aboutsummaryrefslogtreecommitdiff
path: root/frozen_deps/Crypto/PublicKey
diff options
context:
space:
mode:
Diffstat (limited to 'frozen_deps/Crypto/PublicKey')
-rw-r--r--frozen_deps/Crypto/PublicKey/DSA.py379
-rw-r--r--frozen_deps/Crypto/PublicKey/ElGamal.py373
-rw-r--r--frozen_deps/Crypto/PublicKey/RSA.py719
-rw-r--r--frozen_deps/Crypto/PublicKey/_DSA.py115
-rw-r--r--frozen_deps/Crypto/PublicKey/_RSA.py81
-rw-r--r--frozen_deps/Crypto/PublicKey/__init__.py41
-rwxr-xr-xfrozen_deps/Crypto/PublicKey/_fastmath.cpython-38-x86_64-linux-gnu.sobin78864 -> 0 bytes
-rw-r--r--frozen_deps/Crypto/PublicKey/_slowmath.py187
-rw-r--r--frozen_deps/Crypto/PublicKey/pubkey.py240
9 files changed, 0 insertions, 2135 deletions
diff --git a/frozen_deps/Crypto/PublicKey/DSA.py b/frozen_deps/Crypto/PublicKey/DSA.py
deleted file mode 100644
index 648f4b2..0000000
--- a/frozen_deps/Crypto/PublicKey/DSA.py
+++ /dev/null
@@ -1,379 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-# PublicKey/DSA.py : DSA signature primitive
-#
-# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain. To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-
-"""DSA public-key signature algorithm.
-
-DSA_ is a widespread public-key signature algorithm. Its security is
-based on the discrete logarithm problem (DLP_). Given a cyclic
-group, a generator *g*, and an element *h*, it is hard
-to find an integer *x* such that *g^x = h*. The problem is believed
-to be difficult, and it has been proved such (and therefore secure) for
-more than 30 years.
-
-The group is actually a sub-group over the integers modulo *p*, with *p* prime.
-The sub-group order is *q*, which is prime too; it always holds that *(p-1)* is a multiple of *q*.
-The cryptographic strength is linked to the magnitude of *p* and *q*.
-The signer holds a value *x* (*0<x<q-1*) as private key, and its public
-key (*y* where *y=g^x mod p*) is distributed.
-
-In 2012, a sufficient size is deemed to be 2048 bits for *p* and 256 bits for *q*.
-For more information, see the most recent ECRYPT_ report.
-
-DSA is reasonably secure for new designs.
-
-The algorithm can only be used for authentication (digital signature).
-DSA cannot be used for confidentiality (encryption).
-
-The values *(p,q,g)* are called *domain parameters*;
-they are not sensitive but must be shared by both parties (the signer and the verifier).
-Different signers can share the same domain parameters with no security
-concerns.
-
-The DSA signature is twice as big as the size of *q* (64 bytes if *q* is 256 bit
-long).
-
-This module provides facilities for generating new DSA keys and for constructing
-them from known components. DSA keys allows you to perform basic signing and
-verification.
-
- >>> from Crypto.Random import random
- >>> from Crypto.PublicKey import DSA
- >>> from Crypto.Hash import SHA
- >>>
- >>> message = "Hello"
- >>> key = DSA.generate(1024)
- >>> h = SHA.new(message).digest()
- >>> k = random.StrongRandom().randint(1,key.q-1)
- >>> sig = key.sign(h,k)
- >>> ...
- >>> if key.verify(h,sig):
- >>> print "OK"
- >>> else:
- >>> print "Incorrect signature"
-
-.. _DSA: http://en.wikipedia.org/wiki/Digital_Signature_Algorithm
-.. _DLP: http://www.cosic.esat.kuleuven.be/publications/talk-78.pdf
-.. _ECRYPT: http://www.ecrypt.eu.org/documents/D.SPA.17.pdf
-"""
-
-__revision__ = "$Id$"
-
-__all__ = ['generate', 'construct', 'error', 'DSAImplementation', '_DSAobj']
-
-import sys
-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
- from Crypto.Util.py21compat import *
-
-from Crypto.PublicKey import _DSA, _slowmath, pubkey
-from Crypto import Random
-
-try:
- from Crypto.PublicKey import _fastmath
-except ImportError:
- _fastmath = None
-
-class _DSAobj(pubkey.pubkey):
- """Class defining an actual DSA key.
-
- :undocumented: __getstate__, __setstate__, __repr__, __getattr__
- """
- #: Dictionary of DSA parameters.
- #:
- #: A public key will only have the following entries:
- #:
- #: - **y**, the public key.
- #: - **g**, the generator.
- #: - **p**, the modulus.
- #: - **q**, the order of the sub-group.
- #:
- #: A private key will also have:
- #:
- #: - **x**, the private key.
- keydata = ['y', 'g', 'p', 'q', 'x']
-
- def __init__(self, implementation, key):
- self.implementation = implementation
- self.key = key
-
- def __getattr__(self, attrname):
- if attrname in self.keydata:
- # For backward compatibility, allow the user to get (not set) the
- # DSA key parameters directly from this object.
- return getattr(self.key, attrname)
- else:
- raise AttributeError("%s object has no %r attribute" % (self.__class__.__name__, attrname,))
-
- def sign(self, M, K):
- """Sign a piece of data with DSA.
-
- :Parameter M: The piece of data to sign with DSA. It may
- not be longer in bit size than the sub-group order (*q*).
- :Type M: byte string or long
-
- :Parameter K: A secret number, chosen randomly in the closed
- range *[1,q-1]*.
- :Type K: long (recommended) or byte string (not recommended)
-
- :attention: selection of *K* is crucial for security. Generating a
- random number larger than *q* and taking the modulus by *q* is
- **not** secure, since smaller values will occur more frequently.
- Generating a random number systematically smaller than *q-1*
- (e.g. *floor((q-1)/8)* random bytes) is also **not** secure. In general,
- it shall not be possible for an attacker to know the value of `any
- bit of K`__.
-
- :attention: The number *K* shall not be reused for any other
- operation and shall be discarded immediately.
-
- :attention: M must be a digest cryptographic hash, otherwise
- an attacker may mount an existential forgery attack.
-
- :Return: A tuple with 2 longs.
-
- .. __: http://www.di.ens.fr/~pnguyen/pub_NgSh00.htm
- """
- return pubkey.pubkey.sign(self, M, K)
-
- def verify(self, M, signature):
- """Verify the validity of a DSA signature.
-
- :Parameter M: The expected message.
- :Type M: byte string or long
-
- :Parameter signature: The DSA signature to verify.
- :Type signature: A tuple with 2 longs as return by `sign`
-
- :Return: True if the signature is correct, False otherwise.
- """
- return pubkey.pubkey.verify(self, M, signature)
-
- def _encrypt(self, c, K):
- raise TypeError("DSA cannot encrypt")
-
- def _decrypt(self, c):
- raise TypeError("DSA cannot decrypt")
-
- def _blind(self, m, r):
- raise TypeError("DSA cannot blind")
-
- def _unblind(self, m, r):
- raise TypeError("DSA cannot unblind")
-
- def _sign(self, m, k):
- return self.key._sign(m, k)
-
- def _verify(self, m, sig):
- (r, s) = sig
- return self.key._verify(m, r, s)
-
- def has_private(self):
- return self.key.has_private()
-
- def size(self):
- return self.key.size()
-
- def can_blind(self):
- return False
-
- def can_encrypt(self):
- return False
-
- def can_sign(self):
- return True
-
- def publickey(self):
- return self.implementation.construct((self.key.y, self.key.g, self.key.p, self.key.q))
-
- def __getstate__(self):
- d = {}
- for k in self.keydata:
- try:
- d[k] = getattr(self.key, k)
- except AttributeError:
- pass
- return d
-
- def __setstate__(self, d):
- if not hasattr(self, 'implementation'):
- self.implementation = DSAImplementation()
- t = []
- for k in self.keydata:
- if k not in d:
- break
- t.append(d[k])
- self.key = self.implementation._math.dsa_construct(*tuple(t))
-
- def __repr__(self):
- attrs = []
- for k in self.keydata:
- if k == 'p':
- attrs.append("p(%d)" % (self.size()+1,))
- elif hasattr(self.key, k):
- attrs.append(k)
- if self.has_private():
- attrs.append("private")
- # PY3K: This is meant to be text, do not change to bytes (data)
- return "<%s @0x%x %s>" % (self.__class__.__name__, id(self), ",".join(attrs))
-
-class DSAImplementation(object):
- """
- A DSA key factory.
-
- This class is only internally used to implement the methods of the
- `Crypto.PublicKey.DSA` module.
- """
-
- def __init__(self, **kwargs):
- """Create a new DSA key factory.
-
- :Keywords:
- use_fast_math : bool
- Specify which mathematic library to use:
-
- - *None* (default). Use fastest math available.
- - *True* . Use fast math.
- - *False* . Use slow math.
- default_randfunc : callable
- Specify how to collect random data:
-
- - *None* (default). Use Random.new().read().
- - not *None* . Use the specified function directly.
- :Raise RuntimeError:
- When **use_fast_math** =True but fast math is not available.
- """
- use_fast_math = kwargs.get('use_fast_math', None)
- if use_fast_math is None: # Automatic
- if _fastmath is not None:
- self._math = _fastmath
- else:
- self._math = _slowmath
-
- elif use_fast_math: # Explicitly select fast math
- if _fastmath is not None:
- self._math = _fastmath
- else:
- raise RuntimeError("fast math module not available")
-
- else: # Explicitly select slow math
- self._math = _slowmath
-
- self.error = self._math.error
-
- # 'default_randfunc' parameter:
- # None (default) - use Random.new().read
- # not None - use the specified function
- self._default_randfunc = kwargs.get('default_randfunc', None)
- self._current_randfunc = None
-
- def _get_randfunc(self, randfunc):
- if randfunc is not None:
- return randfunc
- elif self._current_randfunc is None:
- self._current_randfunc = Random.new().read
- return self._current_randfunc
-
- def generate(self, bits, randfunc=None, progress_func=None):
- """Randomly generate a fresh, new DSA key.
-
- :Parameters:
- bits : int
- Key length, or size (in bits) of the DSA modulus
- *p*.
- It must be a multiple of 64, in the closed
- interval [512,1024].
- randfunc : callable
- Random number generation function; it should accept
- a single integer N and return a string of random data
- N bytes long.
- If not specified, a new one will be instantiated
- from ``Crypto.Random``.
- progress_func : callable
- Optional function that will be called with a short string
- containing the key parameter currently being generated;
- it's useful for interactive applications where a user is
- waiting for a key to be generated.
-
- :attention: You should always use a cryptographically secure random number generator,
- such as the one defined in the ``Crypto.Random`` module; **don't** just use the
- current time and the ``random`` module.
-
- :Return: A DSA key object (`_DSAobj`).
-
- :Raise ValueError:
- When **bits** is too little, too big, or not a multiple of 64.
- """
-
- # Check against FIPS 186-2, which says that the size of the prime p
- # must be a multiple of 64 bits between 512 and 1024
- for i in (0, 1, 2, 3, 4, 5, 6, 7, 8):
- if bits == 512 + 64*i:
- return self._generate(bits, randfunc, progress_func)
-
- # The March 2006 draft of FIPS 186-3 also allows 2048 and 3072-bit
- # primes, but only with longer q values. Since the current DSA
- # implementation only supports a 160-bit q, we don't support larger
- # values.
- raise ValueError("Number of bits in p must be a multiple of 64 between 512 and 1024, not %d bits" % (bits,))
-
- def _generate(self, bits, randfunc=None, progress_func=None):
- rf = self._get_randfunc(randfunc)
- obj = _DSA.generate_py(bits, rf, progress_func) # TODO: Don't use legacy _DSA module
- key = self._math.dsa_construct(obj.y, obj.g, obj.p, obj.q, obj.x)
- return _DSAobj(self, key)
-
- def construct(self, tup):
- """Construct a DSA key from a tuple of valid DSA components.
-
- The modulus *p* must be a prime.
-
- The following equations must apply:
-
- - p-1 = 0 mod q
- - g^x = y mod p
- - 0 < x < q
- - 1 < g < p
-
- :Parameters:
- tup : tuple
- A tuple of long integers, with 4 or 5 items
- in the following order:
-
- 1. Public key (*y*).
- 2. Sub-group generator (*g*).
- 3. Modulus, finite field order (*p*).
- 4. Sub-group order (*q*).
- 5. Private key (*x*). Optional.
-
- :Return: A DSA key object (`_DSAobj`).
- """
- key = self._math.dsa_construct(*tup)
- return _DSAobj(self, key)
-
-_impl = DSAImplementation()
-generate = _impl.generate
-construct = _impl.construct
-error = _impl.error
-
-# vim:set ts=4 sw=4 sts=4 expandtab:
-
diff --git a/frozen_deps/Crypto/PublicKey/ElGamal.py b/frozen_deps/Crypto/PublicKey/ElGamal.py
deleted file mode 100644
index 99af71c..0000000
--- a/frozen_deps/Crypto/PublicKey/ElGamal.py
+++ /dev/null
@@ -1,373 +0,0 @@
-#
-# ElGamal.py : ElGamal encryption/decryption and signatures
-#
-# Part of the Python Cryptography Toolkit
-#
-# Originally written by: A.M. Kuchling
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain. To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-
-"""ElGamal public-key algorithm (randomized encryption and signature).
-
-Signature algorithm
--------------------
-The security of the ElGamal signature scheme is based (like DSA) on the discrete
-logarithm problem (DLP_). Given a cyclic group, a generator *g*,
-and an element *h*, it is hard to find an integer *x* such that *g^x = h*.
-
-The group is the largest multiplicative sub-group of the integers modulo *p*,
-with *p* prime.
-The signer holds a value *x* (*0<x<p-1*) as private key, and its public
-key (*y* where *y=g^x mod p*) is distributed.
-
-The ElGamal signature is twice as big as *p*.
-
-Encryption algorithm
---------------------
-The security of the ElGamal encryption scheme is based on the computational
-Diffie-Hellman problem (CDH_). Given a cyclic group, a generator *g*,
-and two integers *a* and *b*, it is difficult to find
-the element *g^{ab}* when only *g^a* and *g^b* are known, and not *a* and *b*.
-
-As before, the group is the largest multiplicative sub-group of the integers
-modulo *p*, with *p* prime.
-The receiver holds a value *a* (*0<a<p-1*) as private key, and its public key
-(*b* where *b*=g^a*) is given to the sender.
-
-The ElGamal ciphertext is twice as big as *p*.
-
-Domain parameters
------------------
-For both signature and encryption schemes, the values *(p,g)* are called
-*domain parameters*.
-They are not sensitive but must be distributed to all parties (senders and
-receivers).
-Different signers can share the same domain parameters, as can
-different recipients of encrypted messages.
-
-Security
---------
-Both DLP and CDH problem are believed to be difficult, and they have been proved
-such (and therefore secure) for more than 30 years.
-
-The cryptographic strength is linked to the magnitude of *p*.
-In 2012, a sufficient size for *p* is deemed to be 2048 bits.
-For more information, see the most recent ECRYPT_ report.
-
-Even though ElGamal algorithms are in theory reasonably secure for new designs,
-in practice there are no real good reasons for using them.
-The signature is four times larger than the equivalent DSA, and the ciphertext
-is two times larger than the equivalent RSA.
-
-Functionality
--------------
-This module provides facilities for generating new ElGamal keys and for constructing
-them from known components. ElGamal keys allows you to perform basic signing,
-verification, encryption, and decryption.
-
- >>> from Crypto import Random
- >>> from Crypto.Random import random
- >>> from Crypto.PublicKey import ElGamal
- >>> from Crypto.Util.number import GCD
- >>> from Crypto.Hash import SHA
- >>>
- >>> message = "Hello"
- >>> key = ElGamal.generate(1024, Random.new().read)
- >>> h = SHA.new(message).digest()
- >>> while 1:
- >>> k = random.StrongRandom().randint(1,key.p-1)
- >>> if GCD(k,key.p-1)==1: break
- >>> sig = key.sign(h,k)
- >>> ...
- >>> if key.verify(h,sig):
- >>> print "OK"
- >>> else:
- >>> print "Incorrect signature"
-
-.. _DLP: http://www.cosic.esat.kuleuven.be/publications/talk-78.pdf
-.. _CDH: http://en.wikipedia.org/wiki/Computational_Diffie%E2%80%93Hellman_assumption
-.. _ECRYPT: http://www.ecrypt.eu.org/documents/D.SPA.17.pdf
-"""
-
-__revision__ = "$Id$"
-
-__all__ = ['generate', 'construct', 'error', 'ElGamalobj']
-
-from Crypto.PublicKey.pubkey import *
-from Crypto.Util import number
-
-class error (Exception):
- pass
-
-# Generate an ElGamal key with N bits
-def generate(bits, randfunc, progress_func=None):
- """Randomly generate a fresh, new ElGamal key.
-
- The key will be safe for use for both encryption and signature
- (although it should be used for **only one** purpose).
-
- :Parameters:
- bits : int
- Key length, or size (in bits) of the modulus *p*.
- Recommended value is 2048.
- randfunc : callable
- Random number generation function; it should accept
- a single integer N and return a string of random data
- N bytes long.
- progress_func : callable
- Optional function that will be called with a short string
- containing the key parameter currently being generated;
- it's useful for interactive applications where a user is
- waiting for a key to be generated.
-
- :attention: You should always use a cryptographically secure random number generator,
- such as the one defined in the ``Crypto.Random`` module; **don't** just use the
- current time and the ``random`` module.
-
- :Return: An ElGamal key object (`ElGamalobj`).
- """
- obj=ElGamalobj()
- # Generate a safe prime p
- # See Algorithm 4.86 in Handbook of Applied Cryptography
- if progress_func:
- progress_func('p\n')
- while 1:
- q = bignum(getPrime(bits-1, randfunc))
- obj.p = 2*q+1
- if number.isPrime(obj.p, randfunc=randfunc):
- break
- # Generate generator g
- # See Algorithm 4.80 in Handbook of Applied Cryptography
- # Note that the order of the group is n=p-1=2q, where q is prime
- if progress_func:
- progress_func('g\n')
- while 1:
- # We must avoid g=2 because of Bleichenbacher's attack described
- # in "Generating ElGamal signatures without knowning the secret key",
- # 1996
- #
- obj.g = number.getRandomRange(3, obj.p, randfunc)
- safe = 1
- if pow(obj.g, 2, obj.p)==1:
- safe=0
- if safe and pow(obj.g, q, obj.p)==1:
- safe=0
- # Discard g if it divides p-1 because of the attack described
- # in Note 11.67 (iii) in HAC
- if safe and divmod(obj.p-1, obj.g)[1]==0:
- safe=0
- # g^{-1} must not divide p-1 because of Khadir's attack
- # described in "Conditions of the generator for forging ElGamal
- # signature", 2011
- ginv = number.inverse(obj.g, obj.p)
- if safe and divmod(obj.p-1, ginv)[1]==0:
- safe=0
- if safe:
- break
- # Generate private key x
- if progress_func:
- progress_func('x\n')
- obj.x=number.getRandomRange(2, obj.p-1, randfunc)
- # Generate public key y
- if progress_func:
- progress_func('y\n')
- obj.y = pow(obj.g, obj.x, obj.p)
- return obj
-
-def construct(tup):
- """Construct an ElGamal key from a tuple of valid ElGamal components.
-
- The modulus *p* must be a prime.
-
- The following conditions must apply:
-
- - 1 < g < p-1
- - g^{p-1} = 1 mod p
- - 1 < x < p-1
- - g^x = y mod p
-
- :Parameters:
- tup : tuple
- A tuple of long integers, with 3 or 4 items
- in the following order:
-
- 1. Modulus (*p*).
- 2. Generator (*g*).
- 3. Public key (*y*).
- 4. Private key (*x*). Optional.
-
- :Return: An ElGamal key object (`ElGamalobj`).
- """
-
- obj=ElGamalobj()
- if len(tup) not in [3,4]:
- raise ValueError('argument for construct() wrong length')
- for i in range(len(tup)):
- field = obj.keydata[i]
- setattr(obj, field, tup[i])
- return obj
-
-class ElGamalobj(pubkey):
- """Class defining an ElGamal key.
-
- :undocumented: __getstate__, __setstate__, __repr__, __getattr__
- """
-
- #: Dictionary of ElGamal parameters.
- #:
- #: A public key will only have the following entries:
- #:
- #: - **y**, the public key.
- #: - **g**, the generator.
- #: - **p**, the modulus.
- #:
- #: A private key will also have:
- #:
- #: - **x**, the private key.
- keydata=['p', 'g', 'y', 'x']
-
- def encrypt(self, plaintext, K):
- """Encrypt a piece of data with ElGamal.
-
- :Parameter plaintext: The piece of data to encrypt with ElGamal.
- It must be numerically smaller than the module (*p*).
- :Type plaintext: byte string or long
-
- :Parameter K: A secret number, chosen randomly in the closed
- range *[1,p-2]*.
- :Type K: long (recommended) or byte string (not recommended)
-
- :Return: A tuple with two items. Each item is of the same type as the
- plaintext (string or long).
-
- :attention: selection of *K* is crucial for security. Generating a
- random number larger than *p-1* and taking the modulus by *p-1* is
- **not** secure, since smaller values will occur more frequently.
- Generating a random number systematically smaller than *p-1*
- (e.g. *floor((p-1)/8)* random bytes) is also **not** secure.
- In general, it shall not be possible for an attacker to know
- the value of any bit of K.
-
- :attention: The number *K* shall not be reused for any other
- operation and shall be discarded immediately.
- """
- return pubkey.encrypt(self, plaintext, K)
-
- def decrypt(self, ciphertext):
- """Decrypt a piece of data with ElGamal.
-
- :Parameter ciphertext: The piece of data to decrypt with ElGamal.
- :Type ciphertext: byte string, long or a 2-item tuple as returned
- by `encrypt`
-
- :Return: A byte string if ciphertext was a byte string or a tuple
- of byte strings. A long otherwise.
- """
- return pubkey.decrypt(self, ciphertext)
-
- def sign(self, M, K):
- """Sign a piece of data with ElGamal.
-
- :Parameter M: The piece of data to sign with ElGamal. It may
- not be longer in bit size than *p-1*.
- :Type M: byte string or long
-
- :Parameter K: A secret number, chosen randomly in the closed
- range *[1,p-2]* and such that *gcd(k,p-1)=1*.
- :Type K: long (recommended) or byte string (not recommended)
-
- :attention: selection of *K* is crucial for security. Generating a
- random number larger than *p-1* and taking the modulus by *p-1* is
- **not** secure, since smaller values will occur more frequently.
- Generating a random number systematically smaller than *p-1*
- (e.g. *floor((p-1)/8)* random bytes) is also **not** secure.
- In general, it shall not be possible for an attacker to know
- the value of any bit of K.
-
- :attention: The number *K* shall not be reused for any other
- operation and shall be discarded immediately.
-
- :attention: M must be be a cryptographic hash, otherwise an
- attacker may mount an existential forgery attack.
-
- :Return: A tuple with 2 longs.
- """
- return pubkey.sign(self, M, K)
-
- def verify(self, M, signature):
- """Verify the validity of an ElGamal signature.
-
- :Parameter M: The expected message.
- :Type M: byte string or long
-
- :Parameter signature: The ElGamal signature to verify.
- :Type signature: A tuple with 2 longs as return by `sign`
-
- :Return: True if the signature is correct, False otherwise.
- """
- return pubkey.verify(self, M, signature)
-
- def _encrypt(self, M, K):
- a=pow(self.g, K, self.p)
- b=( M*pow(self.y, K, self.p) ) % self.p
- return ( a,b )
-
- def _decrypt(self, M):
- if (not hasattr(self, 'x')):
- raise TypeError('Private key not available in this object')
- ax=pow(M[0], self.x, self.p)
- plaintext=(M[1] * inverse(ax, self.p ) ) % self.p
- return plaintext
-
- def _sign(self, M, K):
- if (not hasattr(self, 'x')):
- raise TypeError('Private key not available in this object')
- p1=self.p-1
- if (GCD(K, p1)!=1):
- raise ValueError('Bad K value: GCD(K,p-1)!=1')
- a=pow(self.g, K, self.p)
- t=(M-self.x*a) % p1
- while t<0: t=t+p1
- b=(t*inverse(K, p1)) % p1
- return (a, b)
-
- def _verify(self, M, sig):
- if sig[0]<1 or sig[0]>self.p-1:
- return 0
- v1=pow(self.y, sig[0], self.p)
- v1=(v1*pow(sig[0], sig[1], self.p)) % self.p
- v2=pow(self.g, M, self.p)
- if v1==v2:
- return 1
- return 0
-
- def size(self):
- return number.size(self.p) - 1
-
- def has_private(self):
- if hasattr(self, 'x'):
- return 1
- else:
- return 0
-
- def publickey(self):
- return construct((self.p, self.g, self.y))
-
-
-object=ElGamalobj
diff --git a/frozen_deps/Crypto/PublicKey/RSA.py b/frozen_deps/Crypto/PublicKey/RSA.py
deleted file mode 100644
index debe39e..0000000
--- a/frozen_deps/Crypto/PublicKey/RSA.py
+++ /dev/null
@@ -1,719 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-# PublicKey/RSA.py : RSA public key primitive
-#
-# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain. To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-
-"""RSA public-key cryptography algorithm (signature and encryption).
-
-RSA_ is the most widespread and used public key algorithm. Its security is
-based on the difficulty of factoring large integers. The algorithm has
-withstood attacks for 30 years, and it is therefore considered reasonably
-secure for new designs.
-
-The algorithm can be used for both confidentiality (encryption) and
-authentication (digital signature). It is worth noting that signing and
-decryption are significantly slower than verification and encryption.
-The cryptograhic strength is primarily linked to the length of the modulus *n*.
-In 2012, a sufficient length is deemed to be 2048 bits. For more information,
-see the most recent ECRYPT_ report.
-
-Both RSA ciphertext and RSA signature are as big as the modulus *n* (256
-bytes if *n* is 2048 bit long).
-
-This module provides facilities for generating fresh, new RSA keys, constructing
-them from known components, exporting them, and importing them.
-
- >>> from Crypto.PublicKey import RSA
- >>>
- >>> key = RSA.generate(2048)
- >>> f = open('mykey.pem','w')
- >>> f.write(RSA.exportKey('PEM'))
- >>> f.close()
- ...
- >>> f = open('mykey.pem','r')
- >>> key = RSA.importKey(f.read())
-
-Even though you may choose to directly use the methods of an RSA key object
-to perform the primitive cryptographic operations (e.g. `_RSAobj.encrypt`),
-it is recommended to use one of the standardized schemes instead (like
-`Crypto.Cipher.PKCS1_v1_5` or `Crypto.Signature.PKCS1_v1_5`).
-
-.. _RSA: http://en.wikipedia.org/wiki/RSA_%28algorithm%29
-.. _ECRYPT: http://www.ecrypt.eu.org/documents/D.SPA.17.pdf
-
-:sort: generate,construct,importKey,error
-"""
-
-__revision__ = "$Id$"
-
-__all__ = ['generate', 'construct', 'error', 'importKey', 'RSAImplementation', '_RSAobj']
-
-import sys
-if sys.version_info[0] == 2 and sys.version_info[1] == 1:
- from Crypto.Util.py21compat import *
-from Crypto.Util.py3compat import *
-#from Crypto.Util.python_compat import *
-from Crypto.Util.number import getRandomRange, bytes_to_long, long_to_bytes
-
-from Crypto.PublicKey import _RSA, _slowmath, pubkey
-from Crypto import Random
-
-from Crypto.Util.asn1 import DerObject, DerSequence, DerNull
-import binascii
-import struct
-
-from Crypto.Util.number import inverse
-
-from Crypto.Util.number import inverse
-
-try:
- from Crypto.PublicKey import _fastmath
-except ImportError:
- _fastmath = None
-
-class _RSAobj(pubkey.pubkey):
- """Class defining an actual RSA key.
-
- :undocumented: __getstate__, __setstate__, __repr__, __getattr__
- """
- #: Dictionary of RSA parameters.
- #:
- #: A public key will only have the following entries:
- #:
- #: - **n**, the modulus.
- #: - **e**, the public exponent.
- #:
- #: A private key will also have:
- #:
- #: - **d**, the private exponent.
- #: - **p**, the first factor of n.
- #: - **q**, the second factor of n.
- #: - **u**, the CRT coefficient (1/p) mod q.
- keydata = ['n', 'e', 'd', 'p', 'q', 'u']
-
- def __init__(self, implementation, key, randfunc=None):
- self.implementation = implementation
- self.key = key
- if randfunc is None:
- randfunc = Random.new().read
- self._randfunc = randfunc
-
- def __getattr__(self, attrname):
- if attrname in self.keydata:
- # For backward compatibility, allow the user to get (not set) the
- # RSA key parameters directly from this object.
- return getattr(self.key, attrname)
- else:
- raise AttributeError("%s object has no %r attribute" % (self.__class__.__name__, attrname,))
-
- def encrypt(self, plaintext, K):
- """Encrypt a piece of data with RSA.
-
- :Parameter plaintext: The piece of data to encrypt with RSA. It may not
- be numerically larger than the RSA module (**n**).
- :Type plaintext: byte string or long
-
- :Parameter K: A random parameter (*for compatibility only. This
- value will be ignored*)
- :Type K: byte string or long
-
- :attention: this function performs the plain, primitive RSA encryption
- (*textbook*). In real applications, you always need to use proper
- cryptographic padding, and you should not directly encrypt data with
- this method. Failure to do so may lead to security vulnerabilities.
- It is recommended to use modules
- `Crypto.Cipher.PKCS1_OAEP` or `Crypto.Cipher.PKCS1_v1_5` instead.
-
- :Return: A tuple with two items. The first item is the ciphertext
- of the same type as the plaintext (string or long). The second item
- is always None.
- """
- return pubkey.pubkey.encrypt(self,