diff options
Diffstat (limited to 'frozen_deps/Cryptodome/Cipher')
63 files changed, 540 insertions, 413 deletions
diff --git a/frozen_deps/Cryptodome/Cipher/AES.py b/frozen_deps/Cryptodome/Cipher/AES.py index dd2671a..402a3d7 100644 --- a/frozen_deps/Cryptodome/Cipher/AES.py +++ b/frozen_deps/Cryptodome/Cipher/AES.py @@ -19,21 +19,6 @@ # CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. # =================================================================== -""" -Module's constants for the modes of operation supported with AES: - -:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>` -:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>` -:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>` -:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>` -:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>` -:var MODE_OPENPGP: :ref:`OpenPGP Mode <openpgp_mode>` -:var MODE_CCM: :ref:`Counter with CBC-MAC (CCM) Mode <ccm_mode>` -:var MODE_EAX: :ref:`EAX Mode <eax_mode>` -:var MODE_GCM: :ref:`Galois Counter Mode (GCM) <gcm_mode>` -:var MODE_SIV: :ref:`Syntethic Initialization Vector (SIV) <siv_mode>` -:var MODE_OCB: :ref:`Offset Code Book (OCB) <ocb_mode>` -""" import sys @@ -45,6 +30,18 @@ from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, from Cryptodome.Util import _cpu_features from Cryptodome.Random import get_random_bytes +MODE_ECB = 1 #: Electronic Code Book (:ref:`ecb_mode`) +MODE_CBC = 2 #: Cipher-Block Chaining (:ref:`cbc_mode`) +MODE_CFB = 3 #: Cipher Feedback (:ref:`cfb_mode`) +MODE_OFB = 5 #: Output Feedback (:ref:`ofb_mode`) +MODE_CTR = 6 #: Counter mode (:ref:`ctr_mode`) +MODE_OPENPGP = 7 #: OpenPGP mode (:ref:`openpgp_mode`) +MODE_CCM = 8 #: Counter with CBC-MAC (:ref:`ccm_mode`) +MODE_EAX = 9 #: :ref:`eax_mode` +MODE_SIV = 10 #: Synthetic Initialization Vector (:ref:`siv_mode`) +MODE_GCM = 11 #: Galois Counter Mode (:ref:`gcm_mode`) +MODE_OCB = 12 #: Offset Code Book (:ref:`ocb_mode`) + _cproto = """ int AES_start_operation(const uint8_t key[], @@ -111,7 +108,7 @@ def _create_base_cipher(dict_parameters): def _derive_Poly1305_key_pair(key, nonce): """Derive a tuple (r, s, nonce) for a Poly1305 MAC. - + If nonce is ``None``, a new 16-byte nonce is generated. """ @@ -130,120 +127,107 @@ def _derive_Poly1305_key_pair(key, nonce): def new(key, mode, *args, **kwargs): """Create a new AES cipher. - :param key: + Args: + key(bytes/bytearray/memoryview): The secret key to use in the symmetric cipher. - It must be 16, 24 or 32 bytes long (respectively for *AES-128*, - *AES-192* or *AES-256*). + It must be 16 (*AES-128)*, 24 (*AES-192*) or 32 (*AES-256*) bytes long. For ``MODE_SIV`` only, it doubles to 32, 48, or 64 bytes. - :type key: bytes/bytearray/memoryview - - :param mode: + mode (a ``MODE_*`` constant): The chaining mode to use for encryption or decryption. If in doubt, use ``MODE_EAX``. - :type mode: One of the supported ``MODE_*`` constants - :Keyword Arguments: - * **iv** (*bytes*, *bytearray*, *memoryview*) -- - (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``, - and ``MODE_OPENPGP`` modes). + Keyword Args: + iv (bytes/bytearray/memoryview): + (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``, + and ``MODE_OPENPGP`` modes). - The initialization vector to use for encryption or decryption. + The initialization vector to use for encryption or decryption. - For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 16 bytes long. + For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 16 bytes long. - For ``MODE_OPENPGP`` mode only, - it must be 16 bytes long for encryption - and 18 bytes for decryption (in the latter case, it is - actually the *encrypted* IV which was prefixed to the ciphertext). + For ``MODE_OPENPGP`` mode only, + it must be 16 bytes long for encryption + and 18 bytes for decryption (in the latter case, it is + actually the *encrypted* IV which was prefixed to the ciphertext). - If not provided, a random byte string is generated (you must then - read its value with the :attr:`iv` attribute). + If not provided, a random byte string is generated (you must then + read its value with the :attr:`iv` attribute). - * **nonce** (*bytes*, *bytearray*, *memoryview*) -- - (Only applicable for ``MODE_CCM``, ``MODE_EAX``, ``MODE_GCM``, - ``MODE_SIV``, ``MODE_OCB``, and ``MODE_CTR``). + nonce (bytes/bytearray/memoryview): + (Only applicable for ``MODE_CCM``, ``MODE_EAX``, ``MODE_GCM``, + ``MODE_SIV``, ``MODE_OCB``, and ``MODE_CTR``). - A value that must never be reused for any other encryption done - with this key (except possibly for ``MODE_SIV``, see below). + A value that must never be reused for any other encryption done + with this key (except possibly for ``MODE_SIV``, see below). - For ``MODE_EAX``, ``MODE_GCM`` and ``MODE_SIV`` there are no - restrictions on its length (recommended: **16** bytes). + For ``MODE_EAX``, ``MODE_GCM`` and ``MODE_SIV`` there are no + restrictions on its length (recommended: **16** bytes). - For ``MODE_CCM``, its length must be in the range **[7..13]**. - Bear in mind that with CCM there is a trade-off between nonce - length and maximum message size. Recommendation: **11** bytes. + For ``MODE_CCM``, its length must be in the range **[7..13]**. + Bear in mind that with CCM there is a trade-off between nonce + length and maximum message size. Recommendation: **11** bytes. - For ``MODE_OCB``, its length must be in the range **[1..15]** - (recommended: **15**). + For ``MODE_OCB``, its length must be in the range **[1..15]** + (recommended: **15**). - For ``MODE_CTR``, its length must be in the range **[0..15]** - (recommended: **8**). - - For ``MODE_SIV``, the nonce is optional, if it is not specified, - then no nonce is being used, which renders the encryption - deterministic. + For ``MODE_CTR``, its length must be in the range **[0..15]** + (recommended: **8**). - If not provided, for modes other than ``MODE_SIV```, a random - byte string of the recommended length is used (you must then - read its value with the :attr:`nonce` attribute). + For ``MODE_SIV``, the nonce is optional, if it is not specified, + then no nonce is being used, which renders the encryption + deterministic. - * **segment_size** (*integer*) -- - (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext - are segmented in. It must be a multiple of 8. - If not specified, it will be assumed to be 8. + If not provided, for modes other than ``MODE_SIV``, a random + byte string of the recommended length is used (you must then + read its value with the :attr:`nonce` attribute). - * **mac_len** : (*integer*) -- - (Only ``MODE_EAX``, ``MODE_GCM``, ``MODE_OCB``, ``MODE_CCM``) - Length of the authentication tag, in bytes. + segment_size (integer): + (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext + are segmented in. It must be a multiple of 8. + If not specified, it will be assumed to be 8. - It must be even and in the range **[4..16]**. - The recommended value (and the default, if not specified) is **16**. + mac_len (integer): + (Only ``MODE_EAX``, ``MODE_GCM``, ``MODE_OCB``, ``MODE_CCM``) + Length of the authentication tag, in bytes. - * **msg_len** : (*integer*) -- - (Only ``MODE_CCM``). Length of the message to (de)cipher. - If not specified, ``encrypt`` must be called with the entire message. - Similarly, ``decrypt`` can only be called once. + It must be even and in the range **[4..16]**. + The recommended value (and the default, if not specified) is **16**. - * **assoc_len** : (*integer*) -- - (Only ``MODE_CCM``). Length of the associated data. - If not specified, all associated data is buffered internally, - which may represent a problem for very large messages. + msg_len (integer): + (Only ``MODE_CCM``). Length of the message to (de)cipher. + If not specified, ``encrypt`` must be called with the entire message. + Similarly, ``decrypt`` can only be called once. - * **initial_value** : (*integer* or *bytes/bytearray/memoryview*) -- - (Only ``MODE_CTR``). - The initial value for the counter. If not present, the cipher will - start counting from 0. The value is incremented by one for each block. - The counter number is encoded in big endian mode. + assoc_len (integer): + (Only ``MODE_CCM``). Length of the associated data. + If not specified, all associated data is buffered internally, + which may represent a problem for very large messages. - * **counter** : (*object*) -- - Instance of ``Cryptodome.Util.Counter``, which allows full customization - of the counter block. This parameter is incompatible to both ``nonce`` - and ``initial_value``. + initial_value (integer or bytes/bytearray/memoryview): + (Only ``MODE_CTR``). + The initial value for the counter. If not present, the cipher will + start counting from 0. The value is incremented by one for each block. + The counter number is encoded in big endian mode. - * **use_aesni** : (*boolean*) -- - Use Intel AES-NI hardware extensions (default: use if available). + counter (object): + (Only ``MODE_CTR``). + Instance of ``Cryptodome.Util.Counter``, which allows full customization + of the counter block. This parameter is incompatible to both ``nonce`` + and ``initial_value``. - :Return: an AES object, of the applicable mode. + use_aesni: (boolean): + Use Intel AES-NI hardware extensions (default: use if available). + + Returns: + an AES object, of the applicable mode. """ kwargs["add_aes_modes"] = True return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs) -MODE_ECB = 1 -MODE_CBC = 2 -MODE_CFB = 3 -MODE_OFB = 5 -MODE_CTR = 6 -MODE_OPENPGP = 7 -MODE_CCM = 8 -MODE_EAX = 9 -MODE_SIV = 10 -MODE_GCM = 11 -MODE_OCB = 12 - # Size of a data block (in bytes) block_size = 16 # Size of a key (in bytes) diff --git a/frozen_deps/Cryptodome/Cipher/AES.pyi b/frozen_deps/Cryptodome/Cipher/AES.pyi index c150efb..3f07b65 100644 --- a/frozen_deps/Cryptodome/Cipher/AES.pyi +++ b/frozen_deps/Cryptodome/Cipher/AES.pyi @@ -1,4 +1,7 @@ -from typing import Union, Tuple, Optional, Dict +from typing import Dict, Optional, Tuple, Union, overload +from typing_extensions import Literal + +Buffer=bytes|bytearray|memoryview from Cryptodome.Cipher._mode_ecb import EcbMode from Cryptodome.Cipher._mode_cbc import CbcMode @@ -12,36 +15,142 @@ from Cryptodome.Cipher._mode_gcm import GcmMode from Cryptodome.Cipher._mode_siv import SivMode from Cryptodome.Cipher._mode_ocb import OcbMode -AESMode = int +MODE_ECB: Literal[1] +MODE_CBC: Literal[2] +MODE_CFB: Literal[3] +MODE_OFB: Literal[5] +MODE_CTR: Literal[6] +MODE_OPENPGP: Literal[7] +MODE_CCM: Literal[8] +MODE_EAX: Literal[9] +MODE_SIV: Literal[10] +MODE_GCM: Literal[11] +MODE_OCB: Literal[12] -MODE_ECB: AESMode -MODE_CBC: AESMode -MODE_CFB: AESMode -MODE_OFB: AESMode -MODE_CTR: AESMode -MODE_OPENPGP: AESMode -MODE_CCM: AESMode -MODE_EAX: AESMode -MODE_GCM: AESMode -MODE_SIV: AESMode -MODE_OCB: AESMode +# MODE_ECB +@overload +def new(key: Buffer, + mode: Literal[1], + use_aesni : bool = ...) -> \ + EcbMode: ... -Buffer = Union[bytes, bytearray, memoryview] +# MODE_CBC +@overload +def new(key: Buffer, + mode: Literal[2], + iv : Optional[Buffer] = ..., + use_aesni : bool = ...) -> \ + CbcMode: ... +@overload def new(key: Buffer, - mode: AESMode, - iv : Buffer = ..., - IV : Buffer = ..., - nonce : Buffer = ..., + mode: Literal[2], + IV : Optional[Buffer] = ..., + use_aesni : bool = ...) -> \ + CbcMode: ... + +# MODE_CFB +@overload +def new(key: Buffer, + mode: Literal[3], + iv : Optional[Buffer] = ..., segment_size : int = ..., - mac_len : int = ..., - assoc_len : int = ..., + use_aesni : bool = ...) -> \ + CfbMode: ... + +@overload +def new(key: Buffer, + mode: Literal[3], + IV : Optional[Buffer] = ..., + segment_size : int = ..., + use_aesni : bool = ...) -> \ + CfbMode: ... + +# MODE_OFB +@overload +def new(key: Buffer, + mode: Literal[5], + iv : Optional[Buffer] = ..., + use_aesni : bool = ...) -> \ + OfbMode: ... + +@overload +def new(key: Buffer, + mode: Literal[5], + IV : Optional[Buffer] = ..., + use_aesni : bool = ...) -> \ + OfbMode: ... + +# MODE_CTR +@overload +def new(key: Buffer, + mode: Literal[6], + nonce : Optional[Buffer] = ..., initial_value : Union[int, Buffer] = ..., counter : Dict = ..., use_aesni : bool = ...) -> \ - Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, - OpenPgpMode, CcmMode, EaxMode, GcmMode, - SivMode, OcbMode]: ... + CtrMode: ... + +# MODE_OPENPGP +@overload +def new(key: Buffer, + mode: Literal[7], + iv : Optional[Buffer] = ..., + use_aesni : bool = ...) -> \ + OpenPgpMode: ... + +@overload +def new(key: Buffer, + mode: Literal[7], + IV : Optional[Buffer] = ..., + use_aesni : bool = ...) -> \ + OpenPgpMode: ... + +# MODE_CCM +@overload +def new(key: Buffer, + mode: Literal[8], + nonce : Optional[Buffer] = ..., + mac_len : int = ..., + assoc_len : int = ..., + use_aesni : bool = ...) -> \ + CcmMode: ... + +# MODE_EAX +@overload +def new(key: Buffer, + mode: Literal[9], + nonce : Optional[Buffer] = ..., + mac_len : int = ..., + use_aesni : bool = ...) -> \ + EaxMode: ... + +# MODE_GCM +@overload +def new(key: Buffer, + mode: Literal[10], + nonce : Optional[Buffer] = ..., + use_aesni : bool = ...) -> \ + SivMode: ... + +# MODE_SIV +@overload +def new(key: Buffer, + mode: Literal[11], + nonce : Optional[Buffer] = ..., + mac_len : int = ..., + use_aesni : bool = ...) -> \ + GcmMode: ... + +# MODE_OCB +@overload +def new(key: Buffer, + mode: Literal[12], + nonce : Optional[Buffer] = ..., + mac_len : int = ..., + use_aesni : bool = ...) -> \ + OcbMode: ... + block_size: int key_size: Tuple[int, int, int] diff --git a/frozen_deps/Cryptodome/Cipher/ARC2.pyi b/frozen_deps/Cryptodome/Cipher/ARC2.pyi index 9659c68..a122a52 100644 --- a/frozen_deps/Cryptodome/Cipher/ARC2.pyi +++ b/frozen_deps/Cryptodome/Cipher/ARC2.pyi @@ -1,4 +1,6 @@ -from typing import Union, Dict, Iterable +from typing import Union, Dict, Iterable, Optional + +Buffer = bytes|bytearray|memoryview from Cryptodome.Cipher._mode_ecb import EcbMode from Cryptodome.Cipher._mode_cbc import CbcMode @@ -18,13 +20,11 @@ MODE_CTR: ARC2Mode MODE_OPENPGP: ARC2Mode MODE_EAX: ARC2Mode -Buffer = Union[bytes, bytearray, memoryview] - def new(key: Buffer, mode: ARC2Mode, - iv : Buffer = ..., - IV : Buffer = ..., - nonce : Buffer = ..., + iv : Optional[Buffer] = ..., + IV : Optional[Buffer] = ..., + nonce : Optional[Buffer] = ..., segment_size : int = ..., mac_len : int = ..., initial_value : Union[int, Buffer] = ..., diff --git a/frozen_deps/Cryptodome/Cipher/ARC4.py b/frozen_deps/Cryptodome/Cipher/ARC4.py index e640e77..543a323 100644 --- a/frozen_deps/Cryptodome/Cipher/ARC4.py +++ b/frozen_deps/Cryptodome/Cipher/ARC4.py @@ -20,8 +20,6 @@ # SOFTWARE. # =================================================================== -from Cryptodome.Util.py3compat import b - from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer, create_string_buffer, get_raw_buffer, SmartPointer, c_size_t, c_uint8_ptr) @@ -113,7 +111,7 @@ def new(key, *args, **kwargs): :param key: The secret key to use in the symmetric cipher. - Its length must be in the range ``[5..256]``. + Its length must be in the range ``[1..256]``. The recommended length is 16 bytes. :type key: bytes, bytearray, memoryview @@ -131,7 +129,8 @@ def new(key, *args, **kwargs): """ return ARC4Cipher(key, *args, **kwargs) + # Size of a data block (in bytes) block_size = 1 # Size of a key (in bytes) -key_size = range(5, 256+1) +key_size = range(1, 256+1) diff --git a/frozen_deps/Cryptodome/Cipher/ARC4.pyi b/frozen_deps/Cryptodome/Cipher/ARC4.pyi index 2e75d6f..b081585 100644 --- a/frozen_deps/Cryptodome/Cipher/ARC4.pyi +++ b/frozen_deps/Cryptodome/Cipher/ARC4.pyi @@ -1,6 +1,6 @@ from typing import Any, Union, Iterable -Buffer = Union[bytes, bytearray, memoryview] +Buffer = bytes|bytearray|memoryview class ARC4Cipher: block_size: int diff --git a/frozen_deps/Cryptodome/Cipher/Blowfish.pyi b/frozen_deps/Cryptodome/Cipher/Blowfish.pyi index a669240..b8b21c6 100644 --- a/frozen_deps/Cryptodome/Cipher/Blowfish.pyi +++ b/frozen_deps/Cryptodome/Cipher/Blowfish.pyi @@ -1,4 +1,6 @@ -from typing import Union, Dict, Iterable +from typing import Union, Dict, Iterable, Optional + +Buffer = bytes|bytearray|memoryview from Cryptodome.Cipher._mode_ecb import EcbMode from Cryptodome.Cipher._mode_cbc import CbcMode @@ -18,13 +20,11 @@ MODE_CTR: BlowfishMode MODE_OPENPGP: BlowfishMode MODE_EAX: BlowfishMode -Buffer = Union[bytes, bytearray, memoryview] - def new(key: Buffer, mode: BlowfishMode, - iv : Buffer = ..., - IV : Buffer = ..., - nonce : Buffer = ..., + iv : Optional[Buffer] = ..., + IV : Optional[Buffer] = ..., + nonce : Optional[Buffer] = ..., segment_size : int = ..., mac_len : int = ..., initial_value : Union[int, Buffer] = ..., diff --git a/frozen_deps/Cryptodome/Cipher/CAST.pyi b/frozen_deps/Cryptodome/Cipher/CAST.pyi index 6b411cf..be01f09 100644 --- a/frozen_deps/Cryptodome/Cipher/CAST.pyi +++ b/frozen_deps/Cryptodome/Cipher/CAST.pyi @@ -1,4 +1,6 @@ -from typing import Union, Dict, Iterable +from typing import Union, Dict, Iterable, Optional + +Buffer = bytes|bytearray|memoryview from Cryptodome.Cipher._mode_ecb import EcbMode from Cryptodome.Cipher._mode_cbc import CbcMode @@ -18,13 +20,11 @@ MODE_CTR: CASTMode MODE_OPENPGP: CASTMode MODE_EAX: CASTMode -Buffer = Union[bytes, bytearray, memoryview] - def new(key: Buffer, mode: CASTMode, - iv : Buffer = ..., - IV : Buffer = ..., - nonce : Buffer = ..., + iv : Optional[Buffer] = ..., + IV : Optional[Buffer] = ..., + nonce : Optional[Buffer] = ..., segment_size : int = ..., mac_len : int = ..., initial_value : Union[int, Buffer] = ..., diff --git a/frozen_deps/Cryptodome/Cipher/ChaCha20.py b/frozen_deps/Cryptodome/Cipher/ChaCha20.py index 0cd9102..648d692 100644 --- a/frozen_deps/Cryptodome/Cipher/ChaCha20.py +++ b/frozen_deps/Cryptodome/Cipher/ChaCha20.py @@ -94,6 +94,8 @@ class ChaCha20Cipher(object): See also `new()` at the module level.""" + self.nonce = _copy_bytes(None, None, nonce) + # XChaCha20 requires a key derivation with HChaCha20 # See 2.3 in https://tools.ietf.org/html/draft-arciszewski-xchacha-03 if len(nonce) == 24: @@ -102,17 +104,16 @@ class ChaCha20Cipher(object): self._name = "XChaCha20" else: self._name = "ChaCha20" + nonce = self.nonce - self.nonce = _copy_bytes(None, None, nonce) - - self._next = ( self.encrypt, self.decrypt ) + self._next = ("encrypt", "decrypt") self._state = VoidPointer() result = _raw_chacha20_lib.chacha20_init( self._state.address_of(), c_uint8_ptr(key), c_size_t(len(key)), - self.nonce, + nonce, c_size_t(len(nonce))) if result: raise ValueError("Error %d instantiating a %s cipher" % (result, @@ -133,9 +134,9 @@ class ChaCha20Cipher(object): Otherwise, ``None``. """ - if self.encrypt not in self._next: + if "encrypt" not in self._next: raise TypeError("Cipher object can only be used for decryption") - self._next = ( self.encrypt, ) + self._next = ("encrypt",) return self._encrypt(plaintext, output) def _encrypt(self, plaintext, output): @@ -179,9 +180,9 @@ class ChaCha20Cipher(object): Otherwise, ``None``. """ - if self.decrypt not in self._next: + if "decrypt" not in self._next: raise TypeError("Cipher object can only be used for encryption") - self._next = ( self.decrypt, ) + self._next = ("decrypt",) try: return self._encrypt(ciphertext, output) diff --git a/frozen_deps/Cryptodome/Cipher/ChaCha20.pyi b/frozen_deps/Cryptodome/Cipher/ChaCha20.pyi index 3d00a1d..f5001cd 100644 --- a/frozen_deps/Cryptodome/Cipher/ChaCha20.pyi +++ b/frozen_deps/Cryptodome/Cipher/ChaCha20.pyi @@ -1,6 +1,6 @@ -from typing import Union, overload +from typing import Union, overload, Optional -Buffer = Union[bytes, bytearray, memoryview] +Buffer = bytes|bytearray|memoryview def _HChaCha20(key: Buffer, nonce: Buffer) -> bytearray: ... @@ -19,7 +19,7 @@ class ChaCha20Cipher: def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ... def seek(self, position: int) -> None: ... -def new(key: Buffer, nonce: Buffer = ...) -> ChaCha20Cipher: ... +def new(key: Buffer, nonce: Optional[Buffer] = ...) -> ChaCha20Cipher: ... block_size: int key_size: int diff --git a/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.py b/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.py index b6bc7a6..b2923ed 100644 --- a/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.py +++ b/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.py @@ -63,10 +63,8 @@ class ChaCha20Poly1305Cipher(object): See also `new()` at the module level.""" - self.nonce = _copy_bytes(None, None, nonce) - - self._next = (self.update, self.encrypt, self.decrypt, self.digest, - self.verify) + self._next = ("update", "encrypt", "decrypt", "digest", + "verify") self._authenticator = Poly1305.new(key=key, nonce=nonce, cipher=ChaCha20) @@ -94,7 +92,7 @@ class ChaCha20Poly1305Cipher(object): A piece of associated data. There are no restrictions on its size. """ - if self.update not in self._next: + if "update" not in self._next: raise TypeError("update() method cannot be called") self._len_aad += len(data) @@ -120,13 +118,13 @@ class ChaCha20Poly1305Cipher(object): Otherwise, ``None``. """ - if self.encrypt not in self._next: + if "encrypt" not in self._next: raise TypeError("encrypt() method cannot be called") if self._status == _CipherStatus.PROCESSING_AUTH_DATA: self._pad_aad() - self._next = (self.encrypt, self.digest) + self._next = ("encrypt", "digest") result = self._cipher.encrypt(plaintext, output=output) self._len_ct += len(plaintext) @@ -149,13 +147,13 @@ class ChaCha20Poly1305Cipher(object): Otherwise, ``None``. """ - if self.decrypt not in self._next: + if "decrypt" not in self._next: raise TypeError("decrypt() method cannot be called") if self._status == _CipherStatus.PROCESSING_AUTH_DATA: self._pad_aad() - self._next = (self.decrypt, self.verify) + self._next = ("decrypt", "verify") self._len_ct += len(ciphertext) self._authenticator.update(ciphertext) @@ -189,9 +187,9 @@ class ChaCha20Poly1305Cipher(object): :Return: the MAC tag, as 16 ``bytes``. """ - if self.digest not in self._next: + if "digest" not in self._next: raise TypeError("digest() method cannot be called") - self._next = (self.digest,) + self._next = ("digest",) return self._compute_mac() @@ -218,10 +216,10 @@ class ChaCha20Poly1305Cipher(object): or the key is incorrect. """ - if self.verify not in self._next: + if "verify" not in self._next: raise TypeError("verify() cannot be called" " when encrypting a message") - self._next = (self.verify,) + self._next = ("verify",) secret = get_random_bytes(16) @@ -316,10 +314,10 @@ def new(**kwargs): nonce = get_random_bytes(12) if len(nonce) in (8, 12): - pass + chacha20_poly1305_nonce = nonce elif len(nonce) == 24: key = _HChaCha20(key, nonce[:16]) - nonce = b'\x00\x00\x00\x00' + nonce[16:] + chacha20_poly1305_nonce = b'\x00\x00\x00\x00' + nonce[16:] else: raise ValueError("Nonce must be 8, 12 or 24 bytes long") @@ -329,7 +327,9 @@ def new(**kwargs): if kwargs: raise TypeError("Unknown parameters: " + str(kwargs)) - return ChaCha20Poly1305Cipher(key, nonce) + cipher = ChaCha20Poly1305Cipher(key, chacha20_poly1305_nonce) + cipher.nonce = _copy_bytes(None, None, nonce) + return cipher # Size of a key (in bytes) diff --git a/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.pyi b/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.pyi index ef0450f..109e805 100644 --- a/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.pyi +++ b/frozen_deps/Cryptodome/Cipher/ChaCha20_Poly1305.pyi @@ -1,6 +1,6 @@ -from typing import Union, Tuple, overload +from typing import Union, Tuple, overload, Optional -Buffer = Union[bytes, bytearray, memoryview] +Buffer = bytes|bytearray|memoryview class ChaCha20Poly1305Cipher: nonce: bytes @@ -22,7 +22,7 @@ class ChaCha20Poly1305Cipher: def encrypt_and_digest(self, plaintext: Buffer) -> Tuple[bytes, bytes]: ... def decrypt_and_verify(self, ciphertext: Buffer, received_mac_tag: Buffer) -> bytes: ... -def new(key: Buffer, nonce: Buffer = ...) -> ChaCha20Poly1305Cipher: ... +def new(key: Buffer, nonce: Optional[Buffer] = ...) -> ChaCha20Poly1305Cipher: ... block_size: int key_size: int diff --git a/frozen_deps/Cryptodome/Cipher/DES.pyi b/frozen_deps/Cryptodome/Cipher/DES.pyi index 1ba2752..25a3b23 100644 --- a/frozen_deps/Cryptodome/Cipher/DES.pyi +++ b/frozen_deps/Cryptodome/Cipher/DES.pyi @@ -1,4 +1,6 @@ -from typing import Union, Dict, Iterable +from typing import Union, Dict, Iterable, Optional + +Buffer = bytes|bytearray|memoryview from Cryptodome.Cipher._mode_ecb import EcbMode from Cryptodome.Cipher._mode_cbc import CbcMode @@ -18,13 +20,11 @@ MODE_CTR: DESMode MODE_OPENPGP: DESMode MODE_EAX: DESMode -Buffer = Union[bytes, bytearray, memoryview] - def new(key: Buffer, mode: DESMode, - iv : Buffer = ..., - IV : Buffer = ..., - nonce : Buffer = ..., + iv : Optional[Buffer] = ..., + IV : Optional[Buffer] = ..., + nonce : Optional[Buffer] = ..., segment_size : int = ..., mac_len : int = ..., initial_value : Union[int, Buffer] = ..., diff --git a/frozen_deps/Cryptodome/Cipher/DES3.pyi b/frozen_deps/Cryptodome/Cipher/DES3.pyi index c1a524f..2c150f8 100644 --- a/frozen_deps/Cryptodome/Cipher/DES3.pyi +++ b/frozen_deps/Cryptodome/Cipher/DES3.pyi @@ -1,4 +1,6 @@ -from typing import Union, Dict, Tuple +from typing import Union, Dict, Tuple, Optional + +Buffer = bytes|bytearray|memoryview from Cryptodome.Cipher._mode_ecb import EcbMode from Cryptodome.Cipher._mode_cbc import CbcMode @@ -20,13 +22,11 @@ MODE_CTR: DES3Mode MODE_OPENPGP: DES3Mode MODE_EAX: DES3Mode -Buffer = Union[bytes, bytearray, memoryview] - def new(key: Buffer, mode: DES3Mode, - iv : Buffer = ..., - IV : Buffer = ..., - nonce : Buffer = ..., + iv : Optional[Buffer] = ..., + IV : Optional[Buffer] = ..., + nonce : Optional[Buffer] = ..., segment_size : int = ..., mac_len : int = ..., initial_value : Union[int, Buffer] = ..., diff --git a/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py b/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py index 3207bbe..08f9efe 100644 --- a/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py +++ b/frozen_deps/Cryptodome/Cipher/PKCS1_OAEP.py @@ -23,11 +23,13 @@ from Cryptodome.Signature.pss import MGF1 import Cryptodome.Hash.SHA1 -from Cryptodome.Util.py3compat import bord, _copy_bytes +from Cryptodome.Util.py3compat import _copy_bytes import Cryptodome.Util.number -from Cryptodome.Util.number import ceil_div, bytes_to_long, long_to_bytes -from Cryptodome.Util.strxor import strxor +from Cryptodome.Util.number import ceil_div, bytes_to_long, long_to_bytes +from Cryptodome.Util.strxor import strxor from Cryptodome import Random +from ._pkcs1_oaep_decode import oaep_decode + class PKCS1OAEP_Cipher: """Cipher object for PKCS#1 v1.5 OAEP. @@ -68,7 +70,7 @@ class PKCS1OAEP_Cipher: if mgfunc: self._mgf = mgfunc else: - self._mgf = lambda x,y: MGF1(x,y,self._hashObj) + self._mgf = lambda x, y: MGF1(x, y, self._hashObj) self._label = _copy_bytes(None, None, label) self._randfunc = randfunc @@ -105,7 +107,7 @@ class PKCS1OAEP_Cipher: # See 7.1.1 in RFC3447 modBits = Cryptodome.Util.number.size(self._key.n) - k = ceil_div(modBits, 8) # Convert from bits to bytes + k = ceil_div(modBits, 8) # Convert from bits to bytes hLen = self._hashObj.digest_size mLen = len(message) @@ -159,22 +161,18 @@ class PKCS1OAEP_Cipher: # See 7.1.2 in RFC3447 modBits = Cryptodome.Util.number.size(self._key.n) - k = ceil_div(modBits,8) # Convert from bits to bytes + k = ceil_div(modBits, 8) # Convert from bits to bytes hLen = self._hashObj.digest_size # Step 1b and 1c - if len(ciphertext) != k or k<hLen+2: + if len(ciphertext) != k or k < hLen+2: raise ValueError("Ciphertext with incorrect length.") # Step 2a (O2SIP) ct_int = bytes_to_long(ciphertext) - # Step 2b (RSADP) - m_int = self._key._decrypt(ct_int) - # Complete step 2c (I2OSP) - em = long_to_bytes(m_int, k) + # Step 2b (RSADP) and step 2c (I2OSP) + em = self._key._decrypt_to_bytes(ct_int) # Step 3a lHash = self._hashObj.new(self._label).digest() - # Step 3b - y = em[0] # y must be 0, but we MUST NOT check it here in order not to # allow attacks like Manger's (http://dl.acm.org/citation.cfm?id=704143) maskedSeed = em[1:hLen+1] @@ -187,22 +185,17 @@ class PKCS1OAEP_Cipher: dbMask = self._mgf(seed, k-hLen-1) # Step 3f db = strxor(maskedDB, dbMask) - # Step 3g - one_pos = db[hLen:].find(b'\x01') - lHash1 = db[:hLen] - invalid = bord(y) | int(one_pos < 0) - hash_compare = strxor(lHash1, lHash) - for x in hash_compare: - invalid |= bord(x) - for x in db[hLen:one_pos]: - invalid |= bord(x) - if invalid != 0: + # Step 3b + 3g + res = oaep_decode(em, lHash, db) + if res <= 0: raise ValueError("Incorrect decryption.") # Step 4 - return db[hLen + one_pos + 1:] + return db[res:] + def new(key, hashAlgo=None, mgfunc=None, label=b'', randfunc=None): - """Return a cipher object :class:`PKCS1OAEP_Cipher` that can be used to perform PKCS#1 OAEP encryption or decryption. + """Return a cipher object :class:`PKCS1OAEP_Cipher` + that can be used to perform PKCS#1 OAEP encryption or decryption. :param key: The key object to use to encrypt or decrypt the message. @@ -236,4 +229,3 @@ def new(key, hashAlgo=None, mgfunc=None, label=b'', randfunc=None): if randfunc is None: randfunc = Random.get_random_bytes return PKCS1OAEP_Cipher(key, hashAlgo, mgfunc, label, randfunc) - diff --git a/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.py b/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.py index 1fd1626..d7a9b79 100644 --- a/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.py +++ b/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.py @@ -20,12 +20,13 @@ # SOFTWARE. # =================================================================== -__all__ = [ 'new', 'PKCS115_Cipher' ] +__all__ = ['new', 'PKCS115_Cipher'] -from Cryptodome.Util.number import ceil_div, bytes_to_long, long_to_bytes -from Cryptodome.Util.py3compat import bord, _copy_bytes -import Cryptodome.Util.number from Cryptodome import Random +from Cryptodome.Util.number import bytes_to_long, long_to_bytes +from Cryptodome.Util.py3compat import bord, is_bytes, _copy_bytes +from ._pkcs1_oaep_decode import pkcs1_decode + class PKCS115_Cipher: """This cipher can perform PKCS#1 v1.5 RSA encryption or decryption. @@ -74,8 +75,7 @@ class PKCS115_Cipher: """ # See 7.2.1 in RFC8017 - modBits = Cryptodome.Util.number.size(self._key.n) - k = ceil_div(modBits,8) # Convert from bits to bytes + k = self._key.size_in_bytes() mLen = len(message) # Step 1 @@ -89,7 +89,6 @@ class PKCS115_Cipher: continue ps.append(new_byte) ps = b"".join(ps) - assert(len(ps) == k - mLen - 3) # Step 2b em = b'\x00\x02' + ps + b'\x00' + _copy_bytes(None, None, message) # Step 3a (OS2IP) @@ -100,81 +99,73 @@ class PKCS115_Cipher: c = long_to_bytes(m_int, k) return c - def decrypt(self, ciphertext, sentinel): + def decrypt(self, ciphertext, sentinel, expected_pt_len=0): r"""Decrypt a PKCS#1 v1.5 ciphertext. - This function is named ``RSAES-PKCS1-V1_5-DECRYPT``, and is specified in + This is the function ``RSAES-PKCS1-V1_5-DECRYPT`` specified in `section 7.2.2 of RFC8017 <https://tools.ietf.org/html/rfc8017#page-29>`_. - :param ciphertext: + Args: + ciphertext (bytes/bytearray/memoryview): The ciphertext that contains the message to recover. - :type ciphertext: bytes/bytearray/memoryview - - :param sentinel: + sentinel (any type): The object to return whenever an error is detected. - :type sentinel: any type + expected_pt_len (integer): + The length the plaintext is known to have, or 0 if unknown. - :Returns: A byte string. It is either the original message or the ``sentinel`` (in case of an error). - - :Raises ValueError: - If the ciphertext length is incorrect - :Raises TypeError: - If the RSA key has no private half (i.e. it cannot be used for - decyption). + Returns (byte string): + It is either the original message or the ``sentinel`` (in case of an error). .. warning:: - You should **never** let the party who submitted the ciphertext know that - this function returned the ``sentinel`` value. - Armed with such knowledge (for a fair amount of carefully crafted but invalid ciphertexts), - an attacker is able to recontruct the plaintext of any other encryption that were carried out - with the same RSA public key (see `Bleichenbacher's`__ attack). - - In general, it should not be possible for the other party to distinguish - whether processing at the server side failed because the value returned - was a ``sentinel`` as opposed to a random, invalid message. - - In fact, the second option is not that unlikely: encryption done according to PKCS#1 v1.5 - embeds no good integrity check. There is roughly one chance - in 2\ :sup:`16` for a random ciphertext to be returned as a valid message - (although random looking). - - It is therefore advisabled to: - - 1. Select as ``sentinel`` a value that resembles a plausable random, invalid message. - 2. Not report back an error as soon as you detect a ``sentinel`` value. - Put differently, you should not explicitly check if the returned value is the ``sentinel`` or not. - 3. Cover all possible errors with a single, generic error indicator. - 4. Embed into the definition of ``message`` (at the protocol level) a digest (e.g. ``SHA-1``). - It is recommended for it to be the rightmost part ``message``. - 5. Where possible, monitor the number of errors due to ciphertexts originating from the same party, - and slow down the rate of the requests from such party (or even blacklist it altogether). - - **If you are designing a new protocol, consider using the more robust PKCS#1 OAEP.** - - .. __: http://www.bell-labs.com/user/bleichen/papers/pkcs.ps - + PKCS#1 v1.5 decryption is intrinsically vulnerable to timing + attacks (see `Bleichenbacher's`__ attack). + **Use PKCS#1 OAEP instead**. + + This implementation attempts to mitigate the risk + with some constant-time constructs. + However, they are not sufficient by themselves: the type of protocol you + implement and the way you handle errors make a big difference. + + Specifically, you should make it very hard for the (malicious) + party that submitted the ciphertext to quickly understand if decryption + succeeded or not. + + To this end, it is recommended that your protocol only encrypts + plaintexts of fixed length (``expected_pt_len``), + that ``sentinel`` is a random byte string of the same length, + and that processing continues for as long + as possible even if ``sentinel`` is returned (i.e. in case of + incorrect decryption). + + .. __: https://dx.doi.org/10.1007/BFb0055716 """ - # See 7.2.1 in RFC3447 - modBits = Cryptodome.Util.number.size(self._key.n) - k = ceil_div(modBits,8) # Convert from bits to bytes + # See 7.2.2 in RFC8017 + k = self._key.size_in_bytes() # Step 1 if len(ciphertext) != k: - raise ValueError("Ciphertext with incorrect length.") + raise ValueError("Ciphertext with incorrect length (not %d bytes)" % k) + # Step 2a (O2SIP) ct_int = bytes_to_long(ciphertext) - # Step 2b (RSADP) - m_int = self._key._decrypt(ct_int) - # Complete step 2c (I2OSP) - em = long_to_bytes(m_int, k) - # Step 3 - sep = em.find(b'\x00', 2) - if not em.startswith(b'\x00\x02') or sep < 10: - return sentinel - # Step 4 - return em[sep + 1:] + + # Step 2b (RSADP) and Step 2c (I2OSP) + em = self._key._decrypt_to_bytes(ct_int) + + # Step 3 (not constant time when the sentinel is not a byte string) + output = bytes(bytearray(k)) + if not is_bytes(sentinel) or len(sentinel) > k: + size = pkcs1_decode(em, b'', expected_pt_len, output) + if size < 0: + return sentinel + else: + return output[size:] + + # Step 3 (somewhat constant time) + size = pkcs1_decode(em, sentinel, expected_pt_len, output) + return output[size:] def new(key, randfunc=None): @@ -196,4 +187,3 @@ def new(key, randfunc=None): if randfunc is None: randfunc = Random.get_random_bytes return PKCS115_Cipher(key, randfunc) - diff --git a/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.pyi b/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.pyi index ff4e3f2..b69f509 100644 --- a/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.pyi +++ b/frozen_deps/Cryptodome/Cipher/PKCS1_v1_5.pyi @@ -1,8 +1,9 @@ -from typing import Callable, Union, Any, Optional +from typing import Callable, Union, Any, Optional, TypeVar from Cryptodome.PublicKey.RSA import RsaKey Buffer = Union[bytes, bytearray, memoryview] +T = TypeVar('T') class PKCS115_Cipher: def __init__(self, @@ -11,7 +12,9 @@ class PKCS115_Cipher: def can_encrypt(self) -> bool: ... def can_decrypt(self) -> bool: ... def encrypt(self, message: Buffer) -> bytes: ... - def decrypt(self, ciphertext: Buffer) -> bytes: ... + def decrypt(self, ciphertext: Buffer, + sentinel: T, + expected_pt_len: Optional[int] = ...) -> Union[bytes, T]: ... def new(key: RsaKey, randfunc: Optional[Callable[[int], bytes]] = ...) -> PKCS115_Cipher: ... diff --git a/frozen_deps/Cryptodome/Cipher/Salsa20.pyi b/frozen_deps/Cryptodome/Cipher/Salsa20.pyi index 9178f0d..cf8690e 100644 --- a/frozen_deps/Cryptodome/Cipher/Salsa20.pyi +++ b/frozen_deps/Cryptodome/Cipher/Salsa20.pyi @@ -1,7 +1,6 @@ -from typing import Union, Tuple, Optional, overload +from typing import Union, Tuple, Optional, overload, Optional - -Buffer = Union[bytes, bytearray, memoryview] +Buffer = bytes|bytearray|memoryview class Salsa20Cipher: nonce: bytes diff --git a/frozen_deps/Cryptodome/Cipher/_ARC4.abi3.so b/frozen_deps/Cryptodome/Cipher/_ARC4.abi3.so Binary files differnew file mode 100755 index 0000000..451d359 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_ARC4.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_ARC4.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_ARC4.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index e4d89af..0000000 --- a/frozen_deps/Cryptodome/Cipher/_ARC4.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Cryptodome/Cipher/_Salsa20.abi3.so b/frozen_deps/Cryptodome/Cipher/_Salsa20.abi3.so Binary files differnew file mode 100755 index 0000000..a303d91 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_Salsa20.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_Salsa20.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_Salsa20.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index df9884e..0000000 --- a/frozen_deps/Cryptodome/Cipher/_Salsa20.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Cryptodome/Cipher/_chacha20.abi3.so b/frozen_deps/Cryptodome/Cipher/_chacha20.abi3.so Binary files differnew file mode 100755 index 0000000..f1f1fa1 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_chacha20.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_chacha20.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_chacha20.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index ded8fd8..0000000 --- a/frozen_deps/Cryptodome/Cipher/_chacha20.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Cryptodome/Cipher/_mode_cbc.py b/frozen_deps/Cryptodome/Cipher/_mode_cbc.py index edc29ca..94d02e7 100644 --- a/frozen_deps/Cryptodome/Cipher/_mode_cbc.py +++ b/frozen_deps/Cryptodome/Cipher/_mode_cbc.py @@ -120,7 +120,7 @@ class CbcMode(object): self.IV = self.iv """Alias for `iv`""" - self._next = [ self.encrypt, self.decrypt ] + self._next = ["encrypt", "decrypt"] def encrypt(self, plaintext, output=None): """Encrypt data with the key and the parameters set at initialization. @@ -158,18 +158,18 @@ class CbcMode(object): Otherwise, ``None``. """ - if self.encrypt not in self._next: + if "encrypt" not in self._next: raise TypeError("encrypt() cannot be called after decrypt()") - self._next = [ self.encrypt ] - + self._next = ["encrypt"] + if output is None: ciphertext = create_string_buffer(len(plaintext)) else: ciphertext = output - + if not is_writeable_buffer(output): raise TypeError("output must be a bytearray or a writeable memoryview") - + if len(plaintext) != len(output): raise ValueError("output must have the same length as the input" " (%d bytes)" % len(plaintext)) @@ -221,10 +221,10 @@ class CbcMode(object): Otherwise, ``None``. """ - if self.decrypt not in self._next: + if "decrypt" not in self._next: raise TypeError("decrypt() cannot be called after encrypt()") - self._next = [ self.decrypt ] - + self._next = ["decrypt"] + if output is None: plaintext = create_string_buffer(len(ciphertext)) else: @@ -232,7 +232,7 @@ class CbcMode(object): if not is_writeable_buffer(output): raise TypeError("output must be a bytearray or a writeable memoryview") - + if len(ciphertext) != len(output): raise ValueError("output must have the same length as the input" " (%d bytes)" % len(plaintext)) @@ -285,7 +285,7 @@ def _create_cbc_cipher(factory, **kwargs): if len(iv) != factory.block_size: raise ValueError("Incorrect IV length (it must be %d bytes long)" % - factory.block_size) + factory.block_size) if kwargs: raise TypeError("Unknown parameters for CBC: %s" % str(kwargs)) diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ccm.py b/frozen_deps/Cryptodome/Cipher/_mode_ccm.py index 0e1c2f6..ec2e4f4 100644 --- a/frozen_deps/Cryptodome/Cipher/_mode_ccm.py +++ b/frozen_deps/Cryptodome/Cipher/_mode_ccm.py @@ -155,8 +155,8 @@ class CcmMode(object): self._t = None # Allowed transitions after initialization - self._next = [self.update, self.encrypt, self.decrypt, - self.digest, self.verify] + self._next = ["update", "encrypt", "decrypt", + "digest", "verify"] # Cumulative lengths self._cumul_assoc_len = 0 @@ -252,12 +252,12 @@ class CcmMode(object): A piece of associated data. There are no restrictions on its size. """ - if self.update not in self._next: + if "update" not in self._next: raise TypeError("update() can only be called" " immediately after initialization") - self._next = [self.update, self.encrypt, self.decrypt, - self.digest, self.verify] + self._next = ["update", "encrypt", "decrypt", + "digest", "verify"] self._cumul_assoc_len += len(assoc_data) if self._assoc_len is not None and \ @@ -336,10 +336,10 @@ class CcmMode(object): Otherwise, ``None``. """ - if self.encrypt not in self._next: + if "encrypt" not in self._next: raise TypeError("encrypt() can only be called after" " initialization or an update()") - self._next = [self.encrypt, self.digest] + self._next = ["encrypt", "digest"] # No more associated data allowed from now if self._assoc_len is None: @@ -356,7 +356,7 @@ class CcmMode(object): if self._msg_len is None: self._msg_len = len(plaintext) self._start_mac() - self._next = [self.digest] + self._next = ["digest"] self._cumul_msg_len += len(plaintext) if self._cumul_msg_len > self._msg_len: @@ -409,10 +409,10 @@ class CcmMode(object): Otherwise, ``None``. """ - if self.decrypt not in self._next: + if "decrypt" not in self._next: raise TypeError("decrypt() can only be called" " after initialization or an update()") - self._next = [self.decrypt, self.verify] + self._next = ["decrypt", "verify"] # No more associated data allowed from now if self._assoc_len is None: @@ -429,7 +429,7 @@ class CcmMode(object): if self._msg_len is None: self._msg_len = len(ciphertext) self._start_mac() - self._next = [self.verify] + self._next = ["verify"] self._cumul_msg_len += len(ciphertext) if self._cumul_msg_len > self._msg_len: @@ -461,10 +461,10 @@ class CcmMode(object): :Return: the MAC, as a byte string. """ - if self.digest not in self._next: + if "digest" not in self._next: raise TypeError("digest() cannot be called when decrypting" " or validating a message") - self._next = [self.digest] + self._next = ["digest"] return self._digest() def _digest(self): @@ -523,10 +523,10 @@ class CcmMode(object): or the key is incorrect. """ - if self.verify not in self._next: + if "verify" not in self._next: raise TypeError("verify() cannot be called" " when encrypting a message") - self._next = [self.verify] + self._next = ["verify"] self._digest() secret = get_random_bytes(16) diff --git a/frozen_deps/Cryptodome/Cipher/_mode_cfb.py b/frozen_deps/Cryptodome/Cipher/_mode_cfb.py index b790dd4..1b1b6c3 100644 --- a/frozen_deps/Cryptodome/Cipher/_mode_cfb.py +++ b/frozen_deps/Cryptodome/Cipher/_mode_cfb.py @@ -119,7 +119,7 @@ class CfbMode(object): self.IV = self.iv """Alias for `iv`""" - self._next = [ self.encrypt, self.decrypt ] + self._next = ["encrypt", "decrypt"] def encrypt(self, plaintext, output=None): """Encrypt data with the key and the parameters set at initialization. @@ -154,18 +154,18 @@ class CfbMode(object): Otherwise, ``None``. """ - if self.encrypt not in self._next: + if "encrypt" not in self._next: raise TypeError("encrypt() cannot be called after decrypt()") - self._next = [ self.encrypt ] - + self._next = ["encrypt"] + if output is None: ciphertext = create_string_buffer(len(plaintext)) else: ciphertext = output - + if not is_writeable_buffer(output): raise TypeError("output must be a bytearray or a writeable memoryview") - + if len(plaintext) != len(output): raise ValueError("output must have the same length as the input" " (%d bytes)" % len(plaintext)) @@ -215,10 +215,10 @@ class CfbMode(object): Otherwise, ``None``. """ - if self.decrypt not in self._next: + if "decrypt" not in self._next: raise TypeError("decrypt() cannot be called after encrypt()") - self._next = [ self.decrypt ] - + self._next = ["decrypt"] + if output is None: plaintext = create_string_buffer(len(ciphertext)) else: @@ -226,11 +226,11 @@ class CfbMode(object): if not is_writeable_buffer(output): raise TypeError("output must be a bytearray or a writeable memoryview") - + if len(ciphertext) != len(output): raise ValueError("output must have the same length as the input" " (%d bytes)" % len(plaintext)) - + result = raw_cfb_lib.CFB_decrypt(self._state.get(), c_uint8_ptr(ciphertext), c_uint8_ptr(plaintext), diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ctr.py b/frozen_deps/Cryptodome/Cipher/_mode_ctr.py index 99712d0..9ce357f 100644 --- a/frozen_deps/Cryptodome/Cipher/_mode_ctr.py +++ b/frozen_deps/Cryptodome/Cipher/_mode_ctr.py @@ -146,7 +146,7 @@ class CtrMode(object): self.block_size = len(initial_counter_block) """The block size of the underlying cipher, in bytes.""" - self._next = [self.encrypt, self.decrypt] + self._next = ["encrypt", "decrypt"] def encrypt(self, plaintext, output=None): """Encrypt data with the key and the parameters set at initialization. @@ -181,18 +181,18 @@ class CtrMode(object): Otherwise, ``None``. """ - if self.encrypt not in self._next: + if "encrypt" not in self._next: raise TypeError("encrypt() cannot be called after decrypt()") - self._next = [self.encrypt] - + self._next = ["encrypt"] + if output is None: ciphertext = create_string_buffer(len(plaintext)) else: ciphertext = output - + if not is_writeable_buffer(output): raise TypeError("output must be a bytearray or a writeable memoryview") - + if len(plaintext) != len(output): raise ValueError("output must have the same length as the input" " (%d bytes)" % len(plaintext)) @@ -206,7 +206,7 @@ class CtrMode(object): raise OverflowError("The counter has wrapped around in" " CTR mode") raise ValueError("Error %X while encrypting in CTR mode" % result) - + if output is None: return get_raw_buffer(ciphertext) else: @@ -245,10 +245,10 @@ class CtrMode(object): Otherwise, ``None``. """ - if self.decrypt not in self._next: + if "decrypt" not in self._next: raise TypeError("decrypt() cannot be called after encrypt()") - self._next = [self.decrypt] - + self._next = ["decrypt"] + if output is None: plaintext = create_string_buffer(len(ciphertext)) else: @@ -256,12 +256,11 @@ class CtrMode(object): if not is_writeable_buffer(output): raise TypeError("output must be a bytearray or a writeable memoryview") - + if len(ciphertext) != len(output): raise ValueError("output must have the same length as the input" " (%d bytes)" % len(plaintext)) - result = raw_ctr_lib.CTR_decrypt(self._state.get(), c_uint8_ptr(ciphertext), c_uint8_ptr(plaintext), @@ -271,7 +270,7 @@ class CtrMode(object): raise OverflowError("The counter has wrapped around in" " CTR mode") raise ValueError("Error %X while decrypting in CTR mode" % result) - + if output is None: return get_raw_buffer(plaintext) else: @@ -324,8 +323,8 @@ def _create_ctr_cipher(factory, **kwargs): raise TypeError("Invalid parameters for CTR mode: %s" % str(kwargs)) if counter is not None and (nonce, initial_value) != (None, None): - raise TypeError("'counter' and 'nonce'/'initial_value'" - " are mutually exclusive") + raise TypeError("'counter' and 'nonce'/'initial_value'" + " are mutually exclusive") if counter is None: # Cryptodome.Util.Counter is not used @@ -337,7 +336,7 @@ def _create_ctr_cipher(factory, **kwargs): else: if len(nonce) >= factory.block_size: raise ValueError("Nonce is too long") - + # What is not nonce is counter counter_len = factory.block_size - len(nonce) @@ -350,7 +349,8 @@ def _create_ctr_cipher(factory, **kwargs): initial_counter_block = nonce + long_to_bytes(initial_value, counter_len) else: if len(initial_value) != counter_len: - raise ValueError("Incorrect length for counter byte string (%d bytes, expected %d)" % (len(initial_value), counter_len)) + raise ValueError("Incorrect length for counter byte string (%d bytes, expected %d)" % + (len(initial_value), counter_len)) initial_counter_block = nonce + initial_value return CtrMode(cipher_state, @@ -379,7 +379,7 @@ def _create_ctr_cipher(factory, **kwargs): while initial_value > 0: words.append(struct.pack('B', initial_value & 255)) initial_value >>= 8 - words += [ b'\x00' ] * max(0, counter_len - len(words)) + words += [b'\x00'] * max(0, counter_len - len(words)) if not little_endian: words.reverse() initial_counter_block = prefix + b"".join(words) + suffix diff --git a/frozen_deps/Cryptodome/Cipher/_mode_eax.py b/frozen_deps/Cryptodome/Cipher/_mode_eax.py index 8efb77a..44ef21f 100644 --- a/frozen_deps/Cryptodome/Cipher/_mode_eax.py +++ b/frozen_deps/Cryptodome/Cipher/_mode_eax.py @@ -90,12 +90,12 @@ class EaxMode(object): self._mac_tag = None # Cache for MAC tag # Allowed transitions after initialization - self._next = [self.update, self.encrypt, self.decrypt, - self.digest, self.verify] + self._next = ["update", "encrypt", "decrypt", + "digest", "verify"] # MAC tag length - if not (4 <= self._mac_len <= self.block_size): - raise ValueError("Parameter 'mac_len' must not be larger than %d" + if not (2 <= self._mac_len <= self.block_size): + raise ValueError("'mac_len' must be at least 2 and not larger than %d" % self.block_size) # Nonce cannot be empty and must be a byte string @@ -145,12 +145,12 @@ class EaxMode(object): A piece of associated data. There are no restrictions on its size. """ - if self.update not in self._next: + if "update" not in self._next: raise TypeError("update() can only be called" " immediately after initialization") - self._next = [self.update, self.encrypt, self.decrypt, - self.digest, self.verify] + self._next = ["update", "encrypt", "decrypt", + "digest", "verify"] self._signer.update(assoc_data) return self @@ -188,10 +188,10 @@ class EaxMode(object): Otherwise, ``None``. """ - if self.encrypt not in self._next: + if "encrypt" not in self._next: raise TypeError("encrypt() can only be called after" " initialization or an update()") - self._next = [self.encrypt, self.digest] + self._next = ["encrypt", "digest"] ct = self._cipher.encrypt(plaintext, output=output) if output is None: self._omac[2].update(ct) @@ -232,10 +232,10 @@ class EaxMode(object): Otherwise, ``None``. """ - if self.decrypt not in self._next: + if "decrypt" not in self._next: raise TypeError("decrypt() can only be called" " after initialization or an update()") - self._next = [self.decrypt, self.verify] + self._next = ["decrypt", "verify"] self._omac[2].update(ciphertext) return self._cipher.decrypt(ciphertext, output=output) @@ -250,10 +250,10 @@ class EaxMode(object): :Return: the MAC, as a byte string. """ - if self.digest not in self._next: + if "digest" not in self._next: raise TypeError("digest() cannot be called when decrypting" " or validating a message") - self._next = [self.digest] + self._next = ["digest"] if not self._mac_tag: tag = b'\x00' * self.block_size @@ -289,10 +289,10 @@ class EaxMode(object): or the key is incorrect. """ - if self.verify not in self._next: + if "verify" not in self._next: raise TypeError("verify() cannot be called" " when encrypting a message") - self._next = [self.verify] + self._next = ["verify"] if not self._mac_tag: tag = b'\x00' * self.block_size diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ecb.py b/frozen_deps/Cryptodome/Cipher/_mode_ecb.py index 4c381f7..a01a16f 100644 --- a/frozen_deps/Cryptodome/Cipher/_mode_ecb.py +++ b/frozen_deps/Cryptodome/Cipher/_mode_ecb.py @@ -72,6 +72,7 @@ class EcbMode(object): block_cipher : C pointer A smart pointer to the low-level block cipher instance. """ + self.block_size = block_cipher.block_size self._state = VoidPointer() result = raw_ecb_lib.ECB_start_operation(block_cipher.get(), @@ -213,6 +214,7 @@ def _create_ecb_cipher(factory, **kwargs): to be present""" cipher_state = factory._create_base_cipher(kwargs) + cipher_state.block_size = factory.block_size if kwargs: raise TypeError("Unknown parameters for ECB: %s" % str(kwargs)) return EcbMode(cipher_state) diff --git a/frozen_deps/Cryptodome/Cipher/_mode_gcm.py b/frozen_deps/Cryptodome/Cipher/_mode_gcm.py index c90061b..9914400 100644 --- a/frozen_deps/Cryptodome/Cipher/_mode_gcm.py +++ b/frozen_deps/Cryptodome/Cipher/_mode_gcm.py @@ -186,7 +186,7 @@ class GcmMode(object): if len(nonce) == 0: raise ValueError("Nonce cannot be empty") - + if not is_buffer(nonce): raise TypeError("Nonce must be bytes, bytearray or memoryview") @@ -207,8 +207,8 @@ class GcmMode(object): raise ValueError("Parameter 'mac_len' must be in the range 4..16") # Allowed transitions after initialization - self._next = [self.update, self.encrypt, self.decrypt, - self.digest, self.verify] + self._next = ["update", "encrypt", "decrypt", + "digest", "verify"] self._no_more_assoc_data = False @@ -229,10 +229,10 @@ class GcmMode(object): if len(self.nonce) == 12: j0 = self.nonce + b"\x00\x00\x00\x01" else: - fill = (16 - (len(nonce) % 16)) % 16 + 8 + fill = (16 - (len(self.nonce) % 16)) % 16 + 8 ghash_in = (self.nonce + b'\x00' * fill + - long_to_bytes(8 * len(nonce), 8)) + long_to_bytes(8 * len(self.nonce), 8)) j0 = _GHASH(hash_subkey, ghash_c).update(ghash_in).digest() # Step 3 - Prepare GCTR cipher for encryption/decryption @@ -282,12 +282,12 @@ class GcmMode(object): A piece of associated data. There are no restrictions on its size. """ - if self.update not in self._next: + if "update" not in self._next: raise TypeError("update() can only be called" " immediately after initialization") - self._next = [self.update, self.encrypt, self.decrypt, - self.digest, self.verify] + self._next = ["update", "encrypt", "decrypt", + "digest", "verify"] self._update(assoc_data) self._auth_len += len(assoc_data) @@ -364,10 +364,10 @@ class GcmMode(object): Otherwise, ``None``. """ - if self.encrypt not in self._next: + if "encrypt" not in self._next: raise TypeError("encrypt() can only be called after" " initialization or an update()") - self._next = [self.encrypt, self.digest] + self._next = ["encrypt", "digest"] ciphertext = self._cipher.encrypt(plaintext, output=output) @@ -417,10 +417,10 @@ class GcmMode(object): Otherwise, ``None``. """ - if self.decrypt not in self._next: + if "decrypt" not in self._next: raise TypeError("decrypt() can only be called" " after initialization or an update()") - self._next = [self.decrypt, self.verify] + self._next = ["decrypt", "verify"] if self._status == MacStatus.PROCESSING_AUTH_DATA: self._pad_cache_and_update() @@ -442,10 +442,10 @@ class GcmMode(object): :Return: the MAC, as a byte string. """ - if self.digest not in self._next: + if "digest" not in self._next: raise TypeError("digest() cannot be called when decrypting" " or validating a message") - self._next = [self.digest] + self._next = ["digest"] return self._compute_mac() @@ -492,10 +492,10 @@ class GcmMode(object): or the key is incorrect. """ - if self.verify not in self._next: + if "verify" not in self._next: raise TypeError("verify() cannot be called" " when encrypting a message") - self._next = [self.verify] + self._next = ["verify"] secret = get_random_bytes(16) diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ocb.py b/frozen_deps/Cryptodome/Cipher/_mode_ocb.py index 27c2797..1295e61 100644 --- a/frozen_deps/Cryptodome/Cipher/_mode_ocb.py +++ b/frozen_deps/Cryptodome/Cipher/_mode_ocb.py @@ -71,7 +71,7 @@ Example: import struct from binascii import unhexlify -from Cryptodome.Util.py3compat import bord, _copy_bytes +from Cryptodome.Util.py3compat import bord, _copy_bytes, bchr from Cryptodome.Util.number import long_to_bytes, bytes_to_long from Cryptodome.Util.strxor import strxor @@ -142,15 +142,22 @@ class OcbMode(object): self._cache_P = b"" # Allowed transitions after initialization - self._next = [self.update, self.encrypt, self.decrypt, - self.digest, self.verify] + self._next = ["update", "encrypt", "decrypt", + "digest", "verify"] # Compute Offset_0 params_without_key = dict(cipher_params) key = params_without_key.pop("key") - nonce = (struct.pack('B', self._mac_len << 4 & 0xFF) + - b'\x00' * (14 - len(nonce)) + - b'\x01' + self.nonce) + + taglen_mod128 = (self._mac_len * 8) % 128 + if len(self.nonce) < 15: + nonce = bchr(taglen_mod128 << 1) +\ + b'\x00' * (14 - len(nonce)) +\ + b'\x01' +\ + self.nonce + else: + nonce = bchr((taglen_mod128 << 1) | 0x01) +\ + self.nonce bottom_bits = bord(nonce[15]) & 0x3F # 6 bits, 0..63 top_bits = bord(nonce[15]) & 0xC0 # 2 bits @@ -217,12 +224,12 @@ class OcbMode(object): A piece of associated data. """ - if self.update not in self._next: + if "update" not in self._next: raise TypeError("update() can only be called" " immediately after initialization") - self._next = [self.encrypt, self.decrypt, self.digest, - self.verify, self.update] + self._next = ["encrypt", "decrypt", "digest", + "verify", "update"] if len(self._cache_A) > 0: filler = min(16 - len(self._cache_A), len(assoc_data)) @@ -316,14 +323,14 @@ class OcbMode(object): Its length may not match the length of the *plaintext*. """ - if self.encrypt not in self._next: + if "encrypt" not in self._next: raise TypeError("encrypt() can only be called after" " initialization or an update()") if plaintext is None: - self._next = [self.digest] + self._next = ["digest"] else: - self._next = [self.encrypt] + self._next = ["encrypt"] return self._transcrypt(plaintext, _raw_ocb_lib.OCB_encrypt, "encrypt") def decrypt(self, ciphertext=None): @@ -345,14 +352,14 @@ class OcbMode(object): Its length may not match the length of the *ciphertext*. """ - if self.decrypt not in self._next: + if "decrypt" not in self._next: raise TypeError("decrypt() can only be called after" " initialization or an update()") if ciphertext is None: - self._next = [self.verify] + self._next = ["verify"] else: - self._next = [self.decrypt] + self._next = ["decrypt"] return self._transcrypt(ciphertext, _raw_ocb_lib.OCB_decrypt, "decrypt") @@ -388,12 +395,12 @@ class OcbMode(object): :Return: the MAC, as a byte string. """ - if self.digest not in self._next: + if "digest" not in self._next: raise TypeError("digest() cannot be called now for this cipher") assert(len(self._cache_P) == 0) - self._next = [self.digest] + self._next = ["digest"] if self._mac_tag is None: self._compute_mac_tag() @@ -423,12 +430,12 @@ class OcbMode(object): or the key is incorrect. """ - if self.verify not in self._next: + if "verify" not in self._next: raise TypeError("verify() cannot be called now for this cipher") assert(len(self._cache_P) == 0) - self._next = [self.verify] + self._next = ["verify"] if self._mac_tag is None: self._compute_mac_tag() diff --git a/frozen_deps/Cryptodome/Cipher/_mode_ofb.py b/frozen_deps/Cryptodome/Cipher/_mode_ofb.py index 04aaccf..8c0ccf6 100644 --- a/frozen_deps/Cryptodome/Cipher/_mode_ofb.py +++ b/frozen_deps/Cryptodome/Cipher/_mode_ofb.py @@ -116,7 +116,7 @@ class OfbMode(object): self.IV = self.iv """Alias for `iv`""" - self._next = [ self.encrypt, self.decrypt ] + self._next = ["encrypt", "decrypt"] def encrypt(self, plaintext, output=None): """Encrypt data with the key and the parameters set at initialization. @@ -151,18 +151,18 @@ class OfbMode(object): Otherwise, ``None``. """ - if self.encrypt not in self._next: + if "encrypt" not in self._next: raise TypeError("encrypt() cannot be called after decrypt()") - self._next = [ self.encrypt ] - + self._next = ["encrypt"] + if output is None: ciphertext = create_string_buffer(len(plaintext)) else: ciphertext = output - + if not is_writeable_buffer(output): raise TypeError("output must be a bytearray or a writeable memoryview") - + if len(plaintext) != len(output): raise ValueError("output must have the same length as the input" " (%d bytes)" % len(plaintext)) @@ -212,10 +212,10 @@ class OfbMode(object): Otherwise, ``None``. """ - if self.decrypt not in self._next: + if "decrypt" not in self._next: raise TypeError("decrypt() cannot be called after encrypt()") - self._next = [ self.decrypt ] - + self._next = ["decrypt"] + if output is None: plaintext = create_string_buffer(len(ciphertext)) else: @@ -223,7 +223,7 @@ class OfbMode(object): if not is_writeable_buffer(output): raise TypeError("output must be a bytearray or a writeable memoryview") - + if len(ciphertext) != len(output): raise ValueError("output must have the same length as the input" " (%d bytes)" % len(plaintext)) diff --git a/frozen_deps/Cryptodome/Cipher/_mode_siv.py b/frozen_deps/Cryptodome/Cipher/_mode_siv.py index d10c4dc..4a76ad6 100644 --- a/frozen_deps/Cryptodome/Cipher/_mode_siv.py +++ b/frozen_deps/Cryptodome/Cipher/_mode_siv.py @@ -123,8 +123,8 @@ class SivMode(object): factory.new(key[:subkey_size], factory.MODE_ECB, **kwargs) # Allowed transitions after initialization - self._next = [self.update, self.encrypt, self.decrypt, - self.digest, self.verify] + self._next = ["update", "encrypt", "decrypt", + "digest", "verify"] def _create_ctr_cipher(self, v): """Create a new CTR cipher from V in SIV mode""" @@ -164,12 +164,12 @@ class SivMode(object): The next associated data component. """ - if self.update not in self._next: + if "update" not in self._next: raise TypeError("update() can only be called" " immediately after initialization") - self._next = [self.update, self.encrypt, self.decrypt, - self.digest, self.verify] + self._next = ["update", "encrypt", "decrypt", + "digest", "verify"] return self._kdf.update(component) @@ -206,10 +206,10 @@ class SivMode(object): :Return: the MAC, as a byte string. """ - if self.digest not in self._next: + if "digest" not in self._next: raise TypeError("digest() cannot be called when decrypting" " or validating a message") - self._next = [self.digest] + self._next = ["digest"] if self._mac_tag is None: self._mac_tag = self._kdf.derive() return self._mac_tag @@ -240,10 +240,10 @@ class SivMode(object): or the key is incorrect. """ - if self.verify not in self._next: + if "verify" not in self._next: raise TypeError("verify() cannot be called" " when encrypting a message") - self._next = [self.verify] + self._next = ["verify"] if self._mac_tag is None: self._mac_tag = self._kdf.derive() @@ -290,19 +290,19 @@ class SivMode(object): The first item becomes ``None`` when the ``output`` parameter specified a location for the result. """ - - if self.encrypt not in self._next: + + if "encrypt" not in self._next: raise TypeError("encrypt() can only be called after" " initialization or an update()") - self._next = [ self.digest ] + self._next = ["digest"] # Compute V (MAC) if hasattr(self, 'nonce'): self._kdf.update(self.nonce) self._kdf.update(plaintext) self._mac_tag = self._kdf.derive() - + cipher = self._create_ctr_cipher(self._mac_tag) return cipher.encrypt(plaintext, output=output), self._mac_tag @@ -336,10 +336,10 @@ class SivMode(object): or the key is incorrect. """ - if self.decrypt not in self._next: + if "decrypt" not in self._next: raise TypeError("decrypt() can only be called" " after initialization or an update()") - self._next = [ self.verify ] + self._next = ["verify"] # Take the MAC and start the cipher for decryption self._cipher = self._create_ctr_cipher(mac_tag) @@ -350,7 +350,7 @@ class SivMode(object): self._kdf.update(self.nonce) self._kdf.update(plaintext if output is None else output) self.verify(mac_tag) - + return plaintext diff --git a/frozen_deps/Cryptodome/Cipher/_pkcs1_decode.abi3.so b/frozen_deps/Cryptodome/Cipher/_pkcs1_decode.abi3.so Binary files differnew file mode 100755 index 0000000..71cd311 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_pkcs1_decode.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_pkcs1_oaep_decode.py b/frozen_deps/Cryptodome/Cipher/_pkcs1_oaep_decode.py new file mode 100644 index 0000000..82bdaa7 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_pkcs1_oaep_decode.py @@ -0,0 +1,41 @@ +from Cryptodome.Util._raw_api import (load_pycryptodome_raw_lib, c_size_t, + c_uint8_ptr) + + +_raw_pkcs1_decode = load_pycryptodome_raw_lib("Cryptodome.Cipher._pkcs1_decode", + """ + int pkcs1_decode(const uint8_t *em, size_t len_em, + const uint8_t *sentinel, size_t len_sentinel, + size_t expected_pt_len, + uint8_t *output); + + int oaep_decode(const uint8_t *em, + size_t em_len, + const uint8_t *lHash, + size_t hLen, + const uint8_t *db, + size_t db_len); + """) + + +def pkcs1_decode(em, sentinel, expected_pt_len, output): + if len(em) != len(output): + raise ValueError("Incorrect output length") + + ret = _raw_pkcs1_decode.pkcs1_decode(c_uint8_ptr(em), + c_size_t(len(em)), + c_uint8_ptr(sentinel), + c_size_t(len(sentinel)), + c_size_t(expected_pt_len), + c_uint8_ptr(output)) + return ret + + +def oaep_decode(em, lHash, db): + ret = _raw_pkcs1_decode.oaep_decode(c_uint8_ptr(em), + c_size_t(len(em)), + c_uint8_ptr(lHash), + c_size_t(len(lHash)), + c_uint8_ptr(db), + c_size_t(len(db))) + return ret diff --git a/frozen_deps/Cryptodome/Cipher/_raw_aes.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_aes.abi3.so Binary files differnew file mode 100755 index 0000000..b37dd95 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_aes.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_aes.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_aes.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index e62f4d1..0000000 --- a/frozen_deps/Cryptodome/Cipher/_raw_aes.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Cryptodome/Cipher/_raw_aesni.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_aesni.abi3.so Binary files differnew file mode 100755 index 0000000..5f08fe7 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_aesni.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_aesni.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_aesni.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index b92e170..0000000 --- a/frozen_deps/Cryptodome/Cipher/_raw_aesni.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Cryptodome/Cipher/_raw_arc2.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_arc2.abi3.so Binary files differnew file mode 100755 index 0000000..2287d2e --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_arc2.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_arc2.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_arc2.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 07a720a..0000000 --- a/frozen_deps/Cryptodome/Cipher/_raw_arc2.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Cryptodome/Cipher/_raw_blowfish.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_blowfish.abi3.so Binary files differnew file mode 100755 index 0000000..ad77ccb --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_blowfish.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_blowfish.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_blowfish.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 05abfd1..0000000 --- a/frozen_deps/Cryptodome/Cipher/_raw_blowfish.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Cryptodome/Cipher/_raw_cast.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_cast.abi3.so Binary files differnew file mode 100755 index 0000000..730e178 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_cast.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_cast.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_cast.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 2523fcb..0000000 --- a/frozen_deps/Cryptodome/Cipher/_raw_cast.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Cryptodome/Cipher/_raw_cbc.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_cbc.abi3.so Binary files differnew file mode 100755 index 0000000..847d824 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_cbc.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_cbc.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_cbc.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 1b013f3..0000000 --- a/frozen_deps/Cryptodome/Cipher/_raw_cbc.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Cryptodome/Cipher/_raw_cfb.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_cfb.abi3.so Binary files differnew file mode 100755 index 0000000..2c9b852 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_cfb.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_cfb.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_cfb.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 6a28991..0000000 --- a/frozen_deps/Cryptodome/Cipher/_raw_cfb.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ctr.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_ctr.abi3.so Binary files differnew file mode 100755 index 0000000..761cd36 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_ctr.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ctr.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_ctr.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 0529cf8..0000000 --- a/frozen_deps/Cryptodome/Cipher/_raw_ctr.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Cryptodome/Cipher/_raw_des.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_des.abi3.so Binary files differnew file mode 100755 index 0000000..7f1f824 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_des.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_des.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_des.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 1d73854..0000000 --- a/frozen_deps/Cryptodome/Cipher/_raw_des.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Cryptodome/Cipher/_raw_des3.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_des3.abi3.so Binary files differnew file mode 100755 index 0000000..b475c52 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_des3.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_des3.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_des3.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 8c4afa5..0000000 --- a/frozen_deps/Cryptodome/Cipher/_raw_des3.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ecb.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_ecb.abi3.so Binary files differnew file mode 100755 index 0000000..91e8126 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_ecb.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ecb.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_ecb.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 0775c0b..0000000 --- a/frozen_deps/Cryptodome/Cipher/_raw_ecb.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Cryptodome/Cipher/_raw_eksblowfish.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_eksblowfish.abi3.so Binary files differnew file mode 100755 index 0000000..c3c45d5 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_eksblowfish.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_eksblowfish.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_eksblowfish.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 979fe63..0000000 --- a/frozen_deps/Cryptodome/Cipher/_raw_eksblowfish.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ocb.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_ocb.abi3.so Binary files differnew file mode 100755 index 0000000..9685971 --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_ocb.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ocb.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_ocb.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index d545618..0000000 --- a/frozen_deps/Cryptodome/Cipher/_raw_ocb.cpython-38-x86_64-linux-gnu.so +++ /dev/null diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ofb.abi3.so b/frozen_deps/Cryptodome/Cipher/_raw_ofb.abi3.so Binary files differnew file mode 100755 index 0000000..a4a629a --- /dev/null +++ b/frozen_deps/Cryptodome/Cipher/_raw_ofb.abi3.so diff --git a/frozen_deps/Cryptodome/Cipher/_raw_ofb.cpython-38-x86_64-linux-gnu.so b/frozen_deps/Cryptodome/Cipher/_raw_ofb.cpython-38-x86_64-linux-gnu.so Binary files differdeleted file mode 100755 index 7157784..0000000 --- a/frozen_deps/Cryptodome/Cipher/_raw_ofb.cpython-38-x86_64-linux-gnu.so +++ /dev/null |