. + + :Parameters: + block_size : integer + The exact size the output byte string must have. + If zero, the string has the minimal length. + :Returns: + A byte string. + :Raise ValueError: + If the value is negative or if ``block_size`` is + provided and the length of the byte string would exceed it. + """ + + if self < 0: + raise ValueError("Conversion only valid for non-negative numbers") + + buf_len = (_gmp.mpz_sizeinbase(self._mpz_p, 2) + 7) // 8 + if buf_len > block_size > 0: + raise ValueError("Number is too big to convert to byte string" + "of prescribed length") + buf = create_string_buffer(buf_len) + + _gmp.mpz_export( + buf, + null_pointer, # Ignore countp + 1, # Big endian + c_size_t(1), # Each word is 1 byte long + 0, # Endianess within a word - not relevant + c_size_t(0), # No nails + self._mpz_p) + + return b'\x00' * max(0, block_size - buf_len) + get_raw_buffer(buf) + + @staticmethod + def from_bytes(byte_string): + """Convert a byte string into a number. + + :Parameters: + byte_string : byte string + The input number, encoded in network order. + It can only be non-negative. + :Return: + The ``Integer`` object carrying the same value as the input. + """ + result = IntegerGMP(0) + _gmp.mpz_import( + result._mpz_p, + c_size_t(len(byte_string)), # Amount of words to read + 1, # Big endian + c_size_t(1), # Each word is 1 byte long + 0, # Endianess within a word - not relevant + c_size_t(0), # No nails + byte_string) + return result + + # Relations + def _apply_and_return(self, func, term): + if not isinstance(term, IntegerGMP): + term = IntegerGMP(term) + return func(self._mpz_p, term._mpz_p) + + def __eq__(self, term): + if not (isinstance(term, IntegerGMP) or is_native_int(term)): + return False + return self._apply_and_return(_gmp.mpz_cmp, term) == 0 + + def __ne__(self, term): + if not (isinstance(term, IntegerGMP) or is_native_int(term)): + return True + return self._apply_and_return(_gmp.mpz_cmp, term) != 0 + + def __lt__(self, term): + return self._apply_and_return(_gmp.mpz_cmp, term) < 0 + + def __le__(self, term): + return self._apply_and_return(_gmp.mpz_cmp, term) <= 0 + + def __gt__(self, term): + return self._apply_and_return(_gmp.mpz_cmp, term) > 0 + + def __ge__(self, term): + return self._apply_and_return(_gmp.mpz_cmp, term) >= 0 + + def __nonzero__(self): + return _gmp.mpz_cmp(self._mpz_p, self._zero_mpz_p) != 0 + __bool__ = __nonzero__ + + def is_negative(self): + return _gmp.mpz_cmp(self._mpz_p, self._zero_mpz_p) < 0 + + # Arithmetic operations + def __add__(self, term): + result = IntegerGMP(0) + if not isinstance(term, IntegerGMP): + try: + term = IntegerGMP(term) + except NotImplementedError: + return NotImplemented + _gmp.mpz_add(result._mpz_p, + self._mpz_p, + term._mpz_p) + return result + + def __sub__(self, term): + result = IntegerGMP(0) + if not isinstance(term, IntegerGMP): + try: + term = IntegerGMP(term) + except NotImplementedError: + return NotImplemented + _gmp.mpz_sub(result._mpz_p, + self._mpz_p, + term._mpz_p) + return result + + def __mul__(self, term): + result = IntegerGMP(0) + if not isinstance(term, IntegerGMP): + try: + term = IntegerGMP(term) + except NotImplementedError: + return NotImplemented + _gmp.mpz_mul(result._mpz_p, + self._mpz_p, + term._mpz_p) + return result + + def __floordiv__(self, divisor): + if not isinstance(divisor, IntegerGMP): + divisor = IntegerGMP(divisor) + if _gmp.mpz_cmp(divisor._mpz_p, + self._zero_mpz_p) == 0: + raise ZeroDivisionError("Division by zero") + result = IntegerGMP(0) + _gmp.mpz_fdiv_q(result._mpz_p, + self._mpz_p, + divisor._mpz_p) + return result + + def __mod__(self, divisor): + if not isinstance(divisor, IntegerGMP): + divisor = IntegerGMP(divisor) + comp = _gmp.mpz_cmp(divisor._mpz_p, + self._zero_mpz_p) + if comp == 0: + raise ZeroDivisionError("Division by zero") + if comp < 0: + raise ValueError("Modulus must be positive") + result = IntegerGMP(0) + _gmp.mpz_mod(result._mpz_p, + self._mpz_p, + divisor._mpz_p) + return result + + def inplace_pow(self, exponent, modulus=None): + + if modulus is None: + if exponent < 0: + raise ValueError("Exponent must not be negative") + + # Normal exponentiation + if exponent > 256: + raise ValueError("Exponent is too big") + _gmp.mpz_pow_ui(self._mpz_p, + self._mpz_p, # Base + c_ulong(int(exponent)) + ) + else: + # Modular exponentiation + if not isinstance(modulus, IntegerGMP): + modulus = IntegerGMP(modulus) + if not modulus: + raise ZeroDivisionError("Division by zero") + if modulus.is_negative(): + raise ValueError("Modulus must be positive") + if is_native_int(exponent): + if exponent < 0: + raise ValueError("Exponent must not be negative") + if exponent < 65536: + _gmp.mpz_powm_ui(self._mpz_p, + self._mpz_p, + c_ulong(exponent), + modulus._mpz_p) + return self + exponent = IntegerGMP(exponent) + elif exponent.is_negative(): + raise ValueError("Exponent must not be negative") + _gmp.mpz_powm(self._mpz_p, + self._mpz_p, + exponent._mpz_p, + modulus._mpz_p) + return self + + def __pow__(self, exponent, modulus=None): + result = IntegerGMP(self) + return result.inplace_pow(exponent, modulus) + + def __abs__(self): + result = IntegerGMP(0) + _gmp.mpz_abs(result._mpz_p, self._mpz_p) + return result + + def sqrt(self, modulus=None): + """Return the largest Integer that does not + exceed the square root""" + + if modulus is None: + if self < 0: + raise ValueError("Square root of negative value") + result = IntegerGMP(0) + _gmp.mpz_sqrt(result._mpz_p, + self._mpz_p) + else: + if modulus <= 0: + raise ValueError("Modulus must be positive") + modulus = int(modulus) + result = IntegerGMP(self._tonelli_shanks(int(self) % modulus, modulus)) + + return result + + def __iadd__(self, term): + if is_native_int(term): + if 0 <= term < 65536: + _gmp.mpz_add_ui(self._mpz_p, + self._mpz_p, + c_ulong(term)) + return self + if -65535 < term < 0: + _gmp.mpz_sub_ui(self._mpz_p, + self._mpz_p, + c_ulong(-term)) + return self + term = IntegerGMP(term) + _gmp.mpz_add(self._mpz_p, + self._mpz_p, + term._mpz_p) + return self + + def __isub__(self, term): + if is_native_int(term): + if 0 <= term < 65536: + _gmp.mpz_sub_ui(self._mpz_p, + self._mpz_p, + c_ulong(term)) + return self + if -65535 < term < 0: + _gmp.mpz_add_ui(self._mpz_p, + self._mpz_p, + c_ulong(-term)) + return self + term = IntegerGMP(term) + _gmp.mpz_sub(self._mpz_p, + self._mpz_p, + term._mpz_p) + return self + + def __imul__(self, term): + if is_native_int(term): + if 0 <= term < 65536: + _gmp.mpz_mul_ui(self._mpz_p, + self._mpz_p, + c_ulong(term)) + return self + if -65535 < term < 0: + _gmp.mpz_mul_ui(self._mpz_p, + self._mpz_p, + c_ulong(-term)) + _gmp.mpz_neg(self._mpz_p, self._mpz_p) + return self + term = IntegerGMP(term) + _gmp.mpz_mul(self._mpz_p, + self._mpz_p, + term._mpz_p) + return self + + def __imod__(self, divisor): + if not isinstance(divisor, IntegerGMP): + divisor = IntegerGMP(divisor) + comp = _gmp.mpz_cmp(divisor._mpz_p, + divisor._zero_mpz_p) + if comp == 0: + raise ZeroDivisionError("Division by zero") + if comp < 0: + raise ValueError("Modulus must be positive") + _gmp.mpz_mod(self._mpz_p, + self._mpz_p, + divisor._mpz_p) + return self + + # Boolean/bit operations + def __and__(self, term): + result = IntegerGMP(0) + if not isinstance(term, IntegerGMP): + term = IntegerGMP(term) + _gmp.mpz_and(result._mpz_p, + self._mpz_p, + term._mpz_p) + return result + + def __or__(self, term): + result = IntegerGMP(0) + if not isinstance(term, IntegerGMP): + term = IntegerGMP(term) + _gmp.mpz_ior(result._mpz_p, + self._mpz_p, + term._mpz_p) + return result + + def __rshift__(self, pos): + result = IntegerGMP(0) + if pos < 0: + raise ValueError("negative shift count") + if pos > 65536: + if self < 0: + return -1 + else: + return 0 + _gmp.mpz_tdiv_q_2exp(result._mpz_p, + self._mpz_p, + c_ulong(int(pos))) + return result + + def __irshift__(self, pos): + if pos < 0: + raise ValueError("negative shift count") + if pos > 65536: + if self < 0: + return -1 + else: + return 0 + _gmp.mpz_tdiv_q_2exp(self._mpz_p, + self._mpz_p, + c_ulong(int(pos))) + return self + + def __lshift__(self, pos): + result = IntegerGMP(0) + if not 0 <= pos < 65536: + raise ValueError("Incorrect shift count") + _gmp.mpz_mul_2exp(result._mpz_p, + self._mpz_p, + c_ulong(int(pos))) + return result + + def __ilshift__(self, pos): + if not 0 <= pos < 65536: + raise ValueError("Incorrect shift count") + _gmp.mpz_mul_2exp(self._mpz_p, + self._mpz_p, + c_ulong(int(pos))) + return self + + def get_bit(self, n): + """Return True if the n-th bit is set to 1. + Bit 0 is the least significant.""" + + if self < 0: + raise ValueError("no bit representation for negative values") + if n < 0: + raise ValueError("negative bit count") + if n > 65536: + return 0 + return bool(_gmp.mpz_tstbit(self._mpz_p, + c_ulong(int(n)))) + + # Extra + def is_odd(self): + return _gmp.mpz_tstbit(self._mpz_p, 0) == 1 + + def is_even(self): + return _gmp.mpz_tstbit(self._mpz_p, 0) == 0 + + def size_in_bits(self): + """Return the minimum number of bits that can encode the number.""" + + if self < 0: + raise ValueError("Conversion only valid for non-negative numbers") + return _gmp.mpz_sizeinbase(self._mpz_p, 2) + + def size_in_bytes(self): + """Return the minimum number of bytes that can encode the number.""" + return (self.size_in_bits() - 1) // 8 + 1 + + def is_perfect_square(self): + return _gmp.mpz_perfect_square_p(self._mpz_p) != 0 + + def fail_if_divisible_by(self, small_prime): + """Raise an exception if the small prime is a divisor.""" + + if is_native_int(small_prime): + if 0 < small_prime < 65536: + if _gmp.mpz_divisible_ui_p(self._mpz_p, + c_ulong(small_prime)): + raise ValueError("The value is composite") + return + small_prime = IntegerGMP(small_prime) + if _gmp.mpz_divisible_p(self._mpz_p, + small_prime._mpz_p): + raise ValueError("The value is composite") + + def multiply_accumulate(self, a, b): + """Increment the number by the product of a and b.""" + + if not isinstance(a, IntegerGMP): + a = IntegerGMP(a) + if is_native_int(b): + if 0 < b < 65536: + _gmp.mpz_addmul_ui(self._mpz_p, + a._mpz_p, + c_ulong(b)) + return self + if -65535 < b < 0: + _gmp.mpz_submul_ui(self._mpz_p, + a._mpz_p, + c_ulong(-b)) + return self + b = IntegerGMP(b) + _gmp.mpz_addmul(self._mpz_p, + a._mpz_p, + b._mpz_p) + return self + + def set(self, source): + """Set the Integer to have the given value""" + + if not isinstance(source, IntegerGMP): + source = IntegerGMP(source) + _gmp.mpz_set(self._mpz_p, + source._mpz_p) + return self + + def inplace_inverse(self, modulus): + """Compute the inverse of this number in the ring of + modulo integers. + + Raise an exception if no inverse exists. + """ + + if not isinstance(modulus, IntegerGMP): + modulus = IntegerGMP(modulus) + + comp = _gmp.mpz_cmp(modulus._mpz_p, + self._zero_mpz_p) + if comp == 0: + raise ZeroDivisionError("Modulus cannot be zero") + if comp < 0: + raise ValueError("Modulus must be positive") + + result = _gmp.mpz_invert(self._mpz_p, + self._mpz_p, + modulus._mpz_p) + if not result: + raise ValueError("No inverse value can be computed") + return self + + def inverse(self, modulus): + result = IntegerGMP(self) + result.inplace_inverse(modulus) + return result + + def gcd(self, term): + """Compute the greatest common denominator between this + number and another term.""" + + result = IntegerGMP(0) + if is_native_int(term): + if 0 < term < 65535: + _gmp.mpz_gcd_ui(result._mpz_p, + self._mpz_p, + c_ulong(term)) + return result + term = IntegerGMP(term) + _gmp.mpz_gcd(result._mpz_p, self._mpz_p, term._mpz_p) + return result + + def lcm(self, term): + """Compute the least common multiplier between this + number and another term.""" + + result = IntegerGMP(0) + if not isinstance(term, IntegerGMP): + term = IntegerGMP(term) + _gmp.mpz_lcm(result._mpz_p, self._mpz_p, term._mpz_p) + return result + + @staticmethod + def jacobi_symbol(a, n): + """Compute the Jacobi symbol""" + + if not isinstance(a, IntegerGMP): + a = IntegerGMP(a) + if not isinstance(n, IntegerGMP): + n = IntegerGMP(n) + if n <= 0 or n.is_even(): + raise ValueError("n must be positive even for the Jacobi symbol") + return _gmp.mpz_jacobi(a._mpz_p, n._mpz_p) + + # Clean-up + def __del__(self): + + try: + if self._mpz_p is not None: + if self._initialized: + _gmp.mpz_clear(self._mpz_p) + + self._mpz_p = None + except AttributeError: + pass diff --git a/frozen_deps/Cryptodome/Math/_IntegerGMP.pyi b/frozen_deps/Cryptodome/Math/_IntegerGMP.pyi new file mode 100644 index 0000000..2181b47 --- /dev/null +++ b/frozen_deps/Cryptodome/Math/_IntegerGMP.pyi @@ -0,0 +1,3 @@ +from ._IntegerBase import IntegerBase +class IntegerGMP(IntegerBase): + pass diff --git a/frozen_deps/Cryptodome/Math/_IntegerNative.py b/frozen_deps/Cryptodome/Math/_IntegerNative.py new file mode 100644 index 0000000..896107f --- /dev/null +++ b/frozen_deps/Cryptodome/Math/_IntegerNative.py @@ -0,0 +1,380 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from ._IntegerBase import IntegerBase + +from Cryptodome.Util.number import long_to_bytes, bytes_to_long + + +class IntegerNative(IntegerBase): + """A class to model a natural integer (including zero)""" + + def __init__(self, value): + if isinstance(value, float): + raise ValueError("A floating point type is not a natural number") + try: + self._value = value._value + except AttributeError: + self._value = value + + # Conversions + def __int__(self): + return self._value + + def __str__(self): + return str(int(self)) + + def __repr__(self): + return "Integer(%s)" % str(self) + + # Only Python 2.x + def __hex__(self): + return hex(self._value) + + # Only Python 3.x + def __index__(self): + return int(self._value) + + def to_bytes(self, block_size=0): + if self._value < 0: + raise ValueError("Conversion only valid for non-negative numbers") + result = long_to_bytes(self._value, block_size) + if len(result) > block_size > 0: + raise ValueError("Value too large to encode") + return result + + @classmethod + def from_bytes(cls, byte_string): + return cls(bytes_to_long(byte_string)) + + # Relations + def __eq__(self, term): + if term is None: + return False + return self._value == int(term) + + def __ne__(self, term): + return not self.__eq__(term) + + def __lt__(self, term): + return self._value < int(term) + + def __le__(self, term): + return self.__lt__(term) or self.__eq__(term) + + def __gt__(self, term): + return not self.__le__(term) + + def __ge__(self, term): + return not self.__lt__(term) + + def __nonzero__(self): + return self._value != 0 + __bool__ = __nonzero__ + + def is_negative(self): + return self._value < 0 + + # Arithmetic operations + def __add__(self, term): + try: + return self.__class__(self._value + int(term)) + except (ValueError, AttributeError, TypeError): + return NotImplemented + + def __sub__(self, term): + try: + return self.__class__(self._value - int(term)) + except (ValueError, AttributeError, TypeError): + return NotImplemented + + def __mul__(self, factor): + try: + return self.__class__(self._value * int(factor)) + except (ValueError, AttributeError, TypeError): + return NotImplemented + + def __floordiv__(self, divisor): + return self.__class__(self._value // int(divisor)) + + def __mod__(self, divisor): + divisor_value = int(divisor) + if divisor_value < 0: + raise ValueError("Modulus must be positive") + return self.__class__(self._value % divisor_value) + + def inplace_pow(self, exponent, modulus=None): + exp_value = int(exponent) + if exp_value < 0: + raise ValueError("Exponent must not be negative") + + if modulus is not None: + mod_value = int(modulus) + if mod_value < 0: + raise ValueError("Modulus must be positive") + if mod_value == 0: + raise ZeroDivisionError("Modulus cannot be zero") + else: + mod_value = None + self._value = pow(self._value, exp_value, mod_value) + return self + + def __pow__(self, exponent, modulus=None): + result = self.__class__(self) + return result.inplace_pow(exponent, modulus) + + def __abs__(self): + return abs(self._value) + + def sqrt(self, modulus=None): + + value = self._value + if modulus is None: + if value < 0: + raise ValueError("Square root of negative value") + # http://stackoverflow.com/questions/15390807/integer-square-root-in-python + + x = value + y = (x + 1) // 2 + while y < x: + x = y + y = (x + value // x) // 2 + result = x + else: + if modulus <= 0: + raise ValueError("Modulus must be positive") + result = self._tonelli_shanks(self % modulus, modulus) + + return self.__class__(result) + + def __iadd__(self, term): + self._value += int(term) + return self + + def __isub__(self, term): + self._value -= int(term) + return self + + def __imul__(self, term): + self._value *= int(term) + return self + + def __imod__(self, term): + modulus = int(term) + if modulus == 0: + raise ZeroDivisionError("Division by zero") + if modulus < 0: + raise ValueError("Modulus must be positive") + self._value %= modulus + return self + + # Boolean/bit operations + def __and__(self, term): + return self.__class__(self._value & int(term)) + + def __or__(self, term): + return self.__class__(self._value | int(term)) + + def __rshift__(self, pos): + try: + return self.__class__(self._value >> int(pos)) + except OverflowError: + if self._value >= 0: + return 0 + else: + return -1 + + def __irshift__(self, pos): + try: + self._value >>= int(pos) + except OverflowError: + if self._value >= 0: + return 0 + else: + return -1 + return self + + def __lshift__(self, pos): + try: + return self.__class__(self._value << int(pos)) + except OverflowError: + raise ValueError("Incorrect shift count") + + def __ilshift__(self, pos): + try: + self._value <<= int(pos) + except OverflowError: + raise ValueError("Incorrect shift count") + return self + + def get_bit(self, n): + if self._value < 0: + raise ValueError("no bit representation for negative values") + try: + try: + result = (self._value >> n._value) & 1 + if n._value < 0: + raise ValueError("negative bit count") + except AttributeError: + result = (self._value >> n) & 1 + if n < 0: + raise ValueError("negative bit count") + except OverflowError: + result = 0 + return result + + # Extra + def is_odd(self): + return (self._value & 1) == 1 + + def is_even(self): + return (self._value & 1) == 0 + + def size_in_bits(self): + + if self._value < 0: + raise ValueError("Conversion only valid for non-negative numbers") + + if self._value == 0: + return 1 + + bit_size = 0 + tmp = self._value + while tmp: + tmp >>= 1 + bit_size += 1 + + return bit_size + + def size_in_bytes(self): + return (self.size_in_bits() - 1) // 8 + 1 + + def is_perfect_square(self): + if self._value < 0: + return False + if self._value in (0, 1): + return True + + x = self._value // 2 + square_x = x ** 2 + + while square_x > self._value: + x = (square_x + self._value) // (2 * x) + square_x = x ** 2 + + return self._value == x ** 2 + + def fail_if_divisible_by(self, small_prime): + if (self._value % int(small_prime)) == 0: + raise ValueError("Value is composite") + + def multiply_accumulate(self, a, b): + self._value += int(a) * int(b) + return self + + def set(self, source): + self._value = int(source) + + def inplace_inverse(self, modulus): + modulus = int(modulus) + if modulus == 0: + raise ZeroDivisionError("Modulus cannot be zero") + if modulus < 0: + raise ValueError("Modulus cannot be negative") + r_p, r_n = self._value, modulus + s_p, s_n = 1, 0 + while r_n > 0: + q = r_p // r_n + r_p, r_n = r_n, r_p - q * r_n + s_p, s_n = s_n, s_p - q * s_n + if r_p != 1: + raise ValueError("No inverse value can be computed" + str(r_p)) + while s_p < 0: + s_p += modulus + self._value = s_p + return self + + def inverse(self, modulus): + result = self.__class__(self) + result.inplace_inverse(modulus) + return result + + def gcd(self, term): + r_p, r_n = abs(self._value), abs(int(term)) + while r_n > 0: + q = r_p // r_n + r_p, r_n = r_n, r_p - q * r_n + return self.__class__(r_p) + + def lcm(self, term): + term = int(term) + if self._value == 0 or term == 0: + return self.__class__(0) + return self.__class__(abs((self._value * term) // self.gcd(term)._value)) + + @staticmethod + def jacobi_symbol(a, n): + a = int(a) + n = int(n) + + if n <= 0: + raise ValueError("n must be a positive integer") + + if (n & 1) == 0: + raise ValueError("n must be even for the Jacobi symbol") + + # Step 1 + a = a % n + # Step 2 + if a == 1 or n == 1: + return 1 + # Step 3 + if a == 0: + return 0 + # Step 4 + e = 0 + a1 = a + while (a1 & 1) == 0: + a1 >>= 1 + e += 1 + # Step 5 + if (e & 1) == 0: + s = 1 + elif n % 8 in (1, 7): + s = 1 + else: + s = -1 + # Step 6 + if n % 4 == 3 and a1 % 4 == 3: + s = -s + # Step 7 + n1 = n % a1 + # Step 8 + return s * IntegerNative.jacobi_symbol(n1, a1) diff --git a/frozen_deps/Cryptodome/Math/_IntegerNative.pyi b/frozen_deps/Cryptodome/Math/_IntegerNative.pyi new file mode 100644 index 0000000..3f65a39 --- /dev/null +++ b/frozen_deps/Cryptodome/Math/_IntegerNative.pyi @@ -0,0 +1,3 @@ +from ._IntegerBase import IntegerBase +class IntegerNative(IntegerBase): + pass diff --git a/frozen_deps/Cryptodome/Math/__init__.py b/frozen_deps/Cryptodome/Math/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/frozen_deps/Cryptodome/Math/__init__.py diff --git a/frozen_deps/Cryptodome/Math/_modexp.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Math/_modexp.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..9b8cd0a --- /dev/null +++ b/frozen_deps/Cryptodome/Math/_modexp.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Protocol/KDF.py b/frozen_deps/Cryptodome/Protocol/KDF.py new file mode 100644 index 0000000..4baa276 --- /dev/null +++ b/frozen_deps/Cryptodome/Protocol/KDF.py @@ -0,0 +1,574 @@ +# coding=utf-8 +# +# KDF.py : a collection of Key Derivation Functions +# +# Part of the Python Cryptography Toolkit +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +import re +import struct +from functools import reduce + +from Cryptodome.Util.py3compat import (tobytes, bord, _copy_bytes, iter_range, + tostr, bchr, bstr) + +from Cryptodome.Hash import SHA1, SHA256, HMAC, CMAC, BLAKE2s +from Cryptodome.Util.strxor import strxor +from Cryptodome.Random import get_random_bytes +from Cryptodome.Util.number import size as bit_size, long_to_bytes, bytes_to_long + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, + create_string_buffer, + get_raw_buffer, c_size_t) + +_raw_salsa20_lib = load_pycryptodome_raw_lib("Cryptodome.Cipher._Salsa20", + """ + int Salsa20_8_core(const uint8_t *x, const uint8_t *y, + uint8_t *out); + """) + +_raw_scrypt_lib = load_pycryptodome_raw_lib("Cryptodome.Protocol._scrypt", + """ + typedef int (core_t)(const uint8_t [64], const uint8_t [64], uint8_t [64]); + int scryptROMix(const uint8_t *data_in, uint8_t *data_out, + size_t data_len, unsigned N, core_t *core); + """) + + +def PBKDF1(password, salt, dkLen, count=1000, hashAlgo=None): + """Derive one key from a password (or passphrase). + + This function performs key derivation according to an old version of + the PKCS#5 standard (v1.5) or `RFC2898 + <https://www.ietf.org/rfc/rfc2898.txt>`_. + + Args: + password (string): + The secret password to generate the key from. + salt (byte string): + An 8 byte string to use for better protection from dictionary attacks. + This value does not need to be kept secret, but it should be randomly + chosen for each derivation. + dkLen (integer): + The length of the desired key. The default is 16 bytes, suitable for + instance for :mod:`Cryptodome.Cipher.AES`. + count (integer): + The number of iterations to carry out. The recommendation is 1000 or + more. + hashAlgo (module): + The hash algorithm to use, as a module or an object from the :mod:`Cryptodome.Hash` package. + The digest length must be no shorter than ``dkLen``. + The default algorithm is :mod:`Cryptodome.Hash.SHA1`. + + Return: + A byte string of length ``dkLen`` that can be used as key. + """ + + if not hashAlgo: + hashAlgo = SHA1 + password = tobytes(password) + pHash = hashAlgo.new(password+salt) + digest = pHash.digest_size + if dkLen > digest: + raise TypeError("Selected hash algorithm has a too short digest (%d bytes)." % digest) + if len(salt) != 8: + raise ValueError("Salt is not 8 bytes long (%d bytes instead)." % len(salt)) + for i in iter_range(count-1): + pHash = pHash.new(pHash.digest()) + return pHash.digest()[:dkLen] + + +def PBKDF2(password, salt, dkLen=16, count=1000, prf=None, hmac_hash_module=None): + """Derive one or more keys from a password (or passphrase). + + This function performs key derivation according to the PKCS#5 standard (v2.0). + + Args: + password (string or byte string): + The secret password to generate the key from. + salt (string or byte string): + A (byte) string to use for better protection from dictionary attacks. + This value does not need to be kept secret, but it should be randomly + chosen for each derivation. It is recommended to use at least 16 bytes. + dkLen (integer): + The cumulative length of the keys to produce. + + Due to a flaw in the PBKDF2 design, you should not request more bytes + than the ``prf`` can output. For instance, ``dkLen`` should not exceed + 20 bytes in combination with ``HMAC-SHA1``. + count (integer): + The number of iterations to carry out. The higher the value, the slower + and the more secure the function becomes. + + You should find the maximum number of iterations that keeps the + key derivation still acceptable on the slowest hardware you must support. + + Although the default value is 1000, **it is recommended to use at least + 1000000 (1 million) iterations**. + prf (callable): + A pseudorandom function. It must be a function that returns a + pseudorandom byte string from two parameters: a secret and a salt. + The slower the algorithm, the more secure the derivation function. + If not specified, **HMAC-SHA1** is used. + hmac_hash_module (module): + A module from ``Cryptodome.Hash`` implementing a Merkle-Damgard cryptographic + hash, which PBKDF2 must use in combination with HMAC. + This parameter is mutually exclusive with ``prf``. + + Return: + A byte string of length ``dkLen`` that can be used as key material. + If you want multiple keys, just break up this string into segments of the desired length. + """ + + password = tobytes(password) + salt = tobytes(salt) + + if prf and hmac_hash_module: + raise ValueError("'prf' and 'hmac_hash_module' are mutually exlusive") + + if prf is None and hmac_hash_module is None: + hmac_hash_module = SHA1 + + if prf or not hasattr(hmac_hash_module, "_pbkdf2_hmac_assist"): + # Generic (and slow) implementation + + if prf is None: + prf = lambda p,s: HMAC.new(p, s, hmac_hash_module).digest() + + def link(s): + s[0], s[1] = s[1], prf(password, s[1]) + return s[0] + + key = b'' + i = 1 + while len(key) < dkLen: + s = [ prf(password, salt + struct.pack(">I", i)) ] * 2 + key += reduce(strxor, (link(s) for j in range(count)) ) + i += 1 + + else: + # Optimized implementation + key = b'' + i = 1 + while len(key)<dkLen: + base = HMAC.new(password, b"", hmac_hash_module) + first_digest = base.copy().update(salt + struct.pack(">I", i)).digest() + key += base._pbkdf2_hmac_assist(first_digest, count) + i += 1 + + return key[:dkLen] + + +class _S2V(object): + """String-to-vector PRF as defined in `RFC5297`_. + + This class implements a pseudorandom function family + based on CMAC that takes as input a vector of strings. + + .. _RFC5297: http://tools.ietf.org/html/rfc5297 + """ + + def __init__(self, key, ciphermod, cipher_params=None): + """Initialize the S2V PRF. + + :Parameters: + key : byte string + A secret that can be used as key for CMACs + based on ciphers from ``ciphermod``. + ciphermod : module + A block cipher module from `Cryptodome.Cipher`. + cipher_params : dictionary + A set of extra parameters to use to create a cipher instance. + """ + + self._key = _copy_bytes(None, None, key) + self._ciphermod = ciphermod + self._last_string = self._cache = b'\x00' * ciphermod.block_size + + # Max number of update() call we can process + self._n_updates = ciphermod.block_size * 8 - 1 + + if cipher_params is None: + self._cipher_params = {} + else: + self._cipher_params = dict(cipher_params) + + @staticmethod + def new(key, ciphermod): + """Create a new S2V PRF. + + :Parameters: + key : byte string + A secret that can be used as key for CMACs + based on ciphers from ``ciphermod``. + ciphermod : module + A block cipher module from `Cryptodome.Cipher`. + """ + return _S2V(key, ciphermod) + + def _double(self, bs): + doubled = bytes_to_long(bs)<<1 + if bord(bs[0]) & 0x80: + doubled ^= 0x87 + return long_to_bytes(doubled, len(bs))[-len(bs):] + + def update(self, item): + """Pass the next component of the vector. + + The maximum number of components you can pass is equal to the block + length of the cipher (in bits) minus 1. + + :Parameters: + item : byte string + The next component of the vector. + :Raise TypeError: when the limit on the number of components has been reached. + """ + + if self._n_updates == 0: + raise TypeError("Too many components passed to S2V") + self._n_updates -= 1 + + mac = CMAC.new(self._key, + msg=self._last_string, + ciphermod=self._ciphermod, + cipher_params=self._cipher_params) + self._cache = strxor(self._double(self._cache), mac.digest()) + self._last_string = _copy_bytes(None, None, item) + + def derive(self): + """"Derive a secret from the vector of components. + + :Return: a byte string, as long as the block length of the cipher. + """ + + if len(self._last_string) >= 16: + # xorend + final = self._last_string[:-16] + strxor(self._last_string[-16:], self._cache) + else: + # zero-pad & xor + padded = (self._last_string + b'\x80' + b'\x00' * 15)[:16] + final = strxor(padded, self._double(self._cache)) + mac = CMAC.new(self._key, + msg=final, + ciphermod=self._ciphermod, + cipher_params=self._cipher_params) + return mac.digest() + + +def HKDF(master, key_len, salt, hashmod, num_keys=1, context=None): + """Derive one or more keys from a master secret using + the HMAC-based KDF defined in RFC5869_. + + Args: + master (byte string): + The unguessable value used by the KDF to generate the other keys. + It must be a high-entropy secret, though not necessarily uniform. + It must not be a password. + salt (byte string): + A non-secret, reusable value that strengthens the randomness + extraction step. + Ideally, it is as long as the digest size of the chosen hash. + If empty, a string of zeroes in used. + key_len (integer): + The length in bytes of every derived key. + hashmod (module): + A cryptographic hash algorithm from :mod:`Cryptodome.Hash`. + :mod:`Cryptodome.Hash.SHA512` is a good choice. + num_keys (integer): + The number of keys to derive. Every key is :data:`key_len` bytes long. + The maximum cumulative length of all keys is + 255 times the digest size. + context (byte string): + Optional identifier describing what the keys are used for. + + Return: + A byte string or a tuple of byte strings. + + .. _RFC5869: http://tools.ietf.org/html/rfc5869 + """ + + output_len = key_len * num_keys + if output_len > (255 * hashmod.digest_size): + raise ValueError("Too much secret data to derive") + if not salt: + salt = b'\x00' * hashmod.digest_size + if context is None: + context = b"" + + # Step 1: extract + hmac = HMAC.new(salt, master, digestmod=hashmod) + prk = hmac.digest() + + # Step 2: expand + t = [ b"" ] + n = 1 + tlen = 0 + while tlen < output_len: + hmac = HMAC.new(prk, t[-1] + context + struct.pack('B', n), digestmod=hashmod) + t.append(hmac.digest()) + tlen += hashmod.digest_size + n += 1 + derived_output = b"".join(t) + if num_keys == 1: + return derived_output[:key_len] + kol = [derived_output[idx:idx + key_len] + for idx in iter_range(0, output_len, key_len)] + return list(kol[:num_keys]) + + + +def scrypt(password, salt, key_len, N, r, p, num_keys=1): + """Derive one or more keys from a passphrase. + + Args: + password (string): + The secret pass phrase to generate the keys from. + salt (string): + A string to use for better protection from dictionary attacks. + This value does not need to be kept secret, + but it should be randomly chosen for each derivation. + It is recommended to be at least 16 bytes long. + key_len (integer): + The length in bytes of every derived key. + N (integer): + CPU/Memory cost parameter. It must be a power of 2 and less + than :math:`2^{32}`. + r (integer): + Block size parameter. + p (integer): + Parallelization parameter. + It must be no greater than :math:`(2^{32}-1)/(4r)`. + num_keys (integer): + The number of keys to derive. Every key is :data:`key_len` bytes long. + By default, only 1 key is generated. + The maximum cumulative length of all keys is :math:`(2^{32}-1)*32` + (that is, 128TB). + + A good choice of parameters *(N, r , p)* was suggested + by Colin Percival in his `presentation in 2009`__: + + - *( 2¹⁴, 8, 1 )* for interactive logins (≤100ms) + - *( 2²⁰, 8, 1 )* for file encryption (≤5s) + + Return: + A byte string or a tuple of byte strings. + + .. __: http://www.tarsnap.com/scrypt/scrypt-slides.pdf + """ + + if 2 ** (bit_size(N) - 1) != N: + raise ValueError("N must be a power of 2") + if N >= 2 ** 32: + raise ValueError("N is too big") + if p > ((2 ** 32 - 1) * 32) // (128 * r): + raise ValueError("p or r are too big") + + prf_hmac_sha256 = lambda p, s: HMAC.new(p, s, SHA256).digest() + + stage_1 = PBKDF2(password, salt, p * 128 * r, 1, prf=prf_hmac_sha256) + + scryptROMix = _raw_scrypt_lib.scryptROMix + core = _raw_salsa20_lib.Salsa20_8_core + + # Parallelize into p flows + data_out = [] + for flow in iter_range(p): + idx = flow * 128 * r + buffer_out = create_string_buffer(128 * r) + result = scryptROMix(stage_1[idx : idx + 128 * r], + buffer_out, + c_size_t(128 * r), + N, + core) + if result: + raise ValueError("Error %X while running scrypt" % result) + data_out += [ get_raw_buffer(buffer_out) ] + + dk = PBKDF2(password, + b"".join(data_out), + key_len * num_keys, 1, + prf=prf_hmac_sha256) + + if num_keys == 1: + return dk + + kol = [dk[idx:idx + key_len] + for idx in iter_range(0, key_len * num_keys, key_len)] + return kol + + +def _bcrypt_encode(data): + s = "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" + + bits = [] + for c in data: + bits_c = bin(bord(c))[2:].zfill(8) + bits.append(bstr(bits_c)) + bits = b"".join(bits) + + bits6 = [ bits[idx:idx+6] for idx in range(0, len(bits), 6) ] + + result = [] + for g in bits6[:-1]: + idx = int(g, 2) + result.append(s[idx]) + + g = bits6[-1] + idx = int(g, 2) << (6 - len(g)) + result.append(s[idx]) + result = "".join(result) + + return tobytes(result) + + +def _bcrypt_decode(data): + s = "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" + + bits = [] + for c in tostr(data): + idx = s.find(c) + bits6 = bin(idx)[2:].zfill(6) + bits.append(bits6) + bits = "".join(bits) + + modulo4 = len(data) % 4 + if modulo4 == 1: + raise ValueError("Incorrect length") + elif modulo4 == 2: + bits = bits[:-4] + elif modulo4 == 3: + bits = bits[:-2] + + bits8 = [ bits[idx:idx+8] for idx in range(0, len(bits), 8) ] + + result = [] + for g in bits8: + result.append(bchr(int(g, 2))) + result = b"".join(result) + + return result + + +def _bcrypt_hash(password, cost, salt, constant, invert): + from Cryptodome.Cipher import _EKSBlowfish + + if len(password) > 72: + raise ValueError("The password is too long. It must be 72 bytes at most.") + + if not (4 <= cost <= 31): + raise ValueError("bcrypt cost factor must be in the range 4..31") + + cipher = _EKSBlowfish.new(password, _EKSBlowfish.MODE_ECB, salt, cost, invert) + ctext = constant + for _ in range(64): + ctext = cipher.encrypt(ctext) + return ctext + + +def bcrypt(password, cost, salt=None): + """Hash a password into a key, using the OpenBSD bcrypt protocol. + + Args: + password (byte string or string): + The secret password or pass phrase. + It must be at most 72 bytes long. + It must not contain the zero byte. + Unicode strings will be encoded as UTF-8. + cost (integer): + The exponential factor that makes it slower to compute the hash. + It must be in the range 4 to 31. + A value of at least 12 is recommended. + salt (byte string): + Optional. Random byte string to thwarts dictionary and rainbow table + attacks. It must be 16 bytes long. + If not passed, a random value is generated. + + Return (byte string): + The bcrypt hash + + Raises: + ValueError: if password is longer than 72 bytes or if it contains the zero byte + + """ + + password = tobytes(password, "utf-8") + + if password.find(bchr(0)[0]) != -1: + raise ValueError("The password contains the zero byte") + + if len(password) < 72: + password += b"\x00" + + if salt is None: + salt = get_random_bytes(16) + if len(salt) != 16: + raise ValueError("bcrypt salt must be 16 bytes long") + + ctext = _bcrypt_hash(password, cost, salt, b"OrpheanBeholderScryDoubt", True) + + cost_enc = b"$" + bstr(str(cost).zfill(2)) + salt_enc = b"$" + _bcrypt_encode(salt) + hash_enc = _bcrypt_encode(ctext[:-1]) # only use 23 bytes, not 24 + return b"$2a" + cost_enc + salt_enc + hash_enc + + +def bcrypt_check(password, bcrypt_hash): + """Verify if the provided password matches the given bcrypt hash. + + Args: + password (byte string or string): + The secret password or pass phrase to test. + It must be at most 72 bytes long. + It must not contain the zero byte. + Unicode strings will be encoded as UTF-8. + bcrypt_hash (byte string, bytearray): + The reference bcrypt hash the password needs to be checked against. + + Raises: + ValueError: if the password does not match + """ + + bcrypt_hash = tobytes(bcrypt_hash) + + if len(bcrypt_hash) != 60: + raise ValueError("Incorrect length of the bcrypt hash: %d bytes instead of 60" % len(bcrypt_hash)) + + if bcrypt_hash[:4] != b'$2a$': + raise ValueError("Unsupported prefix") + + p = re.compile(br'\$2a\$([0-9][0-9])\$([A-Za-z0-9./]{22,22})([A-Za-z0-9./]{31,31})') + r = p.match(bcrypt_hash) + if not r: + raise ValueError("Incorrect bcrypt hash format") + + cost = int(r.group(1)) + if not (4 <= cost <= 31): + raise ValueError("Incorrect cost") + + salt = _bcrypt_decode(r.group(2)) + + bcrypt_hash2 = bcrypt(password, cost, salt) + + secret = get_random_bytes(16) + + mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=bcrypt_hash).digest() + mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=bcrypt_hash2).digest() + if mac1 != mac2: + raise ValueError("Incorrect bcrypt hash") diff --git a/frozen_deps/Cryptodome/Protocol/KDF.pyi b/frozen_deps/Cryptodome/Protocol/KDF.pyi new file mode 100644 index 0000000..fb004bf --- /dev/null +++ b/frozen_deps/Cryptodome/Protocol/KDF.pyi @@ -0,0 +1,24 @@ +from types import ModuleType +from typing import Optional, Callable, Tuple, Union, Dict, Any + +RNG = Callable[[int], bytes] + +def PBKDF1(password: str, salt: bytes, dkLen: int, count: Optional[int]=1000, hashAlgo: Optional[ModuleType]=None) -> bytes: ... +def PBKDF2(password: str, salt: bytes, dkLen: Optional[int]=16, count: Optional[int]=1000, prf: Optional[RNG]=None, hmac_hash_module: Optional[ModuleType]=None) -> bytes: ... + +class _S2V(object): + def __init__(self, key: bytes, ciphermod: ModuleType, cipher_params: Optional[Dict[Any, Any]]=None) -> None: ... + + @staticmethod + def new(key: bytes, ciphermod: ModuleType) -> None: ... + def update(self, item: bytes) -> None: ... + def derive(self) -> bytes: ... + +def HKDF(master: bytes, key_len: int, salt: bytes, hashmod: ModuleType, num_keys: Optional[int]=1, context: Optional[bytes]=None) -> Union[bytes, Tuple[bytes, ...]]: ... + +def scrypt(password: str, salt: str, key_len: int, N: int, r: int, p: int, num_keys: Optional[int]=1) -> Union[bytes, Tuple[bytes, ...]]: ... + +def _bcrypt_decode(data: bytes) -> bytes: ... +def _bcrypt_hash(password:bytes , cost: int, salt: bytes, constant:bytes, invert:bool) -> bytes: ... +def bcrypt(password: Union[bytes, str], cost: int, salt: Optional[bytes]=None) -> bytes: ... +def bcrypt_check(password: Union[bytes, str], bcrypt_hash: Union[bytes, bytearray, str]) -> None: ... diff --git a/frozen_deps/Cryptodome/Protocol/SecretSharing.py b/frozen_deps/Cryptodome/Protocol/SecretSharing.py new file mode 100644 index 0000000..6fdc9b4 --- /dev/null +++ b/frozen_deps/Cryptodome/Protocol/SecretSharing.py @@ -0,0 +1,278 @@ +# +# SecretSharing.py : distribute a secret amongst a group of participants +# +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from Cryptodome.Util.py3compat import is_native_int +from Cryptodome.Util import number +from Cryptodome.Util.number import long_to_bytes, bytes_to_long +from Cryptodome.Random import get_random_bytes as rng + + +def _mult_gf2(f1, f2): + """Multiply two polynomials in GF(2)""" + + # Ensure f2 is the smallest + if f2 > f1: + f1, f2 = f2, f1 + z = 0 + while f2: + if f2 & 1: + z ^= f1 + f1 <<= 1 + f2 >>= 1 + return z + + +def _div_gf2(a, b): + """ + Compute division of polynomials over GF(2). + Given a and b, it finds two polynomials q and r such that: + + a = b*q + r with deg(r)<deg(b) + """ + + if (a < b): + return 0, a + + deg = number.size + q = 0 + r = a + d = deg(b) + while deg(r) >= d: + s = 1 << (deg(r) - d) + q ^= s + r ^= _mult_gf2(b, s) + return (q, r) + + +class _Element(object): + """Element of GF(2^128) field""" + + # The irreducible polynomial defining this field is 1+x+x^2+x^7+x^128 + irr_poly = 1 + 2 + 4 + 128 + 2 ** 128 + + def __init__(self, encoded_value): + """Initialize the element to a certain value. + + The value passed as parameter is internally encoded as + a 128-bit integer, where each bit represents a polynomial + coefficient. The LSB is the constant coefficient. + """ + + if is_native_int(encoded_value): + self._value = encoded_value + elif len(encoded_value) == 16: + self._value = bytes_to_long(encoded_value) + else: + raise ValueError("The encoded value must be an integer or a 16 byte string") + + def __eq__(self, other): + return self._value == other._value + + def __int__(self): + """Return the field element, encoded as a 128-bit integer.""" + return self._value + + def encode(self): + """Return the field element, encoded as a 16 byte string.""" + return long_to_bytes(self._value, 16) + + def __mul__(self, factor): + + f1 = self._value + f2 = factor._value + + # Make sure that f2 is the smallest, to speed up the loop + if f2 > f1: + f1, f2 = f2, f1 + + if self.irr_poly in (f1, f2): + return _Element(0) + + mask1 = 2 ** 128 + v, z = f1, 0 + while f2: + # if f2 ^ 1: z ^= v + mask2 = int(bin(f2 & 1)[2:] * 128, base=2) + z = (mask2 & (z ^ v)) | ((mask1 - mask2 - 1) & z) + v <<= 1 + # if v & mask1: v ^= self.irr_poly + mask3 = int(bin((v >> 128) & 1)[2:] * 128, base=2) + v = (mask3 & (v ^ self.irr_poly)) | ((mask1 - mask3 - 1) & v) + f2 >>= 1 + return _Element(z) + + def __add__(self, term): + return _Element(self._value ^ term._value) + + def inverse(self): + """Return the inverse of this element in GF(2^128).""" + + # We use the Extended GCD algorithm + # http://en.wikipedia.org/wiki/Polynomial_greatest_common_divisor + + if self._value == 0: + raise ValueError("Inversion of zero") + + r0, r1 = self._value, self.irr_poly + s0, s1 = 1, 0 + while r1 > 0: + q = _div_gf2(r0, r1)[0] + r0, r1 = r1, r0 ^ _mult_gf2(q, r1) + s0, s1 = s1, s0 ^ _mult_gf2(q, s1) + return _Element(s0) + + def __pow__(self, exponent): + result = _Element(self._value) + for _ in range(exponent - 1): + result = result * self + return result + + +class Shamir(object): + """Shamir's secret sharing scheme. + + A secret is split into ``n`` shares, and it is sufficient to collect + ``k`` of them to reconstruct the secret. + """ + + @staticmethod + def split(k, n, secret, ssss=False): + """Split a secret into ``n`` shares. + + The secret can be reconstructed later using just ``k`` shares + out of the original ``n``. + Each share must be kept confidential to the person it was + assigned to. + + Each share is associated to an index (starting from 1). + + Args: + k (integer): + The sufficient number of shares to reconstruct the secret (``k < n``). + n (integer): + The number of shares that this method will create. + secret (byte string): + A byte string of 16 bytes (e.g. the AES 128 key). + ssss (bool): + If ``True``, the shares can be used with the ``ssss`` utility. + Default: ``False``. + + Return (tuples): + ``n`` tuples. A tuple is meant for each participant and it contains two items: + + 1. the unique index (an integer) + 2. the share (a byte string, 16 bytes) + """ + + # + # We create a polynomial with random coefficients in GF(2^128): + # + # p(x) = \sum_{i=0}^{k-1} c_i * x^i + # + # c_0 is the encoded secret + # + + coeffs = [_Element(rng(16)) for i in range(k - 1)] + coeffs.append(_Element(secret)) + + # Each share is y_i = p(x_i) where x_i is the public index + # associated to each of the n users. + + def make_share(user, coeffs, ssss): + idx = _Element(user) + share = _Element(0) + for coeff in coeffs: + share = idx * share + coeff + if ssss: + share += _Element(user) ** len(coeffs) + return share.encode() + + return [(i, make_share(i, coeffs, ssss)) for i in range(1, n + 1)] + + @staticmethod + def combine(shares, ssss=False): + """Recombine a secret, if enough shares are presented. + + Args: + shares (tuples): + The *k* tuples, each containin the index (an integer) and + the share (a byte string, 16 bytes long) that were assigned to + a participant. + ssss (bool): + If ``True``, the shares were produced by the ``ssss`` utility. + Default: ``False``. + + Return: + The original secret, as a byte string (16 bytes long). + """ + + # + # Given k points (x,y), the interpolation polynomial of degree k-1 is: + # + # L(x) = \sum_{j=0}^{k-1} y_i * l_j(x) + # + # where: + # + # l_j(x) = \prod_{ \overset{0 \le m \le k-1}{m \ne j} } + # \frac{x - x_m}{x_j - x_m} + # + # However, in this case we are purely interested in the constant + # coefficient of L(x). + # + + k = len(shares) + + gf_shares = [] + for x in shares: + idx = _Element(x[0]) + value = _Element(x[1]) + if any(y[0] == idx for y in gf_shares): + raise ValueError("Duplicate share") + if ssss: + value += idx ** k + gf_shares.append((idx, value)) + + result = _Element(0) + for j in range(k): + x_j, y_j = gf_shares[j] + + numerator = _Element(1) + denominator = _Element(1) + + for m in range(k): + x_m = gf_shares[m][0] + if m != j: + numerator *= x_m + denominator *= x_j + x_m + result += y_j * numerator * denominator.inverse() + return result.encode() diff --git a/frozen_deps/Cryptodome/Protocol/SecretSharing.pyi b/frozen_deps/Cryptodome/Protocol/SecretSharing.pyi new file mode 100644 index 0000000..5952c99 --- /dev/null +++ b/frozen_deps/Cryptodome/Protocol/SecretSharing.pyi @@ -0,0 +1,22 @@ +from typing import Union, List, Tuple, Optional + +def _mult_gf2(f1: int, f2: int) -> int : ... +def _div_gf2(a: int, b: int) -> int : ... + +class _Element(object): + irr_poly: int + def __init__(self, encoded_value: Union[int, bytes]) -> None: ... + def __eq__(self, other) -> bool: ... + def __int__(self) -> int: ... + def encode(self) -> bytes: ... + def __mul__(self, factor: int) -> _Element: ... + def __add__(self, term: _Element) -> _Element: ... + def inverse(self) -> _Element: ... + def __pow__(self, exponent) -> _Element: ... + +class Shamir(object): + @staticmethod + def split(k: int, n: int, secret: bytes, ssss: Optional[bool]) -> List[Tuple[int, bytes]]: ... + @staticmethod + def combine(shares: List[Tuple[int, bytes]], ssss: Optional[bool]) -> bytes: ... + diff --git a/frozen_deps/Cryptodome/Protocol/__init__.py b/frozen_deps/Cryptodome/Protocol/__init__.py new file mode 100644 index 0000000..efdf034 --- /dev/null +++ b/frozen_deps/Cryptodome/Protocol/__init__.py @@ -0,0 +1,31 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +__all__ = ['KDF', 'SecretSharing'] diff --git a/frozen_deps/Cryptodome/Protocol/__init__.pyi b/frozen_deps/Cryptodome/Protocol/__init__.pyi new file mode 100644 index 0000000..377ed90 --- /dev/null +++ b/frozen_deps/Cryptodome/Protocol/__init__.pyi @@ -0,0 +1 @@ +__all__ = ['KDF.pyi', 'SecretSharing.pyi'] diff --git a/frozen_deps/Cryptodome/Protocol/_scrypt.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Protocol/_scrypt.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..dbc8ca2 --- /dev/null +++ b/frozen_deps/Cryptodome/Protocol/_scrypt.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/PublicKey/DSA.py b/frozen_deps/Cryptodome/PublicKey/DSA.py new file mode 100644 index 0000000..2aaf864 --- /dev/null +++ b/frozen_deps/Cryptodome/PublicKey/DSA.py @@ -0,0 +1,679 @@ +# -*- coding: utf-8 -*- +# +# PublicKey/DSA.py : DSA signature primitive +# +# Written in 2008 by Dwayne C. Litzenberger <[email protected]> +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +__all__ = ['generate', 'construct', 'DsaKey', 'import_key' ] + +import binascii +import struct +import itertools + +from Cryptodome.Util.py3compat import bchr, bord, tobytes, tostr, iter_range + +from Cryptodome import Random +from Cryptodome.IO import PKCS8, PEM +from Cryptodome.Hash import SHA256 +from Cryptodome.Util.asn1 import ( + DerObject, DerSequence, + DerInteger, DerObjectId, + DerBitString, + ) + +from Cryptodome.Math.Numbers import Integer +from Cryptodome.Math.Primality import (test_probable_prime, COMPOSITE, + PROBABLY_PRIME) + +from Cryptodome.PublicKey import (_expand_subject_public_key_info, + _create_subject_public_key_info, + _extract_subject_public_key_info) + +# ; The following ASN.1 types are relevant for DSA +# +# SubjectPublicKeyInfo ::= SEQUENCE { +# algorithm AlgorithmIdentifier, +# subjectPublicKey BIT STRING +# } +# +# id-dsa ID ::= { iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 1 } +# +# ; See RFC3279 +# Dss-Parms ::= SEQUENCE { +# p INTEGER, +# q INTEGER, +# g INTEGER +# } +# +# DSAPublicKey ::= INTEGER +# +# DSSPrivatKey_OpenSSL ::= SEQUENCE +# version INTEGER, +# p INTEGER, +# q INTEGER, +# g INTEGER, +# y INTEGER, +# x INTEGER +# } +# + +class DsaKey(object): + r"""Class defining an actual DSA key. + Do not instantiate directly. + Use :func:`generate`, :func:`construct` or :func:`import_key` instead. + + :ivar p: DSA modulus + :vartype p: integer + + :ivar q: Order of the subgroup + :vartype q: integer + + :ivar g: Generator + :vartype g: integer + + :ivar y: Public key + :vartype y: integer + + :ivar x: Private key + :vartype x: integer + """ + + _keydata = ['y', 'g', 'p', 'q', 'x'] + + def __init__(self, key_dict): + input_set = set(key_dict.keys()) + public_set = set(('y' , 'g', 'p', 'q')) + if not public_set.issubset(input_set): + raise ValueError("Some DSA components are missing = %s" % + str(public_set - input_set)) + extra_set = input_set - public_set + if extra_set and extra_set != set(('x',)): + raise ValueError("Unknown DSA components = %s" % + str(extra_set - set(('x',)))) + self._key = dict(key_dict) + + def _sign(self, m, k): + if not self.has_private(): + raise TypeError("DSA public key cannot be used for signing") + if not (1 < k < self.q): + raise ValueError("k is not between 2 and q-1") + + x, q, p, g = [self._key[comp] for comp in ['x', 'q', 'p', 'g']] + + blind_factor = Integer.random_range(min_inclusive=1, + max_exclusive=q) + inv_blind_k = (blind_factor * k).inverse(q) + blind_x = x * blind_factor + + r = pow(g, k, p) % q # r = (g**k mod p) mod q + s = (inv_blind_k * (blind_factor * m + blind_x * r)) % q + return map(int, (r, s)) + + def _verify(self, m, sig): + r, s = sig + y, q, p, g = [self._key[comp] for comp in ['y', 'q', 'p', 'g']] + if not (0 < r < q) or not (0 < s < q): + return False + w = Integer(s).inverse(q) + u1 = (w * m) % q + u2 = (w * r) % q + v = (pow(g, u1, p) * pow(y, u2, p) % p) % q + return v == r + + def has_private(self): + """Whether this is a DSA private key""" + + return 'x' in self._key + + def can_encrypt(self): # legacy + return False + + def can_sign(self): # legacy + return True + + def publickey(self): + """A matching DSA public key. + + Returns: + a new :class:`DsaKey` object + """ + + public_components = dict((k, self._key[k]) for k in ('y', 'g', 'p', 'q')) + return DsaKey(public_components) + + def __eq__(self, other): + if bool(self.has_private()) != bool(other.has_private()): + return False + + result = True + for comp in self._keydata: + result = result and (getattr(self._key, comp, None) == + getattr(other._key, comp, None)) + return result + + def __ne__(self, other): + return not self.__eq__(other) + + def __getstate__(self): + # DSA key is not pickable + from pickle import PicklingError + raise PicklingError + + def domain(self): + """The DSA domain parameters. + + Returns + tuple : (p,q,g) + """ + + return [int(self._key[comp]) for comp in ('p', 'q', 'g')] + + def __repr__(self): + attrs = [] + for k in self._keydata: + if k == 'p': + bits = Integer(self.p).size_in_bits() + attrs.append("p(%d)" % (bits,)) + elif hasattr(self, k): + attrs.append(k) + if self.has_private(): + attrs.append("private") + # PY3K: This is meant to be text, do not change to bytes (data) + return "<%s @0x%x %s>" % (self.__class__.__name__, id(self), ",".join(attrs)) + + def __getattr__(self, item): + try: + return int(self._key[item]) + except KeyError: + raise AttributeError(item) + + def export_key(self, format='PEM', pkcs8=None, passphrase=None, + protection=None, randfunc=None): + """Export this DSA key. + + Args: + format (string): + The encoding for the output: + + - *'PEM'* (default). ASCII as per `RFC1421`_/ `RFC1423`_. + - *'DER'*. Binary ASN.1 encoding. + - *'OpenSSH'*. ASCII one-liner as per `RFC4253`_. + Only suitable for public keys, not for private keys. + + passphrase (string): + *Private keys only*. The pass phrase to protect the output. + + pkcs8 (boolean): + *Private keys only*. If ``True`` (default), the key is encoded + with `PKCS#8`_. If ``False``, it is encoded in the custom + OpenSSL/OpenSSH container. + + protection (string): + *Only in combination with a pass phrase*. + The encryption scheme to use to protect the output. + + If :data:`pkcs8` takes value ``True``, this is the PKCS#8 + algorithm to use for deriving the secret and encrypting + the private DSA key. + For a complete list of algorithms, see :mod:`Cryptodome.IO.PKCS8`. + The default is *PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC*. + + If :data:`pkcs8` is ``False``, the obsolete PEM encryption scheme is + used. It is based on MD5 for key derivation, and Triple DES for + encryption. Parameter :data:`protection` is then ignored. + + The combination ``format='DER'`` and ``pkcs8=False`` is not allowed + if a passphrase is present. + + randfunc (callable): + A function that returns random bytes. + By default it is :func:`Cryptodome.Random.get_random_bytes`. + + Returns: + byte string : the encoded key + + Raises: + ValueError : when the format is unknown or when you try to encrypt a private + key with *DER* format and OpenSSL/OpenSSH. + + .. warning:: + If you don't provide a pass phrase, the private key will be + exported in the clear! + + .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt + .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt + .. _RFC4253: http://www.ietf.org/rfc/rfc4253.txt + .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt + """ + + if passphrase is not None: + passphrase = tobytes(passphrase) + + if randfunc is None: + randfunc = Random.get_random_bytes + + if format == 'OpenSSH': + tup1 = [self._key[x].to_bytes() for x in ('p', 'q', 'g', 'y')] + + def func(x): + if (bord(x[0]) & 0x80): + return bchr(0) + x + else: + return x + + tup2 = [func(x) for x in tup1] + keyparts = [b'ssh-dss'] + tup2 + keystring = b''.join( + [struct.pack(">I", len(kp)) + kp for kp in keyparts] + ) + return b'ssh-dss ' + binascii.b2a_base64(keystring)[:-1] + + # DER format is always used, even in case of PEM, which simply + # encodes it into BASE64. + params = DerSequence([self.p, self.q, self.g]) + if self.has_private(): + if pkcs8 is None: + pkcs8 = True + if pkcs8: + if not protection: + protection = 'PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC' + private_key = DerInteger(self.x).encode() + binary_key = PKCS8.wrap( + private_key, oid, passphrase, + protection, key_params=params, + randfunc=randfunc + ) + if passphrase: + key_type = 'ENCRYPTED PRIVATE' + else: + key_type = 'PRIVATE' + passphrase = None + else: + if format != 'PEM' and passphrase: + raise ValueError("DSA private key cannot be encrypted") + ints = [0, self.p, self.q, self.g, self.y, self.x] + binary_key = DerSequence(ints).encode() + key_type = "DSA PRIVATE" + else: + if pkcs8: + raise ValueError("PKCS#8 is only meaningful for private keys") + + binary_key = _create_subject_public_key_info(oid, + DerInteger(self.y), params) + key_type = "PUBLIC" + + if format == 'DER': + return binary_key + if format == 'PEM': + pem_str = PEM.encode( + binary_key, key_type + " KEY", + passphrase, randfunc + ) + return tobytes(pem_str) + raise ValueError("Unknown key format '%s'. Cannot export the DSA key." % format) + + # Backward-compatibility + exportKey = export_key + + # Methods defined in PyCryptodome that we don't support anymore + + def sign(self, M, K): + raise NotImplementedError("Use module Cryptodome.Signature.DSS instead") + + def verify(self, M, signature): + raise NotImplementedError("Use module Cryptodome.Signature.DSS instead") + + def encrypt(self, plaintext, K): + raise NotImplementedError + + def decrypt(self, ciphertext): + raise NotImplementedError + + def blind(self, M, B): + raise NotImplementedError + + def unblind(self, M, B): + raise NotImplementedError + + def size(self): + raise NotImplementedError + + +def _generate_domain(L, randfunc): + """Generate a new set of DSA domain parameters""" + + N = { 1024:160, 2048:224, 3072:256 }.get(L) + if N is None: + raise ValueError("Invalid modulus length (%d)" % L) + + outlen = SHA256.digest_size * 8 + n = (L + outlen - 1) // outlen - 1 # ceil(L/outlen) -1 + b_ = L - 1 - (n * outlen) + + # Generate q (A.1.1.2) + q = Integer(4) + upper_bit = 1 << (N - 1) + while test_probable_prime(q, randfunc) != PROBABLY_PRIME: + seed = randfunc(64) + U = Integer.from_bytes(SHA256.new(seed).digest()) & (upper_bit - 1) + q = U | upper_bit | 1 + + assert(q.size_in_bits() == N) + + # Generate p (A.1.1.2) + offset = 1 + upper_bit = 1 << (L - 1) + while True: + V = [ SHA256.new(seed + Integer(offset + j).to_bytes()).digest() + for j in iter_range(n + 1) ] + V = [ Integer.from_bytes(v) for v in V ] + W = sum([V[i] * (1 << (i * outlen)) for i in iter_range(n)], + (V[n] & ((1 << b_) - 1)) * (1 << (n * outlen))) + + X = Integer(W + upper_bit) # 2^{L-1} < X < 2^{L} + assert(X.size_in_bits() == L) + + c = X % (q * 2) + p = X - (c - 1) # 2q divides (p-1) + if p.size_in_bits() == L and \ + test_probable_prime(p, randfunc) == PROBABLY_PRIME: + break + offset += n + 1 + + # Generate g (A.2.3, index=1) + e = (p - 1) // q + for count in itertools.count(1): + U = seed + b"ggen" + bchr(1) + Integer(count).to_bytes() + W = Integer.from_bytes(SHA256.new(U).digest()) + g = pow(W, e, p) + if g != 1: + break + + return (p, q, g, seed) + + +def generate(bits, randfunc=None, domain=None): + """Generate a new DSA key pair. + + The algorithm follows Appendix A.1/A.2 and B.1 of `FIPS 186-4`_, + respectively for domain generation and key pair generation. + + Args: + bits (integer): + Key length, or size (in bits) of the DSA modulus *p*. + It must be 1024, 2048 or 3072. + + randfunc (callable): + Random number generation function; it accepts a single integer N + and return a string of random data N bytes long. + If not specified, :func:`Cryptodome.Random.get_random_bytes` is used. + + domain (tuple): + The DSA domain parameters *p*, *q* and *g* as a list of 3 + integers. Size of *p* and *q* must comply to `FIPS 186-4`_. + If not specified, the parameters are created anew. + + Returns: + :class:`DsaKey` : a new DSA key object + + Raises: + ValueError : when **bits** is too little, too big, or not a multiple of 64. + + .. _FIPS 186-4: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + """ + + if randfunc is None: + randfunc = Random.get_random_bytes + + if domain: + p, q, g = map(Integer, domain) + + ## Perform consistency check on domain parameters + # P and Q must be prime + fmt_error = test_probable_prime(p) == COMPOSITE + fmt_error = test_probable_prime(q) == COMPOSITE + # Verify Lagrange's theorem for sub-group + fmt_error |= ((p - 1) % q) != 0 + fmt_error |= g <= 1 or g >= p + fmt_error |= pow(g, q, p) != 1 + if fmt_error: + raise ValueError("Invalid DSA domain parameters") + else: + p, q, g, _ = _generate_domain(bits, randfunc) + + L = p.size_in_bits() + N = q.size_in_bits() + + if L != bits: + raise ValueError("Mismatch between size of modulus (%d)" + " and 'bits' parameter (%d)" % (L, bits)) + + if (L, N) not in [(1024, 160), (2048, 224), + (2048, 256), (3072, 256)]: + raise ValueError("Lengths of p and q (%d, %d) are not compatible" + "to FIPS 186-3" % (L, N)) + + if not 1 < g < p: + raise ValueError("Incorrent DSA generator") + + # B.1.1 + c = Integer.random(exact_bits=N + 64, randfunc=randfunc) + x = c % (q - 1) + 1 # 1 <= x <= q-1 + y = pow(g, x, p) + + key_dict = { 'y':y, 'g':g, 'p':p, 'q':q, 'x':x } + return DsaKey(key_dict) + + +def construct(tup, consistency_check=True): + """Construct a DSA key from a tuple of valid DSA components. + + Args: + tup (tuple): + A tuple of long integers, with 4 or 5 items + in the following order: + + 1. Public key (*y*). + 2. Sub-group generator (*g*). + 3. Modulus, finite field order (*p*). + 4. Sub-group order (*q*). + 5. Private key (*x*). Optional. + + consistency_check (boolean): + If ``True``, the library will verify that the provided components + fulfil the main DSA properties. + + Raises: + ValueError: when the key being imported fails the most basic DSA validity checks. + + Returns: + :class:`DsaKey` : a DSA key object + """ + + key_dict = dict(zip(('y', 'g', 'p', 'q', 'x'), map(Integer, tup))) + key = DsaKey(key_dict) + + fmt_error = False + if consistency_check: + # P and Q must be prime + fmt_error = test_probable_prime(key.p) == COMPOSITE + fmt_error = test_probable_prime(key.q) == COMPOSITE + # Verify Lagrange's theorem for sub-group + fmt_error |= ((key.p - 1) % key.q) != 0 + fmt_error |= key.g <= 1 or key.g >= key.p + fmt_error |= pow(key.g, key.q, key.p) != 1 + # Public key + fmt_error |= key.y <= 0 or key.y >= key.p + if hasattr(key, 'x'): + fmt_error |= key.x <= 0 or key.x >= key.q + fmt_error |= pow(key.g, key.x, key.p) != key.y + + if fmt_error: + raise ValueError("Invalid DSA key components") + + return key + + +# Dss-Parms ::= SEQUENCE { +# p OCTET STRING, +# q OCTET STRING, +# g OCTET STRING +# } +# DSAPublicKey ::= INTEGER -- public key, y + +def _import_openssl_private(encoded, passphrase, params): + if params: + raise ValueError("DSA private key already comes with parameters") + der = DerSequence().decode(encoded, nr_elements=6, only_ints_expected=True) + if der[0] != 0: + raise ValueError("No version found") + tup = [der[comp] for comp in (4, 3, 1, 2, 5)] + return construct(tup) + + +def _import_subjectPublicKeyInfo(encoded, passphrase, params): + + algoid, encoded_key, emb_params = _expand_subject_public_key_info(encoded) + if algoid != oid: + raise ValueError("No DSA subjectPublicKeyInfo") + if params and emb_params: + raise ValueError("Too many DSA parameters") + + y = DerInteger().decode(encoded_key).value + p, q, g = list(DerSequence().decode(params or emb_params)) + tup = (y, g, p, q) + return construct(tup) + + +def _import_x509_cert(encoded, passphrase, params): + + sp_info = _extract_subject_public_key_info(encoded) + return _import_subjectPublicKeyInfo(sp_info, None, params) + + +def _import_pkcs8(encoded, passphrase, params): + if params: + raise ValueError("PKCS#8 already includes parameters") + k = PKCS8.unwrap(encoded, passphrase) + if k[0] != oid: + raise ValueError("No PKCS#8 encoded DSA key") + x = DerInteger().decode(k[1]).value + p, q, g = list(DerSequence().decode(k[2])) + tup = (pow(g, x, p), g, p, q, x) + return construct(tup) + + +def _import_key_der(key_data, passphrase, params): + """Import a DSA key (public or private half), encoded in DER form.""" + + decodings = (_import_openssl_private, + _import_subjectPublicKeyInfo, + _import_x509_cert, + _import_pkcs8) + + for decoding in decodings: + try: + return decoding(key_data, passphrase, params) + except ValueError: + pass + + raise ValueError("DSA key format is not supported") + + +def import_key(extern_key, passphrase=None): + """Import a DSA key. + + Args: + extern_key (string or byte string): + The DSA key to import. + + The following formats are supported for a DSA **public** key: + + - X.509 certificate (binary DER or PEM) + - X.509 ``subjectPublicKeyInfo`` (binary DER or PEM) + - OpenSSH (ASCII one-liner, see `RFC4253`_) + + The following formats are supported for a DSA **private** key: + + - `PKCS#8`_ ``PrivateKeyInfo`` or ``EncryptedPrivateKeyInfo`` + DER SEQUENCE (binary or PEM) + - OpenSSL/OpenSSH custom format (binary or PEM) + + For details about the PEM encoding, see `RFC1421`_/`RFC1423`_. + + passphrase (string): + In case of an encrypted private key, this is the pass phrase + from which the decryption key is derived. + + Encryption may be applied either at the `PKCS#8`_ or at the PEM level. + + Returns: + :class:`DsaKey` : a DSA key object + + Raises: + ValueError : when the given key cannot be parsed (possibly because + the pass phrase is wrong). + + .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt + .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt + .. _RFC4253: http://www.ietf.org/rfc/rfc4253.txt + .. _PKCS#8: http://www.ietf.org/rfc/rfc5208.txt + """ + + extern_key = tobytes(extern_key) + if passphrase is not None: + passphrase = tobytes(passphrase) + + if extern_key.startswith(b'-----'): + # This is probably a PEM encoded key + (der, marker, enc_flag) = PEM.decode(tostr(extern_key), passphrase) + if enc_flag: + passphrase = None + return _import_key_der(der, passphrase, None) + + if extern_key.startswith(b'ssh-dss '): + # This is probably a public OpenSSH key + keystring = binascii.a2b_base64(extern_key.split(b' ')[1]) + keyparts = [] + while len(keystring) > 4: + length = struct.unpack(">I", keystring[:4])[0] + keyparts.append(keystring[4:4 + length]) + keystring = keystring[4 + length:] + if keyparts[0] == b"ssh-dss": + tup = [Integer.from_bytes(keyparts[x]) for x in (4, 3, 1, 2)] + return construct(tup) + + if len(extern_key) > 0 and bord(extern_key[0]) == 0x30: + # This is probably a DER encoded key + return _import_key_der(extern_key, passphrase, None) + + raise ValueError("DSA key format is not supported") + + +# Backward compatibility +importKey = import_key + +#: `Object ID`_ for a DSA key. +#: +#: id-dsa ID ::= { iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 1 } +#: +#: .. _`Object ID`: http://www.alvestrand.no/objectid/1.2.840.10040.4.1.html +oid = "1.2.840.10040.4.1" diff --git a/frozen_deps/Cryptodome/PublicKey/DSA.pyi b/frozen_deps/Cryptodome/PublicKey/DSA.pyi new file mode 100644 index 0000000..9977a0f --- /dev/null +++ b/frozen_deps/Cryptodome/PublicKey/DSA.pyi @@ -0,0 +1,30 @@ +from typing import Dict, Tuple, Callable, Union, Optional + +__all__ = ['generate', 'construct', 'DsaKey', 'import_key' ] + +RNG = Callable[[int], bytes] + +class DsaKey(object): + def __init__(self, key_dict: Dict[str, int]) -> None: ... + def has_private(self) -> bool: ... + def can_encrypt(self) -> bool: ... # legacy + def can_sign(self) -> bool: ... # legacy + def publickey(self) -> DsaKey: ... + def __eq__(self, other: object) -> bool: ... + def __ne__(self, other: object) -> bool: ... + def __getstate__(self) -> None: ... + def domain(self) -> Tuple[int, int, int]: ... + def __repr__(self) -> str: ... + def __getattr__(self, item: str) -> int: ... + def export_key(self, format: Optional[str]="PEM", pkcs8: Optional[bool]=None, passphrase: Optional[str]=None, + protection: Optional[str]=None, randfunc: Optional[RNG]=None) -> bytes: ... + # Backward-compatibility + exportKey = export_key + +def generate(bits: int, randfunc: Optional[RNG]=None, domain: Optional[Tuple[int, int, int]]=None) -> DsaKey: ... +def construct(tup: Union[Tuple[int, int, int, int], Tuple[int, int, int, int, int]], consistency_check: Optional[bool]=True) -> DsaKey: ... +def import_key(extern_key: Union[str, bytes], passphrase: Optional[str]=None) -> DsaKey: ... +# Backward compatibility +importKey = import_key + +oid: str diff --git a/frozen_deps/Cryptodome/PublicKey/ECC.py b/frozen_deps/Cryptodome/PublicKey/ECC.py new file mode 100644 index 0000000..e83664b --- /dev/null +++ b/frozen_deps/Cryptodome/PublicKey/ECC.py @@ -0,0 +1,1184 @@ +# =================================================================== +# +# Copyright (c) 2015, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from __future__ import print_function + +import re +import sys +import struct +import binascii +from collections import namedtuple + +from Cryptodome.Util.py3compat import bord, tobytes, tostr, bchr, is_string +from Cryptodome.Util.number import bytes_to_long, long_to_bytes + +from Cryptodome.Math.Numbers import Integer +from Cryptodome.Util.asn1 import (DerObjectId, DerOctetString, DerSequence, + DerBitString) + +from Cryptodome.PublicKey import (_expand_subject_public_key_info, + _create_subject_public_key_info, + _extract_subject_public_key_info) + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer, + SmartPointer, c_size_t, c_uint8_ptr, + c_ulonglong) + +from Cryptodome.Random import get_random_bytes +from Cryptodome.Random.random import getrandbits + + +_ec_lib = load_pycryptodome_raw_lib("Cryptodome.PublicKey._ec_ws", """ +typedef void EcContext; +typedef void EcPoint; +int ec_ws_new_context(EcContext **pec_ctx, + const uint8_t *modulus, + const uint8_t *b, + const uint8_t *order, + size_t len, + uint64_t seed); +void ec_free_context(EcContext *ec_ctx); +int ec_ws_new_point(EcPoint **pecp, + const uint8_t *x, + const uint8_t *y, + size_t len, + const EcContext *ec_ctx); +void ec_free_point(EcPoint *ecp); +int ec_ws_get_xy(uint8_t *x, + uint8_t *y, + size_t len, + const EcPoint *ecp); +int ec_ws_double(EcPoint *p); +int ec_ws_add(EcPoint *ecpa, EcPoint *ecpb); +int ec_ws_scalar(EcPoint *ecp, + const uint8_t *k, + size_t len, + uint64_t seed); +int ec_ws_clone(EcPoint **pecp2, const EcPoint *ecp); +int ec_ws_copy(EcPoint *ecp1, const EcPoint *ecp2); +int ec_ws_cmp(const EcPoint *ecp1, const EcPoint *ecp2); +int ec_ws_neg(EcPoint *p); +int ec_ws_normalize(EcPoint *ecp); +int ec_ws_is_pai(EcPoint *ecp); +""") + +_Curve = namedtuple("_Curve", "p b order Gx Gy G modulus_bits oid context desc openssh") +_curves = {} + + +p256_names = ["p256", "NIST P-256", "P-256", "prime256v1", "secp256r1", + "nistp256"] + + +def init_p256(): + p = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff + b = 0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b + order = 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551 + Gx = 0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296 + Gy = 0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5 + + p256_modulus = long_to_bytes(p, 32) + p256_b = long_to_bytes(b, 32) + p256_order = long_to_bytes(order, 32) + + ec_p256_context = VoidPointer() + result = _ec_lib.ec_ws_new_context(ec_p256_context.address_of(), + c_uint8_ptr(p256_modulus), + c_uint8_ptr(p256_b), + c_uint8_ptr(p256_order), + c_size_t(len(p256_modulus)), + c_ulonglong(getrandbits(64)) + ) + if result: + raise ImportError("Error %d initializing P-256 context" % result) + + context = SmartPointer(ec_p256_context.get(), _ec_lib.ec_free_context) + p256 = _Curve(Integer(p), + Integer(b), + Integer(order), + Integer(Gx), + Integer(Gy), + None, + 256, + "1.2.840.10045.3.1.7", # ANSI X9.62 + context, + "NIST P-256", + "ecdsa-sha2-nistp256") + global p256_names + _curves.update(dict.fromkeys(p256_names, p256)) + + +init_p256() +del init_p256 + + +p384_names = ["p384", "NIST P-384", "P-384", "prime384v1", "secp384r1", + "nistp384"] + + +def init_p384(): + p = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff + b = 0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef + order = 0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973 + Gx = 0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760aB7 + Gy = 0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5F + + p384_modulus = long_to_bytes(p, 48) + p384_b = long_to_bytes(b, 48) + p384_order = long_to_bytes(order, 48) + + ec_p384_context = VoidPointer() + result = _ec_lib.ec_ws_new_context(ec_p384_context.address_of(), + c_uint8_ptr(p384_modulus), + c_uint8_ptr(p384_b), + c_uint8_ptr(p384_order), + c_size_t(len(p384_modulus)), + c_ulonglong(getrandbits(64)) + ) + if result: + raise ImportError("Error %d initializing P-384 context" % result) + + context = SmartPointer(ec_p384_context.get(), _ec_lib.ec_free_context) + p384 = _Curve(Integer(p), + Integer(b), + Integer(order), + Integer(Gx), + Integer(Gy), + None, + 384, + "1.3.132.0.34", # SEC 2 + context, + "NIST P-384", + "ecdsa-sha2-nistp384") + global p384_names + _curves.update(dict.fromkeys(p384_names, p384)) + + +init_p384() +del init_p384 + + +p521_names = ["p521", "NIST P-521", "P-521", "prime521v1", "secp521r1", + "nistp521"] + + +def init_p521(): + p = 0x000001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + b = 0x00000051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00 + order = 0x000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409 + Gx = 0x000000c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66 + Gy = 0x0000011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650 + + p521_modulus = long_to_bytes(p, 66) + p521_b = long_to_bytes(b, 66) + p521_order = long_to_bytes(order, 66) + + ec_p521_context = VoidPointer() + result = _ec_lib.ec_ws_new_context(ec_p521_context.address_of(), + c_uint8_ptr(p521_modulus), + c_uint8_ptr(p521_b), + c_uint8_ptr(p521_order), + c_size_t(len(p521_modulus)), + c_ulonglong(getrandbits(64)) + ) + if result: + raise ImportError("Error %d initializing P-521 context" % result) + + context = SmartPointer(ec_p521_context.get(), _ec_lib.ec_free_context) + p521 = _Curve(Integer(p), + Integer(b), + Integer(order), + Integer(Gx), + Integer(Gy), + None, + 521, + "1.3.132.0.35", # SEC 2 + context, + "NIST P-521", + "ecdsa-sha2-nistp521") + global p521_names + _curves.update(dict.fromkeys(p521_names, p521)) + + +init_p521() +del init_p521 + + +class UnsupportedEccFeature(ValueError): + pass + + +class EccPoint(object): + """A class to abstract a point over an Elliptic Curve. + + The class support special methods for: + + * Adding two points: ``R = S + T`` + * In-place addition: ``S += T`` + * Negating a point: ``R = -T`` + * Comparing two points: ``if S == T: ...`` + * Multiplying a point by a scalar: ``R = S*k`` + * In-place multiplication by a scalar: ``T *= k`` + + :ivar x: The affine X-coordinate of the ECC point + :vartype x: integer + + :ivar y: The affine Y-coordinate of the ECC point + :vartype y: integer + + :ivar xy: The tuple with X- and Y- coordinates + """ + + def __init__(self, x, y, curve="p256"): + + try: + self._curve = _curves[curve] + except KeyError: + raise ValueError("Unknown curve name %s" % str(curve)) + self._curve_name = curve + + modulus_bytes = self.size_in_bytes() + context = self._curve.context + + xb = long_to_bytes(x, modulus_bytes) + yb = long_to_bytes(y, modulus_bytes) + if len(xb) != modulus_bytes or len(yb) != modulus_bytes: + raise ValueError("Incorrect coordinate length") + + self._point = VoidPointer() + result = _ec_lib.ec_ws_new_point(self._point.address_of(), + c_uint8_ptr(xb), + c_uint8_ptr(yb), + c_size_t(modulus_bytes), + context.get()) + if result: + if result == 15: + raise ValueError("The EC point does not belong to the curve") + raise ValueError("Error %d while instantiating an EC point" % result) + + # Ensure that object disposal of this Python object will (eventually) + # free the memory allocated by the raw library for the EC point + self._point = SmartPointer(self._point.get(), + _ec_lib.ec_free_point) + + def set(self, point): + self._point = VoidPointer() + result = _ec_lib.ec_ws_clone(self._point.address_of(), + point._point.get()) + if result: + raise ValueError("Error %d while cloning an EC point" % result) + + self._point = SmartPointer(self._point.get(), + _ec_lib.ec_free_point) + return self + + def __eq__(self, point): + return 0 == _ec_lib.ec_ws_cmp(self._point.get(), point._point.get()) + + def __neg__(self): + np = self.copy() + result = _ec_lib.ec_ws_neg(np._point.get()) + if result: + raise ValueError("Error %d while inverting an EC point" % result) + return np + + def copy(self): + """Return a copy of this point.""" + x, y = self.xy + np = EccPoint(x, y, self._curve_name) + return np + + def is_point_at_infinity(self): + """``True`` if this is the point-at-infinity.""" + return self.xy == (0, 0) + + def point_at_infinity(self): + """Return the point-at-infinity for the curve this point is on.""" + return EccPoint(0, 0, self._curve_name) + + @property + def x(self): + return self.xy[0] + + @property + def y(self): + return self.xy[1] + + @property + def xy(self): + modulus_bytes = self.size_in_bytes() + xb = bytearray(modulus_bytes) + yb = bytearray(modulus_bytes) + result = _ec_lib.ec_ws_get_xy(c_uint8_ptr(xb), + c_uint8_ptr(yb), + c_size_t(modulus_bytes), + self._point.get()) + if result: + raise ValueError("Error %d while encoding an EC point" % result) + + return (Integer(bytes_to_long(xb)), Integer(bytes_to_long(yb))) + + def size_in_bytes(self): + """Size of each coordinate, in bytes.""" + return (self.size_in_bits() + 7) // 8 + + def size_in_bits(self): + """Size of each coordinate, in bits.""" + return self._curve.modulus_bits + + def double(self): + """Double this point (in-place operation). + + :Return: + :class:`EccPoint` : this same object (to enable chaining) + """ + + result = _ec_lib.ec_ws_double(self._point.get()) + if result: + raise ValueError("Error %d while doubling an EC point" % result) + return self + + def __iadd__(self, point): + """Add a second point to this one""" + + result = _ec_lib.ec_ws_add(self._point.get(), point._point.get()) + if result: + if result == 16: + raise ValueError("EC points are not on the same curve") + raise ValueError("Error %d while adding two EC points" % result) + return self + + def __add__(self, point): + """Return a new point, the addition of this one and another""" + + np = self.copy() + np += point + return np + + def __imul__(self, scalar): + """Multiply this point by a scalar""" + + if scalar < 0: + raise ValueError("Scalar multiplication is only defined for non-negative integers") + sb = long_to_bytes(scalar) + result = _ec_lib.ec_ws_scalar(self._point.get(), + c_uint8_ptr(sb), + c_size_t(len(sb)), + c_ulonglong(getrandbits(64))) + if result: + raise ValueError("Error %d during scalar multiplication" % result) + return self + + def __mul__(self, scalar): + """Return a new point, the scalar product of this one""" + + np = self.copy() + np *= scalar + return np + + def __rmul__(self, left_hand): + return self.__mul__(left_hand) + + +# Last piece of initialization +p256_G = EccPoint(_curves['p256'].Gx, _curves['p256'].Gy, "p256") +p256 = _curves['p256']._replace(G=p256_G) +_curves.update(dict.fromkeys(p256_names, p256)) +del p256_G, p256, p256_names + +p384_G = EccPoint(_curves['p384'].Gx, _curves['p384'].Gy, "p384") +p384 = _curves['p384']._replace(G=p384_G) +_curves.update(dict.fromkeys(p384_names, p384)) +del p384_G, p384, p384_names + +p521_G = EccPoint(_curves['p521'].Gx, _curves['p521'].Gy, "p521") +p521 = _curves['p521']._replace(G=p521_G) +_curves.update(dict.fromkeys(p521_names, p521)) +del p521_G, p521, p521_names + + +class EccKey(object): + r"""Class defining an ECC key. + Do not instantiate directly. + Use :func:`generate`, :func:`construct` or :func:`import_key` instead. + + :ivar curve: The name of the ECC as defined in :numref:`curve_names`. + :vartype curve: string + + :ivar pointQ: an ECC point representating the public component + :vartype pointQ: :class:`EccPoint` + + :ivar d: A scalar representating the private component + :vartype d: integer + """ + + def __init__(self, **kwargs): + """Create a new ECC key + + Keywords: + curve : string + It must be *"p256"*, *"P-256"*, *"prime256v1"* or *"secp256r1"*. + d : integer + Only for a private key. It must be in the range ``[1..order-1]``. + point : EccPoint + Mandatory for a public key. If provided for a private key, + the implementation will NOT check whether it matches ``d``. + """ + + kwargs_ = dict(kwargs) + curve_name = kwargs_.pop("curve", None) + self._d = kwargs_.pop("d", None) + self._point = kwargs_.pop("point", None) + if kwargs_: + raise TypeError("Unknown parameters: " + str(kwargs_)) + + if curve_name not in _curves: + raise ValueError("Unsupported curve (%s)", curve_name) + self._curve = _curves[curve_name] + + if self._d is None: + if self._point is None: + raise ValueError("Either private or public ECC component must be specified, not both") + else: + self._d = Integer(self._d) + if not 1 <= self._d < self._curve.order: + raise ValueError("Invalid ECC private component") + + self.curve = self._curve.desc + + def __eq__(self, other): + if other.has_private() != self.has_private(): + return False + + return other.pointQ == self.pointQ + + def __repr__(self): + if self.has_private(): + extra = ", d=%d" % int(self._d) + else: + extra = "" + x, y = self.pointQ.xy + return "EccKey(curve='%s', point_x=%d, point_y=%d%s)" % (self._curve.desc, x, y, extra) + + def has_private(self): + """``True`` if this key can be used for making signatures or decrypting data.""" + + return self._d is not None + + def _sign(self, z, k): + assert 0 < k < self._curve.order + + order = self._curve.order + blind = Integer.random_range(min_inclusive=1, + max_exclusive=order) + + blind_d = self._d * blind + inv_blind_k = (blind * k).inverse(order) + + r = (self._curve.G * k).x % order + s = inv_blind_k * (blind * z + blind_d * r) % order + return (r, s) + + def _verify(self, z, rs): + order = self._curve.order + sinv = rs[1].inverse(order) + point1 = self._curve.G * ((sinv * z) % order) + point2 = self.pointQ * ((sinv * rs[0]) % order) + return (point1 + point2).x == rs[0] + + @property + def d(self): + if not self.has_private(): + raise ValueError("This is not a private ECC key") + return self._d + + @property + def pointQ(self): + if self._point is None: + self._point = self._curve.G * self._d + return self._point + + def public_key(self): + """A matching ECC public key. + + Returns: + a new :class:`EccKey` object + """ + + return EccKey(curve=self._curve.desc, point=self.pointQ) + + def _export_subjectPublicKeyInfo(self, compress): + + # See 2.2 in RFC5480 and 2.3.3 in SEC1 + # The first byte is: + # - 0x02: compressed, only X-coordinate, Y-coordinate is even + # - 0x03: compressed, only X-coordinate, Y-coordinate is odd + # - 0x04: uncompressed, X-coordinate is followed by Y-coordinate + # + # PAI is in theory encoded as 0x00. + + modulus_bytes = self.pointQ.size_in_bytes() + + if compress: + first_byte = 2 + self.pointQ.y.is_odd() + public_key = (bchr(first_byte) + + self.pointQ.x.to_bytes(modulus_bytes)) + else: + public_key = (b'\x04' + + self.pointQ.x.to_bytes(modulus_bytes) + + self.pointQ.y.to_bytes(modulus_bytes)) + + unrestricted_oid = "1.2.840.10045.2.1" + return _create_subject_public_key_info(unrestricted_oid, + public_key, + DerObjectId(self._curve.oid)) + + def _export_private_der(self, include_ec_params=True): + + assert self.has_private() + + # ECPrivateKey ::= SEQUENCE { + # version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), + # privateKey OCTET STRING, + # parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, + # publicKey [1] BIT STRING OPTIONAL + # } + + # Public key - uncompressed form + modulus_bytes = self.pointQ.size_in_bytes() + public_key = (b'\x04' + + self.pointQ.x.to_bytes(modulus_bytes) + + self.pointQ.y.to_bytes(modulus_bytes)) + + seq = [1, + DerOctetString(self.d.to_bytes(modulus_bytes)), + DerObjectId(self._curve.oid, explicit=0), + DerBitString(public_key, explicit=1)] + + if not include_ec_params: + del seq[2] + + return DerSequence(seq).encode() + + def _export_pkcs8(self, **kwargs): + from Cryptodome.IO import PKCS8 + + if kwargs.get('passphrase', None) is not None and 'protection' not in kwargs: + raise ValueError("At least the 'protection' parameter should be present") + + unrestricted_oid = "1.2.840.10045.2.1" + private_key = self._export_private_der(include_ec_params=False) + result = PKCS8.wrap(private_key, + unrestricted_oid, + key_params=DerObjectId(self._curve.oid), + **kwargs) + return result + + def _export_public_pem(self, compress): + from Cryptodome.IO import PEM + + encoded_der = self._export_subjectPublicKeyInfo(compress) + return PEM.encode(encoded_der, "PUBLIC KEY") + + def _export_private_pem(self, passphrase, **kwargs): + from Cryptodome.IO import PEM + + encoded_der = self._export_private_der() + return PEM.encode(encoded_der, "EC PRIVATE KEY", passphrase, **kwargs) + + def _export_private_clear_pkcs8_in_clear_pem(self): + from Cryptodome.IO import PEM + + encoded_der = self._export_pkcs8() + return PEM.encode(encoded_der, "PRIVATE KEY") + + def _export_private_encrypted_pkcs8_in_clear_pem(self, passphrase, **kwargs): + from Cryptodome.IO import PEM + + assert passphrase + if 'protection' not in kwargs: + raise ValueError("At least the 'protection' parameter should be present") + encoded_der = self._export_pkcs8(passphrase=passphrase, **kwargs) + return PEM.encode(encoded_der, "ENCRYPTED PRIVATE KEY") + + def _export_openssh(self, compress): + if self.has_private(): + raise ValueError("Cannot export OpenSSH private keys") + + desc = self._curve.openssh + modulus_bytes = self.pointQ.size_in_bytes() + + if compress: + first_byte = 2 + self.pointQ.y.is_odd() + public_key = (bchr(first_byte) + + self.pointQ.x.to_bytes(modulus_bytes)) + else: + public_key = (b'\x04' + + self.pointQ.x.to_bytes(modulus_bytes) + + self.pointQ.y.to_bytes(modulus_bytes)) + + middle = desc.split("-")[2] + comps = (tobytes(desc), tobytes(middle), public_key) + blob = b"".join([struct.pack(">I", len(x)) + x for x in comps]) + return desc + " " + tostr(binascii.b2a_base64(blob)) + + def export_key(self, **kwargs): + """Export this ECC key. + + Args: + format (string): + The format to use for encoding the key: + + - ``'DER'``. The key will be encoded in ASN.1 DER format (binary). + For a public key, the ASN.1 ``subjectPublicKeyInfo`` structure + defined in `RFC5480`_ will be used. + For a private key, the ASN.1 ``ECPrivateKey`` structure defined + in `RFC5915`_ is used instead (possibly within a PKCS#8 envelope, + see the ``use_pkcs8`` flag below). + - ``'PEM'``. The key will be encoded in a PEM_ envelope (ASCII). + - ``'OpenSSH'``. The key will be encoded in the OpenSSH_ format + (ASCII, public keys only). + + passphrase (byte string or string): + The passphrase to use for protecting the private key. + + use_pkcs8 (boolean): + Only relevant for private keys. + + If ``True`` (default and recommended), the `PKCS#8`_ representation + will be used. + + If ``False``, the much weaker `PEM encryption`_ mechanism will be used. + + protection (string): + When a private key is exported with password-protection + and PKCS#8 (both ``DER`` and ``PEM`` formats), this parameter MUST be + present and be a valid algorithm supported by :mod:`Cryptodome.IO.PKCS8`. + It is recommended to use ``PBKDF2WithHMAC-SHA1AndAES128-CBC``. + + compress (boolean): + If ``True``, a more compact representation of the public key + with the X-coordinate only is used. + + If ``False`` (default), the full public key will be exported. + + .. warning:: + If you don't provide a passphrase, the private key will be + exported in the clear! + + .. note:: + When exporting a private key with password-protection and `PKCS#8`_ + (both ``DER`` and ``PEM`` formats), any extra parameters + to ``export_key()`` will be passed to :mod:`Cryptodome.IO.PKCS8`. + + .. _PEM: http://www.ietf.org/rfc/rfc1421.txt + .. _`PEM encryption`: http://www.ietf.org/rfc/rfc1423.txt + .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt + .. _OpenSSH: http://www.openssh.com/txt/rfc5656.txt + .. _RFC5480: https://tools.ietf.org/html/rfc5480 + .. _RFC5915: http://www.ietf.org/rfc/rfc5915.txt + + Returns: + A multi-line string (for PEM and OpenSSH) or bytes (for DER) with the encoded key. + """ + + args = kwargs.copy() + ext_format = args.pop("format") + if ext_format not in ("PEM", "DER", "OpenSSH"): + raise ValueError("Unknown format '%s'" % ext_format) + + compress = args.pop("compress", False) + + if self.has_private(): + passphrase = args.pop("passphrase", None) + if is_string(passphrase): + passphrase = tobytes(passphrase) + if not passphrase: + raise ValueError("Empty passphrase") + use_pkcs8 = args.pop("use_pkcs8", True) + if ext_format == "PEM": + if use_pkcs8: + if passphrase: + return self._export_private_encrypted_pkcs8_in_clear_pem(passphrase, **args) + else: + return self._export_private_clear_pkcs8_in_clear_pem() + else: + return self._export_private_pem(passphrase, **args) + elif ext_format == "DER": + # DER + if passphrase and not use_pkcs8: + raise ValueError("Private keys can only be encrpyted with DER using PKCS#8") + if use_pkcs8: + return self._export_pkcs8(passphrase=passphrase, **args) + else: + return self._export_private_der() + else: + raise ValueError("Private keys cannot be exported in OpenSSH format") + else: # Public key + if args: + raise ValueError("Unexpected parameters: '%s'" % args) + if ext_format == "PEM": + return self._export_public_pem(compress) + elif ext_format == "DER": + return self._export_subjectPublicKeyInfo(compress) + else: + return self._export_openssh(compress) + + +def generate(**kwargs): + """Generate a new private key on the given curve. + + Args: + + curve (string): + Mandatory. It must be a curve name defined in :numref:`curve_names`. + + randfunc (callable): + Optional. The RNG to read randomness from. + If ``None``, :func:`Cryptodome.Random.get_random_bytes` is used. + """ + + curve_name = kwargs.pop("curve") + curve = _curves[curve_name] + randfunc = kwargs.pop("randfunc", get_random_bytes) + if kwargs: + raise TypeError("Unknown parameters: " + str(kwargs)) + + d = Integer.random_range(min_inclusive=1, + max_exclusive=curve.order, + randfunc=randfunc) + + return EccKey(curve=curve_name, d=d) + + +def construct(**kwargs): + """Build a new ECC key (private or public) starting + from some base components. + + Args: + + curve (string): + Mandatory. It must be a curve name defined in :numref:`curve_names`. + + d (integer): + Only for a private key. It must be in the range ``[1..order-1]``. + + point_x (integer): + Mandatory for a public key. X coordinate (affine) of the ECC point. + + point_y (integer): + Mandatory for a public key. Y coordinate (affine) of the ECC point. + + Returns: + :class:`EccKey` : a new ECC key object + """ + + curve_name = kwargs["curve"] + curve = _curves[curve_name] + point_x = kwargs.pop("point_x", None) + point_y = kwargs.pop("point_y", None) + + if "point" in kwargs: + raise TypeError("Unknown keyword: point") + + if None not in (point_x, point_y): + # ValueError is raised if the point is not on the curve + kwargs["point"] = EccPoint(point_x, point_y, curve_name) + + # Validate that the private key matches the public one + d = kwargs.get("d", None) + if d is not None and "point" in kwargs: + pub_key = curve.G * d + if pub_key.xy != (point_x, point_y): + raise ValueError("Private and public ECC keys do not match") + + return EccKey(**kwargs) + + +def _import_public_der(curve_oid, ec_point): + """Convert an encoded EC point into an EccKey object + + curve_name: string with the OID of the curve + ec_point: byte string with the EC point (not DER encoded) + + """ + + for curve_name, curve in _curves.items(): + if curve.oid == curve_oid: + break + else: + raise UnsupportedEccFeature("Unsupported ECC curve (OID: %s)" % curve_oid) + + # See 2.2 in RFC5480 and 2.3.3 in SEC1 + # The first byte is: + # - 0x02: compressed, only X-coordinate, Y-coordinate is even + # - 0x03: compressed, only X-coordinate, Y-coordinate is odd + # - 0x04: uncompressed, X-coordinate is followed by Y-coordinate + # + # PAI is in theory encoded as 0x00. + + modulus_bytes = curve.p.size_in_bytes() + point_type = bord(ec_point[0]) + + # Uncompressed point + if point_type == 0x04: + if len(ec_point) != (1 + 2 * modulus_bytes): + raise ValueError("Incorrect EC point length") + x = Integer.from_bytes(ec_point[1:modulus_bytes+1]) + y = Integer.from_bytes(ec_point[modulus_bytes+1:]) + # Compressed point + elif point_type in (0x02, 0x3): + if len(ec_point) != (1 + modulus_bytes): + raise ValueError("Incorrect EC point length") + x = Integer.from_bytes(ec_point[1:]) + y = (x**3 - x*3 + curve.b).sqrt(curve.p) # Short Weierstrass + if point_type == 0x02 and y.is_odd(): + y = curve.p - y + if point_type == 0x03 and y.is_even(): + y = curve.p - y + else: + raise ValueError("Incorrect EC point encoding") + + return construct(curve=curve_name, point_x=x, point_y=y) + + +def _import_subjectPublicKeyInfo(encoded, *kwargs): + """Convert a subjectPublicKeyInfo into an EccKey object""" + + # See RFC5480 + + # Parse the generic subjectPublicKeyInfo structure + oid, ec_point, params = _expand_subject_public_key_info(encoded) + + # ec_point must be an encoded OCTET STRING + # params is encoded ECParameters + + # We accept id-ecPublicKey, id-ecDH, id-ecMQV without making any + # distiction for now. + + # Restrictions can be captured in the key usage certificate + # extension + unrestricted_oid = "1.2.840.10045.2.1" + ecdh_oid = "1.3.132.1.12" + ecmqv_oid = "1.3.132.1.13" + + if oid not in (unrestricted_oid, ecdh_oid, ecmqv_oid): + raise UnsupportedEccFeature("Unsupported ECC purpose (OID: %s)" % oid) + + # Parameters are mandatory for all three types + if not params: + raise ValueError("Missing ECC parameters") + + # ECParameters ::= CHOICE { + # namedCurve OBJECT IDENTIFIER + # -- implicitCurve NULL + # -- specifiedCurve SpecifiedECDomain + # } + # + # implicitCurve and specifiedCurve are not supported (as per RFC) + curve_oid = DerObjectId().decode(params).value + + return _import_public_der(curve_oid, ec_point) + + +def _import_private_der(encoded, passphrase, curve_oid=None): + + # See RFC5915 https://tools.ietf.org/html/rfc5915 + # + # ECPrivateKey ::= SEQUENCE { + # version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), + # privateKey OCTET STRING, + # parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, + # publicKey [1] BIT STRING OPTIONAL + # } + + private_key = DerSequence().decode(encoded, nr_elements=(3, 4)) + if private_key[0] != 1: + raise ValueError("Incorrect ECC private key version") + + try: + parameters = DerObjectId(explicit=0).decode(private_key[2]).value + if curve_oid is not None and parameters != curve_oid: + raise ValueError("Curve mismatch") + curve_oid = parameters + except ValueError: + pass + + if curve_oid is None: + raise ValueError("No curve found") + + for curve_name, curve in _curves.items(): + if curve.oid == curve_oid: + break + else: + raise UnsupportedEccFeature("Unsupported ECC curve (OID: %s)" % curve_oid) + + scalar_bytes = DerOctetString().decode(private_key[1]).payload + modulus_bytes = curve.p.size_in_bytes() + if len(scalar_bytes) != modulus_bytes: + raise ValueError("Private key is too small") + d = Integer.from_bytes(scalar_bytes) + + # Decode public key (if any) + if len(private_key) == 4: + public_key_enc = DerBitString(explicit=1).decode(private_key[3]).value + public_key = _import_public_der(curve_oid, public_key_enc) + point_x = public_key.pointQ.x + point_y = public_key.pointQ.y + else: + point_x = point_y = None + + return construct(curve=curve_name, d=d, point_x=point_x, point_y=point_y) + + +def _import_pkcs8(encoded, passphrase): + from Cryptodome.IO import PKCS8 + + # From RFC5915, Section 1: + # + # Distributing an EC private key with PKCS#8 [RFC5208] involves including: + # a) id-ecPublicKey, id-ecDH, or id-ecMQV (from [RFC5480]) with the + # namedCurve as the parameters in the privateKeyAlgorithm field; and + # b) ECPrivateKey in the PrivateKey field, which is an OCTET STRING. + + algo_oid, private_key, params = PKCS8.unwrap(encoded, passphrase) + + # We accept id-ecPublicKey, id-ecDH, id-ecMQV without making any + # distiction for now. + unrestricted_oid = "1.2.840.10045.2.1" + ecdh_oid = "1.3.132.1.12" + ecmqv_oid = "1.3.132.1.13" + + if algo_oid not in (unrestricted_oid, ecdh_oid, ecmqv_oid): + raise UnsupportedEccFeature("Unsupported ECC purpose (OID: %s)" % algo_oid) + + curve_oid = DerObjectId().decode(params).value + + return _import_private_der(private_key, passphrase, curve_oid) + + +def _import_x509_cert(encoded, *kwargs): + + sp_info = _extract_subject_public_key_info(encoded) + return _import_subjectPublicKeyInfo(sp_info) + + +def _import_der(encoded, passphrase): + + try: + return _import_subjectPublicKeyInfo(encoded, passphrase) + except UnsupportedEccFeature as err: + raise err + except (ValueError, TypeError, IndexError): + pass + + try: + return _import_x509_cert(encoded, passphrase) + except UnsupportedEccFeature as err: + raise err + except (ValueError, TypeError, IndexError): + pass + + try: + return _import_private_der(encoded, passphrase) + except UnsupportedEccFeature as err: + raise err + except (ValueError, TypeError, IndexError): + pass + + try: + return _import_pkcs8(encoded, passphrase) + except UnsupportedEccFeature as err: + raise err + except (ValueError, TypeError, IndexError): + pass + + raise ValueError("Not an ECC DER key") + + +def _import_openssh_public(encoded): + keystring = binascii.a2b_base64(encoded.split(b' ')[1]) + + keyparts = [] + while len(keystring) > 4: + lk = struct.unpack(">I", keystring[:4])[0] + keyparts.append(keystring[4:4 + lk]) + keystring = keystring[4 + lk:] + + for curve_name, curve in _curves.items(): + middle = tobytes(curve.openssh.split("-")[2]) + if keyparts[1] == middle: + break + else: + raise ValueError("Unsupported ECC curve") + + return _import_public_der(curve.oid, keyparts[2]) + + +def _import_openssh_private_ecc(data, password): + + from ._openssh import (import_openssh_private_generic, + read_bytes, read_string, check_padding) + + ssh_name, decrypted = import_openssh_private_generic(data, password) + + name, decrypted = read_string(decrypted) + if name not in _curves: + raise UnsupportedEccFeature("Unsupported ECC curve %s" % name) + curve = _curves[name] + modulus_bytes = (curve.modulus_bits + 7) // 8 + + public_key, decrypted = read_bytes(decrypted) + + if bord(public_key[0]) != 4: + raise ValueError("Only uncompressed OpenSSH EC keys are supported") + if len(public_key) != 2 * modulus_bytes + 1: + raise ValueError("Incorrect public key length") + + point_x = Integer.from_bytes(public_key[1:1+modulus_bytes]) + point_y = Integer.from_bytes(public_key[1+modulus_bytes:]) + point = EccPoint(point_x, point_y, curve=name) + + private_key, decrypted = read_bytes(decrypted) + d = Integer.from_bytes(private_key) + + _, padded = read_string(decrypted) # Comment + check_padding(padded) + + return EccKey(curve=name, d=d, point=point) + + +def import_key(encoded, passphrase=None): + """Import an ECC key (public or private). + + Args: + encoded (bytes or multi-line string): + The ECC key to import. + + An ECC **public** key can be: + + - An X.509 certificate, binary (DER) or ASCII (PEM) + - An X.509 ``subjectPublicKeyInfo``, binary (DER) or ASCII (PEM) + - An OpenSSH line (e.g. the content of ``~/.ssh/id_ecdsa``, ASCII) + + An ECC **private** key can be: + + - In binary format (DER, see section 3 of `RFC5915`_ or `PKCS#8`_) + - In ASCII format (PEM or `OpenSSH 6.5+`_) + + Private keys can be in the clear or password-protected. + + For details about the PEM encoding, see `RFC1421`_/`RFC1423`_. + + passphrase (byte string): + The passphrase to use for decrypting a private key. + Encryption may be applied protected at the PEM level or at the PKCS#8 level. + This parameter is ignored if the key in input is not encrypted. + + Returns: + :class:`EccKey` : a new ECC key object + + Raises: + ValueError: when the given key cannot be parsed (possibly because + the pass phrase is wrong). + + .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt + .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt + .. _RFC5915: http://www.ietf.org/rfc/rfc5915.txt + .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt + .. _`OpenSSH 6.5+`: https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf + """ + + from Cryptodome.IO import PEM + + encoded = tobytes(encoded) + if passphrase is not None: + passphrase = tobytes(passphrase) + + # PEM + if encoded.startswith(b'-----BEGIN OPENSSH PRIVATE KEY'): + text_encoded = tostr(encoded) + openssh_encoded, marker, enc_flag = PEM.decode(text_encoded, passphrase) + result = _import_openssh_private_ecc(openssh_encoded, passphrase) + return result + + elif encoded.startswith(b'-----'): + + text_encoded = tostr(encoded) + + # Remove any EC PARAMETERS section + # Ignore its content because the curve type must be already given in the key + if sys.version_info[:2] != (2, 6): + ecparams_start = "-----BEGIN EC PARAMETERS-----" + ecparams_end = "-----END EC PARAMETERS-----" + text_encoded = re.sub(ecparams_start + ".*?" + ecparams_end, "", + text_encoded, + flags=re.DOTALL) + + der_encoded, marker, enc_flag = PEM.decode(text_encoded, passphrase) + if enc_flag: + passphrase = None + try: + result = _import_der(der_encoded, passphrase) + except UnsupportedEccFeature as uef: + raise uef + except ValueError: + raise ValueError("Invalid DER encoding inside the PEM file") + return result + + # OpenSSH + if encoded.startswith(b'ecdsa-sha2-'): + return _import_openssh_public(encoded) + + # DER + if len(encoded) > 0 and bord(encoded[0]) == 0x30: + return _import_der(encoded, passphrase) + + raise ValueError("ECC key format is not supported") + + +if __name__ == "__main__": + + import time + + d = 0xc51e4753afdec1e6b6c6a5b992f43f8dd0c7a8933072708b6522468b2ffb06fd + + point = _curves['p256'].G.copy() + count = 3000 + + start = time.time() + for x in range(count): + pointX = point * d + print("(P-256 G)", (time.time() - start) / count * 1000, "ms") + + start = time.time() + for x in range(count): + pointX = pointX * d + print("(P-256 arbitrary point)", (time.time() - start) / count * 1000, "ms") diff --git a/frozen_deps/Cryptodome/PublicKey/ECC.pyi b/frozen_deps/Cryptodome/PublicKey/ECC.pyi new file mode 100644 index 0000000..b38b337 --- /dev/null +++ b/frozen_deps/Cryptodome/PublicKey/ECC.pyi @@ -0,0 +1,62 @@ +from typing import Union, Callable, Optional, NamedTuple, List, Tuple, Dict, NamedTuple, Any + +from Cryptodome.Math.Numbers import Integer + +RNG = Callable[[int], bytes] + +class UnsupportedEccFeature(ValueError): ... +class EccPoint(object): + def __init__(self, x: Union[int, Integer], y: Union[int, Integer], curve: Optional[str] = ...) -> None: ... + def set(self, point: EccPoint) -> EccPoint: ... + def __eq__(self, point: object) -> bool: ... + def __neg__(self) -> EccPoint: ... + def copy(self) -> EccPoint: ... + def is_point_at_infinity(self) -> bool: ... + def point_at_infinity(self) -> EccPoint: ... + @property + def x(self) -> int: ... + @property + def y(self) -> int: ... + @property + def xy(self) -> Tuple[int, int]: ... + def size_in_bytes(self) -> int: ... + def size_in_bits(self) -> int: ... + def double(self) -> EccPoint: ... + def __iadd__(self, point: EccPoint) -> EccPoint: ... + def __add__(self, point: EccPoint) -> EccPoint: ... + def __imul__(self, scalar: int) -> EccPoint: ... + def __mul__(self, scalar: int) -> EccPoint: ... + +class EccKey(object): + curve: str + def __init__(self, *, curve: str = ..., d: int = ..., point: EccPoint = ...) -> None: ... + def __eq__(self, other: object) -> bool: ... + def __repr__(self) -> str: ... + def has_private(self) -> bool: ... + @property + def d(self) -> int: ... + @property + def pointQ(self) -> EccPoint: ... + def public_key(self) -> EccKey: ... + def export_key(self, **kwargs: Union[str, bytes, bool]) -> str: ... + + +_Curve = NamedTuple("_Curve", [('p', Integer), + ('order', Integer), + ('b', Integer), + ('Gx', Integer), + ('Gy', Integer), + ('G', EccPoint), + ('modulus_bits', int), + ('oid', str), + ('context', Any), + ('desc', str), + ('openssh', str), + ]) + +_curves : Dict[str, _Curve] + + +def generate(**kwargs: Union[str, RNG]) -> EccKey: ... +def construct(**kwargs: Union[str, int]) -> EccKey: ... +def import_key(encoded: Union[bytes, str], passphrase: Optional[str]=None) -> EccKey: ... diff --git a/frozen_deps/Cryptodome/PublicKey/ElGamal.py b/frozen_deps/Cryptodome/PublicKey/ElGamal.py new file mode 100644 index 0000000..95c219e --- /dev/null +++ b/frozen_deps/Cryptodome/PublicKey/ElGamal.py @@ -0,0 +1,286 @@ +# +# ElGamal.py : ElGamal encryption/decryption and signatures +# +# Part of the Python Cryptography Toolkit +# +# Originally written by: A.M. Kuchling +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +__all__ = ['generate', 'construct', 'ElGamalKey'] + +from Cryptodome import Random +from Cryptodome.Math.Primality import ( generate_probable_safe_prime, + test_probable_prime, COMPOSITE ) +from Cryptodome.Math.Numbers import Integer + +# Generate an ElGamal key with N bits +def generate(bits, randfunc): + """Randomly generate a fresh, new ElGamal key. + + The key will be safe for use for both encryption and signature + (although it should be used for **only one** purpose). + + Args: + bits (int): + Key length, or size (in bits) of the modulus *p*. + The recommended value is 2048. + randfunc (callable): + Random number generation function; it should accept + a single integer *N* and return a string of random + *N* random bytes. + + Return: + an :class:`ElGamalKey` object + """ + + obj=ElGamalKey() + + # Generate a safe prime p + # See Algorithm 4.86 in Handbook of Applied Cryptography + obj.p = generate_probable_safe_prime(exact_bits=bits, randfunc=randfunc) + q = (obj.p - 1) >> 1 + + # Generate generator g + while 1: + # Choose a square residue; it will generate a cyclic group of order q. + obj.g = pow(Integer.random_range(min_inclusive=2, + max_exclusive=obj.p, + randfunc=randfunc), 2, obj.p) + + # We must avoid g=2 because of Bleichenbacher's attack described + # in "Generating ElGamal signatures without knowning the secret key", + # 1996 + if obj.g in (1, 2): + continue + + # Discard g if it divides p-1 because of the attack described + # in Note 11.67 (iii) in HAC + if (obj.p - 1) % obj.g == 0: + continue + + # g^{-1} must not divide p-1 because of Khadir's attack + # described in "Conditions of the generator for forging ElGamal + # signature", 2011 + ginv = obj.g.inverse(obj.p) + if (obj.p - 1) % ginv == 0: + continue + + # Found + break + + # Generate private key x + obj.x = Integer.random_range(min_inclusive=2, + max_exclusive=obj.p-1, + randfunc=randfunc) + # Generate public key y + obj.y = pow(obj.g, obj.x, obj.p) + return obj + +def construct(tup): + r"""Construct an ElGamal key from a tuple of valid ElGamal components. + + The modulus *p* must be a prime. + The following conditions must apply: + + .. math:: + + \begin{align} + &1 < g < p-1 \\ + &g^{p-1} = 1 \text{ mod } 1 \\ + &1 < x < p-1 \\ + &g^x = y \text{ mod } p + \end{align} + + Args: + tup (tuple): + A tuple with either 3 or 4 integers, + in the following order: + + 1. Modulus (*p*). + 2. Generator (*g*). + 3. Public key (*y*). + 4. Private key (*x*). Optional. + + Raises: + ValueError: when the key being imported fails the most basic ElGamal validity checks. + + Returns: + an :class:`ElGamalKey` object + """ + + obj=ElGamalKey() + if len(tup) not in [3,4]: + raise ValueError('argument for construct() wrong length') + for i in range(len(tup)): + field = obj._keydata[i] + setattr(obj, field, Integer(tup[i])) + + fmt_error = test_probable_prime(obj.p) == COMPOSITE + fmt_error |= obj.g<=1 or obj.g>=obj.p + fmt_error |= pow(obj.g, obj.p-1, obj.p)!=1 + fmt_error |= obj.y<1 or obj.y>=obj.p + if len(tup)==4: + fmt_error |= obj.x<=1 or obj.x>=obj.p + fmt_error |= pow(obj.g, obj.x, obj.p)!=obj.y + + if fmt_error: + raise ValueError("Invalid ElGamal key components") + + return obj + +class ElGamalKey(object): + r"""Class defining an ElGamal key. + Do not instantiate directly. + Use :func:`generate` or :func:`construct` instead. + + :ivar p: Modulus + :vartype d: integer + + :ivar g: Generator + :vartype e: integer + + :ivar y: Public key component + :vartype y: integer + + :ivar x: Private key component + :vartype x: integer + """ + + #: Dictionary of ElGamal parameters. + #: + #: A public key will only have the following entries: + #: + #: - **y**, the public key. + #: - **g**, the generator. + #: - **p**, the modulus. + #: + #: A private key will also have: + #: + #: - **x**, the private key. + _keydata=['p', 'g', 'y', 'x'] + + def __init__(self, randfunc=None): + if randfunc is None: + randfunc = Random.new().read + self._randfunc = randfunc + + def _encrypt(self, M, K): + a=pow(self.g, K, self.p) + b=( pow(self.y, K, self.p)*M ) % self.p + return [int(a), int(b)] + + def _decrypt(self, M): + if (not hasattr(self, 'x')): + raise TypeError('Private key not available in this object') + r = Integer.random_range(min_inclusive=2, + max_exclusive=self.p-1, + randfunc=self._randfunc) + a_blind = (pow(self.g, r, self.p) * M[0]) % self.p + ax=pow(a_blind, self.x, self.p) + plaintext_blind = (ax.inverse(self.p) * M[1] ) % self.p + plaintext = (plaintext_blind * pow(self.y, r, self.p)) % self.p + return int(plaintext) + + def _sign(self, M, K): + if (not hasattr(self, 'x')): + raise TypeError('Private key not available in this object') + p1=self.p-1 + K = Integer(K) + if (K.gcd(p1)!=1): + raise ValueError('Bad K value: GCD(K,p-1)!=1') + a=pow(self.g, K, self.p) + t=(Integer(M)-self.x*a) % p1 + while t<0: t=t+p1 + b=(t*K.inverse(p1)) % p1 + return [int(a), int(b)] + + def _verify(self, M, sig): + sig = [Integer(x) for x in sig] + if sig[0]<1 or sig[0]>self.p-1: + return 0 + v1=pow(self.y, sig[0], self.p) + v1=(v1*pow(sig[0], sig[1], self.p)) % self.p + v2=pow(self.g, M, self.p) + if v1==v2: + return 1 + return 0 + + def has_private(self): + """Whether this is an ElGamal private key""" + + if hasattr(self, 'x'): + return 1 + else: + return 0 + + def can_encrypt(self): + return True + + def can_sign(self): + return True + + def publickey(self): + """A matching ElGamal public key. + + Returns: + a new :class:`ElGamalKey` object + """ + return construct((self.p, self.g, self.y)) + + def __eq__(self, other): + if bool(self.has_private()) != bool(other.has_private()): + return False + + result = True + for comp in self._keydata: + result = result and (getattr(self.key, comp, None) == + getattr(other.key, comp, None)) + return result + + def __ne__(self, other): + return not self.__eq__(other) + + def __getstate__(self): + # ElGamal key is not pickable + from pickle import PicklingError + raise PicklingError + + # Methods defined in PyCryptodome that we don't support anymore + + def sign(self, M, K): + raise NotImplementedError + + def verify(self, M, signature): + raise NotImplementedError + + def encrypt(self, plaintext, K): + raise NotImplementedError + + def decrypt(self, ciphertext): + raise NotImplementedError + + def blind(self, M, B): + raise NotImplementedError + + def unblind(self, M, B): + raise NotImplementedError + + def size(self): + raise NotImplementedError diff --git a/frozen_deps/Cryptodome/PublicKey/ElGamal.pyi b/frozen_deps/Cryptodome/PublicKey/ElGamal.pyi new file mode 100644 index 0000000..9048531 --- /dev/null +++ b/frozen_deps/Cryptodome/PublicKey/ElGamal.pyi @@ -0,0 +1,18 @@ +from typing import Callable, Union, Tuple, Optional + +__all__ = ['generate', 'construct', 'ElGamalKey'] + +RNG = Callable[[int], bytes] + +def generate(bits: int, randfunc: RNG) -> ElGamalKey: ... +def construct(tup: Union[Tuple[int, int, int], Tuple[int, int, int, int]]) -> ElGamalKey: ... + +class ElGamalKey(object): + def __init__(self, randfunc: Optional[RNG]=None) -> None: ... + def has_private(self) -> bool: ... + def can_encrypt(self) -> bool: ... + def can_sign(self) -> bool: ... + def publickey(self) -> ElGamalKey: ... + def __eq__(self, other: object) -> bool: ... + def __ne__(self, other: object) -> bool: ... + def __getstate__(self) -> None: ... diff --git a/frozen_deps/Cryptodome/PublicKey/RSA.py b/frozen_deps/Cryptodome/PublicKey/RSA.py new file mode 100644 index 0000000..27331ca --- /dev/null +++ b/frozen_deps/Cryptodome/PublicKey/RSA.py @@ -0,0 +1,796 @@ +# -*- coding: utf-8 -*- +# =================================================================== +# +# Copyright (c) 2016, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +__all__ = ['generate', 'construct', 'import_key', + 'RsaKey', 'oid'] + +import binascii +import struct + +from Cryptodome import Random +from Cryptodome.Util.py3compat import tobytes, bord, tostr +from Cryptodome.Util.asn1 import DerSequence + +from Cryptodome.Math.Numbers import Integer +from Cryptodome.Math.Primality import (test_probable_prime, + generate_probable_prime, COMPOSITE) + +from Cryptodome.PublicKey import (_expand_subject_public_key_info, + _create_subject_public_key_info, + _extract_subject_public_key_info) + + +class RsaKey(object): + r"""Class defining an actual RSA key. + Do not instantiate directly. + Use :func:`generate`, :func:`construct` or :func:`import_key` instead. + + :ivar n: RSA modulus + :vartype n: integer + + :ivar e: RSA public exponent + :vartype e: integer + + :ivar d: RSA private exponent + :vartype d: integer + + :ivar p: First factor of the RSA modulus + :vartype p: integer + + :ivar q: Second factor of the RSA modulus + :vartype q: integer + + :ivar u: Chinese remainder component (:math:`p^{-1} \text{mod } q`) + :vartype q: integer + """ + + def __init__(self, **kwargs): + """Build an RSA key. + + :Keywords: + n : integer + The modulus. + e : integer + The public exponent. + d : integer + The private exponent. Only required for private keys. + p : integer + The first factor of the modulus. Only required for private keys. + q : integer + The second factor of the modulus. Only required for private keys. + u : integer + The CRT coefficient (inverse of p modulo q). Only required for + private keys. + """ + + input_set = set(kwargs.keys()) + public_set = set(('n', 'e')) + private_set = public_set | set(('p', 'q', 'd', 'u')) + if input_set not in (private_set, public_set): + raise ValueError("Some RSA components are missing") + for component, value in kwargs.items(): + setattr(self, "_" + component, value) + if input_set == private_set: + self._dp = self._d % (self._p - 1) # = (e⁻¹) mod (p-1) + self._dq = self._d % (self._q - 1) # = (e⁻¹) mod (q-1) + + @property + def n(self): + return int(self._n) + + @property + def e(self): + return int(self._e) + + @property + def d(self): + if not self.has_private(): + raise AttributeError("No private exponent available for public keys") + return int(self._d) + + @property + def p(self): + if not self.has_private(): + raise AttributeError("No CRT component 'p' available for public keys") + return int(self._p) + + @property + def q(self): + if not self.has_private(): + raise AttributeError("No CRT component 'q' available for public keys") + return int(self._q) + + @property + def u(self): + if not self.has_private(): + raise AttributeError("No CRT component 'u' available for public keys") + return int(self._u) + + def size_in_bits(self): + """Size of the RSA modulus in bits""" + return self._n.size_in_bits() + + def size_in_bytes(self): + """The minimal amount of bytes that can hold the RSA modulus""" + return (self._n.size_in_bits() - 1) // 8 + 1 + + def _encrypt(self, plaintext): + if not 0 <= plaintext < self._n: + raise ValueError("Plaintext too large") + return int(pow(Integer(plaintext), self._e, self._n)) + + def _decrypt(self, ciphertext): + if not 0 <= ciphertext < self._n: + raise ValueError("Ciphertext too large") + if not self.has_private(): + raise TypeError("This is not a private key") + + # Blinded RSA decryption (to prevent timing attacks): + # Step 1: Generate random secret blinding factor r, + # such that 0 < r < n-1 + r = Integer.random_range(min_inclusive=1, max_exclusive=self._n) + # Step 2: Compute c' = c * r**e mod n + cp = Integer(ciphertext) * pow(r, self._e, self._n) % self._n + # Step 3: Compute m' = c'**d mod n (normal RSA decryption) + m1 = pow(cp, self._dp, self._p) + m2 = pow(cp, self._dq, self._q) + h = ((m2 - m1) * self._u) % self._q + mp = h * self._p + m1 + # Step 4: Compute m = m**(r-1) mod n + result = (r.inverse(self._n) * mp) % self._n + # Verify no faults occurred + if ciphertext != pow(result, self._e, self._n): + raise ValueError("Fault detected in RSA decryption") + return result + + def has_private(self): + """Whether this is an RSA private key""" + + return hasattr(self, "_d") + + def can_encrypt(self): # legacy + return True + + def can_sign(self): # legacy + return True + + def publickey(self): + """A matching RSA public key. + + Returns: + a new :class:`RsaKey` object + """ + return RsaKey(n=self._n, e=self._e) + + def __eq__(self, other): + if self.has_private() != other.has_private(): + return False + if self.n != other.n or self.e != other.e: + return False + if not self.has_private(): + return True + return (self.d == other.d) + + def __ne__(self, other): + return not (self == other) + + def __getstate__(self): + # RSA key is not pickable + from pickle import PicklingError + raise PicklingError + + def __repr__(self): + if self.has_private(): + extra = ", d=%d, p=%d, q=%d, u=%d" % (int(self._d), int(self._p), + int(self._q), int(self._u)) + else: + extra = "" + return "RsaKey(n=%d, e=%d%s)" % (int(self._n), int(self._e), extra) + + def __str__(self): + if self.has_private(): + key_type = "Private" + else: + key_type = "Public" + return "%s RSA key at 0x%X" % (key_type, id(self)) + + def export_key(self, format='PEM', passphrase=None, pkcs=1, + protection=None, randfunc=None): + """Export this RSA key. + + Args: + format (string): + The format to use for wrapping the key: + + - *'PEM'*. (*Default*) Text encoding, done according to `RFC1421`_/`RFC1423`_. + - *'DER'*. Binary encoding. + - *'OpenSSH'*. Textual encoding, done according to OpenSSH specification. + Only suitable for public keys (not private keys). + + passphrase (string): + (*For private keys only*) The pass phrase used for protecting the output. + + pkcs (integer): + (*For private keys only*) The ASN.1 structure to use for + serializing the key. Note that even in case of PEM + encoding, there is an inner ASN.1 DER structure. + + With ``pkcs=1`` (*default*), the private key is encoded in a + simple `PKCS#1`_ structure (``RSAPrivateKey``). + + With ``pkcs=8``, the private key is encoded in a `PKCS#8`_ structure + (``PrivateKeyInfo``). + + .. note:: + This parameter is ignored for a public key. + For DER and PEM, an ASN.1 DER ``SubjectPublicKeyInfo`` + structure is always used. + + protection (string): + (*For private keys only*) + The encryption scheme to use for protecting the private key. + + If ``None`` (default), the behavior depends on :attr:`format`: + + - For *'DER'*, the *PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC* + scheme is used. The following operations are performed: + + 1. A 16 byte Triple DES key is derived from the passphrase + using :func:`Cryptodome.Protocol.KDF.PBKDF2` with 8 bytes salt, + and 1 000 iterations of :mod:`Cryptodome.Hash.HMAC`. + 2. The private key is encrypted using CBC. + 3. The encrypted key is encoded according to PKCS#8. + + - For *'PEM'*, the obsolete PEM encryption scheme is used. + It is based on MD5 for key derivation, and Triple DES for encryption. + + Specifying a value for :attr:`protection` is only meaningful for PKCS#8 + (that is, ``pkcs=8``) and only if a pass phrase is present too. + + The supported schemes for PKCS#8 are listed in the + :mod:`Cryptodome.IO.PKCS8` module (see :attr:`wrap_algo` parameter). + + randfunc (callable): + A function that provides random bytes. Only used for PEM encoding. + The default is :func:`Cryptodome.Random.get_random_bytes`. + + Returns: + byte string: the encoded key + + Raises: + ValueError:when the format is unknown or when you try to encrypt a private + key with *DER* format and PKCS#1. + + .. warning:: + If you don't provide a pass phrase, the private key will be + exported in the clear! + + .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt + .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt + .. _`PKCS#1`: http://www.ietf.org/rfc/rfc3447.txt + .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt + """ + + if passphrase is not None: + passphrase = tobytes(passphrase) + + if randfunc is None: + randfunc = Random.get_random_bytes + + if format == 'OpenSSH': + e_bytes, n_bytes = [x.to_bytes() for x in (self._e, self._n)] + if bord(e_bytes[0]) & 0x80: + e_bytes = b'\x00' + e_bytes + if bord(n_bytes[0]) & 0x80: + n_bytes = b'\x00' + n_bytes + keyparts = [b'ssh-rsa', e_bytes, n_bytes] + keystring = b''.join([struct.pack(">I", len(kp)) + kp for kp in keyparts]) + return b'ssh-rsa ' + binascii.b2a_base64(keystring)[:-1] + + # DER format is always used, even in case of PEM, which simply + # encodes it into BASE64. + if self.has_private(): + binary_key = DerSequence([0, + self.n, + self.e, + self.d, + self.p, + self.q, + self.d % (self.p-1), + self.d % (self.q-1), + Integer(self.q).inverse(self.p) + ]).encode() + if pkcs == 1: + key_type = 'RSA PRIVATE KEY' + if format == 'DER' and passphrase: + raise ValueError("PKCS#1 private key cannot be encrypted") + else: # PKCS#8 + from Cryptodome.IO import PKCS8 + + if format == 'PEM' and protection is None: + key_type = 'PRIVATE KEY' + binary_key = PKCS8.wrap(binary_key, oid, None) + else: + key_type = 'ENCRYPTED PRIVATE KEY' + if not protection: + protection = 'PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC' + binary_key = PKCS8.wrap(binary_key, oid, + passphrase, protection) + passphrase = None + else: + key_type = "PUBLIC KEY" + binary_key = _create_subject_public_key_info(oid, + DerSequence([self.n, + self.e]) + ) + + if format == 'DER': + return binary_key + if format == 'PEM': + from Cryptodome.IO import PEM + + pem_str = PEM.encode(binary_key, key_type, passphrase, randfunc) + return tobytes(pem_str) + + raise ValueError("Unknown key format '%s'. Cannot export the RSA key." % format) + + # Backward compatibility + exportKey = export_key + + # Methods defined in PyCryptodome that we don't support anymore + def sign(self, M, K): + raise NotImplementedError("Use module Cryptodome.Signature.pkcs1_15 instead") + + def verify(self, M, signature): + raise NotImplementedError("Use module Cryptodome.Signature.pkcs1_15 instead") + + def encrypt(self, plaintext, K): + raise NotImplementedError("Use module Cryptodome.Cipher.PKCS1_OAEP instead") + + def decrypt(self, ciphertext): + raise NotImplementedError("Use module Cryptodome.Cipher.PKCS1_OAEP instead") + + def blind(self, M, B): + raise NotImplementedError + + def unblind(self, M, B): + raise NotImplementedError + + def size(self): + raise NotImplementedError + + +def generate(bits, randfunc=None, e=65537): + """Create a new RSA key pair. + + The algorithm closely follows NIST `FIPS 186-4`_ in its + sections B.3.1 and B.3.3. The modulus is the product of + two non-strong probable primes. + Each prime passes a suitable number of Miller-Rabin tests + with random bases and a single Lucas test. + + Args: + bits (integer): + Key length, or size (in bits) of the RSA modulus. + It must be at least 1024, but **2048 is recommended.** + The FIPS standard only defines 1024, 2048 and 3072. + randfunc (callable): + Function that returns random bytes. + The default is :func:`Cryptodome.Random.get_random_bytes`. + e (integer): + Public RSA exponent. It must be an odd positive integer. + It is typically a small number with very few ones in its + binary representation. + The FIPS standard requires the public exponent to be + at least 65537 (the default). + + Returns: an RSA key object (:class:`RsaKey`, with private key). + + .. _FIPS 186-4: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + """ + + if bits < 1024: + raise ValueError("RSA modulus length must be >= 1024") + if e % 2 == 0 or e < 3: + raise ValueError("RSA public exponent must be a positive, odd integer larger than 2.") + + if randfunc is None: + randfunc = Random.get_random_bytes + + d = n = Integer(1) + e = Integer(e) + + while n.size_in_bits() != bits and d < (1 << (bits // 2)): + # Generate the prime factors of n: p and q. + # By construciton, their product is always + # 2^{bits-1} < p*q < 2^bits. + size_q = bits // 2 + size_p = bits - size_q + + min_p = min_q = (Integer(1) << (2 * size_q - 1)).sqrt() + if size_q != size_p: + min_p = (Integer(1) << (2 * size_p - 1)).sqrt() + + def filter_p(candidate): + return candidate > min_p and (candidate - 1).gcd(e) == 1 + + p = generate_probable_prime(exact_bits=size_p, + randfunc=randfunc, + prime_filter=filter_p) + + min_distance = Integer(1) << (bits // 2 - 100) + + def filter_q(candidate): + return (candidate > min_q and + (candidate - 1).gcd(e) == 1 and + abs(candidate - p) > min_distance) + + q = generate_probable_prime(exact_bits=size_q, + randfunc=randfunc, + prime_filter=filter_q) + + n = p * q + lcm = (p - 1).lcm(q - 1) + d = e.inverse(lcm) + + if p > q: + p, q = q, p + + u = p.inverse(q) + + return RsaKey(n=n, e=e, d=d, p=p, q=q, u=u) + + +def construct(rsa_components, consistency_check=True): + r"""Construct an RSA key from a tuple of valid RSA components. + + The modulus **n** must be the product of two primes. + The public exponent **e** must be odd and larger than 1. + + In case of a private key, the following equations must apply: + + .. math:: + + \begin{align} + p*q &= n \\ + e*d &\equiv 1 ( \text{mod lcm} [(p-1)(q-1)]) \\ + p*u &\equiv 1 ( \text{mod } q) + \end{align} + + Args: + rsa_components (tuple): + A tuple of integers, with at least 2 and no + more than 6 items. The items come in the following order: + + 1. RSA modulus *n*. + 2. Public exponent *e*. + 3. Private exponent *d*. + Only required if the key is private. + 4. First factor of *n* (*p*). + Optional, but the other factor *q* must also be present. + 5. Second factor of *n* (*q*). Optional. + 6. CRT coefficient *q*, that is :math:`p^{-1} \text{mod }q`. Optional. + + consistency_check (boolean): + If ``True``, the library will verify that the provided components + fulfil the main RSA properties. + + Raises: + ValueError: when the key being imported fails the most basic RSA validity checks. + + Returns: An RSA key object (:class:`RsaKey`). + """ + + class InputComps(object): + pass + + input_comps = InputComps() + for (comp, value) in zip(('n', 'e', 'd', 'p', 'q', 'u'), rsa_components): + setattr(input_comps, comp, Integer(value)) + + n = input_comps.n + e = input_comps.e + if not hasattr(input_comps, 'd'): + key = RsaKey(n=n, e=e) + else: + d = input_comps.d + if hasattr(input_comps, 'q'): + p = input_comps.p + q = input_comps.q + else: + # Compute factors p and q from the private exponent d. + # We assume that n has no more than two factors. + # See 8.2.2(i) in Handbook of Applied Cryptography. + ktot = d * e - 1 + # The quantity d*e-1 is a multiple of phi(n), even, + # and can be represented as t*2^s. + t = ktot + while t % 2 == 0: + t //= 2 + # Cycle through all multiplicative inverses in Zn. + # The algorithm is non-deterministic, but there is a 50% chance + # any candidate a leads to successful factoring. + # See "Digitalized Signatures and Public Key Functions as Intractable + # as Factorization", M. Rabin, 1979 + spotted = False + a = Integer(2) + while not spotted and a < 100: + k = Integer(t) + # Cycle through all values a^{t*2^i}=a^k + while k < ktot: + cand = pow(a, k, n) + # Check if a^k is a non-trivial root of unity (mod n) + if cand != 1 and cand != (n - 1) and pow(cand, 2, n) == 1: + # We have found a number such that (cand-1)(cand+1)=0 (mod n). + # Either of the terms divides n. + p = Integer(n).gcd(cand + 1) + spotted = True + break + k *= 2 + # This value was not any good... let's try another! + a += 2 + if not spotted: + raise ValueError("Unable to compute factors p and q from exponent d.") + # Found ! + assert ((n % p) == 0) + q = n // p + + if hasattr(input_comps, 'u'): + u = input_comps.u + else: + u = p.inverse(q) + + # Build key object + key = RsaKey(n=n, e=e, d=d, p=p, q=q, u=u) + + # Verify consistency of the key + if consistency_check: + + # Modulus and public exponent must be coprime + if e <= 1 or e >= n: + raise ValueError("Invalid RSA public exponent") + if Integer(n).gcd(e) != 1: + raise ValueError("RSA public exponent is not coprime to modulus") + + # For RSA, modulus must be odd + if not n & 1: + raise ValueError("RSA modulus is not odd") + + if key.has_private(): + # Modulus and private exponent must be coprime + if d <= 1 or d >= n: + raise ValueError("Invalid RSA private exponent") + if Integer(n).gcd(d) != 1: + raise ValueError("RSA private exponent is not coprime to modulus") + # Modulus must be product of 2 primes + if p * q != n: + raise ValueError("RSA factors do not match modulus") + if test_probable_prime(p) == COMPOSITE: + raise ValueError("RSA factor p is composite") + if test_probable_prime(q) == COMPOSITE: + raise ValueError("RSA factor q is composite") + # See Carmichael theorem + phi = (p - 1) * (q - 1) + lcm = phi // (p - 1).gcd(q - 1) + if (e * d % int(lcm)) != 1: + raise ValueError("Invalid RSA condition") + if hasattr(key, 'u'): + # CRT coefficient + if u <= 1 or u >= q: + raise ValueError("Invalid RSA component u") + if (p * u % q) != 1: + raise ValueError("Invalid RSA component u with p") + + return key + + +def _import_pkcs1_private(encoded, *kwargs): + # RSAPrivateKey ::= SEQUENCE { + # version Version, + # modulus INTEGER, -- n + # publicExponent INTEGER, -- e + # privateExponent INTEGER, -- d + # prime1 INTEGER, -- p + # prime2 INTEGER, -- q + # exponent1 INTEGER, -- d mod (p-1) + # exponent2 INTEGER, -- d mod (q-1) + # coefficient INTEGER -- (inverse of q) mod p + # } + # + # Version ::= INTEGER + der = DerSequence().decode(encoded, nr_elements=9, only_ints_expected=True) + if der[0] != 0: + raise ValueError("No PKCS#1 encoding of an RSA private key") + return construct(der[1:6] + [Integer(der[4]).inverse(der[5])]) + + +def _import_pkcs1_public(encoded, *kwargs): + # RSAPublicKey ::= SEQUENCE { + # modulus INTEGER, -- n + # publicExponent INTEGER -- e + # } + der = DerSequence().decode(encoded, nr_elements=2, only_ints_expected=True) + return construct(der) + + +def _import_subjectPublicKeyInfo(encoded, *kwargs): + + algoid, encoded_key, params = _expand_subject_public_key_info(encoded) + if algoid != oid or params is not None: + raise ValueError("No RSA subjectPublicKeyInfo") + return _import_pkcs1_public(encoded_key) + + +def _import_x509_cert(encoded, *kwargs): + + sp_info = _extract_subject_public_key_info(encoded) + return _import_subjectPublicKeyInfo(sp_info) + + +def _import_pkcs8(encoded, passphrase): + from Cryptodome.IO import PKCS8 + + k = PKCS8.unwrap(encoded, passphrase) + if k[0] != oid: + raise ValueError("No PKCS#8 encoded RSA key") + return _import_keyDER(k[1], passphrase) + + +def _import_keyDER(extern_key, passphrase): + """Import an RSA key (public or private half), encoded in DER form.""" + + decodings = (_import_pkcs1_private, + _import_pkcs1_public, + _import_subjectPublicKeyInfo, + _import_x509_cert, + _import_pkcs8) + + for decoding in decodings: + try: + return decoding(extern_key, passphrase) + except ValueError: + pass + + raise ValueError("RSA key format is not supported") + + +def _import_openssh_private_rsa(data, password): + + from ._openssh import (import_openssh_private_generic, + read_bytes, read_string, check_padding) + + ssh_name, decrypted = import_openssh_private_generic(data, password) + + if ssh_name != "ssh-rsa": + raise ValueError("This SSH key is not RSA") + + n, decrypted = read_bytes(decrypted) + e, decrypted = read_bytes(decrypted) + d, decrypted = read_bytes(decrypted) + iqmp, decrypted = read_bytes(decrypted) + p, decrypted = read_bytes(decrypted) + q, decrypted = read_bytes(decrypted) + + _, padded = read_string(decrypted) # Comment + check_padding(padded) + + build = [Integer.from_bytes(x) for x in (n, e, d, q, p, iqmp)] + return construct(build) + + +def import_key(extern_key, passphrase=None): + """Import an RSA key (public or private). + + Args: + extern_key (string or byte string): + The RSA key to import. + + The following formats are supported for an RSA **public key**: + + - X.509 certificate (binary or PEM format) + - X.509 ``subjectPublicKeyInfo`` DER SEQUENCE (binary or PEM + encoding) + - `PKCS#1`_ ``RSAPublicKey`` DER SEQUENCE (binary or PEM encoding) + - An OpenSSH line (e.g. the content of ``~/.ssh/id_ecdsa``, ASCII) + + The following formats are supported for an RSA **private key**: + + - PKCS#1 ``RSAPrivateKey`` DER SEQUENCE (binary or PEM encoding) + - `PKCS#8`_ ``PrivateKeyInfo`` or ``EncryptedPrivateKeyInfo`` + DER SEQUENCE (binary or PEM encoding) + - OpenSSH (text format, introduced in `OpenSSH 6.5`_) + + For details about the PEM encoding, see `RFC1421`_/`RFC1423`_. + + passphrase (string or byte string): + For private keys only, the pass phrase that encrypts the key. + + Returns: An RSA key object (:class:`RsaKey`). + + Raises: + ValueError/IndexError/TypeError: + When the given key cannot be parsed (possibly because the pass + phrase is wrong). + + .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt + .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt + .. _`PKCS#1`: http://www.ietf.org/rfc/rfc3447.txt + .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt + .. _`OpenSSH 6.5`: https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf + """ + + from Cryptodome.IO import PEM + + extern_key = tobytes(extern_key) + if passphrase is not None: + passphrase = tobytes(passphrase) + + if extern_key.startswith(b'-----BEGIN OPENSSH PRIVATE KEY'): + text_encoded = tostr(extern_key) + openssh_encoded, marker, enc_flag = PEM.decode(text_encoded, passphrase) + result = _import_openssh_private_rsa(openssh_encoded, passphrase) + return result + + if extern_key.startswith(b'-----'): + # This is probably a PEM encoded key. + (der, marker, enc_flag) = PEM.decode(tostr(extern_key), passphrase) + if enc_flag: + passphrase = None + return _import_keyDER(der, passphrase) + + if extern_key.startswith(b'ssh-rsa '): + # This is probably an OpenSSH key + keystring = binascii.a2b_base64(extern_key.split(b' ')[1]) + keyparts = [] + while len(keystring) > 4: + length = struct.unpack(">I", keystring[:4])[0] + keyparts.append(keystring[4:4 + length]) + keystring = keystring[4 + length:] + e = Integer.from_bytes(keyparts[1]) + n = Integer.from_bytes(keyparts[2]) + return construct([n, e]) + + if len(extern_key) > 0 and bord(extern_key[0]) == 0x30: + # This is probably a DER encoded key + return _import_keyDER(extern_key, passphrase) + + raise ValueError("RSA key format is not supported") + + +# Backward compatibility +importKey = import_key + +#: `Object ID`_ for the RSA encryption algorithm. This OID often indicates +#: a generic RSA key, even when such key will be actually used for digital +#: signatures. +#: +#: .. _`Object ID`: http://www.alvestrand.no/objectid/1.2.840.113549.1.1.1.html +oid = "1.2.840.113549.1.1.1" diff --git a/frozen_deps/Cryptodome/PublicKey/RSA.pyi b/frozen_deps/Cryptodome/PublicKey/RSA.pyi new file mode 100644 index 0000000..e4d0369 --- /dev/null +++ b/frozen_deps/Cryptodome/PublicKey/RSA.pyi @@ -0,0 +1,50 @@ +from typing import Callable, Union, Tuple, Optional + +__all__ = ['generate', 'construct', 'import_key', + 'RsaKey', 'oid'] + +RNG = Callable[[int], bytes] + +class RsaKey(object): + def __init__(self, **kwargs: int) -> None: ... + @property + def n(self) -> int: ... + @property + def e(self) -> int: ... + @property + def d(self) -> int: ... + @property + def p(self) -> int: ... + @property + def q(self) -> int: ... + @property + def u(self) -> int: ... + def size_in_bits(self) -> int: ... + def size_in_bytes(self) -> int: ... + def has_private(self) -> bool: ... + def can_encrypt(self) -> bool: ... # legacy + def can_sign(self) -> bool:... # legacy + def publickey(self) -> RsaKey: ... + def __eq__(self, other: object) -> bool: ... + def __ne__(self, other: object) -> bool: ... + def __getstate__(self) -> None: ... + def __repr__(self) -> str: ... + def __str__(self) -> str: ... + def export_key(self, format: Optional[str]="PEM", passphrase: Optional[str]=None, pkcs: Optional[int]=1, + protection: Optional[str]=None, randfunc: Optional[RNG]=None) -> bytes: ... + + # Backward compatibility + exportKey = export_key + +def generate(bits: int, randfunc: Optional[RNG]=None, e: Optional[int]=65537) -> RsaKey: ... +def construct(rsa_components: Union[Tuple[int, int], # n, e + Tuple[int, int, int], # n, e, d + Tuple[int, int, int, int, int], # n, e, d, p, q + Tuple[int, int, int, int, int, int]], # n, e, d, p, q, crt_q + consistency_check: Optional[bool]=True) -> RsaKey: ... +def import_key(extern_key: Union[str, bytes], passphrase: Optional[str]=None) -> RsaKey: ... + +# Backward compatibility +importKey = import_key + +oid: str diff --git a/frozen_deps/Cryptodome/PublicKey/__init__.py b/frozen_deps/Cryptodome/PublicKey/__init__.py new file mode 100644 index 0000000..4d019bf --- /dev/null +++ b/frozen_deps/Cryptodome/PublicKey/__init__.py @@ -0,0 +1,95 @@ +# -*- coding: utf-8 -*- +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +from Cryptodome.Util.asn1 import (DerSequence, DerInteger, DerBitString, + DerObjectId, DerNull) + + +def _expand_subject_public_key_info(encoded): + """Parse a SubjectPublicKeyInfo structure. + + It returns a triple with: + * OID (string) + * encoded public key (bytes) + * Algorithm parameters (bytes or None) + """ + + # + # SubjectPublicKeyInfo ::= SEQUENCE { + # algorithm AlgorithmIdentifier, + # subjectPublicKey BIT STRING + # } + # + # AlgorithmIdentifier ::= SEQUENCE { + # algorithm OBJECT IDENTIFIER, + # parameters ANY DEFINED BY algorithm OPTIONAL + # } + # + + spki = DerSequence().decode(encoded, nr_elements=2) + algo = DerSequence().decode(spki[0], nr_elements=(1,2)) + algo_oid = DerObjectId().decode(algo[0]) + spk = DerBitString().decode(spki[1]).value + + if len(algo) == 1: + algo_params = None + else: + try: + DerNull().decode(algo[1]) + algo_params = None + except: + algo_params = algo[1] + + return algo_oid.value, spk, algo_params + + +def _create_subject_public_key_info(algo_oid, secret_key, params=None): + + if params is None: + params = DerNull() + + spki = DerSequence([ + DerSequence([ + DerObjectId(algo_oid), + params]), + DerBitString(secret_key) + ]) + return spki.encode() + + +def _extract_subject_public_key_info(x509_certificate): + """Extract subjectPublicKeyInfo from a DER X.509 certificate.""" + + certificate = DerSequence().decode(x509_certificate, nr_elements=3) + tbs_certificate = DerSequence().decode(certificate[0], + nr_elements=range(6, 11)) + + index = 5 + try: + tbs_certificate[0] + 1 + # Version not present + version = 1 + except TypeError: + version = DerInteger(explicit=0).decode(tbs_certificate[0]).value + if version not in (2, 3): + raise ValueError("Incorrect X.509 certificate version") + index = 6 + + return tbs_certificate[index] diff --git a/frozen_deps/Cryptodome/PublicKey/__init__.pyi b/frozen_deps/Cryptodome/PublicKey/__init__.pyi new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/frozen_deps/Cryptodome/PublicKey/__init__.pyi diff --git a/frozen_deps/Cryptodome/PublicKey/_ec_ws.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/PublicKey/_ec_ws.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..fba01e8 --- /dev/null +++ b/frozen_deps/Cryptodome/PublicKey/_ec_ws.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/PublicKey/_openssh.py b/frozen_deps/Cryptodome/PublicKey/_openssh.py new file mode 100644 index 0000000..53b16df --- /dev/null +++ b/frozen_deps/Cryptodome/PublicKey/_openssh.py @@ -0,0 +1,135 @@ +# =================================================================== +# +# Copyright (c) 2019, Helder Eijs <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +import struct + +from Cryptodome.Cipher import AES +from Cryptodome.Hash import SHA512 +from Cryptodome.Protocol.KDF import _bcrypt_hash +from Cryptodome.Util.strxor import strxor +from Cryptodome.Util.py3compat import tostr, bchr, bord + + +def read_int4(data): + if len(data) < 4: + raise ValueError("Insufficient data") + value = struct.unpack(">I", data[:4])[0] + return value, data[4:] + + +def read_bytes(data): + size, data = read_int4(data) + if len(data) < size: + raise ValueError("Insufficient data (V)") + return data[:size], data[size:] + + +def read_string(data): + s, d = read_bytes(data) + return tostr(s), d + + +def check_padding(pad): + for v, x in enumerate(pad): + if bord(x) != ((v + 1) & 0xFF): + raise ValueError("Incorrect padding") + + +def import_openssh_private_generic(data, password): + # https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD + # https://github.com/openssh/openssh-portable/blob/master/sshkey.c + # https://coolaj86.com/articles/the-openssh-private-key-format/ + # https://coolaj86.com/articles/the-ssh-public-key-format/ + + if not data.startswith(b'openssh-key-v1\x00'): + raise ValueError("Incorrect magic value") + data = data[15:] + + ciphername, data = read_string(data) + kdfname, data = read_string(data) + kdfoptions, data = read_bytes(data) + number_of_keys, data = read_int4(data) + + if number_of_keys != 1: + raise ValueError("We only handle 1 key at a time") + + _, data = read_string(data) # Public key + encrypted, data = read_bytes(data) + if data: + raise ValueError("Too much data") + + if len(encrypted) % 8 != 0: + raise ValueError("Incorrect payload length") + + # Decrypt if necessary + if ciphername == 'none': + decrypted = encrypted + else: + if (ciphername, kdfname) != ('aes256-ctr', 'bcrypt'): + raise ValueError("Unsupported encryption scheme %s/%s" % (ciphername, kdfname)) + + salt, kdfoptions = read_bytes(kdfoptions) + iterations, kdfoptions = read_int4(kdfoptions) + + if len(salt) != 16: + raise ValueError("Incorrect salt length") + if kdfoptions: + raise ValueError("Too much data in kdfoptions") + + pwd_sha512 = SHA512.new(password).digest() + # We need 32+16 = 48 bytes, therefore 2 bcrypt outputs are sufficient + stripes = [] + constant = b"OxychromaticBlowfishSwatDynamite" + for count in range(1, 3): + salt_sha512 = SHA512.new(salt + struct.pack(">I", count)).digest() + out_le = _bcrypt_hash(pwd_sha512, 6, salt_sha512, constant, False) + out = struct.pack("<IIIIIIII", *struct.unpack(">IIIIIIII", out_le)) + acc = bytearray(out) + for _ in range(1, iterations): + out_le = _bcrypt_hash(pwd_sha512, 6, SHA512.new(out).digest(), constant, False) + out = struct.pack("<IIIIIIII", *struct.unpack(">IIIIIIII", out_le)) + strxor(acc, out, output=acc) + stripes.append(acc[:24]) + + result = b"".join([bchr(a)+bchr(b) for (a, b) in zip(*stripes)]) + + cipher = AES.new(result[:32], + AES.MODE_CTR, + nonce=b"", + initial_value=result[32:32+16]) + decrypted = cipher.decrypt(encrypted) + + checkint1, decrypted = read_int4(decrypted) + checkint2, decrypted = read_int4(decrypted) + if checkint1 != checkint2: + raise ValueError("Incorrect checksum") + ssh_name, decrypted = read_string(decrypted) + + return ssh_name, decrypted diff --git a/frozen_deps/Cryptodome/PublicKey/_openssh.pyi b/frozen_deps/Cryptodome/PublicKey/_openssh.pyi new file mode 100644 index 0000000..15f3677 --- /dev/null +++ b/frozen_deps/Cryptodome/PublicKey/_openssh.pyi @@ -0,0 +1,7 @@ +from typing import Tuple + +def read_int4(data: bytes) -> Tuple[int, bytes]: ... +def read_bytes(data: bytes) -> Tuple[bytes, bytes]: ... +def read_string(data: bytes) -> Tuple[str, bytes]: ... +def check_padding(pad: bytes) -> None: ... +def import_openssh_private_generic(data: bytes, password: bytes) -> Tuple[str, bytes]: ... diff --git a/frozen_deps/Crypto/Random/__init__.py b/frozen_deps/Cryptodome/Random/__init__.py index 659ffee..fd18d86 100644 --- a/frozen_deps/Crypto/Random/__init__.py +++ b/frozen_deps/Cryptodome/Random/__init__.py @@ -1,8 +1,6 @@ # -*- coding: utf-8 -*- # -# Random/__init__.py : PyCrypto random number generation -# -# Written in 2008 by Dwayne C. Litzenberger <[email protected]> +# Random/__init__.py : PyCryptodome random number generation # # =================================================================== # The contents of this file are dedicated to the public domain. To @@ -22,22 +20,38 @@ # SOFTWARE. # =================================================================== -__revision__ = "$Id$" -__all__ = ['new'] +__all__ = ['new', 'get_random_bytes'] + +from os import urandom + +class _UrandomRNG(object): + + def read(self, n): + """Return a random byte string of the desired size.""" + return urandom(n) -from Crypto.Random import OSRNG -from Crypto.Random import _UserFriendlyRNG + def flush(self): + """Method provided for backward compatibility only.""" + pass + + def reinit(self): + """Method provided for backward compatibility only.""" + pass + + def close(self): + """Method provided for backward compatibility only.""" + pass + def new(*args, **kwargs): """Return a file-like object that outputs cryptographically random bytes.""" - return _UserFriendlyRNG.new(*args, **kwargs) + return _UrandomRNG() + def atfork(): - """Call this whenever you call os.fork()""" - _UserFriendlyRNG.reinit() + pass + -def get_random_bytes(n): - """Return the specified number of cryptographically-strong random bytes.""" - return _UserFriendlyRNG.get_random_bytes(n) +#: Function that returns a random byte string of the desired size. +get_random_bytes = urandom -# vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/frozen_deps/Cryptodome/Random/__init__.pyi b/frozen_deps/Cryptodome/Random/__init__.pyi new file mode 100644 index 0000000..ddc5b9b --- /dev/null +++ b/frozen_deps/Cryptodome/Random/__init__.pyi @@ -0,0 +1,19 @@ +from typing import Any + +__all__ = ['new', 'get_random_bytes'] + +from os import urandom + +class _UrandomRNG(object): + + def read(self, n: int) -> bytes:... + def flush(self) -> None: ... + def reinit(self) -> None: ... + def close(self) -> None: ... + +def new(*args: Any, **kwargs: Any) -> _UrandomRNG: ... + +def atfork() -> None: ... + +get_random_bytes = urandom + diff --git a/frozen_deps/Crypto/Random/random.py b/frozen_deps/Cryptodome/Random/random.py index cd9a221..da30795 100644 --- a/frozen_deps/Crypto/Random/random.py +++ b/frozen_deps/Cryptodome/Random/random.py @@ -22,15 +22,11 @@ # SOFTWARE. # =================================================================== -"""A cryptographically strong version of Python's standard "random" module.""" - -__revision__ = "$Id$" __all__ = ['StrongRandom', 'getrandbits', 'randrange', 'randint', 'choice', 'shuffle', 'sample'] -from Crypto import Random -import sys -if sys.version_info[0] == 2 and sys.version_info[1] == 1: - from Crypto.Util.py21compat import * +from Cryptodome import Random + +from Cryptodome.Util.py3compat import is_native_int class StrongRandom(object): def __init__(self, rng=None, randfunc=None): @@ -44,7 +40,8 @@ class StrongRandom(object): raise ValueError("Cannot specify both 'rng' and 'randfunc'") def getrandbits(self, k): - """Return a python long integer with k random bits.""" + """Return an integer with k random bits.""" + if self._randfunc is None: self._randfunc = Random.new().read mask = (1 << k) - 1 @@ -64,9 +61,8 @@ class StrongRandom(object): step = 1 else: raise TypeError("randrange expected at most 3 arguments, got %d" % (len(args),)) - if (not isinstance(start, int) - or not isinstance(stop, int) - or not isinstance(step, int)): + if (not is_native_int(start) or not is_native_int(stop) or not + is_native_int(step)): raise TypeError("randrange requires integer arguments") if step == 0: raise ValueError("randrange step argument must not be zero") @@ -86,7 +82,7 @@ class StrongRandom(object): def randint(self, a, b): """Return a random integer N such that a <= N <= b.""" - if not isinstance(a, int) or not isinstance(b, int): + if not is_native_int(a) or not is_native_int(b): raise TypeError("randint requires integer arguments") N = self.randrange(a, b+1) assert a <= N <= b @@ -103,13 +99,13 @@ class StrongRandom(object): def shuffle(self, x): """Shuffle the sequence in place.""" - # Make a (copy) of the list of objects we want to shuffle - items = list(x) - - # Choose a random item (without replacement) until all the items have been - # chosen. - for i in range(len(x)): - x[i] = items.pop(self.randrange(len(items))) + # Fisher-Yates shuffle. O(n) + # See http://en.wikipedia.org/wiki/Fisher-Yates_shuffle + # Working backwards from the end of the array, we choose a random item + # from the remaining items until all items have been chosen. + for i in range(len(x)-1, 0, -1): # iterate from len(x)-1 downto 1 + j = self.randrange(0, i+1) # choose random j such that 0 <= j <= i + x[i], x[j] = x[j], x[i] # exchange x[i] and x[j] def sample(self, population, k): """Return a k-length list of unique elements chosen from the population sequence.""" @@ -137,6 +133,6 @@ shuffle = _r.shuffle sample = _r.sample # These are at the bottom to avoid problems with recursive imports -from Crypto.Util.number import ceil_div, bytes_to_long, long_to_bytes, size +from Cryptodome.Util.number import ceil_div, bytes_to_long, long_to_bytes, size # vim:set ts=4 sw=4 sts=4 expandtab: diff --git a/frozen_deps/Cryptodome/Random/random.pyi b/frozen_deps/Cryptodome/Random/random.pyi new file mode 100644 index 0000000..f873c4a --- /dev/null +++ b/frozen_deps/Cryptodome/Random/random.pyi @@ -0,0 +1,20 @@ +from typing import Callable, Tuple, Union, Sequence, Any, Optional + +__all__ = ['StrongRandom', 'getrandbits', 'randrange', 'randint', 'choice', 'shuffle', 'sample'] + +class StrongRandom(object): + def __init__(self, rng: Optional[Any]=None, randfunc: Optional[Callable]=None) -> None: ... # TODO What is rng? + def getrandbits(self, k: int) -> int: ... + def randrange(self, start: int, stop: int = ..., step: int = ...) -> int: ... + def randint(self, a: int, b: int) -> int: ... + def choice(self, seq: Sequence) -> object: ... + def shuffle(self, x: Sequence) -> None: ... + def sample(self, population: Sequence, k: int) -> list: ... + +_r = StrongRandom() +getrandbits = _r.getrandbits +randrange = _r.randrange +randint = _r.randint +choice = _r.choice +shuffle = _r.shuffle +sample = _r.sample diff --git a/frozen_deps/Cryptodome/Signature/DSS.py b/frozen_deps/Cryptodome/Signature/DSS.py new file mode 100644 index 0000000..3dcbeb4 --- /dev/null +++ b/frozen_deps/Cryptodome/Signature/DSS.py @@ -0,0 +1,413 @@ +# +# Signature/DSS.py : DSS.py +# +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +__all__ = ['new'] + + +from Cryptodome.Util.asn1 import DerSequence +from Cryptodome.Util.number import long_to_bytes +from Cryptodome.Math.Numbers import Integer + +from Cryptodome.Hash import HMAC +from Cryptodome.PublicKey.ECC import EccKey + + +class DssSigScheme(object): + """A (EC)DSA signature object. + Do not instantiate directly. + Use :func:`Cryptodome.Signature.DSS.new`. + """ + + def __init__(self, key, encoding, order): + """Create a new Digital Signature Standard (DSS) object. + + Do not instantiate this object directly, + use `Cryptodome.Signature.DSS.new` instead. + """ + + self._key = key + self._encoding = encoding + self._order = order + + self._order_bits = self._order.size_in_bits() + self._order_bytes = (self._order_bits - 1) // 8 + 1 + + def can_sign(self): + """Return ``True`` if this signature object can be used + for signing messages.""" + + return self._key.has_private() + + def _compute_nonce(self, msg_hash): + raise NotImplementedError("To be provided by subclasses") + + def _valid_hash(self, msg_hash): + raise NotImplementedError("To be provided by subclasses") + + def sign(self, msg_hash): + """Produce the DSA/ECDSA signature of a message. + + :parameter msg_hash: + The hash that was carried out over the message. + The object belongs to the :mod:`Cryptodome.Hash` package. + + Under mode *'fips-186-3'*, the hash must be a FIPS + approved secure hash (SHA-1 or a member of the SHA-2 family), + of cryptographic strength appropriate for the DSA key. + For instance, a 3072/256 DSA key can only be used + in combination with SHA-512. + :type msg_hash: hash object + + :return: The signature as a *byte string* + :raise ValueError: if the hash algorithm is incompatible to the (EC)DSA key + :raise TypeError: if the (EC)DSA key has no private half + """ + + if not self._valid_hash(msg_hash): + raise ValueError("Hash is not sufficiently strong") + + # Generate the nonce k (critical!) + nonce = self._compute_nonce(msg_hash) + + # Perform signature using the raw API + z = Integer.from_bytes(msg_hash.digest()[:self._order_bytes]) + sig_pair = self._key._sign(z, nonce) + + # Encode the signature into a single byte string + if self._encoding == 'binary': + output = b"".join([long_to_bytes(x, self._order_bytes) + for x in sig_pair]) + else: + # Dss-sig ::= SEQUENCE { + # r INTEGER, + # s INTEGER + # } + # Ecdsa-Sig-Value ::= SEQUENCE { + # r INTEGER, + # s INTEGER + # } + output = DerSequence(sig_pair).encode() + + return output + + def verify(self, msg_hash, signature): + """Check if a certain (EC)DSA signature is authentic. + + :parameter msg_hash: + The hash that was carried out over the message. + This is an object belonging to the :mod:`Cryptodome.Hash` module. + + Under mode *'fips-186-3'*, the hash must be a FIPS + approved secure hash (SHA-1 or a member of the SHA-2 family), + of cryptographic strength appropriate for the DSA key. + For instance, a 3072/256 DSA key can only be used in + combination with SHA-512. + :type msg_hash: hash object + + :parameter signature: + The signature that needs to be validated + :type signature: byte string + + :raise ValueError: if the signature is not authentic + """ + + if not self._valid_hash(msg_hash): + raise ValueError("Hash is not sufficiently strong") + + if self._encoding == 'binary': + if len(signature) != (2 * self._order_bytes): + raise ValueError("The signature is not authentic (length)") + r_prime, s_prime = [Integer.from_bytes(x) + for x in (signature[:self._order_bytes], + signature[self._order_bytes:])] + else: + try: + der_seq = DerSequence().decode(signature, strict=True) + except (ValueError, IndexError): + raise ValueError("The signature is not authentic (DER)") + if len(der_seq) != 2 or not der_seq.hasOnlyInts(): + raise ValueError("The signature is not authentic (DER content)") + r_prime, s_prime = Integer(der_seq[0]), Integer(der_seq[1]) + + if not (0 < r_prime < self._order) or not (0 < s_prime < self._order): + raise ValueError("The signature is not authentic (d)") + + z = Integer.from_bytes(msg_hash.digest()[:self._order_bytes]) + result = self._key._verify(z, (r_prime, s_prime)) + if not result: + raise ValueError("The signature is not authentic") + # Make PyCryptodome code to fail + return False + + +class DeterministicDsaSigScheme(DssSigScheme): + # Also applicable to ECDSA + + def __init__(self, key, encoding, order, private_key): + super(DeterministicDsaSigScheme, self).__init__(key, encoding, order) + self._private_key = private_key + + def _bits2int(self, bstr): + """See 2.3.2 in RFC6979""" + + result = Integer.from_bytes(bstr) + q_len = self._order.size_in_bits() + b_len = len(bstr) * 8 + if b_len > q_len: + # Only keep leftmost q_len bits + result >>= (b_len - q_len) + return result + + def _int2octets(self, int_mod_q): + """See 2.3.3 in RFC6979""" + + assert 0 < int_mod_q < self._order + return long_to_bytes(int_mod_q, self._order_bytes) + + def _bits2octets(self, bstr): + """See 2.3.4 in RFC6979""" + + z1 = self._bits2int(bstr) + if z1 < self._order: + z2 = z1 + else: + z2 = z1 - self._order + return self._int2octets(z2) + + def _compute_nonce(self, mhash): + """Generate k in a deterministic way""" + + # See section 3.2 in RFC6979.txt + # Step a + h1 = mhash.digest() + # Step b + mask_v = b'\x01' * mhash.digest_size + # Step c + nonce_k = b'\x00' * mhash.digest_size + + for int_oct in (b'\x00', b'\x01'): + # Step d/f + nonce_k = HMAC.new(nonce_k, + mask_v + int_oct + + self._int2octets(self._private_key) + + self._bits2octets(h1), mhash).digest() + # Step e/g + mask_v = HMAC.new(nonce_k, mask_v, mhash).digest() + + nonce = -1 + while not (0 < nonce < self._order): + # Step h.C (second part) + if nonce != -1: + nonce_k = HMAC.new(nonce_k, mask_v + b'\x00', + mhash).digest() + mask_v = HMAC.new(nonce_k, mask_v, mhash).digest() + + # Step h.A + mask_t = b"" + + # Step h.B + while len(mask_t) < self._order_bytes: + mask_v = HMAC.new(nonce_k, mask_v, mhash).digest() + mask_t += mask_v + + # Step h.C (first part) + nonce = self._bits2int(mask_t) + return nonce + + def _valid_hash(self, msg_hash): + return True + + +class FipsDsaSigScheme(DssSigScheme): + + #: List of L (bit length of p) and N (bit length of q) combinations + #: that are allowed by FIPS 186-3. The security level is provided in + #: Table 2 of FIPS 800-57 (rev3). + _fips_186_3_L_N = ( + (1024, 160), # 80 bits (SHA-1 or stronger) + (2048, 224), # 112 bits (SHA-224 or stronger) + (2048, 256), # 128 bits (SHA-256 or stronger) + (3072, 256) # 256 bits (SHA-512) + ) + + def __init__(self, key, encoding, order, randfunc): + super(FipsDsaSigScheme, self).__init__(key, encoding, order) + self._randfunc = randfunc + + L = Integer(key.p).size_in_bits() + if (L, self._order_bits) not in self._fips_186_3_L_N: + error = ("L/N (%d, %d) is not compliant to FIPS 186-3" + % (L, self._order_bits)) + raise ValueError(error) + + def _compute_nonce(self, msg_hash): + # hash is not used + return Integer.random_range(min_inclusive=1, + max_exclusive=self._order, + randfunc=self._randfunc) + + def _valid_hash(self, msg_hash): + """Verify that SHA-1, SHA-2 or SHA-3 are used""" + return (msg_hash.oid == "1.3.14.3.2.26" or + msg_hash.oid.startswith("2.16.840.1.101.3.4.2.")) + + +class FipsEcDsaSigScheme(DssSigScheme): + + def __init__(self, key, encoding, order, randfunc): + super(FipsEcDsaSigScheme, self).__init__(key, encoding, order) + self._randfunc = randfunc + + def _compute_nonce(self, msg_hash): + return Integer.random_range(min_inclusive=1, + max_exclusive=self._key._curve.order, + randfunc=self._randfunc) + + def _valid_hash(self, msg_hash): + """Verify that SHA-[23] (256|384|512) bits are used to + match the security of P-256 (128 bits), P-384 (192 bits) + or P-521 (256 bits)""" + + modulus_bits = self._key.pointQ.size_in_bits() + + sha256 = ( "2.16.840.1.101.3.4.2.1", "2.16.840.1.101.3.4.2.8" ) + sha384 = ( "2.16.840.1.101.3.4.2.2", "2.16.840.1.101.3.4.2.9" ) + sha512 = ( "2.16.840.1.101.3.4.2.3", "2.16.840.1.101.3.4.2.10") + + if msg_hash.oid in sha256: + return modulus_bits <= 256 + elif msg_hash.oid in sha384: + return modulus_bits <= 384 + else: + return msg_hash.oid in sha512 + + +def new(key, mode, encoding='binary', randfunc=None): + """Create a signature object :class:`DSS_SigScheme` that + can perform (EC)DSA signature or verification. + + .. note:: + Refer to `NIST SP 800 Part 1 Rev 4`_ (or newer release) for an + overview of the recommended key lengths. + + :parameter key: + The key to use for computing the signature (*private* keys only) + or verifying one: it must be either + :class:`Cryptodome.PublicKey.DSA` or :class:`Cryptodome.PublicKey.ECC`. + + For DSA keys, let ``L`` and ``N`` be the bit lengths of the modulus ``p`` + and of ``q``: the pair ``(L,N)`` must appear in the following list, + in compliance to section 4.2 of `FIPS 186-4`_: + + - (1024, 160) *legacy only; do not create new signatures with this* + - (2048, 224) *deprecated; do not create new signatures with this* + - (2048, 256) + - (3072, 256) + + For ECC, only keys over P-256, P384, and P-521 are accepted. + :type key: + a key object + + :parameter mode: + The parameter can take these values: + + - *'fips-186-3'*. The signature generation is randomized and carried out + according to `FIPS 186-3`_: the nonce ``k`` is taken from the RNG. + - *'deterministic-rfc6979'*. The signature generation is not + randomized. See RFC6979_. + :type mode: + string + + :parameter encoding: + How the signature is encoded. This value determines the output of + :meth:`sign` and the input to :meth:`verify`. + + The following values are accepted: + + - *'binary'* (default), the signature is the raw concatenation + of ``r`` and ``s``. It is defined in the IEEE P.1363 standard. + + For DSA, the size in bytes of the signature is ``N/4`` bytes + (e.g. 64 for ``N=256``). + + For ECDSA, the signature is always twice the length of a point + coordinate (e.g. 64 bytes for P-256). + + - *'der'*, the signature is a ASN.1 DER SEQUENCE + with two INTEGERs (``r`` and ``s``). It is defined in RFC3279_. + The size of the signature is variable. + :type encoding: string + + :parameter randfunc: + A function that returns random *byte strings*, of a given length. + If omitted, the internal RNG is used. + Only applicable for the *'fips-186-3'* mode. + :type randfunc: callable + + .. _FIPS 186-3: http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf + .. _FIPS 186-4: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf + .. _NIST SP 800 Part 1 Rev 4: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf + .. _RFC6979: http://tools.ietf.org/html/rfc6979 + .. _RFC3279: https://tools.ietf.org/html/rfc3279#section-2.2.2 + """ + + # The goal of the 'mode' parameter is to avoid to + # have the current version of the standard as default. + # + # Over time, such version will be superseded by (for instance) + # FIPS 186-4 and it will be odd to have -3 as default. + + if encoding not in ('binary', 'der'): + raise ValueError("Unknown encoding '%s'" % encoding) + + if isinstance(key, EccKey): + order = key._curve.order + private_key_attr = 'd' + else: + order = Integer(key.q) + private_key_attr = 'x' + + if key.has_private(): + private_key = getattr(key, private_key_attr) + else: + private_key = None + + if mode == 'deterministic-rfc6979': + return DeterministicDsaSigScheme(key, encoding, order, private_key) + elif mode == 'fips-186-3': + if isinstance(key, EccKey): + return FipsEcDsaSigScheme(key, encoding, order, randfunc) + else: + return FipsDsaSigScheme(key, encoding, order, randfunc) + else: + raise ValueError("Unknown DSS mode '%s'" % mode) diff --git a/frozen_deps/Cryptodome/Signature/DSS.pyi b/frozen_deps/Cryptodome/Signature/DSS.pyi new file mode 100644 index 0000000..52ecc8f --- /dev/null +++ b/frozen_deps/Cryptodome/Signature/DSS.pyi @@ -0,0 +1,27 @@ +from typing import Union, Optional, Callable +from typing_extensions import Protocol + +from Cryptodome.PublicKey.DSA import DsaKey +from Cryptodome.PublicKey.ECC import EccKey + +class Hash(Protocol): + def digest(self) -> bytes: ... + +__all__ = ['new'] + +class DssSigScheme: + def __init__(self, key: Union[DsaKey, EccKey], encoding: str, order: int) -> None: ... + def can_sign(self) -> bool: ... + def sign(self, msg_hash: Hash) -> bytes: ... + def verify(self, msg_hash: Hash, signature: bytes) -> bool: ... + +class DeterministicDsaSigScheme(DssSigScheme): + def __init__(self, key, encoding, order, private_key) -> None: ... + +class FipsDsaSigScheme(DssSigScheme): + def __init__(self, key: DsaKey, encoding: str, order: int, randfunc: Callable) -> None: ... + +class FipsEcDsaSigScheme(DssSigScheme): + def __init__(self, key: EccKey, encoding: str, order: int, randfunc: Callable) -> None: ... + +def new(key: Union[DsaKey, EccKey], mode: str, encoding: Optional[str]='binary', randfunc: Optional[Callable]=None) -> Union[DeterministicDsaSigScheme, FipsDsaSigScheme, FipsEcDsaSigScheme]: ... diff --git a/frozen_deps/Cryptodome/Signature/PKCS1_PSS.py b/frozen_deps/Cryptodome/Signature/PKCS1_PSS.py new file mode 100644 index 0000000..1e7e5b5 --- /dev/null +++ b/frozen_deps/Cryptodome/Signature/PKCS1_PSS.py @@ -0,0 +1,55 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +""" +Legacy module for PKCS#1 PSS signatures. + +:undocumented: __package__ +""" + +import types + +from Cryptodome.Signature import pss + + +def _pycrypto_verify(self, hash_object, signature): + try: + self._verify(hash_object, signature) + except (ValueError, TypeError): + return False + return True + + +def new(rsa_key, mgfunc=None, saltLen=None, randfunc=None): + pkcs1 = pss.new(rsa_key, mask_func=mgfunc, + salt_bytes=saltLen, rand_func=randfunc) + pkcs1._verify = pkcs1.verify + pkcs1.verify = types.MethodType(_pycrypto_verify, pkcs1) + return pkcs1 diff --git a/frozen_deps/Cryptodome/Signature/PKCS1_PSS.pyi b/frozen_deps/Cryptodome/Signature/PKCS1_PSS.pyi new file mode 100644 index 0000000..7ed68e6 --- /dev/null +++ b/frozen_deps/Cryptodome/Signature/PKCS1_PSS.pyi @@ -0,0 +1,7 @@ +from typing import Optional, Callable + +from Cryptodome.PublicKey.RSA import RsaKey +from Cryptodome.Signature.pss import PSS_SigScheme + + +def new(rsa_key: RsaKey, mgfunc: Optional[Callable]=None, saltLen: Optional[int]=None, randfunc: Optional[Callable]=None) -> PSS_SigScheme: ... diff --git a/frozen_deps/Cryptodome/Signature/PKCS1_v1_5.py b/frozen_deps/Cryptodome/Signature/PKCS1_v1_5.py new file mode 100644 index 0000000..d560663 --- /dev/null +++ b/frozen_deps/Cryptodome/Signature/PKCS1_v1_5.py @@ -0,0 +1,53 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +""" +Legacy module for PKCS#1 v1.5 signatures. + +:undocumented: __package__ +""" + +import types + +from Cryptodome.Signature import pkcs1_15 + +def _pycrypto_verify(self, hash_object, signature): + try: + self._verify(hash_object, signature) + except (ValueError, TypeError): + return False + return True + +def new(rsa_key): + pkcs1 = pkcs1_15.new(rsa_key) + pkcs1._verify = pkcs1.verify + pkcs1.verify = types.MethodType(_pycrypto_verify, pkcs1) + return pkcs1 + diff --git a/frozen_deps/Cryptodome/Signature/PKCS1_v1_5.pyi b/frozen_deps/Cryptodome/Signature/PKCS1_v1_5.pyi new file mode 100644 index 0000000..5851e5b --- /dev/null +++ b/frozen_deps/Cryptodome/Signature/PKCS1_v1_5.pyi @@ -0,0 +1,6 @@ +from Cryptodome.PublicKey.RSA import RsaKey + +from Cryptodome.Signature.pkcs1_15 import PKCS115_SigScheme + + +def new(rsa_key: RsaKey) -> PKCS115_SigScheme: ...
\ No newline at end of file diff --git a/frozen_deps/Cryptodome/Signature/__init__.py b/frozen_deps/Cryptodome/Signature/__init__.py new file mode 100644 index 0000000..da028a5 --- /dev/null +++ b/frozen_deps/Cryptodome/Signature/__init__.py @@ -0,0 +1,36 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +"""Digital signature protocols + +A collection of standardized protocols to carry out digital signatures. +""" + +__all__ = ['PKCS1_v1_5', 'PKCS1_PSS', 'DSS', 'pkcs1_15', 'pss'] diff --git a/frozen_deps/Cryptodome/Signature/pkcs1_15.py b/frozen_deps/Cryptodome/Signature/pkcs1_15.py new file mode 100644 index 0000000..f572f85 --- /dev/null +++ b/frozen_deps/Cryptodome/Signature/pkcs1_15.py @@ -0,0 +1,222 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +import Cryptodome.Util.number +from Cryptodome.Util.number import ceil_div, bytes_to_long, long_to_bytes +from Cryptodome.Util.asn1 import DerSequence, DerNull, DerOctetString, DerObjectId + +class PKCS115_SigScheme: + """A signature object for ``RSASSA-PKCS1-v1_5``. + Do not instantiate directly. + Use :func:`Cryptodome.Signature.pkcs1_15.new`. + """ + + def __init__(self, rsa_key): + """Initialize this PKCS#1 v1.5 signature scheme object. + + :Parameters: + rsa_key : an RSA key object + Creation of signatures is only possible if this is a *private* + RSA key. Verification of signatures is always possible. + """ + self._key = rsa_key + + def can_sign(self): + """Return ``True`` if this object can be used to sign messages.""" + return self._key.has_private() + + def sign(self, msg_hash): + """Create the PKCS#1 v1.5 signature of a message. + + This function is also called ``RSASSA-PKCS1-V1_5-SIGN`` and + it is specified in + `section 8.2.1 of RFC8017 <https://tools.ietf.org/html/rfc8017#page-36>`_. + + :parameter msg_hash: + This is an object from the :mod:`Cryptodome.Hash` package. + It has been used to digest the message to sign. + :type msg_hash: hash object + + :return: the signature encoded as a *byte string*. + :raise ValueError: if the RSA key is not long enough for the given hash algorithm. + :raise TypeError: if the RSA key has no private half. + """ + + # See 8.2.1 in RFC3447 + modBits = Cryptodome.Util.number.size(self._key.n) + k = ceil_div(modBits,8) # Convert from bits to bytes + + # Step 1 + em = _EMSA_PKCS1_V1_5_ENCODE(msg_hash, k) + # Step 2a (OS2IP) + em_int = bytes_to_long(em) + # Step 2b (RSASP1) + m_int = self._key._decrypt(em_int) + # Step 2c (I2OSP) + signature = long_to_bytes(m_int, k) + return signature + + def verify(self, msg_hash, signature): + """Check if the PKCS#1 v1.5 signature over a message is valid. + + This function is also called ``RSASSA-PKCS1-V1_5-VERIFY`` and + it is specified in + `section 8.2.2 of RFC8037 <https://tools.ietf.org/html/rfc8017#page-37>`_. + + :parameter msg_hash: + The hash that was carried out over the message. This is an object + belonging to the :mod:`Cryptodome.Hash` module. + :type parameter: hash object + + :parameter signature: + The signature that needs to be validated. + :type signature: byte string + + :raise ValueError: if the signature is not valid. + """ + + # See 8.2.2 in RFC3447 + modBits = Cryptodome.Util.number.size(self._key.n) + k = ceil_div(modBits, 8) # Convert from bits to bytes + + # Step 1 + if len(signature) != k: + raise ValueError("Invalid signature") + # Step 2a (O2SIP) + signature_int = bytes_to_long(signature) + # Step 2b (RSAVP1) + em_int = self._key._encrypt(signature_int) + # Step 2c (I2OSP) + em1 = long_to_bytes(em_int, k) + # Step 3 + try: + possible_em1 = [ _EMSA_PKCS1_V1_5_ENCODE(msg_hash, k, True) ] + # MD2/4/5 hashes always require NULL params in AlgorithmIdentifier. + # For all others, it is optional. + try: + algorithm_is_md = msg_hash.oid.startswith('1.2.840.113549.2.') + except AttributeError: + algorithm_is_md = False + if not algorithm_is_md: # MD2/MD4/MD5 + possible_em1.append(_EMSA_PKCS1_V1_5_ENCODE(msg_hash, k, False)) + except ValueError: + raise ValueError("Invalid signature") + # Step 4 + # By comparing the full encodings (as opposed to checking each + # of its components one at a time) we avoid attacks to the padding + # scheme like Bleichenbacher's (see http://www.mail-archive.com/[email protected]/msg06537). + # + if em1 not in possible_em1: + raise ValueError("Invalid signature") + pass + + +def _EMSA_PKCS1_V1_5_ENCODE(msg_hash, emLen, with_hash_parameters=True): + """ + Implement the ``EMSA-PKCS1-V1_5-ENCODE`` function, as defined + in PKCS#1 v2.1 (RFC3447, 9.2). + + ``_EMSA-PKCS1-V1_5-ENCODE`` actually accepts the message ``M`` as input, + and hash it internally. Here, we expect that the message has already + been hashed instead. + + :Parameters: + msg_hash : hash object + The hash object that holds the digest of the message being signed. + emLen : int + The length the final encoding must have, in bytes. + with_hash_parameters : bool + If True (default), include NULL parameters for the hash + algorithm in the ``digestAlgorithm`` SEQUENCE. + + :attention: the early standard (RFC2313) stated that ``DigestInfo`` + had to be BER-encoded. This means that old signatures + might have length tags in indefinite form, which + is not supported in DER. Such encoding cannot be + reproduced by this function. + + :Return: An ``emLen`` byte long string that encodes the hash. + """ + + # First, build the ASN.1 DER object DigestInfo: + # + # DigestInfo ::= SEQUENCE { + # digestAlgorithm AlgorithmIdentifier, + # digest OCTET STRING + # } + # + # where digestAlgorithm identifies the hash function and shall be an + # algorithm ID with an OID in the set PKCS1-v1-5DigestAlgorithms. + # + # PKCS1-v1-5DigestAlgorithms ALGORITHM-IDENTIFIER ::= { + # { OID id-md2 PARAMETERS NULL }| + # { OID id-md5 PARAMETERS NULL }| + # { OID id-sha1 PARAMETERS NULL }| + # { OID id-sha256 PARAMETERS NULL }| + # { OID id-sha384 PARAMETERS NULL }| + # { OID id-sha512 PARAMETERS NULL } + # } + # + # Appendix B.1 also says that for SHA-1/-2 algorithms, the parameters + # should be omitted. They may be present, but when they are, they shall + # have NULL value. + + digestAlgo = DerSequence([ DerObjectId(msg_hash.oid).encode() ]) + + if with_hash_parameters: + digestAlgo.append(DerNull().encode()) + + digest = DerOctetString(msg_hash.digest()) + digestInfo = DerSequence([ + digestAlgo.encode(), + digest.encode() + ]).encode() + + # We need at least 11 bytes for the remaining data: 3 fixed bytes and + # at least 8 bytes of padding). + if emLen<len(digestInfo)+11: + raise TypeError("Selected hash algorith has a too long digest (%d bytes)." % len(digest)) + PS = b'\xFF' * (emLen - len(digestInfo) - 3) + return b'\x00\x01' + PS + b'\x00' + digestInfo + +def new(rsa_key): + """Create a signature object for creating + or verifying PKCS#1 v1.5 signatures. + + :parameter rsa_key: + The RSA key to use for signing or verifying the message. + This is a :class:`Cryptodome.PublicKey.RSA` object. + Signing is only possible when ``rsa_key`` is a **private** RSA key. + :type rsa_key: RSA object + + :return: a :class:`PKCS115_SigScheme` signature object + """ + return PKCS115_SigScheme(rsa_key) + diff --git a/frozen_deps/Cryptodome/Signature/pkcs1_15.pyi b/frozen_deps/Cryptodome/Signature/pkcs1_15.pyi new file mode 100644 index 0000000..04faf60 --- /dev/null +++ b/frozen_deps/Cryptodome/Signature/pkcs1_15.pyi @@ -0,0 +1,17 @@ +from typing import Optional +from typing_extensions import Protocol + +from Cryptodome.PublicKey.RSA import RsaKey + +class Hash(Protocol): + def digest(self) -> bytes: ... + +class PKCS115_SigScheme: + def __init__(self, rsa_key: RsaKey) -> None: ... + def can_sign(self) -> bool: ... + def sign(self, msg_hash: Hash) -> bytes: ... + def verify(self, msg_hash: Hash, signature: bytes) -> None: ... + +def _EMSA_PKCS1_V1_5_ENCODE(msg_hash: Hash, emLen: int, with_hash_parameters: Optional[bool]=True) -> bytes: ... + +def new(rsa_key: RsaKey) -> PKCS115_SigScheme: ... diff --git a/frozen_deps/Cryptodome/Signature/pss.py b/frozen_deps/Cryptodome/Signature/pss.py new file mode 100644 index 0000000..0b05ed2 --- /dev/null +++ b/frozen_deps/Cryptodome/Signature/pss.py @@ -0,0 +1,386 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from Cryptodome.Util.py3compat import bchr, bord, iter_range +import Cryptodome.Util.number +from Cryptodome.Util.number import (ceil_div, + long_to_bytes, + bytes_to_long + ) +from Cryptodome.Util.strxor import strxor +from Cryptodome import Random + + +class PSS_SigScheme: + """A signature object for ``RSASSA-PSS``. + Do not instantiate directly. + Use :func:`Cryptodome.Signature.pss.new`. + """ + + def __init__(self, key, mgfunc, saltLen, randfunc): + """Initialize this PKCS#1 PSS signature scheme object. + + :Parameters: + key : an RSA key object + If a private half is given, both signature and + verification are possible. + If a public half is given, only verification is possible. + mgfunc : callable + A mask generation function that accepts two parameters: + a string to use as seed, and the lenth of the mask to + generate, in bytes. + saltLen : integer + Length of the salt, in bytes. + randfunc : callable + A function that returns random bytes. + """ + + self._key = key + self._saltLen = saltLen + self._mgfunc = mgfunc + self._randfunc = randfunc + + def can_sign(self): + """Return ``True`` if this object can be used to sign messages.""" + return self._key.has_private() + + def sign(self, msg_hash): + """Create the PKCS#1 PSS signature of a message. + + This function is also called ``RSASSA-PSS-SIGN`` and + it is specified in + `section 8.1.1 of RFC8017 <https://tools.ietf.org/html/rfc8017#section-8.1.1>`_. + + :parameter msg_hash: + This is an object from the :mod:`Cryptodome.Hash` package. + It has been used to digest the message to sign. + :type msg_hash: hash object + + :return: the signature encoded as a *byte string*. + :raise ValueError: if the RSA key is not long enough for the given hash algorithm. + :raise TypeError: if the RSA key has no private half. + """ + + # Set defaults for salt length and mask generation function + if self._saltLen is None: + sLen = msg_hash.digest_size + else: + sLen = self._saltLen + + if self._mgfunc is None: + mgf = lambda x, y: MGF1(x, y, msg_hash) + else: + mgf = self._mgfunc + + modBits = Cryptodome.Util.number.size(self._key.n) + + # See 8.1.1 in RFC3447 + k = ceil_div(modBits, 8) # k is length in bytes of the modulus + # Step 1 + em = _EMSA_PSS_ENCODE(msg_hash, modBits-1, self._randfunc, mgf, sLen) + # Step 2a (OS2IP) + em_int = bytes_to_long(em) + # Step 2b (RSASP1) + m_int = self._key._decrypt(em_int) + # Step 2c (I2OSP) + signature = long_to_bytes(m_int, k) + return signature + + def verify(self, msg_hash, signature): + """Check if the PKCS#1 PSS signature over a message is valid. + + This function is also called ``RSASSA-PSS-VERIFY`` and + it is specified in + `section 8.1.2 of RFC8037 <https://tools.ietf.org/html/rfc8017#section-8.1.2>`_. + + :parameter msg_hash: + The hash that was carried out over the message. This is an object + belonging to the :mod:`Cryptodome.Hash` module. + :type parameter: hash object + + :parameter signature: + The signature that needs to be validated. + :type signature: bytes + + :raise ValueError: if the signature is not valid. + """ + + # Set defaults for salt length and mask generation function + if self._saltLen is None: + sLen = msg_hash.digest_size + else: + sLen = self._saltLen + if self._mgfunc: + mgf = self._mgfunc + else: + mgf = lambda x, y: MGF1(x, y, msg_hash) + + modBits = Cryptodome.Util.number.size(self._key.n) + + # See 8.1.2 in RFC3447 + k = ceil_div(modBits, 8) # Convert from bits to bytes + # Step 1 + if len(signature) != k: + raise ValueError("Incorrect signature") + # Step 2a (O2SIP) + signature_int = bytes_to_long(signature) + # Step 2b (RSAVP1) + em_int = self._key._encrypt(signature_int) + # Step 2c (I2OSP) + emLen = ceil_div(modBits - 1, 8) + em = long_to_bytes(em_int, emLen) + # Step 3/4 + _EMSA_PSS_VERIFY(msg_hash, em, modBits-1, mgf, sLen) + + +def MGF1(mgfSeed, maskLen, hash_gen): + """Mask Generation Function, described in `B.2.1 of RFC8017 + <https://tools.ietf.org/html/rfc8017>`_. + + :param mfgSeed: + seed from which the mask is generated + :type mfgSeed: byte string + + :param maskLen: + intended length in bytes of the mask + :type maskLen: integer + + :param hash_gen: + A module or a hash object from :mod:`Cryptodome.Hash` + :type hash_object: + + :return: the mask, as a *byte string* + """ + + T = b"" + for counter in iter_range(ceil_div(maskLen, hash_gen.digest_size)): + c = long_to_bytes(counter, 4) + hobj = hash_gen.new() + hobj.update(mgfSeed + c) + T = T + hobj.digest() + assert(len(T) >= maskLen) + return T[:maskLen] + + +def _EMSA_PSS_ENCODE(mhash, emBits, randFunc, mgf, sLen): + r""" + Implement the ``EMSA-PSS-ENCODE`` function, as defined + in PKCS#1 v2.1 (RFC3447, 9.1.1). + + The original ``EMSA-PSS-ENCODE`` actually accepts the message ``M`` + as input, and hash it internally. Here, we expect that the message + has already been hashed instead. + + :Parameters: + mhash : hash object + The hash object that holds the digest of the message being signed. + emBits : int + Maximum length of the final encoding, in bits. + randFunc : callable + An RNG function that accepts as only parameter an int, and returns + a string of random bytes, to be used as salt. + mgf : callable + A mask generation function that accepts two parameters: a string to + use as seed, and the lenth of the mask to generate, in bytes. + sLen : int + Length of the salt, in bytes. + + :Return: An ``emLen`` byte long string that encodes the hash + (with ``emLen = \ceil(emBits/8)``). + + :Raise ValueError: + When digest or salt length are too big. + """ + + emLen = ceil_div(emBits, 8) + + # Bitmask of digits that fill up + lmask = 0 + for i in iter_range(8*emLen-emBits): + lmask = lmask >> 1 | 0x80 + + # Step 1 and 2 have been already done + # Step 3 + if emLen < mhash.digest_size+sLen+2: + raise ValueError("Digest or salt length are too long" + " for given key size.") + # Step 4 + salt = randFunc(sLen) + # Step 5 + m_prime = bchr(0)*8 + mhash.digest() + salt + # Step 6 + h = mhash.new() + h.update(m_prime) + # Step 7 + ps = bchr(0)*(emLen-sLen-mhash.digest_size-2) + # Step 8 + db = ps + bchr(1) + salt + # Step 9 + dbMask = mgf(h.digest(), emLen-mhash.digest_size-1) + # Step 10 + maskedDB = strxor(db, dbMask) + # Step 11 + maskedDB = bchr(bord(maskedDB[0]) & ~lmask) + maskedDB[1:] + # Step 12 + em = maskedDB + h.digest() + bchr(0xBC) + return em + + +def _EMSA_PSS_VERIFY(mhash, em, emBits, mgf, sLen): + """ + Implement the ``EMSA-PSS-VERIFY`` function, as defined + in PKCS#1 v2.1 (RFC3447, 9.1.2). + + ``EMSA-PSS-VERIFY`` actually accepts the message ``M`` as input, + and hash it internally. Here, we expect that the message has already + been hashed instead. + + :Parameters: + mhash : hash object + The hash object that holds the digest of the message to be verified. + em : string + The signature to verify, therefore proving that the sender really + signed the message that was received. + emBits : int + Length of the final encoding (em), in bits. + mgf : callable + A mask generation function that accepts two parameters: a string to + use as seed, and the lenth of the mask to generate, in bytes. + sLen : int + Length of the salt, in bytes. + + :Raise ValueError: + When the encoding is inconsistent, or the digest or salt lengths + are too big. + """ + + emLen = ceil_div(emBits, 8) + + # Bitmask of digits that fill up + lmask = 0 + for i in iter_range(8*emLen-emBits): + lmask = lmask >> 1 | 0x80 + + # Step 1 and 2 have been already done + # Step 3 + if emLen < mhash.digest_size+sLen+2: + raise ValueError("Incorrect signature") + # Step 4 + if ord(em[-1:]) != 0xBC: + raise ValueError("Incorrect signature") + # Step 5 + maskedDB = em[:emLen-mhash.digest_size-1] + h = em[emLen-mhash.digest_size-1:-1] + # Step 6 + if lmask & bord(em[0]): + raise ValueError("Incorrect signature") + # Step 7 + dbMask = mgf(h, emLen-mhash.digest_size-1) + # Step 8 + db = strxor(maskedDB, dbMask) + # Step 9 + db = bchr(bord(db[0]) & ~lmask) + db[1:] + # Step 10 + if not db.startswith(bchr(0)*(emLen-mhash.digest_size-sLen-2) + bchr(1)): + raise ValueError("Incorrect signature") + # Step 11 + if sLen > 0: + salt = db[-sLen:] + else: + salt = b"" + # Step 12 + m_prime = bchr(0)*8 + mhash.digest() + salt + # Step 13 + hobj = mhash.new() + hobj.update(m_prime) + hp = hobj.digest() + # Step 14 + if h != hp: + raise ValueError("Incorrect signature") + + +def new(rsa_key, **kwargs): + """Create an object for making or verifying PKCS#1 PSS signatures. + + :parameter rsa_key: + The RSA key to use for signing or verifying the message. + This is a :class:`Cryptodome.PublicKey.RSA` object. + Signing is only possible when ``rsa_key`` is a **private** RSA key. + :type rsa_key: RSA object + + :Keyword Arguments: + + * *mask_func* (``callable``) -- + A function that returns the mask (as `bytes`). + It must accept two parameters: a seed (as `bytes`) + and the length of the data to return. + + If not specified, it will be the function :func:`MGF1` defined in + `RFC8017 <https://tools.ietf.org/html/rfc8017#page-67>`_ and + combined with the same hash algorithm applied to the + message to sign or verify. + + If you want to use a different function, for instance still :func:`MGF1` + but together with another hash, you can do:: + + from Cryptodome.Hash import SHA256 + from Cryptodome.Signature.pss import MGF1 + mgf = lambda x, y: MGF1(x, y, SHA256) + + * *salt_bytes* (``integer``) -- + Length of the salt, in bytes. + It is a value between 0 and ``emLen - hLen - 2``, where ``emLen`` + is the size of the RSA modulus and ``hLen`` is the size of the digest + applied to the message to sign or verify. + + The salt is generated internally, you don't need to provide it. + + If not specified, the salt length will be ``hLen``. + If it is zero, the signature scheme becomes deterministic. + + Note that in some implementations such as OpenSSL the default + salt length is ``emLen - hLen - 2`` (even though it is not more + secure than ``hLen``). + + * *rand_func* (``callable``) -- + A function that returns random ``bytes``, of the desired length. + The default is :func:`Cryptodome.Random.get_random_bytes`. + + :return: a :class:`PSS_SigScheme` signature object + """ + + mask_func = kwargs.pop("mask_func", None) + salt_len = kwargs.pop("salt_bytes", None) + rand_func = kwargs.pop("rand_func", None) + if rand_func is None: + rand_func = Random.get_random_bytes + if kwargs: + raise ValueError("Unknown keywords: " + str(kwargs.keys())) + return PSS_SigScheme(rsa_key, mask_func, salt_len, rand_func) diff --git a/frozen_deps/Cryptodome/Signature/pss.pyi b/frozen_deps/Cryptodome/Signature/pss.pyi new file mode 100644 index 0000000..9ca19ea --- /dev/null +++ b/frozen_deps/Cryptodome/Signature/pss.pyi @@ -0,0 +1,30 @@ +from typing import Union, Callable, Optional +from typing_extensions import Protocol + +from Cryptodome.PublicKey.RSA import RsaKey + + +class Hash(Protocol): + def digest(self) -> bytes: ... + def update(self, bytes) -> None: ... + + +class HashModule(Protocol): + @staticmethod + def new(data: Optional[bytes]) -> Hash: ... + + +MaskFunction = Callable[[bytes, int, Union[Hash, HashModule]], bytes] +RndFunction = Callable[[int], bytes] + +class PSS_SigScheme: + def __init__(self, key: RsaKey, mgfunc: RndFunction, saltLen: int, randfunc: RndFunction) -> None: ... + def can_sign(self) -> bool: ... + def sign(self, msg_hash: Hash) -> bytes: ... + def verify(self, msg_hash: Hash, signature: bytes) -> None: ... + + +MGF1 : MaskFunction +def _EMSA_PSS_ENCODE(mhash: Hash, emBits: int, randFunc: RndFunction, mgf:MaskFunction, sLen: int) -> str: ... +def _EMSA_PSS_VERIFY(mhash: Hash, em: str, emBits: int, mgf: MaskFunction, sLen: int) -> None: ... +def new(rsa_key: RsaKey, **kwargs: Union[MaskFunction, RndFunction, int]) -> PSS_SigScheme: ... diff --git a/frozen_deps/Cryptodome/Util/Counter.py b/frozen_deps/Cryptodome/Util/Counter.py new file mode 100644 index 0000000..423f91f --- /dev/null +++ b/frozen_deps/Cryptodome/Util/Counter.py @@ -0,0 +1,70 @@ +# -*- coding: ascii -*- +# +# Util/Counter.py : Fast counter for use with CTR-mode ciphers +# +# Written in 2008 by Dwayne C. Litzenberger <[email protected]> +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +def new(nbits, prefix=b"", suffix=b"", initial_value=1, little_endian=False, allow_wraparound=False): + """Create a stateful counter block function suitable for CTR encryption modes. + + Each call to the function returns the next counter block. + Each counter block is made up by three parts: + + +------+--------------+-------+ + |prefix| counter value|postfix| + +------+--------------+-------+ + + The counter value is incremented by 1 at each call. + + Args: + nbits (integer): + Length of the desired counter value, in bits. It must be a multiple of 8. + prefix (byte string): + The constant prefix of the counter block. By default, no prefix is + used. + suffix (byte string): + The constant postfix of the counter block. By default, no suffix is + used. + initial_value (integer): + The initial value of the counter. Default value is 1. + little_endian (boolean): + If ``True``, the counter number will be encoded in little endian format. + If ``False`` (default), in big endian format. + allow_wraparound (boolean): + This parameter is ignored. + Returns: + An object that can be passed with the :data:`counter` parameter to a CTR mode + cipher. + + It must hold that *len(prefix) + nbits//8 + len(suffix)* matches the + block size of the underlying block cipher. + """ + + if (nbits % 8) != 0: + raise ValueError("'nbits' must be a multiple of 8") + + # Ignore wraparound + return {"counter_len": nbits // 8, + "prefix": prefix, + "suffix": suffix, + "initial_value": initial_value, + "little_endian": little_endian + } diff --git a/frozen_deps/Cryptodome/Util/Counter.pyi b/frozen_deps/Cryptodome/Util/Counter.pyi new file mode 100644 index 0000000..fa2ffdd --- /dev/null +++ b/frozen_deps/Cryptodome/Util/Counter.pyi @@ -0,0 +1,5 @@ +from typing import Optional, Union, Dict + +def new(nbits: int, prefix: Optional[bytes]=..., suffix: Optional[bytes]=..., initial_value: Optional[int]=1, + little_endian: Optional[bool]=False, allow_wraparound: Optional[bool]=False) -> \ + Dict[str, Union[int, bytes, bool]]: ... diff --git a/frozen_deps/Cryptodome/Util/Padding.py b/frozen_deps/Cryptodome/Util/Padding.py new file mode 100644 index 0000000..1c353d1 --- /dev/null +++ b/frozen_deps/Cryptodome/Util/Padding.py @@ -0,0 +1,106 @@ +# +# Util/Padding.py : Functions to manage padding +# +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +__all__ = [ 'pad', 'unpad' ] + +from Cryptodome.Util.py3compat import * + + +def pad(data_to_pad, block_size, style='pkcs7'): + """Apply standard padding. + + Args: + data_to_pad (byte string): + The data that needs to be padded. + block_size (integer): + The block boundary to use for padding. The output length is guaranteed + to be a multiple of :data:`block_size`. + style (string): + Padding algorithm. It can be *'pkcs7'* (default), *'iso7816'* or *'x923'*. + + Return: + byte string : the original data with the appropriate padding added at the end. + """ + + padding_len = block_size-len(data_to_pad)%block_size + if style == 'pkcs7': + padding = bchr(padding_len)*padding_len + elif style == 'x923': + padding = bchr(0)*(padding_len-1) + bchr(padding_len) + elif style == 'iso7816': + padding = bchr(128) + bchr(0)*(padding_len-1) + else: + raise ValueError("Unknown padding style") + return data_to_pad + padding + + +def unpad(padded_data, block_size, style='pkcs7'): + """Remove standard padding. + + Args: + padded_data (byte string): + A piece of data with padding that needs to be stripped. + block_size (integer): + The block boundary to use for padding. The input length + must be a multiple of :data:`block_size`. + style (string): + Padding algorithm. It can be *'pkcs7'* (default), *'iso7816'* or *'x923'*. + Return: + byte string : data without padding. + Raises: + ValueError: if the padding is incorrect. + """ + + pdata_len = len(padded_data) + if pdata_len % block_size: + raise ValueError("Input data is not padded") + if style in ('pkcs7', 'x923'): + padding_len = bord(padded_data[-1]) + if padding_len<1 or padding_len>min(block_size, pdata_len): + raise ValueError("Padding is incorrect.") + if style == 'pkcs7': + if padded_data[-padding_len:]!=bchr(padding_len)*padding_len: + raise ValueError("PKCS#7 padding is incorrect.") + else: + if padded_data[-padding_len:-1]!=bchr(0)*(padding_len-1): + raise ValueError("ANSI X.923 padding is incorrect.") + elif style == 'iso7816': + padding_len = pdata_len - padded_data.rfind(bchr(128)) + if padding_len<1 or padding_len>min(block_size, pdata_len): + raise ValueError("Padding is incorrect.") + if padding_len>1 and padded_data[1-padding_len:]!=bchr(0)*(padding_len-1): + raise ValueError("ISO 7816-4 padding is incorrect.") + else: + raise ValueError("Unknown padding style") + return padded_data[:-padding_len] + diff --git a/frozen_deps/Cryptodome/Util/Padding.pyi b/frozen_deps/Cryptodome/Util/Padding.pyi new file mode 100644 index 0000000..4d8d30d --- /dev/null +++ b/frozen_deps/Cryptodome/Util/Padding.pyi @@ -0,0 +1,6 @@ +from typing import Optional + +__all__ = [ 'pad', 'unpad' ] + +def pad(data_to_pad: bytes, block_size: int, style: Optional[str]='pkcs7') -> bytes: ... +def unpad(padded_data: bytes, block_size: int, style: Optional[str]='pkcs7') -> bytes: ...
\ No newline at end of file diff --git a/frozen_deps/Crypto/Util/RFC1751.py b/frozen_deps/Cryptodome/Util/RFC1751.py index 1c10c4a..10859c3 100644 --- a/frozen_deps/Crypto/Util/RFC1751.py +++ b/frozen_deps/Cryptodome/Util/RFC1751.py @@ -24,83 +24,124 @@ # SOFTWARE. # =================================================================== -__revision__ = "$Id$" - +from __future__ import print_function import binascii -from Crypto.Util.py3compat import * -from functools import reduce -binary={0:'0000', 1:'0001', 2:'0010', 3:'0011', 4:'0100', 5:'0101', - 6:'0110', 7:'0111', 8:'1000', 9:'1001', 10:'1010', 11:'1011', - 12:'1100', 13:'1101', 14:'1110', 15:'1111'} +from Cryptodome.Util.py3compat import bord, bchr + +binary = {0: '0000', 1: '0001', 2: '0010', 3: '0011', 4: '0100', 5: '0101', + 6: '0110', 7: '0111', 8: '1000', 9: '1001', 10: '1010', 11: '1011', + 12: '1100', 13: '1101', 14: '1110', 15: '1111'} + def _key2bin(s): "Convert a key into a string of binary digits" - kl=[bord(x) for x in s] - kl=[binary[x>>4]+binary[x&15] for x in kl] + kl = map(lambda x: bord(x), s) + kl = map(lambda x: binary[x >> 4] + binary[x & 15], kl) return ''.join(kl) + def _extract(key, start, length): """Extract a bitstring(2.x)/bytestring(2.x) from a string of binary digits, and return its numeric value.""" - k=key[start:start+length] - return reduce(lambda x,y: x*2+ord(y)-48, k, 0) -def key_to_english (key): - """key_to_english(key:string(2.x)/bytes(3.x)) : string - Transform an arbitrary key into a string containing English words. - The key length must be a multiple of 8. + result = 0 + for y in key[start:start+length]: + result = result * 2 + ord(y) - 48 + return result + + +def key_to_english(key): + """Transform an arbitrary key into a string containing English words. + + Example:: + + >>> from Cryptodome.Util.RFC1751 import key_to_english + >>> key_to_english(b'66666666') + 'RAM LOIS GOAD CREW CARE HIT' + + Args: + key (byte string): + The key to convert. Its length must be a multiple of 8. + Return: + A string of English words. """ - english='' - for index in range(0, len(key), 8): # Loop over 8-byte subkeys - subkey=key[index:index+8] + + if len(key) % 8 != 0: + raise ValueError('The length of the key must be a multiple of 8.') + + english = '' + for index in range(0, len(key), 8): # Loop over 8-byte subkeys + subkey = key[index:index + 8] # Compute the parity of the key - skbin=_key2bin(subkey) ; p=0 - for i in range(0, 64, 2): p=p+_extract(skbin, i, 2) + skbin = _key2bin(subkey) + p = 0 + for i in range(0, 64, 2): + p = p + _extract(skbin, i, 2) # Append parity bits to the subkey - skbin=_key2bin(subkey+bchr((p<<6) & 255)) + skbin = _key2bin(subkey + bchr((p << 6) & 255)) for i in range(0, 64, 11): - english=english+wordlist[_extract(skbin, i, 11)]+' ' + english = english + wordlist[_extract(skbin, i, 11)] + ' ' - return english[:-1] # Remove the trailing space + return english.strip() -def english_to_key (s): - """english_to_key(string):string(2.x)/bytes(2.x) - Transform a string into a corresponding key. - The string must contain words separated by whitespace; the number - of words must be a multiple of 6. + +def english_to_key(s): + """Transform a string into a corresponding key. + + Example:: + + >>> from Cryptodome.Util.RFC1751 import english_to_key + >>> english_to_key('RAM LOIS GOAD CREW CARE HIT') + b'66666666' + + Args: + s (string): the string with the words separated by whitespace; + the number of words must be a multiple of 6. + Return: + A byte string. """ - L=s.upper().split() ; key=b('') + L = s.upper().split() + key = b'' for index in range(0, len(L), 6): - sublist=L[index:index+6] ; char=9*[0] ; bits=0 + sublist = L[index:index + 6] + char = 9 * [0] + bits = 0 for i in sublist: index = wordlist.index(i) - shift = (8-(bits+11)%8) %8 + shift = (8 - (bits + 11) % 8) % 8 y = index << shift - cl, cc, cr = (y>>16), (y>>8)&0xff, y & 0xff - if (shift>5): - char[bits>>3] = char[bits>>3] | cl - char[(bits>>3)+1] = char[(bits>>3)+1] | cc - char[(bits>>3)+2] = char[(bits>>3)+2] | cr - elif shift>-3: - char[bits>>3] = char[bits>>3] | cc - char[(bits>>3)+1] = char[(bits>>3)+1] | cr - else: char[bits>>3] = char[bits>>3] | cr - bits=bits+11 - subkey=reduce(lambda x,y:x+bchr(y), char, b('')) + cl, cc, cr = (y >> 16), (y >> 8) & 0xff, y & 0xff + if (shift > 5): + char[bits >> 3] = char[bits >> 3] | cl + char[(bits >> 3) + 1] = char[(bits >> 3) + 1] | cc + char[(bits >> 3) + 2] = char[(bits >> 3) + 2] | cr + elif shift > -3: + char[bits >> 3] = char[bits >> 3] | cc + char[(bits >> 3) + 1] = char[(bits >> 3) + 1] | cr + else: + char[bits >> 3] = char[bits >> 3] | cr + bits = bits + 11 + + subkey = b'' + for y in char: + subkey = subkey + bchr(y) # Check the parity of the resulting key - skbin=_key2bin(subkey) - p=0 - for i in range(0, 64, 2): p=p+_extract(skbin, i, 2) - if (p&3) != _extract(skbin, 64, 2): + skbin = _key2bin(subkey) + p = 0 + for i in range(0, 64, 2): + p = p + _extract(skbin, i, 2) + if (p & 3) != _extract(skbin, 64, 2): raise ValueError("Parity error in resulting key") - key=key+subkey[0:8] + key = key + subkey[0:8] return key -wordlist=[ "A", "ABE", "ACE", "ACT", "AD", "ADA", "ADD", + +wordlist = [ + "A", "ABE", "ACE", "ACT", "AD", "ADA", "ADD", "AGO", "AID", "AIM", "AIR", "ALL", "ALP", "AM", "AMY", "AN", "ANA", "AND", "ANN", "ANT", "ANY", "APE", "APS", "APT", "ARC", "ARE", "ARK", "ARM", "ART", "AS", "ASH", "ASK", "AT", "ATE", "AUG", "AUK", "AVE", @@ -343,23 +384,3 @@ wordlist=[ "A", "ABE", "ACE", "ACT", "AD", "ADA", "ADD", "WORE", "WORK", "WORM", "WORN", "WOVE", "WRIT", "WYNN", "YALE", "YANG", "YANK", "YARD", "YARN", "YAWL", "YAWN", "YEAH", "YEAR", "YELL", "YOGA", "YOKE" ] - -if __name__=='__main__': - data = [('EB33F77EE73D4053', 'TIDE ITCH SLOW REIN RULE MOT'), - ('CCAC2AED591056BE4F90FD441C534766', - 'RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE'), - ('EFF81F9BFBC65350920CDD7416DE8009', - 'TROD MUTE TAIL WARM CHAR KONG HAAG CITY BORE O TEAL AWL') - ] - - for key, words in data: - print('Trying key', key) - key=binascii.a2b_hex(key) - w2=key_to_english(key) - if w2!=words: - print('key_to_english fails on key', repr(key), ', producing', str(w2)) - k2=english_to_key(words) - if k2!=key: - print('english_to_key fails on key', repr(key), ', producing', repr(k2)) - - diff --git a/frozen_deps/Cryptodome/Util/RFC1751.pyi b/frozen_deps/Cryptodome/Util/RFC1751.pyi new file mode 100644 index 0000000..6ad07ff --- /dev/null +++ b/frozen_deps/Cryptodome/Util/RFC1751.pyi @@ -0,0 +1,7 @@ +from typing import Dict, List + +binary: Dict[int, str] +wordlist: List[str] + +def key_to_english(key: bytes) -> str: ... +def english_to_key(s: str) -> bytes: ... diff --git a/frozen_deps/Crypto/Protocol/__init__.py b/frozen_deps/Cryptodome/Util/__init__.py index cacc685..1862b82 100644 --- a/frozen_deps/Crypto/Protocol/__init__.py +++ b/frozen_deps/Cryptodome/Util/__init__.py @@ -18,24 +18,24 @@ # SOFTWARE. # =================================================================== -"""Cryptographic protocols +"""Miscellaneous modules -Implements various cryptographic protocols. (Don't expect to find -network protocols here.) +Contains useful modules that don't belong into any of the +other Cryptodome.* subpackages. -Crypto.Protocol.AllOrNothing - Transforms a message into a set of message blocks, such that the blocks - can be recombined to get the message back. +======================== ============================================= +Module Description +======================== ============================================= +`Cryptodome.Util.number` Number-theoretic functions (primality testing, etc.) +`Cryptodome.Util.Counter` Fast counter functions for CTR cipher modes. +`Cryptodome.Util.RFC1751` Converts between 128-bit keys and human-readable + strings of words. +`Cryptodome.Util.asn1` Minimal support for ASN.1 DER encoding +`Cryptodome.Util.Padding` Set of functions for adding and removing padding. +======================== ============================================= -Crypto.Protocol.Chaffing - Takes a set of authenticated message blocks (the wheat) and adds a number - of randomly generated blocks (the chaff). - -Crypto.Protocol.KDF - A collection of standard key derivation functions. - -:undocumented: __revision__ +:undocumented: _galois, _number_new, cpuid, py3compat, _raw_api """ -__all__ = ['AllOrNothing', 'Chaffing', 'KDF'] -__revision__ = "$Id$" +__all__ = ['RFC1751', 'number', 'strxor', 'asn1', 'Counter', 'Padding'] + diff --git a/frozen_deps/Cryptodome/Util/_cpu_features.py b/frozen_deps/Cryptodome/Util/_cpu_features.py new file mode 100644 index 0000000..4794a02 --- /dev/null +++ b/frozen_deps/Cryptodome/Util/_cpu_features.py @@ -0,0 +1,46 @@ +# =================================================================== +# +# Copyright (c) 2018, Helder Eijs <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from Cryptodome.Util._raw_api import load_pycryptodome_raw_lib + + +_raw_cpuid_lib = load_pycryptodome_raw_lib("Cryptodome.Util._cpuid_c", + """ + int have_aes_ni(void); + int have_clmul(void); + """) + + +def have_aes_ni(): + return _raw_cpuid_lib.have_aes_ni() + + +def have_clmul(): + return _raw_cpuid_lib.have_clmul() diff --git a/frozen_deps/Cryptodome/Util/_cpu_features.pyi b/frozen_deps/Cryptodome/Util/_cpu_features.pyi new file mode 100644 index 0000000..10e669e --- /dev/null +++ b/frozen_deps/Cryptodome/Util/_cpu_features.pyi @@ -0,0 +1,2 @@ +def have_aes_ni() -> int: ... +def have_clmul() -> int: ... diff --git a/frozen_deps/Cryptodome/Util/_cpuid_c.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Util/_cpuid_c.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..a555959 --- /dev/null +++ b/frozen_deps/Cryptodome/Util/_cpuid_c.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Util/_file_system.py b/frozen_deps/Cryptodome/Util/_file_system.py new file mode 100644 index 0000000..282f0dc --- /dev/null +++ b/frozen_deps/Cryptodome/Util/_file_system.py @@ -0,0 +1,54 @@ +# =================================================================== +# +# Copyright (c) 2016, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +import os + + +def pycryptodome_filename(dir_comps, filename): + """Return the complete file name for the module + + dir_comps : list of string + The list of directory names in the PyCryptodome package. + The first element must be "Cryptodome". + + filename : string + The filename (inclusing extension) in the target directory. + """ + + if dir_comps[0] != "Cryptodome": + raise ValueError("Only available for modules under 'Cryptodome'") + + dir_comps = list(dir_comps[1:]) + [filename] + + util_lib, _ = os.path.split(os.path.abspath(__file__)) + root_lib = os.path.join(util_lib, "..") + + return os.path.join(root_lib, *dir_comps) + diff --git a/frozen_deps/Cryptodome/Util/_file_system.pyi b/frozen_deps/Cryptodome/Util/_file_system.pyi new file mode 100644 index 0000000..d54a126 --- /dev/null +++ b/frozen_deps/Cryptodome/Util/_file_system.pyi @@ -0,0 +1,4 @@ +from typing import List + + +def pycryptodome_filename(dir_comps: List[str], filename: str) -> str: ...
\ No newline at end of file diff --git a/frozen_deps/Cryptodome/Util/_raw_api.py b/frozen_deps/Cryptodome/Util/_raw_api.py new file mode 100644 index 0000000..9423738 --- /dev/null +++ b/frozen_deps/Cryptodome/Util/_raw_api.py @@ -0,0 +1,327 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +import abc +import sys +from Cryptodome.Util.py3compat import byte_string +from Cryptodome.Util._file_system import pycryptodome_filename + +# +# List of file suffixes for Python extensions +# +if sys.version_info[0] < 3: + + import imp + extension_suffixes = [] + for ext, mod, typ in imp.get_suffixes(): + if typ == imp.C_EXTENSION: + extension_suffixes.append(ext) + +else: + + from importlib import machinery + extension_suffixes = machinery.EXTENSION_SUFFIXES + +# Which types with buffer interface we support (apart from byte strings) +if sys.version_info[0] == 2 and sys.version_info[1] < 7: + _buffer_type = (bytearray) +else: + _buffer_type = (bytearray, memoryview) + + +class _VoidPointer(object): + @abc.abstractmethod + def get(self): + """Return the memory location we point to""" + return + + @abc.abstractmethod + def address_of(self): + """Return a raw pointer to this pointer""" + return + + +try: + if sys.version_info[0] == 2 and sys.version_info[1] < 7: + raise ImportError("CFFI is only supported with Python 2.7+") + + # Starting from v2.18, pycparser (used by cffi for in-line ABI mode) + # stops working correctly when PYOPTIMIZE==2 or the parameter -OO is + # passed. In that case, we fall back to ctypes. + # Note that PyPy ships with an old version of pycparser so we can keep + # using cffi there. + # See https://github.com/Legrandin/pycryptodome/issues/228 + if '__pypy__' not in sys.builtin_module_names and sys.flags.optimize == 2: + raise ImportError("CFFI with optimize=2 fails due to pycparser bug.") + + from cffi import FFI + + ffi = FFI() + null_pointer = ffi.NULL + uint8_t_type = ffi.typeof(ffi.new("const uint8_t*")) + + _Array = ffi.new("uint8_t[1]").__class__.__bases__ + + def load_lib(name, cdecl): + """Load a shared library and return a handle to it. + + @name, either an absolute path or the name of a library + in the system search path. + + @cdecl, the C function declarations. + """ + + lib = ffi.dlopen(name) + ffi.cdef(cdecl) + return lib + + def c_ulong(x): + """Convert a Python integer to unsigned long""" + return x + + c_ulonglong = c_ulong + c_uint = c_ulong + + def c_size_t(x): + """Convert a Python integer to size_t""" + return x + + def create_string_buffer(init_or_size, size=None): + """Allocate the given amount of bytes (initially set to 0)""" + + if isinstance(init_or_size, bytes): + size = max(len(init_or_size) + 1, size) + result = ffi.new("uint8_t[]", size) + result[:] = init_or_size + else: + if size: + raise ValueError("Size must be specified once only") + result = ffi.new("uint8_t[]", init_or_size) + return result + + def get_c_string(c_string): + """Convert a C string into a Python byte sequence""" + return ffi.string(c_string) + + def get_raw_buffer(buf): + """Convert a C buffer into a Python byte sequence""" + return ffi.buffer(buf)[:] + + def c_uint8_ptr(data): + if isinstance(data, _buffer_type): + # This only works for cffi >= 1.7 + return ffi.cast(uint8_t_type, ffi.from_buffer(data)) + elif byte_string(data) or isinstance(data, _Array): + return data + else: + raise TypeError("Object type %s cannot be passed to C code" % type(data)) + + class VoidPointer_cffi(_VoidPointer): + """Model a newly allocated pointer to void""" + + def __init__(self): + self._pp = ffi.new("void *[1]") + + def get(self): + return self._pp[0] + + def address_of(self): + return self._pp + + def VoidPointer(): + return VoidPointer_cffi() + + backend = "cffi" + +except ImportError: + + import ctypes + from ctypes import (CDLL, c_void_p, byref, c_ulong, c_ulonglong, c_size_t, + create_string_buffer, c_ubyte, c_uint) + from ctypes.util import find_library + from ctypes import Array as _Array + + null_pointer = None + cached_architecture = [] + + def load_lib(name, cdecl): + if not cached_architecture: + # platform.architecture() creates a subprocess, so caching the + # result makes successive imports faster. + import platform + cached_architecture[:] = platform.architecture() + bits, linkage = cached_architecture + if "." not in name and not linkage.startswith("Win"): + full_name = find_library(name) + if full_name is None: + raise OSError("Cannot load library '%s'" % name) + name = full_name + return CDLL(name) + + def get_c_string(c_string): + return c_string.value + + def get_raw_buffer(buf): + return buf.raw + + # ---- Get raw pointer --- + + if sys.version_info[0] == 2 and sys.version_info[1] == 6: + # ctypes in 2.6 does not define c_ssize_t. Replacing it + # with c_size_t keeps the structure correctely laid out + _c_ssize_t = c_size_t + else: + _c_ssize_t = ctypes.c_ssize_t + + _PyBUF_SIMPLE = 0 + _PyObject_GetBuffer = ctypes.pythonapi.PyObject_GetBuffer + _PyBuffer_Release = ctypes.pythonapi.PyBuffer_Release + _py_object = ctypes.py_object + _c_ssize_p = ctypes.POINTER(_c_ssize_t) + + # See Include/object.h for CPython + # and https://github.com/pallets/click/blob/master/click/_winconsole.py + class _Py_buffer(ctypes.Structure): + _fields_ = [ + ('buf', c_void_p), + ('obj', ctypes.py_object), + ('len', _c_ssize_t), + ('itemsize', _c_ssize_t), + ('readonly', ctypes.c_int), + ('ndim', ctypes.c_int), + ('format', ctypes.c_char_p), + ('shape', _c_ssize_p), + ('strides', _c_ssize_p), + ('suboffsets', _c_ssize_p), + ('internal', c_void_p) + ] + + # Extra field for CPython 2.6/2.7 + if sys.version_info[0] == 2: + _fields_.insert(-1, ('smalltable', _c_ssize_t * 2)) + + def c_uint8_ptr(data): + if byte_string(data) or isinstance(data, _Array): + return data + elif isinstance(data, _buffer_type): + obj = _py_object(data) + buf = _Py_buffer() + _PyObject_GetBuffer(obj, byref(buf), _PyBUF_SIMPLE) + try: + buffer_type = c_ubyte * buf.len + return buffer_type.from_address(buf.buf) + finally: + _PyBuffer_Release(byref(buf)) + else: + raise TypeError("Object type %s cannot be passed to C code" % type(data)) + + # --- + + class VoidPointer_ctypes(_VoidPointer): + """Model a newly allocated pointer to void""" + + def __init__(self): + self._p = c_void_p() + + def get(self): + return self._p + + def address_of(self): + return byref(self._p) + + def VoidPointer(): + return VoidPointer_ctypes() + + backend = "ctypes" + del ctypes + + +class SmartPointer(object): + """Class to hold a non-managed piece of memory""" + + def __init__(self, raw_pointer, destructor): + self._raw_pointer = raw_pointer + self._destructor = destructor + + def get(self): + return self._raw_pointer + + def release(self): + rp, self._raw_pointer = self._raw_pointer, None + return rp + + def __del__(self): + try: + if self._raw_pointer is not None: + self._destructor(self._raw_pointer) + self._raw_pointer = None + except AttributeError: + pass + + +def load_pycryptodome_raw_lib(name, cdecl): + """Load a shared library and return a handle to it. + + @name, the name of the library expressed as a PyCryptodome module, + for instance Cryptodome.Cipher._raw_cbc. + + @cdecl, the C function declarations. + """ + + split = name.split(".") + dir_comps, basename = split[:-1], split[-1] + attempts = [] + for ext in extension_suffixes: + try: + filename = basename + ext + return load_lib(pycryptodome_filename(dir_comps, filename), + cdecl) + except OSError as exp: + attempts.append("Trying '%s': %s" % (filename, str(exp))) + raise OSError("Cannot load native module '%s': %s" % (name, ", ".join(attempts))) + + +if sys.version_info[:2] != (2, 6): + + def is_buffer(x): + """Return True if object x supports the buffer interface""" + return isinstance(x, (bytes, bytearray, memoryview)) + + def is_writeable_buffer(x): + return (isinstance(x, bytearray) or + (isinstance(x, memoryview) and not x.readonly)) + +else: + + def is_buffer(x): + return isinstance(x, (bytes, bytearray)) + + def is_writeable_buffer(x): + return isinstance(x, bytearray) diff --git a/frozen_deps/Cryptodome/Util/_raw_api.pyi b/frozen_deps/Cryptodome/Util/_raw_api.pyi new file mode 100644 index 0000000..2bc5301 --- /dev/null +++ b/frozen_deps/Cryptodome/Util/_raw_api.pyi @@ -0,0 +1,27 @@ +from typing import Any, Optional, Union + +def load_lib(name: str, cdecl: str) -> Any : ... +def c_ulong(x: int ) -> Any : ... +def c_ulonglong(x: int ) -> Any : ... +def c_size_t(x: int) -> Any : ... +def create_string_buffer(init_or_size: Union[bytes,int], size: Optional[int]) -> Any : ... +def get_c_string(c_string: Any) -> bytes : ... +def get_raw_buffer(buf: Any) -> bytes : ... +def c_uint8_ptr(data: Union[bytes, memoryview, bytearray]) -> Any : ... + +class VoidPointer(object): + def get(self) -> Any : ... + def address_of(self) -> Any : ... + +class SmartPointer(object): + def __init__(self, raw_pointer: Any, destructor: Any) -> None : ... + def get(self) -> Any : ... + def release(self) -> Any : ... + +backend : str +null_pointer : Any +ffi: Any + +def load_pycryptodome_raw_lib(name: str, cdecl: str) -> Any : ... +def is_buffer(x: Any) -> bool : ... +def is_writeable_buffer(x: Any) -> bool : ... diff --git a/frozen_deps/Cryptodome/Util/_strxor.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Util/_strxor.cpython-38-x86_64-linux-gnu.so Binary files differnew file mode 100755 index 0000000..ea7566c --- /dev/null +++ b/frozen_deps/Cryptodome/Util/_strxor.cpython-38-x86_64-linux-gnu.so diff --git a/frozen_deps/Cryptodome/Util/asn1.py b/frozen_deps/Cryptodome/Util/asn1.py new file mode 100644 index 0000000..18e080c --- /dev/null +++ b/frozen_deps/Cryptodome/Util/asn1.py @@ -0,0 +1,940 @@ +# -*- coding: ascii -*- +# +# Util/asn1.py : Minimal support for ASN.1 DER binary encoding. +# +# =================================================================== +# The contents of this file are dedicated to the public domain. To +# the extent that dedication to the public domain is not available, +# everyone is granted a worldwide, perpetual, royalty-free, +# non-exclusive license to exercise all rights associated with the +# contents of this file for any purpose whatsoever. +# No rights are reserved. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS +# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN +# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# =================================================================== + +import struct + +from Cryptodome.Util.py3compat import byte_string, b, bchr, bord + +from Cryptodome.Util.number import long_to_bytes, bytes_to_long + +__all__ = ['DerObject', 'DerInteger', 'DerOctetString', 'DerNull', + 'DerSequence', 'DerObjectId', 'DerBitString', 'DerSetOf'] + + +def _is_number(x, only_non_negative=False): + test = 0 + try: + test = x + test + except TypeError: + return False + return not only_non_negative or x >= 0 + + +class BytesIO_EOF(object): + """This class differs from BytesIO in that a ValueError exception is + raised whenever EOF is reached.""" + + def __init__(self, initial_bytes): + self._buffer = initial_bytes + self._index = 0 + self._bookmark = None + + def set_bookmark(self): + self._bookmark = self._index + + def data_since_bookmark(self): + assert self._bookmark is not None + return self._buffer[self._bookmark:self._index] + + def remaining_data(self): + return len(self._buffer) - self._index + + def read(self, length): + new_index = self._index + length + if new_index > len(self._buffer): + raise ValueError("Not enough data for DER decoding: expected %d bytes and found %d" % (new_index, len(self._buffer))) + + result = self._buffer[self._index:new_index] + self._index = new_index + return result + + def read_byte(self): + return bord(self.read(1)[0]) + + +class DerObject(object): + """Base class for defining a single DER object. + + This class should never be directly instantiated. + """ + + def __init__(self, asn1Id=None, payload=b'', implicit=None, + constructed=False, explicit=None): + """Initialize the DER object according to a specific ASN.1 type. + + :Parameters: + asn1Id : integer + The universal DER tag number for this object + (e.g. 0x10 for a SEQUENCE). + If None, the tag is not known yet. + + payload : byte string + The initial payload of the object (that it, + the content octets). + If not specified, the payload is empty. + + implicit : integer + The IMPLICIT tag number to use for the encoded object. + It overrides the universal tag *asn1Id*. + + constructed : bool + True when the ASN.1 type is *constructed*. + False when it is *primitive*. + + explicit : integer + The EXPLICIT tag number to use for the encoded object. + """ + + if asn1Id is None: + # The tag octet will be read in with ``decode`` + self._tag_octet = None + return + asn1Id = self._convertTag(asn1Id) + + self.payload = payload + + # In a BER/DER identifier octet: + # * bits 4-0 contain the tag value + # * bit 5 is set if the type is 'constructed' + # and unset if 'primitive' + # * bits 7-6 depend on the encoding class + # + # Class | Bit 7, Bit 6 + # ---------------------------------- + # universal | 0 0 + # application | 0 1 + # context-spec | 1 0 (default for IMPLICIT/EXPLICIT) + # private | 1 1 + # + if None not in (explicit, implicit): + raise ValueError("Explicit and implicit tags are" + " mutually exclusive") + + if implicit is not None: + self._tag_octet = 0x80 | 0x20 * constructed | self._convertTag(implicit) + return + + if explicit is not None: + self._tag_octet = 0xA0 | self._convertTag(explicit) + self._inner_tag_octet = 0x20 * constructed | asn1Id + return + + self._tag_octet = 0x20 * constructed | asn1Id + + def _convertTag(self, tag): + """Check if *tag* is a real DER tag. + Convert it from a character to number if necessary. + """ + if not _is_number(tag): + if len(tag) == 1: + tag = bord(tag[0]) + # Ensure that tag is a low tag + if not (_is_number(tag) and 0 <= tag < 0x1F): + raise ValueError("Wrong DER tag") + return tag + + @staticmethod + def _definite_form(length): + """Build length octets according to BER/DER + definite form. + """ + if length > 127: + encoding = long_to_bytes(length) + return bchr(len(encoding) + 128) + encoding + return bchr(length) + + def encode(self): + """Return this DER element, fully encoded as a binary byte string.""" + + # Concatenate identifier octets, length octets, + # and contents octets + + output_payload = self.payload + + # In case of an EXTERNAL tag, first encode the inner + # element. + if hasattr(self, "_inner_tag_octet"): + output_payload = (bchr(self._inner_tag_octet) + + self._definite_form(len(self.payload)) + + self.payload) + + return (bchr(self._tag_octet) + + self._definite_form(len(output_payload)) + + output_payload) + + def _decodeLen(self, s): + """Decode DER length octets from a file.""" + + length = s.read_byte() + + if length > 127: + encoded_length = s.read(length & 0x7F) + if bord(encoded_length[0]) == 0: + raise ValueError("Invalid DER: length has leading zero") + length = bytes_to_long(encoded_length) + if length <= 127: + raise ValueError("Invalid DER: length in long form but smaller than 128") + + return length + + def decode(self, der_encoded, strict=False): + """Decode a complete DER element, and re-initializes this + object with it. + + Args: + der_encoded (byte string): A complete DER element. + + Raises: + ValueError: in case of parsing errors. + """ + + if not byte_string(der_encoded): + raise ValueError("Input is not a byte string") + + s = BytesIO_EOF(der_encoded) + self._decodeFromStream(s, strict) + + # There shouldn't be other bytes left + if s.remaining_data() > 0: + raise ValueError("Unexpected extra data after the DER structure") + + return self + + def _decodeFromStream(self, s, strict): + """Decode a complete DER element from a file.""" + + idOctet = s.read_byte() + if self._tag_octet is not None: + if idOctet != self._tag_octet: + raise ValueError("Unexpected DER tag") + else: + self._tag_octet = idOctet + length = self._decodeLen(s) + self.payload = s.read(length) + + # In case of an EXTERNAL tag, further decode the inner + # element. + if hasattr(self, "_inner_tag_octet"): + p = BytesIO_EOF(self.payload) + inner_octet = p.read_byte() + if inner_octet != self._inner_tag_octet: + raise ValueError("Unexpected internal DER tag") + length = self._decodeLen(p) + self.payload = p.read(length) + + # There shouldn't be other bytes left + if p.remaining_data() > 0: + raise ValueError("Unexpected extra data after the DER structure") + + +class DerInteger(DerObject): + """Class to model a DER INTEGER. + + An example of encoding is:: + + >>> from Cryptodome.Util.asn1 import DerInteger + >>> from binascii import hexlify, unhexlify + >>> int_der = DerInteger(9) + >>> print hexlify(int_der.encode()) + + which will show ``020109``, the DER encoding of 9. + + And for decoding:: + + >>> s = unhexlify(b'020109') + >>> try: + >>> int_der = DerInteger() + >>> int_der.decode(s) + >>> print int_der.value + >>> except ValueError: + >>> print "Not a valid DER INTEGER" + + the output will be ``9``. + + :ivar value: The integer value + :vartype value: integer + """ + + def __init__(self, value=0, implicit=None, explicit=None): + """Initialize the DER object as an INTEGER. + + :Parameters: + value : integer + The value of the integer. + + implicit : integer + The IMPLICIT tag to use for the encoded object. + It overrides the universal tag for INTEGER (2). + """ + + DerObject.__init__(self, 0x02, b'', implicit, + False, explicit) + self.value = value # The integer value + + def encode(self): + """Return the DER INTEGER, fully encoded as a + binary string.""" + + number = self.value + self.payload = b'' + while True: + self.payload = bchr(int(number & 255)) + self.payload + if 128 <= number <= 255: + self.payload = bchr(0x00) + self.payload + if -128 <= number <= 255: + break + number >>= 8 + return DerObject.encode(self) + + def decode(self, der_encoded, strict=False): + """Decode a complete DER INTEGER DER, and re-initializes this + object with it. + + Args: + der_encoded (byte string): A complete INTEGER DER element. + + Raises: + ValueError: in case of parsing errors. + """ + + return DerObject.decode(self, der_encoded, strict=strict) + + def _decodeFromStream(self, s, strict): + """Decode a complete DER INTEGER from a file.""" + + # Fill up self.payload + DerObject._decodeFromStream(self, s, strict) + + if strict: + if len(self.payload) == 0: + raise ValueError("Invalid encoding for DER INTEGER: empty payload") + if len(self.payload) >= 2 and struct.unpack('>H', self.payload[:2])[0] < 0x80: + raise ValueError("Invalid encoding for DER INTEGER: leading zero") + + # Derive self.value from self.payload + self.value = 0 + bits = 1 + for i in self.payload: + self.value *= 256 + self.value += bord(i) + bits <<= 8 + if self.payload and bord(self.payload[0]) & 0x80: + self.value -= bits + + +class DerSequence(DerObject): + """Class to model a DER SEQUENCE. + + This object behaves like a dynamic Python sequence. + + Sub-elements that are INTEGERs behave like Python integers. + + Any other sub-element is a binary string encoded as a complete DER + sub-element (TLV). + + An example of encoding is: + + >>> from Cryptodome.Util.asn1 import DerSequence, DerInteger + >>> from binascii import hexlify, unhexlify + >>> obj_der = unhexlify('070102') + >>> seq_der = DerSequence([4]) + >>> seq_der.append(9) + >>> seq_der.append(obj_der.encode()) + >>> print hexlify(seq_der.encode()) + + which will show ``3009020104020109070102``, the DER encoding of the + sequence containing ``4``, ``9``, and the object with payload ``02``. + + For decoding: + + >>> s = unhexlify(b'3009020104020109070102') + >>> try: + >>> seq_der = DerSequence() + >>> seq_der.decode(s) + >>> print len(seq_der) + >>> print seq_der[0] + >>> print seq_der[:] + >>> except ValueError: + >>> print "Not a valid DER SEQUENCE" + + the output will be:: + + 3 + 4 + [4, 9, b'\x07\x01\x02'] + + """ + + def __init__(self, startSeq=None, implicit=None): + """Initialize the DER object as a SEQUENCE. + + :Parameters: + startSeq : Python sequence + A sequence whose element are either integers or + other DER objects. + + implicit : integer + The IMPLICIT tag to use for the encoded object. + It overrides the universal tag for SEQUENCE (16). + """ + + DerObject.__init__(self, 0x10, b'', implicit, True) + if startSeq is None: + self._seq = [] + else: + self._seq = startSeq + + # A few methods to make it behave like a python sequence + + def __delitem__(self, n): + del self._seq[n] + + def __getitem__(self, n): + return self._seq[n] + + def __setitem__(self, key, value): + self._seq[key] = value + + def __setslice__(self, i, j, sequence): + self._seq[i:j] = sequence + + def __delslice__(self, i, j): + del self._seq[i:j] + + def __getslice__(self, i, j): + return self._seq[max(0, i):max(0, j)] + + def __len__(self): + return len(self._seq) + + def __iadd__(self, item): + self._seq.append(item) + return self + + def append(self, item): + self._seq.append(item) + return self + + def hasInts(self, only_non_negative=True): + """Return the number of items in this sequence that are + integers. + + Args: + only_non_negative (boolean): + If ``True``, negative integers are not counted in. + """ + + items = [x for x in self._seq if _is_number(x, only_non_negative)] + return len(items) + + def hasOnlyInts(self, only_non_negative=True): + """Return ``True`` if all items in this sequence are integers + or non-negative integers. + + This function returns False is the sequence is empty, + or at least one member is not an integer. + + Args: + only_non_negative (boolean): + If ``True``, the presence of negative integers + causes the method to return ``False``.""" + return self._seq and self.hasInts(only_non_negative) == len(self._seq) + + def encode(self): + """Return this DER SEQUENCE, fully encoded as a + binary string. + + Raises: + ValueError: if some elements in the sequence are neither integers + nor byte strings. + """ + self.payload = b'' + for item in self._seq: + if byte_string(item): + self.payload += item + elif _is_number(item): + self.payload += DerInteger(item).encode() + else: + self.payload += item.encode() + return DerObject.encode(self) + + def decode(self, der_encoded, strict=False, nr_elements=None, only_ints_expected=False): + """Decode a complete DER SEQUENCE, and re-initializes this + object with it. + + Args: + der_encoded (byte string): + A complete SEQUENCE DER element. + nr_elements (None or integer or list of integers): + The number of members the SEQUENCE can have + only_ints_expected (boolean): + Whether the SEQUENCE is expected to contain only integers. + strict (boolean): + Whether decoding must check for strict DER compliancy. + + Raises: + ValueError: in case of parsing errors. + + DER INTEGERs are decoded into Python integers. Any other DER + element is not decoded. Its validity is not checked. + """ + + self._nr_elements = nr_elements + result = DerObject.decode(self, der_encoded, strict=strict) + + if only_ints_expected and not self.hasOnlyInts(): + raise ValueError("Some members are not INTEGERs") + + return result + + def _decodeFromStream(self, s, strict): + """Decode a complete DER SEQUENCE from a file.""" + + self._seq = [] + + # Fill up self.payload + DerObject._decodeFromStream(self, s, strict) + + # Add one item at a time to self.seq, by scanning self.payload + p = BytesIO_EOF(self.payload) + while p.remaining_data() > 0: + p.set_bookmark() + + der = DerObject() + der._decodeFromStream(p, strict) + + # Parse INTEGERs differently + if der._tag_octet != 0x02: + self._seq.append(p.data_since_bookmark()) + else: + derInt = DerInteger() + #import pdb; pdb.set_trace() + data = p.data_since_bookmark() + derInt.decode(data, strict=strict) + self._seq.append(derInt.value) + + ok = True + if self._nr_elements is not None: + try: + ok = len(self._seq) in self._nr_elements + except TypeError: + ok = len(self._seq) == self._nr_elements + + if not ok: + raise ValueError("Unexpected number of members (%d)" + " in the sequence" % len(self._seq)) + + +class DerOctetString(DerObject): + """Class to model a DER OCTET STRING. + + An example of encoding is: + + >>> from Cryptodome.Util.asn1 import DerOctetString + >>> from binascii import hexlify, unhexlify + >>> os_der = DerOctetString(b'\\xaa') + >>> os_der.payload += b'\\xbb' + >>> print hexlify(os_der.encode()) + + which will show ``0402aabb``, the DER encoding for the byte string + ``b'\\xAA\\xBB'``. + + For decoding: + + >>> s = unhexlify(b'0402aabb') + >>> try: + >>> os_der = DerOctetString() + >>> os_der.decode(s) + >>> print hexlify(os_der.payload) + >>> except ValueError: + >>> print "Not a valid DER OCTET STRING" + + the output will be ``aabb``. + + :ivar payload: The content of the string + :vartype payload: byte string + """ + + def __init__(self, value=b'', implicit=None): + """Initialize the DER object as an OCTET STRING. + + :Parameters: + value : byte string + The initial payload of the object. + If not specified, the payload is empty. + + implicit : integer + The IMPLICIT tag to use for the encoded object. + It overrides the universal tag for OCTET STRING (4). + """ + DerObject.__init__(self, 0x04, value, implicit, False) + + +class DerNull(DerObject): + """Class to model a DER NULL element.""" + + def __init__(self): + """Initialize the DER object as a NULL.""" + + DerObject.__init__(self, 0x05, b'', None, False) + + +class DerObjectId(DerObject): + """Class to model a DER OBJECT ID. + + An example of encoding is: + + >>> from Cryptodome.Util.asn1 import DerObjectId + >>> from binascii import hexlify, unhexlify + >>> oid_der = DerObjectId("1.2") + >>> oid_der.value += ".840.113549.1.1.1" + >>> print hexlify(oid_der.encode()) + + which will show ``06092a864886f70d010101``, the DER encoding for the + RSA Object Identifier ``1.2.840.113549.1.1.1``. + + For decoding: + + >>> s = unhexlify(b'06092a864886f70d010101') + >>> try: + >>> oid_der = DerObjectId() + >>> oid_der.decode(s) + >>> print oid_der.value + >>> except ValueError: + >>> print "Not a valid DER OBJECT ID" + + the output will be ``1.2.840.113549.1.1.1``. + + :ivar value: The Object ID (OID), a dot separated list of integers + :vartype value: string + """ + + def __init__(self, value='', implicit=None, explicit=None): + """Initialize the DER object as an OBJECT ID. + + :Parameters: + value : string + The initial Object Identifier (e.g. "1.2.0.0.6.2"). + implicit : integer + The IMPLICIT tag to use for the encoded object. + It overrides the universal tag for OBJECT ID (6). + explicit : integer + The EXPLICIT tag to use for the encoded object. + """ + DerObject.__init__(self, 0x06, b'', implicit, False, explicit) + self.value = value + + def encode(self): + """Return the DER OBJECT ID, fully encoded as a + binary string.""" + + comps = [int(x) for x in self.value.split(".")] + if len(comps) < 2: + raise ValueError("Not a valid Object Identifier string") + self.payload = bchr(40*comps[0]+comps[1]) + for v in comps[2:]: + if v == 0: + enc = [0] + else: + enc = [] + while v: + enc.insert(0, (v & 0x7F) | 0x80) + v >>= 7 + enc[-1] &= 0x7F + self.payload += b''.join([bchr(x) for x in enc]) + return DerObject.encode(self) + + def decode(self, der_encoded, strict=False): + """Decode a complete DER OBJECT ID, and re-initializes this + object with it. + + Args: + der_encoded (byte string): + A complete DER OBJECT ID. + strict (boolean): + Whether decoding must check for strict DER compliancy. + + Raises: + ValueError: in case of parsing errors. + """ + + return DerObject.decode(self, der_encoded, strict) + + def _decodeFromStream(self, s, strict): + """Decode a complete DER OBJECT ID from a file.""" + + # Fill up self.payload + DerObject._decodeFromStream(self, s, strict) + + # Derive self.value from self.payload + p = BytesIO_EOF(self.payload) + comps = [str(x) for x in divmod(p.read_byte(), 40)] + v = 0 + while p.remaining_data(): + c = p.read_byte() + v = v*128 + (c & 0x7F) + if not (c & 0x80): + comps.append(str(v)) + v = 0 + self.value = '.'.join(comps) + + +class DerBitString(DerObject): + """Class to model a DER BIT STRING. + + An example of encoding is: + + >>> from Cryptodome.Util.asn1 import DerBitString + >>> from binascii import hexlify, unhexlify + >>> bs_der = DerBitString(b'\\xaa') + >>> bs_der.value += b'\\xbb' + >>> print hexlify(bs_der.encode()) + + which will show ``040300aabb``, the DER encoding for the bit string + ``b'\\xAA\\xBB'``. + + For decoding: + + >>> s = unhexlify(b'040300aabb') + >>> try: + >>> bs_der = DerBitString() + >>> bs_der.decode(s) + >>> print hexlify(bs_der.value) + >>> except ValueError: + >>> print "Not a valid DER BIT STRING" + + the output will be ``aabb``. + + :ivar value: The content of the string + :vartype value: byte string + """ + + def __init__(self, value=b'', implicit=None, explicit=None): + """Initialize the DER object as a BIT STRING. + + :Parameters: + value : byte string or DER object + The initial, packed bit string. + If not specified, the bit string is empty. + implicit : integer + The IMPLICIT tag to use for the encoded object. + It overrides the universal tag for OCTET STRING (3). + explicit : integer + The EXPLICIT tag to use for the encoded object. + """ + DerObject.__init__(self, 0x03, b'', implicit, False, explicit) + + # The bitstring value (packed) + if isinstance(value, DerObject): + self.value = value.encode() + else: + self.value = value + + def encode(self): + """Return the DER BIT STRING, fully encoded as a + binary string.""" + + # Add padding count byte + self.payload = b'\x00' + self.value + return DerObject.encode(self) + + def decode(self, der_encoded, strict=False): + """Decode a complete DER BIT STRING, and re-initializes this + object with it. + + Args: + der_encoded (byte string): a complete DER BIT STRING. + strict (boolean): + Whether decoding must check for strict DER compliancy. + + Raises: + ValueError: in case of parsing errors. + """ + + return DerObject.decode(self, der_encoded, strict) + + def _decodeFromStream(self, s, strict): + """Decode a complete DER BIT STRING DER from a file.""" + + # Fill-up self.payload + DerObject._decodeFromStream(self, s, strict) + + if self.payload and bord(self.payload[0]) != 0: + raise ValueError("Not a valid BIT STRING") + + # Fill-up self.value + self.value = b'' + # Remove padding count byte + if self.payload: + self.value = self.payload[1:] + + +class DerSetOf(DerObject): + """Class to model a DER SET OF. + + An example of encoding is: + + >>> from Cryptodome.Util.asn1 import DerBitString + >>> from binascii import hexlify, unhexlify + >>> so_der = DerSetOf([4,5]) + >>> so_der.add(6) + >>> print hexlify(so_der.encode()) + + which will show ``3109020104020105020106``, the DER encoding + of a SET OF with items 4,5, and 6. + + For decoding: + + >>> s = unhexlify(b'3109020104020105020106') + >>> try: + >>> so_der = DerSetOf() + >>> so_der.decode(s) + >>> print [x for x in so_der] + >>> except ValueError: + >>> print "Not a valid DER SET OF" + + the output will be ``[4, 5, 6]``. + """ + + def __init__(self, startSet=None, implicit=None): + """Initialize the DER object as a SET OF. + + :Parameters: + startSet : container + The initial set of integers or DER encoded objects. + implicit : integer + The IMPLICIT tag to use for the encoded object. + It overrides the universal tag for SET OF (17). + """ + DerObject.__init__(self, 0x11, b'', implicit, True) + self._seq = [] + + # All elements must be of the same type (and therefore have the + # same leading octet) + self._elemOctet = None + + if startSet: + for e in startSet: + self.add(e) + + def __getitem__(self, n): + return self._seq[n] + + def __iter__(self): + return iter(self._seq) + + def __len__(self): + return len(self._seq) + + def add(self, elem): + """Add an element to the set. + + Args: + elem (byte string or integer): + An element of the same type of objects already in the set. + It can be an integer or a DER encoded object. + """ + + if _is_number(elem): + eo = 0x02 + elif isinstance(elem, DerObject): + eo = self._tag_octet + else: + eo = bord(elem[0]) + + if self._elemOctet != eo: + if self._elemOctet is not None: + raise ValueError("New element does not belong to the set") + self._elemOctet = eo + + if elem not in self._seq: + self._seq.append(elem) + + def decode(self, der_encoded, strict=False): + """Decode a complete SET OF DER element, and re-initializes this + object with it. + + DER INTEGERs are decoded into Python integers. Any other DER + element is left undecoded; its validity is not checked. + + Args: + der_encoded (byte string): a complete DER BIT SET OF. + strict (boolean): + Whether decoding must check for strict DER compliancy. + + Raises: + ValueError: in case of parsing errors. + """ + + return DerObject.decode(self, der_encoded, strict) + + def _decodeFromStream(self, s, strict): + """Decode a complete DER SET OF from a file.""" + + self._seq = [] + + # Fill up self.payload + DerObject._decodeFromStream(self, s, strict) + + # Add one item at a time to self.seq, by scanning self.payload + p = BytesIO_EOF(self.payload) + setIdOctet = -1 + while p.remaining_data() > 0: + p.set_bookmark() + + der = DerObject() + der._decodeFromStream(p, strict) + + # Verify that all members are of the same type + if setIdOctet < 0: + setIdOctet = der._tag_octet + else: + if setIdOctet != der._tag_octet: + raise ValueError("Not all elements are of the same DER type") + + # Parse INTEGERs differently + if setIdOctet != 0x02: + self._seq.append(p.data_since_bookmark()) + else: + derInt = DerInteger() + derInt.decode(p.data_since_bookmark(), strict) + self._seq.append(derInt.value) + # end + + def encode(self): + """Return this SET OF DER element, fully encoded as a + binary string. + """ + + # Elements in the set must be ordered in lexicographic order + ordered = [] + for item in self._seq: + if _is_number(item): + bys = DerInteger(item).encode() + elif isinstance(item, DerObject): + bys = item.encode() + else: + bys = item + ordered.append(bys) + ordered.sort() + self.payload = b''.join(ordered) + return DerObject.encode(self) diff --git a/frozen_deps/Cryptodome/Util/asn1.pyi b/frozen_deps/Cryptodome/Util/asn1.pyi new file mode 100644 index 0000000..dac023b --- /dev/null +++ b/frozen_deps/Cryptodome/Util/asn1.pyi @@ -0,0 +1,74 @@ +from typing import Optional, Sequence, Union, Set, Iterable + +__all__ = ['DerObject', 'DerInteger', 'DerOctetString', 'DerNull', + 'DerSequence', 'DerObjectId', 'DerBitString', 'DerSetOf'] + +# TODO: Make the encoded DerObjects their own type, so that DerSequence and +# DerSetOf can check their contents better + +class BytesIO_EOF: + def __init__(self, initial_bytes: bytes) -> None: ... + def set_bookmark(self) -> None: ... + def data_since_bookmark(self) -> bytes: ... + def remaining_data(self) -> int: ... + def read(self, length: int) -> bytes: ... + def read_byte(self) -> bytes: ... + +class DerObject: + payload: bytes + def __init__(self, asn1Id: Optional[int]=None, payload: Optional[bytes]=..., implicit: Optional[int]=None, + constructed: Optional[bool]=False, explicit: Optional[int]=None) -> None: ... + def encode(self) -> bytes: ... + def decode(self, der_encoded: bytes, strict: Optional[bool]=False) -> DerObject: ... + +class DerInteger(DerObject): + value: int + def __init__(self, value: Optional[int]= 0, implicit: Optional[int]=None, explicit: Optional[int]=None) -> None: ... + def encode(self) -> bytes: ... + def decode(self, der_encoded: bytes, strict: Optional[bool]=False) -> DerInteger: ... + +class DerSequence(DerObject): + def __init__(self, startSeq: Optional[Sequence[Union[int, DerInteger, DerObject]]]=None, implicit: Optional[int]=None) -> None: ... + def __delitem__(self, n: int) -> None: ... + def __getitem__(self, n: int) -> None: ... + def __setitem__(self, key: int, value: DerObject) -> None: ... + def __setslice__(self, i: int, j: int, sequence: Sequence) -> None: ... + def __delslice__(self, i: int, j: int) -> None: ... + def __getslice__(self, i: int, j: int) -> DerSequence: ... + def __len__(self) -> int: ... + def __iadd__(self, item: DerObject) -> DerSequence: ... + def append(self, item: DerObject) -> DerSequence: ... + def hasInts(self, only_non_negative: Optional[bool]=True) -> int: ... + def hasOnlyInts(self, only_non_negative: Optional[bool]=True) -> bool: ... + def encode(self) -> bytes: ... + def decode(self, der_encoded: bytes, strict: Optional[bool]=False, nr_elements: Optional[int]=None, only_ints_expected: Optional[bool]=False) -> DerSequence: ... + +class DerOctetString(DerObject): + payload: bytes + def __init__(self, value: Optional[bytes]=..., implicit: Optional[int]=None) -> None: ... + +class DerNull(DerObject): + def __init__(self) -> None: ... + +class DerObjectId(DerObject): + value: str + def __init__(self, value: Optional[str]=..., implicit: Optional[int]=None, explicit: Optional[int]=None) -> None: ... + def encode(self) -> bytes: ... + def decode(self, der_encoded: bytes, strict: Optional[bool]=False) -> DerObjectId: ... + +class DerBitString(DerObject): + value: bytes + def __init__(self, value: Optional[bytes]=..., implicit: Optional[int]=None, explicit: Optional[int]=None) -> None: ... + def encode(self) -> bytes: ... + def decode(self, der_encoded: bytes, strict: Optional[bool]=False) -> DerBitString: ... + +DerSetElement = Union[bytes, int] + +class DerSetOf(DerObject): + def __init__(self, startSet: Optional[Set[DerSetElement]]=None, implicit: Optional[int]=None) -> None: ... + def __getitem__(self, n: int) -> DerSetElement: ... + def __iter__(self) -> Iterable: ... + def __len__(self) -> int: ... + def add(self, elem: DerSetElement) -> None: ... + def decode(self, der_encoded: bytes, strict: Optional[bool]=False) -> DerObject: ... + def encode(self) -> bytes: ... diff --git a/frozen_deps/Crypto/Util/number.py b/frozen_deps/Cryptodome/Util/number.py index 0e1baa0..0367fdc 100644 --- a/frozen_deps/Crypto/Util/number.py +++ b/frozen_deps/Cryptodome/Util/number.py @@ -24,100 +24,72 @@ # =================================================================== # -__revision__ = "$Id$" - -from Crypto.pct_warnings import GetRandomNumber_DeprecationWarning, PowmInsecureWarning -from warnings import warn as _warn import math import sys -from Crypto.Util.py3compat import * - -bignum = int -try: - from Crypto.PublicKey import _fastmath -except ImportError: - # For production, we are going to let import issues due to gmp/mpir shared - # libraries not loading slide silently and use slowmath. If you'd rather - # see an exception raised if _fastmath exists but cannot be imported, - # uncomment the below - # - # from distutils.sysconfig import get_config_var - # import inspect, os - # _fm_path = os.path.normpath(os.path.dirname(os.path.abspath( - # inspect.getfile(inspect.currentframe()))) - # +"/../../PublicKey/_fastmath"+get_config_var("SO")) - # if os.path.exists(_fm_path): - # raise ImportError("While the _fastmath module exists, importing "+ - # "it failed. This may point to the gmp or mpir shared library "+ - # "not being in the path. _fastmath was found at "+_fm_path) - _fastmath = None - -# You need libgmp v5 or later to get mpz_powm_sec. Warn if it's not available. -if _fastmath is not None and not _fastmath.HAVE_DECL_MPZ_POWM_SEC: - _warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning) - -# New functions -from ._number_new import * - -# Commented out and replaced with faster versions below -## def long2str(n): -## s='' -## while n>0: -## s=chr(n & 255)+s -## n=n>>8 -## return s - -## import types -## def str2long(s): -## if type(s)!=types.StringType: return s # Integers will be left alone -## return reduce(lambda x,y : x*256+ord(y), s, 0L) +import struct +from Cryptodome import Random +from Cryptodome.Util.py3compat import _memoryview, iter_range + +# Backward compatibility +_fastmath = None + + +def ceil_div(n, d): + """Return ceil(n/d), that is, the smallest integer r such that r*d >= n""" + + if d == 0: + raise ZeroDivisionError() + if (n < 0) or (d < 0): + raise ValueError("Non positive values") + r, q = divmod(n, d) + if (n != 0) and (q != 0): + r += 1 + return r + def size (N): - """size(N:long) : int - Returns the size of the number N in bits. - """ + """Returns the size of the number N in bits.""" + + if N < 0: + raise ValueError("Size in bits only avialable for non-negative numbers") + bits = 0 while N >> bits: bits += 1 return bits -def getRandomNumber(N, randfunc=None): - """Deprecated. Use getRandomInteger or getRandomNBitInteger instead.""" - warnings.warn("Crypto.Util.number.getRandomNumber has confusing semantics"+ - "and has been deprecated. Use getRandomInteger or getRandomNBitInteger instead.", - GetRandomNumber_DeprecationWarning) - return getRandomNBitInteger(N, randfunc) def getRandomInteger(N, randfunc=None): - """getRandomInteger(N:int, randfunc:callable):long - Return a random number with at most N bits. + """Return a random number at most N bits long. - If randfunc is omitted, then Random.new().read is used. + If :data:`randfunc` is omitted, then :meth:`Random.get_random_bytes` is used. - This function is for internal use only and may be renamed or removed in - the future. + .. deprecated:: 3.0 + This function is for internal use only and may be renamed or removed in + the future. Use :func:`Cryptodome.Random.random.getrandbits` instead. """ + if randfunc is None: - _import_Random() - randfunc = Random.new().read + randfunc = Random.get_random_bytes S = randfunc(N>>3) odd_bits = N % 8 if odd_bits != 0: - char = ord(randfunc(1)) >> (8-odd_bits) - S = bchr(char) + S + rand_bits = ord(randfunc(1)) >> (8-odd_bits) + S = struct.pack('B', rand_bits) + S value = bytes_to_long(S) return value def getRandomRange(a, b, randfunc=None): - """getRandomRange(a:int, b:int, randfunc:callable):long - Return a random number n so that a <= n < b. + """Return a random number *n* so that *a <= n < b*. - If randfunc is omitted, then Random.new().read is used. + If :data:`randfunc` is omitted, then :meth:`Random.get_random_bytes` is used. - This function is for internal use only and may be renamed or removed in - the future. + .. deprecated:: 3.0 + This function is for internal use only and may be renamed or removed in + the future. Use :func:`Cryptodome.Random.random.randrange` instead. """ + range_ = b - a - 1 bits = size(range_) value = getRandomInteger(bits, randfunc) @@ -126,37 +98,37 @@ def getRandomRange(a, b, randfunc=None): return a + value def getRandomNBitInteger(N, randfunc=None): - """getRandomInteger(N:int, randfunc:callable):long - Return a random number with exactly N-bits, i.e. a random number - between 2**(N-1) and (2**N)-1. + """Return a random number with exactly N-bits, + i.e. a random number between 2**(N-1) and (2**N)-1. - If randfunc is omitted, then Random.new().read is used. + If :data:`randfunc` is omitted, then :meth:`Random.get_random_bytes` is used. - This function is for internal use only and may be renamed or removed in - the future. + .. deprecated:: 3.0 + This function is for internal use only and may be renamed or removed in + the future. """ + value = getRandomInteger (N-1, randfunc) value |= 2 ** (N-1) # Ensure high bit is set assert size(value) >= N return value def GCD(x,y): - """GCD(x:long, y:long): long - Return the GCD of x and y. + """Greatest Common Denominator of :data:`x` and :data:`y`. """ + x = abs(x) ; y = abs(y) while x > 0: x, y = y % x, x return y def inverse(u, v): - """inverse(u:long, v:long):long - Return the inverse of u mod v. - """ - u3, v3 = int(u), int(v) + """The inverse of :data:`u` *mod* :data:`v`.""" + + u3, v3 = u, v u1, v1 = 1, 0 while v3 > 0: - q=divmod(u3, v3)[0] + q = u3 // v3 u1, v1 = v1, u1 - v1*q u3, v3 = v3, u3 - v3*q while u1<0: @@ -167,14 +139,12 @@ def inverse(u, v): # find a prime number of the appropriate size. def getPrime(N, randfunc=None): - """getPrime(N:int, randfunc:callable):long - Return a random N-bit prime number. + """Return a random N-bit prime number. - If randfunc is omitted, then Random.new().read is used. + If randfunc is omitted, then :meth:`Random.get_random_bytes` is used. """ if randfunc is None: - _import_Random() - randfunc = Random.new().read + randfunc = Random.get_random_bytes number=getRandomNBitInteger(N, randfunc) | 1 while (not isPrime(number, randfunc=randfunc)): @@ -185,9 +155,9 @@ def getPrime(N, randfunc=None): def _rabinMillerTest(n, rounds, randfunc=None): """_rabinMillerTest(n:long, rounds:int, randfunc:callable):int Tests if n is prime. - Returns 0 when n is definitly composite. + Returns 0 when n is definitely composite. Returns 1 when n is probably prime. - Returns 2 when n is definitly prime. + Returns 2 when n is definitely prime. If randfunc is omitted, then Random.new().read is used. @@ -208,7 +178,7 @@ def _rabinMillerTest(n, rounds, randfunc=None): tested = [] # we need to do at most n-2 rounds. - for i in range (min (rounds, n-2)): + for i in iter_range (min (rounds, n-2)): # randomly choose a < n and make sure it hasn't been tested yet a = getRandomRange (2, n, randfunc) while a in tested: @@ -219,7 +189,7 @@ def _rabinMillerTest(n, rounds, randfunc=None): if z == 1 or z == n_1: continue composite = 1 - for r in range (b): + for r in iter_range(b): z = (z * z) % n if z == 1: return 0 @@ -231,25 +201,34 @@ def _rabinMillerTest(n, rounds, randfunc=None): return 1 def getStrongPrime(N, e=0, false_positive_prob=1e-6, randfunc=None): - """getStrongPrime(N:int, e:int, false_positive_prob:float, randfunc:callable):long - Return a random strong N-bit prime number. - In this context p is a strong prime if p-1 and p+1 have at + r""" + Return a random strong *N*-bit prime number. + In this context, *p* is a strong prime if *p-1* and *p+1* have at least one large prime factor. - N should be a multiple of 128 and > 512. - - If e is provided the returned prime p-1 will be coprime to e - and thus suitable for RSA where e is the public exponent. - The optional false_positive_prob is the statistical probability - that true is returned even though it is not (pseudo-prime). - It defaults to 1e-6 (less than 1:1000000). - Note that the real probability of a false-positive is far less. This is - just the mathematically provable limit. + Args: + N (integer): the exact length of the strong prime. + It must be a multiple of 128 and > 512. + e (integer): if provided, the returned prime (minus 1) + will be coprime to *e* and thus suitable for RSA where + *e* is the public exponent. + false_positive_prob (float): + The statistical probability for the result not to be actually a + prime. It defaults to 10\ :sup:`-6`. + Note that the real probability of a false-positive is far less. This is + just the mathematically provable limit. + randfunc (callable): + A function that takes a parameter *N* and that returns + a random byte string of such length. + If omitted, :func:`Cryptodome.Random.get_random_bytes` is used. + Return: + The new strong prime. - randfunc should take a single int parameter and return that - many random bytes as a string. - If randfunc is omitted, then Random.new().read is used. + .. deprecated:: 3.0 + This function is for internal use only and may be renamed or removed in + the future. """ + # This function was implemented following the # instructions found in the paper: # "FAST GENERATION OF RANDOM, STRONG RSA PRIMES" @@ -259,9 +238,12 @@ def getStrongPrime(N, e=0, false_positive_prob=1e-6, randfunc=None): # which by the time of writing could be freely downloaded here: # http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.17.2713&rep=rep1&type=pdf + if randfunc is None: + randfunc = Random.get_random_bytes + # Use the accelerator if available if _fastmath is not None: - return _fastmath.getStrongPrime(int(N), int(e), false_positive_prob, + return _fastmath.getStrongPrime(long(N), long(e), false_positive_prob, randfunc) if (N < 512) or ((N % 128) != 0): @@ -275,8 +257,7 @@ def getStrongPrime(N, e=0, false_positive_prob=1e-6, randfunc=None): x = (N - 512) >> 7; # We need to approximate the sqrt(2) in the lower_bound by an integer # expression because floating point math overflows with these numbers - lower_bound = divmod(14142135623730950489 * (2 ** (511 + 128*x)), - 10000000000000000000)[0] + lower_bound = (14142135623730950489 * (2 ** (511 + 128*x))) // 10000000000000000000 upper_bound = (1 << (512 + 128*x)) - 1 # Randomly choose X in calculated range X = getRandomRange (lower_bound, upper_bound, randfunc) @@ -291,7 +272,7 @@ def getStrongPrime(N, e=0, false_positive_prob=1e-6, randfunc=None): # sieve the field for prime in sieve_base: offset = y % prime - for j in range ((prime - offset) % prime, len (field), prime): + for j in iter_range((prime - offset) % prime, len (field), prime): field[j] = 1 # look for suitable p[i] starting at y @@ -333,10 +314,10 @@ def getStrongPrime(N, e=0, false_positive_prob=1e-6, randfunc=None): # the public exponent e if e and is_possible_prime: if e & 1: - if GCD (e, X-1) != 1: + if GCD(e, X-1) != 1: is_possible_prime = 0 else: - if GCD (e, divmod((X-1),2)[0]) != 1: + if GCD(e, (X-1) // 2) != 1: is_possible_prime = 0 # do some Rabin-Miller-Tests @@ -353,19 +334,28 @@ def getStrongPrime(N, e=0, false_positive_prob=1e-6, randfunc=None): return X def isPrime(N, false_positive_prob=1e-6, randfunc=None): - """isPrime(N:long, false_positive_prob:float, randfunc:callable):bool - Return true if N is prime. + r"""Test if a number *N* is a prime. - The optional false_positive_prob is the statistical probability - that true is returned even though it is not (pseudo-prime). - It defaults to 1e-6 (less than 1:1000000). - Note that the real probability of a false-positive is far less. This is - just the mathematically provable limit. + Args: + false_positive_prob (float): + The statistical probability for the result not to be actually a + prime. It defaults to 10\ :sup:`-6`. + Note that the real probability of a false-positive is far less. + This is just the mathematically provable limit. + randfunc (callable): + A function that takes a parameter *N* and that returns + a random byte string of such length. + If omitted, :func:`Cryptodome.Random.get_random_bytes` is used. - If randfunc is omitted, then Random.new().read is used. + Return: + `True` is the input is indeed prime. """ + + if randfunc is None: + randfunc = Random.get_random_bytes + if _fastmath is not None: - return _fastmath.isPrime(int(N), false_positive_prob, randfunc) + return _fastmath.isPrime(long(N), false_positive_prob, randfunc) if N < 3 or N & 1 == 0: return N == 2 @@ -385,15 +375,27 @@ def isPrime(N, false_positive_prob=1e-6, randfunc=None): import struct def long_to_bytes(n, blocksize=0): - """long_to_bytes(n:long, blocksize:int) : string - Convert a long integer to a byte string. + """Convert an integer to a byte string. + + In Python 3.2+, use the native method instead:: + + >>> n.to_bytes(blocksize, 'big') + + For instance:: - If optional blocksize is given and greater than zero, pad the front of the - byte string with binary zeros so that the length is a multiple of - blocksize. + >>> n = 80 + >>> n.to_bytes(2, 'big') + b'\x00P' + + If the optional :data:`blocksize` is provided and greater than zero, + the byte string is padded with binary zeros (on the front) so that + the total length of the output is a multiple of blocksize. + + If :data:`blocksize` is zero or not provided, the byte string will + be of minimal length. """ # after much testing, this algorithm was deemed to be the fastest - s = b('') + s = b'' n = int(n) pack = struct.pack while n > 0: @@ -401,36 +403,55 @@ def long_to_bytes(n, blocksize=0): n = n >> 32 # strip off leading zeros for i in range(len(s)): - if s[i] != b('\000')[0]: + if s[i] != b'\x00'[0]: break else: # only happens when n == 0 - s = b('\000') + s = b'\x00' i = 0 s = s[i:] # add back some pad bytes. this could be done more efficiently w.r.t. the # de-padding being done above, but sigh... if blocksize > 0 and len(s) % blocksize: - s = (blocksize - len(s) % blocksize) * b('\000') + s + s = (blocksize - len(s) % blocksize) * b'\x00' + s return s def bytes_to_long(s): - """bytes_to_long(string) : long - Convert a byte string to a long integer. + """Convert a byte string to a long integer (big endian). + + In Python 3.2+, use the native method instead:: + + >>> int.from_bytes(s, 'big') + + For instance:: + + >>> int.from_bytes(b'\x00P', 'big') + 80 - This is (essentially) the inverse of long_to_bytes(). + This is (essentially) the inverse of :func:`long_to_bytes`. """ acc = 0 + unpack = struct.unpack + + # Up to Python 2.7.4, struct.unpack can't work with bytearrays nor + # memoryviews + if sys.version_info[0:3] < (2, 7, 4): + if isinstance(s, bytearray): + s = bytes(s) + elif isinstance(s, _memoryview): + s = s.tobytes() + length = len(s) if length % 4: extra = (4 - length % 4) - s = b('\000') * extra + s + s = b'\x00' * extra + s length = length + extra for i in range(0, length, 4): acc = (acc << 32) + unpack('>I', s[i:i+4])[0] return acc + # For backwards compatibility... import warnings def long2str(n, blocksize=0): @@ -440,14 +461,6 @@ def str2long(s): warnings.warn("str2long() has been replaced by bytes_to_long()") return bytes_to_long(s) -def _import_Random(): - # This is called in a function instead of at the module level in order to - # avoid problems with recursive imports - global Random, StrongRandom - from Crypto import Random - from Crypto.Random.random import StrongRandom - - # The first 10000 primes used for checking primality. # This should be enough to eliminate most of the odd diff --git a/frozen_deps/Cryptodome/Util/number.pyi b/frozen_deps/Cryptodome/Util/number.pyi new file mode 100644 index 0000000..f8680bf --- /dev/null +++ b/frozen_deps/Cryptodome/Util/number.pyi @@ -0,0 +1,19 @@ +from typing import List, Optional, Callable + + +def ceil_div(n: int, d: int) -> int: ... +def size (N: int) -> int: ... +def getRandomInteger(N: int, randfunc: Optional[Callable]=None) -> int: ... +def getRandomRange(a: int, b: int, randfunc: Optional[Callable]=None) -> int: ... +def getRandomNBitInteger(N: int, randfunc: Optional[Callable]=None) -> int: ... +def GCD(x: int,y: int) -> int: ... +def inverse(u: int, v: int) -> int: ... +def getPrime(N: int, randfunc: Optional[Callable]=None) -> int: ... +def getStrongPrime(N: int, e: Optional[int]=0, false_positive_prob: Optional[float]=1e-6, randfunc: Optional[Callable]=None) -> int: ... +def isPrime(N: int, false_positive_prob: Optional[float]=1e-6, randfunc: Optional[Callable]=None) -> bool: ... +def long_to_bytes(n: int, blocksize: Optional[int]=0) -> bytes: ... +def bytes_to_long(s: bytes) -> int: ... +def long2str(n: int, blocksize: Optional[int]=0) -> bytes: ... +def str2long(s: bytes) -> int: ... + +sieve_base: List[int] diff --git a/frozen_deps/Crypto/Util/py3compat.py b/frozen_deps/Cryptodome/Util/py3compat.py index f8367c9..40ef752 100644 --- a/frozen_deps/Crypto/Util/py3compat.py +++ b/frozen_deps/Cryptodome/Util/py3compat.py @@ -39,7 +39,7 @@ string produces another byte string, but the indexing operation produces an integer. Data read from a file is of '''str'' type if the file was opened in text mode, or of ''bytes'' type otherwise. -Since PyCrypto aims at supporting both Python 2.x and 3.x, the following helper +Since PyCryptodome aims at supporting both Python 2.x and 3.x, the following helper functions are used to keep the rest of the library as independent as possible from the actual Python version. @@ -58,9 +58,9 @@ tobytes(s) a byte string and make a byte string. """ -__revision__ = "$Id$" - import sys +import abc + if sys.version_info[0] == 2: def b(s): @@ -71,18 +71,41 @@ if sys.version_info[0] == 2: return str(s) def bord(s): return ord(s) - if sys.version_info[1] == 1: - def tobytes(s): - try: - return s.encode('latin-1') - except: - return ''.join(s) + def tobytes(s, encoding="latin-1"): + if isinstance(s, unicode): + return s.encode(encoding) + elif isinstance(s, str): + return s + elif isinstance(s, bytearray): + return bytes(s) + else: + return ''.join(s) + def tostr(bs): + return bs + def byte_string(s): + return isinstance(s, str) + + # In Pyton 2.x, StringIO is a stand-alone module + from StringIO import StringIO as BytesIO + + from sys import maxint + + if sys.version_info[1] < 7: + import types + _memoryview = types.NoneType else: - def tobytes(s): - if isinstance(s, str): - return s.encode("latin-1") - else: - return ''.join(s) + _memoryview = memoryview + + iter_range = xrange + + def is_native_int(x): + return isinstance(x, (int, long)) + + def is_string(x): + return isinstance(x, basestring) + + ABC = abc.ABCMeta('ABC', (object,), {'__slots__': ()}) + else: def b(s): return s.encode("latin-1") # utf-8 would cause some side-effects we don't want @@ -95,13 +118,47 @@ else: return bytes(s) def bord(s): return s - def tobytes(s): - if isinstance(s,bytes): + def tobytes(s, encoding="latin-1"): + if isinstance(s, bytes): return s + elif isinstance(s, bytearray): + return bytes(s) + elif isinstance(s,str): + return s.encode(encoding) else: - if isinstance(s,str): - return s.encode("latin-1") - else: - return bytes(s) + return bytes([s]) + def tostr(bs): + return bs.decode("latin-1") + def byte_string(s): + return isinstance(s, bytes) + + # In Python 3.x, StringIO is a sub-module of io + from io import BytesIO + from sys import maxsize as maxint + + _memoryview = memoryview + + iter_range = range + + def is_native_int(x): + return isinstance(x, int) + + def is_string(x): + return isinstance(x, str) + + from abc import ABC + + +def _copy_bytes(start, end, seq): + """Return an immutable copy of a sequence (byte string, byte array, memoryview) + in a certain interval [start:seq]""" + + if isinstance(seq, _memoryview): + return seq[start:end].tobytes() + elif isinstance(seq, bytearray): + return bytes(seq[start:end]) + else: + return seq[start:end] -# vim:set ts=4 sw=4 sts=4 expandtab: +del sys +del abc diff --git a/frozen_deps/Cryptodome/Util/py3compat.pyi b/frozen_deps/Cryptodome/Util/py3compat.pyi new file mode 100644 index 0000000..3297dc0 --- /dev/null +++ b/frozen_deps/Cryptodome/Util/py3compat.pyi @@ -0,0 +1,35 @@ +from typing import Union, Any, Optional, IO + +Buffer = Union[bytes, bytearray, memoryview] + +import sys + +def b(s: str) -> bytes: ... +def bchr(s: int) -> bytes: ... +def bord(s: bytes) -> int: ... +def tobytes(s: Union[bytes, str]) -> bytes: ... +def tostr(b: bytes) -> str: ... +def bytestring(x: Any) -> bool: ... + +def is_native_int(s: Any) -> bool: ... +def is_string(x: Any) -> bool: ... + +def BytesIO(b: bytes) -> IO[bytes]: ... + +if sys.version_info[0] == 2: + from sys import maxint + iter_range = xrange + + if sys.version_info[1] < 7: + import types + _memoryview = types.NoneType + else: + _memoryview = memoryview + +else: + from sys import maxsize as maxint + iter_range = range + + _memoryview = memoryview + +def _copy_bytes(start: Optional[int], end: Optional[int], seq: Buffer) -> bytes: ... diff --git a/frozen_deps/Cryptodome/Util/strxor.py b/frozen_deps/Cryptodome/Util/strxor.py new file mode 100644 index 0000000..91fb4c9 --- /dev/null +++ b/frozen_deps/Cryptodome/Util/strxor.py @@ -0,0 +1,137 @@ +# =================================================================== +# +# Copyright (c) 2014, Legrandin <[email protected]> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# =================================================================== + +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, c_size_t, + create_string_buffer, get_raw_buffer, + c_uint8_ptr, is_writeable_buffer) + +_raw_strxor = load_pycryptodome_raw_lib("Cryptodome.Util._strxor", + """ + void strxor(const uint8_t *in1, + const uint8_t *in2, + uint8_t *out, size_t len); + void strxor_c(const uint8_t *in, + uint8_t c, + uint8_t *out, + size_t len); + """) + + +def strxor(term1, term2, output=None): + """XOR two byte strings. + + Args: + term1 (bytes/bytearray/memoryview): + The first term of the XOR operation. + term2 (bytes/bytearray/memoryview): + The second term of the XOR operation. + output (bytearray/memoryview): + The location where the result must be written to. + If ``None``, the result is returned. + :Return: + If ``output`` is ``None``, a new ``bytes`` string with the result. + Otherwise ``None``. + """ + + if len(term1) != len(term2): + raise ValueError("Only byte strings of equal length can be xored") + + if output is None: + result = create_string_buffer(len(term1)) + else: + # Note: output may overlap with either input + result = output + + if not is_writeable_buffer(output): + raise TypeError("output must be a bytearray or a writeable memoryview") + + if len(term1) != len(output): + raise ValueError("output must have the same length as the input" + " (%d bytes)" % len(term1)) + + _raw_strxor.strxor(c_uint8_ptr(term1), + c_uint8_ptr(term2), + c_uint8_ptr(result), + c_size_t(len(term1))) + + if output is None: + return get_raw_buffer(result) + else: + return None + + +def strxor_c(term, c, output=None): + """XOR a byte string with a repeated sequence of characters. + + Args: + term(bytes/bytearray/memoryview): + The first term of the XOR operation. + c (bytes): + The byte that makes up the second term of the XOR operation. + output (None or bytearray/memoryview): + If not ``None``, the location where the result is stored into. + + Return: + If ``output`` is ``None``, a new ``bytes`` string with the result. + Otherwise ``None``. + """ + + if not 0 <= c < 256: + raise ValueError("c must be in range(256)") + + if output is None: + result = create_string_buffer(len(term)) + else: + # Note: output may overlap with either input + result = output + + if not is_writeable_buffer(output): + raise TypeError("output must be a bytearray or a writeable memoryview") + + if len(term) != len(output): + raise ValueError("output must have the same length as the input" + " (%d bytes)" % len(term)) + + _raw_strxor.strxor_c(c_uint8_ptr(term), + c, + c_uint8_ptr(result), + c_size_t(len(term)) + ) + + if output is None: + return get_raw_buffer(result) + else: + return None + + +def _strxor_direct(term1, term2, result): + """Very fast XOR - check conditions!""" + _raw_strxor.strxor(term1, term2, result, c_size_t(len(term1))) + diff --git a/frozen_deps/Cryptodome/Util/strxor.pyi b/frozen_deps/Cryptodome/Util/strxor.pyi new file mode 100644 index 0000000..ca896f3 --- /dev/null +++ b/frozen_deps/Cryptodome/Util/strxor.pyi @@ -0,0 +1,6 @@ +from typing import Union, Optional + +Buffer = Union[bytes, bytearray, memoryview] + +def strxor(term1: bytes, term2: bytes, output: Optional[Buffer]=...) -> bytes: ... +def strxor_c(term: bytes, c: int, output: Optional[Buffer]=...) -> bytes: ... diff --git a/frozen_deps/Cryptodome/__init__.py b/frozen_deps/Cryptodome/__init__.py new file mode 100644 index 0000000..bb08e39 --- /dev/null +++ b/frozen_deps/Cryptodome/__init__.py @@ -0,0 +1,6 @@ +__all__ = ['Cipher', 'Hash', 'Protocol', 'PublicKey', 'Util', 'Signature', + 'IO', 'Math'] + +version_info = (3, 9, '9') + +__version__ = ".".join([str(x) for x in version_info]) diff --git a/frozen_deps/Cryptodome/__init__.pyi b/frozen_deps/Cryptodome/__init__.pyi new file mode 100644 index 0000000..bc73446 --- /dev/null +++ b/frozen_deps/Cryptodome/__init__.pyi @@ -0,0 +1,4 @@ +from typing import Tuple, Union + +version_info : Tuple[int, int, Union[int, str]] +__version__ : str diff --git a/frozen_deps/Cryptodome/py.typed b/frozen_deps/Cryptodome/py.typed new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/frozen_deps/Cryptodome/py.typed diff --git a/frozen_deps/bin/keytree.py b/frozen_deps/bin/keytree.py index 1f4bedb..0b09eaf 100755 --- a/frozen_deps/bin/keytree.py +++ b/frozen_deps/bin/keytree.py @@ -223,12 +223,12 @@ def load_from_keystore(filename): key = hashlib.pbkdf2_hmac( 'sha256', sha256(passwd + salt), salt, 200000) - obj = AES.new(key, + a = AES.new(key, mode=AES.MODE_GCM, nonce=iv) if tag != sha256(passwd + sha256(passwd + salt)): raise KeytreeError("incorrect keystore password") - return obj.decrypt(ciphertext[:-16]).decode('utf-8') + return a.decrypt(ciphertext[:-16]).decode('utf-8') except KeytreeError as e: raise e except: @@ -237,9 +237,43 @@ def load_from_keystore(filename): raise KeytreeError("failed to open file") +def cb58encode(raw): + checksum = sha256(raw)[-4:] + return b58encode(raw + checksum) + + +def save_to_keystore(filename, words): + try: + with open(filename, "w") as f: + #try: + passwd = getpass('Enter the password for the keystore (utf-8): ').encode('utf-8') + iv = os.urandom(12) + salt = os.urandom(16) + pass_hash = sha256(passwd + sha256(passwd + salt)) + key = hashlib.pbkdf2_hmac( + 'sha256', + sha256(passwd + salt), salt, 200000) + a = AES.new(key, + mode=AES.MODE_GCM, + nonce=iv).update(salt) + (c, t) = a.encrypt_with_digest(words) + ciphertext = c + t + json.dump({ + 'keys': [ + {'key': cb58encode(ciphertext), 'iv': cb58encode(iv)}], + 'salt': cb58encode(salt), + 'pass_hash': cb58encode(pass_hash) + }, f) + #except: + # raise KeytreeError("invalid or corrupted keystore file") + except FileNotFoundError: + raise KeytreeError("failed to open file") + + if __name__ == '__main__': parser = argparse.ArgumentParser(description='Derive BIP32 key pairs from BIP39 mnemonic') - parser.add_argument('--from-avax-keystore', type=str, default=None, help='load mnemonic from an AVAX keystore file') + parser.add_argument('--load-keystore', type=str, default=None, help='load mnemonic from a keystore file (AVAX Wallet compatible)') + parser.add_argument('--save-keystore', type=str, default=None, help='save mnemonic to a keystore file (AVAX Wallet compatible)') parser.add_argument('--show-private', action='store_true', default=False, help='also show private keys and the mnemonic') parser.add_argument('--custom-words', action='store_true', default=False, help='use an arbitrary word combination as mnemonic') parser.add_argument('--account-path', default="44'/9000'/0'/0", help="path prefix for key deriving (e.g. \"0/1'/2\")") @@ -258,8 +292,8 @@ if __name__ == '__main__': mgen = mnemonic.Mnemonic(args.lang) words = mgen.generate(256) else: - if args.from_avax_keystore: - words = load_from_keystore(args.from_avax_keystore) + if args.load_keystore: + words = load_from_keystore(args.load_keystore) else: words = getpass('Enter the mnemonic: ').strip() if not args.custom_words: @@ -285,6 +319,8 @@ if __name__ == '__main__': print("{}.addr(AVAX) X-{}".format(i, bech32.bech32_encode(args.hrp, bech32.convertbits(ripemd160(sha256(cpub)), 8, 5)))) print("{}.addr(BTC) {}".format(i, get_btc_addr(pub))) print("{}.addr(ETH) {}".format(i, get_eth_addr(pub))) + if args.save_keystore: + save_to_keystore(args.save_keystore, words) except KeytreeError as e: sys.stderr.write("error: {}\n".format(str(e))) sys.exit(1) diff --git a/frozen_deps/keytree.py-0.2.dist-info/METADATA b/frozen_deps/keytree.py-0.2.dist-info/METADATA index ced8872..30904eb 100644 --- a/frozen_deps/keytree.py-0.2.dist-info/METADATA +++ b/frozen_deps/keytree.py-0.2.dist-info/METADATA @@ -10,7 +10,7 @@ Platform: UNKNOWN Requires-Dist: ecdsa Requires-Dist: base58 Requires-Dist: pysha3 -Requires-Dist: pycrypto +Requires-Dist: pycryptodomex Requires-Dist: mnemonic UNKNOWN diff --git a/frozen_deps/keytree.py-0.2.dist-info/RECORD b/frozen_deps/keytree.py-0.2.dist-info/RECORD index 6d5e4e7..5f7d2f8 100644 --- a/frozen_deps/keytree.py-0.2.dist-info/RECORD +++ b/frozen_deps/keytree.py-0.2.dist-info/RECORD @@ -1,9 +1,9 @@ ../../bin/__pycache__/keytree.cpython-38.pyc,,
-../../bin/keytree.py,sha256=3ZAMRh7CeqEydctLUTqBLfcgiVZlDfmcsDfUWcxLYjw,10394
+../../bin/keytree.py,sha256=XCCc0ThEVf1BRHtz8LefMmWyhGBp9G8LkxzY51JDkj0,11850
__pycache__/bech32.cpython-38.pyc,,
bech32.py,sha256=QZdU7nY1UUzeYfV-5ASwhe3PA3YVVnClyGGrtgJIjsE,4376
keytree.py-0.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-keytree.py-0.2.dist-info/METADATA,sha256=mbeKpm8oSaMl3-pBpqeonURUlfmadsd0gw7rt8ZVm1w,363
+keytree.py-0.2.dist-info/METADATA,sha256=bnRg0Bju4Uk768UXWAJ2TAlKIkRFgPP92ClhF1Z2o2w,368
keytree.py-0.2.dist-info/RECORD,,
keytree.py-0.2.dist-info/WHEEL,sha256=g4nMs7d-Xl9-xC9XovUrsDHGXt-FT0E17Yqo92DEfvY,92
keytree.py-0.2.dist-info/direct_url.json,sha256=6seyiOxGCRXsnt6lrEcpcJtZGEXuBr-KHa0idXAuZDA,71
diff --git a/frozen_deps/pycrypto-2.6.1.dist-info/METADATA b/frozen_deps/pycrypto-2.6.1.dist-info/METADATA deleted file mode 100644 index 3f5b6a7..0000000 --- a/frozen_deps/pycrypto-2.6.1.dist-info/METADATA +++ /dev/null @@ -1,22 +0,0 @@ -Metadata-Version: 2.1 -Name: pycrypto -Version: 2.6.1 -Summary: Cryptographic modules for Python. -Home-page: http://www.pycrypto.org/ -Author: Dwayne C. Litzenberger -Author-email: [email protected] -License: UNKNOWN -Platform: UNKNOWN -Classifier: Development Status :: 5 - Production/Stable -Classifier: License :: Public Domain -Classifier: Intended Audience :: Developers -Classifier: Operating System :: Unix -Classifier: Operating System :: Microsoft :: Windows -Classifier: Operating System :: MacOS :: MacOS X -Classifier: Topic :: Security :: Cryptography -Classifier: Programming Language :: Python :: 2 -Classifier: Programming Language :: Python :: 3 - -UNKNOWN - - diff --git a/frozen_deps/pycrypto-2.6.1.dist-info/RECORD b/frozen_deps/pycrypto-2.6.1.dist-info/RECORD deleted file mode 100644 index bcad46d..0000000 --- a/frozen_deps/pycrypto-2.6.1.dist-info/RECORD +++ /dev/null @@ -1,261 +0,0 @@ -Crypto/Cipher/AES.py,sha256=zdQXQvWD37SMh6Pz71Ir_nmzv7cZ7RQjCd6Tp2gE0fY,4218
-Crypto/Cipher/ARC2.py,sha256=3lRMA8tW0jBEbyXC-f_4x88MkzudgmRPZlzGpZ8032M,4916
-Crypto/Cipher/ARC4.py,sha256=HLlyx41Ao7nLwHZ5Z-vqiBPqB0udK9EcmyBnBABYWP4,4265
-Crypto/Cipher/Blowfish.py,sha256=xGVzqqoeDegd6KFyUalrTZ81jZDUbJtE2-zf8nidO2k,4459
-Crypto/Cipher/CAST.py,sha256=G9B9pHPD5A_2f_8laeMU9HtYEWu6iPrzP8kU2pNDr8E,4497
-Crypto/Cipher/DES.py,sha256=BtD_kaaAtHd4eqYUD1R12TJ5tLSlgww6kgJpkiMOcDQ,4403
-Crypto/Cipher/DES3.py,sha256=RxWw3mcYZ6YkVYGGjffQHZWqqOQTv_43s-73SyYko_w,5130
-Crypto/Cipher/PKCS1_OAEP.py,sha256=CEDbzB7NG9LJ5cUPSWkVlUIaIHtHiitGip1z2VDIXIM,9337
-Crypto/Cipher/PKCS1_v1_5.py,sha256=QefUewQFdMeqyzyNtPJWsbm12kidQuoiwMJt2JIGYZc,9109
-Crypto/Cipher/XOR.py,sha256=_tqnB-fVPSeL4UTbD58QNFCikvXACAI_yNYyUZ0veDs,2736
-Crypto/Cipher/_AES.cpython-38-x86_64-linux-gnu.so,sha256=qajgcGRe6FxLNsqyjmC0kvAM-AP5Leg5x-pJ7Ff3YDg,43640
-Crypto/Cipher/_ARC2.cpython-38-x86_64-linux-gnu.so,sha256=Ms1i0EgMSg1u0l0PqooApjfXBXrPdBa4BNvC5JtpXrQ,26904
-Crypto/Cipher/_ARC4.cpython-38-x86_64-linux-gnu.so,sha256=Z8XpYrkIBzeb3bC8G2rVetIbXT-YBEPH0bYACLrL6Nc,18064
-Crypto/Cipher/_Blowfish.cpython-38-x86_64-linux-gnu.so,sha256=_Kj6oU_kwvtnXoZPvtQ6bbvgqan7jtWWDpChUQSu8-A,35368
-Crypto/Cipher/_CAST.cpython-38-x86_64-linux-gnu.so,sha256=74aSGGReYsFWAYaxdzvQvFGArb3ByJUp9fYFOsutwi0,35320
-Crypto/Cipher/_DES.cpython-38-x86_64-linux-gnu.so,sha256=nAbiA_48cuQD5rPQkyIflgckbONIUPlOF5BqLL55CnU,68560
-Crypto/Cipher/_DES3.cpython-38-x86_64-linux-gnu.so,sha256=B5Z5TAcZldhS_Rx0_NvlXpyC697IGYIOgyybb9GjFco,68560
-Crypto/Cipher/_XOR.cpython-38-x86_64-linux-gnu.so,sha256=6yZ52WaICl8oqjJoED3V34JxwnX44C_INVBLjluPqpA,18096
-Crypto/Cipher/__init__.py,sha256=XljqRT7D0kyJEpntdMQbA8n68gWwLQedxzc1T8VygYU,3440
-Crypto/Cipher/__pycache__/AES.cpython-38.pyc,,
-Crypto/Cipher/__pycache__/ARC2.cpython-38.pyc,,
-Crypto/Cipher/__pycache__/ARC4.cpython-38.pyc,,
-Crypto/Cipher/__pycache__/Blowfish.cpython-38.pyc,,
-Crypto/Cipher/__pycache__/CAST.cpython-38.pyc,,
-Crypto/Cipher/__pycache__/DES.cpython-38.pyc,,
-Crypto/Cipher/__pycache__/DES3.cpython-38.pyc,,
-Crypto/Cipher/__pycache__/PKCS1_OAEP.cpython-38.pyc,,
-Crypto/Cipher/__pycache__/PKCS1_v1_5.cpython-38.pyc,,
-Crypto/Cipher/__pycache__/XOR.cpython-38.pyc,,
-Crypto/Cipher/__pycache__/__init__.cpython-38.pyc,,
-Crypto/Cipher/__pycache__/blockalgo.cpython-38.pyc,,
-Crypto/Cipher/blockalgo.py,sha256=iTMWpnhMhwMD1SqyDduyB9B-ueLAKGLiW-oD2Vt-xms,12596
-Crypto/Hash/HMAC.py,sha256=2lpshwFp5OGeymb3D-zirgjDOg6QIdTvWnJAmnJ8xk0,7309
-Crypto/Hash/MD2.py,sha256=AVkf-DC5TPJysc6qXBNfSTWgz-RVIKP8adbOUZBS914,2734
-Crypto/Hash/MD4.py,sha256=4LNMbJUmXeB7Dg24FrtzyZaYpBhHKD3qBsFzsENFAQE,2716
-Crypto/Hash/MD5.py,sha256=tpnoyAq7YDeCfJVMXc2U6rm4R0pCMjLzAF2lMEmDG24,2863
-Crypto/Hash/RIPEMD.py,sha256=VGl2ej_XG3PPByfduL8KNy2g_W45SYukmE4Ww5jUhyg,3005
-Crypto/Hash/SHA.py,sha256=IgvTUNC1j1Y-ITKyKhbZBLSaZGHSFTY_nVEUThXVvbg,2841
-Crypto/Hash/SHA224.py,sha256=HNBj-5K5W9o6hwROHKtan6TzRPM72jGNIxEEKEF0r8o,2851
-Crypto/Hash/SHA256.py,sha256=zUuyPbvEM519lyc9yG1yF9J_WD9QaQCa1wzfDWPwcNw,2852
-Crypto/Hash/SHA384.py,sha256=W7QZ-jYyCA1_vL2IeMQyhtXdCnuuk9KNEwEmwjzHoW8,2853
-Crypto/Hash/SHA512.py,sha256=_5Bk0r-48hJuNMezQYuWemlbGGPW2v4OqHVTYUmMvCg,2850
-Crypto/Hash/_MD2.cpython-38-x86_64-linux-gnu.so,sha256=-YIEL7BIqS1buS_x2LYTYZup3ANqy5PX5Yz37frUyLM,18464
-Crypto/Hash/_MD4.cpython-38-x86_64-linux-gnu.so,sha256=zbK4osbY37dLzSNUPKN6AgxQSZ6YtuVgyGIGuWVj334,18552
-Crypto/Hash/_RIPEMD160.cpython-38-x86_64-linux-gnu.so,sha256=wtjyzmtTp_rYQBvJFviVfZpsAvlk6D-4t_zkKIXUWvI,22888
-Crypto/Hash/_SHA224.cpython-38-x86_64-linux-gnu.so,sha256=4LvpSq7MmkNpZsMf7speKCxgUh_b10plytYXflrBt7Y,18496
-Crypto/Hash/_SHA256.cpython-38-x86_64-linux-gnu.so,sha256=Xa5v4RySkT_tHytuUBm9A5NK90108oebNDxnzePepuk,18496
-Crypto/Hash/_SHA384.cpython-38-x86_64-linux-gnu.so,sha256=URhwdl1hoK0euL23vtoj3N9Jw2Gem3kVqN20nXAbCdU,22592
-Crypto/Hash/_SHA512.cpython-38-x86_64-linux-gnu.so,sha256=uA5QGreT8Ufq54CkniZdr5ayeBhBzTe5BHlyxI0BPY4,22592
-Crypto/Hash/__init__.py,sha256=QtJ_3oI1ELyZ1gm8Gqhli_1xT4CQCECWLaq094HonN4,2432
-Crypto/Hash/__pycache__/HMAC.cpython-38.pyc,,
-Crypto/Hash/__pycache__/MD2.cpython-38.pyc,,
-Crypto/Hash/__pycache__/MD4.cpython-38.pyc,,
-Crypto/Hash/__pycache__/MD5.cpython-38.pyc,,
-Crypto/Hash/__pycache__/RIPEMD.cpython-38.pyc,,
-Crypto/Hash/__pycache__/SHA.cpython-38.pyc,,
-Crypto/Hash/__pycache__/SHA224.cpython-38.pyc,,
-Crypto/Hash/__pycache__/SHA256.cpython-38.pyc,,
-Crypto/Hash/__pycache__/SHA384.cpython-38.pyc,,
-Crypto/Hash/__pycache__/SHA512.cpython-38.pyc,,
-Crypto/Hash/__pycache__/__init__.cpython-38.pyc,,
-Crypto/Hash/__pycache__/hashalgo.cpython-38.pyc,,
-Crypto/Hash/hashalgo.py,sha256=uNOiQseIAw-NXKIwjAomwA3ZdjLHBnzES0GD3Xh6hu8,3984
-Crypto/Protocol/AllOrNothing.py,sha256=szBTydYgyxmPbGbHXv-uthp5rO4XA0N0rgKRGF3FmvM,11959
-Crypto/Protocol/Chaffing.py,sha256=hkUbn2R4nKjQlMEy9CgJ4a4qvuqxjMCz9quqHrYBuJU,10280
-Crypto/Protocol/KDF.py,sha256=98bWbmx1ctD65OHxTNhxqX2dE58TIAXl5p2PCkEPaFo,5069
-Crypto/Protocol/__init__.py,sha256=nIuNk6tS9Xm4HsOhkQPIyG_VMCgT2MwGsZja2sjXrtg,1573
-Crypto/Protocol/__pycache__/AllOrNothing.cpython-38.pyc,,
-Crypto/Protocol/__pycache__/Chaffing.cpython-38.pyc,,
-Crypto/Protocol/__pycache__/KDF.cpython-38.pyc,,
-Crypto/Protocol/__pycache__/__init__.cpython-38.pyc,,
-Crypto/PublicKey/DSA.py,sha256=jXpxkko8IrvH_YfGGEl3idVVpfTbllAjkpliz635Iok,13689
-Crypto/PublicKey/ElGamal.py,sha256=HVZfYJylzakvAJ83W0VxVyyVoUP-eGl5Z6_WM5kYaog,13212
-Crypto/PublicKey/RSA.py,sha256=6DeyV2z4H5wChNI622FyT0M3czDgPX0tUlQrIFzimII,29893
-Crypto/PublicKey/_DSA.py,sha256=m-dMnmKqkw4uOXSNTwf7braa_-eoWuRDcmjPWKQcOVI,3470
-Crypto/PublicKey/_RSA.py,sha256=dFMnO1k9N1rijktx2OFCJv5xzd_oYVepVSWNRv0fkmQ,2760
-Crypto/PublicKey/__init__.py,sha256=dTFZbenEp98vElmrk9vuT2X9IqL3jHHKtq4pITpJZTU,1876
-Crypto/PublicKey/__pycache__/DSA.cpython-38.pyc,,
-Crypto/PublicKey/__pycache__/ElGamal.cpython-38.pyc,,
-Crypto/PublicKey/__pycache__/RSA.cpython-38.pyc,,
-Crypto/PublicKey/__pycache__/_DSA.cpython-38.pyc,,
-Crypto/PublicKey/__pycache__/_RSA.cpython-38.pyc,,
-Crypto/PublicKey/__pycache__/__init__.cpython-38.pyc,,
-Crypto/PublicKey/__pycache__/_slowmath.cpython-38.pyc,,
-Crypto/PublicKey/__pycache__/pubkey.cpython-38.pyc,,
-Crypto/PublicKey/_fastmath.cpython-38-x86_64-linux-gnu.so,sha256=wVmNfdPPprXNgY8Db86ZywNBsLIGDjaKCuWmE56Sy-s,78864
-Crypto/PublicKey/_slowmath.py,sha256=bZTi0MEViDieJfhsEnKRatt86yZ7V-MToW3viDDT3c4,6409
-Crypto/PublicKey/pubkey.py,sha256=swCmQTk5oHjODolNoO78znO1vlb044LgT2EcvKWEXW4,8088
-Crypto/Random/Fortuna/FortunaAccumulator.py,sha256=LJ9Npmoq9uPyCLjEAw0cceitozqKLPHsIHfHsjGc4LA,6788
-Crypto/Random/Fortuna/FortunaGenerator.py,sha256=GfaMASoqHTeCPW9lPJ2cuIe4z245H9XrykNMS-BvFJU,5270
-Crypto/Random/Fortuna/SHAd256.py,sha256=BNLUDG0QSNqlBpmorD8Qv583LTinuAgpAi2HgThsaag,3098
-Crypto/Random/Fortuna/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-Crypto/Random/Fortuna/__pycache__/FortunaAccumulator.cpython-38.pyc,,
-Crypto/Random/Fortuna/__pycache__/FortunaGenerator.cpython-38.pyc,,
-Crypto/Random/Fortuna/__pycache__/SHAd256.cpython-38.pyc,,
-Crypto/Random/Fortuna/__pycache__/__init__.cpython-38.pyc,,
-Crypto/Random/OSRNG/__init__.py,sha256=6Q_9uzT3pk7G_Wk97D8Ze_JlFvSG2owPxJkyd24xP5E,1542
-Crypto/Random/OSRNG/__pycache__/__init__.cpython-38.pyc,,
-Crypto/Random/OSRNG/__pycache__/fallback.cpython-38.pyc,,
-Crypto/Random/OSRNG/__pycache__/posix.cpython-38.pyc,,
-Crypto/Random/OSRNG/__pycache__/rng_base.cpython-38.pyc,,
-Crypto/Random/OSRNG/fallback.py,sha256=MH99pYPRTmw7m8KorK2xeSwO7xrkLFor76RMNhY5KQg,1521
-Crypto/Random/OSRNG/posix.py,sha256=eTOTZJX9ZrCVc9Wz5Zw_Q7yaCe4iIeaq7O2P7jLv5pM,2838
-Crypto/Random/OSRNG/rng_base.py,sha256=GVjP55P4VRBk7oO_FKTjAGrc83O2NuYuOWVlG9C0EmQ,2867
-Crypto/Random/_UserFriendlyRNG.py,sha256=-K-jbkaPjn7reXc6gplEnYGq5A9lDmf1NiCXipdgK2w,7621
-Crypto/Random/__init__.py,sha256=L6NbHyEB2epH7WRsz3M6_LF9z7_eOnJjDOFH4opFzkg,1669
-Crypto/Random/__pycache__/_UserFriendlyRNG.cpython-38.pyc,,
-Crypto/Random/__pycache__/__init__.cpython-38.pyc,,
-Crypto/Random/__pycache__/random.cpython-38.pyc,,
-Crypto/Random/random.py,sha256=eurKE-iEuqRp3vu39Gpiux67zfl5CJ8OGvnrTd8nWb4,5235
-Crypto/SelfTest/Cipher/__init__.py,sha256=QCrjmEJc9HvASt_x1TFxGvuWXJ0YTLKsVsLTG-V3E4E,2401
-Crypto/SelfTest/Cipher/__pycache__/__init__.cpython-38.pyc,,
-Crypto/SelfTest/Cipher/__pycache__/common.cpython-38.pyc,,
-Crypto/SelfTest/Cipher/__pycache__/test_AES.cpython-38.pyc,,
-Crypto/SelfTest/Cipher/__pycache__/test_ARC2.cpython-38.pyc,,
-Crypto/SelfTest/Cipher/__pycache__/test_ARC4.cpython-38.pyc,,
-Crypto/SelfTest/Cipher/__pycache__/test_Blowfish.cpython-38.pyc,,
-Crypto/SelfTest/Cipher/__pycache__/test_CAST.cpython-38.pyc,,
-Crypto/SelfTest/Cipher/__pycache__/test_DES.cpython-38.pyc,,
-Crypto/SelfTest/Cipher/__pycache__/test_DES3.cpython-38.pyc,,
-Crypto/SelfTest/Cipher/__pycache__/test_XOR.cpython-38.pyc,,
-Crypto/SelfTest/Cipher/__pycache__/test_pkcs1_15.cpython-38.pyc,,
-Crypto/SelfTest/Cipher/__pycache__/test_pkcs1_oaep.cpython-38.pyc,,
-Crypto/SelfTest/Cipher/common.py,sha256=YrMmMD1WSore4F24DC_vxJKvAHpBJLHce-g4NXYzIDY,16568
-Crypto/SelfTest/Cipher/test_AES.py,sha256=nvJaazjoV6kOcXHAWfNjb326Ikb5wZitMaRPwWeth1U,79977
-Crypto/SelfTest/Cipher/test_ARC2.py,sha256=UDWMnNHxGfoaSViVbcPGXs3NomsW2zxKAt2xcFxjIw4,4947
-Crypto/SelfTest/Cipher/test_ARC4.py,sha256=-iqIeQ6i9nR2M_YaME3QEuAFxhhUpelNlg3aCsiftgE,3547
-Crypto/SelfTest/Cipher/test_Blowfish.py,sha256=DLT3g75NF_eeaVaueRCQ2n4_XxJYd16rBouRsS7FIzU,5833
-Crypto/SelfTest/Cipher/test_CAST.py,sha256=YY6x3LJdrJbJgazEJxaHoOxlzfMzdCND8mUJZIZoDRs,1978
-Crypto/SelfTest/Cipher/test_DES.py,sha256=cG4o_9ckWsJvhSZiXU9I6jLBqdxaHBS2V73JlDt9bn4,15011
-Crypto/SelfTest/Cipher/test_DES3.py,sha256=dtR_aOZwlvUgppqFLemz0A6bfyUtiY09k0Sr-bQwhW0,15560
-Crypto/SelfTest/Cipher/test_XOR.py,sha256=Eq6eDUqae8ju8olSN5m9arIt4X6vbqCFmC-ev3htjHM,2539
-Crypto/SelfTest/Cipher/test_pkcs1_15.py,sha256=oLEYASebuOK3ruYz91ZThY8t07Sh04zoiuCfJ9K-UY0,7342
-Crypto/SelfTest/Cipher/test_pkcs1_oaep.py,sha256=uDgrJmzoJqIXeizzJDqKW2w0K8RGSp6NtE2aSIB5XSQ,17253
-Crypto/SelfTest/Hash/__init__.py,sha256=PwY0AUVBF3JZL0jyzajD_i5R7K6HatO5fLNuCqnSbHk,2518
-Crypto/SelfTest/Hash/__pycache__/__init__.cpython-38.pyc,,
-Crypto/SelfTest/Hash/__pycache__/common.cpython-38.pyc,,
-Crypto/SelfTest/Hash/__pycache__/test_HMAC.cpython-38.pyc,,
-Crypto/SelfTest/Hash/__pycache__/test_MD2.cpython-38.pyc,,
-Crypto/SelfTest/Hash/__pycache__/test_MD4.cpython-38.pyc,,
-Crypto/SelfTest/Hash/__pycache__/test_MD5.cpython-38.pyc,,
-Crypto/SelfTest/Hash/__pycache__/test_RIPEMD.cpython-38.pyc,,
-Crypto/SelfTest/Hash/__pycache__/test_SHA.cpython-38.pyc,,
-Crypto/SelfTest/Hash/__pycache__/test_SHA224.cpython-38.pyc,,
-Crypto/SelfTest/Hash/__pycache__/test_SHA256.cpython-38.pyc,,
-Crypto/SelfTest/Hash/__pycache__/test_SHA384.cpython-38.pyc,,
-Crypto/SelfTest/Hash/__pycache__/test_SHA512.cpython-38.pyc,,
-Crypto/SelfTest/Hash/common.py,sha256=0z6RQTvJ_hs-2nL-4NvWgW1TKib6urQjrlDb1tipYtU,7076
-Crypto/SelfTest/Hash/test_HMAC.py,sha256=An7fj5tVxCPoAkFWpTkteliVOTxEJ6wbxQCOLoCE-90,8199
-Crypto/SelfTest/Hash/test_MD2.py,sha256=SU0Bh-hD1BUwbZ1wmK6yOFIx2wkqdjIOW5k8HANxDQA,2369
-Crypto/SelfTest/Hash/test_MD4.py,sha256=xsr0oHX-vFlF6s4u0zK7VuyUBytbiFker7HwREZiCEw,2369
-Crypto/SelfTest/Hash/test_MD5.py,sha256=bd8-oLvo4Zbjk5VI-LiO1NWutLHGCQz8c2pdVm0PuEA,2369
-Crypto/SelfTest/Hash/test_RIPEMD.py,sha256=1uTfKvlGFSin5Zwkb5-EpDN9Hqju5RhBJE1mNzY8qGo,2686
-Crypto/SelfTest/Hash/test_SHA.py,sha256=OPYddyrd0jZwj7iDvEeLHwOcY39mLgg4DxEwOBI4LZo,2312
-Crypto/SelfTest/Hash/test_SHA224.py,sha256=pJv-BVv1U6SbVXuq4qurueae9Gv6ExwjlfhgF_nv8pA,2582
-Crypto/SelfTest/Hash/test_SHA256.py,sha256=lvDWuTKYIqVi07XsWiczsuETvw_MOGJmKT9ASatwpAc,3662
-Crypto/SelfTest/Hash/test_SHA384.py,sha256=nRNxUd0ji_iGhZeelFTS1BtC_7yKbO49oVW2GlKvM7I,2763
-Crypto/SelfTest/Hash/test_SHA512.py,sha256=teZzqGj9pJ1fY2XmMtgJiZRvcvngAourOH6Ka_nL2Hc,2850
-Crypto/SelfTest/Protocol/__init__.py,sha256=n0jyxv7F-g4upKbUa-17TvOvDDNNgR9FAsZPT2pRkf8,1751
-Crypto/SelfTest/Protocol/__pycache__/__init__.cpython-38.pyc,,
-Crypto/SelfTest/Protocol/__pycache__/test_AllOrNothing.cpython-38.pyc,,
-Crypto/SelfTest/Protocol/__pycache__/test_KDF.cpython-38.pyc,,
-Crypto/SelfTest/Protocol/__pycache__/test_chaffing.cpython-38.pyc,,
-Crypto/SelfTest/Protocol/__pycache__/test_rfc1751.cpython-38.pyc,,
-Crypto/SelfTest/Protocol/test_AllOrNothing.py,sha256=9ZTaJ2VE1OqF_RxjKZLo_Geoqg_-26Z_N5hrPk_Dpwc,3024
-Crypto/SelfTest/Protocol/test_KDF.py,sha256=SAIrJVGiqZ5WWWi7xm90tqMBzTySWT4nA16ERp7VkgY,3827
-Crypto/SelfTest/Protocol/test_chaffing.py,sha256=CdumC2qHo_DSlv0NlgMX2Rh_n_IKiL1xxBLJYlQiWu8,2972
-Crypto/SelfTest/Protocol/test_rfc1751.py,sha256=LR3M9XLk_sxOyapPq32PEf93SUMwErFwwzlHNKhUazg,2208
-Crypto/SelfTest/PublicKey/__init__.py,sha256=LwAO13YrBCiPBG8n2EMD4pTH3JBvCJU5xEbWrkcFw5o,1842
-Crypto/SelfTest/PublicKey/__pycache__/__init__.cpython-38.pyc,,
-Crypto/SelfTest/PublicKey/__pycache__/test_DSA.cpython-38.pyc,,
-Crypto/SelfTest/PublicKey/__pycache__/test_ElGamal.cpython-38.pyc,,
-Crypto/SelfTest/PublicKey/__pycache__/test_RSA.cpython-38.pyc,,
-Crypto/SelfTest/PublicKey/__pycache__/test_importKey.cpython-38.pyc,,
-Crypto/SelfTest/PublicKey/test_DSA.py,sha256=bD0J8xd60_K0-V4AEpMGS5gxNpE-43KRDJWLhEKZNyg,9861
-Crypto/SelfTest/PublicKey/test_ElGamal.py,sha256=JrUGohyq8mtTfYFo6aBrPpliybGZ1sO3R9aHjr_j3qM,8511
-Crypto/SelfTest/PublicKey/test_RSA.py,sha256=uHLl_bNVYuWtvgG8vZiySj-s5hKb7BgbcfmzyQGVLRo,16563
-Crypto/SelfTest/PublicKey/test_importKey.py,sha256=yG4mHgEVlUBkYnsLkqw8MKPRzXLJ6i-oIy2A57k1NTw,14907
-Crypto/SelfTest/Random/Fortuna/__init__.py,sha256=0jEzcC4VxLRAnSroCV-xkteVlO9sW8c_2-nldKelw5g,1825
-Crypto/SelfTest/Random/Fortuna/__pycache__/__init__.cpython-38.pyc,,
-Crypto/SelfTest/Random/Fortuna/__pycache__/test_FortunaAccumulator.cpython-38.pyc,,
-Crypto/SelfTest/Random/Fortuna/__pycache__/test_FortunaGenerator.cpython-38.pyc,,
-Crypto/SelfTest/Random/Fortuna/__pycache__/test_SHAd256.cpython-38.pyc,,
-Crypto/SelfTest/Random/Fortuna/test_FortunaAccumulator.py,sha256=I0d-g7-rAKwJqMD4jMHo-DNLvv7j0_PPJU3z9Rci0xE,8655
-Crypto/SelfTest/Random/Fortuna/test_FortunaGenerator.py,sha256=aVxRxI7009xM0IjUt2gmF6ZiZJuZpWAXZELeYZWAezM,3506
-Crypto/SelfTest/Random/Fortuna/test_SHAd256.py,sha256=hCo1zmP1VE90tw1Xa5zNDhz42KY6Zf1A6yEMlIQR5R0,2419
-Crypto/SelfTest/Random/OSRNG/__init__.py,sha256=GHy35y5OsEdAve1otasx-d1P6UnAI9AcWM3pslNHIQQ,2082
-Crypto/SelfTest/Random/OSRNG/__pycache__/__init__.cpython-38.pyc,,
-Crypto/SelfTest/Random/OSRNG/__pycache__/test_fallback.cpython-38.pyc,,
-Crypto/SelfTest/Random/OSRNG/__pycache__/test_generic.cpython-38.pyc,,
-Crypto/SelfTest/Random/OSRNG/__pycache__/test_nt.cpython-38.pyc,,
-Crypto/SelfTest/Random/OSRNG/__pycache__/test_posix.cpython-38.pyc,,
-Crypto/SelfTest/Random/OSRNG/__pycache__/test_winrandom.cpython-38.pyc,,
-Crypto/SelfTest/Random/OSRNG/test_fallback.py,sha256=pReymeE8atbWeOiqmLu3M66K07ZyWaUhnTfMT1YI5kQ,1795
-Crypto/SelfTest/Random/OSRNG/test_generic.py,sha256=86QgZM4AcC_HMpXuyuvwOw2olhE4i--8dKDjXRA5_V8,1746
-Crypto/SelfTest/Random/OSRNG/test_nt.py,sha256=qpxL-Er7veLxAFHtgeqVVlpu7aGbKF3Wdt0xayfnYBQ,1764
-Crypto/SelfTest/Random/OSRNG/test_posix.py,sha256=5f52SxQg1dAPjcOPY0Gltlg5HpJkQqHKLJ9zlG3JKlY,1777
-Crypto/SelfTest/Random/OSRNG/test_winrandom.py,sha256=84h5E-vE6UBA55tBqk9m3q30jBXQzXswGE_RPEne5Vo,1777
-Crypto/SelfTest/Random/__init__.py,sha256=2lrY6di7ijeWWM9w4GX-XEepRuSY28aorzVz1X4K2_U,1973
-Crypto/SelfTest/Random/__pycache__/__init__.cpython-38.pyc,,
-Crypto/SelfTest/Random/__pycache__/test__UserFriendlyRNG.cpython-38.pyc,,
-Crypto/SelfTest/Random/__pycache__/test_random.cpython-38.pyc,,
-Crypto/SelfTest/Random/__pycache__/test_rpoolcompat.cpython-38.pyc,,
-Crypto/SelfTest/Random/test__UserFriendlyRNG.py,sha256=AIuP_vWn3skmVA9dxhfgYOLtMeVvdMPADcMFfTn2Lmo,5672
-Crypto/SelfTest/Random/test_random.py,sha256=BTA8EJQ2Q7DGyzoocXDOuPikskSM1xKkoEnAZsp50Ok,7129
-Crypto/SelfTest/Random/test_rpoolcompat.py,sha256=py3o_QmgRvX6tcvEp7Je6XnEBcVO_pOi-GXvgZmN85w,2030
-Crypto/SelfTest/Signature/__init__.py,sha256=FMHyPlOIGj67IkoPFun0UHpnc_1koKhfuQfw-mxhn44,1528
-Crypto/SelfTest/Signature/__pycache__/__init__.cpython-38.pyc,,
-Crypto/SelfTest/Signature/__pycache__/test_pkcs1_15.cpython-38.pyc,,
-Crypto/SelfTest/Signature/__pycache__/test_pkcs1_pss.cpython-38.pyc,,
-Crypto/SelfTest/Signature/test_pkcs1_15.py,sha256=_b-Mab4CdXRIALdB8cWGqFLqgILZAUScEtfiWViuGb8,9471
-Crypto/SelfTest/Signature/test_pkcs1_pss.py,sha256=4CFckbL8OvCNYQgyB8RLueT6yDT6OTqSD53yOQtc4B4,20565
-Crypto/SelfTest/Util/__init__.py,sha256=TdCWQ_hp0YSq6Dna6rsrYz-VJpBKBcEG9LzqKev-v9Y,1743
-Crypto/SelfTest/Util/__pycache__/__init__.cpython-38.pyc,,
-Crypto/SelfTest/Util/__pycache__/test_Counter.cpython-38.pyc,,
-Crypto/SelfTest/Util/__pycache__/test_asn1.cpython-38.pyc,,
-Crypto/SelfTest/Util/__pycache__/test_number.cpython-38.pyc,,
-Crypto/SelfTest/Util/__pycache__/test_winrandom.cpython-38.pyc,,
-Crypto/SelfTest/Util/test_Counter.py,sha256=WWliRgH8RVIIag6BpG0bSYjH4YL_0azSrEiRt-qgmT4,7087
-Crypto/SelfTest/Util/test_asn1.py,sha256=qRyogItInITbzbAftBJ9Mos1ZSbKjOUSRNfJP_4fVSk,10187
-Crypto/SelfTest/Util/test_number.py,sha256=BTet6CfyOh-3zIBAS8W-O1W4dpIzP6XvxdC9IExjhng,12862
-Crypto/SelfTest/Util/test_winrandom.py,sha256=HvBPZAjbk_1rQiq5ySHCPZQ46OFrXFo8EsCSZSWK40I,1772
-Crypto/SelfTest/__init__.py,sha256=M1NKM4hO2MmSQbI8KTagsloskp0OHJVlUEOTTaYPisQ,3412
-Crypto/SelfTest/__pycache__/__init__.cpython-38.pyc,,
-Crypto/SelfTest/__pycache__/st_common.cpython-38.pyc,,
-Crypto/SelfTest/st_common.py,sha256=qi1uOlmw06U32DD9tWGYZF9A3oA7PJfxWVbx4d8MxrE,2142
-Crypto/Signature/PKCS1_PSS.py,sha256=t6DUy5bgUp6guNII6rmRJRgxOFZa6Vd_foIfiRsA88U,12189
-Crypto/Signature/PKCS1_v1_5.py,sha256=4zF1UXx46uN43K7jRajJZFU8IprxYG4ualoGhES0dy8,8637
-Crypto/Signature/__init__.py,sha256=edI2zDF9wZnt2tGUMl-5QYwsHdspZTXsCot2ewsvyl0,1202
-Crypto/Signature/__pycache__/PKCS1_PSS.cpython-38.pyc,,
-Crypto/Signature/__pycache__/PKCS1_v1_5.cpython-38.pyc,,
-Crypto/Signature/__pycache__/__init__.cpython-38.pyc,,
-Crypto/Util/Counter.py,sha256=wjed6nTp3jmEWXfmYPpUCSjsPDoa6WmiUlvSXhSQvMw,5156
-Crypto/Util/RFC1751.py,sha256=pm9iilAnohlNOVFwowxXCbkWKUSFticbzxQlzdBGDvk,21208
-Crypto/Util/__init__.py,sha256=RygfvkDs72Jet2S2jN7zwtkWOSVTHsSVJ6RVBvp4ugs,1507
-Crypto/Util/__pycache__/Counter.cpython-38.pyc,,
-Crypto/Util/__pycache__/RFC1751.cpython-38.pyc,,
-Crypto/Util/__pycache__/__init__.cpython-38.pyc,,
-Crypto/Util/__pycache__/_number_new.cpython-38.pyc,,
-Crypto/Util/__pycache__/asn1.cpython-38.pyc,,
-Crypto/Util/__pycache__/number.cpython-38.pyc,,
-Crypto/Util/__pycache__/py3compat.cpython-38.pyc,,
-Crypto/Util/__pycache__/randpool.cpython-38.pyc,,
-Crypto/Util/__pycache__/winrandom.cpython-38.pyc,,
-Crypto/Util/_counter.cpython-38-x86_64-linux-gnu.so,sha256=-8wyPt4xwYdGeHnfTmzYJqjesu5UHvvZTdlEaa0QNzU,22856
-Crypto/Util/_number_new.py,sha256=DMlYTwTLefBEAMX139gjP9uDdvyamloCC0kc2oaNQYg,3976
-Crypto/Util/asn1.py,sha256=2eg7T1XMaNDo340pAq9BuO9Hp_1mYf5cWgkfFW97bGQ,12733
-Crypto/Util/number.py,sha256=P_MYzcU9oVwwJAjCQ_AAYmqPsTZrWf-G2j5TiHkdCts,95469
-Crypto/Util/py3compat.py,sha256=e-a4R1jOOvsNeb5CHqNPUhEKa-Qa0Ozwhyu4iwcbDFE,3908
-Crypto/Util/randpool.py,sha256=8qSQTg_aPf6RUHlCNZJQXQ5LZClvydNWaFqEDaG-FEE,2768
-Crypto/Util/strxor.cpython-38-x86_64-linux-gnu.so,sha256=xfCPtgkJehM3uVE4aEViOVeRF0jl4K42PgEI1iJ64ts,16784
-Crypto/Util/winrandom.py,sha256=IhpE9uIOdNmWXmjzSICrTKEVoP0XOxasaTi4m2afB5I,1196
-Crypto/__init__.py,sha256=Bi_KjWxdfCyFeRx_abV-wr3o89SsH7c9fEwx0oLgjiA,1992
-Crypto/__pycache__/__init__.cpython-38.pyc,,
-Crypto/__pycache__/pct_warnings.cpython-38.pyc,,
-Crypto/pct_warnings.py,sha256=Uc2DAGSs6rZGMssd2SNkLzpF-h0CwwH288Alv3SzCeM,2295
-pycrypto-2.6.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
-pycrypto-2.6.1.dist-info/METADATA,sha256=1l-9AVgkccANEeeXZ29e95C1BWovYM_VeUb1T4Lat0g,656
-pycrypto-2.6.1.dist-info/RECORD,,
-pycrypto-2.6.1.dist-info/WHEEL,sha256=TpFVeXF_cAlV118WSIPWtjqW7nPvzoOw-49FmS3fDKQ,103
-pycrypto-2.6.1.dist-info/top_level.txt,sha256=-W2wTtkxc1QnPUPRqBZ0bMwrhD8xRD13HIobFX-wDOs,7
diff --git a/frozen_deps/pycrypto-2.6.1.dist-info/WHEEL b/frozen_deps/pycrypto-2.6.1.dist-info/WHEEL deleted file mode 100644 index d193dea..0000000 --- a/frozen_deps/pycrypto-2.6.1.dist-info/WHEEL +++ /dev/null @@ -1,5 +0,0 @@ -Wheel-Version: 1.0 -Generator: bdist_wheel (0.34.2) -Root-Is-Purelib: false -Tag: cp38-cp38-linux_x86_64 - diff --git a/frozen_deps/pycrypto-2.6.1.dist-info/top_level.txt b/frozen_deps/pycrypto-2.6.1.dist-info/top_level.txt deleted file mode 100644 index e6645e7..0000000 --- a/frozen_deps/pycrypto-2.6.1.dist-info/top_level.txt +++ /dev/null @@ -1 +0,0 @@ -Crypto diff --git a/frozen_deps/pycryptodomex-3.9.9.dist-info/AUTHORS.rst b/frozen_deps/pycryptodomex-3.9.9.dist-info/AUTHORS.rst new file mode 100644 index 0000000..bdafc82 --- /dev/null +++ b/frozen_deps/pycryptodomex-3.9.9.dist-info/AUTHORS.rst @@ -0,0 +1,49 @@ +Simon Arneaud +Nevins Bartolomeo +Thorsten E. Behrens +Tim Berners-Lee +Frédéric Bertolus +Ian Bicking +Joris Bontje +Antoon Bosselaers +Andrea Bottoni +Jean-Paul Calderone +Sergey Chernov +Geremy Condra +Jan Dittberner +Andrew Eland +Philippe Frycia +Peter Gutmann +Hirendra Hindocha +Nikhil Jhingan +Sebastian Kayser +Ryan Kelly +Andrew M. Kuchling +Piers Lauder +Legrandin +M.-A. Lemburg +Wim Lewis +Darsey C. Litzenberger +Richard Mitchell +Mark Moraes +Lim Chee Siang +Bryan Olson +Wallace Owen +Colin Plumb +Robey Pointer +Lorenz Quack +Sebastian Ramacher +Jeethu Rao +James P. Rutledge +Matt Schreiner +Peter Simmons +Janne Snabb +Tom St. Denis +Anders Sundman +Paul Swartz +Fabrizio Tarizzo +Kevin M. Turner +Barry A. Warsaw +Eric Young +Hannes van Niekerk +Stefan Seering diff --git a/frozen_deps/pycrypto-2.6.1.dist-info/INSTALLER b/frozen_deps/pycryptodomex-3.9.9.dist-info/INSTALLER index a1b589e..a1b589e 100644 --- a/frozen_deps/pycrypto-2.6.1.dist-info/INSTALLER +++ b/frozen_deps/pycryptodomex-3.9.9.dist-info/INSTALLER diff --git a/frozen_deps/pycryptodomex-3.9.9.dist-info/LICENSE.rst b/frozen_deps/pycryptodomex-3.9.9.dist-info/LICENSE.rst new file mode 100644 index 0000000..23f8f33 --- /dev/null +++ b/frozen_deps/pycryptodomex-3.9.9.dist-info/LICENSE.rst @@ -0,0 +1,274 @@ +The source code in PyCryptodome is partially in the public domain +and partially released under the BSD 2-Clause license. + +In either case, there are minimal if no restrictions on the redistribution, +modification and usage of the software. + +Public domain +============= + +All code originating from PyCrypto is free and unencumbered software +released into the public domain. + +Anyone is free to copy, modify, publish, use, compile, sell, or +distribute this software, either in source code form or as a compiled +binary, for any purpose, commercial or non-commercial, and by any +means. + +In jurisdictions that recognize copyright laws, the author or authors +of this software dedicate any and all copyright interest in the +software to the public domain. We make this dedication for the benefit +of the public at large and to the detriment of our heirs and +successors. We intend this dedication to be an overt act of +relinquishment in perpetuity of all present and future rights to this +software under copyright law. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +For more information, please refer to <http://unlicense.org> + +BSD license +=========== + +All direct contributions to PyCryptodome are released under the following +license. The copyright of each piece belongs to the respective author. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +OCB license +=========== + +The OCB cipher mode is patented in the US under patent numbers 7,949,129 and +8,321,675. The directory Doc/ocb contains three free licenses for implementors +and users. As a general statement, OCB can be freely used for software not meant +for military purposes. Contact your attorney for further information. + +Apache 2.0 license (Wycheproof) +=============================== + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/frozen_deps/pycryptodomex-3.9.9.dist-info/METADATA b/frozen_deps/pycryptodomex-3.9.9.dist-info/METADATA new file mode 100644 index 0000000..c519e01 --- /dev/null +++ b/frozen_deps/pycryptodomex-3.9.9.dist-info/METADATA @@ -0,0 +1,84 @@ +Metadata-Version: 2.1 +Name: pycryptodomex +Version: 3.9.9 +Summary: Cryptographic library for Python +Home-page: https://www.pycryptodome.org +Author: Helder Eijs +Author-email: [email protected] +License: BSD, Public Domain, Apache +Project-URL: Source, https://github.com/Legrandin/pycryptodome/ +Platform: Posix; MacOS X; Windows +Classifier: Development Status :: 5 - Production/Stable +Classifier: License :: OSI Approved :: BSD License +Classifier: License :: OSI Approved :: Apache Software License +Classifier: License :: Public Domain +Classifier: Intended Audience :: Developers +Classifier: Operating System :: Unix +Classifier: Operating System :: Microsoft :: Windows +Classifier: Operating System :: MacOS :: MacOS X +Classifier: Topic :: Security :: Cryptography +Classifier: Programming Language :: Python :: 2 +Classifier: Programming Language :: Python :: 2.6 +Classifier: Programming Language :: Python :: 2.7 +Classifier: Programming Language :: Python :: 3 +Classifier: Programming Language :: Python :: 3.4 +Classifier: Programming Language :: Python :: 3.5 +Classifier: Programming Language :: Python :: 3.6 +Classifier: Programming Language :: Python :: 3.7 +Classifier: Programming Language :: Python :: 3.8 +Requires-Python: >=2.6, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.* + + +PyCryptodome +============ + +PyCryptodome is a self-contained Python package of low-level +cryptographic primitives. + +It supports Python 2.6 and 2.7, Python 3.4 and newer, and PyPy. + +You can install it with:: + + pip install pycryptodomex + +All modules are installed under the ``Cryptodome`` package. + +Check the pycryptodome_ project for the equivalent library that +works under the ``Crypto`` package. + +PyCryptodome is a fork of PyCrypto. It brings several enhancements +with respect to the last official version of PyCrypto (2.6.1), +for instance: + +* Authenticated encryption modes (GCM, CCM, EAX, SIV, OCB) +* Accelerated AES on Intel platforms via AES-NI +* First class support for PyPy +* Elliptic curves cryptography (NIST P-256, P-384 and P-521 curves only) +* Better and more compact API (`nonce` and `iv` attributes for ciphers, + automatic generation of random nonces and IVs, simplified CTR cipher mode, + and more) +* SHA-3 (including SHAKE XOFs) and BLAKE2 hash algorithms +* Salsa20 and ChaCha20 stream ciphers +* scrypt and HKDF +* Deterministic (EC)DSA +* Password-protected PKCS#8 key containers +* Shamir's Secret Sharing scheme +* Random numbers get sourced directly from the OS (and not from a CSPRNG in userspace) +* Simplified install process, including better support for Windows +* Cleaner RSA and DSA key generation (largely based on FIPS 186-4) +* Major clean ups and simplification of the code base + +PyCryptodome is not a wrapper to a separate C library like *OpenSSL*. +To the largest possible extent, algorithms are implemented in pure Python. +Only the pieces that are extremely critical to performance (e.g. block ciphers) +are implemented as C extensions. + +For more information, see the `homepage`_. + +All the code can be downloaded from `GitHub`_. + +.. _pycryptodome: https://pypi.python.org/pypi/pycryptodome +.. _`homepage`: http://www.pycryptodome.org +.. _GitHub: https://github.com/Legrandin/pycryptodome + + diff --git a/frozen_deps/pycryptodomex-3.9.9.dist-info/RECORD b/frozen_deps/pycryptodomex-3.9.9.dist-info/RECORD new file mode 100644 index 0000000..6cea692 --- /dev/null +++ b/frozen_deps/pycryptodomex-3.9.9.dist-info/RECORD @@ -0,0 +1,794 @@ +Cryptodome/Cipher/AES.py,sha256=fbD_h8DbAF4NsFKrbhKz5sMFnqKYUza0XqT4k9f1SpE,9569
+Cryptodome/Cipher/AES.pyi,sha256=3ahEn43wmFv37xdmnlibzjWOmRAgSSeiFToFMIoLVUk,1387
+Cryptodome/Cipher/ARC2.py,sha256=NwO42KWBpuTXS5Thx0gsDRmxyrvfiudx7PKed1KR0CI,7026
+Cryptodome/Cipher/ARC2.pyi,sha256=zgMfUY35w1AuEi0apkFuHo_NQOfzsCxuZ9gN1s3oAhg,982
+Cryptodome/Cipher/ARC4.py,sha256=x_8L_KA_pDkoeIOSCQZyVPwhD3na4-xShkPkeNRka58,5168
+Cryptodome/Cipher/ARC4.pyi,sha256=sMw73yZHeonmGx9BhiyA7__4PQJocU04SMRcDjnyJ2Y,431
+Cryptodome/Cipher/Blowfish.py,sha256=K5hF6nb2r8FsHhgLX2irdyUMqg4PCwrAgu68NNhU1ag,5976
+Cryptodome/Cipher/Blowfish.pyi,sha256=kDooazMxY1973SMtPuhNJ9f68PS4cNWynyYa7CoWC48,1018
+Cryptodome/Cipher/CAST.py,sha256=3XDjtVBsia2kPvducB19_FEc3zM7hSK8JKKmK-b8cvU,6087
+Cryptodome/Cipher/CAST.pyi,sha256=XgVk9wOv_V77LbQmm24O2R-PDss8JiHfw11karavKCI,983
+Cryptodome/Cipher/ChaCha20.py,sha256=u7YX0kO9MBwV7Ibt_Dbyz_pHq-TG5POxoRnNOGy9ZPs,10754
+Cryptodome/Cipher/ChaCha20.pyi,sha256=_l1xhtOyBmYEHP7Ftmk8EQZpKegX9p3N5tckC_PPve0,762
+Cryptodome/Cipher/ChaCha20_Poly1305.py,sha256=W0tOmBkoNzfwtwgPG9Tw0dUm3sZ8IVhnehTbAc2jRt4,11561
+Cryptodome/Cipher/ChaCha20_Poly1305.pyi,sha256=h1U5ixODzM9NwLpX9oaIJdeQ0ubYeDeY9m6ur05dKCc,1068
+Cryptodome/Cipher/DES.py,sha256=ebgHOqNGjCYlIoFh3W5KXY17aQnvckjhQC9TPEKqPuY,5963
+Cryptodome/Cipher/DES.pyi,sha256=thNZATxZ0Q-vOh_V7QVZu6J_ESvr9mcA67WlQV_nP1A,963
+Cryptodome/Cipher/DES3.py,sha256=qmIagOLhMGG221sC7BAH9xe5lnxk2iyilbeYoC3it4c,6941
+Cryptodome/Cipher/DES3.pyi,sha256=arv4Uhv7lSgAL36B_Vx5DL-s_18Kc9_TejNxftMp4H4,1033
+Cryptodome/Cipher/PKCS1_OAEP.py,sha256=GtxJWWSmK5PCIc1xFZDkMucGmPrioWBRB3M3T_VeVDY,8880
+Cryptodome/Cipher/PKCS1_OAEP.pyi,sha256=XRZ5_0v8w2LUYD04Gz3Ekey9PxYBZJnUl-0rVv2q_gY,1183
+Cryptodome/Cipher/PKCS1_v1_5.py,sha256=IeTKcgsUJSYzct2EzvL0cPg4d2F7SjUMGjTQ4HjxnUc,7979
+Cryptodome/Cipher/PKCS1_v1_5.pyi,sha256=XzzxTLrPfBUqROLd-hhDua4w6YrzI7xjLmHrQN__Xck,571
+Cryptodome/Cipher/Salsa20.py,sha256=SuzaYhBc_Q7voODDmQ2rCzILndPpmF1n6qitDMmk7no,6369
+Cryptodome/Cipher/Salsa20.pyi,sha256=4vjq_HN8NK7U9VdaaHIgs17-fyW8SRPDZaHy3jKVkto,744
+Cryptodome/Cipher/_ARC4.cpython-38-x86_64-linux-gnu.so,sha256=bFvUKemyW2bXoEsC2HdV35dgQgtR8S7m6eLRNhAXSi4,14354
+Cryptodome/Cipher/_EKSBlowfish.py,sha256=fi6TEeN0bXcznFkyLzsaoLxNmu9iPT-Tmp3CLvJsE0A,5217
+Cryptodome/Cipher/_EKSBlowfish.pyi,sha256=6JhAXsSVbJMYlcudpNwSNEDB9X5NjhfRGPzZvcOc_As,270
+Cryptodome/Cipher/_Salsa20.cpython-38-x86_64-linux-gnu.so,sha256=LyVUPFhUIQoJx0QaXx0FkwZC0nmZGILsrE3uoTXsIw0,21734
+Cryptodome/Cipher/__init__.py,sha256=Cdau3A_ZsmqOFM8yK4Q2C_hFeV2xjd9_fU812_ferXM,2888
+Cryptodome/Cipher/__init__.pyi,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+Cryptodome/Cipher/__pycache__/AES.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/ARC2.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/ARC4.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/Blowfish.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/CAST.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/ChaCha20.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/ChaCha20_Poly1305.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/DES.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/DES3.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/PKCS1_OAEP.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/PKCS1_v1_5.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/Salsa20.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/_EKSBlowfish.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/_mode_cbc.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/_mode_ccm.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/_mode_cfb.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/_mode_ctr.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/_mode_eax.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/_mode_ecb.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/_mode_gcm.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/_mode_ocb.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/_mode_ofb.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/_mode_openpgp.cpython-38.pyc,,
+Cryptodome/Cipher/__pycache__/_mode_siv.cpython-38.pyc,,
+Cryptodome/Cipher/_chacha20.cpython-38-x86_64-linux-gnu.so,sha256=xCnihlEf-dEc4-Zq5sOpUBcuHEcYfhw58nJLvkt_n_o,25741
+Cryptodome/Cipher/_mode_cbc.py,sha256=cDaa-zgNIbosLHJhwsDtt7YOTE-jzRUi4ODfj95SBsM,10971
+Cryptodome/Cipher/_mode_cbc.pyi,sha256=qH5pEQNuefabeRV-Xz-6AA953MFd_Z20zGeBTwa6t0s,691
+Cryptodome/Cipher/_mode_ccm.py,sha256=zqq91jARvmdPXs58u0uCP-D8ctzsg65Lf8nW9VQYezs,24476
+Cryptodome/Cipher/_mode_ccm.pyi,sha256=ZSs4SOlivIG_JUxknDjQKs4ZYGmkwAO7K2DKcbz_14M,1600
+Cryptodome/Cipher/_mode_cfb.py,sha256=lfIeHxJmyqmBWk84d4z9030OooTSBX1gfaVIaRqIPyE,10821
+Cryptodome/Cipher/_mode_cfb.pyi,sha256=PM0slBBfWdA4Ec0JjM-OJheiZkCFPWAADvLsvKpDRCY,731
+Cryptodome/Cipher/_mode_ctr.py,sha256=PFiqbWjboWaeLv0M0GnE4o8_vv6h7Aedv5cNq51VNlU,15920
+Cryptodome/Cipher/_mode_ctr.pyi,sha256=UcZ1zOZlVnTSlka9R1yFo7kaDhreiLKCe7AU05AcAuI,804
+Cryptodome/Cipher/_mode_eax.py,sha256=XXOc-GKbZ2hRagr5I5FihKWaGh8hXP1Si2kY3D85-ls,14543
+Cryptodome/Cipher/_mode_eax.pyi,sha256=VHPtTdA-2btCvRE-4npRtGCrApg7rBNWpHSZV1po8J0,1545
+Cryptodome/Cipher/_mode_ecb.py,sha256=h81F3mNQc08dVr__iP3_41ixeul00OsDw9mCI_Bh7I8,8222
+Cryptodome/Cipher/_mode_ecb.pyi,sha256=PgzUPsVY2DRM72wM-h74vCiceNF_yeaBxOA6bt_ZfmA,596
+Cryptodome/Cipher/_mode_gcm.py,sha256=oAOWTQ1qynOv7BfuueXokEF1TghERzKOXEgHKMj50wg,21402
+Cryptodome/Cipher/_mode_gcm.pyi,sha256=5t72QHQS0gDq6wtzYfaVqTxmjBzpUvsQvDaP2DqNvLE,1541
+Cryptodome/Cipher/_mode_ocb.py,sha256=QeHiPunUGWKt4iG8A50xgWV9b3C7qW0uwJPRcta5bC8,19838
+Cryptodome/Cipher/_mode_ocb.pyi,sha256=SXMUa1s1dY-272lktxSOtyOoqLdtPvfNkRXqmXjBE4o,1231
+Cryptodome/Cipher/_mode_ofb.py,sha256=sXdbumASGN-K7ps89z7c-knnMnnYtuO97X7y-VYZvyA,10301
+Cryptodome/Cipher/_mode_ofb.pyi,sha256=mPIZ2e_X-URk-8LBNiZyacfcS3Ei1vgT8YlhyI-0C8k,695
+Cryptodome/Cipher/_mode_openpgp.py,sha256=whIc90qioqxMiL2RCys5-XwfDntDneVYJx4Br6X3zD4,7061
+Cryptodome/Cipher/_mode_openpgp.pyi,sha256=FoLrFqnvxJf0F_npHOgPURfUyGSt6DxyIp2ikoXi-CI,556
+Cryptodome/Cipher/_mode_siv.py,sha256=nRqGJBjqxmKikUpVBLgMN3TGwg2f3boCNtUtGcn9uEU,14094
+Cryptodome/Cipher/_mode_siv.pyi,sha256=syb3kXnyuhoQV6FXvozIjudWCQBCadOb1I2BuV-6Ai0,1261
+Cryptodome/Cipher/_raw_aes.cpython-38-x86_64-linux-gnu.so,sha256=XItknsf2UUYW6JTafj9EiURNPq87iPbpU7MZsxstgvM,54112
+Cryptodome/Cipher/_raw_aesni.cpython-38-x86_64-linux-gnu.so,sha256=9SThqIhzfGdPQ_KGthp7Zf6_HwJ37LKk69bXn1miAlI,52331
+Cryptodome/Cipher/_raw_arc2.cpython-38-x86_64-linux-gnu.so,sha256=P_bLzcdq-ErD_QIP554zqCsKh5T4j6tag0Nr8B-9TOQ,18917
+Cryptodome/Cipher/_raw_blowfish.cpython-38-x86_64-linux-gnu.so,sha256=qpJcyzPSThz-wLRFqvzllniT56b7srYSSJVXFpVpxI8,26938
+Cryptodome/Cipher/_raw_cast.cpython-38-x86_64-linux-gnu.so,sha256=GKXmI8Brnf70GZO4Ewcsfaod5W7C4lGOomlHD8AxoD0,44422
+Cryptodome/Cipher/_raw_cbc.cpython-38-x86_64-linux-gnu.so,sha256=djug00p4Co5fTF90S4DloDEmnOHx94K0aFE57DCb1n0,17215
+Cryptodome/Cipher/_raw_cfb.cpython-38-x86_64-linux-gnu.so,sha256=IH-UyapBP38NwDAGVlG7zU1aVaYG05NFGRp_8z9ZYCQ,22696
+Cryptodome/Cipher/_raw_ctr.cpython-38-x86_64-linux-gnu.so,sha256=MBDwyhkt0HsQFCGnyb-aD5y_YRn78gY02Eik1Dite44,23249
+Cryptodome/Cipher/_raw_des.cpython-38-x86_64-linux-gnu.so,sha256=8RP468xPFfr5eTZHWvuAuft4MIk-BGQ61u4h82b6nZw,62525
+Cryptodome/Cipher/_raw_des3.cpython-38-x86_64-linux-gnu.so,sha256=gVRpZJLUtQJ2FZypbVn-v4vFi6JLT1nQsiERbLT4xK0,63370
+Cryptodome/Cipher/_raw_ecb.cpython-38-x86_64-linux-gnu.so,sha256=DWruIGvT5Yibn7gNdmoCf05Ug03nRkmtSZI5WlG2MRE,10893
+Cryptodome/Cipher/_raw_eksblowfish.cpython-38-x86_64-linux-gnu.so,sha256=0P3HCyU6I1CQoQpqIH37qOVpTzvzAIkglPiM7SpDHyc,58926
+Cryptodome/Cipher/_raw_ocb.cpython-38-x86_64-linux-gnu.so,sha256=SGNBSgyJzNmKRDzt_qxUvQxxwAPRpRTS_HRjqZLv1_8,30281
+Cryptodome/Cipher/_raw_ofb.cpython-38-x86_64-linux-gnu.so,sha256=YjayUPJO7GrvYEn_zHCyA87uDH4hlIvr8XwLX8qiqbE,14743
+Cryptodome/Hash/BLAKE2b.py,sha256=WEV8u2cm18T_j9BwjCDPaSJ6AappqpwO1u7mHG6Sgnk,9440
+Cryptodome/Hash/BLAKE2b.pyi,sha256=9FsubGLHkCf6aPA5xZGVSop8WY4yLCWi3Vq53cGiSNo,877
+Cryptodome/Hash/BLAKE2s.py,sha256=uBxYbWDZleCmsOvSEmVRXPywTS2TM-qq3oyN4FJp68c,9446
+Cryptodome/Hash/BLAKE2s.pyi,sha256=9jsL4jLQq5_Mb8WM99LPurH1D-FL-gLAeZyBf8QiWt0,739
+Cryptodome/Hash/CMAC.py,sha256=06Hyo7r7XAgklKXWp7tttTiZFqKRTGINigxkEgWh6WY,10448
+Cryptodome/Hash/CMAC.pyi,sha256=8gybenApjooarPbVIWZohcOruj0tMyZuW5gJvrK_Vag,797
+Cryptodome/Hash/HMAC.py,sha256=pp450gCQNmw4vUfrQAJyDZ_h1ovwd-8wLvoyqd9t5hU,7062
+Cryptodome/Hash/HMAC.pyi,sha256=fAyHBEf5Ee6LoiYYTZ9PZpmIRvitU6OriKGfjFUM_4c,624
+Cryptodome/Hash/MD2.py,sha256=mfucNRXYIj8iOXGKEXGN4TIwyHHhIglb2ScSowyg5tc,6123
+Cryptodome/Hash/MD2.pyi,sha256=wa7GSYUpzL27so4YgiJEZo0dO201KyHK87Q20Pvm-bM,492
+Cryptodome/Hash/MD4.py,sha256=FSGY7k8rYayR6PE0hNpICRTa1uNiISVxixIpaC28zzg,6598
+Cryptodome/Hash/MD4.pyi,sha256=7ZtZQEgJCwIswneb0NBov_uL0_Toglh9EPMnLVFGqwo,532
+Cryptodome/Hash/MD5.py,sha256=Cd5wtZ4OBW-O7tvebvObsay_jI6tRtoUfIfkbE0aqMQ,6630
+Cryptodome/Hash/MD5.pyi,sha256=c4MCJHvYTi2YL4hmqEu9ivbSvkBJdR-S2ldUqEpzK8s,492
+Cryptodome/Hash/Poly1305.py,sha256=xESe_sBaJg7jBJE88_S3jWU0uIu8l18NaQjmol_uIeA,8106
+Cryptodome/Hash/Poly1305.pyi,sha256=TSGottirLPIRyivSjZucQB7aPaYfhrUkn8oot6OrmmU,665
+Cryptodome/Hash/RIPEMD.py,sha256=0oRaGuKcTUVTfBZXZm5NZLQAvyPbAhjBpgzN5Kf2a6g,1211
+Cryptodome/Hash/RIPEMD.pyi,sha256=-DzZk9OtiAZE-E2_PCyFz4pHQ3RouoLlUo3Neabf3Sc,98
+Cryptodome/Hash/RIPEMD160.py,sha256=GYDiBSw_D7SCOPA80i3l3mjZsPvmmhZSVVENKwkUs_k,6410
+Cryptodome/Hash/RIPEMD160.pyi,sha256=RQ9yXxjH1BSaU3mwhsCn9-67C0a_Bcv3MDdafQCiuPs,516
+Cryptodome/Hash/SHA.py,sha256=1-O3GFKbm1ht2jV7M9pdKu6GpACsCSnARPHllFcFTAo,1156
+Cryptodome/Hash/SHA.pyi,sha256=RJHp4vuV_19StgE4qxlnIfDltgFjx-L9q6H0tjh-Rk0,169
+Cryptodome/Hash/SHA1.py,sha256=oyz9PdGgaVa90S6O1NPhe7OPq7AvDbJIsH6pICDpTN4,6702
+Cryptodome/Hash/SHA1.pyi,sha256=vNtB_b4MytJq8Io1xufdOO6VL-nMBcCnDPIgJQuNPCM,536
+Cryptodome/Hash/SHA224.py,sha256=RQ3ECOkVJsnh2a5fCPL7Aienpi22lcpsuRNUypkWfBs,6913
+Cryptodome/Hash/SHA224.pyi,sha256=8RsbyIwIfO8Fc_fpWw1MnFw04Z4n-qL0G01qCQZwvx8,544
+Cryptodome/Hash/SHA256.py,sha256=2fhVNPGKrifj49B0ExaxrMCubtDTcQiHarrzN0JPVUA,6909
+Cryptodome/Hash/SHA256.pyi,sha256=zndNEjv6DZOWaOpuoUKsA2hTi2J7-oJFgOQ10sSRnXE,612
+Cryptodome/Hash/SHA384.py,sha256=aDu5NdDbICyrSt2sj0N4fIWwGurEu08WYB5mMiqfW7g,6911
+Cryptodome/Hash/SHA384.pyi,sha256=KIWbD-lBbd7lvWgFquIqUAMaisovey0HV0Nmmq-pvOY,544
+Cryptodome/Hash/SHA3_224.py,sha256=eoXfnjBCNjCD8nNxE8-S4vR7XJZBY11Xf6Lk__fNzU8,5302
+Cryptodome/Hash/SHA3_224.pyi,sha256=Dv2Xk6o9Sm1kcUMeo8sbuuP32HqQhEo_dV9p8yAyc0k,504
+Cryptodome/Hash/SHA3_256.py,sha256=z9IiiZvVV_J3Fpbl8c7-mjDMB_q-5Hrdx1tZpNxLy4A,5302
+Cryptodome/Hash/SHA3_256.pyi,sha256=MLvrZYxvRJ0l9TiGq2axjs66_13px5XlUx_lugQTVxM,504
+Cryptodome/Hash/SHA3_384.py,sha256=dGiHZHjbeU-Ul7zjQnpGfQebLWjixnVAtK_kPMNxIFY,5302
+Cryptodome/Hash/SHA3_384.pyi,sha256=pciFn3aMYw23Y3MZhAbf-cqXuyHIlI27qAmDo-6VtJY,504
+Cryptodome/Hash/SHA3_512.py,sha256=etHVIzMn11RfjalnGPGHqE3G_7iXxwffrh3Gh7ja5fo,5304
+Cryptodome/Hash/SHA3_512.pyi,sha256=HxxfMXlsnZ42ZQ_2YxWZU7aBdGhDPEtAT4EIF77kRzU,504
+Cryptodome/Hash/SHA512.py,sha256=rmSnd1Rka2NCImO0e-suLbzAF9EEXrY1ipnnS8RlG-Q,7732
+Cryptodome/Hash/SHA512.pyi,sha256=VfMzHx-0U4efCyZCrgs_aOz17W8t0ZHL_3uR8zaYzCU,622
+Cryptodome/Hash/SHAKE128.py,sha256=wNVbtzVBie6jczEfjiGjtRflEPEeYWji8CgHK5oak5c,4656
+Cryptodome/Hash/SHAKE128.pyi,sha256=wLhV8lh8YYWzi7PkhAB3_JQn_hOZNvkiZYg-JjiPpfs,437
+Cryptodome/Hash/SHAKE256.py,sha256=dBCwFGVqbythJH6Zy7tGVgtZKo5WCXFP9LVZICEvHjg,4656
+Cryptodome/Hash/SHAKE256.pyi,sha256=9Uq_FaeYwDx_6dLv331Wv1snnGxA2UhFcUdELHkwU9U,437
+Cryptodome/Hash/_BLAKE2b.cpython-38-x86_64-linux-gnu.so,sha256=TszE3R0aDpiryAo6AYj6sOyeUCuOV1O_qoWGSxUIOW8,20015
+Cryptodome/Hash/_BLAKE2s.cpython-38-x86_64-linux-gnu.so,sha256=5IuREhBw3LMMax7ws8i3xNwUf9hRhiviNgYsqu1JMFY,20807
+Cryptodome/Hash/_MD2.cpython-38-x86_64-linux-gnu.so,sha256=6JKEXGjwn3jffmux4Syh3LY1gY1vjCF-pa2OE8dHyJE,16919
+Cryptodome/Hash/_MD4.cpython-38-x86_64-linux-gnu.so,sha256=J-t1w8Jf51EpWYC7DUJk22uBCVgdVl1yFgTntYg9Piw,19072
+Cryptodome/Hash/_MD5.cpython-38-x86_64-linux-gnu.so,sha256=-wohxwVJRlUgJoJgtrJdRs0DCtjT67AYObjbtcRjhqc,25434
+Cryptodome/Hash/_RIPEMD160.cpython-38-x86_64-linux-gnu.so,sha256=Xa2c7tVD_7Qn-Zqx5RoWhad9uXkwvtQDFkzGCQNt6cs,27226
+Cryptodome/Hash/_SHA1.cpython-38-x86_64-linux-gnu.so,sha256=xTMo-GOZ7R3XAGVtwYHh3eInH66rJE0erLkToaI24uY,84273
+Cryptodome/Hash/_SHA224.cpython-38-x86_64-linux-gnu.so,sha256=QrWYibmzohwXUyqhfrb7Eb62f0oMXEKAV7NCO-s7uUc,35822
+Cryptodome/Hash/_SHA256.cpython-38-x86_64-linux-gnu.so,sha256=GZg9EMGcEzxNzFddlDMUKih4zZJ8nEwpnWo4gfOk2io,35806
+Cryptodome/Hash/_SHA384.cpython-38-x86_64-linux-gnu.so,sha256=uAbYxVoN7kiMPGtm89lzSomGqeexJ1Vt91JaJCpMUWU,41869
+Cryptodome/Hash/_SHA512.cpython-38-x86_64-linux-gnu.so,sha256=ED19YH2nMlNTNGT5DyWRW1fD3R0ItQMY3qRDEckqtGM,41967
+Cryptodome/Hash/__init__.py,sha256=jxsjQHZzCkphA6DkKfV200k5U6ipBEXf2YI__PQua7s,1119
+Cryptodome/Hash/__init__.pyi,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+Cryptodome/Hash/__pycache__/BLAKE2b.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/BLAKE2s.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/CMAC.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/HMAC.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/MD2.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/MD4.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/MD5.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/Poly1305.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/RIPEMD.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/RIPEMD160.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/SHA.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/SHA1.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/SHA224.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/SHA256.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/SHA384.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/SHA3_224.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/SHA3_256.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/SHA3_384.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/SHA3_512.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/SHA512.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/SHAKE128.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/SHAKE256.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/Hash/__pycache__/keccak.cpython-38.pyc,,
+Cryptodome/Hash/_ghash_clmul.cpython-38-x86_64-linux-gnu.so,sha256=jlP-qmQqsu7X0ujoJgm6Jrr7Fm56k4gx3f7I6QMmB00,34203
+Cryptodome/Hash/_ghash_portable.cpython-38-x86_64-linux-gnu.so,sha256=GOThQjY5Ahc4_kVcRAXMWzFKMf1uiKkbqbj_6DZ2dzs,18711
+Cryptodome/Hash/_keccak.cpython-38-x86_64-linux-gnu.so,sha256=F9ha1YMuXWPL9-HEhfyOOuGY6GOkoIyjHSxIh37h9Ig,26749
+Cryptodome/Hash/_poly1305.cpython-38-x86_64-linux-gnu.so,sha256=M0HF762RLGF4PmslwV16dqAp2p8jhLAnhEKg3F7qF0w,25921
+Cryptodome/Hash/keccak.py,sha256=a6uqDYaAveDMk73ZAK4q2D1GkzHyEmnOgE91Fi5BnsA,7118
+Cryptodome/Hash/keccak.pyi,sha256=pXAZaNfayZCXMxB7IDFr2F8Hi06_hwFB3GXjNzY7sBM,741
+Cryptodome/IO/PEM.py,sha256=TPPdUiCHLEauwRAIZ1Y0uxtIGzz5Vz5eF5EZsP3dGRc,6972
+Cryptodome/IO/PEM.pyi,sha256=a1G07RQtZvEtXHlybxdDcoTPM3nqMbdONNjzcz5HGtE,303
+Cryptodome/IO/PKCS8.py,sha256=z-WihBqgcebhhkkK6jcuXE3-4i34RCXJlqefF3qaOg0,8711
+Cryptodome/IO/PKCS8.pyi,sha256=VxlDc05DEKa1DJ6lGPMbyuFC8XHTjm-pvviw90phLpU,474
+Cryptodome/IO/_PBES.py,sha256=ZAoljR3_saaEGvNmv1Zjkcp-Up925t6lH0GHbPAzZP4,16352
+Cryptodome/IO/_PBES.pyi,sha256=QWJLbYh7ywy2wlRWnbUQG_hqlv6zfobF5o6FKh7reWA,489
+Cryptodome/IO/__init__.py,sha256=QUvnoDWlmuOGEjxXh_uXHMoSmoPi_nSeh-Et7MSofeg,1540
+Cryptodome/IO/__pycache__/PEM.cpython-38.pyc,,
+Cryptodome/IO/__pycache__/PKCS8.cpython-38.pyc,,
+Cryptodome/IO/__pycache__/_PBES.cpython-38.pyc,,
+Cryptodome/IO/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/Math/Numbers.py,sha256=2fQR0NxDh4r8rxGGrIahadGXQ5ssQb2nNPuhC1O9S0Q,2042
+Cryptodome/Math/Numbers.pyi,sha256=DBEdhel2f5i097pHa5ZTccxyGf0rKfhXtJP4GiNbP_Q,88
+Cryptodome/Math/Primality.py,sha256=dElcPU2SbxTu3E5IGj_S18W4tEXMkI0AJNEz8Xd8f54,11352
+Cryptodome/Math/Primality.pyi,sha256=iXAY0gUmciIS_FvH5VJwhQfK-0tDmaH2vcDLHHFyxIE,823
+Cryptodome/Math/_IntegerBase.py,sha256=4fofn-eRAi5h_RTX4w44_fh-S_r36GISV2nbLtjUJ5w,10486
+Cryptodome/Math/_IntegerBase.pyi,sha256=8robOel28h7YCFIOEWhW-DtJE1GLzdowmDkWyUaWQR8,3417
+Cryptodome/Math/_IntegerCustom.py,sha256=viV3iZBDGkLLqsfBgY0ebmaAyXjTRdEKaMc5fi_J6x8,4016
+Cryptodome/Math/_IntegerCustom.pyi,sha256=s9UZigBEgUvHS4IOdt8jXhsZ33O9j19p7lieob1R-EY,135
+Cryptodome/Math/_IntegerGMP.py,sha256=kWG3VAWTzO1lJO0cpS5rk0Vb3ldplAHNpF3yu4ry69c,25317
+Cryptodome/Math/_IntegerGMP.pyi,sha256=UcJOGMYT1d-G0PjbC5ByShFl5oyorFR8h38fFt0uY9s,78
+Cryptodome/Math/_IntegerNative.py,sha256=j-v3xELayy7C0lOgOlDR4hyUDHc0TzUIguUBh1tJDn8,11076
+Cryptodome/Math/_IntegerNative.pyi,sha256=pZaN1xXnB8u7VfrMgp6jqi_jCaJ4x4t0Ecs7qZ_2x-4,81
+Cryptodome/Math/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+Cryptodome/Math/__pycache__/Numbers.cpython-38.pyc,,
+Cryptodome/Math/__pycache__/Primality.cpython-38.pyc,,
+Cryptodome/Math/__pycache__/_IntegerBase.cpython-38.pyc,,
+Cryptodome/Math/__pycache__/_IntegerCustom.cpython-38.pyc,,
+Cryptodome/Math/__pycache__/_IntegerGMP.cpython-38.pyc,,
+Cryptodome/Math/__pycache__/_IntegerNative.cpython-38.pyc,,
+Cryptodome/Math/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/Math/_modexp.cpython-38-x86_64-linux-gnu.so,sha256=UjtwotV2UVN7d8J1re7ErZ75kvBvA1RFffcroyjmjJM,207274
+Cryptodome/Protocol/KDF.py,sha256=nmwDb1qTj5fHNSWZdLVwl_CyjlbOjM6rUDSl8wNLcUM,19897
+Cryptodome/Protocol/KDF.pyi,sha256=OfuAajDDJIDIny-zMuGsfhqCLZr4x8bZnV5Tonbg00E,1383
+Cryptodome/Protocol/SecretSharing.py,sha256=ZNw_YhVs4TYrJ7075g6WwaiiCJRRmy0fpT_LoEMV3Ww,8794
+Cryptodome/Protocol/SecretSharing.pyi,sha256=-lErV2RvaNPuOA0z4c44WmNSu9irCw_DDb7wPgCS2BY,798
+Cryptodome/Protocol/__init__.py,sha256=eXlh5nJVd6NoXfUjJ-mNGgm5oE8r6MYDBOIHXWdzTPw,1548
+Cryptodome/Protocol/__init__.pyi,sha256=RNdrwMgjt9b9LmckdRkaYYC4PCzNV-1Hi2T3B2MHgds,43
+Cryptodome/Protocol/__pycache__/KDF.cpython-38.pyc,,
+Cryptodome/Protocol/__pycache__/SecretSharing.cpython-38.pyc,,
+Cryptodome/Protocol/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/Protocol/_scrypt.cpython-38-x86_64-linux-gnu.so,sha256=RAIsDgb0Bgzraim44UGmPeISIJH4VWDCEinZbDAfDg8,16510
+Cryptodome/PublicKey/DSA.py,sha256=r3Vo6fyCWAngyfI8hWsrOms9Srj_lvzIfoHcdlwFMCM,22363
+Cryptodome/PublicKey/DSA.pyi,sha256=Q4s-ZAx5xV8ue2lxfVhOtQQzYuawu3qhDz0O5ThoLdM,1353
+Cryptodome/PublicKey/ECC.py,sha256=62eaTeNl_6VcHjwyaA28vcjmWM-WEKMnFdq-3GOr8Lk,42053
+Cryptodome/PublicKey/ECC.pyi,sha256=KhDMYrqTioBcZa0FWeMdJelJWmN47M2KWfS7y78ILVw,2358
+Cryptodome/PublicKey/ElGamal.py,sha256=qe1JXZRLCnMQO8u892VZA80u92IBXnTq-rV0CcvMKa8,8631
+Cryptodome/PublicKey/ElGamal.pyi,sha256=-s3ty0v_o-8Rq8_nrYh32Vo6ihr8OaSWdc_H7_CVGCo,674
+Cryptodome/PublicKey/RSA.py,sha256=jn4L8zDEPRB1haBoVKikrgUb9cOl5Dg2fU2gYiGx7J0,28834
+Cryptodome/PublicKey/RSA.pyi,sha256=53HgZFdczCzVYl8hVQLay9RA0KqcVBGtyKG0u2r5S-8,1837
+Cryptodome/PublicKey/__init__.py,sha256=2yP0pjkXKBr0C0QA5xS8Jxd9nHz9VT5uoNIS59KC4Kw,3123
+Cryptodome/PublicKey/__init__.pyi,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+Cryptodome/PublicKey/__pycache__/DSA.cpython-38.pyc,,
+Cryptodome/PublicKey/__pycache__/ECC.cpython-38.pyc,,
+Cryptodome/PublicKey/__pycache__/ElGamal.cpython-38.pyc,,
+Cryptodome/PublicKey/__pycache__/RSA.cpython-38.pyc,,
+Cryptodome/PublicKey/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/PublicKey/__pycache__/_openssh.cpython-38.pyc,,
+Cryptodome/PublicKey/_ec_ws.cpython-38-x86_64-linux-gnu.so,sha256=FAVYikDHr6gC6vLsL4BE-v0mI0olLJ9GbxYXyB3APZ0,1000375
+Cryptodome/PublicKey/_openssh.py,sha256=t8Z8fOJDh64ZXmqpSCqlds-OKb2C5FncQmqCstfGImM,5146
+Cryptodome/PublicKey/_openssh.pyi,sha256=ywCy9UDu2_AQI60ChWxGxyqHiZoYwMKC3TVXJn_ZVIM,324
+Cryptodome/Random/__init__.py,sha256=EJnd9lTXo5ZFvmgrAzv2wHX8b87SNPO3sDGB3UofVe0,1813
+Cryptodome/Random/__init__.pyi,sha256=ieifhoMB2veKusRRBZWQp6igPri5027VrqfddO5b-WU,367
+Cryptodome/Random/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/Random/__pycache__/random.cpython-38.pyc,,
+Cryptodome/Random/random.py,sha256=aWcD7vA4eWrRmjIkho-YGxbrVC3anFTzHa_N_7Sds64,5246
+Cryptodome/Random/random.pyi,sha256=Lgo1h6wtyUDhEuroDRyt-eYvPFEgQOo0fxfAE68S2cM,807
+Cryptodome/SelfTest/Cipher/__init__.py,sha256=nI0MW4-BVQHwCwYqgWxa7MhL9OxYmwYSIJcp5qe_n9Y,3708
+Cryptodome/SelfTest/Cipher/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/common.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_AES.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_ARC2.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_ARC4.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_Blowfish.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_CAST.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_CBC.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_CCM.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_CFB.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_CTR.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_ChaCha20.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_ChaCha20_Poly1305.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_DES.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_DES3.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_EAX.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_GCM.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_OCB.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_OFB.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_OpenPGP.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_SIV.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_Salsa20.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_pkcs1_15.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/__pycache__/test_pkcs1_oaep.cpython-38.pyc,,
+Cryptodome/SelfTest/Cipher/common.py,sha256=HpeH9ouK2m5kcrfcb0vRSw2q1LehsuicQfGuT1jnclg,17016
+Cryptodome/SelfTest/Cipher/test_AES.py,sha256=PpAFYq6sGbzd-tFNi--37LLD-hI_A6KCw4J5DB5nlDo,71827
+Cryptodome/SelfTest/Cipher/test_ARC2.py,sha256=gOXQEu0PBG3vD7D_sT7y0AqfrXfAA4U-qsbArNOujBI,6550
+Cryptodome/SelfTest/Cipher/test_ARC4.py,sha256=5YgyIIhAn1_Ca5q3Sh2Cx1yLsQhrZK6t0aQdAVtdCdo,24749
+Cryptodome/SelfTest/Cipher/test_Blowfish.py,sha256=fC6tYqaKzCuo7gIqyenNsoxvS-hSyC8FAkqUIadrv_w,7318
+Cryptodome/SelfTest/Cipher/test_CAST.py,sha256=WjrbmsHybravO0qPALVVyBRskQTlRiemhsh-ud5MvxU,3367
+Cryptodome/SelfTest/Cipher/test_CBC.py,sha256=dr5yzeU-HaLlTFVaJeRjm59uZuJYjdQqFvFAPoWNSDg,20419
+Cryptodome/SelfTest/Cipher/test_CCM.py,sha256=FB0ElwRqrWNUlOmeNup21HC2MVCxRObrRzG_8UJ2WVw,38039
+Cryptodome/SelfTest/Cipher/test_CFB.py,sha256=WNkgDVTR1BacaVPnVDscddLFkfAUENfABdR6enu4CtM,16162
+Cryptodome/SelfTest/Cipher/test_CTR.py,sha256=X2d0y1ZktQd29BxgEmeiC86OIUGgVrl_41dOuxJyHX0,21402
+Cryptodome/SelfTest/Cipher/test_ChaCha20.py,sha256=0Aj4tJWSxW8Lbn5EbXk9PyNbTDB9zIOK4_a4k0-NBYQ,20017
+Cryptodome/SelfTest/Cipher/test_ChaCha20_Poly1305.py,sha256=pKisgjpYWUB6GE-Vj9U_wdWzNGArBIYTF0fXwvKhKXQ,31070
+Cryptodome/SelfTest/Cipher/test_DES.py,sha256=5nGk-NGJg4iap191mOJgiNpLgjZ38Qwq_5oktYz58cs,16027
+Cryptodome/SelfTest/Cipher/test_DES3.py,sha256=DnPIMMsAf2N-yl0j7JILr1GGvJNzAi3A4Qsi3P-3HE4,6724
+Cryptodome/SelfTest/Cipher/test_EAX.py,sha256=b-qiqzx_wpBUDaQ1cgybM5V_Eoh_dJte3TMn4-uFTpc,29491
+Cryptodome/SelfTest/Cipher/test_GCM.py,sha256=p-4TGNvjhCY2EZl1HrVpxU5X0o3cE4BYJP02u3x5-MM,38246
+Cryptodome/SelfTest/Cipher/test_OCB.py,sha256=-lvM3XRSouW29b1m3bhhno4TgKI9TUI2DKxBbfd1dCA,28406
+Cryptodome/SelfTest/Cipher/test_OFB.py,sha256=bKcBCLL39YIz8xr0YEGySWWJxxzQ6pgmRLZv2FxCxUo,9327
+Cryptodome/SelfTest/Cipher/test_OpenPGP.py,sha256=Q4rOCU0axh_z7U4MSUGda39nujktPlBUaqVVfE5kMhs,8497
+Cryptodome/SelfTest/Cipher/test_SIV.py,sha256=h_SPw8YaOZOQ4Bw7BCRms9K7qbfY5byDzLbisDLNtbA,21125
+Cryptodome/SelfTest/Cipher/test_Salsa20.py,sha256=1AuzeYLpnYhuzdqqbdkUguIpZlT7kbbpParNYF220QY,16767
+Cryptodome/SelfTest/Cipher/test_pkcs1_15.py,sha256=s_t7dHvCIKc-QobF8CJHZcRsb1Q4qRUslxEkih19ZVA,10594
+Cryptodome/SelfTest/Cipher/test_pkcs1_oaep.py,sha256=s8-2D2puFnmmUcbRkcXro8h1CE4cAhYO_8_rYjChwV0,22998
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCGFSbox128.rsp,sha256=jU0y_RjZc7Rae4Ra71JZdnuZjOVYRxAp1IGe4aYSabY,2787
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCGFSbox192.rsp,sha256=fjvAZvU59Szb-jHISNXS2eJwyxCNSfUUZtuj4EBBL3k,2609
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCGFSbox256.rsp,sha256=V9hpYePiv0Idf-261mYVpmHGtDFVA10iyd8R-x4dKpc,2367
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCKeySbox128.rsp,sha256=dbpmQvcgZvrPzNBCOxGnqCQuEKuKvLOZWP8ECuNw-V4,7990
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCKeySbox192.rsp,sha256=lr4vtlL_4gVhySVIlxg01kVY351NpTNfhutiXPLENYI,9874
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCKeySbox256.rsp,sha256=JELpUAjt036FZn87hQAiV4bwz3rXlHjR2ZStkB9sM4k,7154
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCMCT128.rsp,sha256=jk8YVL-7jYSPWGHPshIQTfYb1tEUKXiSYArqP7ovJ2Q,37376
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCMCT192.rsp,sha256=LTXLqH_ODWAW53y2Xe_bdALPxDjTOhMtyvAlvtN-9Gs,40576
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCMCT256.rsp,sha256=I7H3lzMhXUSCCp6MTV8y2GKwnyHkCng7DglNkVeVmL0,43776
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCMMT128.rsp,sha256=hgKmNyD7pJJbFBOF9ZC-8z4Q0qYcLJPX8wsLgIzLJ74,9654
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCMMT192.rsp,sha256=kxK_gWyWXZMpsixh-Nfz5zTpwORBDEvDdHh_Wys7bBI,9974
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCMMT256.rsp,sha256=vfQ3mslBnS4ejLIFaGEapETh8rTvfTuUOK-kNqlwBLc,10294
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCVarKey128.rsp,sha256=CG8rZuSGmdaCofMPCRv-RBlW8CymmSNf49_s_HBsr9E,47849
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCVarKey192.rsp,sha256=IK1mvGNLPgnAyNACs3RsXPItkRb4RKcm9ZYQPZkzn1M,77929
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCVarKey256.rsp,sha256=3AyzgBafQ6g8Sv-G7rFG1YYafgJHkIEG-Lb9N5Aul_g,112105
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCVarTxt128.rsp,sha256=NuIPk6FOKn_HyvD0eKbMUEMelNXn203qZkLFhDx4fd0,47849
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCVarTxt192.rsp,sha256=myc4SHgTQ_R0NslkNNBvxIemJm8ycws1mt0fvoPOX3M,51945
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CBCVarTxt256.rsp,sha256=E8WwhsZMgW5D_8ZXtgLP5qcjG-qCl-vJqWsJMtNR8VU,56041
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128GFSbox128.rsp,sha256=PetBa4V9l8tZucoVdmnTcG2yxGmXV5zggGAs6BjyJrM,2790
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128GFSbox192.rsp,sha256=4pLczu5j53_ZEJN3QbGtb9s1BPckiwM-B4Xy9FEmmfc,2612
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128GFSbox256.rsp,sha256=2U8vwvdS2yN5UPGAxKcHq7jHwFymgHfCGbNNyg5nshE,2370
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128KeySbox128.rsp,sha256=o87VaOGVb2A0vBEzf8wxTcgBKdJ7qyv5aTNDJrdbgSk,7993
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128KeySbox192.rsp,sha256=aOrrWPE21kdquhb2-NF7BV__wJh2VfWXyZ2yEoezwGI,9877
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128KeySbox256.rsp,sha256=PM1Kl9FkTLqkBPAXKuk_0hjbi-ktnL21YZ6UZJ4oaKQ,7157
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128MCT128.rsp,sha256=qssStFCa3Xi9-x0RB3Y4hQUXqw1vAwXnH-cc8vuQonI,37379
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128MCT192.rsp,sha256=uvFr2372lGeK9DD4S1ulwwqAXusEkc3Aok7Zbu6-WME,40579
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128MCT256.rsp,sha256=ptLz5OsPykXQx_j4_BxRX1OWRxKbRsdfvGFG0hi6uBo,43779
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128MMT128.rsp,sha256=QysTd7nANa2-aYZZtjeSnvqjfkmsiBasoMN1FqmsRQw,9657
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128MMT192.rsp,sha256=SCubxxY-Xz2uJCsD_N3Gm4PcH0f_Gfrj74Opar0mIJU,9977
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128MMT256.rsp,sha256=C2AkiXUSrDlMAxFKkaPxdDBQH0Codt4YDWAI4To_H34,10297
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128VarKey128.rsp,sha256=lMpe6dc1E2S1BTK1CSJubsXCNUcylc1Juyj0CjZX0v8,47852
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128VarKey192.rsp,sha256=JRwBrwNDy5npksDoi1UwjnL40vGWEeJG7cezM7Ep50w,77932
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128VarKey256.rsp,sha256=rfwz1yvXvU4DN2ZxNkPFE5wajQcREZbO76mvOo_GLsQ,112108
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128VarTxt128.rsp,sha256=UFUNsGaH5PAijmRJ3wli320O0u4smpQMvxKLaTr-aU4,47852
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128VarTxt192.rsp,sha256=a52sEs1Sn_A1CMD16vC-mHDAw_CD2dZcGJolAcFC46U,51948
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB128VarTxt256.rsp,sha256=_FRB9oN5Q-KyVVbNMsnLionMBYFVfx7CX_rSb9Lmg5o,56044
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8GFSbox128.rsp,sha256=hMQY14LzloH3lWaW5Wa_w_xrPmYC_4-mkt5zbjlSyY0,1948
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8GFSbox192.rsp,sha256=PINYd4KRk623-kA7c13ekEWrxbrhidZOTNQVWCZSw9M,1890
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8GFSbox256.rsp,sha256=VUbW4eab0v3SNO5BRdNcd6bGXxaZ4thkxOfq6S7Dw-U,1768
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8KeySbox128.rsp,sha256=lXccJkglpMet2HdG_hVxPHUA5T9ye7w3RNtXbROqz2Y,5471
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8KeySbox192.rsp,sha256=dde2y-QM22fXMMdRL6A8DIofghIZihRBxmC2w3HZMy0,6995
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8KeySbox256.rsp,sha256=41SLZ_y0h0qdyzfHWhYSkzu2e7SDes8nTzHvpvkdd40,5235
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8MCT128.rsp,sha256=D3yf9MGKx78BNoN4GkNnHFwco6enBlY_G0wf07FEPxc,25377
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8MCT192.rsp,sha256=MQumbDtwDZOOVY66sOODkLjiygHMwRF5iwDC1_7RpdM,28577
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8MCT256.rsp,sha256=DxHJ-AmB8z--Ly3Kt_inweIwUVECXWgBXvujaIbD5kY,31777
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8MMT128.rsp,sha256=lP20fsuv0fqhnbdWG-YiHiDp8tNPjdVuIRc3wiE20nE,3055
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8MMT192.rsp,sha256=sBqsFN3TMkQO7Zbl7I_n8sloD52zxeLgiq5zYH4Oyy8,3375
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8MMT256.rsp,sha256=4NOc6LASPWEnD-50boVm5MomaWhYTYbQhzLCPybGddo,3695
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8VarKey128.rsp,sha256=mvHAmSr092Z32a3kveZlNruin3zWe2tIQpqqfWTeXPI,32490
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8VarKey192.rsp,sha256=01L3kHeD-LqSfE--mpFjnGGkeenqOSas8s-I82Vfpw8,54890
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8VarKey256.rsp,sha256=6Aooiamd3pB-ZUOmrBcsCbaXwR7BI-i9QCM5tWY9r40,81386
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8VarTxt128.rsp,sha256=jrHzMizQegT39uay0-m_U_fCYRp2SXSNNb162zb4m9w,32490
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8VarTxt192.rsp,sha256=D3mN2TULDZ9UWIB5GfZo27SlYSUCCpN1pSCOpf9gQvA,36586
+Cryptodome/SelfTest/Cipher/test_vectors/AES/CFB8VarTxt256.rsp,sha256=PMX7Tm87AiMU17lrRB5SBlgUkfCQMurFhZ8U1gXd_DM,40682
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBGFSbox128.rsp,sha256=NqmhVuhGhk3KiDpdoLHj2aStP0mrQ8ltYMAWPf09V7w,2787
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBGFSbox192.rsp,sha256=i8YFQ_bSRpAARg3o0cypWgXVNg4LJQEpaT-MueuBi80,2609
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBGFSbox256.rsp,sha256=QQvrbGgDg13HR6sG9Y4NYJG9Fno1GiDhksD7WsbEnGI,2367
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBKeySbox128.rsp,sha256=zYZzoBHZJywm8-PXGkdh0M92lt69q1Xlez6pT36jXyM,7990
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBKeySbox192.rsp,sha256=LpaZlABRpjAHBI6Wb5FrgtYQCgYiqQJ5pA5LgoS6sv8,9874
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBKeySbox256.rsp,sha256=sJzuWVShDIACWoUw9ZKIfuPG4bBl9dqvZ0_nWV5Ykvg,7154
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBMCT128.rsp,sha256=AW0pmMOE2FdpcJOY0OUT6AluNbIJmY4ymqsTryRBj_E,37376
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBMCT192.rsp,sha256=hff1UxqKGO1wIP9SQ2g6OCWsoBdnivefOw0SrKkX-q4,40576
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBMCT256.rsp,sha256=8ixrgFsp_27dSKskpR0Omy9FE6nQw9Q3ZiwJwadbK_s,43776
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBMMT128.rsp,sha256=aEps11PAOdDX_p5pzR8IrK4oLaGal6NVHYTvimGheV0,9654
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBMMT192.rsp,sha256=UN9R1JN8LPSgp7m-YVbnwrxw5u6wu9_n39T5vQmleMY,9974
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBMMT256.rsp,sha256=ULROQmjB5MnVIhWgp2mY8hNbTzxZsw10EtMDPncNq40,10294
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBVarKey128.rsp,sha256=-wNByOr7EMG_6ZXa3usWmI7DE6SxaYhCJiZHQhrrMQY,47849
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBVarKey192.rsp,sha256=aAE8BEABWnKPgbvs2OtQCb5UAOLVoC3X8gDfZd4mw20,77929
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBVarKey256.rsp,sha256=2Pzwktz9Ff5i7lNCvHqjmD1pYDUCCjpsGoOBDfbhUeQ,112105
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBVarTxt128.rsp,sha256=Jowo6O7I1UKWPGQUBL6lPKOVbSQecaTv4eFJoihGrmA,47849
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBVarTxt192.rsp,sha256=DjaxbJUulI8uZ9Aw_N-f5OZijPScGK-1A62TbI19eag,51945
+Cryptodome/SelfTest/Cipher/test_vectors/AES/OFBVarTxt256.rsp,sha256=bupYeO4v-gv_bLKAgIV4CN6_J4odWn11xE7boL8Qjtc,56041
+Cryptodome/SelfTest/Cipher/test_vectors/AES/README.txt,sha256=60TZ8t3yT6VSsa8Em-WuA3U8b4YZxo5ZacUyGq6G890,360
+Cryptodome/SelfTest/Cipher/test_vectors/AES/gcmDecrypt128.rsp,sha256=DR-Y0Mnhdu3h8-hUhN0T3pLDQ2ypffN47DSB4EwZpzI,2748606
+Cryptodome/SelfTest/Cipher/test_vectors/AES/gcmEncryptExtIV128.rsp,sha256=MBViNvdosNgeWKPlvTvXnOKUz57wugqEz3uGnInr2f0,2930939
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/README.txt,sha256=hDeBnqtd185cf-MlzMsAUHtTQMTQA3AWXlRwieQu_NE,195
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCBCMMT2.rsp,sha256=w9zaXFSlBUkSgOd9EIv-uJjZMd5Kq4CCh1Mw39Ef5SI,6492
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCBCMMT3.rsp,sha256=01k6aw7y1P3YU1O1tMGJxfzU_hQTSv-cu-ZFLwUoO0I,6492
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCBCinvperm.rsp,sha256=_zs_hHhOHk8R0jqalJfZv5W9YLR0JZwouXlUNVb4D70,15890
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCBCpermop.rsp,sha256=Jo3PnThZZS_EbimNgAhLZ_885v2CYFgUSKrLzInKvpc,8020
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCBCsubtab.rsp,sha256=5900Cila5IOo5VpUDtrB8RDRtOIPWsrroTAGsc4oULM,4819
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCBCvarkey.rsp,sha256=2lA8JmREU52Vp9X5pJWQa6rLCMzGYnUDi5VG6Yr5CYA,13915
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCBCvartext.rsp,sha256=6qE0bIigNfJslrVQDGWZV7YkXBG3-hwOgjsuIhzyQrc,15900
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCFB64MMT2.rsp,sha256=TpBVhZUmX2C4sRoCDROvQDuQv5gVOk0aFxm1pp6bfA4,6494
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCFB64MMT3.rsp,sha256=mMwx1bCOtw0AcJrsYxrhmBycW4B3VaHvfgPGHrnpHKs,6494
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCFB64invperm.rsp,sha256=BVMb18Mm1Hin3tgHjnxrfPSb4P4Y2mvfh2B9V5Zy9Xc,15892
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCFB64permop.rsp,sha256=6ZwOKZ5Ej8ErjfZEnWOBT19WgTx5Uyq6j0bi1Qr6Vu8,8022
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCFB64subtab.rsp,sha256=RPLhWK13522rsiUgBnbgCk57_yDSEbqtXY1QZy8SRQA,4821
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCFB64varkey.rsp,sha256=whxavgBPUbeGwSAlDqy1wWgELMtQs9PQE0LUzFzcBsY,13917
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCFB64vartext.rsp,sha256=DCRrqKJ3cE7sPTd5Nov00szLB3UsZvhhIIlYyXClhjM,15902
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCFB8MMT2.rsp,sha256=BtKIJNMPMQiuTRUb2GVrFYPfeMkFvGUkpzfQcj9hmKo,3413
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCFB8MMT3.rsp,sha256=iR2pfe1o2D6uXaWhYIyI104EiwMoSh_xQvlACak2jdc,3413
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCFB8invperm.rsp,sha256=y1BhaDajhJK6sgi_WoCpivnunEcQz3s_YP6S0cx5cYY,12307
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCFB8permop.rsp,sha256=UunDHgTlkgu5SX-_rbwru7Cb14r71p_52mGgk1eA4Yg,6229
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCFB8subtab.rsp,sha256=Pz9gt4Yg56ZhpJaNdWIXm0rrEuFgRDVJE3BSRXRXB4I,3756
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCFB8varkey.rsp,sha256=OUnAab1XVxlUkcHR0hpZM4WzF4aLnkbPorYPs3LeLlk,10780
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TCFB8vartext.rsp,sha256=4qzDlfCrKSgqizeSaWSSCbdMXu7wWupnWYI2J9Zy0JM,12317
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TECBMMT2.rsp,sha256=iD7ZSuiJkln6dzwrs9CmSXt6nd-rkVK1dOQ7Yvuq-jM,6032
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TECBMMT3.rsp,sha256=4jD9aPnKbr9QvC6bBzzznaFXknd2ryXoUG2UyAXxVz4,6032
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TOFBMMT2.rsp,sha256=90ejMmcQJAAva5oDHZfVFtV8PfJwcCAJ-VZvrvdVP4M,6492
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TOFBMMT3.rsp,sha256=0C3349hXpEGwP8fryw8jAzo2yxlxHUloeMyALrFyxEg,6492
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TOFBinvperm.rsp,sha256=jhBskIqunOstw3z9ECnLPjY3le5CV3GkbsZimghIFik,15890
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TOFBpermop.rsp,sha256=9kwCTwvwrMICoK13_yYU9l8mJk_5N5_91bqMFm56aws,8020
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TOFBsubtab.rsp,sha256=sVfYcy66WOKFcT4vfy_ykavEt8fFP-5TzUNdR0gs5sY,4819
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TOFBvarkey.rsp,sha256=HmcozNR9lqGmiNcyI9QqAI3GasIQfkuWK6LmE52A2Ak,13915
+Cryptodome/SelfTest/Cipher/test_vectors/TDES/TOFBvartext.rsp,sha256=kkrk9qQzO-tzAH0YYR4QtyGQAfyiu_JQ8vIv0-KcvBg,15900
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/aead_aes_siv_cmac_test.json,sha256=pUC3FoitW8wK8OntE4DlwN7iquDH9BLRRf5uBta3kGI,405682
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/aes_ccm_test.json,sha256=zus5i_I7cLNlM2essEx__Ae4NrtPlJ3Wo3AwfTJbpQA,236978
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/aes_eax_test.json,sha256=iYDZEI3B_4j0OXdyfii49rIDQeaWpq-HKBC6J5WND_4,84816
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/aes_gcm_test.json,sha256=xj96NNX0m-Uvjy9aXEd1C0GK8wQmWGn3fNS6y44dL1E,133455
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/aes_siv_cmac_test.json,sha256=weGSoUbwEUmiIjpWUHs6y2XT0rVgxZFcGcxGwLKh4v0,177708
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/chacha20_poly1305_test.json,sha256=S17zmflWIUIn2lScioTZ0JdTjACj0THeV0ithQgQWuw,196184
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_2048_sha1_mgf1sha1_test.json,sha256=k3KUn7gP3nLejBN_1jsVYlXKn-o2iQQzQ-pZZBFVkLo,35337
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_2048_sha224_mgf1sha1_test.json,sha256=DB8sKJtW7C6MixB6xl-LGZqUTxGRBYyOFNUAAezkvp4,27669
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_2048_sha224_mgf1sha224_test.json,sha256=gomskn7LU4tbT0n6z3CqDNgIuGrv_k31OzJcN3gG_e4,32722
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_2048_sha256_mgf1sha1_test.json,sha256=qn09ZvlxI2FtRB1j6nkjht9PGLV3AuRyVrp9S9fMzbc,27647
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_2048_sha256_mgf1sha256_test.json,sha256=BjZddqcYpQxuI1WDknKJIDrt8MRt-WUf4l2QqSbf7rU,36411
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_2048_sha384_mgf1sha1_test.json,sha256=ou0E0xKYvocIgueLOXXGVJqvJm5WRsVoFjVJGE9UoDU,27583
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_2048_sha384_mgf1sha384_test.json,sha256=ssgZNn8L633XaGD8mBL1lkk7HgZrMNKoY2VkHoUM5Zc,31284
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_2048_sha512_mgf1sha1_test.json,sha256=pCZoGS3QUPDbRjs5-evo_Yp95r-RJBlZoA_Et8E8IKc,27517
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_2048_sha512_mgf1sha512_test.json,sha256=rof_1bNM5JD2FFAISphMxFD6upRpDo6MZnBNQmKI8y0,29546
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_3072_sha256_mgf1sha1_test.json,sha256=gd8cnYuJlqQP18DopU4aMaOOtp_MQslrdjBtkstmTr0,38507
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_3072_sha256_mgf1sha256_test.json,sha256=zY8aRXZ7ZiyDsuizeprFoRMN2Pmp9FrJzrtqH2vvtwo,49871
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_3072_sha512_mgf1sha1_test.json,sha256=2eh490VoYTgj0dtpM9aFIVrNvtH59sxDonPiQ3SZ60s,37409
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_3072_sha512_mgf1sha512_test.json,sha256=KEr7XjVuzjRdG1qfVjBWVGEdUhY2mg9zD6jf9Q8VPyw,40890
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_4096_sha256_mgf1sha1_test.json,sha256=WNIxqjFQnECM-q0FqGBHMU8UqXffYunrgDtWF3z1Yd8,48665
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_4096_sha256_mgf1sha256_test.json,sha256=W5PFMgMBr7LrftEMF41eUXtk5gOWYTaPdzy0r1y4McQ,63366
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_4096_sha512_mgf1sha1_test.json,sha256=-iuHeAw8VvKt0LGqa6dS16KVvOlbZIftcaKqpkDx1TI,47299
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_4096_sha512_mgf1sha512_test.json,sha256=MgaDMR-MzZxxcCpTuHkJNprvGsQV-gUOzVTDstNREy0,57400
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_oaep_misc_test.json,sha256=jMh3_BLOIzzV1QZUbWxe4mNwVkmHF302u6wJki3SITk,1262220
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_pkcs1_2048_test.json,sha256=UoeSkKnXl60751hJ_G7856k8YhkfMHNH2EAx5eFQsF0,292951
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_pkcs1_3072_test.json,sha256=2DTy-Osluiq2MqrzmAHqxACQ5HK1a2BMQGpXW2ZdP88,423258
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/rsa_pkcs1_4096_test.json,sha256=ZIMdsdGrwxFehQuFZCCKp40l3uZKH5WcvXUstDuxku0,551672
+Cryptodome/SelfTest/Cipher/test_vectors/wycheproof/xchacha20_poly1305_test.json,sha256=F4Kso6XhhcUv1Xa5aGfoEeJKV79II0u59xN0K1MDlOk,181687
+Cryptodome/SelfTest/Hash/__init__.py,sha256=um4TKfVp-bYbGRIbSdPzy2Tal_tEmREk0NiJkCTRwz4,3533
+Cryptodome/SelfTest/Hash/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/common.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_BLAKE2.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_CMAC.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_HMAC.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_MD2.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_MD4.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_MD5.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_Poly1305.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_RIPEMD160.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_SHA1.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_SHA224.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_SHA256.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_SHA384.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_SHA3_224.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_SHA3_256.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_SHA3_384.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_SHA3_512.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_SHA512.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_SHAKE.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/__pycache__/test_keccak.cpython-38.pyc,,
+Cryptodome/SelfTest/Hash/common.py,sha256=C2jFAjRERl6uCNr12bwRTTighWDRpNiyAbXVfc-iSl8,9964
+Cryptodome/SelfTest/Hash/test_BLAKE2.py,sha256=vpPxSXeaZGIo6iprJCASNjuz4pW8epk1gK3C0ygjgwA,14953
+Cryptodome/SelfTest/Hash/test_CMAC.py,sha256=tj7t9augqONo539ZaxxXuNGMShgPMSs3ZNDj4RJBGHs,13946
+Cryptodome/SelfTest/Hash/test_HMAC.py,sha256=S-oBHJeQ4M8xdSfuq1IjYQB3BVqADGwC4aXpoFAGBc8,13568
+Cryptodome/SelfTest/Hash/test_MD2.py,sha256=ElKzN0tL3U-0TeLVP0e7I8txskHXSA8Ys63aYjLW_BM,2336
+Cryptodome/SelfTest/Hash/test_MD4.py,sha256=9SFHZcbB3M2AhjYtK-Y9w0tWE_cdmeo2QrHvl3f9S4U,2359
+Cryptodome/SelfTest/Hash/test_MD5.py,sha256=Bj6C548u8dz0d-pGxg7JZlezPWuXfD_TBnj7QOJGtxw,3300
+Cryptodome/SelfTest/Hash/test_Poly1305.py,sha256=2_ZTIuatKcaI0ATBGQm0DicKnXMTUqdu1nC7g6rNg10,18406
+Cryptodome/SelfTest/Hash/test_RIPEMD160.py,sha256=V1q7YGF0xKe0DeXZhAmtc4hIbbDKhEpjkNfPsNkB-qE,2675
+Cryptodome/SelfTest/Hash/test_SHA1.py,sha256=CrQWc1iCeKmVauPe5KqrBS4kt2qE2Ocwf365BOThGPM,2960
+Cryptodome/SelfTest/Hash/test_SHA224.py,sha256=Dz7sRLuh-AJZXarIZ7Lza4ZUy9tNNT5pUSsAm5Q6Ax0,2541
+Cryptodome/SelfTest/Hash/test_SHA256.py,sha256=pmV4r5WojFZmtVWAIFAl1uO55GO7wMWXCdE_I2e87J0,3637
+Cryptodome/SelfTest/Hash/test_SHA384.py,sha256=6_hL7uoZdQYAEoC0gT2mYuZQuCELHe9ebxcFhQZd4BM,2722
+Cryptodome/SelfTest/Hash/test_SHA3_224.py,sha256=S3PBL2Jqiby-Fmrj8SfU9OHoIL6ggCkWT8wbBJ69kBo,2874
+Cryptodome/SelfTest/Hash/test_SHA3_256.py,sha256=gQIzg3vguubWE2m3Dg0GiKXrWU_0aEQUvYjO5HE_LjE,2875
+Cryptodome/SelfTest/Hash/test_SHA3_384.py,sha256=iKXhYtyaa85GiNJ5y0C97JSWy2JLAR88bwZEgt-jttY,2874
+Cryptodome/SelfTest/Hash/test_SHA3_512.py,sha256=Z05p5vkxaJFoaxuPtZuFJTZxMyqRfzIFPE3z9SuBZmY,2875
+Cryptodome/SelfTest/Hash/test_SHA512.py,sha256=dGVeICdKxE_4mmpgewgEjnqzxDU0_ZYr5qt4LKMIO9c,5302
+Cryptodome/SelfTest/Hash/test_SHAKE.py,sha256=e5J4G8UNR-h5_ucZL_iqr1GlyWUY0ILyvOgqmYiGz-0,4786
+Cryptodome/SelfTest/Hash/test_keccak.py,sha256=ZdxMKcZf5zTOjcguA2HBnreYFZYWUwKBlsvPqyw6v1E,9160
+Cryptodome/SelfTest/Hash/test_vectors/BLAKE2b/blake2b-test.txt,sha256=6DYRIlZ96-rzmjXAmmoGiEIsAQqnQpIWnJqbDM26AkY,135750
+Cryptodome/SelfTest/Hash/test_vectors/BLAKE2b/tv1.txt,sha256=_fgZKswUlDW4iyAtEb4h0XcjY0edq6M0CyfEE1g0ncQ,4741
+Cryptodome/SelfTest/Hash/test_vectors/BLAKE2b/tv2.txt,sha256=hejftkYHZ5waIFHWX_OacTNfVyfdIwWhuzF0lL1KKps,9060
+Cryptodome/SelfTest/Hash/test_vectors/BLAKE2s/blake2s-test.txt,sha256=nH7O_rr67tH8etckN_qAoRu6BTAi0Oa8EIvyNaVMijs,102983
+Cryptodome/SelfTest/Hash/test_vectors/BLAKE2s/tv1.txt,sha256=sO6d-SWvAMOwzjMuLNZR8K2eb7QLIzOBk6L7omqcg9k,1413
+Cryptodome/SelfTest/Hash/test_vectors/BLAKE2s/tv2.txt,sha256=v6M_7bwZO3a7V4KXowFt93wWHudF1M5A1_2BWHz4OcI,2564
+Cryptodome/SelfTest/Hash/test_vectors/SHA1/SHA1ShortMsg.rsp,sha256=vgmR3cU3KTLVWASxFxPJFA0QQ170sxagdz41Bu7HnNo,8735
+Cryptodome/SelfTest/Hash/test_vectors/SHA2/SHA512ShortMsg.rsp,sha256=5To2wDYJ5aPjzEtuEXpJnbeGTCPsglxs7JlQOkX0B2Q,36800
+Cryptodome/SelfTest/Hash/test_vectors/SHA2/SHA512_224ShortMsg.rsp,sha256=mxH7Jf8I2McI4JiiLQE8XTjAaNHjmOtXPSBVwFO__nU,27536
+Cryptodome/SelfTest/Hash/test_vectors/SHA2/SHA512_256ShortMsg.rsp,sha256=2NUAi3P5DLkqj41NmvdFgJzu9Hr0y-su4kXMaxU_UiM,28568
+Cryptodome/SelfTest/Hash/test_vectors/SHA3/ShortMsgKAT_SHA3-224.txt,sha256=1eLWO-0-QY5KJRsFVYuMsZxZJUqid5fQdoYf62TK0UU,86195
+Cryptodome/SelfTest/Hash/test_vectors/SHA3/ShortMsgKAT_SHA3-256.txt,sha256=RvFAFF5Dz74xTtmOI-6rlwdLm9g3q6ToCZCSdTwWjgA,88243
+Cryptodome/SelfTest/Hash/test_vectors/SHA3/ShortMsgKAT_SHA3-384.txt,sha256=iyqT-Rq0yO5R6eYMQnnlEynzNYvT1fMjEb1TetruOZw,96434
+Cryptodome/SelfTest/Hash/test_vectors/SHA3/ShortMsgKAT_SHA3-512.txt,sha256=pImzhhuDKlqdHvspZxdke4Ovym8Cgfdw-5gQtni4BTI,104627
+Cryptodome/SelfTest/Hash/test_vectors/SHA3/ShortMsgKAT_SHAKE128.txt,sha256=-GOrJL52VikLqOrNLo_dW6vAuoikrIwv_M8yE-cC20c,333928
+Cryptodome/SelfTest/Hash/test_vectors/SHA3/ShortMsgKAT_SHAKE256.txt,sha256=wRVs94lIiWRqphXKojGwqWxi_BjtbNOToZwvLuT0C_4,333928
+Cryptodome/SelfTest/Hash/test_vectors/keccak/ExtremelyLongMsgKAT_224.txt,sha256=Z8BU0nZzRihAAARK2JV-gbZKBkeEPF1meRld4oOyJLU,316
+Cryptodome/SelfTest/Hash/test_vectors/keccak/ExtremelyLongMsgKAT_256.txt,sha256=wDRraKgIR_Bb--u3qjgRDI_4JuDYY3k8CERjWlfXcO0,324
+Cryptodome/SelfTest/Hash/test_vectors/keccak/ExtremelyLongMsgKAT_384.txt,sha256=J1aO_Asi6jHQkLvNqqQX0ct3IjlGSi_X2dKi886PhJw,356
+Cryptodome/SelfTest/Hash/test_vectors/keccak/ExtremelyLongMsgKAT_512.txt,sha256=xCXigswYKQjijTOnSo6YfMKbWNu-p_RnR0-WKdR2zy0,388
+Cryptodome/SelfTest/Hash/test_vectors/keccak/LongMsgKAT_224.txt,sha256=ORAzRQYztzHLW1kiQcKViaDpOFDmxRWlVH55E57axYo,300741
+Cryptodome/SelfTest/Hash/test_vectors/keccak/LongMsgKAT_256.txt,sha256=0GA-RoRMyaobz-mZsxR0FAYaGJax0yDeCMo7AidY6JA,301261
+Cryptodome/SelfTest/Hash/test_vectors/keccak/LongMsgKAT_384.txt,sha256=lcfkQiEcCvCDWCAPxrLtAjVIVtqftH9iUohS38DMlDQ,303341
+Cryptodome/SelfTest/Hash/test_vectors/keccak/LongMsgKAT_512.txt,sha256=Z9a9BYUTLD92OdA2FR15LhIcqStLBnAAZSeJqf6dggo,305421
+Cryptodome/SelfTest/Hash/test_vectors/keccak/ShortMsgKAT_224.txt,sha256=4GBcFh1vLSJXYo7p-TRHHnHvp43NgyPgXjV69KZolzA,85946
+Cryptodome/SelfTest/Hash/test_vectors/keccak/ShortMsgKAT_256.txt,sha256=qo_vZ44ayILxErUnmTwnKwOBndsWRgk9ER9GDh2r2nY,87994
+Cryptodome/SelfTest/Hash/test_vectors/keccak/ShortMsgKAT_384.txt,sha256=TmfukzxIOlEHEFfahvDDuOtrebZhSaGUcNggUv8_ywY,96186
+Cryptodome/SelfTest/Hash/test_vectors/keccak/ShortMsgKAT_512.txt,sha256=3-33JR9udHo5AELPPPFLu12Y4ltAjxkSa6HPgn3s0yI,104378
+Cryptodome/SelfTest/Hash/test_vectors/keccak/readme.txt,sha256=K1q35vq7h6S1aGqUPr8EcZKoJEjtaBgQlaQtya3v-6U,83
+Cryptodome/SelfTest/Hash/test_vectors/wycheproof/aes_cmac_test.json,sha256=4GQcX-EVpdpSANFyweVfnrUS0_qOhnwUFNZQFlBPQzk,90510
+Cryptodome/SelfTest/IO/__init__.py,sha256=62l-NkQk9WPrRYoDAbtWKMOc9LT5yAE6ENws7t7-uzU,2002
+Cryptodome/SelfTest/IO/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/SelfTest/IO/__pycache__/test_PBES.cpython-38.pyc,,
+Cryptodome/SelfTest/IO/__pycache__/test_PKCS8.cpython-38.pyc,,
+Cryptodome/SelfTest/IO/test_PBES.py,sha256=sCOtJYeUCsSYM1NRYpweWzlUgrrc8W4vSHLIdi2s_aE,3469
+Cryptodome/SelfTest/IO/test_PKCS8.py,sha256=RC8LDc5b-7056ZWgoJNMPxaRgN4J8UyzgvQNE7LfoU8,17574
+Cryptodome/SelfTest/Math/__init__.py,sha256=EkOt_fJnPR9-LS36rE0xm0j1nlj-I0Y9CPnQk1KO29E,2113
+Cryptodome/SelfTest/Math/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/SelfTest/Math/__pycache__/test_Numbers.cpython-38.pyc,,
+Cryptodome/SelfTest/Math/__pycache__/test_Primality.cpython-38.pyc,,
+Cryptodome/SelfTest/Math/__pycache__/test_modexp.cpython-38.pyc,,
+Cryptodome/SelfTest/Math/test_Numbers.py,sha256=AwPV2PIK_R51JgX5GxpYUVOxp2eZ1uzhcxvFPpzN3V8,29839
+Cryptodome/SelfTest/Math/test_Primality.py,sha256=0V_gzcBWyk1SFYEBcsEgYVaPfw3-UZtcWl0etV_bgvA,4901
+Cryptodome/SelfTest/Math/test_modexp.py,sha256=rsoK86G8jDUNPiVg5uu3c3S6XVN4wz9dl_ty0oajcwI,8135
+Cryptodome/SelfTest/Protocol/__init__.py,sha256=M2Sh9OvDVzEqup__hYYipuAqXvBwEHSooPPz4meBCyo,1763
+Cryptodome/SelfTest/Protocol/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/SelfTest/Protocol/__pycache__/test_KDF.cpython-38.pyc,,
+Cryptodome/SelfTest/Protocol/__pycache__/test_SecretSharing.cpython-38.pyc,,
+Cryptodome/SelfTest/Protocol/__pycache__/test_rfc1751.cpython-38.pyc,,
+Cryptodome/SelfTest/Protocol/test_KDF.py,sha256=qIDtlD4nJOHL0Rlg-2rAIw-PhBaR3Q96Vbn3kxzq0XI,34529
+Cryptodome/SelfTest/Protocol/test_SecretSharing.py,sha256=B64noTracARMA3qGIUmIuk5Ob-NYyIldndNK-KJVmkg,9701
+Cryptodome/SelfTest/Protocol/test_rfc1751.py,sha256=6QuxUUE-NP8_1tQNj9Macjtc540zk4j85Z7G1Nyy2cI,2220
+Cryptodome/SelfTest/Protocol/test_vectors/wycheproof/hkdf_sha1_test.json,sha256=O9w7X1BkMKkFTU_6LHA-NO1uMTMLKr0IgRSO4SlWCP0,80132
+Cryptodome/SelfTest/Protocol/test_vectors/wycheproof/hkdf_sha256_test.json,sha256=i0ExHY0YXUgtQ6TH9svR3lNezQ0ZHU_mhU_hpj0mf7Q,98622
+Cryptodome/SelfTest/Protocol/test_vectors/wycheproof/hkdf_sha384_test.json,sha256=iCNFhGsEfB3wwhKfOnKjzhBpfry4CaZIlAmg8maC9DA,122104
+Cryptodome/SelfTest/Protocol/test_vectors/wycheproof/hkdf_sha512_test.json,sha256=UzoAknq9V9ZtOoCB48e0C4VoQh4_yXesEH555P8ee-s,147385
+Cryptodome/SelfTest/PublicKey/__init__.py,sha256=aRQ22RfDcpSeNEKu98hfxITqQMIoSOCGwCG1XTQuzVo,2203
+Cryptodome/SelfTest/PublicKey/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/SelfTest/PublicKey/__pycache__/test_DSA.cpython-38.pyc,,
+Cryptodome/SelfTest/PublicKey/__pycache__/test_ECC.cpython-38.pyc,,
+Cryptodome/SelfTest/PublicKey/__pycache__/test_ElGamal.cpython-38.pyc,,
+Cryptodome/SelfTest/PublicKey/__pycache__/test_RSA.cpython-38.pyc,,
+Cryptodome/SelfTest/PublicKey/__pycache__/test_import_DSA.cpython-38.pyc,,
+Cryptodome/SelfTest/PublicKey/__pycache__/test_import_ECC.cpython-38.pyc,,
+Cryptodome/SelfTest/PublicKey/__pycache__/test_import_RSA.cpython-38.pyc,,
+Cryptodome/SelfTest/PublicKey/test_DSA.py,sha256=8V1xuY9LWsMLxFJUfbf0SkJYuy0F1mRIprozyn3kdXU,9552
+Cryptodome/SelfTest/PublicKey/test_ECC.py,sha256=aWwLootkojYrRI6cwttSD1SSYnCEGZ2QiG2uSmp8BX4,31788
+Cryptodome/SelfTest/PublicKey/test_ElGamal.py,sha256=FhcxH3ngmtbPezyLLS2g1JXUb6RreGTVfK6a8RT5y4Q,8671
+Cryptodome/SelfTest/PublicKey/test_RSA.py,sha256=_MlvOivZxIzWVARdyMYx6AKpbZnSYQ_0DfnGBlzNw3Q,12220
+Cryptodome/SelfTest/PublicKey/test_import_DSA.py,sha256=V20ehAYhf5WAcm5mBxurN9YM3Z58vAfTY-irdzE7A_Y,25492
+Cryptodome/SelfTest/PublicKey/test_import_ECC.py,sha256=0fbH06J9fkz1AErgv0uS7dUGSROOjSnxNWmpvyj5_Qg,50208
+Cryptodome/SelfTest/PublicKey/test_import_RSA.py,sha256=cWheO9zbXvoCrHsCticFCqHOmkqmuCyZQWwk2FHrq_c,23778
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256.txt,sha256=wYvstytkYlYw41vRkecS-zFU5jRFvqjck1_FslBiU9s,630
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private.der,sha256=7qlKORodBckn-NEiXjjhvdK33oj615HsiX2lCdn_HHY,121
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private.pem,sha256=yjB0KGJw7cK59wOGC9vav00Hua7O-4y4KmR-ZvfTIFo,227
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_ecparams.pem,sha256=UoWial9kzXR5-vqH-DiiStF9LQuR7HaWVEza1zO6oGM,302
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_enc_aes128.pem,sha256=0wkiqVsPBEzM0xudk3HJ41WKhYIp1XYb5EMid3HIhjk,314
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_enc_aes192.pem,sha256=TJKSWl5XvJu7ir-bBj_YNhqw1zrT2tJpQ0tacLnPswA,314
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_enc_aes256.pem,sha256=yMEDYmgWlztJujMOF9rMS9Iha34GBXyuXYpYgLWxx0k,314
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_enc_aes256_gcm.pem,sha256=GotcdRDvbl91HvWlW1z009iuUYTTSpGy4HrmVJ_sDCk,300
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_enc_des3.pem,sha256=XOwp6KnEADXw239Va5r9ugVpJOWoaZQTQ-iE99Gpyh4,299
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_openssh.pem,sha256=aCxAUluUngRkqklTjXMJ1U-R06vyTtgvAY9HJiyiBM0,525
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_openssh_old.pem,sha256=U2LOqXeFl_KpuBjteuFMVINwpkhySBQHreMsIsmAe8U,241
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_openssh_pwd.pem,sha256=faDeroEuwg_Ix_5F5NPjrcIgL1JsuVTO8ElkT09GgL4,578
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_openssh_pwd_old.pem,sha256=DKlWKgTzq5QEpu7OfnASW2P1CMpsTrHYLFMMzP__SMU,241
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_p8.der,sha256=8Lia3f3O81Fur193lkEPfMuqxxJIRO2UqjqWo_HDHF4,179
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_p8.pem,sha256=XoGTYG5LrjouLTIkIT4eFOxt5N1VH7AYbhBA2aZbzKE,318
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_p8_clear.der,sha256=cnmbIowIW8z6EJ2Nn4eg6jygbK5Fx-TPjIsr9RX50i4,138
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_private_p8_clear.pem,sha256=aQZgvErmx6ZyJ4UtYRukA17Gc4eQO7uaiDsCwBqPF08,241
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_public.der,sha256=fGv8W3UpJMMXYmJ2nPRrmjSPNnyOcE-fI1dgGsA1qWo,91
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_public.pem,sha256=18VbHNZHsikjlu35teZZB5_x_Vimb7NlLu3xTwIMs4U,178
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_public_compressed.der,sha256=wUxc_rRUKSbVuW9Xmr2y-9j6fZoWUyp-f3kMEFnScVU,59
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_public_compressed.pem,sha256=AQ9fW0iXXwb_gAfEgsZOFbv8_F9rHkrO5FWkG6WL5-4,134
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_public_openssh.txt,sha256=lez_62x3FxIN6LUS6NdwuGRn4yZZ0VqVWJIdsyC7jKY,161
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_x509.der,sha256=FbcHrhY7Q7BO0nt-AoCVMWqPPLebvNB7dPNUyBFVHtI,401
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p256_x509.pem,sha256=zTGkUwOeqJpxZz2LcsluZ3A_0f_wHrMPzR7DF3lJ7bw,599
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384.txt,sha256=30cv9scTYhSDTQE7gNXeihp7QVFW3azbBPfSqdIeLBI,848
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_private.der,sha256=gdF5yQdMI2w9N1Rz2OZl1kXAS3VjdvvO4eRBNEwci88,167
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_private.pem,sha256=lW4F-gHG8plnrEjwXODlNBDR06244E2FqdNW6RrKZ0k,288
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_private_enc_aes128.pem,sha256=m8h8zR8UR_shztyeCLv2ERdn-Pj0RZPI_lDnA84EzNU,379
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_private_enc_aes192.pem,sha256=jjDKqZ71CAeoEf9qdFUrm5qMdL9SLBBUSA77aHCdsqY,379
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_private_enc_aes256.pem,sha256=Okuv8VAz-TjM1INmOx-sfZIAaNYENrkViLhU6Tub5BM,379
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_private_enc_aes256_gcm.pem,sha256=q7oNkCM9-0ZVdmXMT-I_ubd9BAeUf7FAWw7ax45nUbA,361
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_private_enc_des3.pem,sha256=zvzq_un0MjYOriaiI2unsjiZyODYLajkEZhKl1M-fIg,352
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_private_openssh.pem,sha256=YaQ4jzZ_Qk680cHo4D7pSgOuGKL-x1ehVrmNuaP8VpA,634
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_private_openssh_old.pem,sha256=xtuVGnb35W5TviTFR-VX4UAm27jPw_qaAKT2zGRdN50,306
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_private_openssh_pwd.pem,sha256=VJGw10-QUR3K012qM5S0xulsxqHMAnLO9kjyZ9AUyAs,687
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_private_openssh_pwd_old.pem,sha256=HA9CtaFCz82uqaJWF4PbMra_WmBWeGhs_oOUPE4I46k,306
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_private_p8.der,sha256=v-ba89TMhcrwYb99FwTTSGRjPvHEY_YtAD_uHN9NXfY,288
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_private_p8.pem,sha256=28va4dDY6o0BQweiABnLzVd2XJHP6Sh1keljdA4vSMI,464
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_private_p8_clear.der,sha256=iQNdOt70TwEAa8JjslZfU14t9QMuJw4WI4xp9bO1boM,185
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_private_p8_clear.pem,sha256=p9k9kyrlXEdWLTgX77lC-EsRjRyJ_attoLxP_7u9ABo,306
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_public.der,sha256=P_Xu10VVbabmws1UYBe36AAb0r67KopkCpVXrdAZWBk,120
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_public.pem,sha256=DLmI4hGdlkQt8msGAWK8PIGeSwljpsaRPcap48ljUPE,215
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_public_compressed.der,sha256=40gth3gsa-MDzpE3oBbzNUeGT6w2xUHnGJr6MFHPPp0,72
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_public_compressed.pem,sha256=KAd0DNF4lw7LCTEHG-eQ5AlQx61yfbISZ15OoWlImxI,150
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_public_openssh.txt,sha256=lwxYgs4nmrAh3MzAwGXVnpzbGMUuIVtlGUQA6w1kd4g,205
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_x509.der,sha256=ianAVbMC_RUc_qkW56ZveHWNON9UkCtxHzRAKNTgU3Y,465
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p384_x509.pem,sha256=IoS2VsH6MzJFrqkaE7dUNx9zpPZilSOKqwWWTzwd1ss,684
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521.txt,sha256=csPtEBUyVqueAivVBMENIQK6dIW5EeVzOuMm74eEbuw,1102
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_private.der,sha256=EgT4zXHC_nUdlpMQPtVNVL6Kd85-UNlFvWpXj3ZKLsU,223
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_private.pem,sha256=SzMianLiLMvdM_uoKpuoolMEr149xfjxZs1BMzNk3E4,365
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_private_enc_aes128.pem,sha256=6Q7QjmOg9HtGgvzbr1Ir8y_s-X0VJiItGIojnGk_188,444
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_private_enc_aes192.pem,sha256=Usoy3FRZ621Ba_On0UR8iuS8a1dBIliXoNViFedOn5M,444
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_private_enc_aes256.pem,sha256=V7aiqI6niQFt33j0fRuSjLULlAebLtrzqkStBm-tynI,444
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_private_enc_aes256_gcm.pem,sha256=p5exiD4JHHDtK0jVlajI0N73pBwVVVmg03O2caZDb-M,438
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_private_enc_des3.pem,sha256=9ct7Q2bQ4Wqw-S_BCu6TPpRmLoVxuAA5Ui3vNRrcX54,429
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_private_openssh.pem,sha256=kBOZ_mWsjGkvuY76LoeXCW08zpd6e-vzL-PC2A1kRE8,756
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_private_openssh_old.pem,sha256=fo2rw0koPqjatPBspOclEYuVLVko-wLgmxTsEqoNJjY,384
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_private_openssh_pwd.pem,sha256=kVA6BoPYrlOqW1scj0tddmMaeKfn-MT7unIpZClsSIM,801
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_private_openssh_pwd_old.pem,sha256=uZCxZEF1324xbh8FsyeC-e5xWTuh2JI9THSMYta3nNc,384
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_private_p8.der,sha256=uBLXLGBOnJHNhsnfxi3_LBzEQt7zZ7dvA8W10XNFBsU,353
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_private_p8.pem,sha256=IMvxQdmrlUhfItAyms1un1MBUETxXOELdpb7wqg58RM,554
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_private_p8_clear.der,sha256=bhoyjpfdqhn8txQ02eOmK1uBoz7Y2FTj3qFYvf9er6g,241
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_private_p8_clear.pem,sha256=GvWW9t8Ux6z1-Uu7O6hWAgxdI5vgU2eVsDNcyyS_b18,384
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_public.der,sha256=n8k_4lc8DlJD1jqFzj9QFbIU2uMyJTuZt08BOjEQHaU,158
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_public.pem,sha256=cd0AukbHFnj_d1habRRQaZxss3QEgzs6pkYvFFgMh2A,268
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_public_compressed.der,sha256=35DQpuatGV2E92otSp8JcI4yszBg2A3q3a1TiVoDHzE,90
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_public_compressed.pem,sha256=LYsdWOfaBZtP9eYvu4hktp5HhmuuiGATJPOYQYNmVqw,174
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_public_openssh.txt,sha256=NUTubHKJmFuqIhBPwTy9PSOMoWI511Q_bUUOallD5jY,253
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_x509.der,sha256=T8JHzhTzXC74Bzy2t9JCfpXMi3FgC_RvhqZNK2S47vU,539
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/ecc_p521_x509.pem,sha256=il319QczAtkua27nPwS5gQnwuhPDuVc4U8z8_F5HHgQ,786
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/gen_ecc_p256.sh,sha256=jvhcZKBm51b1N-zcTLjsiquVBtdrQuLHm6c6JagsDCA,2651
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/gen_ecc_p384.sh,sha256=tOY_BeLz7D55rRohOnASfpKU5VISAI_slDKmNuQCxr8,2540
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/gen_ecc_p521.sh,sha256=pr2bzhpJtOMHa9HCIToMctduu9bzKwFhr06kFd9aeIk,2540
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/openssl_version.txt,sha256=TpgzscIqzY_FLk6WH0y1H0klab_iJn2U120v1loK4Gg,31
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/openssl_version_p384.txt,sha256=NEWRNBfUbq4TNQkZuuSOQAp6VeGmnrbIoo-lC-Qe0-M,27
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/openssl_version_p521.txt,sha256=NEWRNBfUbq4TNQkZuuSOQAp6VeGmnrbIoo-lC-Qe0-M,27
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/point-at-infinity.org-P256.txt,sha256=YCL_d9GA0wp_B4jH63gFgglZz97QDipQb3JAGyGk1iQ,9993
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/point-at-infinity.org-P384.txt,sha256=LH3JZPf82mX9kZfLCurwN6KFxAJKe0c7dn_wTkmznTc,14455
+Cryptodome/SelfTest/PublicKey/test_vectors/ECC/point-at-infinity.org-P521.txt,sha256=uXgYPT7uZU4VSE8D4of-9MbgFWVWyTLWekpPwryKWho,19421
+Cryptodome/SelfTest/PublicKey/test_vectors/RSA/gen_rsa_2048.sh,sha256=kKh8bTqhBmvzCO-rek3THD8SfhibZXb-5MKAkua6-_0,659
+Cryptodome/SelfTest/PublicKey/test_vectors/RSA/openssl_version.txt,sha256=g4a696SFxOtAl9Ta6wEQ7Gk7S2xAOYDW_2owds4QRG0,33
+Cryptodome/SelfTest/PublicKey/test_vectors/RSA/rsa2048_private.pem,sha256=p-GqC-XtacpQsChpxqB0UuDzGJz25zDVGc1XLD9QZlw,1675
+Cryptodome/SelfTest/PublicKey/test_vectors/RSA/rsa2048_private_openssh.pem,sha256=SscubX5Q_zu193_200rKEEMcDsA8UUNMFl2qwpZD79c,1843
+Cryptodome/SelfTest/PublicKey/test_vectors/RSA/rsa2048_private_openssh_old.pem,sha256=z7hNYzNlTHBBD1TgzIeRT1jL6Mz9WFNNbnB1HjihX2s,1704
+Cryptodome/SelfTest/PublicKey/test_vectors/RSA/rsa2048_private_openssh_pwd.pem,sha256=d2AQnmOPVvU_FiCA9nPo3QA7TQnRIkCrVKiiBP7Zuy4,1896
+Cryptodome/SelfTest/PublicKey/test_vectors/RSA/rsa2048_private_openssh_pwd_old.pem,sha256=akUEWlzHkLQySLriut7c1Lz7_A8Uv6GmID2a_nSrvgA,1708
+Cryptodome/SelfTest/PublicKey/test_vectors/RSA/rsa2048_public_openssh.txt,sha256=Wk5hyMlp7Cb_TAglAhmPEVFejSPMY97cTz9voxhgp4E,381
+Cryptodome/SelfTest/Random/__init__.py,sha256=vWmKA--IXzOIszf150wbGq1-OTAVBTI3sqInjutIBWk,1546
+Cryptodome/SelfTest/Random/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/SelfTest/Random/__pycache__/test_random.cpython-38.pyc,,
+Cryptodome/SelfTest/Random/test_random.py,sha256=VtbtEXdP_6EaxZ_hRL3rP-HrBVBEqb_ANN7l8HfoRFM,7014
+Cryptodome/SelfTest/Signature/__init__.py,sha256=C-5wFBkGOqSmy5j1ljP2EAHsTPmz4Cp3klsrUgTaUVI,1564
+Cryptodome/SelfTest/Signature/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/SelfTest/Signature/__pycache__/test_dss.cpython-38.pyc,,
+Cryptodome/SelfTest/Signature/__pycache__/test_pkcs1_15.cpython-38.pyc,,
+Cryptodome/SelfTest/Signature/__pycache__/test_pss.cpython-38.pyc,,
+Cryptodome/SelfTest/Signature/test_dss.py,sha256=pNFOUpR_XNTRW6YYbevhL47JH-YKuMT4Tn2-osJtKy0,48521
+Cryptodome/SelfTest/Signature/test_pkcs1_15.py,sha256=rDFun7A_XUMiqksw6iTm7HJap-1Z1wGINiwhoSRT9CI,13961
+Cryptodome/SelfTest/Signature/test_pss.py,sha256=cniIFFvnRk7JvAIfyZHagK8emuGXMklwHYKnd5ye_AM,15834
+Cryptodome/SelfTest/Signature/test_vectors/DSA/FIPS_186_3_SigGen.txt,sha256=CgbUHJa42LSFuKhzyHqIOrOhjfty1UEbqG6mZzgwG4w,332997
+Cryptodome/SelfTest/Signature/test_vectors/DSA/FIPS_186_3_SigVer.rsp,sha256=XAzACaPYLKYnuy3k9eKMEaLLYv599wDS-P4_WPc-sFM,320900
+Cryptodome/SelfTest/Signature/test_vectors/ECDSA/README.txt,sha256=-9a-bk38fNGDOL5A0MuvoMv_-DGDyXv-Hy_hi9lPVdU,233
+Cryptodome/SelfTest/Signature/test_vectors/ECDSA/SigGen.txt,sha256=fmR9CA0A0OBmTk0VXO3dLF6JuWpfYnTiR0GbKJ46u8c,73092
+Cryptodome/SelfTest/Signature/test_vectors/ECDSA/SigVer.rsp,sha256=2mRCPlaCZaEKtHnQaNT4UyV4y4Ugp2ym431pVWlO5Qs,59083
+Cryptodome/SelfTest/Signature/test_vectors/PKCS1-PSS/SigGenPSS_186-2.txt,sha256=rcKJqoIznZ4T1n7CWiQF1IdS--TtECXiJTvu9cuIlEY,241521
+Cryptodome/SelfTest/Signature/test_vectors/PKCS1-PSS/SigGenPSS_186-3.txt,sha256=Rt5_L8y1-JUW5ktb2xxP1FagnJzGgN1k4HVuYv9QAOw,84721
+Cryptodome/SelfTest/Signature/test_vectors/PKCS1-PSS/SigVerPSS_186-3.rsp,sha256=eMQgBgTucJ1k6lMI9E9r5JNWyaaYjDdojMugWQz4O_o,618655
+Cryptodome/SelfTest/Signature/test_vectors/PKCS1-v1.5/SigGen15_186-2.txt,sha256=O-UB5gD4svYkt_DtBDsPNeF-7KhkRF-DUwHhv3IAloc,228502
+Cryptodome/SelfTest/Signature/test_vectors/PKCS1-v1.5/SigGen15_186-3.txt,sha256=GcSbj8cQLMEkduIVhUzSKPH4wNMW8Oot9sGD8Wfpcko,78424
+Cryptodome/SelfTest/Signature/test_vectors/PKCS1-v1.5/SigVer15_186-3.rsp,sha256=b2A4FDStYP85DmeRO00HLufCVkvVdjaW7xspnh2WezM,248174
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/dsa_test.json,sha256=dY9VnMaPZ0VYhzjyXXu4DUa5OyN1HM8HXZFIata5Kj8,361835
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp224r1_sha224_p1363_test.json,sha256=NUzTUOvq8KUgnhgblXylo_xC0prDUrBJnvHT2COMDhY,126917
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp224r1_sha224_test.json,sha256=h0ZfND_VTKlrULr6fsqhWi1NOwSkCZQYLOY1k5kuo3Q,182708
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp224r1_sha256_p1363_test.json,sha256=frm9Q9JD6btb9aYrfeSrqu1JisTmOcsNMR67oRZUPjg,136148
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp224r1_sha256_test.json,sha256=fllUI96pdYYPSmtNnf5wengqklQcNl1Fv5tmYgGajRA,191745
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp224r1_sha3_224_test.json,sha256=rYp3SAmNMqI5Oiek4o2JradM7YsCN3sgJTm3Q2191OU,192369
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp224r1_sha3_256_test.json,sha256=DSwWgANVGnI6l3tTT_f6IX7ld1x6TWQq1QLvmkn_AmA,195342
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp224r1_sha3_512_test.json,sha256=rUn9FPrUbfFRa9Rti9mAeT1WH8TCjXvQ-SkN6ymx6_Y,216893
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp224r1_sha512_p1363_test.json,sha256=m-6HhNQBAO0oP7Hvu5qOm7y0_RhwpiavN4H7SPJKZ94,158057
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp224r1_sha512_test.json,sha256=srxXDnc8w0HyPC1cFGYEum5u9WlaFilCM2969gFRf1w,215238
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp256r1_sha256_p1363_test.json,sha256=eEd59aM1Yyrmq1aojPZKLgyRixx_tJ0-nxc_sl_Q8JQ,169360
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp256r1_sha256_test.json,sha256=Yvg1kKnp4mpdc1n4Y-1BKqzSnt3ySPgXWbCcPEiT9O0,209501
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp256r1_sha3_256_test.json,sha256=tQCOWU-wS8pwztc_QQB2vK1IXmflAvR91WGplVKfcto,212335
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp256r1_sha3_512_test.json,sha256=GO0BLh57BNYJK3ZcuiPjAynKzBLek5z9SP1EacmOkIU,235525
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp256r1_sha512_p1363_test.json,sha256=LTH5hr5Eqciwd64TdLiL9OfUTk0_YEVFyYWiCQw-4AE,192688
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp256r1_sha512_test.json,sha256=TbH2DT14pKwLQdnqdc3LJkRaf2EcdkECPZX0qtUMHqM,233815
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp384r1_sha384_p1363_test.json,sha256=fLjtA_INZ1ZC4JIwbnbTLZYvmvVN7cHn6c_sbX7-1qY,202354
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp384r1_sha384_test.json,sha256=QPdf0K6THBEM9aSkl35s6kDkh3-SIomshoX6bEtwxXI,248834
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp384r1_sha3_384_test.json,sha256=WwCSeAmsmAnJtYpRdxpT1M4GMn9SabbgiRIkSVij7AY,252441
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp384r1_sha3_512_test.json,sha256=llhW4ydRgaY_Uq663LDVieLPOz6EN-d_vqKJq1VuPj4,266529
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp384r1_sha512_p1363_test.json,sha256=ZTO1O-Z_eTEfXMXX_gZ8tyr1qHUUIxKb-8mOHOmHffs,217518
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp384r1_sha512_test.json,sha256=ycWfQpYvSTBG6B3Q3-cVoKG1rUblxAc3ric7QxZrBbs,264814
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp521r1_sha3_512_test.json,sha256=zvNdmzSSuNUmf_ZusWRljRxJspgiN_IThYGVdmzqJhE,316628
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp521r1_sha512_p1363_test.json,sha256=nivx2a4HuAwfaERUwBuTZDREIve8uGstu0wN5ZZoBCc,265577
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_secp521r1_sha512_test.json,sha256=gLytODmZ8DmUJTrTGbg0WuvG1wGm3uq-wwZhzNpmEAM,315478
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_test.json,sha256=1XbwmavbVPefYmWJhS7x1byueiJ5DAzTmo2eQhlG-7I,1333478
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/ecdsa_webcrypto_test.json,sha256=Qa7kaY0Xohqsixuy-ezkDSLG8yGL8L98Hubfj9DGOs0,385262
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_pss_2048_sha1_mgf1_20_test.json,sha256=bD0sOop9DKD2OIBaJOBTqN9piTU_1lqk-pBpXvAW6BU,63308
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_pss_2048_sha256_mgf1_0_test.json,sha256=ZZGPT7_oIvbgwLFKM1iFfKJefD6C9-VnuP8fgEga9Bw,72789
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_pss_2048_sha256_mgf1_32_test.json,sha256=hR7EkUvCMwshuYQW1lChpfQJdgwCsJTiEAHK1DyjV3c,74923
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_pss_2048_sha512_256_mgf1_28_test.json,sha256=LQ8ufxpctrj2VHOZ2I7TBWuNpTpzW3r9YOsPcaCGfQk,37903
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_pss_2048_sha512_256_mgf1_32_test.json,sha256=2RkYwmvFpuP1XIWTR5fKshYJyif7TObvzYxlpWQLXO8,37191
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_pss_3072_sha256_mgf1_32_test.json,sha256=xkx8gcULOEd0N9SfcehBSUQBKDOrv2Q-dDmc3MQ2NKk,101979
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_pss_4096_sha256_mgf1_32_test.json,sha256=8omUot7aJDuhggbUHYGF0qCR7DNRLjvIwnSAGXqCVEM,129037
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_pss_4096_sha512_mgf1_32_test.json,sha256=uOksGZcx2x4A_DPnnE0DXmI166rNshpY8oWfmlPcWgs,211443
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_pss_misc_test.json,sha256=d2w-C4-V2t7yCDW92y_UMEtbSdTJ3QGOLqPQs4Jxifw,463761
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_sig_gen_misc_test.json,sha256=Q1OTIr166OUg4uAMbRGsXP3_Ty9wQ8weOhZgsS0GuvQ,372540
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_2048_sha224_test.json,sha256=1ANoEKJ6Mc94iKCS-cqNqnhx79ZsHCy9a8pWV8Popsk,175874
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_2048_sha256_test.json,sha256=BHjrlYexXC5nCb_wGGNT5VBRYcKhU9bUuEzauElpBGU,181387
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_2048_sha384_test.json,sha256=bt4DMVo3j7HgRFE5l7m03aVv68UZJm6g39kmgh-Etr4,184281
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_2048_sha3_224_test.json,sha256=AdsypMqO6_GRil0LRBG7zuWJD80EEVjA3mY-9Or_Ako,181604
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_2048_sha3_256_test.json,sha256=hQ4Fs6ZQzL55QtPQmJUYAXrBP7bSukas9rL482hflOA,180890
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_2048_sha3_384_test.json,sha256=FSXUlpTnygKfQbhyKog1iSebDjG6zFxav9HInKYheHw,181604
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_2048_sha3_512_test.json,sha256=Znlqjz8DFWdsjZv40HBxn_juSuIjsoossTYYQsPiuWw,181604
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_2048_sha512_224_test.json,sha256=kC_TABoVqLd1Jo8wxqd-4NTJVCQYWRQpBTJ3_1_8jYk,183800
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_2048_sha512_256_test.json,sha256=tYXtc6895ZxNzy_uvxnRdWCOHC6pk2Jy39vi533DZjc,183086
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_2048_sha512_test.json,sha256=WsNGI8iC3jx2AqGoGzS4MEM9QDJ_Ky-bhgmrowrUuJ8,178542
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_3072_sha256_test.json,sha256=INZNK4hxDkjguICmNnPOUCkToSMFjeWWq9moA6GZ1CA,240992
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_3072_sha384_test.json,sha256=AoHmTwjmNhhJmfkGNWNXnlxPhnWP1lWs5ccMRb1llMM,236965
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_3072_sha3_256_test.json,sha256=fRdlVlSs_r1BDqFl3B7yQvCKGQTBwWeDaWV1B-k3PgE,245066
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_3072_sha3_384_test.json,sha256=RWjb1l5WR1hVKuqZ09BuLuBnpWhFcmhnXVr-r7Iipww,246036
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_3072_sha3_512_test.json,sha256=15-WDZpI2meYFNnFeRpSaAtuxapszz8MkfR8eskTu5E,246036
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_3072_sha512_256_test.json,sha256=p9euedS_ywKSYRD0T80klmDpyt52vvsZzRXwDaTPioA,248030
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_3072_sha512_test.json,sha256=695qzX0M3a9enz0Botw3LejEcMQKQ2CMATBcuY0JzUY,241950
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_4096_sha384_test.json,sha256=FvvLp8tnOeoeFjd91W8sBOMbI75sHj5fkH_DT2Q1eGA,299010
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_4096_sha512_256_test.json,sha256=dRHPuI8avsTKUBRAp8ej2VszXamupiMqYi_TzDec1no,312976
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_4096_sha512_test.json,sha256=dwFh4ADPbnVs-1T-PnHahFfIBTitecFHT-aAzlk1k4E,299010
+Cryptodome/SelfTest/Signature/test_vectors/wycheproof/rsa_signature_test.json,sha256=j_yzdGf4xK7M0bxP_iF3n6-p-cY7FKUJV76pttMADl0,353455
+Cryptodome/SelfTest/Util/__init__.py,sha256=0Ov0gHqo91NR0f639IzQMU-UX1pxOm90PI-uUaOJlro,2021
+Cryptodome/SelfTest/Util/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/SelfTest/Util/__pycache__/test_Counter.cpython-38.pyc,,
+Cryptodome/SelfTest/Util/__pycache__/test_Padding.cpython-38.pyc,,
+Cryptodome/SelfTest/Util/__pycache__/test_asn1.cpython-38.pyc,,
+Cryptodome/SelfTest/Util/__pycache__/test_number.cpython-38.pyc,,
+Cryptodome/SelfTest/Util/__pycache__/test_rfc1751.cpython-38.pyc,,
+Cryptodome/SelfTest/Util/__pycache__/test_strxor.cpython-38.pyc,,
+Cryptodome/SelfTest/Util/test_Counter.py,sha256=ApOFXU5UI7v6Fyud6x9DOxxzknMs5mRhdiPxrEayeKE,2214
+Cryptodome/SelfTest/Util/test_Padding.py,sha256=YS6QCpAg4wO1f_uF1yjRCfljxLV9exTjxzZJEzdJvQk,5642
+Cryptodome/SelfTest/Util/test_asn1.py,sha256=H8bZeUqd3I8y1eWhR_XgOTLfCTvhgIqyu6HxCb7JjM8,29439
+Cryptodome/SelfTest/Util/test_number.py,sha256=E4AuphgplCJEVK8NWQzhCQgOtUZXQDnLCKyxUCKQjm0,6440
+Cryptodome/SelfTest/Util/test_rfc1751.py,sha256=iRu-xLLslb_ktNOPkKs4TAWPljrxDMksFnSqo25q9dA,1121
+Cryptodome/SelfTest/Util/test_strxor.py,sha256=CMOooo3QahU0wx3n-gNdmpqio5FanEUOosse0XfS_jo,10618
+Cryptodome/SelfTest/__init__.py,sha256=bsbo1dGYE-girZ4Mc7JeMbsgKWQ-WccHPAlLAzd3028,3686
+Cryptodome/SelfTest/__main__.py,sha256=aQAx7W62ztb2utGTClg3Qgb8iD9zSCnThhil_cIdL84,1506
+Cryptodome/SelfTest/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/SelfTest/__pycache__/__main__.cpython-38.pyc,,
+Cryptodome/SelfTest/__pycache__/loader.cpython-38.pyc,,
+Cryptodome/SelfTest/__pycache__/st_common.cpython-38.pyc,,
+Cryptodome/SelfTest/loader.py,sha256=xO6_2DEpt-7RH6CD1YEWv8AjKjTxQsalKWLLb0ALbws,4101
+Cryptodome/SelfTest/st_common.py,sha256=XsoFHmR_gylMxGhRJrQHfarNnIT_Mu8t9oAebRPReck,1949
+Cryptodome/Signature/DSS.py,sha256=GG7RirihwrofE8dzjMDcbQfOVkit4MXobaB_55qP09A,15333
+Cryptodome/Signature/DSS.pyi,sha256=zay6LNZ3NIlu42Q63ICT3mZEcz_aVG1rXLOkJ2tfasc,1102
+Cryptodome/Signature/PKCS1_PSS.py,sha256=o3Ky9DF9iI-wpGHDi5vZs7spzFSlANYIkqgqu0zCkAo,2103
+Cryptodome/Signature/PKCS1_PSS.pyi,sha256=fzw5vQvHchfJHvlHEr24CMTY2Gw8_pqsz76jNmMUBlc,280
+Cryptodome/Signature/PKCS1_v1_5.py,sha256=aEzzt1ccFM71pJfG6drwzGZeTI-ntM4-LLxBPyaFXLA,1993
+Cryptodome/Signature/PKCS1_v1_5.pyi,sha256=eqweCPvqayn2xiO9Aqv4Bc38GKOLcca6PazT9T87ufE,157
+Cryptodome/Signature/__init__.py,sha256=Y7O7plqZibJUIIyRDTPHxUKYBNvl4botFXvjEUA0y0A,1686
+Cryptodome/Signature/__pycache__/DSS.cpython-38.pyc,,
+Cryptodome/Signature/__pycache__/PKCS1_PSS.cpython-38.pyc,,
+Cryptodome/Signature/__pycache__/PKCS1_v1_5.cpython-38.pyc,,
+Cryptodome/Signature/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/Signature/__pycache__/pkcs1_15.cpython-38.pyc,,
+Cryptodome/Signature/__pycache__/pss.cpython-38.pyc,,
+Cryptodome/Signature/pkcs1_15.py,sha256=C0tGVrnMF3caVBJArhpEYZ0dsQ2RD8taIIzv50j85gg,8749
+Cryptodome/Signature/pkcs1_15.pyi,sha256=k8o74VVp_Zw11VmbhLBxPiU6CzzTm7NbaNwGeWeNn9A,568
+Cryptodome/Signature/pss.py,sha256=1443VYy8pEuvB7t8sWJ9p--pGHnRz2yqChKx3EowkXI,13494
+Cryptodome/Signature/pss.pyi,sha256=O_6YOe-iR4rHIzNnm6vCzcwxVNPGRgfAXhhzp1N9jPE,1044
+Cryptodome/Util/Counter.py,sha256=IWid224Wy-kmQ1UxqRsutwiTDzJq-ajxQGx0rx-_M3E,2811
+Cryptodome/Util/Counter.pyi,sha256=2JrTHJYq263XosQSC_NIP0TufUsTlG7WUr-lRqjJCuA,290
+Cryptodome/Util/Padding.py,sha256=KMwvlHUL6zRNA_XMa_SXwbm7RBIND_3sK155NeSocI8,4229
+Cryptodome/Util/Padding.pyi,sha256=47R3H2kE66PtKO82eT_Vc5eCSgNe4qOFgqOIPRdlp9c,238
+Cryptodome/Util/RFC1751.py,sha256=zHC63Jx-PqZQ2ebcYGUhaG62vfkFSklQc8MZmapE7SY,21204
+Cryptodome/Util/RFC1751.pyi,sha256=B42LvsE6G786rNEsrhta_BANazgrpb0WoSBPqKyjt5g,159
+Cryptodome/Util/__init__.py,sha256=fsZWRqGXZR2gmM0jxuiogKW3WwzlzKuTRRWYiwtOOd0,1951
+Cryptodome/Util/__pycache__/Counter.cpython-38.pyc,,
+Cryptodome/Util/__pycache__/Padding.cpython-38.pyc,,
+Cryptodome/Util/__pycache__/RFC1751.cpython-38.pyc,,
+Cryptodome/Util/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/Util/__pycache__/_cpu_features.cpython-38.pyc,,
+Cryptodome/Util/__pycache__/_file_system.cpython-38.pyc,,
+Cryptodome/Util/__pycache__/_raw_api.cpython-38.pyc,,
+Cryptodome/Util/__pycache__/asn1.cpython-38.pyc,,
+Cryptodome/Util/__pycache__/number.cpython-38.pyc,,
+Cryptodome/Util/__pycache__/py3compat.cpython-38.pyc,,
+Cryptodome/Util/__pycache__/strxor.cpython-38.pyc,,
+Cryptodome/Util/_cpu_features.py,sha256=f_JiluwzxhmltMbptIQ8qA03YUdgSNBr3RwcyX9z-xc,1997
+Cryptodome/Util/_cpu_features.pyi,sha256=3wKXZ0Z8llc2uxADvbhz3dHV6YLyRrDujOsabXlffCQ,59
+Cryptodome/Util/_cpuid_c.cpython-38-x86_64-linux-gnu.so,sha256=0XsY-HTCy_DusKyRTYtS92e6dfrvqiKb17YhkONXQwM,10899
+Cryptodome/Util/_file_system.py,sha256=m7HsPgKuKRsTQjgov6Vg02dn7Xsa52xhCLmqLjPIoZg,2183
+Cryptodome/Util/_file_system.pyi,sha256=5QruEWPE4urPtlCT5Eg8tBQyhV9ffBfZIAjmMo727dM,100
+Cryptodome/Util/_raw_api.py,sha256=_Uzt_wQ1_lm5GnENEF_s2Zya-LOCfG-UCA26ELB0DLg,10461
+Cryptodome/Util/_raw_api.pyi,sha256=Ohc2rr6RS-nhs6T5AL1YyQtaqsx6BVrJa092CiwAvNM,906
+Cryptodome/Util/_strxor.cpython-38-x86_64-linux-gnu.so,sha256=lvjppxLIMiolJvn5lp_CIYEloWiyFmDzeg-4v08mxcE,13213
+Cryptodome/Util/asn1.py,sha256=uOFoioOtH5ko3E59qR_zHHsVE2I9ZEDHPg6cMmIJanc,31772
+Cryptodome/Util/asn1.pyi,sha256=xR4oQKBf4SXiz0IQ_K0lw427jvvgX9SiEXejIu9fdV8,3579
+Cryptodome/Util/number.py,sha256=xwH1LGqkVsg0fufxrbWlX88pVPxbE11FvO3L4Oc3zhs,94868
+Cryptodome/Util/number.pyi,sha256=ixX1BS8EvvuPXN1_8aosdYHKmtXGB9NlRNVI9T9MAA8,975
+Cryptodome/Util/py3compat.py,sha256=PrPeqRZP9glhLCzrj-G_8BFmTui7EOO3bwA1y1bBgmw,5246
+Cryptodome/Util/py3compat.pyi,sha256=GeZXPUe7HqATRZ9ijsDRt3sVXEioOvi_T8dzLrUMBN4,824
+Cryptodome/Util/strxor.py,sha256=SEcBSWY8xqSAPBmPA2TdTjFJnqTs9A4WoxVX4VyNv2Y,5126
+Cryptodome/Util/strxor.pyi,sha256=OuBvuuK_ezq3eaHY10J89xpER9IQ9wcYzFI7j1tpll0,243
+Cryptodome/__init__.py,sha256=oIHjFUCVTvgyuhVOuPLSQ29PXjOgb4XN7UiRdTs8GbU,184
+Cryptodome/__init__.pyi,sha256=e5Ea45Jy2RdOr6bmLF9jiS2Bw65WnYTD1NMLJlbGAaw,99
+Cryptodome/__pycache__/__init__.cpython-38.pyc,,
+Cryptodome/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+pycryptodomex-3.9.9.dist-info/AUTHORS.rst,sha256=4AeRvMPhQSqwZcXaicX3Uv6MzyU98gNxUNcQsE6XiNg,735
+pycryptodomex-3.9.9.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4
+pycryptodomex-3.9.9.dist-info/LICENSE.rst,sha256=0a8_qy74zFO2x_SL3rF4rIdLBPr0ugFZqWthCfHTk-I,14685
+pycryptodomex-3.9.9.dist-info/METADATA,sha256=P7sdFrKssGKWsJR1a92GfdG4CNCtXFB3XFUPR2KWAWA,3188
+pycryptodomex-3.9.9.dist-info/RECORD,,
+pycryptodomex-3.9.9.dist-info/WHEEL,sha256=lmsU4pfb_60LHFgAOwGQv63gTX7Ny9agYdFe9vUdh58,108
+pycryptodomex-3.9.9.dist-info/top_level.txt,sha256=eHU9ase6in1ZSBEtTDpl7fwIPION42nbqZ1uFTyccxs,11
diff --git a/frozen_deps/pycryptodomex-3.9.9.dist-info/WHEEL b/frozen_deps/pycryptodomex-3.9.9.dist-info/WHEEL new file mode 100644 index 0000000..460075a --- /dev/null +++ b/frozen_deps/pycryptodomex-3.9.9.dist-info/WHEEL @@ -0,0 +1,5 @@ +Wheel-Version: 1.0 +Generator: bdist_wheel (0.35.1) +Root-Is-Purelib: false +Tag: cp38-cp38-manylinux1_x86_64 + diff --git a/frozen_deps/pycryptodomex-3.9.9.dist-info/top_level.txt b/frozen_deps/pycryptodomex-3.9.9.dist-info/top_level.txt new file mode 100644 index 0000000..9cbd375 --- /dev/null +++ b/frozen_deps/pycryptodomex-3.9.9.dist-info/top_level.txt @@ -0,0 +1 @@ +Cryptodome |