aboutsummaryrefslogtreecommitdiff
path: root/frozen_deps/Cryptodome/Cipher
diff options
context:
space:
mode:
Diffstat (limited to 'frozen_deps/Cryptodome/Cipher')
-rw-r--r--frozen_deps/Cryptodome/Cipher/AES.py178
-rw-r--r--frozen_deps/Cryptodome/Cipher/AES.pyi155
-rw-r--r--frozen_deps/Cryptodome/Cipher/ARC2.pyi12
-rw-r--r--frozen_deps/Cryptodome/Cipher/ARC4.py7
-rw-r--r--frozen_deps/Cryptodome/Cipher/ARC4.pyi2
-rw-r--r--frozen_deps/Cryptodome/Cipher/Blowfish.pyi12
-rw-r--r--frozen_deps/Cryptodome/Cipher/CAST.pyi12
-rw-r--r--frozen_deps/Cryptodome/Cipher/ChaCha20.py17
-rw-r--r--frozen_deps/Cryptodome/Cipher/ChaCha20.pyi6
-rw-r--r--frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.py32
-rw-r--r--frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.pyi6
-rw-r--r--frozen_deps/Cryptodome/Cipher/DES.pyi12
-rw-r--r--frozen_deps/Cryptodome/Cipher/DES3.pyi12
-rw-r--r--frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py44
-rw-r--r--frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.py122
-rw-r--r--frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.pyi7
-rw-r--r--frozen_deps/Cryptodome/Cipher/Salsa20.pyi5
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_ARC4.abi3.sobin0 -> 21016 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_ARC4.cpython-38-x86_64-linux-gnu.sobin14354 -> 0 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_Salsa20.abi3.sobin0 -> 27016 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_Salsa20.cpython-38-x86_64-linux-gnu.sobin21734 -> 0 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_chacha20.abi3.sobin0 -> 30624 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_chacha20.cpython-38-x86_64-linux-gnu.sobin25741 -> 0 bytes
-rw-r--r--frozen_deps/Cryptodome/Cipher/_mode_cbc.py22
-rw-r--r--frozen_deps/Cryptodome/Cipher/_mode_ccm.py30
-rw-r--r--frozen_deps/Cryptodome/Cipher/_mode_cfb.py22
-rw-r--r--frozen_deps/Cryptodome/Cipher/_mode_ctr.py36
-rw-r--r--frozen_deps/Cryptodome/Cipher/_mode_eax.py30
-rw-r--r--frozen_deps/Cryptodome/Cipher/_mode_ecb.py2
-rw-r--r--frozen_deps/Cryptodome/Cipher/_mode_gcm.py32
-rw-r--r--frozen_deps/Cryptodome/Cipher/_mode_ocb.py45
-rw-r--r--frozen_deps/Cryptodome/Cipher/_mode_ofb.py20
-rw-r--r--frozen_deps/Cryptodome/Cipher/_mode_siv.py32
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_pkcs1_decode.abi3.sobin0 -> 56536 bytes
-rw-r--r--frozen_deps/Cryptodome/Cipher/_pkcs1_oaep_decode.py41
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_aes.abi3.sobin0 -> 106808 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_aes.cpython-38-x86_64-linux-gnu.sobin54112 -> 0 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_aesni.abi3.sobin0 -> 106384 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_aesni.cpython-38-x86_64-linux-gnu.sobin52331 -> 0 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_arc2.abi3.sobin0 -> 46464 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_arc2.cpython-38-x86_64-linux-gnu.sobin18917 -> 0 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_blowfish.abi3.sobin0 -> 78640 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_blowfish.cpython-38-x86_64-linux-gnu.sobin26938 -> 0 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_cast.abi3.sobin0 -> 57408 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_cast.cpython-38-x86_64-linux-gnu.sobin44422 -> 0 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_cbc.abi3.sobin0 -> 23000 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_cbc.cpython-38-x86_64-linux-gnu.sobin17215 -> 0 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_cfb.abi3.sobin0 -> 26864 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_cfb.cpython-38-x86_64-linux-gnu.sobin22696 -> 0 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_ctr.abi3.sobin0 -> 31336 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_ctr.cpython-38-x86_64-linux-gnu.sobin23249 -> 0 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_des.abi3.sobin0 -> 71560 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_des.cpython-38-x86_64-linux-gnu.sobin62525 -> 0 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_des3.abi3.sobin0 -> 72520 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_des3.cpython-38-x86_64-linux-gnu.sobin63370 -> 0 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_ecb.abi3.sobin0 -> 19016 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_ecb.cpython-38-x86_64-linux-gnu.sobin10893 -> 0 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_eksblowfish.abi3.sobin0 -> 181192 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_eksblowfish.cpython-38-x86_64-linux-gnu.sobin58926 -> 0 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_ocb.abi3.sobin0 -> 45856 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_ocb.cpython-38-x86_64-linux-gnu.sobin30281 -> 0 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_ofb.abi3.sobin0 -> 22128 bytes
-rwxr-xr-xfrozen_deps/Cryptodome/Cipher/_raw_ofb.cpython-38-x86_64-linux-gnu.sobin14743 -> 0 bytes
63 files changed, 540 insertions, 413 deletions
diff --git a/frozen_deps/Cryptodome/Cipher/AES.py b/frozen_deps/Cryptodome/Cipher/AES.py
index dd2671a..402a3d7 100644
--- a/frozen_deps/Cryptodome/Cipher/AES.py
+++ b/frozen_deps/Cryptodome/Cipher/AES.py
@@ -19,21 +19,6 @@
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
# ===================================================================
-"""
-Module's constants for the modes of operation supported with AES:
-
-:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>`
-:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>`
-:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>`
-:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>`
-:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>`
-:var MODE_OPENPGP: :ref:`OpenPGP Mode <openpgp_mode>`
-:var MODE_CCM: :ref:`Counter with CBC-MAC (CCM) Mode <ccm_mode>`
-:var MODE_EAX: :ref:`EAX Mode <eax_mode>`
-:var MODE_GCM: :ref:`Galois Counter Mode (GCM) <gcm_mode>`
-:var MODE_SIV: :ref:`Syntethic Initialization Vector (SIV) <siv_mode>`
-:var MODE_OCB: :ref:`Offset Code Book (OCB) <ocb_mode>`
-"""
import sys
@@ -45,6 +30,18 @@ from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib,
from Cryptodome.Util import _cpu_features
from Cryptodome.Random import get_random_bytes
+MODE_ECB = 1 #: Electronic Code Book (:ref:`ecb_mode`)
+MODE_CBC = 2 #: Cipher-Block Chaining (:ref:`cbc_mode`)
+MODE_CFB = 3 #: Cipher Feedback (:ref:`cfb_mode`)
+MODE_OFB = 5 #: Output Feedback (:ref:`ofb_mode`)
+MODE_CTR = 6 #: Counter mode (:ref:`ctr_mode`)
+MODE_OPENPGP = 7 #: OpenPGP mode (:ref:`openpgp_mode`)
+MODE_CCM = 8 #: Counter with CBC-MAC (:ref:`ccm_mode`)
+MODE_EAX = 9 #: :ref:`eax_mode`
+MODE_SIV = 10 #: Synthetic Initialization Vector (:ref:`siv_mode`)
+MODE_GCM = 11 #: Galois Counter Mode (:ref:`gcm_mode`)
+MODE_OCB = 12 #: Offset Code Book (:ref:`ocb_mode`)
+
_cproto = """
int AES_start_operation(const uint8_t key[],
@@ -111,7 +108,7 @@ def _create_base_cipher(dict_parameters):
def _derive_Poly1305_key_pair(key, nonce):
"""Derive a tuple (r, s, nonce) for a Poly1305 MAC.
-
+
If nonce is ``None``, a new 16-byte nonce is generated.
"""
@@ -130,120 +127,107 @@ def _derive_Poly1305_key_pair(key, nonce):
def new(key, mode, *args, **kwargs):
"""Create a new AES cipher.
- :param key:
+ Args:
+ key(bytes/bytearray/memoryview):
The secret key to use in the symmetric cipher.
- It must be 16, 24 or 32 bytes long (respectively for *AES-128*,
- *AES-192* or *AES-256*).
+ It must be 16 (*AES-128)*, 24 (*AES-192*) or 32 (*AES-256*) bytes long.
For ``MODE_SIV`` only, it doubles to 32, 48, or 64 bytes.
- :type key: bytes/bytearray/memoryview
-
- :param mode:
+ mode (a ``MODE_*`` constant):
The chaining mode to use for encryption or decryption.
If in doubt, use ``MODE_EAX``.
- :type mode: One of the supported ``MODE_*`` constants
- :Keyword Arguments:
- * **iv** (*bytes*, *bytearray*, *memoryview*) --
- (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``,
- and ``MODE_OPENPGP`` modes).
+ Keyword Args:
+ iv (bytes/bytearray/memoryview):
+ (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``,
+ and ``MODE_OPENPGP`` modes).
- The initialization vector to use for encryption or decryption.
+ The initialization vector to use for encryption or decryption.
- For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 16 bytes long.
+ For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 16 bytes long.
- For ``MODE_OPENPGP`` mode only,
- it must be 16 bytes long for encryption
- and 18 bytes for decryption (in the latter case, it is
- actually the *encrypted* IV which was prefixed to the ciphertext).
+ For ``MODE_OPENPGP`` mode only,
+ it must be 16 bytes long for encryption
+ and 18 bytes for decryption (in the latter case, it is
+ actually the *encrypted* IV which was prefixed to the ciphertext).
- If not provided, a random byte string is generated (you must then
- read its value with the :attr:`iv` attribute).
+ If not provided, a random byte string is generated (you must then
+ read its value with the :attr:`iv` attribute).
- * **nonce** (*bytes*, *bytearray*, *memoryview*) --
- (Only applicable for ``MODE_CCM``, ``MODE_EAX``, ``MODE_GCM``,
- ``MODE_SIV``, ``MODE_OCB``, and ``MODE_CTR``).
+ nonce (bytes/bytearray/memoryview):
+ (Only applicable for ``MODE_CCM``, ``MODE_EAX``, ``MODE_GCM``,
+ ``MODE_SIV``, ``MODE_OCB``, and ``MODE_CTR``).
- A value that must never be reused for any other encryption done
- with this key (except possibly for ``MODE_SIV``, see below).
+ A value that must never be reused for any other encryption done
+ with this key (except possibly for ``MODE_SIV``, see below).
- For ``MODE_EAX``, ``MODE_GCM`` and ``MODE_SIV`` there are no
- restrictions on its length (recommended: **16** bytes).
+ For ``MODE_EAX``, ``MODE_GCM`` and ``MODE_SIV`` there are no
+ restrictions on its length (recommended: **16** bytes).
- For ``MODE_CCM``, its length must be in the range **[7..13]**.
- Bear in mind that with CCM there is a trade-off between nonce
- length and maximum message size. Recommendation: **11** bytes.
+ For ``MODE_CCM``, its length must be in the range **[7..13]**.
+ Bear in mind that with CCM there is a trade-off between nonce
+ length and maximum message size. Recommendation: **11** bytes.
- For ``MODE_OCB``, its length must be in the range **[1..15]**
- (recommended: **15**).
+ For ``MODE_OCB``, its length must be in the range **[1..15]**
+ (recommended: **15**).
- For ``MODE_CTR``, its length must be in the range **[0..15]**
- (recommended: **8**).
-
- For ``MODE_SIV``, the nonce is optional, if it is not specified,
- then no nonce is being used, which renders the encryption
- deterministic.
+ For ``MODE_CTR``, its length must be in the range **[0..15]**
+ (recommended: **8**).
- If not provided, for modes other than ``MODE_SIV```, a random
- byte string of the recommended length is used (you must then
- read its value with the :attr:`nonce` attribute).
+ For ``MODE_SIV``, the nonce is optional, if it is not specified,
+ then no nonce is being used, which renders the encryption
+ deterministic.
- * **segment_size** (*integer*) --
- (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext
- are segmented in. It must be a multiple of 8.
- If not specified, it will be assumed to be 8.
+ If not provided, for modes other than ``MODE_SIV``, a random
+ byte string of the recommended length is used (you must then
+ read its value with the :attr:`nonce` attribute).
- * **mac_len** : (*integer*) --
- (Only ``MODE_EAX``, ``MODE_GCM``, ``MODE_OCB``, ``MODE_CCM``)
- Length of the authentication tag, in bytes.
+ segment_size (integer):
+ (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext
+ are segmented in. It must be a multiple of 8.
+ If not specified, it will be assumed to be 8.
- It must be even and in the range **[4..16]**.
- The recommended value (and the default, if not specified) is **16**.
+ mac_len (integer):
+ (Only ``MODE_EAX``, ``MODE_GCM``, ``MODE_OCB``, ``MODE_CCM``)
+ Length of the authentication tag, in bytes.
- * **msg_len** : (*integer*) --
- (Only ``MODE_CCM``). Length of the message to (de)cipher.
- If not specified, ``encrypt`` must be called with the entire message.
- Similarly, ``decrypt`` can only be called once.
+ It must be even and in the range **[4..16]**.
+ The recommended value (and the default, if not specified) is **16**.
- * **assoc_len** : (*integer*) --
- (Only ``MODE_CCM``). Length of the associated data.
- If not specified, all associated data is buffered internally,
- which may represent a problem for very large messages.
+ msg_len (integer):
+ (Only ``MODE_CCM``). Length of the message to (de)cipher.
+ If not specified, ``encrypt`` must be called with the entire message.
+ Similarly, ``decrypt`` can only be called once.
- * **initial_value** : (*integer* or *bytes/bytearray/memoryview*) --
- (Only ``MODE_CTR``).
- The initial value for the counter. If not present, the cipher will
- start counting from 0. The value is incremented by one for each block.
- The counter number is encoded in big endian mode.
+ assoc_len (integer):
+ (Only ``MODE_CCM``). Length of the associated data.
+ If not specified, all associated data is buffered internally,
+ which may represent a problem for very large messages.
- * **counter** : (*object*) --
- Instance of ``Cryptodome.Util.Counter``, which allows full customization
- of the counter block. This parameter is incompatible to both ``nonce``
- and ``initial_value``.
+ initial_value (integer or bytes/bytearray/memoryview):
+ (Only ``MODE_CTR``).
+ The initial value for the counter. If not present, the cipher will
+ start counting from 0. The value is incremented by one for each block.
+ The counter number is encoded in big endian mode.
- * **use_aesni** : (*boolean*) --
- Use Intel AES-NI hardware extensions (default: use if available).
+ counter (object):
+ (Only ``MODE_CTR``).
+ Instance of ``Cryptodome.Util.Counter``, which allows full customization
+ of the counter block. This parameter is incompatible to both ``nonce``
+ and ``initial_value``.
- :Return: an AES object, of the applicable mode.
+ use_aesni: (boolean):
+ Use Intel AES-NI hardware extensions (default: use if available).
+
+ Returns:
+ an AES object, of the applicable mode.
"""
kwargs["add_aes_modes"] = True
return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs)
-MODE_ECB = 1
-MODE_CBC = 2
-MODE_CFB = 3
-MODE_OFB = 5
-MODE_CTR = 6
-MODE_OPENPGP = 7
-MODE_CCM = 8
-MODE_EAX = 9
-MODE_SIV = 10
-MODE_GCM = 11
-MODE_OCB = 12
-
# Size of a data block (in bytes)
block_size = 16
# Size of a key (in bytes)
diff --git a/frozen_deps/Cryptodome/Cipher/AES.pyi b/frozen_deps/Cryptodome/Cipher/AES.pyi
index c150efb..3f07b65 100644
--- a/frozen_deps/Cryptodome/Cipher/AES.pyi
+++ b/frozen_deps/Cryptodome/Cipher/AES.pyi
@@ -1,4 +1,7 @@
-from typing import Union, Tuple, Optional, Dict
+from typing import Dict, Optional, Tuple, Union, overload
+from typing_extensions import Literal
+
+Buffer=bytes|bytearray|memoryview
from Cryptodome.Cipher._mode_ecb import EcbMode
from Cryptodome.Cipher._mode_cbc import CbcMode
@@ -12,36 +15,142 @@ from Cryptodome.Cipher._mode_gcm import GcmMode
from Cryptodome.Cipher._mode_siv import SivMode
from Cryptodome.Cipher._mode_ocb import OcbMode
-AESMode = int
+MODE_ECB: Literal[1]
+MODE_CBC: Literal[2]
+MODE_CFB: Literal[3]
+MODE_OFB: Literal[5]
+MODE_CTR: Literal[6]
+MODE_OPENPGP: Literal[7]
+MODE_CCM: Literal[8]
+MODE_EAX: Literal[9]
+MODE_SIV: Literal[10]
+MODE_GCM: Literal[11]
+MODE_OCB: Literal[12]
-MODE_ECB: AESMode
-MODE_CBC: AESMode
-MODE_CFB: AESMode
-MODE_OFB: AESMode
-MODE_CTR: AESMode
-MODE_OPENPGP: AESMode
-MODE_CCM: AESMode
-MODE_EAX: AESMode
-MODE_GCM: AESMode
-MODE_SIV: AESMode
-MODE_OCB: AESMode
+# MODE_ECB
+@overload
+def new(key: Buffer,
+ mode: Literal[1],
+ use_aesni : bool = ...) -> \
+ EcbMode: ...
-Buffer = Union[bytes, bytearray, memoryview]
+# MODE_CBC
+@overload
+def new(key: Buffer,
+ mode: Literal[2],
+ iv : Optional[Buffer] = ...,
+ use_aesni : bool = ...) -> \
+ CbcMode: ...
+@overload
def new(key: Buffer,
- mode: AESMode,
- iv : Buffer = ...,
- IV : Buffer = ...,
- nonce : Buffer = ...,
+ mode: Literal[2],
+ IV : Optional[Buffer] = ...,
+ use_aesni : bool = ...) -> \
+ CbcMode: ...
+
+# MODE_CFB
+@overload
+def new(key: Buffer,
+ mode: Literal[3],
+ iv : Optional[Buffer] = ...,
segment_size : int = ...,
- mac_len : int = ...,
- assoc_len : int = ...,
+ use_aesni : bool = ...) -> \
+ CfbMode: ...
+
+@overload
+def new(key: Buffer,
+ mode: Literal[3],
+ IV : Optional[Buffer] = ...,
+ segment_size : int = ...,
+ use_aesni : bool = ...) -> \
+ CfbMode: ...
+
+# MODE_OFB
+@overload
+def new(key: Buffer,
+ mode: Literal[5],
+ iv : Optional[Buffer] = ...,
+ use_aesni : bool = ...) -> \
+ OfbMode: ...
+
+@overload
+def new(key: Buffer,
+ mode: Literal[5],
+ IV : Optional[Buffer] = ...,
+ use_aesni : bool = ...) -> \
+ OfbMode: ...
+
+# MODE_CTR
+@overload
+def new(key: Buffer,
+ mode: Literal[6],
+ nonce : Optional[Buffer] = ...,
initial_value : Union[int, Buffer] = ...,
counter : Dict = ...,
use_aesni : bool = ...) -> \
- Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode,
- OpenPgpMode, CcmMode, EaxMode, GcmMode,
- SivMode, OcbMode]: ...
+ CtrMode: ...
+
+# MODE_OPENPGP
+@overload
+def new(key: Buffer,
+ mode: Literal[7],
+ iv : Optional[Buffer] = ...,
+ use_aesni : bool = ...) -> \
+ OpenPgpMode: ...
+
+@overload
+def new(key: Buffer,
+ mode: Literal[7],
+ IV : Optional[Buffer] = ...,
+ use_aesni : bool = ...) -> \
+ OpenPgpMode: ...
+
+# MODE_CCM
+@overload
+def new(key: Buffer,
+ mode: Literal[8],
+ nonce : Optional[Buffer] = ...,
+ mac_len : int = ...,
+ assoc_len : int = ...,
+ use_aesni : bool = ...) -> \
+ CcmMode: ...
+
+# MODE_EAX
+@overload
+def new(key: Buffer,
+ mode: Literal[9],
+ nonce : Optional[Buffer] = ...,
+ mac_len : int = ...,
+ use_aesni : bool = ...) -> \
+ EaxMode: ...
+
+# MODE_GCM
+@overload
+def new(key: Buffer,
+ mode: Literal[10],
+ nonce : Optional[Buffer] = ...,
+ use_aesni : bool = ...) -> \
+ SivMode: ...
+
+# MODE_SIV
+@overload
+def new(key: Buffer,
+ mode: Literal[11],
+ nonce : Optional[Buffer] = ...,
+ mac_len : int = ...,
+ use_aesni : bool = ...) -> \
+ GcmMode: ...
+
+# MODE_OCB
+@overload
+def new(key: Buffer,
+ mode: Literal[12],
+ nonce : Optional[Buffer] = ...,
+ mac_len : int = ...,
+ use_aesni : bool = ...) -> \
+ OcbMode: ...
+
block_size: int
key_size: Tuple[int, int, int]
diff --git a/frozen_deps/Cryptodome/Cipher/ARC2.pyi b/frozen_deps/Cryptodome/Cipher/ARC2.pyi
index 9659c68..a122a52 100644
--- a/frozen_deps/Cryptodome/Cipher/ARC2.pyi
+++ b/frozen_deps/Cryptodome/Cipher/ARC2.pyi
@@ -1,4 +1,6 @@
-from typing import Union, Dict, Iterable
+from typing import Union, Dict, Iterable, Optional
+
+Buffer = bytes|bytearray|memoryview
from Cryptodome.Cipher._mode_ecb import EcbMode
from Cryptodome.Cipher._mode_cbc import CbcMode
@@ -18,13 +20,11 @@ MODE_CTR: ARC2Mode
MODE_OPENPGP: ARC2Mode
MODE_EAX: ARC2Mode
-Buffer = Union[bytes, bytearray, memoryview]
-
def new(key: Buffer,
mode: ARC2Mode,
- iv : Buffer = ...,
- IV : Buffer = ...,
- nonce : Buffer = ...,
+ iv : Optional[Buffer] = ...,
+ IV : Optional[Buffer] = ...,
+ nonce : Optional[Buffer] = ...,
segment_size : int = ...,
mac_len : int = ...,
initial_value : Union[int, Buffer] = ...,
diff --git a/frozen_deps/Cryptodome/Cipher/ARC4.py b/frozen_deps/Cryptodome/Cipher/ARC4.py
index e640e77..543a323 100644
--- a/frozen_deps/Cryptodome/Cipher/ARC4.py
+++ b/frozen_deps/Cryptodome/Cipher/ARC4.py
@@ -20,8 +20,6 @@
# SOFTWARE.
# ===================================================================
-from Cryptodome.Util.py3compat import b
-
from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer,
create_string_buffer, get_raw_buffer,
SmartPointer, c_size_t, c_uint8_ptr)
@@ -113,7 +111,7 @@ def new(key, *args, **kwargs):
:param key:
The secret key to use in the symmetric cipher.
- Its length must be in the range ``[5..256]``.
+ Its length must be in the range ``[1..256]``.
The recommended length is 16 bytes.
:type key: bytes, bytearray, memoryview
@@ -131,7 +129,8 @@ def new(key, *args, **kwargs):
"""
return ARC4Cipher(key, *args, **kwargs)
+
# Size of a data block (in bytes)
block_size = 1
# Size of a key (in bytes)
-key_size = range(5, 256+1)
+key_size = range(1, 256+1)
diff --git a/frozen_deps/Cryptodome/Cipher/ARC4.pyi b/frozen_deps/Cryptodome/Cipher/ARC4.pyi
index 2e75d6f..b081585 100644
--- a/frozen_deps/Cryptodome/Cipher/ARC4.pyi
+++ b/frozen_deps/Cryptodome/Cipher/ARC4.pyi
@@ -1,6 +1,6 @@
from typing import Any, Union, Iterable
-Buffer = Union[bytes, bytearray, memoryview]
+Buffer = bytes|bytearray|memoryview
class ARC4Cipher:
block_size: int
diff --git a/frozen_deps/Cryptodome/Cipher/Blowfish.pyi b/frozen_deps/Cryptodome/Cipher/Blowfish.pyi
index a669240..b8b21c6 100644
--- a/frozen_deps/Cryptodome/Cipher/Blowfish.pyi
+++ b/frozen_deps/Cryptodome/Cipher/Blowfish.pyi
@@ -1,4 +1,6 @@
-from typing import Union, Dict, Iterable
+from typing import Union, Dict, Iterable, Optional
+
+Buffer = bytes|bytearray|memoryview
from Cryptodome.Cipher._mode_ecb import EcbMode
from Cryptodome.Cipher._mode_cbc import CbcMode
@@ -18,13 +20,11 @@ MODE_CTR: BlowfishMode
MODE_OPENPGP: BlowfishMode
MODE_EAX: BlowfishMode
-Buffer = Union[bytes, bytearray, memoryview]
-
def new(key: Buffer,
mode: BlowfishMode,
- iv : Buffer = ...,
- IV : Buffer = ...,
- nonce : Buffer = ...,
+ iv : Optional[Buffer] = ...,
+ IV : Optional[Buffer] = ...,
+ nonce : Optional[Buffer] = ...,
segment_size : int = ...,
mac_len : int = ...,
initial_value : Union[int, Buffer] = ...,
diff --git a/frozen_deps/Cryptodome/Cipher/CAST.pyi b/frozen_deps/Cryptodome/Cipher/CAST.pyi
index 6b411cf..be01f09 100644
--- a/frozen_deps/Cryptodome/Cipher/CAST.pyi
+++ b/frozen_deps/Cryptodome/Cipher/CAST.pyi
@@ -1,4 +1,6 @@
-from typing import Union, Dict, Iterable
+from typing import Union, Dict, Iterable, Optional
+
+Buffer = bytes|bytearray|memoryview
from Cryptodome.Cipher._mode_ecb import EcbMode
from Cryptodome.Cipher._mode_cbc import CbcMode
@@ -18,13 +20,11 @@ MODE_CTR: CASTMode
MODE_OPENPGP: CASTMode
MODE_EAX: CASTMode
-Buffer = Union[bytes, bytearray, memoryview]
-
def new(key: Buffer,
mode: CASTMode,
- iv : Buffer = ...,
- IV : Buffer = ...,
- nonce : Buffer = ...,
+ iv : Optional[Buffer] = ...,
+ IV : Optional[Buffer] = ...,
+ nonce : Optional[Buffer] = ...,
segment_size : int = ...,
mac_len : int = ...,
initial_value : Union[int, Buffer] = ...,
diff --git a/frozen_deps/Cryptodome/Cipher/ChaCha20.py b/frozen_deps/Cryptodome/Cipher/ChaCha20.py
index 0cd9102..648d692 100644
--- a/frozen_deps/Cryptodome/Cipher/ChaCha20.py
+++ b/frozen_deps/Cryptodome/Cipher/ChaCha20.py
@@ -94,6 +94,8 @@ class ChaCha20Cipher(object):
See also `new()` at the module level."""
+ self.nonce = _copy_bytes(None, None, nonce)
+
# XChaCha20 requires a key derivation with HChaCha20
# See 2.3 in https://tools.ietf.org/html/draft-arciszewski-xchacha-03
if len(nonce) == 24:
@@ -102,17 +104,16 @@ class ChaCha20Cipher(object):
self._name = "XChaCha20"
else:
self._name = "ChaCha20"
+ nonce = self.nonce
- self.nonce = _copy_bytes(None, None, nonce)
-
- self._next = ( self.encrypt, self.decrypt )
+ self._next = ("encrypt", "decrypt")
self._state = VoidPointer()
result = _raw_chacha20_lib.chacha20_init(
self._state.address_of(),
c_uint8_ptr(key),
c_size_t(len(key)),
- self.nonce,
+ nonce,
c_size_t(len(nonce)))
if result:
raise ValueError("Error %d instantiating a %s cipher" % (result,
@@ -133,9 +134,9 @@ class ChaCha20Cipher(object):
Otherwise, ``None``.
"""
- if self.encrypt not in self._next:
+ if "encrypt" not in self._next:
raise TypeError("Cipher object can only be used for decryption")
- self._next = ( self.encrypt, )
+ self._next = ("encrypt",)
return self._encrypt(plaintext, output)
def _encrypt(self, plaintext, output):
@@ -179,9 +180,9 @@ class ChaCha20Cipher(object):
Otherwise, ``None``.
"""
- if self.decrypt not in self._next:
+ if "decrypt" not in self._next:
raise TypeError("Cipher object can only be used for encryption")
- self._next = ( self.decrypt, )
+ self._next = ("decrypt",)
try:
return self._encrypt(ciphertext, output)
diff --git a/frozen_deps/Cryptodome/Cipher/ChaCha20.pyi b/frozen_deps/Cryptodome/Cipher/ChaCha20.pyi
index 3d00a1d..f5001cd 100644
--- a/frozen_deps/Cryptodome/Cipher/ChaCha20.pyi
+++ b/frozen_deps/Cryptodome/Cipher/ChaCha20.pyi
@@ -1,6 +1,6 @@
-from typing import Union, overload
+from typing import Union, overload, Optional
-Buffer = Union[bytes, bytearray, memoryview]
+Buffer = bytes|bytearray|memoryview
def _HChaCha20(key: Buffer, nonce: Buffer) -> bytearray: ...
@@ -19,7 +19,7 @@ class ChaCha20Cipher:
def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
def seek(self, position: int) -> None: ...
-def new(key: Buffer, nonce: Buffer = ...) -> ChaCha20Cipher: ...
+def new(key: Buffer, nonce: Optional[Buffer] = ...) -> ChaCha20Cipher: ...
block_size: int
key_size: int
diff --git a/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.py b/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.py
index b6bc7a6..b2923ed 100644
--- a/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.py
+++ b/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.py
@@ -63,10 +63,8 @@ class ChaCha20Poly1305Cipher(object):
See also `new()` at the module level."""
- self.nonce = _copy_bytes(None, None, nonce)
-
- self._next = (self.update, self.encrypt, self.decrypt, self.digest,
- self.verify)
+ self._next = ("update", "encrypt", "decrypt", "digest",
+ "verify")
self._authenticator = Poly1305.new(key=key, nonce=nonce, cipher=ChaCha20)
@@ -94,7 +92,7 @@ class ChaCha20Poly1305Cipher(object):
A piece of associated data. There are no restrictions on its size.
"""
- if self.update not in self._next:
+ if "update" not in self._next:
raise TypeError("update() method cannot be called")
self._len_aad += len(data)
@@ -120,13 +118,13 @@ class ChaCha20Poly1305Cipher(object):
Otherwise, ``None``.
"""
- if self.encrypt not in self._next:
+ if "encrypt" not in self._next:
raise TypeError("encrypt() method cannot be called")
if self._status == _CipherStatus.PROCESSING_AUTH_DATA:
self._pad_aad()
- self._next = (self.encrypt, self.digest)
+ self._next = ("encrypt", "digest")
result = self._cipher.encrypt(plaintext, output=output)
self._len_ct += len(plaintext)
@@ -149,13 +147,13 @@ class ChaCha20Poly1305Cipher(object):
Otherwise, ``None``.
"""
- if self.decrypt not in self._next:
+ if "decrypt" not in self._next:
raise TypeError("decrypt() method cannot be called")
if self._status == _CipherStatus.PROCESSING_AUTH_DATA:
self._pad_aad()
- self._next = (self.decrypt, self.verify)
+ self._next = ("decrypt", "verify")
self._len_ct += len(ciphertext)
self._authenticator.update(ciphertext)
@@ -189,9 +187,9 @@ class ChaCha20Poly1305Cipher(object):
:Return: the MAC tag, as 16 ``bytes``.
"""
- if self.digest not in self._next:
+ if "digest" not in self._next:
raise TypeError("digest() method cannot be called")
- self._next = (self.digest,)
+ self._next = ("digest",)
return self._compute_mac()
@@ -218,10 +216,10 @@ class ChaCha20Poly1305Cipher(object):
or the key is incorrect.
"""
- if self.verify not in self._next:
+ if "verify" not in self._next:
raise TypeError("verify() cannot be called"
" when encrypting a message")
- self._next = (self.verify,)
+ self._next = ("verify",)
secret = get_random_bytes(16)
@@ -316,10 +314,10 @@ def new(**kwargs):
nonce = get_random_bytes(12)
if len(nonce) in (8, 12):
- pass
+ chacha20_poly1305_nonce = nonce
elif len(nonce) == 24:
key = _HChaCha20(key, nonce[:16])
- nonce = b'\x00\x00\x00\x00' + nonce[16:]
+ chacha20_poly1305_nonce = b'\x00\x00\x00\x00' + nonce[16:]
else:
raise ValueError("Nonce must be 8, 12 or 24 bytes long")
@@ -329,7 +327,9 @@ def new(**kwargs):
if kwargs:
raise TypeError("Unknown parameters: " + str(kwargs))
- return ChaCha20Poly1305Cipher(key, nonce)
+ cipher = ChaCha20Poly1305Cipher(key, chacha20_poly1305_nonce)
+ cipher.nonce = _copy_bytes(None, None, nonce)
+ return cipher
# Size of a key (in bytes)
diff --git a/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.pyi b/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.pyi
index ef0450f..109e805 100644
--- a/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.pyi
+++ b/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.pyi
@@ -1,6 +1,6 @@
-from typing import Union, Tuple, overload
+from typing import Union, Tuple, overload, Optional
-Buffer = Union[bytes, bytearray, memoryview]
+Buffer = bytes|bytearray|memoryview
class ChaCha20Poly1305Cipher:
nonce: bytes
@@ -22,7 +22,7 @@ class ChaCha20Poly1305Cipher:
def encrypt_and_digest(self, plaintext: Buffer) -> Tuple[bytes, bytes]: ...
def decrypt_and_verify(self, ciphertext: Buffer, received_mac_tag: Buffer) -> bytes: ...
-def new(key: Buffer, nonce: Buffer = ...) -> ChaCha20Poly1305Cipher: ...
+def new(key: Buffer, nonce: Optional[Buffer] = ...) -> ChaCha20Poly1305Cipher: ...
block_size: int
key_size: int
diff --git a/frozen_deps/Cryptodome/Cipher/DES.pyi b/frozen_deps/Cryptodome/Cipher/DES.pyi
index 1ba2752..25a3b23 100644
--- a/frozen_deps/Cryptodome/Cipher/DES.pyi
+++ b/frozen_deps/Cryptodome/Cipher/DES.pyi
@@ -1,4 +1,6 @@
-from typing import Union, Dict, Iterable
+from typing import Union, Dict, Iterable, Optional
+
+Buffer = bytes|bytearray|memoryview
from Cryptodome.Cipher._mode_ecb import EcbMode
from Cryptodome.Cipher._mode_cbc import CbcMode
@@ -18,13 +20,11 @@ MODE_CTR: DESMode
MODE_OPENPGP: DESMode
MODE_EAX: DESMode
-Buffer = Union[bytes, bytearray, memoryview]
-
def new(key: Buffer,
mode: DESMode,
- iv : Buffer = ...,
- IV : Buffer = ...,
- nonce : Buffer = ...,
+ iv : Optional[Buffer] = ...,
+ IV : Optional[Buffer] = ...,
+ nonce : Optional[Buffer] = ...,
segment_size : int = ...,
mac_len : int = ...,
initial_value : Union[int, Buffer] = ...,
diff --git a/frozen_deps/Cryptodome/Cipher/DES3.pyi b/frozen_deps/Cryptodome/Cipher/DES3.pyi
index c1a524f..2c150f8 100644
--- a/frozen_deps/Cryptodome/Cipher/DES3.pyi
+++ b/frozen_deps/Cryptodome/Cipher/DES3.pyi
@@ -1,4 +1,6 @@
-from typing import Union, Dict, Tuple
+from typing import Union, Dict, Tuple, Optional
+
+Buffer = bytes|bytearray|memoryview
from Cryptodome.Cipher._mode_ecb import EcbMode
from Cryptodome.Cipher._mode_cbc import CbcMode
@@ -20,13 +22,11 @@ MODE_CTR: DES3Mode
MODE_OPENPGP: DES3Mode
MODE_EAX: DES3Mode
-Buffer = Union[bytes, bytearray, memoryview]
-
def new(key: Buffer,
mode: DES3Mode,
- iv : Buffer = ...,
- IV : Buffer = ...,
- nonce : Buffer = ...,
+ iv : Optional[Buffer] = ...,
+ IV : Optional[Buffer] = ...,
+ nonce : Optional[Buffer] = ...,
segment_size : int = ...,
mac_len : int = ...,
initial_value : Union[int, Buffer] = ...,
diff --git a/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py b/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py
index 3207bbe..08f9efe 100644
--- a/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py
+++ b/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py
@@ -23,11 +23,13 @@
from Cryptodome.Signature.pss import MGF1
import Cryptodome.Hash.SHA1
-from Cryptodome.Util.py3compat import bord, _copy_bytes
+from Cryptodome.Util.py3compat import _copy_bytes
import Cryptodome.Util.number
-from Cryptodome.Util.number import ceil_div, bytes_to_long, long_to_bytes
-from Cryptodome.Util.strxor import strxor
+from Cryptodome.Util.number import ceil_div, bytes_to_long, long_to_bytes
+from Cryptodome.Util.strxor import strxor
from Cryptodome import Random
+from ._pkcs1_oaep_decode import oaep_decode
+
class PKCS1OAEP_Cipher:
"""Cipher object for PKCS#1 v1.5 OAEP.
@@ -68,7 +70,7 @@ class PKCS1OAEP_Cipher:
if mgfunc:
self._mgf = mgfunc
else:
- self._mgf = lambda x,y: MGF1(x,y,self._hashObj)
+ self._mgf = lambda x, y: MGF1(x, y, self._hashObj)
self._label = _copy_bytes(None, None, label)
self._randfunc = randfunc
@@ -105,7 +107,7 @@ class PKCS1OAEP_Cipher:
# See 7.1.1 in RFC3447
modBits = Cryptodome.Util.number.size(self._key.n)
- k = ceil_div(modBits, 8) # Convert from bits to bytes
+ k = ceil_div(modBits, 8) # Convert from bits to bytes
hLen = self._hashObj.digest_size
mLen = len(message)
@@ -159,22 +161,18 @@ class PKCS1OAEP_Cipher:
# See 7.1.2 in RFC3447
modBits = Cryptodome.Util.number.size(self._key.n)
- k = ceil_div(modBits,8) # Convert from bits to bytes
+ k = ceil_div(modBits, 8) # Convert from bits to bytes
hLen = self._hashObj.digest_size
# Step 1b and 1c
- if len(ciphertext) != k or k<hLen+2:
+ if len(ciphertext) != k or k < hLen+2:
raise ValueError("Ciphertext with incorrect length.")
# Step 2a (O2SIP)
ct_int = bytes_to_long(ciphertext)
- # Step 2b (RSADP)
- m_int = self._key._decrypt(ct_int)
- # Complete step 2c (I2OSP)
- em = long_to_bytes(m_int, k)
+ # Step 2b (RSADP) and step 2c (I2OSP)
+ em = self._key._decrypt_to_bytes(ct_int)
# Step 3a
lHash = self._hashObj.new(self._label).digest()
- # Step 3b
- y = em[0]
# y must be 0, but we MUST NOT check it here in order not to
# allow attacks like Manger's (http://dl.acm.org/citation.cfm?id=704143)
maskedSeed = em[1:hLen+1]
@@ -187,22 +185,17 @@ class PKCS1OAEP_Cipher:
dbMask = self._mgf(seed, k-hLen-1)
# Step 3f
db = strxor(maskedDB, dbMask)
- # Step 3g
- one_pos = db[hLen:].find(b'\x01')
- lHash1 = db[:hLen]
- invalid = bord(y) | int(one_pos < 0)
- hash_compare = strxor(lHash1, lHash)
- for x in hash_compare:
- invalid |= bord(x)
- for x in db[hLen:one_pos]:
- invalid |= bord(x)
- if invalid != 0:
+ # Step 3b + 3g
+ res = oaep_decode(em, lHash, db)
+ if res <= 0:
raise ValueError("Incorrect decryption.")
# Step 4
- return db[hLen + one_pos + 1:]
+ return db[res:]
+
def new(key, hashAlgo=None, mgfunc=None, label=b'', randfunc=None):
- """Return a cipher object :class:`PKCS1OAEP_Cipher` that can be used to perform PKCS#1 OAEP encryption or decryption.
+ """Return a cipher object :class:`PKCS1OAEP_Cipher`
+ that can be used to perform PKCS#1 OAEP encryption or decryption.
:param key:
The key object to use to encrypt or decrypt the message.
@@ -236,4 +229,3 @@ def new(key, hashAlgo=None, mgfunc=None, label=b'', randfunc=None):
if randfunc is None:
randfunc = Random.get_random_bytes
return PKCS1OAEP_Cipher(key, hashAlgo, mgfunc, label, randfunc)
-
diff --git a/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.py b/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.py
index 1fd1626..d7a9b79 100644
--- a/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.py
+++ b/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.py
@@ -20,12 +20,13 @@
# SOFTWARE.
# ===================================================================
-__all__ = [ 'new', 'PKCS115_Cipher' ]
+__all__ = ['new', 'PKCS115_Cipher']
-from Cryptodome.Util.number import ceil_div, bytes_to_long, long_to_bytes
-from Cryptodome.Util.py3compat import bord, _copy_bytes
-import Cryptodome.Util.number
from Cryptodome import Random
+from Cryptodome.Util.number import bytes_to_long, long_to_bytes
+from Cryptodome.Util.py3compat import bord, is_bytes, _copy_bytes
+from ._pkcs1_oaep_decode import pkcs1_decode
+
class PKCS115_Cipher:
"""This cipher can perform PKCS#1 v1.5 RSA encryption or decryption.
@@ -74,8 +75,7 @@ class PKCS115_Cipher:
"""
# See 7.2.1 in RFC8017
- modBits = Cryptodome.Util.number.size(self._key.n)
- k = ceil_div(modBits,8) # Convert from bits to bytes
+ k = self._key.size_in_bytes()
mLen = len(message)
# Step 1
@@ -89,7 +89,6 @@ class PKCS115_Cipher:
continue
ps.append(new_byte)
ps = b"".join(ps)
- assert(len(ps) == k - mLen - 3)
# Step 2b
em = b'\x00\x02' + ps + b'\x00' + _copy_bytes(None, None, message)
# Step 3a (OS2IP)
@@ -100,81 +99,73 @@ class PKCS115_Cipher:
c = long_to_bytes(m_int, k)
return c
- def decrypt(self, ciphertext, sentinel):
+ def decrypt(self, ciphertext, sentinel, expected_pt_len=0):
r"""Decrypt a PKCS#1 v1.5 ciphertext.
- This function is named ``RSAES-PKCS1-V1_5-DECRYPT``, and is specified in
+ This is the function ``RSAES-PKCS1-V1_5-DECRYPT`` specified in
`section 7.2.2 of RFC8017
<https://tools.ietf.org/html/rfc8017#page-29>`_.
- :param ciphertext:
+ Args:
+ ciphertext (bytes/bytearray/memoryview):
The ciphertext that contains the message to recover.
- :type ciphertext: bytes/bytearray/memoryview
-
- :param sentinel:
+ sentinel (any type):
The object to return whenever an error is detected.
- :type sentinel: any type
+ expected_pt_len (integer):
+ The length the plaintext is known to have, or 0 if unknown.
- :Returns: A byte string. It is either the original message or the ``sentinel`` (in case of an error).
-
- :Raises ValueError:
- If the ciphertext length is incorrect
- :Raises TypeError:
- If the RSA key has no private half (i.e. it cannot be used for
- decyption).
+ Returns (byte string):
+ It is either the original message or the ``sentinel`` (in case of an error).
.. warning::
- You should **never** let the party who submitted the ciphertext know that
- this function returned the ``sentinel`` value.
- Armed with such knowledge (for a fair amount of carefully crafted but invalid ciphertexts),
- an attacker is able to recontruct the plaintext of any other encryption that were carried out
- with the same RSA public key (see `Bleichenbacher's`__ attack).
-
- In general, it should not be possible for the other party to distinguish
- whether processing at the server side failed because the value returned
- was a ``sentinel`` as opposed to a random, invalid message.
-
- In fact, the second option is not that unlikely: encryption done according to PKCS#1 v1.5
- embeds no good integrity check. There is roughly one chance
- in 2\ :sup:`16` for a random ciphertext to be returned as a valid message
- (although random looking).
-
- It is therefore advisabled to:
-
- 1. Select as ``sentinel`` a value that resembles a plausable random, invalid message.
- 2. Not report back an error as soon as you detect a ``sentinel`` value.
- Put differently, you should not explicitly check if the returned value is the ``sentinel`` or not.
- 3. Cover all possible errors with a single, generic error indicator.
- 4. Embed into the definition of ``message`` (at the protocol level) a digest (e.g. ``SHA-1``).
- It is recommended for it to be the rightmost part ``message``.
- 5. Where possible, monitor the number of errors due to ciphertexts originating from the same party,
- and slow down the rate of the requests from such party (or even blacklist it altogether).
-
- **If you are designing a new protocol, consider using the more robust PKCS#1 OAEP.**
-
- .. __: http://www.bell-labs.com/user/bleichen/papers/pkcs.ps
-
+ PKCS#1 v1.5 decryption is intrinsically vulnerable to timing
+ attacks (see `Bleichenbacher's`__ attack).
+ **Use PKCS#1 OAEP instead**.
+
+ This implementation attempts to mitigate the risk
+ with some constant-time constructs.
+ However, they are not sufficient by themselves: the type of protocol you
+ implement and the way you handle errors make a big difference.
+
+ Specifically, you should make it very hard for the (malicious)
+ party that submitted the ciphertext to quickly understand if decryption
+ succeeded or not.
+
+ To this end, it is recommended that your protocol only encrypts
+ plaintexts of fixed length (``expected_pt_len``),
+ that ``sentinel`` is a random byte string of the same length,
+ and that processing continues for as long
+ as possible even if ``sentinel`` is returned (i.e. in case of
+ incorrect decryption).
+
+ .. __: https://dx.doi.org/10.1007/BFb0055716
"""
- # See 7.2.1 in RFC3447
- modBits = Cryptodome.Util.number.size(self._key.n)
- k = ceil_div(modBits,8) # Convert from bits to bytes
+ # See 7.2.2 in RFC8017
+ k = self._key.size_in_bytes()
# Step 1
if len(ciphertext) != k:
- raise ValueError("Ciphertext with incorrect length.")
+ raise ValueError("Ciphertext with incorrect length (not %d bytes)" % k)
+
# Step 2a (O2SIP)
ct_int = bytes_to_long(ciphertext)
- # Step 2b (RSADP)
- m_int = self._key._decrypt(ct_int)
- # Complete step 2c (I2OSP)
- em = long_to_bytes(m_int, k)
- # Step 3
- sep = em.find(b'\x00', 2)
- if not em.startswith(b'\x00\x02') or sep < 10:
- return sentinel
- # Step 4
- return em[sep + 1:]
+
+ # Step 2b (RSADP) and Step 2c (I2OSP)
+ em = self._key._decrypt_to_bytes(ct_int)
+
+ # Step 3 (not constant time when the sentinel is not a byte string)
+ output = bytes(bytearray(k))
+ if not is_bytes(sentinel) or len(sentinel) > k:
+ size = pkcs1_decode(em, b'', expected_pt_len, output)
+ if size < 0:
+ return sentinel
+ else:
+ return output[size:]
+
+ # Step 3 (somewhat constant time)
+ size = pkcs1_decode(em, sentinel, expected_pt_len, output)
+ return output[size:]
def new(key, randfunc=None):
@@ -196,4 +187,3 @@ def new(key, randfunc=None):
if randfunc is None:
randfunc = Random.get_random_bytes
return PKCS115_Cipher(key, randfunc)
-
diff --git a/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.pyi b/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.pyi
index ff4e3f2..b69f509 100644
--- a/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.pyi
+++ b/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.pyi
@@ -1,8 +1,9 @@
-from typing import Callable, Union, Any, Optional
+from typing import Callable, Union, Any, Optional, TypeVar
from Cryptodome.PublicKey.RSA import RsaKey
Buffer = Union[bytes, bytearray, memoryview]
+T = TypeVar('T')
class PKCS115_Cipher:
def __init__(self,
@@ -11,7 +12,9 @@ class PKCS115_Cipher:
def can_encrypt(self) -> bool: ...
def can_decrypt(self) -> bool: ...
def encrypt(self, message: Buffer) -> bytes: ...
- def decrypt(self, ciphertext: Buffer) -> bytes: ...
+ def decrypt(self, ciphertext: Buffer,
+ sentinel: T,
+ expected_pt_len: Optional[int] = ...) -> Union[bytes, T]: ...
def new(key: RsaKey,
randfunc: Optional[Callable[[int], bytes]] = ...) -> PKCS115_Cipher: ...
diff --git a/frozen_deps/Cryptodome/Cipher/Salsa20.pyi b/frozen_deps/Cryptodome/Cipher/Salsa20.pyi
index 9178f0d..cf8690e 100644
--- a/frozen_deps/Cryptodome/Cipher/Salsa20.pyi
+++ b/frozen_deps/Cryptodome/Cipher/Salsa20.pyi
@@ -1,7 +1,6 @@
-from typing import Union, Tuple, Optional, overload
+from typing import Union, Tuple, Optional, overload, Optional
-
-Buffer = Union[bytes, bytearray, memoryview]
+Buffer = bytes|bytearray|memoryview
class Salsa20Cipher:
nonce: bytes
diff --git a/frozen_deps/Cryptodome/Cipher/_ARC4.abi3.so b/frozen_deps/Cryptodome/Cipher/_ARC4.abi3.so
new file mode 100755
index 0000000..451d359
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_ARC4.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_ARC4.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_ARC4.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index e4d89af..0000000
--- a/frozen_deps/Cryptodome/Cipher/_ARC4.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_Salsa20.abi3.so b/frozen_deps/Cryptodome/Cipher/_Salsa20.abi3.so
new file mode 100755
index 0000000..a303d91
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_Salsa20.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_Salsa20.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_Salsa20.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index df9884e..0000000
--- a/frozen_deps/Cryptodome/Cipher/_Salsa20.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_chacha20.abi3.so b/frozen_deps/Cryptodome/Cipher/_chacha20.abi3.so
new file mode 100755
index 0000000..f1f1fa1
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_chacha20.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_chacha20.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_chacha20.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index ded8fd8..0000000
--- a/frozen_deps/Cryptodome/Cipher/_chacha20.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_mode_cbc.py b/frozen_deps/Cryptodome/Cipher/_mode_cbc.py
index edc29ca..94d02e7 100644
--- a/frozen_deps/Cryptodome/Cipher/_mode_cbc.py
+++ b/frozen_deps/Cryptodome/Cipher/_mode_cbc.py
@@ -120,7 +120,7 @@ class CbcMode(object):
self.IV = self.iv
"""Alias for `iv`"""
- self._next = [ self.encrypt, self.decrypt ]
+ self._next = ["encrypt", "decrypt"]
def encrypt(self, plaintext, output=None):
"""Encrypt data with the key and the parameters set at initialization.
@@ -158,18 +158,18 @@ class CbcMode(object):
Otherwise, ``None``.
"""
- if self.encrypt not in self._next:
+ if "encrypt" not in self._next:
raise TypeError("encrypt() cannot be called after decrypt()")
- self._next = [ self.encrypt ]
-
+ self._next = ["encrypt"]
+
if output is None:
ciphertext = create_string_buffer(len(plaintext))
else:
ciphertext = output
-
+
if not is_writeable_buffer(output):
raise TypeError("output must be a bytearray or a writeable memoryview")
-
+
if len(plaintext) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(plaintext))
@@ -221,10 +221,10 @@ class CbcMode(object):
Otherwise, ``None``.
"""
- if self.decrypt not in self._next:
+ if "decrypt" not in self._next:
raise TypeError("decrypt() cannot be called after encrypt()")
- self._next = [ self.decrypt ]
-
+ self._next = ["decrypt"]
+
if output is None:
plaintext = create_string_buffer(len(ciphertext))
else:
@@ -232,7 +232,7 @@ class CbcMode(object):
if not is_writeable_buffer(output):
raise TypeError("output must be a bytearray or a writeable memoryview")
-
+
if len(ciphertext) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(plaintext))
@@ -285,7 +285,7 @@ def _create_cbc_cipher(factory, **kwargs):
if len(iv) != factory.block_size:
raise ValueError("Incorrect IV length (it must be %d bytes long)" %
- factory.block_size)
+ factory.block_size)
if kwargs:
raise TypeError("Unknown parameters for CBC: %s" % str(kwargs))
diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ccm.py b/frozen_deps/Cryptodome/Cipher/_mode_ccm.py
index 0e1c2f6..ec2e4f4 100644
--- a/frozen_deps/Cryptodome/Cipher/_mode_ccm.py
+++ b/frozen_deps/Cryptodome/Cipher/_mode_ccm.py
@@ -155,8 +155,8 @@ class CcmMode(object):
self._t = None
# Allowed transitions after initialization
- self._next = [self.update, self.encrypt, self.decrypt,
- self.digest, self.verify]
+ self._next = ["update", "encrypt", "decrypt",
+ "digest", "verify"]
# Cumulative lengths
self._cumul_assoc_len = 0
@@ -252,12 +252,12 @@ class CcmMode(object):
A piece of associated data. There are no restrictions on its size.
"""
- if self.update not in self._next:
+ if "update" not in self._next:
raise TypeError("update() can only be called"
" immediately after initialization")
- self._next = [self.update, self.encrypt, self.decrypt,
- self.digest, self.verify]
+ self._next = ["update", "encrypt", "decrypt",
+ "digest", "verify"]
self._cumul_assoc_len += len(assoc_data)
if self._assoc_len is not None and \
@@ -336,10 +336,10 @@ class CcmMode(object):
Otherwise, ``None``.
"""
- if self.encrypt not in self._next:
+ if "encrypt" not in self._next:
raise TypeError("encrypt() can only be called after"
" initialization or an update()")
- self._next = [self.encrypt, self.digest]
+ self._next = ["encrypt", "digest"]
# No more associated data allowed from now
if self._assoc_len is None:
@@ -356,7 +356,7 @@ class CcmMode(object):
if self._msg_len is None:
self._msg_len = len(plaintext)
self._start_mac()
- self._next = [self.digest]
+ self._next = ["digest"]
self._cumul_msg_len += len(plaintext)
if self._cumul_msg_len > self._msg_len:
@@ -409,10 +409,10 @@ class CcmMode(object):
Otherwise, ``None``.
"""
- if self.decrypt not in self._next:
+ if "decrypt" not in self._next:
raise TypeError("decrypt() can only be called"
" after initialization or an update()")
- self._next = [self.decrypt, self.verify]
+ self._next = ["decrypt", "verify"]
# No more associated data allowed from now
if self._assoc_len is None:
@@ -429,7 +429,7 @@ class CcmMode(object):
if self._msg_len is None:
self._msg_len = len(ciphertext)
self._start_mac()
- self._next = [self.verify]
+ self._next = ["verify"]
self._cumul_msg_len += len(ciphertext)
if self._cumul_msg_len > self._msg_len:
@@ -461,10 +461,10 @@ class CcmMode(object):
:Return: the MAC, as a byte string.
"""
- if self.digest not in self._next:
+ if "digest" not in self._next:
raise TypeError("digest() cannot be called when decrypting"
" or validating a message")
- self._next = [self.digest]
+ self._next = ["digest"]
return self._digest()
def _digest(self):
@@ -523,10 +523,10 @@ class CcmMode(object):
or the key is incorrect.
"""
- if self.verify not in self._next:
+ if "verify" not in self._next:
raise TypeError("verify() cannot be called"
" when encrypting a message")
- self._next = [self.verify]
+ self._next = ["verify"]
self._digest()
secret = get_random_bytes(16)
diff --git a/frozen_deps/Cryptodome/Cipher/_mode_cfb.py b/frozen_deps/Cryptodome/Cipher/_mode_cfb.py
index b790dd4..1b1b6c3 100644
--- a/frozen_deps/Cryptodome/Cipher/_mode_cfb.py
+++ b/frozen_deps/Cryptodome/Cipher/_mode_cfb.py
@@ -119,7 +119,7 @@ class CfbMode(object):
self.IV = self.iv
"""Alias for `iv`"""
- self._next = [ self.encrypt, self.decrypt ]
+ self._next = ["encrypt", "decrypt"]
def encrypt(self, plaintext, output=None):
"""Encrypt data with the key and the parameters set at initialization.
@@ -154,18 +154,18 @@ class CfbMode(object):
Otherwise, ``None``.
"""
- if self.encrypt not in self._next:
+ if "encrypt" not in self._next:
raise TypeError("encrypt() cannot be called after decrypt()")
- self._next = [ self.encrypt ]
-
+ self._next = ["encrypt"]
+
if output is None:
ciphertext = create_string_buffer(len(plaintext))
else:
ciphertext = output
-
+
if not is_writeable_buffer(output):
raise TypeError("output must be a bytearray or a writeable memoryview")
-
+
if len(plaintext) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(plaintext))
@@ -215,10 +215,10 @@ class CfbMode(object):
Otherwise, ``None``.
"""
- if self.decrypt not in self._next:
+ if "decrypt" not in self._next:
raise TypeError("decrypt() cannot be called after encrypt()")
- self._next = [ self.decrypt ]
-
+ self._next = ["decrypt"]
+
if output is None:
plaintext = create_string_buffer(len(ciphertext))
else:
@@ -226,11 +226,11 @@ class CfbMode(object):
if not is_writeable_buffer(output):
raise TypeError("output must be a bytearray or a writeable memoryview")
-
+
if len(ciphertext) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(plaintext))
-
+
result = raw_cfb_lib.CFB_decrypt(self._state.get(),
c_uint8_ptr(ciphertext),
c_uint8_ptr(plaintext),
diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ctr.py b/frozen_deps/Cryptodome/Cipher/_mode_ctr.py
index 99712d0..9ce357f 100644
--- a/frozen_deps/Cryptodome/Cipher/_mode_ctr.py
+++ b/frozen_deps/Cryptodome/Cipher/_mode_ctr.py
@@ -146,7 +146,7 @@ class CtrMode(object):
self.block_size = len(initial_counter_block)
"""The block size of the underlying cipher, in bytes."""
- self._next = [self.encrypt, self.decrypt]
+ self._next = ["encrypt", "decrypt"]
def encrypt(self, plaintext, output=None):
"""Encrypt data with the key and the parameters set at initialization.
@@ -181,18 +181,18 @@ class CtrMode(object):
Otherwise, ``None``.
"""
- if self.encrypt not in self._next:
+ if "encrypt" not in self._next:
raise TypeError("encrypt() cannot be called after decrypt()")
- self._next = [self.encrypt]
-
+ self._next = ["encrypt"]
+
if output is None:
ciphertext = create_string_buffer(len(plaintext))
else:
ciphertext = output
-
+
if not is_writeable_buffer(output):
raise TypeError("output must be a bytearray or a writeable memoryview")
-
+
if len(plaintext) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(plaintext))
@@ -206,7 +206,7 @@ class CtrMode(object):
raise OverflowError("The counter has wrapped around in"
" CTR mode")
raise ValueError("Error %X while encrypting in CTR mode" % result)
-
+
if output is None:
return get_raw_buffer(ciphertext)
else:
@@ -245,10 +245,10 @@ class CtrMode(object):
Otherwise, ``None``.
"""
- if self.decrypt not in self._next:
+ if "decrypt" not in self._next:
raise TypeError("decrypt() cannot be called after encrypt()")
- self._next = [self.decrypt]
-
+ self._next = ["decrypt"]
+
if output is None:
plaintext = create_string_buffer(len(ciphertext))
else:
@@ -256,12 +256,11 @@ class CtrMode(object):
if not is_writeable_buffer(output):
raise TypeError("output must be a bytearray or a writeable memoryview")
-
+
if len(ciphertext) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(plaintext))
-
result = raw_ctr_lib.CTR_decrypt(self._state.get(),
c_uint8_ptr(ciphertext),
c_uint8_ptr(plaintext),
@@ -271,7 +270,7 @@ class CtrMode(object):
raise OverflowError("The counter has wrapped around in"
" CTR mode")
raise ValueError("Error %X while decrypting in CTR mode" % result)
-
+
if output is None:
return get_raw_buffer(plaintext)
else:
@@ -324,8 +323,8 @@ def _create_ctr_cipher(factory, **kwargs):
raise TypeError("Invalid parameters for CTR mode: %s" % str(kwargs))
if counter is not None and (nonce, initial_value) != (None, None):
- raise TypeError("'counter' and 'nonce'/'initial_value'"
- " are mutually exclusive")
+ raise TypeError("'counter' and 'nonce'/'initial_value'"
+ " are mutually exclusive")
if counter is None:
# Cryptodome.Util.Counter is not used
@@ -337,7 +336,7 @@ def _create_ctr_cipher(factory, **kwargs):
else:
if len(nonce) >= factory.block_size:
raise ValueError("Nonce is too long")
-
+
# What is not nonce is counter
counter_len = factory.block_size - len(nonce)
@@ -350,7 +349,8 @@ def _create_ctr_cipher(factory, **kwargs):
initial_counter_block = nonce + long_to_bytes(initial_value, counter_len)
else:
if len(initial_value) != counter_len:
- raise ValueError("Incorrect length for counter byte string (%d bytes, expected %d)" % (len(initial_value), counter_len))
+ raise ValueError("Incorrect length for counter byte string (%d bytes, expected %d)" %
+ (len(initial_value), counter_len))
initial_counter_block = nonce + initial_value
return CtrMode(cipher_state,
@@ -379,7 +379,7 @@ def _create_ctr_cipher(factory, **kwargs):
while initial_value > 0:
words.append(struct.pack('B', initial_value & 255))
initial_value >>= 8
- words += [ b'\x00' ] * max(0, counter_len - len(words))
+ words += [b'\x00'] * max(0, counter_len - len(words))
if not little_endian:
words.reverse()
initial_counter_block = prefix + b"".join(words) + suffix
diff --git a/frozen_deps/Cryptodome/Cipher/_mode_eax.py b/frozen_deps/Cryptodome/Cipher/_mode_eax.py
index 8efb77a..44ef21f 100644
--- a/frozen_deps/Cryptodome/Cipher/_mode_eax.py
+++ b/frozen_deps/Cryptodome/Cipher/_mode_eax.py
@@ -90,12 +90,12 @@ class EaxMode(object):
self._mac_tag = None # Cache for MAC tag
# Allowed transitions after initialization
- self._next = [self.update, self.encrypt, self.decrypt,
- self.digest, self.verify]
+ self._next = ["update", "encrypt", "decrypt",
+ "digest", "verify"]
# MAC tag length
- if not (4 <= self._mac_len <= self.block_size):
- raise ValueError("Parameter 'mac_len' must not be larger than %d"
+ if not (2 <= self._mac_len <= self.block_size):
+ raise ValueError("'mac_len' must be at least 2 and not larger than %d"
% self.block_size)
# Nonce cannot be empty and must be a byte string
@@ -145,12 +145,12 @@ class EaxMode(object):
A piece of associated data. There are no restrictions on its size.
"""
- if self.update not in self._next:
+ if "update" not in self._next:
raise TypeError("update() can only be called"
" immediately after initialization")
- self._next = [self.update, self.encrypt, self.decrypt,
- self.digest, self.verify]
+ self._next = ["update", "encrypt", "decrypt",
+ "digest", "verify"]
self._signer.update(assoc_data)
return self
@@ -188,10 +188,10 @@ class EaxMode(object):
Otherwise, ``None``.
"""
- if self.encrypt not in self._next:
+ if "encrypt" not in self._next:
raise TypeError("encrypt() can only be called after"
" initialization or an update()")
- self._next = [self.encrypt, self.digest]
+ self._next = ["encrypt", "digest"]
ct = self._cipher.encrypt(plaintext, output=output)
if output is None:
self._omac[2].update(ct)
@@ -232,10 +232,10 @@ class EaxMode(object):
Otherwise, ``None``.
"""
- if self.decrypt not in self._next:
+ if "decrypt" not in self._next:
raise TypeError("decrypt() can only be called"
" after initialization or an update()")
- self._next = [self.decrypt, self.verify]
+ self._next = ["decrypt", "verify"]
self._omac[2].update(ciphertext)
return self._cipher.decrypt(ciphertext, output=output)
@@ -250,10 +250,10 @@ class EaxMode(object):
:Return: the MAC, as a byte string.
"""
- if self.digest not in self._next:
+ if "digest" not in self._next:
raise TypeError("digest() cannot be called when decrypting"
" or validating a message")
- self._next = [self.digest]
+ self._next = ["digest"]
if not self._mac_tag:
tag = b'\x00' * self.block_size
@@ -289,10 +289,10 @@ class EaxMode(object):
or the key is incorrect.
"""
- if self.verify not in self._next:
+ if "verify" not in self._next:
raise TypeError("verify() cannot be called"
" when encrypting a message")
- self._next = [self.verify]
+ self._next = ["verify"]
if not self._mac_tag:
tag = b'\x00' * self.block_size
diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ecb.py b/frozen_deps/Cryptodome/Cipher/_mode_ecb.py
index 4c381f7..a01a16f 100644
--- a/frozen_deps/Cryptodome/Cipher/_mode_ecb.py
+++ b/frozen_deps/Cryptodome/Cipher/_mode_ecb.py
@@ -72,6 +72,7 @@ class EcbMode(object):
block_cipher : C pointer
A smart pointer to the low-level block cipher instance.
"""
+ self.block_size = block_cipher.block_size
self._state = VoidPointer()
result = raw_ecb_lib.ECB_start_operation(block_cipher.get(),
@@ -213,6 +214,7 @@ def _create_ecb_cipher(factory, **kwargs):
to be present"""
cipher_state = factory._create_base_cipher(kwargs)
+ cipher_state.block_size = factory.block_size
if kwargs:
raise TypeError("Unknown parameters for ECB: %s" % str(kwargs))
return EcbMode(cipher_state)
diff --git a/frozen_deps/Cryptodome/Cipher/_mode_gcm.py b/frozen_deps/Cryptodome/Cipher/_mode_gcm.py
index c90061b..9914400 100644
--- a/frozen_deps/Cryptodome/Cipher/_mode_gcm.py
+++ b/frozen_deps/Cryptodome/Cipher/_mode_gcm.py
@@ -186,7 +186,7 @@ class GcmMode(object):
if len(nonce) == 0:
raise ValueError("Nonce cannot be empty")
-
+
if not is_buffer(nonce):
raise TypeError("Nonce must be bytes, bytearray or memoryview")
@@ -207,8 +207,8 @@ class GcmMode(object):
raise ValueError("Parameter 'mac_len' must be in the range 4..16")
# Allowed transitions after initialization
- self._next = [self.update, self.encrypt, self.decrypt,
- self.digest, self.verify]
+ self._next = ["update", "encrypt", "decrypt",
+ "digest", "verify"]
self._no_more_assoc_data = False
@@ -229,10 +229,10 @@ class GcmMode(object):
if len(self.nonce) == 12:
j0 = self.nonce + b"\x00\x00\x00\x01"
else:
- fill = (16 - (len(nonce) % 16)) % 16 + 8
+ fill = (16 - (len(self.nonce) % 16)) % 16 + 8
ghash_in = (self.nonce +
b'\x00' * fill +
- long_to_bytes(8 * len(nonce), 8))
+ long_to_bytes(8 * len(self.nonce), 8))
j0 = _GHASH(hash_subkey, ghash_c).update(ghash_in).digest()
# Step 3 - Prepare GCTR cipher for encryption/decryption
@@ -282,12 +282,12 @@ class GcmMode(object):
A piece of associated data. There are no restrictions on its size.
"""
- if self.update not in self._next:
+ if "update" not in self._next:
raise TypeError("update() can only be called"
" immediately after initialization")
- self._next = [self.update, self.encrypt, self.decrypt,
- self.digest, self.verify]
+ self._next = ["update", "encrypt", "decrypt",
+ "digest", "verify"]
self._update(assoc_data)
self._auth_len += len(assoc_data)
@@ -364,10 +364,10 @@ class GcmMode(object):
Otherwise, ``None``.
"""
- if self.encrypt not in self._next:
+ if "encrypt" not in self._next:
raise TypeError("encrypt() can only be called after"
" initialization or an update()")
- self._next = [self.encrypt, self.digest]
+ self._next = ["encrypt", "digest"]
ciphertext = self._cipher.encrypt(plaintext, output=output)
@@ -417,10 +417,10 @@ class GcmMode(object):
Otherwise, ``None``.
"""
- if self.decrypt not in self._next:
+ if "decrypt" not in self._next:
raise TypeError("decrypt() can only be called"
" after initialization or an update()")
- self._next = [self.decrypt, self.verify]
+ self._next = ["decrypt", "verify"]
if self._status == MacStatus.PROCESSING_AUTH_DATA:
self._pad_cache_and_update()
@@ -442,10 +442,10 @@ class GcmMode(object):
:Return: the MAC, as a byte string.
"""
- if self.digest not in self._next:
+ if "digest" not in self._next:
raise TypeError("digest() cannot be called when decrypting"
" or validating a message")
- self._next = [self.digest]
+ self._next = ["digest"]
return self._compute_mac()
@@ -492,10 +492,10 @@ class GcmMode(object):
or the key is incorrect.
"""
- if self.verify not in self._next:
+ if "verify" not in self._next:
raise TypeError("verify() cannot be called"
" when encrypting a message")
- self._next = [self.verify]
+ self._next = ["verify"]
secret = get_random_bytes(16)
diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ocb.py b/frozen_deps/Cryptodome/Cipher/_mode_ocb.py
index 27c2797..1295e61 100644
--- a/frozen_deps/Cryptodome/Cipher/_mode_ocb.py
+++ b/frozen_deps/Cryptodome/Cipher/_mode_ocb.py
@@ -71,7 +71,7 @@ Example:
import struct
from binascii import unhexlify
-from Cryptodome.Util.py3compat import bord, _copy_bytes
+from Cryptodome.Util.py3compat import bord, _copy_bytes, bchr
from Cryptodome.Util.number import long_to_bytes, bytes_to_long
from Cryptodome.Util.strxor import strxor
@@ -142,15 +142,22 @@ class OcbMode(object):
self._cache_P = b""
# Allowed transitions after initialization
- self._next = [self.update, self.encrypt, self.decrypt,
- self.digest, self.verify]
+ self._next = ["update", "encrypt", "decrypt",
+ "digest", "verify"]
# Compute Offset_0
params_without_key = dict(cipher_params)
key = params_without_key.pop("key")
- nonce = (struct.pack('B', self._mac_len << 4 & 0xFF) +
- b'\x00' * (14 - len(nonce)) +
- b'\x01' + self.nonce)
+
+ taglen_mod128 = (self._mac_len * 8) % 128
+ if len(self.nonce) < 15:
+ nonce = bchr(taglen_mod128 << 1) +\
+ b'\x00' * (14 - len(nonce)) +\
+ b'\x01' +\
+ self.nonce
+ else:
+ nonce = bchr((taglen_mod128 << 1) | 0x01) +\
+ self.nonce
bottom_bits = bord(nonce[15]) & 0x3F # 6 bits, 0..63
top_bits = bord(nonce[15]) & 0xC0 # 2 bits
@@ -217,12 +224,12 @@ class OcbMode(object):
A piece of associated data.
"""
- if self.update not in self._next:
+ if "update" not in self._next:
raise TypeError("update() can only be called"
" immediately after initialization")
- self._next = [self.encrypt, self.decrypt, self.digest,
- self.verify, self.update]
+ self._next = ["encrypt", "decrypt", "digest",
+ "verify", "update"]
if len(self._cache_A) > 0:
filler = min(16 - len(self._cache_A), len(assoc_data))
@@ -316,14 +323,14 @@ class OcbMode(object):
Its length may not match the length of the *plaintext*.
"""
- if self.encrypt not in self._next:
+ if "encrypt" not in self._next:
raise TypeError("encrypt() can only be called after"
" initialization or an update()")
if plaintext is None:
- self._next = [self.digest]
+ self._next = ["digest"]
else:
- self._next = [self.encrypt]
+ self._next = ["encrypt"]
return self._transcrypt(plaintext, _raw_ocb_lib.OCB_encrypt, "encrypt")
def decrypt(self, ciphertext=None):
@@ -345,14 +352,14 @@ class OcbMode(object):
Its length may not match the length of the *ciphertext*.
"""
- if self.decrypt not in self._next:
+ if "decrypt" not in self._next:
raise TypeError("decrypt() can only be called after"
" initialization or an update()")
if ciphertext is None:
- self._next = [self.verify]
+ self._next = ["verify"]
else:
- self._next = [self.decrypt]
+ self._next = ["decrypt"]
return self._transcrypt(ciphertext,
_raw_ocb_lib.OCB_decrypt,
"decrypt")
@@ -388,12 +395,12 @@ class OcbMode(object):
:Return: the MAC, as a byte string.
"""
- if self.digest not in self._next:
+ if "digest" not in self._next:
raise TypeError("digest() cannot be called now for this cipher")
assert(len(self._cache_P) == 0)
- self._next = [self.digest]
+ self._next = ["digest"]
if self._mac_tag is None:
self._compute_mac_tag()
@@ -423,12 +430,12 @@ class OcbMode(object):
or the key is incorrect.
"""
- if self.verify not in self._next:
+ if "verify" not in self._next:
raise TypeError("verify() cannot be called now for this cipher")
assert(len(self._cache_P) == 0)
- self._next = [self.verify]
+ self._next = ["verify"]
if self._mac_tag is None:
self._compute_mac_tag()
diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ofb.py b/frozen_deps/Cryptodome/Cipher/_mode_ofb.py
index 04aaccf..8c0ccf6 100644
--- a/frozen_deps/Cryptodome/Cipher/_mode_ofb.py
+++ b/frozen_deps/Cryptodome/Cipher/_mode_ofb.py
@@ -116,7 +116,7 @@ class OfbMode(object):
self.IV = self.iv
"""Alias for `iv`"""
- self._next = [ self.encrypt, self.decrypt ]
+ self._next = ["encrypt", "decrypt"]
def encrypt(self, plaintext, output=None):
"""Encrypt data with the key and the parameters set at initialization.
@@ -151,18 +151,18 @@ class OfbMode(object):
Otherwise, ``None``.
"""
- if self.encrypt not in self._next:
+ if "encrypt" not in self._next:
raise TypeError("encrypt() cannot be called after decrypt()")
- self._next = [ self.encrypt ]
-
+ self._next = ["encrypt"]
+
if output is None:
ciphertext = create_string_buffer(len(plaintext))
else:
ciphertext = output
-
+
if not is_writeable_buffer(output):
raise TypeError("output must be a bytearray or a writeable memoryview")
-
+
if len(plaintext) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(plaintext))
@@ -212,10 +212,10 @@ class OfbMode(object):
Otherwise, ``None``.
"""
- if self.decrypt not in self._next:
+ if "decrypt" not in self._next:
raise TypeError("decrypt() cannot be called after encrypt()")
- self._next = [ self.decrypt ]
-
+ self._next = ["decrypt"]
+
if output is None:
plaintext = create_string_buffer(len(ciphertext))
else:
@@ -223,7 +223,7 @@ class OfbMode(object):
if not is_writeable_buffer(output):
raise TypeError("output must be a bytearray or a writeable memoryview")
-
+
if len(ciphertext) != len(output):
raise ValueError("output must have the same length as the input"
" (%d bytes)" % len(plaintext))
diff --git a/frozen_deps/Cryptodome/Cipher/_mode_siv.py b/frozen_deps/Cryptodome/Cipher/_mode_siv.py
index d10c4dc..4a76ad6 100644
--- a/frozen_deps/Cryptodome/Cipher/_mode_siv.py
+++ b/frozen_deps/Cryptodome/Cipher/_mode_siv.py
@@ -123,8 +123,8 @@ class SivMode(object):
factory.new(key[:subkey_size], factory.MODE_ECB, **kwargs)
# Allowed transitions after initialization
- self._next = [self.update, self.encrypt, self.decrypt,
- self.digest, self.verify]
+ self._next = ["update", "encrypt", "decrypt",
+ "digest", "verify"]
def _create_ctr_cipher(self, v):
"""Create a new CTR cipher from V in SIV mode"""
@@ -164,12 +164,12 @@ class SivMode(object):
The next associated data component.
"""
- if self.update not in self._next:
+ if "update" not in self._next:
raise TypeError("update() can only be called"
" immediately after initialization")
- self._next = [self.update, self.encrypt, self.decrypt,
- self.digest, self.verify]
+ self._next = ["update", "encrypt", "decrypt",
+ "digest", "verify"]
return self._kdf.update(component)
@@ -206,10 +206,10 @@ class SivMode(object):
:Return: the MAC, as a byte string.
"""
- if self.digest not in self._next:
+ if "digest" not in self._next:
raise TypeError("digest() cannot be called when decrypting"
" or validating a message")
- self._next = [self.digest]
+ self._next = ["digest"]
if self._mac_tag is None:
self._mac_tag = self._kdf.derive()
return self._mac_tag
@@ -240,10 +240,10 @@ class SivMode(object):
or the key is incorrect.
"""
- if self.verify not in self._next:
+ if "verify" not in self._next:
raise TypeError("verify() cannot be called"
" when encrypting a message")
- self._next = [self.verify]
+ self._next = ["verify"]
if self._mac_tag is None:
self._mac_tag = self._kdf.derive()
@@ -290,19 +290,19 @@ class SivMode(object):
The first item becomes ``None`` when the ``output`` parameter
specified a location for the result.
"""
-
- if self.encrypt not in self._next:
+
+ if "encrypt" not in self._next:
raise TypeError("encrypt() can only be called after"
" initialization or an update()")
- self._next = [ self.digest ]
+ self._next = ["digest"]
# Compute V (MAC)
if hasattr(self, 'nonce'):
self._kdf.update(self.nonce)
self._kdf.update(plaintext)
self._mac_tag = self._kdf.derive()
-
+
cipher = self._create_ctr_cipher(self._mac_tag)
return cipher.encrypt(plaintext, output=output), self._mac_tag
@@ -336,10 +336,10 @@ class SivMode(object):
or the key is incorrect.
"""
- if self.decrypt not in self._next:
+ if "decrypt" not in self._next:
raise TypeError("decrypt() can only be called"
" after initialization or an update()")
- self._next = [ self.verify ]
+ self._next = ["verify"]
# Take the MAC and start the cipher for decryption
self._cipher = self._create_ctr_cipher(mac_tag)
@@ -350,7 +350,7 @@ class SivMode(object):
self._kdf.update(self.nonce)
self._kdf.update(plaintext if output is None else output)
self.verify(mac_tag)
-
+
return plaintext
diff --git a/frozen_deps/Cryptodome/Cipher/_pkcs1_decode.abi3.so b/frozen_deps/Cryptodome/Cipher/_pkcs1_decode.abi3.so
new file mode 100755
index 0000000..71cd311
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_pkcs1_decode.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_pkcs1_oaep_decode.py b/frozen_deps/Cryptodome/Cipher/_pkcs1_oaep_decode.py
new file mode 100644
index 0000000..82bdaa7
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_pkcs1_oaep_decode.py
@@ -0,0 +1,41 @@
+from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, c_size_t,
+ c_uint8_ptr)
+
+
+_raw_pkcs1_decode = load_pycryptodome_raw_lib("Cryptodome.Cipher._pkcs1_decode",
+ """
+ int pkcs1_decode(const uint8_t *em, size_t len_em,
+ const uint8_t *sentinel, size_t len_sentinel,
+ size_t expected_pt_len,
+ uint8_t *output);
+
+ int oaep_decode(const uint8_t *em,
+ size_t em_len,
+ const uint8_t *lHash,
+ size_t hLen,
+ const uint8_t *db,
+ size_t db_len);
+ """)
+
+
+def pkcs1_decode(em, sentinel, expected_pt_len, output):
+ if len(em) != len(output):
+ raise ValueError("Incorrect output length")
+
+ ret = _raw_pkcs1_decode.pkcs1_decode(c_uint8_ptr(em),
+ c_size_t(len(em)),
+ c_uint8_ptr(sentinel),
+ c_size_t(len(sentinel)),
+ c_size_t(expected_pt_len),
+ c_uint8_ptr(output))
+ return ret
+
+
+def oaep_decode(em, lHash, db):
+ ret = _raw_pkcs1_decode.oaep_decode(c_uint8_ptr(em),
+ c_size_t(len(em)),
+ c_uint8_ptr(lHash),
+ c_size_t(len(lHash)),
+ c_uint8_ptr(db),
+ c_size_t(len(db)))
+ return ret
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_aes.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_aes.abi3.so
new file mode 100755
index 0000000..b37dd95
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_raw_aes.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_aes.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_aes.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index e62f4d1..0000000
--- a/frozen_deps/Cryptodome/Cipher/_raw_aes.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_aesni.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_aesni.abi3.so
new file mode 100755
index 0000000..5f08fe7
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_raw_aesni.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_aesni.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_aesni.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index b92e170..0000000
--- a/frozen_deps/Cryptodome/Cipher/_raw_aesni.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_arc2.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_arc2.abi3.so
new file mode 100755
index 0000000..2287d2e
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_raw_arc2.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_arc2.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_arc2.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index 07a720a..0000000
--- a/frozen_deps/Cryptodome/Cipher/_raw_arc2.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_blowfish.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_blowfish.abi3.so
new file mode 100755
index 0000000..ad77ccb
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_raw_blowfish.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_blowfish.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_blowfish.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index 05abfd1..0000000
--- a/frozen_deps/Cryptodome/Cipher/_raw_blowfish.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_cast.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_cast.abi3.so
new file mode 100755
index 0000000..730e178
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_raw_cast.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_cast.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_cast.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index 2523fcb..0000000
--- a/frozen_deps/Cryptodome/Cipher/_raw_cast.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_cbc.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_cbc.abi3.so
new file mode 100755
index 0000000..847d824
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_raw_cbc.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_cbc.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_cbc.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index 1b013f3..0000000
--- a/frozen_deps/Cryptodome/Cipher/_raw_cbc.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_cfb.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_cfb.abi3.so
new file mode 100755
index 0000000..2c9b852
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_raw_cfb.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_cfb.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_cfb.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index 6a28991..0000000
--- a/frozen_deps/Cryptodome/Cipher/_raw_cfb.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ctr.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_ctr.abi3.so
new file mode 100755
index 0000000..761cd36
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_raw_ctr.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ctr.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_ctr.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index 0529cf8..0000000
--- a/frozen_deps/Cryptodome/Cipher/_raw_ctr.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_des.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_des.abi3.so
new file mode 100755
index 0000000..7f1f824
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_raw_des.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_des.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_des.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index 1d73854..0000000
--- a/frozen_deps/Cryptodome/Cipher/_raw_des.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_des3.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_des3.abi3.so
new file mode 100755
index 0000000..b475c52
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_raw_des3.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_des3.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_des3.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index 8c4afa5..0000000
--- a/frozen_deps/Cryptodome/Cipher/_raw_des3.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ecb.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_ecb.abi3.so
new file mode 100755
index 0000000..91e8126
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_raw_ecb.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ecb.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_ecb.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index 0775c0b..0000000
--- a/frozen_deps/Cryptodome/Cipher/_raw_ecb.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_eksblowfish.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_eksblowfish.abi3.so
new file mode 100755
index 0000000..c3c45d5
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_raw_eksblowfish.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_eksblowfish.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_eksblowfish.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index 979fe63..0000000
--- a/frozen_deps/Cryptodome/Cipher/_raw_eksblowfish.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ocb.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_ocb.abi3.so
new file mode 100755
index 0000000..9685971
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_raw_ocb.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ocb.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_ocb.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index d545618..0000000
--- a/frozen_deps/Cryptodome/Cipher/_raw_ocb.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ofb.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_ofb.abi3.so
new file mode 100755
index 0000000..a4a629a
--- /dev/null
+++ b/frozen_deps/Cryptodome/Cipher/_raw_ofb.abi3.so
Binary files differ
diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ofb.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_ofb.cpython-38-x86_64-linux-gnu.so
deleted file mode 100755
index 7157784..0000000
--- a/frozen_deps/Cryptodome/Cipher/_raw_ofb.cpython-38-x86_64-linux-gnu.so
+++ /dev/null
Binary files differ