95% DONE

.gitignore

@@ -148,4 +148,5 @@ Player-Data
 local
 
 
-tls/Crypto
+tls/Crypto
+MP-SPDZ

OLD/oracle.py

@@ -1,70 +0,0 @@
-#!/usr/bin/python
-import socket
-import _thread
-import time
-import socket
-import os
-import random
-from padra import padra
-
-
-LenFunc = 4
-padra = padra(LenFunc)
-
-
-HOST = '127.0.0.1'  # Standard loopback interface address (localhost)
-socketPort = int(random.random()*5000+1024)
-def broadcast():
-    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
-    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-    sock.bind(("", 6666))
-    while True:
-        msg, addr = sock.recvfrom(1024)
-        sock.sendto(bytes(str(socketPort),'utf-8'),addr)
-
-
-connectedUser = []
-
-def listen():
-    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
-        s.bind((HOST, socketPort))
-        s.listen()
-        while True:
-            conn, addr = s.accept()
-            u = _thread.start_new_thread( user, (conn, addr))
-            connectedUser.append((addr,u))
-
-
-
-
-class user():
-    def __init__(self,connection,address):
-        self.conn = connection
-        self.addr = address
-        self.history = []
-        _thread.start_new_thread( self.receive, ())
-        self.send("Connected")
-
-    def send(self,Message):
-        Message=bytes(Message,'utf-8')
-        self.conn.sendall(Message)
-        self.history.append(("send",Message))
-
-    def receive(self):
-        while True: 
-            len = self.conn.recv(LenFunc)
-            if not len:
-                break
-            data = self.conn.recv(int(len))
-            padra.parse(data.decode("utf-8"))
-            self.history.append(("receive",data))
-
-
-try:
-   _thread.start_new_thread( broadcast, ())
-   _thread.start_new_thread( listen, ())
-except:
-   print ("Error: unable to start thread")
-
-while 1:
-   pass

OLD/padra.py

@@ -1,140 +0,0 @@
-import json
-import os
-import time
-
-class padra():
-    def __init__(self,len):
-        self.len = len
-        print("added",self.len)
-
-    def toSend(self,x):
-        j = json.dumps(x)
-        l = self.len - len(str(len(j)))
-        return "0000"[0:l]+str(len(j))+j
-
-    def toJson(self,x):
-        print( x)
-        return json.loads(x)
-
-
-    # user
-
-
-    def xor(self,o,key,data):
-        print("startetd")
-        o0data= {
-            "function":"xor",
-            "players_number":"3",
-            "player":"0",
-            "ip":"192.168.178.105",
-            "data":"",
-
-        }
-        o[0].send(self.toSend(o0data))
-        o1data= {
-            "function":"xor",
-            "players_number":"3",
-            "player":"1",
-            "ip":"192.168.178.105",
-            "data":key,
-
-        }
-        o[1].send(self.toSend(o1data))
-        o2data= {
-            "function":"xor",
-            "players_number":"3",
-            "player":"2",
-            "ip":"192.168.178.105",
-            "data":data
-        }
-        o[2].send(self.toSend(o2data))
-
-    def aes(self,o,key,data):
-        print("startetd")
-        o0data= {
-            "function":"aes",
-            "players_number":"3",
-            "player":"0",
-            "ip":"192.168.178.105",
-            "data":"",
-
-        }
-        o[0].send(self.toSend(o0data))
-        o1data= {
-            "function":"aes",
-            "players_number":"3",
-            "player":"1",
-            "ip":"192.168.178.105",
-            "data":key,
-
-        }
-        o[1].send(self.toSend(o1data))
-        o2data= {
-            "function":"aes",
-            "players_number":"3",
-            "player":"2",
-            "ip":"192.168.178.105",
-            "data":data
-        }
-        o[2].send(self.toSend(o2data))
-        print("Data send from USER")
-    
-    # oracle
-    def parse(self,message):
-        data = json.loads(message)
-        print(data)
-        function = data["function"]
-        if(function == "aes"):
-            self.aesOracle(data["players_number"],data["player"],data["ip"],data["data"])
-        elif(function == "xor"):
-            self.xorOracle(data["players_number"],data["player"],data["ip"],data["data"])
-
-
-    def aesOracle(self,players_number,player,ip,data):
-        player=int(player)
-        players_number=int(players_number)
-        time.sleep(player*10)
-        line = " "
-        t1= "echo "+ data + " > gf2n_vals.in"
-        t2= "./gen_input_f2n.x"
-        t3= "mv ./gf2n_vals.out ./Player-Data/Private-Input-"+str(player)
-        t4= "./mascot-party.x "+str(player)+" aes_m -pn 12598 -h "+ip+" -N "+str(players_number)
-        handle = (os.system("ls"))
-        print (handle)
-        handle = (os.system("cd .."))
-        print (handle)
-        handle = (os.system("ls"))
-        print (handle)
-        handle = (os.system(t1))
-        print (line)
-        handle = (os.system(t2))
-        print (line)
-        handle = (os.system(t3))
-        print (line)
-        handle = (os.system(t4))
-        print (line)
-    
-    def xorOracle(self,players_number,player,ip,data):
-        player=int(player)
-        print(player)
-        players_number=int(players_number)
-        time.sleep(player*10)
-        line = " "
-        if player != 0:
-            t1= "echo 1 "+ data + " > gf2n_vals.in"
-            handle = (os.system(t1))
-            print (line)
-        if player != 0:
-            handle = (os.system("./gen_input_f2n.x"))
-            print (line)
-        if player != 0:
-            handle = (os.system("mv ./gf2n_vals.out ./Player-Data/Private-Input-"+str(player)))
-            print (line)
-
-
-        print("player " + str(player) )
-        t4= "./mascot-party.x "+str(player)+" xor -pn 12598 -h "+ip+" -N "+str(players_number)
-        
-        handle = (os.system(t4))
-        print (line)
-

OLD/user.py

@@ -1,90 +0,0 @@
-#!/usr/bin/python
-import socket
-import _thread
-import time
-import json
-from padra import padra
-import threading
-
-LenFunc = 4
-
-padra = padra(LenFunc)
-NumberOfOracles = 3
-listOfAll = []
-def broadcast():
-    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
-    msg = bytes("Message: ",'utf-8')
-    sock.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
-    sock.sendto(msg, ("255.255.255.255", 6666))
-    while 1:
-        m = sock.recvfrom(1024)
-        listOfAll.append(((m[1][0]),str(int(m[0]))))
-        print(listOfAll)
-
-
-    
-
-connectedOracles = []
-def connection():
-    while len(listOfAll)<NumberOfOracles: pass
-    for _ in listOfAll: 
-        if len(connectedOracles) < NumberOfOracles:
-            o = oracle(None,None,None,None,"127.0.0.1",int(_[1]))
-            o.start()
-            connectedOracles.append(o)
-    print(connectedOracles)
-    time.sleep(2)
-    print(connectedOracles)
-    padra.xor(connectedOracles,"11111111111111111111111111223344",
-    "11111111111111111111111111223341")
-
-
-
-class oracle(threading.Thread):
-
-    def __init__(self, group, target, name,
-                 verbose,HOST,PORT):
-
-        super(oracle,self).__init__(group, target, 
-			              name, verbose)
-        print(HOST,PORT)
-        self.port = PORT
-        self.Host = HOST
-        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
-            s.connect((HOST, PORT))
-            data = s.recv(1024)
-        ss = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        print(ss)
-        ss.connect((HOST,PORT))
-        self.s = ss
-        self.history = []
-        _thread.start_new_thread( self.receive, ())
-
-        def run(self):
-            # logging.debug('running')
-            return
-
-# 4 char = len of data +  data
-    def send(self,Message):
-        Message=bytes(Message,'utf-8')
-        self.s.sendall(Message)
-        self.history.append(("send",Message))
-        print("Send",Message)
-
-    def receive(self):
-        while True:
-            data = self.s.recv(1024)
-            if not len:
-                break 
-            self.history.append(("receive",data))
-            print("receive",data)
-
-
-
-try:
-    _thread.start_new_thread( broadcast, ())
-    _thread.start_new_thread( connection, ())
-except:
-   print ("Error: unable to start thread")
-while 1:
-    pass

Utils.py

@@ -0,0 +1,72 @@
+CEND = "\33[0m"
+CBOLD = "\33[1m"
+CITALIC = "\33[3m"
+CURL = "\33[4m"
+CBLINK = "\33[5m"
+CBLINK2 = "\33[6m"
+
+CSELECTED = "\33[7m"
+CBLACKBG = "\33[40m"
+CREDBG = "\33[41m"
+CGREENBG = "\33[42m"
+CYELLOWBG = "\33[43m"
+CBLUEBG = "\33[44m"
+CVIOLETBG = "\33[45m"
+CBEIGEBG = "\33[46m"
+CWHITEBG = "\33[47m"
+
+CGREY = "\33[90m"
+CRED2 = "\33[91m"
+CGREEN2 = "\33[92m"
+CYELLOW2 = "\33[93m"
+CBLUE2 = "\33[94m"
+CVIOLET2 = "\33[95m"
+CBEIGE2 = "\33[96m"
+CWHITE2 = "\33[97m"
+
+
+def simplePrint(a, b):
+    print("\n{CWHITE2}\t  {a} ->  {b} {CEND}\n")
+
+
+def yBackPrint(a, b):
+    print("\n{CYELLOWBG}\t  {a} ->  {b} {CEND}\n")
+
+
+def gBackPrint(a, b):
+    print("\n{CGREENBG}\t  {a} ->  {b} {CEND}\n")
+
+
+def rBackPrint(a, b):
+    print("\n{CREDBG}\t  {a} ->  {b} {CEND}\n")
+
+
+def bBackPrint(a, b):
+    print("\n{CBLUEBG}\t  {a} ->  {b} {CEND}\n")
+
+
+def vBackPrint(a, b):
+    print("\n{CVIOLETBG}\t  {a} ->  {b} {CEND}\n")
+
+
+def yPrint(a, b):
+    print("\n{CYELLOW2}\t  {a} ->  {b} {CEND}\n")
+
+
+def gPrint(a, b):
+    print("\n{CGREEN2}\t  {a} ->  {b} {CEND}\n")
+
+
+def rPrint(a, b):
+    print("\n{CRED2}\t  {a} ->  {b} {CEND}\n")
+
+
+def bPrint(a, b):
+    print("\n{CBLUE2}\t  {a} ->  {b} {CEND}\n")
+
+
+def vPrint(a, b):
+    print("\n{CVIOLET2}\t  {a} ->  {b} {CEND}\n")
+
+def spacePrint():
+    print("\n\t*************************\n")

command.py

@@ -1,57 +1,25 @@
-
 import os
 
 
 def install():
-    print(("git submodule init"))
-    print(os.system("git submodule init"))
-    print(("git submodule update"))
-    print(os.system("git submodule update"))
-    print(("mkdir ./MP-SPDZ/Player-Data"))
-    print(os.system("mkdir ./MP-SPDZ/Player-Data"))
-    print(("apt-get install automake build-essential git libboost-dev libboost-thread-dev libsodium-dev libssl-dev libtool m4 python texinfo yasm"))
-    print(os.system("apt-get install automake build-essential git libboost-dev libboost-thread-dev libsodium-dev libssl-dev libtool m4 python texinfo yasm"))
-    print(("./MP-SPDZ/Scripts/tldr.sh"))
-    print(os.system("./MP-SPDZ/Scripts/tldr.sh"))
-    print(("cd MP-SPDZ && ls && make -j8 tldr"))
-    print(os.system("cd MP-SPDZ && ls && make -j8 tldr"))
-    print(("create Link from Player"))
-    print(os.system("ln -s MP-SPDZ/Player-Data/ ."))
-    print(("create Link from local"))
-    print(os.system("ln -s MP-SPDZ/local/ ."))
-    print(("create Link from Programs"))
-    print(os.system("ln -s MP-SPDZ/Programs/ ."))
-    print(("./MP-SPDZ/compile.py tutorial"))
-    print(os.system("./MP-SPDZ/compile.py tutorial"))
-    print(("cd MP-SPDZ && ls && make -j8 mascot-party"))
-    print(os.system("cd MP-SPDZ && ls && make -j8 mascot"))
-    print(("echo 1 2 3 4 > ./Player-Data/Input-P0-0"))
-    print(os.system("echo 1 2 3 4 > ./Player-Data/Input-P0-0"))
-    print(("echo 1 2 3 4 > ./Player-Data/Input-P1-0"))
-    print(os.system("echo 1 2 3 4 > ./Player-Data/Input-P1-0"))
-    print(("./MP-SPDZ/Scripts/mascot.sh tutorial"))
-    print(os.system("./MP-SPDZ/Scripts/mascot.sh tutorial"))
-
-    
-    print(("\n"))
-    os.system("cd tls/pycryptoMod && python setup.py install")
-    a = os.popen('cd ./tls/pycryptoMod/build && ls').read()
-    b = a.split("\n")
-    if b[1].startswith("lib"):
-        os.system("mv tls/pycryptoMod/build/"+b[1]+"/Crypto tls/")
+    os.system("git submodule init")
+    os.system("git submodule update")
+    os.system("mkdir ./MP-SPDZ/Player-Data")
+    os.system(
+        "apt-get install automake build-essential git libboost-dev libboost-thread-dev libsodium-dev libssl-dev libtool m4 python texinfo yasm pycrypto pycryptodome -y"
+    )
+    os.system("./MP-SPDZ/Scripts/tldr.sh")
+    os.system("cd MP-SPDZ && ls && make -j8 tldr")
+    os.system("ln -s MP-SPDZ/Player-Data/ .")
+    os.system("ln -s MP-SPDZ/local/ .")
+    os.system("ln -s MP-SPDZ/Programs/ .")
+    os.system("./MP-SPDZ/compile.py tutorial")
+    os.system("cd MP-SPDZ && ls && make -j8 mascot")
+    os.system("echo 1 2 3 4 > ./Player-Data/Input-P0-0")
+    os.system("echo 1 2 3 4 > ./Player-Data/Input-P1-0")
+    os.system("./MP-SPDZ/Scripts/mascot.sh tutorial")
 
 
 def comp(a):
-    print(("cp to Programs"))
-    print(os.system("cp ./mpc/"+a+".mpc ./Programs/Source/"))
-    print(("compile"))
-    print(os.system("./MP-SPDZ/compile.py "+a))
-
-def compCrypto(a):
-
-    os.system("rm -rf tls/Crypto")
-    os.system("cd tls/pycryptoMod && python setup.py install")
-    a = os.popen('cd ./tls/pycryptoMod/build && ls').read()
-    b = a.split("\n")
-    if b[1].startswith("lib"):
-        os.system("mv tls/pycryptoMod/build/"+b[1]+"/Crypto tls/")
+    os.system("cp ./mpc/" + a + ".mpc ./Programs/Source/")
+    os.system("./MP-SPDZ/compile.py " + a)

config.py

@@ -1,7 +1,4 @@
 #!/usr/bin/env python
 
-
 LenFunc = 5
-
 numberOfOracles = 3
-

connection/broadcast.py

@@ -1,56 +1,49 @@
-
 import socket
 import threading
-        
+from Utils import *
 import config as cfg
 
 LenFunc = cfg.LenFunc
-class Broadcast():
-    def __init__(self,  parser, socket,child):
-        """ ,broadcast """ # TODO Broadcast
+
+
+class Broadcast:
+    def __init__(self, parser, socket, child):
+        """ ,broadcast """  # TODO Broadcast
         self.socket = socket
         self.parser = parser
         self.child = child
         t1 = threading.Thread(target=self.listen)
         t1.start()
-        print("Broadcast created")
-
+        gBackPrint("Broadcast ", "created")
 
     def listen(self):
         while True:
             data, addr = self.socket.recvfrom(1024)
             d = self.parser.toJSON(data.decode("utf-8")[LenFunc:])
-            print("\033[92m \n \treceive",d," \n\tfrom",addr,"\n\033[0m")
-            self.parser.parser(d,addr,self.child)
+            vPrint("receive", d, " \n\tfrom", addr, "\n\033[0m")
+            self.parser.parser(d, addr, self.child)
 
     def send(self, message, addr):
-        self.socket.sendto(bytes(message,'utf-8'), addr )
-        print("\033[95m \n \tsended to ",addr,"\n\tdata: ",message,"\n\033[0m")
-
-
+        self.socket.sendto(bytes(message, "utf-8"), addr)
+        bPrint("sended to", (addr, message))
 
 
 class BroadcastServer(Broadcast):
+    def __init__(self, broadcastPort, parser, id):
 
-    def __init__(self,  broadcastPort, parser,id): 
-
-        """ ,broadcast """ # TODO Broadcast
+        """ ,broadcast """  # TODO Broadcast
         self.socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
         self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-        self.socket.bind(('', broadcastPort)) # TODO Broadcast
+        self.socket.bind(("", broadcastPort))  # TODO Broadcast
         self.id = id
-        super().__init__(parser,self.socket,self) 
+        super().__init__(parser, self.socket, self)
 
 
-        
 class BroadcastClient(Broadcast):
-
-    def __init__(self,broadcast,  broadcastPort, parser,id): 
-        self.addr = (broadcast,broadcastPort)
-        self.onlineOracles=[]
+    def __init__(self, broadcast, broadcastPort, parser, id):
+        self.addr = (broadcast, broadcastPort)
+        self.onlineOracles = []
         self.id = id
         self.socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
         self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
-        super().__init__(parser,self.socket,self) 
-
-
+        super().__init__(parser, self.socket, self)

connection/parser.py

@@ -1,13 +1,14 @@
 import json
 import config as cfg
-LenFunc = cfg.LenFunc
+from Utils import *
 
+LenFunc = cfg.LenFunc
 
 
-class Parser():
+class Parser:
     def __init__(self):
-        print("parser created")
-        
+        gBackPrint("parser ", "created")
+
     def toJSON(self, data):
         return json.loads(data)
 
@@ -17,15 +18,15 @@ class Parser():
     def toSEND(self, data):
         j = json.dumps(data)
         l = LenFunc - len(str(len(j)))
-        return "00000"[0:l]+str(len(j))+j
+        return "00000"[0:l] + str(len(j)) + j
 
-    def add(self,data,k,v):
+    def add(self, data, k, v):
         try:
             data[k] = v
             return data
-        except:
-            print("\33[41m\33[41mAn exception occurred  add\33[0m" )
+        except Exception as e:
+            rBackPrint("An exception occurred add", e)
 
-    def parser(self,data,addr,id):
+    def parser(self, data, addr, id):
         data = self.toJSON(data)
-        print("Simple parser ->",data)
+        gPrint("Simple parser", data)

connection/socket.py

@@ -1,15 +1,16 @@
 import socket
 import threading
 import config as cfg
+from Utils import *
 
 LenFunc = cfg.LenFunc
 
-class SocketHTTP(threading.Thread):
 
-    def __init__(self, HOST,PORT, parent):
-        try: 
+class SocketHTTP(threading.Thread):
+    def __init__(self, HOST, PORT, parent):
+        try:
             self.parent = parent
-            super(SocketHTTP,self).__init__(None,None,None,None)
+            super(SocketHTTP, self).__init__(None, None, None, None)
             self.port = PORT
             self.Host = HOST
             self.history = []
@@ -17,36 +18,35 @@ class SocketHTTP(threading.Thread):
             self.socket.connect((HOST, PORT))
             t = threading.Thread(target=self.receive)
             t.start()
-            print("socket is created and Listener is created\n",(HOST, PORT))
-        except:
-            print("\33[41m\33[41mAn exception occurred  SocketHTTP\33[0m" )
+            gBackPrint("socket is created and Listener is created", (HOST, PORT))
+        except Exception as e:
+            rBackPrint("An exception occurred SocketHTTP __init__", e)
 
-
-    def send(self,M):
-        try: 
+    def send(self, M):
+        try:
             self.socket.sendall(M)
-            self.history.append(("send",M))
-            print("\033[91m\n\t Send -> ",M,"\n\033[0m")
-        except:
-            print("\33[41m\33[41mAn exception occurred  SocketHTTP send\33[0m" )
+            self.history.append(("send", M))
+            vPrint("SocketHTTP Send", M)
+        except Exception as e:
+            rBackPrint("An exception occurred SocketHTTP send", e)
 
     def receive(self):
-        try: 
-            while True: 
+        try:
+            while True:
                 data = self.socket.recv(65565)
-                # print("data",data)
+                bPrint("receive", data)
                 if bytes.hex(data) == "":
                     continue
                 self.parent.recv(bytes.hex(data))
-        except NameError:
-            print("\33[41m\33[41mAn exception occurred  SocketHTTP receiv e    NameError\33[0m",NameError )
+        except Exception as e:
+            rBackPrint("An exception occurred SocketHTTP receive", e)
 
-class SocketClient(threading.Thread):
 
-    def __init__(self, HOST,PORT, parser,id):
-        try: 
+class SocketClient(threading.Thread):
+    def __init__(self, HOST, PORT, parser, id):
+        try:
             self.parser = parser
-            super(SocketClient,self).__init__(None,None,None,None)
+            super(SocketClient, self).__init__(None, None, None, None)
             self.port = PORT
             self.Host = HOST
             self.history = []
@@ -55,103 +55,94 @@ class SocketClient(threading.Thread):
             self.socket.connect((HOST, PORT))
             t = threading.Thread(target=self.receive)
             t.start()
-            print("socket is created and Listener is created\n")
-        except:
-            print("\33[41m\33[41mAn exception occurred  SocketClient\33[0m" )
+            gBackPrint("socket is created and Listener is created\n")
+        except Exception as e:
+            rBackPrint("An exception occurred SocketClient __init__", e)
 
-
-    def send(self,M):
-        try: 
-            Message=bytes(M,'utf-8')
+    def send(self, M):
+        try:
+            Message = bytes(M, "utf-8")
             self.socket.sendall(Message)
-            self.history.append(("send",Message))
-            print("\033[91m\n\t Send -> ",M,"\n\033[0m")
-        except:
-            print("\33[41m\33[41mAn exception occurred  socket Client send\33[0m" )
+            self.history.append(("send", Message))
+            vPrint("SocketHTTP Send", M)
+        except Exception as e:
+            rBackPrint("An exception occurred SocketClient send", e)
 
     def receive(self):
-        try: 
-            while True: 
+        try:
+            while True:
                 len = self.socket.recv(cfg.LenFunc)
                 if not len:
                     break
                 data = self.socket.recv(int(len.decode("utf-8")))
                 data = self.parser.toJSON(data.decode("utf-8"))
-                print("\033[94m\n\t receive -> ",data,"\n\033[0m")
-                self.parser.parser(data,None,self)
-        except:
-            print("\33[41m\33[41mAn exception occurred  socket Client receive\33[0m" )
-
-
+                bPrint("receive", data)
+                self.parser.parser(data, None, self)
+        except Exception as e:
+            rBackPrint("An exception occurred SocketClient receive", e)
 
 
-class SocketServer():
-
-    def __init__(self, socketPort, parser,id):
-        try:  
+class SocketServer:
+    def __init__(self, socketPort, parser, id):
+        try:
             self.parser = parser
             self.history = []
             self.connected = []
-            self.socketPort = socketPort 
+            self.socketPort = socketPort
             self.id = id
             t = threading.Thread(target=self.connection)
             t.start()
-            print("socket is created and Listener is created",socketPort)
-        except:
-            print("\33[41m\33[41mAn exception occurred  SocketServer\33[0m" )
+            gBackPrint("socket is created and Listener is created", socketPort)
+        except Exception as e:
+            rBackPrint("An exception occurred SocketServer __init__", e)
 
     def connection(self):
-        try: 
+        try:
             with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
                 s.bind(("localhost", self.socketPort))
                 s.listen()
                 self.socket = s
                 while True:
                     conn, addr = self.socket.accept()
-                    print("user connected to ",conn, "-> ",addr)
-                    u = Connection(conn, addr,self.socketPort+1,self.parser)# TODO socketprot dynamic
+                    print("user connected to ", conn, "-> ", addr)
+                    u = Connection(conn, addr, self.socketPort + 1, self.parser)
                     self.connected.append(u)
-                    print(self.connected)
-        except Exception as exception:
-            print("\33[41m\33[41mAn exception occurred  SocketServer connection ",exception,"\33[0m" )
+        except Exception as e:
+            rBackPrint("An exception occurred SocketServer connection", e)
+
 
-class Connection():
-    def __init__(self,connection,address,oracleSocketPort, parser): 
+class Connection:
+    def __init__(self, connection, address, oracleSocketPort, parser):
         try:
             self.parser = parser
             self.socket = connection
             self.addr = address
             self.history = []
             self.type = None
-            # self.id = os.urandom(32)
             self.oracleSocketPort = oracleSocketPort
-
-
             t = threading.Thread(target=self.receive)
             t.start()
-            # self.send("Connection")
-        except:
-            print("\33[41m\33[41mAn exception occurred  Connection connection\33[0m" )
-        
-    def send(self,M):
+        except Exception as e:
+            rBackPrint("An exception occurred Connection __init__", e)
+
+    def send(self, M):
         try:
-            Message=bytes(M,'utf-8')
+            Message = bytes(M, "utf-8")
             self.socket.sendall(Message)
-            self.history.append(("send",Message))
-            print("\033[91m\n\t Send -> ",M,"\n\033[0m")
-        except:
-            print("\33[41m\33[41mAn exception occurred  Connection sebd\33[0m" )
+            self.history.append(("send", Message))
+            vPrint("Connection Send", M)
+        except Exception as e:
+            rBackPrint("An exception occurred Connection send", e)
 
     def receive(self):
         try:
-            while True: 
+            while True:
                 len = self.socket.recv(cfg.LenFunc)
                 if not len:
                     break
-                print(int(len.decode("utf-8")))
                 data = self.socket.recv(int(len.decode("utf-8")))
                 data = self.parser.toJSON(data.decode("utf-8"))
-                print("\033[94m\n\t receive -> ",data,"\n\033[0m")
-                self.parser.parser(data,None,self)
-        except  :
-            print("\33[41m\33[41mAn exception occurred  Connection receive\33[0m" )
+                bPrint("Connection receive", data)
+                self.parser.parser(data, None, self)
+        except Exception as e:
+            rBackPrint("An exception occurred Connection receive", e)

cp

@@ -1,5 +0,0 @@
------BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VuBCIEICAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4/
------END PRIVATE KEY-----
-
-30 2e 02 01 00 30 05 06 03 2b 65 6e 04 22 04 20 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f

gcm.py

@@ -1,219 +0,0 @@
-#!/usr/bin/env python
-
-"""
-    Copyright (C) 2013 Bo Zhu http://about.bozhu.me
-
-    Permission is hereby granted, free of charge, to any person obtaining a
-    copy of this software and associated documentation files (the "Software"),
-    to deal in the Software without restriction, including without limitation
-    the rights to use, copy, modify, merge, publish, distribute, sublicense,
-    and/or sell copies of the Software, and to permit persons to whom the
-    Software is furnished to do so, subject to the following conditions:
-
-    The above copyright notice and this permission notice shall be included in
-    all copies or substantial portions of the Software.
-
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-    THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-    FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-    DEALINGS IN THE SOFTWARE.
-"""
-
-from tls.Crypto.Cipher import AES
-from tls.Crypto.Util import Counter
-from tls.Crypto.Util.number import long_to_bytes, bytes_to_long
-
-
-# GF(2^128) defined by 1 + a + a^2 + a^7 + a^128
-# Please note the MSB is x0 and LSB is x127
-def gf_2_128_mul(x, y):
-    assert x < (1 << 128)
-    assert y < (1 << 128)
-    res = 0
-    for i in range(127, -1, -1):
-        res ^= x * ((y >> i) & 1)  # branchless
-        x = (x >> 1) ^ ((x & 1) * 0xE1000000000000000000000000000000)
-    assert res < 1 << 128
-    return res
-
-
-class InvalidInputException(Exception):
-    def __init__(self, msg):
-        self.msg = msg
-
-    def __str__(self):
-        return str(self.msg)
-
-
-class InvalidTagException(Exception):
-    def __str__(self):
-        return 'The authenticaiton tag is invalid.'
-
-
-# Galois/Counter Mode with AES-128 and 96-bit IV
-class AES_GCM:
-    def __init__(self, master_key):
-        self.change_key(master_key)
-
-    def change_key(self, master_key):
-        if master_key >= (1 << 128):
-            raise InvalidInputException('Master key should be 128-bit')
-
-        self.__master_key = long_to_bytes(master_key, 16)
-        self.__aes_ecb = AES.new(self.__master_key, AES.MODE_ECB)
-        self.__auth_key = bytes_to_long(self.__aes_ecb.encrypt(b'\x00' * 16))
-
-        # precompute the table for multiplication in finite field
-        table = []  # for 8-bit
-        for i in range(16):
-            row = []
-            for j in range(256):
-                row.append(gf_2_128_mul(self.__auth_key, j << (8 * i)))
-            table.append(tuple(row))
-        self.__pre_table = tuple(table)
-
-        self.prev_init_value = None  # reset
-
-    def __times_auth_key(self, val):
-        res = 0
-        for i in range(16):
-            res ^= self.__pre_table[i][val & 0xFF]
-            val >>= 8
-        return res
-
-    def __ghash(self, aad, txt):
-        len_aad = len(aad)
-        len_txt = len(txt)
-
-        # padding
-        if 0 == len_aad % 16:
-            data = aad
-        else:
-            data = aad + b'\x00' * (16 - len_aad % 16)
-        if 0 == len_txt % 16:
-            data += txt
-        else:
-            data += txt + b'\x00' * (16 - len_txt % 16)
-
-        tag = 0
-        assert len(data) % 16 == 0
-        for i in range(len(data) // 16):
-            tag ^= bytes_to_long(data[i * 16: (i + 1) * 16])
-            tag = self.__times_auth_key(tag)
-            # print 'X\t', hex(tag)
-        tag ^= ((8 * len_aad) << 64) | (8 * len_txt)
-        tag = self.__times_auth_key(tag)
-
-        return tag
-
-    def encrypt(self, init_value, plaintext, auth_data=b''):
-        if init_value >= (1 << 96):
-            raise InvalidInputException('IV should be 96-bit')
-        # a naive checking for IV reuse
-        if init_value == self.prev_init_value:
-            raise InvalidInputException('IV must not be reused!')
-        self.prev_init_value = init_value
-
-        len_plaintext = len(plaintext)
-        # len_auth_data = len(auth_data)
-
-        if len_plaintext > 0:
-            counter = Counter.new(
-                nbits=32,
-                prefix=long_to_bytes(init_value, 12),
-                initial_value=2,  # notice this
-                allow_wraparound=False)
-                
-            aes_ctr = AES.new(self.__master_key, AES.MODE_CTR, counter=counter)
-            if 0 != len_plaintext % 16:
-                padded_plaintext = plaintext + \
-                    b'\x00' * (16 - len_plaintext % 16)
-            else:
-                padded_plaintext = plaintext
-            ciphertext = aes_ctr.encrypt(padded_plaintext)[:len_plaintext]
-
-        else:
-            ciphertext = b''
-
-        auth_tag = self.__ghash(auth_data, ciphertext)
-        # print 'GHASH\t', hex(auth_tag)
-        auth_tag ^= bytes_to_long(self.__aes_ecb.encrypt(
-                                  long_to_bytes((init_value << 32) | 1, 16)))
-
-        # assert len(ciphertext) == len(plaintext)
-        assert auth_tag < (1 << 128)
-        return ciphertext, auth_tag
-
-    def decrypt(self, init_value, ciphertext, auth_tag, auth_data=b''):
-        if init_value >= (1 << 96):
-            raise InvalidInputException('IV should be 96-bit')
-        if auth_tag >= (1 << 128):
-            raise InvalidInputException('Tag should be 128-bit')
-
-        if auth_tag != self.__ghash(auth_data, ciphertext) ^ \
-                bytes_to_long(self.__aes_ecb.encrypt(
-                long_to_bytes((init_value << 32) | 1, 16))):
-            raise InvalidTagException
-
-        len_ciphertext = len(ciphertext)
-        if len_ciphertext > 0:
-            counter = Counter.new(
-                nbits=32,
-                prefix=long_to_bytes(init_value, 12),
-                initial_value=2,
-                allow_wraparound=True)
-            aes_ctr = AES.new(self.__master_key, AES.MODE_CTR, counter=counter)
-
-            if 0 != len_ciphertext % 16:
-                padded_ciphertext = ciphertext + \
-                    b'\x00' * (16 - len_ciphertext % 16)
-            else:
-                padded_ciphertext = ciphertext
-            plaintext = aes_ctr.decrypt(padded_ciphertext)[:len_ciphertext]
-
-        else:
-            plaintext = b''
-
-        return plaintext
-
-
-if __name__ == '__main__':
-    master_key = 0xfeffe9928665731c6d6a8f9467308308
-    plaintext = b'\xd9\x31\x32\x25\xf8\x84\x06\xe5' + \
-                b'\xa5\x59\x09\xc5\xaf\xf5\x26\x9a' + \
-                b'\x86\xa7\xa9\x53\x15\x34\xf7\xda' + \
-                b'\x2e\x4c\x30\x3d\x8a\x31\x8a\x72' + \
-                b'\x1c\x3c\x0c\x95\x95\x68\x09\x53' + \
-                b'\x2f\xcf\x0e\x24\x49\xa6\xb5\x25' + \
-                b'\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57' + \
-                b'\xba\x63\x7b\x39'
-    auth_data = b'\xfe\xed\xfa\xce\xde\xad\xbe\xef' + \
-                b'\xfe\xed\xfa\xce\xde\xad\xbe\xef' + \
-                b'\xab\xad\xda\xd2'
-    init_value = 0xcafebabefacedbaddecaf888
-    ciphertext = b'\x42\x83\x1e\xc2\x21\x77\x74\x24' + \
-                 b'\x4b\x72\x21\xb7\x84\xd0\xd4\x9c' + \
-                 b'\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0' + \
-                 b'\x35\xc1\x7e\x23\x29\xac\xa1\x2e' + \
-                 b'\x21\xd5\x14\xb2\x54\x66\x93\x1c' + \
-                 b'\x7d\x8f\x6a\x5a\xac\x84\xaa\x05' + \
-                 b'\x1b\xa3\x0b\x39\x6a\x0a\xac\x97' + \
-                 b'\x3d\x58\xe0\x91'
-    auth_tag = 0x5bc94fbc3221a5db94fae95ae7121a47
-
-    # print('plaintext:', hex(bytes_to_long(plaintext)))
-
-    my_gcm = AES_GCM(master_key)
-    encrypted, new_tag = my_gcm.encrypt(init_value, plaintext, auth_data)
-    # print('encrypted:', hex(bytes_to_long(encrypted)))
-    # print('auth tag: ', hex(new_tag))
-
-    try:
-        decrypted = my_gcm.decrypt(init_value, encrypted,
-                new_tag + 1, auth_data)
-    except InvalidTagException:
-        decrypted = my_gcm.decrypt(init_value, encrypted, new_tag, auth_data)
-        print('decrypted:', hex(bytes_to_long(decrypted)))

i.py

@@ -1,33 +0,0 @@
-import os
-
-os.system("cd tls/pycryptodome && python setup.py install")
-os.system("rm -rf tls/Crypto")
-os.system("mv tls/pycryptodome/build/lib.linux-x86_64-3.7/Crypto tls/")
-
-""" 
-
-155 178 44 231 217 243 114 193 238 43 40 114 43 37 242 6 101 13 136 124 57 54 83 58 27 141 78 30 163 157 43 92 61 233 24 39 193 14 154 79 82 64 100 126 229 34 31 32 170 201 230 204 192 7 74 192 135 59 155 168 93 144 139 208
-
-155 178 44 231 217 243 114 193 238 43 40 114 43 37 242 6 101 13 136 124 57 54 83 58 27 141 78 30 163 157 43 92 61 233 24 39 193 14 154 79 82 64 100 126 229 34 31 32 170 201 230 204 192 7 74 192 135 59 155 168 93 144 139 208
-decrypted: 0xd9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
-
-
-
-
-
-
-
-
-
-
-
-155 178 44 231 217 243 114 193 238 43 40 114 43 37 242 6 101 13 136 124 57 54 83 58 27 141 78 30 163 157 43 92 61 233 24 39 193 14 154 79 82 64 100 126 229 34 31 32 170 201 230 204 192 7 74 192 135 59 155 168 93 144 139 208
-
- Counter is -->         9bb22ce7d9f372c1ee2b28722b25f206650d887c3936533a1b8d4e1ea39d2b5c3de91827c10e9a4f5240647ee5221f20aac9e6ccc0074ac0873b9ba8 5d908bd0
- plain is -->           d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39 00000000
- res should be -->      d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
-
-155 178 44 231 217 243 114 193 238 43 40 114 43 37 242 6 101 13 136 124 57 54 83 58 27 141 78 30 163 157 43 92 61 233 24 39 193 14 154 79 82 64 100 126 229 34 31 32 170 201 230 204 192 7 74 192 135 59 155 168 93 144 139 208
-decrypted: 0x9bb22ce7d9f372c1ee2b28722b25f206650d887c3936533a1b8d4e1ea39d2b5c3de91827c10e9a4f5240647ee5221f20aac9e6ccc0074ac0873b9ba8
-
- """

main.py

@@ -1,48 +1,107 @@
 from optparse import OptionParser
 from oracle.oracle import Oracle
 from user.user import User
-from command import install,comp,compCrypto
+from command import install, comp, compCrypto
 import os
+from Utils import *
+
+
 def main():
     os.system("clear")
     parser = OptionParser()
 
-    parser.add_option("-i", "--installation", action="store_true", dest="installation", default=False, help="installation")
-    parser.add_option("-o", "--oracle", action="store_true", dest="oracle", default=False, help="if true -> orcle will be run")
-    parser.add_option("-u", "--user", action="store_true", dest="user", default=False, help="if true -> user will be run")
-    parser.add_option("-s", "--server", dest="server", default="127.0.0.1", help="destination Server for feed data to Oracles")
-    parser.add_option("-d", "--data", dest="data", default="", help="Data to send to destination server for response")
-    parser.add_option("-b", "--broadcast", dest="broadcast", default="255.255.255.255", help="Broad cast IP")
-    parser.add_option("-p", "--broadcast-port", dest="broadcastPort", default=6666, help="Broad cast Port")
-    parser.add_option("-c", "--compile", dest="compile",  help="file compile")
-    parser.add_option("-t", "--tls", dest="tls",  help="Crypto compile")
-    # parser.add_option("-h", "--help",action="store_true", dest="help", default=False)
+    parser.add_option(
+        "-i",
+        "--installation",
+        action="store_true",
+        dest="installation",
+        default=False,
+        help="installation",
+    )
 
+    parser.add_option(
+        "-o",
+        "--oracle",
+        action="store_true",
+        dest="oracle",
+        default=False,
+        help="if true -> orcle will be run",
+    )
 
+    parser.add_option(
+        "-u",
+        "--user",
+        action="store_true",
+        dest="user",
+        default=False,
+        help="if true -> user will be run",
+    )
 
-    (options, args) = parser.parse_args()
+    parser.add_option(
+        "-s",
+        "--server",
+        dest="server",
+        default="api.spacexdata.com",
+        help="destination Server for feed data to Oracles",
+    )
+
+    parser.add_option(
+        "-d",
+        "--data",
+        dest="data",
+        default="474554202f76332f736869707320485454502f312e310d0a557365722d4167656e743a20576765742f312e32302e3320286d696e67773332290d0a4163636570743a202a2f2a0d0a4163636570742d456e636f64696e673a206964656e746974790d0a486f73743a206170692e737061636578646174612e636f6d0d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a0d0a17",
+        help="Data to send to destination server for response",
+    )
+
+    parser.add_option(
+        "-b",
+        "--broadcast",
+        dest="broadcast",
+        default="255.255.255.255",
+        help="Broad cast IP",
+    )
 
+    parser.add_option(
+        "-p",
+        "--broadcast-port",
+        dest="broadcastPort",
+        default=6666,
+        help="Broad cast Port",
+    )
 
+    parser.add_option("-c", "--compile", dest="compile", help="file compile")
 
-    if len(args) >= 1 or (options.oracle + options.user != 1 and not options.installation and not options.compile):
-        print("\n\n\tWhat do you want to run? Oracle or User? \n\n\tplease use -o OR -u. \n\n\tFor more Info you can use -h or --help or i can do it for you\n \n\t~~~ GOOD LUCK :) ~~~\n")
+    (options, args) = parser.parse_args()
+
+    if len(args) >= 1 or (
+        options.oracle + options.user != 1
+        and not options.installation
+        and not options.compile
+    ):
+        rBackPrint(
+            "ERROR",
+            "\n\n\tWhat do you want to run? Oracle or User? \n\n\tplease use -o OR -u. \n\n\tFor more Info you can use -h or --help or i can do it for you\n \n\t~~~ GOOD LUCK :) ~~~\n",
+        )
         parser.print_help()
         return
 
-
-    if(options.compile):
+    if options.compile:
         comp(options.compile)
-    if(options.tls):
-        compCrypto(options.tls)
 
-    if(options.installation):
+    elif options.installation:
         install()
 
-    if(options.oracle):
+    elif options.oracle:
         Oracle(broadcast=options.broadcast, broadcastPort=options.broadcastPort)
-    
-    if(options.user):
-        User(data=options.data, server=options.server, broadcast=options.broadcast, broadcastPort=options.broadcastPort).run()
 
-if __name__ == '__main__':
+    elif options.user:
+        User(
+            data=options.data,
+            server=options.server,
+            broadcast=options.broadcast,
+            broadcastPort=options.broadcastPort,
+        ).run()
+
+
+if __name__ == "__main__":
     main()

mpc/aes_m.mpc

@@ -1,393 +0,0 @@
-from copy import copy
-
-rcon_raw = [
-        0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,
-        0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39,
-        0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a,
-        0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8,
-        0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef,
-        0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc,
-        0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b,
-        0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3,
-        0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94,
-        0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20,
-        0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35,
-        0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f,
-        0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04,
-        0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63,
-        0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd,
-        0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb
-]
-
-nparallel = 1
-noutput = 1
-nthreads = 1
-
-rcon = VectorArray(len(rcon_raw), cgf2n, nparallel)
-for idx in range(len(rcon_raw)):
-    rcon[idx] = cgf2n(rcon_raw[idx],size=nparallel)
-
-powers2 = VectorArray(8, cgf2n, nparallel)
-for idx in range(8):
-    powers2[idx] = cgf2n(2,size=nparallel) ** (5 * idx)
-
-@vectorize
-def ApplyEmbedding(x):
-    in_bytes = x.bit_decompose(8)
-
-    out_bytes = [cgf2n(0) for _ in range(8)]
-
-    out_bytes[0] = sum(in_bytes[0:8])
-    out_bytes[1] = sum(in_bytes[idx] for idx in range(1, 8, 2))
-    out_bytes[2] = in_bytes[2] + in_bytes[3] + in_bytes[6] + in_bytes[7]
-    out_bytes[3] = in_bytes[3] + in_bytes[7]
-    out_bytes[4] = in_bytes[4] + in_bytes[5] + in_bytes[6] + in_bytes[7]
-    out_bytes[5] = in_bytes[5] + in_bytes[7]
-    out_bytes[6] = in_bytes[6] + in_bytes[7]
-    out_bytes[7] = in_bytes[7]
-
-    return sum(powers2[idx] * out_bytes[idx] for idx in range(8))
-
-
-def embed_helper(in_bytes):
-    out_bytes = [None] * 8
-    out_bytes[0] = sum(in_bytes[0:8])
-    out_bytes[1] = sum(in_bytes[idx] for idx in range(1, 8, 2))
-    out_bytes[2] = in_bytes[2] + in_bytes[3] + in_bytes[6] + in_bytes[7]
-    out_bytes[3] = in_bytes[3] + in_bytes[7]
-    out_bytes[4] = in_bytes[4] + in_bytes[5] + in_bytes[6] + in_bytes[7]
-    out_bytes[5] = in_bytes[5] + in_bytes[7]
-    out_bytes[6] = in_bytes[6] + in_bytes[7]
-    out_bytes[7] = in_bytes[7]
-    return out_bytes
-
-@vectorize
-def ApplyBDEmbedding(x):
-    entire_sequence_bits = copy(x)
-
-    while len(entire_sequence_bits) < 8:
-        entire_sequence_bits.append(0)
-
-    in_bytes = entire_sequence_bits
-    out_bytes = embed_helper(in_bytes)
-
-    return sum(powers2[idx] * out_bytes[idx] for idx in range(8))
-
-
-def PreprocInverseEmbedding(x):
-    in_bytes = x.bit_decompose_embedding()
-
-    out_bytes = [cgf2n(0) for _ in range(8)]
-
-    out_bytes[7] = in_bytes[7]
-    out_bytes[6] = in_bytes[6] + out_bytes[7]
-    out_bytes[5] = in_bytes[5] + out_bytes[7]
-    out_bytes[4] = in_bytes[4] + out_bytes[5] + out_bytes[6] + out_bytes[7]
-    out_bytes[3] = in_bytes[3] + out_bytes[7]
-    out_bytes[2] = in_bytes[2] + out_bytes[3] + out_bytes[6] + out_bytes[7]
-    out_bytes[1] = in_bytes[1] +  out_bytes[3] + out_bytes[5] + out_bytes[7]
-    out_bytes[0] = in_bytes[0] + sum(out_bytes[1:8])
-
-    return out_bytes
-
-@vectorize
-def InverseEmbedding(x):
-    out_bytes = PreprocInverseEmbedding(x)
-    ret = cgf2n(0)
-    for idx in range(7, -1, -1):
-        ret = ret + (cgf2n(2) ** idx) * out_bytes[idx]
-    return ret
-
-def InverseBDEmbedding(x):
-    return PreprocInverseEmbedding(x)
-
-def expandAESKey(cipherKey, Nr = 10, Nb = 4, Nk = 4):
-    #cipherkey should be in hex
-    cipherKeySize = len(cipherKey)
-
-    round_key = [sgf2n(0,size=nparallel)] * 176
-    temp = [cgf2n(0,size=nparallel)] * 4
-
-    for i in range(Nk):
-        for j in range(4):
-            round_key[4 * i + j] = cipherKey[4 * i + j]
-
-    for i in range(Nk, Nb * (Nr + 1)):
-        for j in range(4):
-            temp[j] = round_key[(i-1) * 4 + j]
-        if i % Nk == 0:
-            #rotate the 4 bytes word to the left
-            k = temp[0]
-            temp[0] = temp[1]
-            temp[1] = temp[2]
-            temp[2] = temp[3]
-            temp[3] = k
-
-            #now substitute word
-            temp[0] = box.apply_sbox(temp[0])
-            temp[1] = box.apply_sbox(temp[1])
-            temp[2] = box.apply_sbox(temp[2])
-            temp[3] = box.apply_sbox(temp[3])
-
-            temp[0] = temp[0] + ApplyEmbedding(rcon[int(i//Nk)])
-
-        for j in range(4):
-            round_key[4 * i + j] = round_key[4 * (i - Nk) + j] + temp[j]
-    return round_key
-
-    #Nr = 10 -> The number of rounds in AES Cipher.
-    #Nb = 4 -> The number of columns of the AES state
-    #Nk = 4 -> The number of words of a AES key 
-
-def SecretArrayEmbedd(byte_array):
-    return [ApplyEmbedding(_) for _ in byte_array]
-
-@vectorize
-def subBytes(state):
-    for i in range(len(state)):
-        state[i] = box.apply_sbox(state[i])
-
-def addRoundKey(roundKey):
-    @vectorize
-    def inner(state):
-        for i in range(len(state)):
-            state[i] = state[i] + roundKey[i]
-    return inner
-
-# mixColumn takes a column and does stuff
-
-Kv = VectorArray(4, cgf2n, nparallel)
-Kv[1] = ApplyEmbedding(cgf2n(1,size=nparallel))
-Kv[2] = ApplyEmbedding(cgf2n(2,size=nparallel))
-Kv[3] = ApplyEmbedding(cgf2n(3,size=nparallel))
-Kv[4] = ApplyEmbedding(cgf2n(4,size=nparallel))
-
-
-@vectorize
-def mixColumn(column):
-    temp = copy(column)
-    v1 = Kv[1]
-    v2 = Kv[2]
-    v3 = Kv[3]
-    v4 = Kv[4]
-    # no multiplication
-    doubles = [Kv[2] * t for t in temp]
-    column[0] = doubles[0] + (temp[1] + doubles[1]) + temp[2] + temp[3]
-    column[1] = temp[0] + doubles[1] + (temp[2] + doubles[2]) + temp[3]
-    column[2] = temp[0] + temp[1] + doubles[2] + (temp[3] + doubles[3])
-    column[3] = (temp[0] + doubles[0]) + temp[1] + temp[2] + doubles[3]
-
-@vectorize
-def mixColumns(state):
-    for i in range(4):
-        column = []
-        for j in range(4):
-            column.append(state[i*4+j])
-        mixColumn(column)
-        for j in range(4):
-            state[i*4+j] = column[j]
-
-def rotate(word, n):
-    return word[n:]+word[0:n]
-
-def shiftRows(state):
-    for i in range(4):
-        state[i::4] = rotate(state[i::4],i)
-
-@vectorize
-def state_collapse(state):
-    return [InverseEmbedding(_) for _ in state]
-
-
-# such constants. very wow.
-_embedded_powers = [
-    [0x1,0x2,0x4,0x8,0x10,0x20,0x40,0x80,0x100,0x200,0x400,0x800,0x1000,0x2000,0x4000,0x8000,0x10000,0x20000,0x40000,0x80000,0x100000,0x200000,0x400000,0x800000,0x1000000,0x2000000,0x4000000,0x8000000,0x10000000,0x20000000,0x40000000,0x80000000,0x100000000,0x200000000,0x400000000,0x800000000,0x1000000000,0x2000000000,0x4000000000,0x8000000000],
-    [0x1,0x4,0x10,0x40,0x100,0x400,0x1000,0x4000,0x10000,0x40000,0x100000,0x400000,0x1000000,0x4000000,0x10000000,0x40000000,0x100000000,0x400000000,0x1000000000,0x4000000000,0x108401,0x421004,0x1084010,0x4210040,0x10840100,0x42100400,0x108401000,0x421004000,0x1084010000,0x4210040000,0x840008401,0x2100021004,0x8400084010,0x1000000842,0x4000002108,0x100021,0x400084,0x1000210,0x4000840,0x10002100],
-    [0x1,0x10,0x100,0x1000,0x10000,0x100000,0x1000000,0x10000000,0x100000000,0x1000000000,0x108401,0x1084010,0x10840100,0x108401000,0x1084010000,0x840008401,0x8400084010,0x4000002108,0x400084,0x4000840,0x40008400,0x400084000,0x4000840000,0x8021004,0x80210040,0x802100400,0x8021004000,0x210802008,0x2108020080,0x1080010002,0x800008421,0x8000084210,0x108,0x1080,0x10800,0x108000,0x1080000,0x10800000,0x108000000,0x1080000000],
-    [0x1,0x100,0x10000,0x1000000,0x100000000,0x108401,0x10840100,0x1084010000,0x8400084010,0x400084,0x40008400,0x4000840000,0x80210040,0x8021004000,0x2108020080,0x800008421,0x108,0x10800,0x1080000,0x108000000,0x800108401,0x10002108,0x1000210800,0x20004010,0x2000401000,0x42008020,0x4200802000,0x84200842,0x8420084200,0x2000421084,0x40000420,0x4000042000,0x10040,0x1004000,0x100400000,0x40108401,0x4010840100,0x1080200040,0x8021080010,0x2100421080],
-    [0x1,0x10000,0x100000000,0x10840100,0x8400084010,0x40008400,0x80210040,0x2108020080,0x108,0x1080000,0x800108401,0x1000210800,0x2000401000,0x4200802000,0x8420084200,0x40000420,0x10040,0x100400000,0x4010840100,0x8021080010,0x40108421,0x1080000040,0x100421080,0x4200040100,0x1084200,0x842108401,0x1004210042,0x2008400004,0x4210000008,0x401080210,0x840108001,0x1000000840,0x100001000,0x840100,0x8401000000,0x800000001,0x84210800,0x2100001084,0x210802100,0x8001004210],
-    [0x1,0x100000000,0x8400084010,0x80210040,0x108,0x800108401,0x2000401000,0x8420084200,0x10040,0x4010840100,0x40108421,0x100421080,0x1084200,0x1004210042,0x4210000008,0x840108001,0x100001000,0x8401000000,0x84210800,0x210802100,0x800000401,0x2100420080,0x8000004000,0x4010002,0x4000800100,0x842000420,0x8421084,0x421080210,0x80010042,0x10802108,0x800000020,0x1084,0x8401084010,0x1004200040,0x4000840108,0x100020,0x2108401000,0x8400080210,0x84210802,0x10802100],
-    [0x1,0x8400084010,0x108,0x2000401000,0x10040,0x40108421,0x1084200,0x4210000008,0x100001000,0x84210800,0x800000401,0x8000004000,0x4000800100,0x8421084,0x80010042,0x800000020,0x8401084010,0x4000840108,0x2108401000,0x84210802,0x20,0x8000004210,0x2100,0x8401004,0x200800,0x802108420,0x21084000,0x4200842108,0x2000020000,0x1084210000,0x100421,0x1004010,0x10840008,0x108421080,0x1000200840,0x108001,0x8020004210,0x10040108,0x2108401004,0x1084210040],
-    [0x1,0x108,0x10040,0x1084200,0x100001000,0x800000401,0x4000800100,0x80010042,0x8401084010,0x2108401000,0x20,0x2100,0x200800,0x21084000,0x2000020000,0x100421,0x10840008,0x1000200840,0x8020004210,0x2108401004,0x400,0x42000,0x4010000,0x421080000,0x21004,0x2008420,0x210800100,0x4200002,0x401000210,0x2108401084,0x8000,0x840000,0x80200000,0x8421000000,0x420080,0x40108400,0x4210002000,0x84000040,0x8020004200,0x2108400084]
-]
-
-enum_squarings = VectorArray(8 * 40, cgf2n, nparallel)
-for i,_list in enumerate(_embedded_powers):
-    for j,x in enumerate(_list):
-        enum_squarings[40 * i + j] = cgf2n(x, size=nparallel)
-
-@vectorize
-def fancy_squaring(bd_val, exponent):
-    #This is even more fancy; it performs directly on bit dec values
-    #returns x ** (2 ** exp) from a bit decomposed value
-    return sum(enum_squarings[exponent * 40 + idx] * bd_val[idx]
-            for idx in range(len(bd_val)))
-
-def inverseMod(val):
-    #embedded now!
-    #returns x ** 254 using offline squaring
-    #returns an embedded result
-
-    raw_bit_dec = val.bit_decompose_embedding()
-    bd_val = [cgf2n(0,size=nparallel)] * 40
-
-    for idx in range(40):
-        if idx % 5 == 0:
-            bd_val[idx] = raw_bit_dec[idx // 5]
-
-    bd_squared = bd_val
-    squared_index = 2
-
-    mapper = [0] * 129
-    for idx in range(1, 8):
-        bd_squared = fancy_squaring(bd_val, idx)
-        mapper[squared_index] = bd_squared
-        squared_index *= 2
-
-    enum_powers = [
-        2, 4, 8, 16, 32, 64, 128
-    ]
-
-    inverted_product = \
-        ((mapper[2] * mapper[4]) * (mapper[8] * mapper[16])) * ((mapper[32] * mapper[64]) * mapper[128])
-    return inverted_product
-
-K01 = VectorArray(8, cgf2n, nparallel)
-for idx in range(8):
-    K01[idx] = ApplyBDEmbedding([0,1]) ** idx
-
-class SpdzBox(object):
-    def init_matrices(self):
-        self.matrix_inv = [ 
-            [0,0,1,0,0,1,0,1],
-            [1,0,0,1,0,0,1,0],
-            [0,1,0,0,1,0,0,1],
-            [1,0,1,0,0,1,0,0],
-            [0,1,0,1,0,0,1,0],
-            [0,0,1,0,1,0,0,1],
-            [1,0,0,1,0,1,0,0],
-            [0,1,0,0,1,0,1,0]
-        ]
-        to_add = [1,0,1,0,0,0,0,0]
-        self.addition_inv = [cgf2n(_,size=nparallel) for _ in to_add]
-        self.forward_matrix = [
-            [1,0,0,0,1,1,1,1],
-            [1,1,0,0,0,1,1,1],
-            [1,1,1,0,0,0,1,1],
-            [1,1,1,1,0,0,0,1],
-            [1,1,1,1,1,0,0,0],
-            [0,1,1,1,1,1,0,0],
-            [0,0,1,1,1,1,1,0],
-            [0,0,0,1,1,1,1,1]
-        ]
-        forward_add = [1,1,0,0,0,1,1,0]
-        self.forward_add = VectorArray(len(forward_add), cgf2n, nparallel)
-        for i,x in enumerate(forward_add):
-            self.forward_add[i] = cgf2n(x, size=nparallel)
-
-    def __init__(self):
-        constants = [
-            0x63, 0x8F, 0xB5, 0x01, 0xF4, 0x25, 0xF9, 0x09, 0x05
-        ]
-        self.powers = [
-            0, 127, 191, 223, 239, 247, 251, 253, 254
-        ]
-        self.constants = [ApplyEmbedding(cgf2n(_,size=nparallel)) for _ in constants]
-        self.init_matrices()
-
-    def forward_bit_sbox(self, emb_byte):
-        emb_byte_inverse = inverseMod(emb_byte)
-        unembedded_x = InverseBDEmbedding(emb_byte_inverse)
-
-        linear_transform = list()
-        for row in self.forward_matrix:
-            result = cgf2n(0, size=nparallel)
-            for idx in range(len(row)):
-                result = result + unembedded_x[idx] * row[idx]
-            linear_transform.append(result)
-
-        #do the sum(linear_transfor + additive_layer)
-        summation_bd = [0 for _ in range(8)]
-        for idx in range(8):
-            summation_bd[idx] = linear_transform[idx] + self.forward_add[idx]
-
-        #Now raise this to power of 254
-        result = cgf2n(0,size=nparallel)
-        for idx in range(8):
-            result += ApplyBDEmbedding([summation_bd[idx]]) * K01[idx];
-        return result
-
-    def apply_sbox(self, what):
-        #applying with the multiplicative chain
-        return self.forward_bit_sbox(what)
-
-box = SpdzBox()
-
-def aesRound(roundKey):
-    @vectorize
-    def inner(state):
-        subBytes(state)
-        shiftRows(state)
-        mixColumns(state)
-        addRoundKey(roundKey)(state)
-    return inner
-
-# returns a 16-byte round key based on an expanded key and round number
-def createRoundKey(expandedKey, n):
-    return expandedKey[(n*16):(n*16+16)]
-
-# wrapper function for 10 rounds of AES since we're using a 128-bit key
-def aesMain(expandedKey, numRounds=10):
-    @vectorize
-    def inner(state):
-        roundKey = createRoundKey(expandedKey, 0)
-        addRoundKey(roundKey)(state)
-        for i in range(1, numRounds):
-
-            roundKey = createRoundKey(expandedKey, i)
-            aesRound(roundKey)(state)
-
-        roundKey = createRoundKey(expandedKey, numRounds)
-
-        subBytes(state) 
-        shiftRows(state)
-        addRoundKey(roundKey)(state)
-    return inner
-
-def encrypt_without_key_schedule(expandedKey):
-    @vectorize
-    def encrypt(plaintext):
-        plaintext = SecretArrayEmbedd(plaintext)
-        aesMain(expandedKey)(plaintext)
-        return state_collapse(plaintext)
-    return encrypt;
-
-"""
-Test Vectors:
-
-plaintext:
-6bc1bee22e409f96e93d7e117393172a
-
-key: 
-2b7e151628aed2a6abf7158809cf4f3c
-
-resulting cipher
-3ad77bb40d7a3660a89ecaf32466ef97 
-
-"""
-
-def single_encryption():
-    key = [sgf2n.get_raw_input_from(1) for _ in range(16)]
-    message = [sgf2n.get_raw_input_from(2) for _ in range(16)]
-
-    key = [ApplyEmbedding(_) for _ in key]
-    expanded_key = expandAESKey(key)
-
-    AES = encrypt_without_key_schedule(expanded_key)
-
-    ciphertext = AES(message)
-
-    for block in ciphertext:
-        print_ln('%s', block.reveal())
-
-single_encryption()

mpc/xor.mpc

@@ -1,8 +1,7 @@
+def init():
+    p1 = sbits.get_type(512).get_input_from(1)
+    p2 = sbits.get_type(512).get_input_from(2)
+    print_ln("%s", p1.__rxor__(p2).reveal())
 
 
-
-def init():
-	p1 = sgf2n.get_raw_input_from(1)
-	p2 = sgf2n.get_raw_input_from(2)
-	print_ln('%s',p1.__xor__(p2).reveal())
-init()
+init()

mul.c

@@ -1,902 +0,0 @@
-/* Copyright 2008, Google Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *
- *     * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *     * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following disclaimer
- * in the documentation and/or other materials provided with the
- * distribution.
- *     * Neither the name of Google Inc. nor the names of its
- * contributors may be used to endorse or promote products derived from
- * this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * curve25519-donna: Curve25519 elliptic curve, public key function
- *
- * http://code.google.com/p/curve25519-donna/
- *
- * Adam Langley <agl@imperialviolet.org>
- *
- * Derived from public domain C code by Daniel J. Bernstein <djb@cr.yp.to>
- *
- * More information about curve25519 can be found here
- *   http://cr.yp.to/ecdh.html
- *
- * djb's sample implementation of curve25519 is written in a special assembly
- * language called qhasm and uses the floating point registers.
- *
- * This is, almost, a clean room reimplementation from the curve25519 paper. It
- * uses many of the tricks described therein. Only the crecip function is taken
- * from the sample implementation.
- */
-
-#include <string.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <errno.h>
-
-#ifdef _MSC_VER
-#define inline __inline
-#endif
-
-typedef uint8_t u8;
-typedef int32_t s32;
-typedef int64_t limb;
-
-/* Field element representation:
- *
- * Field elements are written as an array of signed, 64-bit limbs, least
- * significant first. The value of the field element is:
- *   x[0] + 2^26·x[1] + x^51·x[2] + 2^102·x[3] + ...
- *
- * i.e. the limbs are 26, 25, 26, 25, ... bits wide.
- */
-
-/* Sum two numbers: output += in */
-static void fsum(limb *output, const limb *in)
-{
-    unsigned i;
-    for (i = 0; i < 10; i += 2)
-    {
-        output[0 + i] = (output[0 + i] + in[0 + i]);
-        output[1 + i] = (output[1 + i] + in[1 + i]);
-    }
-}
-
-/* Find the difference of two numbers: output = in - output
- * (note the order of the arguments!)
- */
-static void fdifference(limb *output, const limb *in)
-{
-    unsigned i;
-    for (i = 0; i < 10; ++i)
-    {
-        output[i] = (in[i] - output[i]);
-    }
-}
-
-/* Multiply a number by a scalar: output = in * scalar */
-static void fscalar_product(limb *output, const limb *in, const limb scalar)
-{
-    unsigned i;
-    for (i = 0; i < 10; ++i)
-    {
-        output[i] = in[i] * scalar;
-    }
-}
-
-/* Multiply two numbers: output = in2 * in
- *
- * output must be distinct to both inputs. The inputs are reduced coefficient
- * form, the output is not.
- */
-static void fproduct(limb *output, const limb *in2, const limb *in)
-{
-    output[0] = ((limb)((s32)in2[0])) * ((s32)in[0]);
-    output[1] = ((limb)((s32)in2[0])) * ((s32)in[1]) +
-                ((limb)((s32)in2[1])) * ((s32)in[0]);
-    output[2] = 2 * ((limb)((s32)in2[1])) * ((s32)in[1]) +
-                ((limb)((s32)in2[0])) * ((s32)in[2]) +
-                ((limb)((s32)in2[2])) * ((s32)in[0]);
-    output[3] = ((limb)((s32)in2[1])) * ((s32)in[2]) +
-                ((limb)((s32)in2[2])) * ((s32)in[1]) +
-                ((limb)((s32)in2[0])) * ((s32)in[3]) +
-                ((limb)((s32)in2[3])) * ((s32)in[0]);
-    output[4] = ((limb)((s32)in2[2])) * ((s32)in[2]) +
-                2 * (((limb)((s32)in2[1])) * ((s32)in[3]) +
-                     ((limb)((s32)in2[3])) * ((s32)in[1])) +
-                ((limb)((s32)in2[0])) * ((s32)in[4]) +
-                ((limb)((s32)in2[4])) * ((s32)in[0]);
-    output[5] = ((limb)((s32)in2[2])) * ((s32)in[3]) +
-                ((limb)((s32)in2[3])) * ((s32)in[2]) +
-                ((limb)((s32)in2[1])) * ((s32)in[4]) +
-                ((limb)((s32)in2[4])) * ((s32)in[1]) +
-                ((limb)((s32)in2[0])) * ((s32)in[5]) +
-                ((limb)((s32)in2[5])) * ((s32)in[0]);
-    output[6] = 2 * (((limb)((s32)in2[3])) * ((s32)in[3]) +
-                     ((limb)((s32)in2[1])) * ((s32)in[5]) +
-                     ((limb)((s32)in2[5])) * ((s32)in[1])) +
-                ((limb)((s32)in2[2])) * ((s32)in[4]) +
-                ((limb)((s32)in2[4])) * ((s32)in[2]) +
-                ((limb)((s32)in2[0])) * ((s32)in[6]) +
-                ((limb)((s32)in2[6])) * ((s32)in[0]);
-    output[7] = ((limb)((s32)in2[3])) * ((s32)in[4]) +
-                ((limb)((s32)in2[4])) * ((s32)in[3]) +
-                ((limb)((s32)in2[2])) * ((s32)in[5]) +
-                ((limb)((s32)in2[5])) * ((s32)in[2]) +
-                ((limb)((s32)in2[1])) * ((s32)in[6]) +
-                ((limb)((s32)in2[6])) * ((s32)in[1]) +
-                ((limb)((s32)in2[0])) * ((s32)in[7]) +
-                ((limb)((s32)in2[7])) * ((s32)in[0]);
-    output[8] = ((limb)((s32)in2[4])) * ((s32)in[4]) +
-                2 * (((limb)((s32)in2[3])) * ((s32)in[5]) +
-                     ((limb)((s32)in2[5])) * ((s32)in[3]) +
-                     ((limb)((s32)in2[1])) * ((s32)in[7]) +
-                     ((limb)((s32)in2[7])) * ((s32)in[1])) +
-                ((limb)((s32)in2[2])) * ((s32)in[6]) +
-                ((limb)((s32)in2[6])) * ((s32)in[2]) +
-                ((limb)((s32)in2[0])) * ((s32)in[8]) +
-                ((limb)((s32)in2[8])) * ((s32)in[0]);
-    output[9] = ((limb)((s32)in2[4])) * ((s32)in[5]) +
-                ((limb)((s32)in2[5])) * ((s32)in[4]) +
-                ((limb)((s32)in2[3])) * ((s32)in[6]) +
-                ((limb)((s32)in2[6])) * ((s32)in[3]) +
-                ((limb)((s32)in2[2])) * ((s32)in[7]) +
-                ((limb)((s32)in2[7])) * ((s32)in[2]) +
-                ((limb)((s32)in2[1])) * ((s32)in[8]) +
-                ((limb)((s32)in2[8])) * ((s32)in[1]) +
-                ((limb)((s32)in2[0])) * ((s32)in[9]) +
-                ((limb)((s32)in2[9])) * ((s32)in[0]);
-    output[10] = 2 * (((limb)((s32)in2[5])) * ((s32)in[5]) +
-                      ((limb)((s32)in2[3])) * ((s32)in[7]) +
-                      ((limb)((s32)in2[7])) * ((s32)in[3]) +
-                      ((limb)((s32)in2[1])) * ((s32)in[9]) +
-                      ((limb)((s32)in2[9])) * ((s32)in[1])) +
-                 ((limb)((s32)in2[4])) * ((s32)in[6]) +
-                 ((limb)((s32)in2[6])) * ((s32)in[4]) +
-                 ((limb)((s32)in2[2])) * ((s32)in[8]) +
-                 ((limb)((s32)in2[8])) * ((s32)in[2]);
-    output[11] = ((limb)((s32)in2[5])) * ((s32)in[6]) +
-                 ((limb)((s32)in2[6])) * ((s32)in[5]) +
-                 ((limb)((s32)in2[4])) * ((s32)in[7]) +
-                 ((limb)((s32)in2[7])) * ((s32)in[4]) +
-                 ((limb)((s32)in2[3])) * ((s32)in[8]) +
-                 ((limb)((s32)in2[8])) * ((s32)in[3]) +
-                 ((limb)((s32)in2[2])) * ((s32)in[9]) +
-                 ((limb)((s32)in2[9])) * ((s32)in[2]);
-    output[12] = ((limb)((s32)in2[6])) * ((s32)in[6]) +
-                 2 * (((limb)((s32)in2[5])) * ((s32)in[7]) +
-                      ((limb)((s32)in2[7])) * ((s32)in[5]) +
-                      ((limb)((s32)in2[3])) * ((s32)in[9]) +
-                      ((limb)((s32)in2[9])) * ((s32)in[3])) +
-                 ((limb)((s32)in2[4])) * ((s32)in[8]) +
-                 ((limb)((s32)in2[8])) * ((s32)in[4]);
-    output[13] = ((limb)((s32)in2[6])) * ((s32)in[7]) +
-                 ((limb)((s32)in2[7])) * ((s32)in[6]) +
-                 ((limb)((s32)in2[5])) * ((s32)in[8]) +
-                 ((limb)((s32)in2[8])) * ((s32)in[5]) +
-                 ((limb)((s32)in2[4])) * ((s32)in[9]) +
-                 ((limb)((s32)in2[9])) * ((s32)in[4]);
-    output[14] = 2 * (((limb)((s32)in2[7])) * ((s32)in[7]) +
-                      ((limb)((s32)in2[5])) * ((s32)in[9]) +
-                      ((limb)((s32)in2[9])) * ((s32)in[5])) +
-                 ((limb)((s32)in2[6])) * ((s32)in[8]) +
-                 ((limb)((s32)in2[8])) * ((s32)in[6]);
-    output[15] = ((limb)((s32)in2[7])) * ((s32)in[8]) +
-                 ((limb)((s32)in2[8])) * ((s32)in[7]) +
-                 ((limb)((s32)in2[6])) * ((s32)in[9]) +
-                 ((limb)((s32)in2[9])) * ((s32)in[6]);
-    output[16] = ((limb)((s32)in2[8])) * ((s32)in[8]) +
-                 2 * (((limb)((s32)in2[7])) * ((s32)in[9]) +
-                      ((limb)((s32)in2[9])) * ((s32)in[7]));
-    output[17] = ((limb)((s32)in2[8])) * ((s32)in[9]) +
-                 ((limb)((s32)in2[9])) * ((s32)in[8]);
-    output[18] = 2 * ((limb)((s32)in2[9])) * ((s32)in[9]);
-}
-
-/* Reduce a long form to a short form by taking the input mod 2^255 - 19. */
-static void freduce_degree(limb *output)
-{
-    /* Each of these shifts and adds ends up multiplying the value by 19. */
-    output[8] += output[18] << 4;
-    output[8] += output[18] << 1;
-    output[8] += output[18];
-    output[7] += output[17] << 4;
-    output[7] += output[17] << 1;
-    output[7] += output[17];
-    output[6] += output[16] << 4;
-    output[6] += output[16] << 1;
-    output[6] += output[16];
-    output[5] += output[15] << 4;
-    output[5] += output[15] << 1;
-    output[5] += output[15];
-    output[4] += output[14] << 4;
-    output[4] += output[14] << 1;
-    output[4] += output[14];
-    output[3] += output[13] << 4;
-    output[3] += output[13] << 1;
-    output[3] += output[13];
-    output[2] += output[12] << 4;
-    output[2] += output[12] << 1;
-    output[2] += output[12];
-    output[1] += output[11] << 4;
-    output[1] += output[11] << 1;
-    output[1] += output[11];
-    output[0] += output[10] << 4;
-    output[0] += output[10] << 1;
-    output[0] += output[10];
-}
-
-#if (-1 & 3) != 3
-#error "This code only works on a two's complement system"
-#endif
-
-/* return v / 2^26, using only shifts and adds. */
-static inline limb
-div_by_2_26(const limb v)
-{
-    /* High word of v; no shift needed*/
-    const uint32_t highword = (uint32_t)(((uint64_t)v) >> 32);
-    /* Set to all 1s if v was negative; else set to 0s. */
-    const int32_t sign = ((int32_t)highword) >> 31;
-    /* Set to 0x3ffffff if v was negative; else set to 0. */
-    const int32_t roundoff = ((uint32_t)sign) >> 6;
-    /* Should return v / (1<<26) */
-    return (v + roundoff) >> 26;
-}
-
-/* return v / (2^25), using only shifts and adds. */
-static inline limb
-div_by_2_25(const limb v)
-{
-    /* High word of v; no shift needed*/
-    const uint32_t highword = (uint32_t)(((uint64_t)v) >> 32);
-    /* Set to all 1s if v was negative; else set to 0s. */
-    const int32_t sign = ((int32_t)highword) >> 31;
-    /* Set to 0x1ffffff if v was negative; else set to 0. */
-    const int32_t roundoff = ((uint32_t)sign) >> 7;
-    /* Should return v / (1<<25) */
-    return (v + roundoff) >> 25;
-}
-
-static inline s32
-div_s32_by_2_25(const s32 v)
-{
-    const s32 roundoff = ((uint32_t)(v >> 31)) >> 7;
-    return (v + roundoff) >> 25;
-}
-
-/* Reduce all coefficients of the short form input so that |x| < 2^26.
- *
- * On entry: |output[i]| < 2^62
- */
-static void freduce_coefficients(limb *output)
-{
-    unsigned i;
-
-    output[10] = 0;
-
-    for (i = 0; i < 10; i += 2)
-    {
-        limb over = div_by_2_26(output[i]);
-        output[i] -= over << 26;
-        output[i + 1] += over;
-
-        over = div_by_2_25(output[i + 1]);
-        output[i + 1] -= over << 25;
-        output[i + 2] += over;
-    }
-    /* Now |output[10]| < 2 ^ 38 and all other coefficients are reduced. */
-    output[0] += output[10] << 4;
-    output[0] += output[10] << 1;
-    output[0] += output[10];
-
-    output[10] = 0;
-
-    /* Now output[1..9] are reduced, and |output[0]| < 2^26 + 19 * 2^38
-   * So |over| will be no more than 77825  */
-    {
-        limb over = div_by_2_26(output[0]);
-        output[0] -= over << 26;
-        output[1] += over;
-    }
-
-    /* Now output[0,2..9] are reduced, and |output[1]| < 2^25 + 77825
-   * So |over| will be no more than 1. */
-    {
-        /* output[1] fits in 32 bits, so we can use div_s32_by_2_25 here. */
-        s32 over32 = div_s32_by_2_25((s32)output[1]);
-        output[1] -= over32 << 25;
-        output[2] += over32;
-    }
-
-    /* Finally, output[0,1,3..9] are reduced, and output[2] is "nearly reduced":
-   * we have |output[2]| <= 2^26.  This is good enough for all of our math,
-   * but it will require an extra freduce_coefficients before fcontract. */
-}
-
-/* A helpful wrapper around fproduct: output = in * in2.
- *
- * output must be distinct to both inputs. The output is reduced degree and
- * reduced coefficient.
- */
-static void
-fmul(limb *output, const limb *in, const limb *in2)
-{
-    limb t[19];
-    fproduct(t, in, in2);
-    freduce_degree(t);
-    freduce_coefficients(t);
-    memcpy(output, t, sizeof(limb) * 10);
-}
-
-static void fsquare_inner(limb *output, const limb *in)
-{
-    output[0] = ((limb)((s32)in[0])) * ((s32)in[0]);
-    output[1] = 2 * ((limb)((s32)in[0])) * ((s32)in[1]);
-    output[2] = 2 * (((limb)((s32)in[1])) * ((s32)in[1]) +
-                     ((limb)((s32)in[0])) * ((s32)in[2]));
-    output[3] = 2 * (((limb)((s32)in[1])) * ((s32)in[2]) +
-                     ((limb)((s32)in[0])) * ((s32)in[3]));
-    output[4] = ((limb)((s32)in[2])) * ((s32)in[2]) +
-                4 * ((limb)((s32)in[1])) * ((s32)in[3]) +
-                2 * ((limb)((s32)in[0])) * ((s32)in[4]);
-    output[5] = 2 * (((limb)((s32)in[2])) * ((s32)in[3]) +
-                     ((limb)((s32)in[1])) * ((s32)in[4]) +
-                     ((limb)((s32)in[0])) * ((s32)in[5]));
-    output[6] = 2 * (((limb)((s32)in[3])) * ((s32)in[3]) +
-                     ((limb)((s32)in[2])) * ((s32)in[4]) +
-                     ((limb)((s32)in[0])) * ((s32)in[6]) +
-                     2 * ((limb)((s32)in[1])) * ((s32)in[5]));
-    output[7] = 2 * (((limb)((s32)in[3])) * ((s32)in[4]) +
-                     ((limb)((s32)in[2])) * ((s32)in[5]) +
-                     ((limb)((s32)in[1])) * ((s32)in[6]) +
-                     ((limb)((s32)in[0])) * ((s32)in[7]));
-    output[8] = ((limb)((s32)in[4])) * ((s32)in[4]) +
-                2 * (((limb)((s32)in[2])) * ((s32)in[6]) +
-                     ((limb)((s32)in[0])) * ((s32)in[8]) +
-                     2 * (((limb)((s32)in[1])) * ((s32)in[7]) +
-                          ((limb)((s32)in[3])) * ((s32)in[5])));
-    output[9] = 2 * (((limb)((s32)in[4])) * ((s32)in[5]) +
-                     ((limb)((s32)in[3])) * ((s32)in[6]) +
-                     ((limb)((s32)in[2])) * ((s32)in[7]) +
-                     ((limb)((s32)in[1])) * ((s32)in[8]) +
-                     ((limb)((s32)in[0])) * ((s32)in[9]));
-    output[10] = 2 * (((limb)((s32)in[5])) * ((s32)in[5]) +
-                      ((limb)((s32)in[4])) * ((s32)in[6]) +
-                      ((limb)((s32)in[2])) * ((s32)in[8]) +
-                      2 * (((limb)((s32)in[3])) * ((s32)in[7]) +
-                           ((limb)((s32)in[1])) * ((s32)in[9])));
-    output[11] = 2 * (((limb)((s32)in[5])) * ((s32)in[6]) +
-                      ((limb)((s32)in[4])) * ((s32)in[7]) +
-                      ((limb)((s32)in[3])) * ((s32)in[8]) +
-                      ((limb)((s32)in[2])) * ((s32)in[9]));
-    output[12] = ((limb)((s32)in[6])) * ((s32)in[6]) +
-                 2 * (((limb)((s32)in[4])) * ((s32)in[8]) +
-                      2 * (((limb)((s32)in[5])) * ((s32)in[7]) +
-                           ((limb)((s32)in[3])) * ((s32)in[9])));
-    output[13] = 2 * (((limb)((s32)in[6])) * ((s32)in[7]) +
-                      ((limb)((s32)in[5])) * ((s32)in[8]) +
-                      ((limb)((s32)in[4])) * ((s32)in[9]));
-    output[14] = 2 * (((limb)((s32)in[7])) * ((s32)in[7]) +
-                      ((limb)((s32)in[6])) * ((s32)in[8]) +
-                      2 * ((limb)((s32)in[5])) * ((s32)in[9]));
-    output[15] = 2 * (((limb)((s32)in[7])) * ((s32)in[8]) +
-                      ((limb)((s32)in[6])) * ((s32)in[9]));
-    output[16] = ((limb)((s32)in[8])) * ((s32)in[8]) +
-                 4 * ((limb)((s32)in[7])) * ((s32)in[9]);
-    output[17] = 2 * ((limb)((s32)in[8])) * ((s32)in[9]);
-    output[18] = 2 * ((limb)((s32)in[9])) * ((s32)in[9]);
-}
-
-static void
-fsquare(limb *output, const limb *in)
-{
-    limb t[19];
-    fsquare_inner(t, in);
-    freduce_degree(t);
-    freduce_coefficients(t);
-    memcpy(output, t, sizeof(limb) * 10);
-}
-
-/* Take a little-endian, 32-byte number and expand it into polynomial form */
-static void
-fexpand(limb *output, const u8 *input)
-{
-#define F(n, start, shift, mask)                     \
-    output[n] = ((((limb)input[start + 0]) |         \
-                  ((limb)input[start + 1]) << 8 |    \
-                  ((limb)input[start + 2]) << 16 |   \
-                  ((limb)input[start + 3]) << 24) >> \
-                 shift) &                            \
-                mask;
-    F(0, 0, 0, 0x3ffffff);
-    F(1, 3, 2, 0x1ffffff);
-    F(2, 6, 3, 0x3ffffff);
-    F(3, 9, 5, 0x1ffffff);
-    F(4, 12, 6, 0x3ffffff);
-    F(5, 16, 0, 0x1ffffff);
-    F(6, 19, 1, 0x3ffffff);
-    F(7, 22, 3, 0x1ffffff);
-    F(8, 25, 4, 0x3ffffff);
-    F(9, 28, 6, 0x3ffffff);
-#undef F
-}
-
-#if (-32 >> 1) != -16
-#error "This code only works when >> does sign-extension on negative numbers"
-#endif
-
-/* Take a fully reduced polynomial form number and contract it into a
- * little-endian, 32-byte array
- */
-static void
-fcontract(u8 *output, limb *input)
-{
-    int i;
-    int j;
-
-    for (j = 0; j < 2; ++j)
-    {
-        for (i = 0; i < 9; ++i)
-        {
-            if ((i & 1) == 1)
-            {
-                /* This calculation is a time-invariant way to make input[i] positive
-           by borrowing from the next-larger limb.
-        */
-                const s32 mask = (s32)(input[i]) >> 31;
-                const s32 carry = -(((s32)(input[i]) & mask) >> 25);
-                input[i] = (s32)(input[i]) + (carry << 25);
-                input[i + 1] = (s32)(input[i + 1]) - carry;
-            }
-            else
-            {
-                const s32 mask = (s32)(input[i]) >> 31;
-                const s32 carry = -(((s32)(input[i]) & mask) >> 26);
-                input[i] = (s32)(input[i]) + (carry << 26);
-                input[i + 1] = (s32)(input[i + 1]) - carry;
-            }
-        }
-        {
-            const s32 mask = (s32)(input[9]) >> 31;
-            const s32 carry = -(((s32)(input[9]) & mask) >> 25);
-            input[9] = (s32)(input[9]) + (carry << 25);
-            input[0] = (s32)(input[0]) - (carry * 19);
-        }
-    }
-
-    /* The first borrow-propagation pass above ended with every limb
-     except (possibly) input[0] non-negative.
-
-     Since each input limb except input[0] is decreased by at most 1
-     by a borrow-propagation pass, the second borrow-propagation pass
-     could only have wrapped around to decrease input[0] again if the
-     first pass left input[0] negative *and* input[1] through input[9]
-     were all zero.  In that case, input[1] is now 2^25 - 1, and this
-     last borrow-propagation step will leave input[1] non-negative.
-  */
-    {
-        const s32 mask = (s32)(input[0]) >> 31;
-        const s32 carry = -(((s32)(input[0]) & mask) >> 26);
-        input[0] = (s32)(input[0]) + (carry << 26);
-        input[1] = (s32)(input[1]) - carry;
-    }
-
-    /* Both passes through the above loop, plus the last 0-to-1 step, are
-     necessary: if input[9] is -1 and input[0] through input[8] are 0,
-     negative values will remain in the array until the end.
-   */
-
-    input[1] <<= 2;
-    input[2] <<= 3;
-    input[3] <<= 5;
-    input[4] <<= 6;
-    input[6] <<= 1;
-    input[7] <<= 3;
-    input[8] <<= 4;
-    input[9] <<= 6;
-#define F(i, s)                              \
-    output[s + 0] |= input[i] & 0xff;        \
-    output[s + 1] = (input[i] >> 8) & 0xff;  \
-    output[s + 2] = (input[i] >> 16) & 0xff; \
-    output[s + 3] = (input[i] >> 24) & 0xff;
-    output[0] = 0;
-    output[16] = 0;
-    F(0, 0);
-    F(1, 3);
-    F(2, 6);
-    F(3, 9);
-    F(4, 12);
-    F(5, 16);
-    F(6, 19);
-    F(7, 22);
-    F(8, 25);
-    F(9, 28);
-#undef F
-}
-
-/* Input: Q, Q', Q-Q'
- * Output: 2Q, Q+Q'
- *
- *   x2 z3: long form
- *   x3 z3: long form
- *   x z: short form, destroyed
- *   xprime zprime: short form, destroyed
- *   qmqp: short form, preserved
- */
-static void fmonty(limb *x2, limb *z2,         /* output 2Q */
-                   limb *x3, limb *z3,         /* output Q + Q' */
-                   limb *x, limb *z,           /* input Q */
-                   limb *xprime, limb *zprime, /* input Q' */
-                   const limb *qmqp /* input Q - Q' */)
-{
-    limb origx[10], origxprime[10], zzz[19], xx[19], zz[19], xxprime[19],
-        zzprime[19], zzzprime[19], xxxprime[19];
-
-    memcpy(origx, x, 10 * sizeof(limb));
-    fsum(x, z);
-    fdifference(z, origx); // does x - z
-
-    memcpy(origxprime, xprime, sizeof(limb) * 10);
-    fsum(xprime, zprime);
-    fdifference(zprime, origxprime);
-    fproduct(xxprime, xprime, z);
-    fproduct(zzprime, x, zprime);
-    freduce_degree(xxprime);
-    freduce_coefficients(xxprime);
-    freduce_degree(zzprime);
-    freduce_coefficients(zzprime);
-    memcpy(origxprime, xxprime, sizeof(limb) * 10);
-    fsum(xxprime, zzprime);
-    fdifference(zzprime, origxprime);
-    fsquare(xxxprime, xxprime);
-    fsquare(zzzprime, zzprime);
-    fproduct(zzprime, zzzprime, qmqp);
-    freduce_degree(zzprime);
-    freduce_coefficients(zzprime);
-    memcpy(x3, xxxprime, sizeof(limb) * 10);
-    memcpy(z3, zzprime, sizeof(limb) * 10);
-
-    fsquare(xx, x);
-    fsquare(zz, z);
-    fproduct(x2, xx, zz);
-    freduce_degree(x2);
-    freduce_coefficients(x2);
-    fdifference(zz, xx); // does zz = xx - zz
-    memset(zzz + 10, 0, sizeof(limb) * 9);
-    fscalar_product(zzz, zz, 121665);
-    /* No need to call freduce_degree here:
-     fscalar_product doesn't increase the degree of its input. */
-    freduce_coefficients(zzz);
-    fsum(zzz, xx);
-    fproduct(z2, zz, zzz);
-    freduce_degree(z2);
-    freduce_coefficients(z2);
-}
-
-/* Conditionally swap two reduced-form limb arrays if 'iswap' is 1, but leave
- * them unchanged if 'iswap' is 0.  Runs in data-invariant time to avoid
- * side-channel attacks.
- *
- * NOTE that this function requires that 'iswap' be 1 or 0; other values give
- * wrong results.  Also, the two limb arrays must be in reduced-coefficient,
- * reduced-degree form: the values in a[10..19] or b[10..19] aren't swapped,
- * and all all values in a[0..9],b[0..9] must have magnitude less than
- * INT32_MAX.
- */
-static void
-swap_conditional(limb a[19], limb b[19], limb iswap)
-{
-    unsigned i;
-    const s32 swap = (s32)-iswap;
-
-    for (i = 0; i < 10; ++i)
-    {
-        const s32 x = swap & (((s32)a[i]) ^ ((s32)b[i]));
-        a[i] = ((s32)a[i]) ^ x;
-        b[i] = ((s32)b[i]) ^ x;
-    }
-}
-
-/* Calculates nQ where Q is the x-coordinate of a point on the curve
- *
- *   resultx/resultz: the x coordinate of the resulting curve point (short form)
- *   n: a little endian, 32-byte number
- *   q: a point of the curve (short form)
- */
-static void
-cmult(limb *resultx, limb *resultz, const u8 *n, const limb *q)
-{
-    limb a[19] = {0}, b[19] = {1}, c[19] = {1}, d[19] = {0};
-    limb *nqpqx = a, *nqpqz = b, *nqx = c, *nqz = d, *t;
-    limb e[19] = {0}, f[19] = {1}, g[19] = {0}, h[19] = {1};
-    limb *nqpqx2 = e, *nqpqz2 = f, *nqx2 = g, *nqz2 = h;
-
-    unsigned i, j;
-
-    memcpy(nqpqx, q, sizeof(limb) * 10);
-
-    for (i = 0; i < 32; ++i)
-    {
-        u8 byte = n[31 - i];
-        for (j = 0; j < 8; ++j)
-        {
-            const limb bit = byte >> 7;
-
-            swap_conditional(nqx, nqpqx, bit);
-            swap_conditional(nqz, nqpqz, bit);
-            fmonty(nqx2, nqz2,
-                   nqpqx2, nqpqz2,
-                   nqx, nqz,
-                   nqpqx, nqpqz,
-                   q);
-            swap_conditional(nqx2, nqpqx2, bit);
-            swap_conditional(nqz2, nqpqz2, bit);
-
-            t = nqx;
-            nqx = nqx2;
-            nqx2 = t;
-            t = nqz;
-            nqz = nqz2;
-            nqz2 = t;
-            t = nqpqx;
-            nqpqx = nqpqx2;
-            nqpqx2 = t;
-            t = nqpqz;
-            nqpqz = nqpqz2;
-            nqpqz2 = t;
-
-            byte <<= 1;
-        }
-    }
-
-    memcpy(resultx, nqx, sizeof(limb) * 10);
-    memcpy(resultz, nqz, sizeof(limb) * 10);
-}
-
-// -----------------------------------------------------------------------------
-// Shamelessly copied from djb's code
-// -----------------------------------------------------------------------------
-static void
-crecip(limb *out, const limb *z)
-{
-    limb z2[10];
-    limb z9[10];
-    limb z11[10];
-    limb z2_5_0[10];
-    limb z2_10_0[10];
-    limb z2_20_0[10];
-    limb z2_50_0[10];
-    limb z2_100_0[10];
-    limb t0[10];
-    limb t1[10];
-    int i;
-
-    /* 2 */ fsquare(z2, z);
-    /* 4 */ fsquare(t1, z2);
-    /* 8 */ fsquare(t0, t1);
-    /* 9 */ fmul(z9, t0, z);
-    /* 11 */ fmul(z11, z9, z2);
-    /* 22 */ fsquare(t0, z11);
-    /* 2^5 - 2^0 = 31 */ fmul(z2_5_0, t0, z9);
-
-    /* 2^6 - 2^1 */ fsquare(t0, z2_5_0);
-    /* 2^7 - 2^2 */ fsquare(t1, t0);
-    /* 2^8 - 2^3 */ fsquare(t0, t1);
-    /* 2^9 - 2^4 */ fsquare(t1, t0);
-    /* 2^10 - 2^5 */ fsquare(t0, t1);
-    /* 2^10 - 2^0 */ fmul(z2_10_0, t0, z2_5_0);
-
-    /* 2^11 - 2^1 */ fsquare(t0, z2_10_0);
-    /* 2^12 - 2^2 */ fsquare(t1, t0);
-    /* 2^20 - 2^10 */ for (i = 2; i < 10; i += 2)
-    {
-        fsquare(t0, t1);
-        fsquare(t1, t0);
-    }
-    /* 2^20 - 2^0 */ fmul(z2_20_0, t1, z2_10_0);
-
-    /* 2^21 - 2^1 */ fsquare(t0, z2_20_0);
-    /* 2^22 - 2^2 */ fsquare(t1, t0);
-    /* 2^40 - 2^20 */ for (i = 2; i < 20; i += 2)
-    {
-        fsquare(t0, t1);
-        fsquare(t1, t0);
-    }
-    /* 2^40 - 2^0 */ fmul(t0, t1, z2_20_0);
-
-    /* 2^41 - 2^1 */ fsquare(t1, t0);
-    /* 2^42 - 2^2 */ fsquare(t0, t1);
-    /* 2^50 - 2^10 */ for (i = 2; i < 10; i += 2)
-    {
-        fsquare(t1, t0);
-        fsquare(t0, t1);
-    }
-    /* 2^50 - 2^0 */ fmul(z2_50_0, t0, z2_10_0);
-
-    /* 2^51 - 2^1 */ fsquare(t0, z2_50_0);
-    /* 2^52 - 2^2 */ fsquare(t1, t0);
-    /* 2^100 - 2^50 */ for (i = 2; i < 50; i += 2)
-    {
-        fsquare(t0, t1);
-        fsquare(t1, t0);
-    }
-    /* 2^100 - 2^0 */ fmul(z2_100_0, t1, z2_50_0);
-
-    /* 2^101 - 2^1 */ fsquare(t1, z2_100_0);
-    /* 2^102 - 2^2 */ fsquare(t0, t1);
-    /* 2^200 - 2^100 */ for (i = 2; i < 100; i += 2)
-    {
-        fsquare(t1, t0);
-        fsquare(t0, t1);
-    }
-    /* 2^200 - 2^0 */ fmul(t1, t0, z2_100_0);
-
-    /* 2^201 - 2^1 */ fsquare(t0, t1);
-    /* 2^202 - 2^2 */ fsquare(t1, t0);
-    /* 2^250 - 2^50 */ for (i = 2; i < 50; i += 2)
-    {
-        fsquare(t0, t1);
-        fsquare(t1, t0);
-    }
-    /* 2^250 - 2^0 */ fmul(t0, t1, z2_50_0);
-
-    /* 2^251 - 2^1 */ fsquare(t1, t0);
-    /* 2^252 - 2^2 */ fsquare(t0, t1);
-    /* 2^253 - 2^3 */ fsquare(t1, t0);
-    /* 2^254 - 2^4 */ fsquare(t0, t1);
-    /* 2^255 - 2^5 */ fsquare(t1, t0);
-    /* 2^255 - 21 */ fmul(out, t1, z11);
-}
-
-int curve25519_donna(u8 *, const u8 *, const u8 *);
-
-int curve25519_donna(u8 *mypublic, const u8 *secret, const u8 *basepoint)
-{
-    limb bp[10], x[10], z[11], zmone[10];
-    uint8_t e[32];
-    int i;
-
-    for (i = 0; i < 32; ++i)
-        e[i] = secret[i];
-    e[0] &= 248;
-    e[31] &= 127;
-    e[31] |= 64;
-
-    fexpand(bp, basepoint);
-    cmult(x, z, e, bp);
-    crecip(zmone, z);
-    fmul(z, x, zmone);
-    freduce_coefficients(z);
-    fcontract(mypublic, z);
-    return 0;
-}
-
-/// returns 0 for '=' or unrecognized characters, not a problem since PEM is well constrained.
-static int base64_value(int c)
-{
-    if (c >= 'A' && c <= 'Z')
-        return c - 'A';
-    if (c >= 'a' && c <= 'z')
-        return 26 + c - 'a';
-    if (c >= '0' && c <= '9')
-        return 52 + c - '0';
-    if (c == '+')
-        return 62;
-    if (c == '/')
-        return 63;
-    return 0x1000;
-}
-
-/**
- * @param[in] data the base64 encoded string
- * @param[out] data the decoded result
- * @param[in] len the length of base64 encoded data
- * @param[out] len the length of decoded result
- */
-static void base64_decode(u8 *data, int *len)
-{
-    int read = 0;
-    int write = 0;
-    int state[4];
-    while (read < *len)
-    {
-        state[read % 4] = base64_value(data[read]);
-        if (state[read % 4] == 0x1000)
-        {
-            break;
-        }
-        if ((read % 4) == 3)
-        {
-            data[write++] = state[0] << 2 | state[1] >> 4;
-            data[write++] = state[1] << 4 | state[2] >> 2;
-            data[write++] = state[2] << 6 | state[3] >> 0;
-        }
-        read++;
-    }
-    switch (read % 4)
-    {
-    case 2:
-        data[write++] = state[0] << 2 | state[1] >> 4;
-        break;
-    case 3:
-        data[write++] = state[0] << 2 | state[1] >> 4;
-        data[write++] = state[1] << 4 | state[2] >> 2;
-    }
-    *len = write;
-}
-
-/**
- * reads the 32-byte key from a PEM file, takes advantage of the
- * fact that the last 32 bytes of encoded DER data are the key in
- * both the private and public key forms.
- */
-void read_key(const char *filename, u8 *key)
-{
-    FILE *f = fopen(filename, "r");
-    if (!f)
-    {
-        fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
-        exit(1);
-    }
-    char line[512] = {};
-    fgets(line, sizeof(line), f);
-    if (strncmp(line, "-----BEGIN ", sizeof("-----BEGIN ") - 1) != 0)
-    {
-        fprintf(stderr, "File %s is not a PEM file\n", filename);
-        exit(1);
-    }
-    fgets(line, sizeof(line), f);
-    line[strcspn(line, "\r\n")] = '\0';
-    int len = strlen(line);
-    base64_decode((u8 *)line, &len);
-    if (len < 32)
-    {
-        fprintf(stderr, "Short read from %s\n", filename);
-        exit(1);
-    }
-    memcpy(key, line + (len - 32), 32);
-    fclose(f);
-    return;
-}
-
-int main(int argc, char **argv)
-{
-    u8 privkey[32];
-    u8 pubkey[32];
-    u8 result[32];
-
-    if (argc != 3)
-    {
-        fprintf(stderr, "Usage: %s [privkey] [pubkey]\n", argv[0]);
-        exit(1);
-    }
-    read_key(argv[1], privkey);
-    read_key(argv[2], pubkey);
-    curve25519_donna(result, privkey, pubkey);
-    // fwrite(result, 32, 1, stdout);
-    for (int i = 0; i < 32; i++)
-    {
-
-        printf("%d ", result[i]);
-    }
-    exit(0);
-}

oracle/oracle.py

@@ -1,19 +1,17 @@
 from connection.broadcast import BroadcastServer
 from connection.socket import SocketServer
 from .oracleParser import OracleParser
-import random 
-import os 
+import random
+import os
 
 
-
-class Oracle():
-    def __init__(self,broadcast, broadcastPort):
+class Oracle:
+    def __init__(self, broadcast, broadcastPort):
 
         self.id = os.urandom(32)
-        self.socketPort = int(random.random()*50000+1024)
-        self.parser = OracleParser(self) #,socketPort=socketPort
-        self.b = BroadcastServer(broadcastPort=broadcastPort , parser= self.parser,id=self.id)
-        print("Done")
-        self.s = SocketServer(self.socketPort , parser= self.parser ,  id=self.id)
-
-    
+        self.socketPort = int(random.random() * 50000 + 1024)
+        self.parser = OracleParser(self)  # ,socketPort=socketPort
+        self.b = BroadcastServer(
+            broadcastPort=broadcastPort, parser=self.parser, id=self.id
+        )
+        self.s = SocketServer(self.socketPort, parser=self.parser, id=self.id)

oracle/oracleParser.py

@@ -2,21 +2,20 @@ from connection.parser import Parser
 from .worker.cryptor import Cryptor
 from .worker.connector import Connector
 from .worker.bearer import Bearer
+from Utils import *
+
 
 class OracleParser(Parser):
-    def __init__(self,oracle):
+    def __init__(self, oracle):
         self.socket = oracle.socketPort
         self.oracle = oracle
         self.type = None
         self.id = None
-        print("createt oracle Parser")
 
-    def parser(self,data,addr,Connection):
+    def parser(self, data, addr, Connection):
         try:
-            # Broadcast Parser
             if data["type"] == "requestOracleBroadcast":
-                self.requestOracleBroadcast(data,addr) 
-            # Socket Parser
+                self.requestOracleBroadcast(data, addr)
             elif data["type"] == "socketConnecting":
                 self.socketConnecting(data)
             elif data["type"] == "oracleInitial":
@@ -31,58 +30,42 @@ class OracleParser(Parser):
                 self.type.fromCrytoCon(data)
             elif data["type"] == "fromContoCryHelloCLient":
                 self.type.fromContoCryHelloCLient(data)
-        except :
-            print("\33[41m\33[41mAn exception occurred parser" ,data["type"],self.type,"\33[0m")
+            elif data["type"] == "fromCrytoConDone":
+                self.type.fromCrytoConDone(data)
+            elif data["type"] == "MPC":
+                self.type.MPC(data)
+        except Exception as e:
+            rBackPrint("An exception occurred parser", e)
 
-    def requestOracleBroadcast(self,data,addr):
+    def requestOracleBroadcast(self, data, addr):
         try:
             d = {}
-            self.add(d,"type","responseUserBroadcast")
+            self.add(d, "type", "responseUserBroadcast")
             self.id = data["id"]
-            self.add(d,"message","Hello "+data["id"])
-            self.add(d,"socket",self.socket)
-            self.oracle.b.send(self.toSEND(d),addr)
-        except:
-            print("\33[41mAn exception occurred requestOracleBroadcast\33[0m")
+            self.add(d, "message", "Hello " + data["id"])
+            self.add(d, "socket", self.socket)
+            self.oracle.b.send(self.toSEND(d), addr)
+        except Exception as e:
+            rBackPrint("An exception occurred requestOracleBroadcast", e)
 
-    def socketConnecting(self,data):
+    def socketConnecting(self, data):
         try:
-            if data["oracle"] == 0: 
-                self.type = Connector(self,self.socket+1)
-            elif data["oracle"] == 1: 
+            if data["oracle"] == 0:
+                self.type = Connector(self, self.socket + 1)
+            elif data["oracle"] == 1:
                 self.type = Cryptor(self)
-            elif data["oracle"] == 2: 
+            elif data["oracle"] == 2:
                 self.type = Bearer(self)
             else:
                 print("An exception occurred socketConnecting Oracle data ")
-        except:
-            print("\33[41mAn exception occurred socketConnecting\33[0m")
-
-
-    # def fromConMPC(self,function,port,connection):
-    #     try:
-    #         d = {}
-    #         self.add(d,"type","fromConMPC")
-    #         self.add(d,"function",function)
-    #         self.add(d,"port",port)
-    #         connection.send(self.toSEND(d))
-    #     except Exception as exception:
-    #         print("\33[41mAn exception occurred Parse fromContoCryMPC ",exception,"\33[0m")
-
-    # def fromCrytoCon(self,data,connection):
-    #     try:
-    #         d = {}
-    #         self.add(d,"type","fromCrytoCon")
-    #         self.add(d,"data",data)
-    #         connection.send(self.toSEND(d))
-    #     except Exception as exception:
-    #         print("\33[41mAn exception occurred Parse fromCrytoCon ",exception,"\33[0m")
+        except Exception as e:
+            rBackPrint("An exception occurred socketConnecting", e)
 
-    def parserSend(self,data,connection,typeO):
+    def parserSend(self, data, connection, typeO):
         try:
             d = {}
-            self.add(d,"type",typeO)
-            self.add(d,"data",data)
+            self.add(d, "type", typeO)
+            self.add(d, "data", data)
             connection.send(self.toSEND(d))
-        except Exception as exception:
-            print("\33[41mAn exception occurred Parse ",typeO ,exception,"\33[0m")
+        except Exception as e:
+            rBackPrint("An exception occurred parserSend", e)

oracle/worker/bearer.py

@@ -1,30 +1,52 @@
+import os
 import socket
 import time
 import threading
 import config as cfg
 from connection.socket import SocketClient
+from Crypto.Util.number import long_to_bytes, bytes_to_long
+from Utils import *
 
-class Bearer():
 
+class Bearer:
     def __init__(self, parser):
         self.parser = parser
         self.connector = None
         self.data = None
-        print("\n\n Bearer,  \n ")
+        gBackPrint("BEARER", "")
 
-    def oracleInitial(self,data):
+    def oracleInitial(self, data):
         try:
             time.sleep(3)
-            self.connector = SocketClient(data["connector"][0],data["connector"][1],self.parser,"Bearer")
-            self.data = data["data"]
-        except Exception as exception :
-            print("\33[41mAn exception occurred oracleInitial Bearer " ,exception,"\33[0m" )   
+            self.connector = SocketClient(
+                data["connector"][0], data["connector"][1], self.parser, "Bearer"
+            )
+            self.data = bytes.fromhex(data["data"])
+            self.dataLen = len(self.data)
+            bPrint("len", self.dataLen)
+            if not self.dataLen % 16 == 0:
+                bPrint("00", b"\x00" * (16 - self.dataLen % 16))
+                self.data = self.data + b"\x00" * (16 - self.dataLen % 16)
+            bPrint("len", self.dataLen)
+        except Exception as e:
+            rBackPrint("An exception occurred oracleInitial", e)
 
-    def MPC(self,data):
+    def MPC(self, json):
         try:
-            print("TODO") # TODO
-        except Exception as exception :
-            print("\33[41mAn exception occurred MPC Bearer " ,exception,"\33[0m" )   
+            n = int(json["data"])
 
-
-            
+            bPrint("MPC Input", self.data[4 * n : 4 * (1 + n)].hex())
+            bPrint(
+                "MPC Input int", str(bytes_to_long((self.data[4 * n : 4 * (1 + n)])))
+            )
+            s = (
+                "echo "
+                + str(bytes_to_long((self.data[4 * n : 4 * (1 + n)])))
+                + "  > ./Player-Data/Input-P1-0"
+            )
+            os.system(s)
+            os.system(
+                "./MP-SPDZ/mascot-party.x 1 xor  -pn 12023 -h 192.168.178.105 -N 3"
+            )
+        except Exception as e:
+            rBackPrint("An exception occurred MPC", e)

oracle/worker/connector.py

@@ -4,77 +4,79 @@ import os
 import config as cfg
 from connection.socket import SocketServer
 from connection.socket import SocketHTTP
-from tcp import models
+from tls import models
 import time
-from tcp import utils
-import tcp as t
+from tls import utils
+import tls as t
 from types import SimpleNamespace
+import subprocess
+from Crypto.Util.number import long_to_bytes, bytes_to_long
+from tls.ghash import GhashCon
+from Utils import *
 
-class Connector():
 
-    def __init__(self, parser,socket):
+class Connector:
+    def __init__(self, parser, socket):
         self.parser = parser
         self.server = None
         self.serverDomain = None
         self.serverIP = None
-        self.s = SocketServer(socket,self.parser,"Connector")
+        self.h = False
+        self.s = SocketServer(socket, self.parser, "Connector")
         self.buffer = []
         self.handshaked = False
-        self.t = threading.Thread(target=self.tcp)
-        
-        print("\n\n Connector\n\n")
-        
-
-    def recv(self,data):
+        gBackPrint("CONNECTOR", "")
+
+        self.dataLen = 0
+        self.auth_key = None
+        self.last_key = None
+        self.GhashCon = None
+        self.cipher = b""
+        stream = os.popen("pwd")
+        output = stream.read()
+        self.path = output[:-1]
+        self.t = threading.Thread(target=self.toCryptor)
+        self.t.start()
+
+    def recv(self, data):
         try:
             self.buffer.append(data)
-            if not self.t.is_alive():
-                self.t.start()
-        except:
-            print("\33[41m\33[41mAn exception occurred recv\33[0m" )
+        except Exception as e:
+            rBackPrint("An exception occurred recv", e)
 
-    def oracleInitial(self,data):
+    def oracleInitial(self, data):
         try:
             while len(self.s.connected) < 2:
-                time.sleep(.5)
-            if(len(self.s.connected) == 2):
-                # if self.s.connected[0].addr[0] == data["bearer"]  and  self.s.connected[1].addr[0] == data["cryptor"]:
-                    self.bearer = self.s.connected[1]
-                    self.cryptor = self.s.connected[0]
-                # elif self.s.connected[1].addr[0] == data["bearer"]  and  self.s.connected[0].addr[0] == data["cryptor"]:
-                #     self.bearer = self.s.connected[1]
-                #     self.cryptor = self.s.connected[0]
-                # else:
-                #     raise Exception("Error") 
-                    
+                time.sleep(0.5)
+            if len(self.s.connected) == 2:
+                self.bearer = self.s.connected[1]
+                self.cryptor = self.s.connected[0]
+            self.key = data["key"]
+            dataLen = data["dataLen"]
+            if 0 == dataLen % 16:
+                datalen = dataLen // 16
+            else:
+                datalen = (dataLen + (16 - dataLen % 16)) // 16
 
+            self.dataLenBase = data["dataLen"]
+            self.dataLen = datalen
             self.serverDomain = data["server"]
+            self.serverIP = socket.gethostbyname(data["server"])
+            bPrint("server IP", self.serverIP)
             if type(self.serverDomain) == str:
                 self.serverDomain = [self.serverDomain]
-            # self.serverIP = socket.gethostbyname(data["server"])
-            self.serverIP = "216.58.205.228"
-            self.server = SocketHTTP(self.serverIP,443,self)
+            self.server = SocketHTTP(self.serverIP, 443, self)
         except Exception as e:
-            print("\33[41m\33[41mAn exception occurred oracleInitial Connector ",e,"\33[0m" )
-        
-    def keyExchange(self,data):
+            rBackPrint("An exception occurred oracleInitial", e)
+
+    def keyExchange(self, data):
         try:
-            while not self.server: 
-                time.sleep(.5)
-            self.key_exchange =bytes.fromhex( data["keyExchange"])
+            while not self.server:
+                time.sleep(0.1)
+            self.key_exchange = bytes.fromhex(data["keyExchange"])
             self.server.send(bytes.fromhex(self.client_hello()))
-        except NameError:
-            print(NameError)
-            print("\33[41mAn exception occurred keyExchange Connector,\33[0m")
-
-    # def toCryptor(self,data):
-    #     try:
-    #         self.key_exchange =bytes.fromhex( data["keyExchange"])
-    #         self.server.send(bytes.fromhex(self.client_hello()))
-    #     except NameError:
-    #         print(NameError)
-    #         print("\33[41mAn exception occurred keyExchange Connector,\33[0m")
-
+        except Exception as e:
+            rBackPrint("An exception occurred keyExchange", e)
 
     def client_hello(self):
         try:
@@ -85,12 +87,15 @@ class Connector():
                 models.ClientExtension.key_share(
                     [models.KeyShareEntry(models.NamedGroup.x25519, self.key_exchange)]
                 ),
-                models.ClientExtension.signature_algorithms(list(models.SignatureScheme)),
-                models.ClientExtension.supported_groups([models.NamedGroup.x25519]),
+                models.ClientExtension.signature_algorithms(
+                    list(models.SignatureScheme)
+                ),
+                models.ClientExtension.supported_groups(list(models.NamedGroup)),
+                models.ClientExtension.psk_key_exchange_modes(
+                    list(models.PskKeyExchangeMode)
+                ),
             ]
 
-
-            
             compatibility_mode = True
             handshake = models.Handshake(
                 models.HandshakeType.client_hello,
@@ -105,61 +110,101 @@ class Connector():
             )
             self.client_hello_data = handshake.binary
             self.handshake_context = bytearray(self.client_hello_data)
-            self.parser.parserSend(bytes(self.client_hello_data).hex(),self.cryptor,"fromContoCryHelloCLient")
+            self.parser.parserSend(
+                bytes(self.client_hello_data).hex(),
+                self.cryptor,
+                "fromContoCryHelloCLient",
+            )
 
             data = models.ContentType.handshake.tls_plaintext(self.client_hello_data)
             return bytes.hex(data)
-        except Exception as exception:
-            print("\33[41mAn exception occurred client_hello Connector,\33[0m",exception)
-
-
-    def tcp(self):
-        while 1: 
-
-            time.sleep(0.5)
-            while self.buffer and self.buffer[0] and len(self.buffer[0])>=10:
-                s = self.buffer[0][6:10]
-                print(s)
-                l = int(s,16)*2+10
-                a = self.lenCalc(l)
-                if not self.handshaked:
-                    self.parser.parserSend(a,self.cryptor,"fromContoCry")
-        self.t.exit()
-
+        except Exception as e:
+            rBackPrint("An exception occurred client_hello", e)
 
+    def toCryptor(self):
+        try:
+            while not self.h:
+                while self.buffer and self.buffer[0] and len(self.buffer[0]) >= 10:
+                    s = self.buffer[0][6:10]
+                    l = int(s, 16) * 2 + 10
+                    a = self.lenCalc(l)
+                    if not self.handshaked:
+                        self.parser.parserSend(a, self.cryptor, "fromContoCry")
+        except Exception as e:
+            rBackPrint("An exception occurred toCryptor", e)
 
     def lenCalc(self, len2):
-        if len(self.buffer[0]) > len2:
-            a = self.buffer[0][:len2]
-            self.buffer[0] = self.buffer[0][len2:]
-            return a
-        elif len(self.buffer[0]) == len2 :
-            return self.buffer.pop(0)
-        elif len(self.buffer[0]) < len2 :
-            if self.buffer[1]:
-                self.buffer[0] = self.buffer[0] + self.buffer[1]
-                self.buffer.pop(1)
-                return lenCalc(self.buffer,len2)
-            else:
-                print("Data is not copmlete1 ")
-                time.sleep(1)
-                lenCalc(self.buffer,len2)
-        else: 
-            print("Data is not copmlet2e")
-            time.sleep(1)
-            lenCalc(self.buffer,len2)
-
-    
+        if self.buffer:
+            if len(self.buffer[0]) > len2:
+                a = self.buffer[0][:len2]
+                self.buffer[0] = self.buffer[0][len2:]
+                return a
+            elif len(self.buffer[0]) == len2:
+                return self.buffer.pop(0)
+            elif len(self.buffer[0]) < len2:
+                if self.buffer[1]:
+                    self.buffer[0] = self.buffer[0] + self.buffer[1]
+                    self.buffer.pop(1)
+                    return self.lenCalc(len2)
+                else:
+                    self.lenCalc(len2)
+        else:
+            self.lenCalc(len2)
+
+    def MPC(self):
+        try:
+            for i in range(self.dataLen * 4):
+                print("send req to others")
+                self.parser.parserSend(str(i), self.cryptor, "MPC")
+                self.parser.parserSend(str(i), self.bearer, "MPC")
+                s = [
+                    self.path + "/MP-SPDZ/mascot-party.x",
+                    "0",
+                    "xor",
+                    "-pn",
+                    "12023",
+                    "-h",
+                    "192.168.178.105",
+                    "-N",
+                    "3",
+                ]
+                proc = subprocess.Popen(s, stdout=subprocess.PIPE)
+                d = proc.stdout.readline()
+
+                self.cipher = self.cipher + long_to_bytes(d, 4)
+            self.cipher = self.cipher[: self.dataLenBase]
+            head = b"\x17\x03\x03" + (self.dataLenBase + 16).to_bytes(2, "big")
+            tag = self.GhashCon.ghash(head, self.cipher)
+            tag = long_to_bytes(tag)
+            bPrint("Tag", tag)
+            Message = head + self.cipher + tag
+            return Message
+        except Exception as e:
+            rBackPrint("An exception occurred MPC", e)
 
-    def MPC(self,data):
+    def fromCrytoCon(self, data):
         try:
-            print("TODO") # TODO
-        except Exception as exception :
-            print("\33[41mAn exception occurred MPC Connector " ,exception,"\33[0m" )   
+            self.server.send(bytes.fromhex(data["data"]))
+        except Exception as e:
+            rBackPrint("An exception occurred fromCrytoCon", e)
 
-    def fromCrytoCon(self,data):
+    def fromCrytoConDone(self, data):
         try:
-            print("TODO fromCrytoCon") # TODO
-        except Exception as exception :
-            print("\33[41mAn exception occurred fromCrytoCon Connector " ,exception,"\33[0m" )   
+            time.sleep(2)
+            self.auth_key = data["auth_key"]
+            self.last_key = data["last_key"]
+            self.change = data["change"]
+            self.finish = data["finish"]
+            self.h = True
+
+            gPrint("auth_key", self.auth_key)
+            gPrint("last_key ", self.last_key)
+            self.GhashCon = GhashCon(self.auth_key, self.last_key)
+            m = self.MPC()
+            self.server.send(bytes.fromhex(data["change"]))
+            self.server.send(bytes.fromhex(data["finish"]))
+            time.sleep(1)
+            self.server.send((m))
 
+        except Exception as e:
+            rBackPrint("An exception occurred fromCrytoConDone", e)

oracle/worker/cryptor.py

@@ -1,93 +1,125 @@
+import os
 import socket
 import threading
 import config as cfg
 from nacl.public import PrivateKey
 from connection.socket import SocketClient
-from tcp import TLSClientSession
+from tls import TLSClientSession
 import time
+from Crypto.Util.number import long_to_bytes, bytes_to_long
+from tls.ghash import GhashCry
+from Utils import *
+
+
 def new_x25519():
     private_key = PrivateKey.generate()
     key_exchange = bytes(private_key.public_key)
-    return bytes(private_key).hex() , key_exchange.hex()
+    return bytes(private_key).hex(), key_exchange.hex()
 
-class Cryptor():
 
+class Cryptor:
     def __init__(self, parser):
-        self.privatekey , self.key_exchange = new_x25519()
+        self.privatekey, self.key_exchange = new_x25519()
         self.server = None
         self.parser = parser
         self.connector = None
-        self.data = []
-        print("\n\n CRYPTOR,  \n ",self.privatekey ,self.key_exchange,"\n")
+        self.key = None
+        gBackPrint("CRYPTOR", "")
+        gPrint("privatekey", self.privatekey)
+        gPrint("key_exchange", self.key_exchange)
 
-    def oracleInitial(self,data):
+    def oracleInitial(self, data):
         try:
             self.server = data["server"]
-            self.connector = SocketClient(data["connector"][0],data["connector"][1],self.parser,"Cryptor")
+            self.connector = SocketClient(
+                data["connector"][0], data["connector"][1], self.parser, "Cryptor"
+            )
+            self.key = data["key"]
+            dataLen = data["dataLen"]
+            if 0 == dataLen % 16:
+                datalen = dataLen // 16
+            else:
+                datalen = (dataLen + (16 - dataLen % 16)) // 16
+            self.dataLen = datalen
             time.sleep(1)
-
             self.keyExchange()
-        except:
-            print("\33[41mAn exception occurred oracleInitial Cryptor\33[0m" )   
-    # def socketOracle(self,HOST,PORT):
-    #     self.connector = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    #     self.connector.connect((HOST, PORT))
-    #     t = threading.Thread(target=self.receive)
-    #     t.start()
-    #     self.toSEND({
-    #         "type":"oracleInit",
-    #         "oracle":"Cryptor"
-    #     })
-    #     print("socket is created and Listener is created\n")
-    #     self.toSEND({
-    #         "type":"key_exchange",
-    #         "key_exchange":self.key_exchange
-    #     })
-
+        except Exception as e:
+            rBackPrint("An exception occurred oracleInitial", e)
 
     def keyExchange(self):
         try:
             d = {}
-            self.parser.add(d,"type","keyExchange")
-            self.parser.add(d,"keyExchange",self.key_exchange)
+            self.parser.add(d, "type", "keyExchange")
+            self.parser.add(d, "keyExchange", self.key_exchange)
             self.connector.send(self.parser.toSEND(d))
-        except:
-            print("\33[41mAn exception occurred keyExchange Cryptor\33[0m")
-    # def start(self,a):
-    #     print("Cryptor",a)
-    #     self.socketOracle(self.connectorIP,self.connectorPort)
+        except Exception as e:
+            rBackPrint("An exception occurred keyExchange", e)
 
     def fromContoCryHelloCLient(self, data):
         try:
-            self.tcp = TLSClientSession(self.privatekey , self.key_exchange,memoryview(bytes.fromhex(data["data"])))
-
-            print("TODO fromContoCry",data["data"]) # TODO
-        except Exception as exception :
-            print("\33[41mAn exception occurred fromContoCryHelloCLient Cryptor " ,exception,"\33[0m" )
-
-
-    def toCryptorFromConnector(self,data):
+            self.tls = TLSClientSession(
+                bytes.fromhex(self.privatekey),
+                bytes.fromhex(self.key_exchange),
+                bytearray(data["data"], "utf-8"),
+                self.fromCrytoCon,
+                self.fromCrytoConDone,
+            )
+        except Exception as e:
+            rBackPrint("An exception occurred fromContoCryHelloCLient", e)
+
+    def fromCrytoCon(self, data):
         try:
-            print("TODO") # TODO
-        except Exception as exception :
-            print("\33[41mAn exception occurred toCryptorFromConnector Cryptor " ,exception,"\33[0m" )   
+            self.parser.parserSend(data, self.connector, "fromCrytoCon")
+        except Exception as e:
+            rBackPrint("An exception occurred fromCrytoCon", e)
 
-        
-    def MPC(self,data):
+    def fromCrytoConDone(self, change, finish):
         try:
-            print("TODO") # TODO
-        except Exception as exception :
-            print("\33[41mAn exception occurred MPC Cryptor " ,exception,"\33[0m" )   
+            bPrint("Start to send Done to Connection ", self.tls.cipher.key)
+            n = self.tls.cipher.get_nonce()
+            k = self.tls.cipher.key
+            bPrint("Key", k)
+            bPrint("Nonce", n)
+            g = GhashCry(bytes_to_long(k), bytes_to_long(n))
+            f, l = g.get()
+            d = {}
+            self.parser.add(d, "type", "fromCrytoConDone")
+            self.parser.add(d, "change", change)
+            self.parser.add(d, "finish", finish)
+            self.parser.add(d, "auth_key", f)
+            self.parser.add(d, "last_key", l)
+            self.counter = g.encIV(self.dataLen)
+            t = b""
+            for x in self.counter:
+                t = t + x
+            self.counter2 = t
+            self.connector.send(self.parser.toSEND(d))
+        except Exception as e:
+            rBackPrint("An exception occurred fromCrytoConDone", e)
 
-    def fromContoCry(self,data):
+    def MPC(self, json):
         try:
-            self.tcp.tls_response(data["data"])
-            print("TODO fromContoCry") # TODO
-        except Exception as exception :
-            print("\33[41mAn exception occurred fromContoCry Cryptor " ,exception,"\33[0m" )
-
-
-
-
-
-
+            n = int(json["data"])
+            bPrint("MPC Input", self.counter2[4 * n : 4 * (1 + n)].hex())
+            bPrint(
+                "MPC Input int",
+                str(bytes_to_long((self.counter2[4 * n : 4 * (1 + n)]))),
+            )
+
+            s = (
+                "echo "
+                + str(bytes_to_long((self.counter2[4 * n : 4 * (1 + n)])))
+                + "  > ./Player-Data/Input-P2-0"
+            )
+            os.system(s)
+            os.system(
+                "./MP-SPDZ/mascot-party.x 2 xor  -pn 12023 -h 192.168.178.105 -N 3"
+            )
+        except Exception as e:
+            rBackPrint("An exception occurred MPC", e)
+
+    def fromContoCry(self, data):
+        try:
+            self.tls.tls_response(memoryview(bytes.fromhex(data["data"])))
+        except Exception as e:
+            rBackPrint("An exception occurred fromContoCry", e)

oracle/worker/worker.py

@@ -1,68 +0,0 @@
-import json
-import config as cfg
-from connection.socketClient import Socket
-LenFunc = cfg.LenFunc
-
-
-
-class Worker():
-    def __init__(self,child,parent):
-        self.child          = child
-        self.parent         = parent
-        self.bearer         = None
-        self.crypter        = None
-        self.connector      = None
-        self.connectorIP    = None
-        self.connectorPort  = None
-        self.id             = None
-        self.server         = None
-        self.key_exchange   = None
-
-    def toJSON(self, data):
-        return json.loads(data)
-
-    def toSTRING(self, data):
-        return json.dumps(data)
-
-    def toSEND(self, data):
-        j = json.dumps(data)
-        l = LenFunc - len(str(len(j)))
-        self.send("0000"[0:l]+str(len(j))+j)
-
-
-    def send(self,Message):
-        Message=bytes(Message,'utf-8')
-        self.connector.sendall(Message)
-        print("Send",Message)
-
-    def receive(self):
-        while True:
-            len = self.connector.recv(LenFunc)
-            if not len:
-                break
-            data = self.connector.recv(int(len))
-            print("receive",data)
-            self.parser(data)
-
-    def parser(self,data,conn):
-        data = self.toJSON(data)
-        print(data)
-
-        if    (data["type"]       ==      "init"                ):
-            self.id             = data["id"]
-            self.connectorIP    = data["connectorIP"]
-            self.connectorPort  = data["connectorPort"]
-            self.server  = data["server"]
-            self.child.start(data)
-        elif  (data["type"]       ==      "oracleInit"          ):
-            if data["oracle"] == "Cryptor":
-                self.crypter = conn
-            elif data["oracle"] == "Bearer":
-                self.bearer = conn
-            else:
-                print("Wrong INITIAL ORACLE")
-        elif  (data["type"]       ==      "key_exchange"           ):
-            self.key_exchange      = data["key_exchange"]
-            self.child.createConnection()
-
-

sp

@@ -1,3 +0,0 @@
------BEGIN PUBLIC KEY-----
-MCowBQYDK2VuAyEAn9etbc/0KY3T+W1bGyr5EKBTWxSI1/j6uzSamCiAthU=
------END PUBLIC KEY-----

tcp/__init__.py → tls/__init__.py

@@ -1,3 +1,7 @@
+from .ghash import GhashCry, GhashCon
+from Crypto.Util.number import long_to_bytes, bytes_to_long
+from Crypto.Util import Counter
+from Crypto.Cipher import AES
 import os
 import time
 import struct
@@ -9,14 +13,17 @@ from enum import IntEnum
 from types import SimpleNamespace
 from nacl.public import PrivateKey
 from nacl.bindings import crypto_scalarmult
-
-from Crypto.PublicKey import RSA
+import hashlib
+from tls.Crypto.PublicKey import RSA
 
 # from Cryptography import x509
 # from OpenSSL.crypto import load_certificate, FILETYPE_ASN1
+from .models import *
 from . import ciphers
 from .key_schedule import PSKWrapper
 from .utils import pack_int, pack_list, pack_all
+from Utils import *
+
 
 MAX_LIFETIME = 24 * 3600 * 7
 AGE_MOD = 2 ** 32
@@ -102,7 +109,8 @@ class ExtensionType(UInt16Enum):
     def server_name_list(cls, host_names: list) -> bytes:
         return cls.server_name.pack_data(
             pack_list(
-                2, (NameType.host_name.pack_data(name.encode()) for name in host_names)
+                2, (NameType.host_name.pack_data(name.encode())
+                    for name in host_names)
             )
         )
 
@@ -113,7 +121,8 @@ class ExtensionType(UInt16Enum):
     @classmethod
     def supported_groups_list(cls, named_group, *named_groups) -> bytes:
         return cls.supported_groups.pack_data(
-            pack_list(2, (group.pack() for group in (named_group, *named_groups)))
+            pack_list(2, (group.pack()
+                          for group in (named_group, *named_groups)))
         )
 
     @classmethod
@@ -148,7 +157,8 @@ class ExtensionType(UInt16Enum):
         if self == ExtensionType.key_share:
             return NamedGroup.unpack_from(data)
         if self == ExtensionType.server_name:
-            return data.decode()
+            # return data.decode()
+            return data
         if self == ExtensionType.pre_shared_key:
             assert len(data) == 2, "invalid length"
             return int.from_bytes(data, "big")
@@ -232,30 +242,30 @@ class AlertDescription(UInt8Enum):
 
 
 class SignatureScheme(UInt16Enum):
-    # RSASSA-PKCS1-v1_5 algorithms
-    rsa_pkcs1_sha256 = 0x0401
-    rsa_pkcs1_sha384 = 0x0501
-    rsa_pkcs1_sha512 = 0x0601
-    # ECDSA algorithms
-    ecdsa_secp256r1_sha256 = 0x0403
-    ecdsa_secp384r1_sha384 = 0x0503
-    ecdsa_secp521r1_sha512 = 0x0603
-    # RSASSA-PSS algorithms with public key OID rsaEncryption
-    rsa_pss_rsae_sha256 = 0x0804
-    rsa_pss_rsae_sha384 = 0x0805
-    rsa_pss_rsae_sha512 = 0x0806
-    # EdDSA algorithms
+    # # RSASSA-PKCS1-v1_5 algorithms
+    # rsa_pkcs1_sha256 = 0x0401
+    # rsa_pkcs1_sha384 = 0x0501
+    # rsa_pkcs1_sha512 = 0x0601
+    # # ECDSA algorithms
+    # ecdsa_secp256r1_sha256 = 0x0403
+    # ecdsa_secp384r1_sha384 = 0x0503
+    # ecdsa_secp521r1_sha512 = 0x0603
+    # # RSASSA-PSS algorithms with public key OID rsaEncryption
+    # rsa_pss_rsae_sha256 = 0x0804
+    # rsa_pss_rsae_sha384 = 0x0805
+    # rsa_pss_rsae_sha512 = 0x0806
+    # # EdDSA algorithms
     ed25519 = 0x0807
-    ed448 = 0x0808
-    # RSASSA-PSS algorithms with public key OID RSASSA-PSS
-    rsa_pss_pss_sha256 = 0x0809
-    rsa_pss_pss_sha384 = 0x080a
-    rsa_pss_pss_sha512 = 0x080b
-    # Legacy algorithms
-    rsa_pkcs1_sha1 = 0x0201
-    ecdsa_sha1 = 0x0203
-    # Reserved Code Points
-    # private_use(0xFE00..0xFFFF)
+    # ed448 = 0x0808
+    # # RSASSA-PSS algorithms with public key OID RSASSA-PSS
+    # rsa_pss_pss_sha256 = 0x0809
+    # rsa_pss_pss_sha384 = 0x080a
+    # rsa_pss_pss_sha512 = 0x080b
+    # # Legacy algorithms
+    # rsa_pkcs1_sha1 = 0x0201
+    # ecdsa_sha1 = 0x0203
+    # # Reserved Code Points
+    # # private_use(0xFE00..0xFFFF)
 
 
 dh_parameters = {
@@ -332,9 +342,10 @@ class CertificateEntry:
     @classmethod
     def unpack_from(cls, data: memoryview):
         certificate_request_context_len = data[0]
-        certificate_request_context = data[1 : 1 + certificate_request_context_len]
+        certificate_request_context = data[1: 1 +
+                                           certificate_request_context_len]
         certificate_request_context
-        data = data[1 + certificate_request_context_len :]
+        data = data[1 + certificate_request_context_len:]
         certificate_list_len = int.from_bytes(data[:3], "big")
         certificate_list = data[3:]
         assert certificate_list_len == len(
@@ -343,22 +354,22 @@ class CertificateEntry:
         certs = []
         while certificate_list:
             cert_data_len = int.from_bytes(certificate_list[:3], "big")
-            cert_data = certificate_list[3 : 3 + cert_data_len]
+            cert_data = certificate_list[3: 3 + cert_data_len]
             cert_type = 0
             if cert_type == CertificateType.X509:
                 # x = x509.load_der_x509_certificate(data=cert_data, backend=backend)
                 # x = load_certificate(FILETYPE_ASN1, cert_data)
                 key = RSA.import_key(cert_data)
                 key
-            certificate_list = certificate_list[3 + cert_data_len :]
+            certificate_list = certificate_list[3 + cert_data_len:]
             extensions_len = int.from_bytes(certificate_list[:2], "big")
             assert extensions_len <= len(
                 certificate_list[2:]
             ), "extensions length does not match"
             extensions = ExtensionType.unpack_from(
-                certificate_list[2 : 2 + extensions_len]
+                certificate_list[2: 2 + extensions_len]
             )
-            certificate_list = certificate_list[2 + extensions_len :]
+            certificate_list = certificate_list[2 + extensions_len:]
             certs.append(cls(cert_type, cert_data, extensions))
         return certs
 
@@ -382,10 +393,6 @@ class PskKeyExchangeMode(UInt8Enum):
 
 class CipherSuite(UInt16Enum):
     TLS_AES_128_GCM_SHA256 = 0x1301
-    TLS_AES_256_GCM_SHA384 = 0x1302
-    TLS_CHACHA20_POLY1305_SHA256 = 0x1303
-    TLS_AES_128_CCM_SHA256 = 0x1304
-    TLS_AES_128_CCM_8_SHA256 = 0x1305
 
     @classmethod
     def all(cls) -> set:
@@ -397,8 +404,8 @@ class CipherSuite(UInt16Enum):
     def select(cls, data):
         data = memoryview(data)
         for i in (0, data.nbytes, 2):
-            if data[i : i + 2] in cls.all():
-                return data[i : i + 2].tobytes()
+            if data[i: i + 2] in cls.all():
+                return data[i: i + 2].tobytes()
 
     @classmethod
     def get_cipher(cls, data):
@@ -479,13 +486,15 @@ class PskIdentity:
 def client_pre_shared_key_extension(
     psk_identities: typing.Iterable
 ) -> typing.Tuple[bytes, int]:
-    binders = pack_psk_binder_entries((i.binder_len * b"\x00" for i in psk_identities))
+    binders = pack_psk_binder_entries(
+        (i.binder_len * b"\x00" for i in psk_identities))
     return (
         ExtensionType.pre_shared_key.pack_data(
             pack_list(
                 2,
                 (
-                    pack_int(2, i.identity) + i.obfuscated_ticket_age.to_bytes(4, "big")
+                    pack_int(2, i.identity) +
+                    i.obfuscated_ticket_age.to_bytes(4, "big")
                     for i in psk_identities
                 ),
             )
@@ -503,7 +512,7 @@ def unpack_certificate_verify(mv: memoryview):
     algorithm = int.from_bytes(mv[:2], "big")
     scheme = SignatureScheme.from_value(algorithm)
     signature_len = int.from_bytes(mv[2:4], "big")
-    signature = mv[4 : 4 + signature_len]
+    signature = mv[4: 4 + signature_len]
     return SimpleNamespace(algorithm=scheme, signature=signature)
 
 
@@ -539,7 +548,8 @@ class NewSessionTicket:
 
     def __post_init__(self):
         self.outdated_time = time.time() + min(self.lifetime, MAX_LIFETIME)
-        self.obfuscated_ticket_age = ((self.lifetime * 1000) + self.age_add) % AGE_MOD
+        self.obfuscated_ticket_age = (
+            (self.lifetime * 1000) + self.age_add) % AGE_MOD
 
     def is_outdated(self):
         return time.time() >= self.outdated_time
@@ -551,22 +561,29 @@ class NewSessionTicket:
 class TLSClientSession:
     def __init__(
         self,
-        private_key: bytes ,
-        key_share_entry: bytes ,
-        client_hello_data: memoryview
+        private_key: bytes,
+        key_share_entry: bytes,
+        client_hello_data: bytearray,
+        data_callback,
+        data_callback_done
     ):
         self.private_key, key_share_entry = private_key, key_share_entry
         self.handshake_context = client_hello_data
         self.server_finished = False
-
-
+        self.data_callback = data_callback
+        self.data_callback_done = data_callback_done
+        self.client = None
+        self.server = None
+        self.session_tickets = []
+        gBackPrint("tls"," started")
 
     def unpack_server_hello(self, mv: memoryview):
         assert mv[:2] == b"\x03\x03", "version must be 0x0303"
         random = bytes(mv[2:34])
         legacy_session_id_echo_length = mv[34]
-        legacy_session_id_echo = bytes(mv[35 : 35 + legacy_session_id_echo_length])
-        mv = mv[35 + legacy_session_id_echo_length :]
+        legacy_session_id_echo = bytes(
+            mv[35: 35 + legacy_session_id_echo_length])
+        mv = mv[35 + legacy_session_id_echo_length:]
         cipher_suite = CipherSuite.get_cipher(mv[:2])
         assert mv[2] == 0, "legacy_compression_method should be 0"
         extension_length = int.from_bytes(mv[3:5], "big")
@@ -584,50 +601,78 @@ class TLSClientSession:
         )
 
     def unpack_handshake(self, mv: memoryview):
-        handshake_type = mv[0]
-        length = int.from_bytes(mv[1:4], "big")
-        assert len(mv[4:]) == length, f"handshake length does not match"
-        handshake_data = mv[4:]
-        if handshake_type == HandshakeType.server_hello:
-            self.handshake_context.extend(mv)
-            return self.unpack_server_hello(handshake_data)
-        elif handshake_type == HandshakeType.encrypted_extensions:
-            self.handshake_context.extend(mv)
-            ext_len = int.from_bytes(handshake_data[:2], "big")
-            handshake_data = handshake_data[2:]
-            assert (
-                len(handshake_data) == ext_len
-            ), "encrypted extensions length does not match"
-            self.encrypted_extensions = ExtensionType.unpack_from(handshake_data)
-        elif handshake_type == HandshakeType.certificate_request:
-            self.handshake_context.extend(mv)
-        elif handshake_type == HandshakeType.certificate:
-            self.handshake_context.extend(mv)
-            self.certificate_entry = CertificateEntry.unpack_from(handshake_data)
-        elif handshake_type == HandshakeType.certificate_verify:
-            self.handshake_context.extend(mv)
-            self.certificate_verify = unpack_certificate_verify(handshake_data)
-            print(self.certificate_verify)
-        elif handshake_type == HandshakeType.finished:
-            assert handshake_data == self.peer_cipher.verify_data(
-                self.handshake_context
-            ), "server handshake finished does not match"
-            self.handshake_context.extend(mv)
-            self.server_finished = True
-        elif handshake_type == HandshakeType.new_session_ticket:
-            self.session_tickets.append(unpack_new_session_ticket(handshake_data))
-        else:
-            raise Exception(f"unknown handshake type {handshake_type}")
+        while len(mv) > 0:
+            handshake_type = mv[0]
+            length = int.from_bytes(mv[1:4], "big")
+            handshake_data = mv[4:4+length]
+            simplePrint(" handshake_type", handshake_type)
+            simplePrint(" length", length)
+            simplePrint(" handshake_data", handshake_data.tobytes().hex())
+            if handshake_type == HandshakeType.server_hello:
+                assert len(
+                    mv[4:]) == length, f"handshake length does not match"
+                self.handshake_context.extend(
+                    bytearray(mv[:4+length].tobytes().hex(), "utf-8"))
+                return self.unpack_server_hello(handshake_data)
+            elif handshake_type == HandshakeType.encrypted_extensions:
+                self.handshake_context.extend(
+                    bytearray(mv[:4+length].tobytes().hex(), "utf-8"))
+
+                ext_len = int.from_bytes(handshake_data[:2], "big")
+                simplePrint(" handshake_data 1", ext_len)
+                handshake_data = handshake_data[2:]
+                simplePrint(" handshake_data 2", ext_len)
+                assert (
+                    len(handshake_data) == ext_len
+                ), "encrypted extensions length does not match"
+                self.encrypted_extensions = ExtensionType.unpack_from(
+                    handshake_data)
+                simplePrint(" handshake_data 3", ext_len)
+
+            elif handshake_type == HandshakeType.certificate_request:
+                self.handshake_context.extend(
+                    bytearray(mv[:4+length].tobytes().hex(), "utf-8"))
+            elif handshake_type == HandshakeType.certificate:
+                self.handshake_context.extend(
+                    bytearray(mv[:4+length].tobytes().hex(), "utf-8"))
+                # self.certificate_entry = CertificateEntry.unpack_from(
+                #     handshake_data.tobytes())
+                # TODO Certficate Check
+            elif handshake_type == HandshakeType.certificate_verify:
+                self.handshake_context.extend(
+                    bytearray(mv[:4+length].tobytes().hex(), "utf-8"))
+                # self.certificate_verify = unpack_certificate_verify(
+                #     handshake_data)
+                # TODO Certficate Check
+            elif handshake_type == HandshakeType.finished:
+                simplePrint(" finished", handshake_type)
+
+                assert handshake_data == self.peer_cipher.verify_data(
+                    b'' + bytes.fromhex(self.handshake_context.decode())
+                ), "server handshake finished does not match"
+                self.handshake_context.extend(
+                    bytearray(mv[:4+length].tobytes().hex(), "utf-8"))
+                self.server_finished = True
+                simplePrint("server_finished ", self.server_finished)
+            elif handshake_type == HandshakeType.new_session_ticket:
+                # self.session_tickets.append(
+                #     unpack_new_session_ticket(handshake_data))
+                simplePrint("session_tickets", handshake_data.tobytes().hex())
+            else:
+                raise Exception(f"unknown handshake type {handshake_type}")
+            mv = mv[4+length:]
+
 
     def tls_response(self, mv: memoryview):
-        head = mv[:5]
-        assert head[1:3] == b"\x03\x03", f"bad legacy_record_version {head[1:3]}"
+        head = memoryview(mv[:5])
+        assert head[1:
+                    3] == b"\x03\x03", f"bad legacy_record_version {head[1:3]}"
         length = int.from_bytes(head[3:], "big")
         if (head[0] == ContentType.application_data and length > (16384 + 256)) or (
             head[0] != ContentType.application_data and length > 16384
         ):
             raise Alert(AlertLevel.fatal, AlertDescription.record_overflow)
-        content = mv[5:]
+        content = memoryview(mv[5:])
         if head[0] == ContentType.alert:
             level = AlertLevel.from_value(content[0])
             description = AlertDescription.from_value(content[1])
@@ -638,71 +683,100 @@ class TLSClientSession:
                 self.peer_handshake.handshake_type == HandshakeType.server_hello
             ), "expect server hello"
 
+            simplePrint("handshake_context", self.handshake_context)
             peer_pk = self.peer_handshake.extensions[
                 ExtensionType.key_share
             ].key_exchange
+            simplePrint("peer_pk\t", bytes(peer_pk).hex())
+            simplePrint("private_key", bytes(self.private_key).hex())
 
             shared_key = crypto_scalarmult(bytes(self.private_key), peer_pk)
+            simplePrint("shared_key", bytes(shared_key).hex())
 
             TLSCipher = self.peer_handshake.cipher_suite
             self.TLSCipher = TLSCipher
-            key_scheduler = TLSCipher.tls_hash.scheduler(shared_key, None)
+            simplePrint("TLSCipher", TLSCipher)
+
+            key_scheduler = TLSCipher.tls_hash.scheduler(shared_key)
             self.key_scheduler = key_scheduler
+            simplePrint("key_scheduler", self.key_scheduler)
+
             secret = key_scheduler.server_handshake_traffic_secret(
-                self.handshake_context
+                b'' + bytes.fromhex(self.handshake_context.decode())
             )
-            # server handshake cipher
+            simplePrint("s_hand_traf_s",
+                  secret.hex())
+
             self.peer_cipher = TLSCipher(secret)
+            simplePrint("peer_cipher", self.peer_cipher)
+
+            simplePrint("secret", bytes(secret).hex())
             client_handshake_traffic_secret = key_scheduler.client_handshake_traffic_secret(
-                self.handshake_context
+                b'' + bytes.fromhex(self.handshake_context.decode())
+
             )
-            print("\n\tpeer_pk\t",bytes(peer_pk).hex())
-            print("\n\tprivate_key\t",bytes(self.private_key).hex() )
-            print("\n\tshared_key\t",bytes(shared_key).hex() )
-            print("\n\tself.key_scheduler.\t",self.key_scheduler)
-            print("\n\tself.peer_cipher\t",self.peer_cipher)
-            print("\n\tself.TLSCipher\t",self.TLSCipher)
-            print("\n\tsecret\t",bytes(secret).hex())
-            print("\n\tkey\t",self.peer_cipher.key )
-            print("\n\tIV\t",self.peer_cipher.iv )
-            print("\n",)
+            self.client_handshake_traffic_secret = client_handshake_traffic_secret
+            simplePrint("c_hand_traf_s",
+                  client_handshake_traffic_secret.hex())
 
         elif head[0] == ContentType.application_data:
             plaintext = self.peer_cipher.decrypt(content, head).rstrip(b"\x00")
+            simplePrint("plaintext", plaintext.hex(), type(plaintext))
+
             content_type = ContentType.from_value(plaintext[-1])
+            simplePrint(" content_type", content_type)
             if content_type == ContentType.handshake:
-                self.unpack_handshake(plaintext[:-1])
+                self.unpack_handshake(memoryview(plaintext[:-1]))
                 if self.server_finished:
+                    cipher = self.TLSCipher(
+                        self.client_handshake_traffic_secret)
+                    client_finished = cipher.verify_data(
+                        b'' + bytes.fromhex(self.handshake_context.decode()))
+                    simplePrint("client_finished", client_finished.hex)
 
-                    # client handshake cipher
-                    cipher = TLSCipher(client_handshake_traffic_secret)
-                    client_finished = cipher.verify_data(self.handshake_context)
                     client_finished_data = HandshakeType.finished.pack_data(
                         client_finished
                     )
-                    inner_plaintext = ContentType.handshake.tls_inner_plaintext(
-                        client_finished_data
-                    )
+                    simplePrint("client_finished_data", client_finished_data.hex())
+
+                    inner_plaintext = client_finished_data + b'\x16'
+                    simplePrint("inner_plaintext", inner_plaintext.hex())
+
                     record = cipher.tls_ciphertext(inner_plaintext)
+                    simplePrint("record", record.hex())
+
                     change_cipher_spec = ContentType.change_cipher_spec.tls_plaintext(
                         b"\x01"
                     )
-                    # parser.write(change_cipher_spec + record)
-                    # server application cipher
-                    server_secret = key_scheduler.server_application_traffic_secret_0(
-                        self.handshake_context
+                    simplePrint("change_cipher_spec", change_cipher_spec.hex())
+                    self.change_cipher_spec = change_cipher_spec
+                    self.record = record
+                    simplePrint("record", record.hex())
+                    server_secret = self.key_scheduler.server_application_traffic_secret_0(
+                        b'' + bytes.fromhex(self.handshake_context.decode())
                     )
-                    self.peer_cipher = TLSCipher(server_secret)
+                    simplePrint("server_secret", server_secret.hex())
+                    self.peer_cipher = self.TLSCipher(server_secret)
                     self.server_finished = False
-
-                    # client application cipher
-                    client_secret = key_scheduler.client_application_traffic_secret_0(
-                        self.handshake_context
+                    client_secret = self.key_scheduler.client_application_traffic_secret_0(
+                        b'' + bytes.fromhex(self.handshake_context.decode())
                     )
-                    self.cipher = TLSCipher(client_secret)
-                    self.handshake_context.extend(client_finished_data)
+                    simplePrint("client_secret", client_secret)
+                    self.cipher = self.TLSCipher(client_secret)
+                    self.client = self.cipher
+                    self.server = self.peer_cipher
+                    self.handshake_context.extend(
+                        bytearray(client_finished_data.hex(), "utf-8"))
+
+                    spacePrint()
+                    gPrint("Client key", self.cipher.key.hex())
+                    gPrint("Client  iv", self.cipher.ivhex.hex())
+                    gPrint("server key", self.peer_cipher.key.hex())
+                    gPrint("server  iv", self.peer_cipher.ivhex.hex())
+                    spacePrint()
+                    self.data_callback_done('140303000101', self.record.hex())
             elif content_type == ContentType.application_data:
-                self.data_callback(plaintext[:-1])
+                simplePrint("DATA ISSSSSS", plaintext[:-1])
             elif content_type == ContentType.alert:
                 level = AlertLevel.from_value(plaintext[0])
                 description = AlertDescription.from_value(plaintext[1])
@@ -718,10 +792,11 @@ class TLSClientSession:
 
     def pack_client_hello(self):
         data = ContentType.handshake.tls_plaintext(self.client_hello_data)
-        return data 
+        return data
 
     def pack_application_data(self, payload: bytes) -> bytes:
-        inner_plaintext = ContentType.application_data.tls_inner_plaintext(payload)
+        inner_plaintext = ContentType.application_data.tls_inner_plaintext(
+            payload)
         return self.cipher.tls_ciphertext(inner_plaintext)
 
     def pack_alert(self, description: AlertDescription, level: AlertLevel) -> bytes:
@@ -742,4 +817,5 @@ class TLSClientSession:
         return self.pack_warning(AlertDescription.close_notify)
 
     def pack_canceled(self) -> bytes:
-        return self.pack_warning(AlertDescription.user_canceled)
+        return self.pack_warning(AlertDescription.user_canceled)
+

tcp/ciphers.py → tls/ciphers.py

@@ -1,7 +1,35 @@
 import abc
 import nacl.bindings
-from Cryptodome.Cipher import AES
 from .key_schedule import tls_sha256, tls_sha384
+from Cryptodome.Cipher import AES
+from Cryptodome.Util import Counter
+from Cryptodome.Util.number import long_to_bytes, bytes_to_long
+from Utils import *
+
+# GF(2^128) defined by 1 + a + a^2 + a^7 + a^128
+# Please note the MSB is x0 and LSB is x127
+def gf_2_128_mul(x, y):
+    assert x < (1 << 128)
+    assert y < (1 << 128)
+    res = 0
+    for i in range(127, -1, -1):
+        res ^= x * ((y >> i) & 1)  # branchless
+        x = (x >> 1) ^ ((x & 1) * 0xE1000000000000000000000000000000)
+    assert res < 1 << 128
+    return res
+
+
+class InvalidInputException(Exception):
+    def __init__(self, msg):
+        self.msg = msg
+
+    def __str__(self):
+        return str(self.msg)
+
+
+class InvalidTagException(Exception):
+    def __str__(self):
+        return 'The authenticaiton tag is invalid.'
 
 
 class TLS_AEAD_Cipher(abc.ABC):
@@ -32,9 +60,12 @@ class TLS_AEAD_Cipher(abc.ABC):
     def reset(self, secret):
         self.secret = secret
         self.key = self.tls_hash.derive_key(self.secret, self.KEY_LEN)
-        self.iv = int.from_bytes(
-            self.tls_hash.derive_iv(self.secret, self.NONCE_LEN), "big"
-        )
+        print("\n\tkey\t\t", self.key.hex())
+        iv = self.tls_hash.derive_iv(self.secret, self.NONCE_LEN)
+        self.ivhex = iv
+        self.iv = int.from_bytes(iv, "big")
+        print("\n\tiv\t\t", iv.hex())
+
         self.sequence_number = 0
 
     def next_application_traffic_secret(self):
@@ -50,48 +81,43 @@ class TLS_AEAD_Cipher(abc.ABC):
 
     def get_nonce(self):
         nonce = self.sequence_number ^ self.iv
+
         nonce = nonce.to_bytes(self.NONCE_LEN, "big")
+        simplePrint("IV", self.iv)
+        simplePrint("Key", self.key.hex())
+        simplePrint("nonce", nonce.hex())
+        simplePrint("sequence_number", self.sequence_number)
         self.sequence_number += 1
         return nonce
 
     def decrypt(self, ciphertext, associated_data):
         cipher = self.cipher()
+        simplePrint("ciphertext",
+               ciphertext[: -self.MAC_LEN].tobytes().hex())
+        simplePrint("Tag",
+               ciphertext[-self.MAC_LEN:].tobytes().hex())
+        simplePrint("associated_data",
+               associated_data.tobytes().hex())
         cipher.update(associated_data)
         return cipher.decrypt_and_verify(
-            ciphertext[: -self.MAC_LEN], ciphertext[-self.MAC_LEN :]
+            ciphertext[: -self.MAC_LEN], ciphertext[-self.MAC_LEN:]
         )
 
     def encrypt(self, plaintext, associated_data):
         cipher = self.cipher()
-        cipher.update(associated_data)
+        self.update2(associated_data, cipher)
         ciphertext, tag = cipher.encrypt_and_digest(plaintext)
         return ciphertext + tag
 
+    def update2(self,  associated_data, cipher):
+        cipher.update(associated_data)
+
     def tls_ciphertext(self, plaintext):
-        head = b"\x17\x03\x03" + (len(plaintext) + self.MAC_LEN).to_bytes(2, "big")
+        head = b"\x17\x03\x03" + \
+            (len(plaintext) + self.MAC_LEN).to_bytes(2, "big")
         return head + self.encrypt(plaintext, head)
 
 
-class TLS_CHACHA20_POLY1305_SHA256(TLS_AEAD_Cipher):
-    KEY_LEN = 32
-    MAC_LEN = 16
-    tls_hash = tls_sha256
-
-    def cipher(self):
-        ""
-
-    def decrypt(self, ciphertext, associated_data):
-        nonce = self.get_nonce()
-        return nacl.bindings.crypto_aead_chacha20poly1305_ietf_decrypt(
-            bytes(ciphertext), associated_data, nonce, self.key
-        )
-
-    def encrypt(self, plaintext, associated_data):
-        nonce = self.get_nonce()
-        return nacl.bindings.crypto_aead_chacha20poly1305_ietf_encrypt(
-            bytes(plaintext), associated_data, nonce, self.key
-        )
-
 
 class TLS_AES_128_GCM_SHA256(TLS_AEAD_Cipher):
     KEY_LEN = 16
@@ -104,34 +130,3 @@ class TLS_AES_128_GCM_SHA256(TLS_AEAD_Cipher):
         )
 
 
-class TLS_AES_256_GCM_SHA384(TLS_AEAD_Cipher):
-    KEY_LEN = 32
-    MAC_LEN = 16
-    tls_hash = tls_sha384
-
-    def cipher(self):
-        return AES.new(
-            self.key, AES.MODE_GCM, nonce=self.get_nonce(), mac_len=self.MAC_LEN
-        )
-
-
-class TLS_AES_128_CCM_SHA256(TLS_AEAD_Cipher):
-    KEY_LEN = 16
-    MAC_LEN = 16
-    tls_hash = tls_sha256
-
-    def cipher(self):
-        return AES.new(
-            self.key, AES.MODE_CCM, nonce=self.get_nonce(), mac_len=self.MAC_LEN
-        )
-
-
-class TLS_AES_128_CCM_8_SHA256(TLS_AEAD_Cipher):
-    tls_hash = tls_sha256
-    KEY_LEN = 16
-    MAC_LEN = 8
-
-    def cipher(self):
-        return AES.new(
-            self.key, AES.MODE_CCM, nonce=self.get_nonce(), mac_len=self.MAC_LEN
-        )

tls/decrypt.py

@@ -0,0 +1,138 @@
+from Crypto.Cipher import AES
+from Crypto.Util import Counter
+from Crypto.Util.number import long_to_bytes, bytes_to_long
+from Utils import *
+
+# GF(2^128) defined by 1 + a + a^2 + a^7 + a^128
+# Please note the MSB is x0 and LSB is x127
+def gf_2_128_mul(x, y):
+    assert x < (1 << 128)
+    assert y < (1 << 128)
+    res = 0
+    for i in range(127, -1, -1):
+        res ^= x * ((y >> i) & 1)  # branchless
+        x = (x >> 1) ^ ((x & 1) * 0xE1000000000000000000000000000000)
+    assert res < 1 << 128
+    return res
+
+
+class InvalidInputException(Exception):
+    def __init__(self, msg):
+        self.msg = msg
+
+    def __str__(self):
+        return str(self.msg)
+
+
+class InvalidTagException(Exception):
+    def __str__(self):
+        return 'The authenticaiton tag is invalid.'
+
+
+# Galois/Counter Mode with AES-128 and 96-bit IV
+class AES_GCM:
+    def __init__(self, master_key, init_value,seq=0):
+        self.change_key(master_key)
+        self.seq = seq
+        self.init_value = init_value
+        self.b = b''
+
+    def change_key(self, master_key):
+        if master_key >= (1 << 128):
+            raise InvalidInputException('Master key should be 128-bit')
+
+        self.__master_key = long_to_bytes(master_key, 16)
+        self.__aes_ecb = AES.new(self.__master_key, AES.MODE_ECB)
+        self.__auth_key = bytes_to_long(self.__aes_ecb.encrypt(b'\x00' * 16))
+        print("\nEK0", self.__auth_key)
+        table = []  # for 8-bit
+        for i in range(16):
+            row = []
+            for j in range(256):
+                row.append(gf_2_128_mul(self.__auth_key, j << (8 * i)))
+            table.append(tuple(row))
+        self.__pre_table = tuple(table)
+
+        self.prev_init_value = None  # reset
+
+    def __times_auth_key(self, val):
+        res = 0
+        for i in range(16):
+            res ^= self.__pre_table[i][val & 0xFF]
+            val >>= 8
+        return res
+
+    def __ghash(self, aad, txt):
+        len_aad = len(aad)
+        len_txt = len(txt)
+        if 0 == len_aad % 16:
+            data = aad
+        else:
+            data = aad + b'\x00' * (16 - len_aad % 16)
+        if 0 == len_txt % 16:
+            data += txt
+        else:
+            data += txt + b'\x00' * (16 - len_txt % 16)
+        tag = 0
+        assert len(data) % 16 == 0
+        for i in range(len(data) // 16):
+            tag ^= bytes_to_long(data[i * 16: (i + 1) * 16])
+
+            tag = self.__times_auth_key(tag)
+
+        tag ^= ((8 * len_aad) << 64) | (8 * len_txt)
+
+        tag = self.__times_auth_key(tag)
+        return tag
+
+    def getNounce(self):
+        print(self.init_value)
+        n = self.init_value ^ self.seq
+        print(n)
+        self.seq += 1
+        return n
+
+    def decrypt(self, c):
+        while len(c) > 0:
+            assert(c[:3] == b'\x17\x03\x03')
+            a = bytes_to_long(c[3:5])
+            auth_data = c[:5]
+            cipher = c[5:5+a-16]
+            auth_tag = c[5+a-16:5+a]
+            bPrint("auth_data", auth_data.hex())
+            bPrint("cipher", cipher.hex())
+            bPrint("auth_tag", auth_tag.hex())
+            self._decrypt(cipher, auth_tag, auth_data)
+            c = c[5+a:]
+
+    def _decrypt(self,  ciphertext, auth_tag, auth_data=b''):
+        init_value = self.getNounce()
+        # if auth_tag != self.__ghash(auth_data, ciphertext) ^\
+        #         bytes_to_long(self.__aes_ecb.encrypt(
+        #         long_to_bytes((init_value << 32) | 1, 16))):
+        #     raise InvalidTagException
+        # TODO CHECK TAG
+        len_ciphertext = len(ciphertext)
+        if len_ciphertext > 0:
+            counter = Counter.new(
+                nbits=32,
+                prefix=long_to_bytes(init_value, 12),
+                initial_value=2,
+                allow_wraparound=True)
+            aes_ctr = AES.new(self.__master_key, AES.MODE_CTR, counter=counter)
+
+            if 0 != len_ciphertext % 16:
+                padded_ciphertext = ciphertext + \
+                    b'\x00' * (16 - len_ciphertext % 16)
+            else:
+                padded_ciphertext = ciphertext
+            plaintext = aes_ctr.decrypt(padded_ciphertext)[:len_ciphertext]
+
+        else:
+            plaintext = b''
+        self.b += plaintext
+        return plaintext
+
+
+
+

tls/ghash.py

@@ -0,0 +1,126 @@
+from Crypto.Cipher import AES
+from Crypto.Util import Counter
+from Crypto.Util.number import long_to_bytes, bytes_to_long
+from Utils import *
+def gf_2_128_mul(x, y):
+    assert x < (1 << 128)
+    assert y < (1 << 128)
+    res = 0
+    for i in range(127, -1, -1):
+        res ^= x * ((y >> i) & 1)  # branchless
+        x = (x >> 1) ^ ((x & 1) * 0xE1000000000000000000000000000000)
+    assert res < 1 << 128
+    return res
+
+
+class InvalidInputException(Exception):
+    def __init__(self, msg):
+        self.msg = msg
+
+    def __str__(self):
+        return str(self.msg)
+
+
+class InvalidTagException(Exception):
+    def __str__(self):
+        return 'The authenticaiton tag is invalid.'
+
+
+# Galois/Counter Mode with AES-128 and 96-bit IV
+
+class GhashCry:
+    def __init__(self, master_key, init_value):
+        print(type(master_key))
+        print(type(init_value))
+        if master_key >= (1 << 128):
+            raise InvalidInputException('Master key should be 128-bit')
+        self.init_value = init_value
+        self.__master_key = long_to_bytes(master_key, 16)
+        self.__aes_ecb = AES.new(self.__master_key, AES.MODE_ECB)
+        self.__auth_key = bytes_to_long(self.__aes_ecb.encrypt(b'\x00' * 16))
+        self.__last_key = bytes_to_long(self.__aes_ecb.encrypt(
+            long_to_bytes((init_value << 32) | 1, 16)))
+
+    def get(self):
+        return self.__auth_key, self.__last_key
+
+    def encIV(self, n):
+        res = []
+        print(long_to_bytes(self.init_value, 16))
+        print(long_to_bytes(self.init_value << 32, 16))
+        for i in range(n):
+            print(long_to_bytes((self.init_value << 32) + i + 2, 16).hex())
+            a = long_to_bytes((self.init_value << 32) + i + 2, 16)
+            simplePrint("iv", a.hex())
+            r = self.__aes_ecb.encrypt(a)
+            s = "ENC iv "
+            simplePrint(s, r.hex())
+            res.insert(i, r)
+
+        print(res)
+        return res
+
+
+class GhashCon:
+    def __init__(self, __auth_key, __last_key):
+        self.change_key(__auth_key, __last_key)
+
+    def change_key(self, __auth_key, __last_key):
+        self.__auth_key = __auth_key
+        self.__last_key = __last_key
+        # precompute the table for multiplication in finite field
+        table = []  # for 8-bit
+        for i in range(16):
+            row = []
+            for j in range(256):
+                row.append(gf_2_128_mul(self.__auth_key, j << (8 * i)))
+            table.append(tuple(row))
+        self.__pre_table = tuple(table)
+        # print(f"Ghash_0 {tuple(table)}")
+
+        self.prev_init_value = None  # reset
+
+    def __times_auth_key(self, val):
+        res = 0
+        for i in range(16):
+            res ^= self.__pre_table[i][val & 0xFF]
+            val >>= 8
+        return res
+
+    def ghash(self, aad, txt):
+        len_aad = len(aad)
+        len_txt = len(txt)
+
+        # padding
+        print(aad)
+        if 0 == len_aad % 16:
+            data = aad
+        else:
+            data = aad + b'\x00' * (16 - len_aad % 16)
+        print(data)
+        if 0 == len_txt % 16:
+            data += txt
+        else:
+            data += txt + b'\x00' * (16 - len_txt % 16)
+        # print(data)
+        tag = 0
+        assert len(data) % 16 == 0
+        print(len(data))
+        print(len(data) // 16)
+        for i in range(len(data) // 16):
+            print("tag\t", hex(tag))
+            print("data ", i, "\t", data[i * 16: (i + 1) * 16].hex())
+            tag ^= bytes_to_long(data[i * 16: (i + 1) * 16])
+            print("data XOR tag \t", hex(tag))
+            tag = self.__times_auth_key(tag)
+            print("__times_auth_key", tag,  "\n\n")
+        # print 'X\t', hex(tag)
+        tag ^= ((8 * len_aad) << 64) | (8 * len_txt)
+        print("XOR ahib \t", ((8 * len_aad) << 64) | (8 * len_txt))
+        print("tag \t", tag)
+
+        tag = self.__times_auth_key(tag)
+        print("salam man ejra shodam", tag, "\n\n")
+        print("salam man ejra shodam", tag.to_bytes(16, "big").hex(), "\n\n")
+        return tag ^ self.__last_key
+

tcp/key_schedule.py → tls/key_schedule.py

@@ -1,7 +1,7 @@
 import hmac
 import hkdf
 import hashlib
-
+from Utils import *
 
 class TlsHash:
     def __init__(self, hashmod=hashlib.sha256):
@@ -32,12 +32,15 @@ class TlsHash:
     def derive_secret(self, secret: bytes, label: bytes, messages) -> bytes:
         if type(messages) == list:
             messages = b"".join(messages)
+        simplePrint("\n\tHash", label, "\t", bytes(
+            self.hashmod(messages).digest()).hex())
         return self.hkdf_expand_label(
             secret, label, self.hashmod(messages).digest(), self.hash_len
         )
 
-    def transcript_hash(self, *msgs):
-        return self.hashmod(b"".join(msgs)).digest()
+    def transcript_hash(self, msgs):
+
+        return self.hashmod(msgs).digest()
 
     # def transcript_hash(self, client_hello_data, *others):
     #     digest = self.hashmod(client_hello_data).digest()
@@ -58,9 +61,10 @@ class TlsHash:
         return self.hkdf_expand_label(base_key, b"finished", b"", self.hash_len)
 
     def verify_data(self, secret: bytes, msg: bytes) -> bytes:
-        return hmac.new(
+        a = hmac.new(
             self.finished_key(secret), self.transcript_hash(msg), self.hashmod
         ).digest()
+        return a
 
     def scheduler(self, ecdhe: bytes, psk: bytes = None):
         return KeyScheduler(self, ecdhe, psk)
@@ -98,14 +102,21 @@ class KeyScheduler:
         self.ecdhe = ecdhe
 
         self.early_secret = self.tls_hash.hkdf_extract(None, psk)
+        simplePrint("\n\tearly_secret\t", self.early_secret.hex())
+
         self.first_salt = self.tls_hash.derive_secret(
             self.early_secret, b"derived", b""
         )
-        self.handshake_secret = self.tls_hash.hkdf_extract(self.first_salt, self.ecdhe)
+        simplePrint("\n\tderived_secret\t", self.first_salt.hex())
+        self.handshake_secret = self.tls_hash.hkdf_extract(
+            self.first_salt, self.ecdhe)
+        simplePrint("\n\thandshake_sec\t", self.handshake_secret.hex())
         self.second_salt = self.tls_hash.derive_secret(
             self.handshake_secret, b"derived", b""
         )
+        simplePrint("\n\tsecond_salt\t", self.second_salt.hex())
         self.master_secret = self.tls_hash.hkdf_extract(self.second_salt, None)
+        simplePrint("\n\tmaster_secret\t", self.master_secret.hex())
 
     def client_handshake_traffic_secret(self, messages) -> bytes:
         return self.tls_hash.derive_secret(
@@ -142,4 +153,4 @@ class KeyScheduler:
         secret = self.resumption_master_secret(messages)
         return self.tls_hash.hkdf_expand_label(
             secret, b"resumption", ticket_nonce, self.tls_hash.hash_len
-        )
+        )

tcp/models.py → tls/models.py

@@ -94,44 +94,44 @@ class NameType(enum.IntEnum):
 
 class SignatureScheme(enum.IntEnum):
     # RSASSA-PKCS1-v1_5 algorithms
-    # rsa_pkcs1_sha256 = 0x0401
-    # rsa_pkcs1_sha384 = 0x0501
-    # rsa_pkcs1_sha512 = 0x0601
-    # # ECDSA algorithms
-    # ecdsa_secp256r1_sha256 = 0x0403
-    # ecdsa_secp384r1_sha384 = 0x0503
-    # ecdsa_secp521r1_sha512 = 0x0603
-    # # RSASSA-PSS algorithms with public key OID rsaEncryption
-    # rsa_pss_rsae_sha256 = 0x0804
-    # rsa_pss_rsae_sha384 = 0x0805
-    # rsa_pss_rsae_sha512 = 0x0806
-    # EdDSA algorithms
+    rsa_pkcs1_sha256 = 0x0401
+    rsa_pkcs1_sha384 = 0x0501
+    rsa_pkcs1_sha512 = 0x0601
+    # ECDSA algorithms
+    ecdsa_secp256r1_sha256 = 0x0403
+    ecdsa_secp384r1_sha384 = 0x0503
+    ecdsa_secp521r1_sha512 = 0x0603
+    # RSASSA-PSS algorithms with public key OID rsaEncryption
+    rsa_pss_rsae_sha256 = 0x0804
+    rsa_pss_rsae_sha384 = 0x0805
+    rsa_pss_rsae_sha512 = 0x0806
+    # # EdDSA algorithms
     ed25519 = 0x0807
     # ed448 = 0x0808
     # # RSASSA-PSS algorithms with public key OID RSASSA-PSS
-    # rsa_pss_pss_sha256 = 0x0809
-    # rsa_pss_pss_sha384 = 0x080a
-    # rsa_pss_pss_sha512 = 0x080b
-    # # Legacy algorithms
-    # rsa_pkcs1_sha1 = 0x0201
-    # ecdsa_sha1 = 0x0203
+    rsa_pss_pss_sha256 = 0x0809
+    rsa_pss_pss_sha384 = 0x080a
+    rsa_pss_pss_sha512 = 0x080b
+    # Legacy algorithms
+    rsa_pkcs1_sha1 = 0x0201
+    ecdsa_sha1 = 0x0203
     # # Reserved Code Points
     # # private_use(0xFE00..0xFFFF)
 
 
 class NamedGroup(enum.IntEnum):
     # Elliptic Curve Groups (ECDHE)
-    # secp256r1 = 0x0017
-    # secp384r1 = 0x0018
-    # secp521r1 = 0x0019
+    secp256r1 = 0x0017
+    secp384r1 = 0x0018
+    secp521r1 = 0x0019
     x25519 = 0x001D
-    # x448 = 0x001E
+    x448 = 0x001E
     # # Finite Field Groups (DHE)
-    # ffdhe2048 = 0x0100
-    # ffdhe3072 = 0x0101
-    # ffdhe4096 = 0x0102
-    # ffdhe6144 = 0x0103
-    # ffdhe8192 = 0x0104
+    ffdhe2048 = 0x0100
+    ffdhe3072 = 0x0101
+    ffdhe4096 = 0x0102
+    ffdhe6144 = 0x0103
+    ffdhe8192 = 0x0104
     # Reserved Code Points
     # ffdhe_private_use(0x01FC..0x01FF)
     # ecdhe_private_use(0xFE00..0xFEFF)
@@ -164,7 +164,8 @@ class ContentType(enum.IntEnum):
 
 class TLSCiphertext(schema.BinarySchema):
     opaque_type = schema.MustEqual(
-        schema.SizedIntEnum(schema.uint8, ContentType), ContentType.application_data
+        schema.SizedIntEnum(
+            schema.uint8, ContentType), ContentType.application_data
     )
     legacy_record_version = schema.MustEqual(schema.Bytes(2), b"\x03\x03")
     encrypted_record = schema.LengthPrefixedBytes(schema.uint16be)
@@ -175,7 +176,8 @@ class ServerName(schema.BinarySchema):
         schema.SizedIntEnum(schema.uint8, NameType), NameType.host_name
     )
     name = schema.Switch(
-        "name_type", {NameType.host_name: schema.LengthPrefixedString(schema.uint16be)}
+        "name_type", {
+            NameType.host_name: schema.LengthPrefixedString(schema.uint16be)}
     )
 
 
@@ -198,12 +200,14 @@ class KeyShareEntry(schema.BinarySchema):
 
 extensions = {
     ExtensionType.server_name: schema.LengthPrefixedObject(
-        schema.uint16be, schema.LengthPrefixedObjectList(schema.uint16be, ServerName)
+        schema.uint16be, schema.LengthPrefixedObjectList(
+            schema.uint16be, ServerName)
     ),
     ExtensionType.signature_algorithms: schema.LengthPrefixedObject(
         schema.uint16be,
         schema.LengthPrefixedObjectList(
-            schema.uint16be, schema.SizedIntEnum(schema.uint16be, SignatureScheme)
+            schema.uint16be, schema.SizedIntEnum(
+                schema.uint16be, SignatureScheme)
         ),
     ),
     ExtensionType.supported_groups: schema.LengthPrefixedObject(
@@ -226,10 +230,12 @@ extensions = {
 
 client_extensions = extensions.copy()
 client_extensions[ExtensionType.supported_versions] = schema.LengthPrefixedObject(
-    schema.uint16be, schema.LengthPrefixedObjectList(schema.uint8, schema.Bytes(2))
+    schema.uint16be, schema.LengthPrefixedObjectList(
+        schema.uint8, schema.Bytes(2))
 )
 client_extensions[ExtensionType.key_share] = schema.LengthPrefixedObject(
-    schema.uint16be, schema.LengthPrefixedObjectList(schema.uint16be, KeyShareEntry)
+    schema.uint16be, schema.LengthPrefixedObjectList(
+        schema.uint16be, KeyShareEntry)
 )
 server_extensions = extensions.copy()
 server_extensions[ExtensionType.supported_versions] = schema.LengthPrefixedBytes(
@@ -296,7 +302,8 @@ class ClientHello(schema.BinarySchema):
         schema.uint16be, schema.SizedIntEnum(schema.uint16be, CipherSuite)
     )
     legacy_compression_methods = schema.MustEqual(schema.Bytes(2), b"\x01\x00")
-    extensions = schema.LengthPrefixedObjectList(schema.uint16be, ClientExtension)
+    extensions = schema.LengthPrefixedObjectList(
+        schema.uint16be, ClientExtension)
 
 
 class ServerHello(schema.BinarySchema):
@@ -305,7 +312,8 @@ class ServerHello(schema.BinarySchema):
     legacy_session_id_echo = schema.LengthPrefixedBytes(schema.uint8)
     cipher_suite = schema.SizedIntEnum(schema.uint16be, CipherSuite)
     legacy_compression_method = schema.MustEqual(schema.uint8, 0)
-    extensions = schema.LengthPrefixedObjectList(schema.uint16be, ServerExtension)
+    extensions = schema.LengthPrefixedObjectList(
+        schema.uint16be, ServerExtension)
 
     def get_cipher(self):
         if self.cipher_suite == CipherSuite.TLS_AES_128_GCM_SHA256:
@@ -328,7 +336,8 @@ class ServerHello(schema.BinarySchema):
 
 class CertificateEntry(schema.BinarySchema):
     cert_data = schema.LengthPrefixedBytes(schema.uint24be)
-    extensions = schema.LengthPrefixedObjectList(schema.uint16be, ServerExtension)
+    extensions = schema.LengthPrefixedObjectList(
+        schema.uint16be, ServerExtension)
     # # x = x509.load_der_x509_certificate(data=cert_data, backend=backend)
     # # x = load_certificate(FILETYPE_ASN1, cert_data)
     # from tls.Crypto.PublicKey import RSA
@@ -352,7 +361,8 @@ class NewSessionTicket(schema.BinarySchema):
     ticket_age_add = schema.uint32be
     ticket_nonce = schema.LengthPrefixedBytes(schema.uint8)
     ticket = schema.LengthPrefixedBytes(schema.uint16be)
-    extensions = schema.LengthPrefixedObjectList(schema.uint16be, ServerExtension)
+    extensions = schema.LengthPrefixedObjectList(
+        schema.uint16be, ServerExtension)
 
     def __post_init__(self):
         self.outdated_time = time.time() + min(self.ticket_lifetime, MAX_LIFETIME)
@@ -485,4 +495,4 @@ class TLSInnerPlaintext(schema.BinarySchema):
         padding_len = len(bytes_) - len(bytes_without_padding)
         content = bytes_without_padding[:-1]
         content_type = bytes_without_padding[-1]
-        return cls(content, ContentType(content_type), b"\x00" * padding_len)
+        return cls(content, ContentType(content_type), b"\x00" * padding_len)

tls/pycryptoMod/AUTHORS.rst

@@ -1,49 +0,0 @@
-Simon Arneaud
-Nevins Bartolomeo
-Thorsten E. Behrens
-Tim Berners-Lee
-Frédéric Bertolus
-Ian Bicking
-Joris Bontje
-Antoon Bosselaers
-Andrea Bottoni
-Jean-Paul Calderone
-Sergey Chernov
-Geremy Condra
-Jan Dittberner
-Andrew Eland
-Philippe Frycia
-Peter Gutmann
-Hirendra Hindocha
-Nikhil Jhingan
-Sebastian Kayser
-Ryan Kelly
-Andrew M. Kuchling
-Piers Lauder
-Legrandin
-M.-A. Lemburg
-Wim Lewis
-Darsey C. Litzenberger
-Richard Mitchell
-Mark Moraes
-Lim Chee Siang
-Bryan Olson
-Wallace Owen
-Colin Plumb
-Robey Pointer
-Lorenz Quack
-Sebastian Ramacher
-Jeethu Rao
-James P. Rutledge
-Matt Schreiner
-Peter Simmons
-Janne Snabb
-Tom St. Denis
-Anders Sundman
-Paul Swartz
-Fabrizio Tarizzo
-Kevin M. Turner
-Barry A. Warsaw
-Eric Young
-Hannes van Niekerk
-Stefan Seering

tls/pycryptoMod/Changelog.rst

@@ -1,746 +0,0 @@
-Changelog
-=========
-
-3.9.8 (23 June 2020)
-++++++++++++++++++++
-
-Resolved issues
----------------
-* GH#426: The Shamir's secret sharing implementation is not actually compatible with ``ssss``.
-  Added an optional parameter to enable interoperability.
-* GH#427: Skip altogether loading of ``gmp.dll`` on Windows.
-* GH#420: Fix incorrect CFB decryption when the input and the output are the same buffer.
-
-New features
-------------
-* Speed up Shamir's secret sharing routines. Thanks to ncarve.
-
-3.9.7 (20 February 2020)
-++++++++++++++++++++++++
-
-Resolved issues
----------------
-* GH#381: Make notarization possible again on OS X when using wheels.
-  Thanks to Colin Atkinson.
-
-3.9.6 (2 February 2020)
-++++++++++++++++++++++++
-
-Resolved issues
----------------
-* Fix building of wheels for OS X by explicitly setting `sysroot` location.
-
-3.9.5 (1 February 2020)
-++++++++++++++++++++++++
-
-Resolved issues
----------------
-* RSA OAEP decryption was not verifying that all ``PS`` bytes are zero.
-* GH#372: fixed memory leak for operations that use memoryviews when `cffi` is not installed.
-* Fixed wrong ASN.1 OID for HMAC-SHA512 in PBE2.
-
-New features
-------------
-* Updated Wycheproof test vectors to version 0.8r12.
-
-3.9.4 (18 November 2019)
-++++++++++++++++++++++++
-
-Resolved issues
----------------
-* GH#341: Prevent ``key_to_english`` from creating invalid data when fed with
-  keys of length not multiple of 8. Thanks to vstoykovbg.
-* GH#347: Fix blocking RSA signing/decryption when key has very small factor.
-  Thanks to Martijn Pieters.
-
-3.9.3 (12 November 2019)
-++++++++++++++++++++++++
-
-Resolved issues
----------------
-* GH#308: Align stack of functions using SSE2 intrinsics to avoid crashes,
-  when compiled with gcc on 32-bit x86 platforms.
-
-3.9.2 (10 November 2019)
-++++++++++++++++++++++++
-
-New features
-------------
-* Add Python 3.8 wheels for Mac.
-
-Resolved issues
----------------
-* GH#308: Avoid allocating arrays of ``__m128i`` on the stack, to cope with buggy compilers.
-* GH#322: Remove blanket ``-O3`` optimization for gcc and clang, to cope with buggy compilers.
-* GH#337: Fix typing stubs for signatures.
-* GH#338: Deal with gcc installations that don't have ``x86intrin.h``.
-
-3.9.1 (1 November 2019)
-++++++++++++++++++++++++
-
-New features
-------------
-* Add Python 3.8 wheels for Linux and Windows.
-
-Resolved issues
----------------
-
-* GH#328: minor speed-up when importing RSA.
-
-3.9.0 (27 August 2019)
-+++++++++++++++++++++++
-
-New features
-------------
-
-* Add support for loading PEM files encrypted with AES256-CBC.
-* Add support for XChaCha20 and XChaCha20-Poly1305 ciphers.
-* Add support for bcrypt key derivation function (``Crypto.Protocol.KDF.bcrypt``).
-* Add support for left multiplication of an EC point by a scalar.
-* Add support for importing ECC and RSA keys in the new OpenSSH format.
-
-Resolved issues
----------------
-
-* GH#312: it was not possible to invert an EC point anymore.
-* GH#316: fix printing of DSA keys.
-* GH#317: ``DSA.generate()`` was not always using the ``randfunc`` input.
-* GH#285: the MD2 hash had block size of 64 bytes instead of 16; as result the HMAC construction gave incorrect results.
-
-3.8.2 (30 May 2019)
-+++++++++++++++++++++++
-
-Resolved issues
----------------
-
-* GH#291: fix strict aliasing problem, emerged with GCC 9.1.
-
-3.8.1 (4 April 2019)
-+++++++++++++++++++++++
-
-New features
-------------
-
-* Add support for loading PEM files encrypted with AES192-CBC and AES256-GCM.
-* When importing ECC keys in PEM format, ignore the redundant EC PARAMS section that was included by certain openssl commands.
-
-Resolved issues
----------------
-
-* ``repr()`` did not work for ``ECC.EccKey`` objects.
-* Fix installation in development mode (``setup install develop`` or ``pip install -e .``).
-* Minimal length for Blowfish cipher is 32 bits, not 40 bits.
-* Various updates to docs.
-
-3.8.0 (23 March 2019)
-+++++++++++++++++++++++
-
-New features
-------------
-
-* Speed-up ECC performance. ECDSA is 33 times faster on the NIST P-256 curve.
-* Added support for NIST P-384 and P-521 curves.
-* ``EccKey`` has new methods ``size_in_bits()`` and ``size_in_bytes()``.
-* Support HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512 in PBE2/PBKDF2.
-
-Resolved issues
----------------
-
-* DER objects were not rejected if their length field had a leading zero.
-* Allow legacy RC2 ciphers to have 40-bit keys.
-* ASN.1 Object IDs did not allow the value 0 in the path.
-
-Breaks in compatibility
------------------------
-
-* ``point_at_infinity()`` becomes an instance method for ``Crypto.PublicKey.ECC.EccKey``, from a static one.
-
-3.7.3 (19 January 2019)
-+++++++++++++++++++++++
-
-Resolved issues
----------------
-
-* GH#258: False positive on PSS signatures when externally provided salt is too long.
-* Include type stub files for ``Crypto.IO`` and ``Crypto.Util``.
-
-3.7.2 (26 November 2018)
-++++++++++++++++++++++++
-
-Resolved issues
----------------
-
-* GH#242: Fixed compilation problem on ARM platforms.
-
-3.7.1 (25 November 2018)
-++++++++++++++++++++++++
-
-New features
-------------
-
-* Added type stubs to enable static type checking with mypy. Thanks to Michael Nix.
-* New ``update_after_digest`` flag for CMAC.
-
-Resolved issues
----------------
-
-* GH#232: Fixed problem with gcc 4.x when compiling ``ghash_clmul.c``.
-* GH#238: Incorrect digest value produced by CMAC after cloning the object.
-* Method ``update()`` of an EAX cipher object was returning the underlying CMAC object,
-  instead of the EAX object itself.
-* Method ``update()`` of a CMAC object was not throwing an exception after the digest
-  was computed (with ``digest()`` or ``verify()``).
-
-3.7.0 (27 October 2018)
-+++++++++++++++++++++++
-
-New features
-------------
-
-* Added support for Poly1305 MAC (with AES and ChaCha20 ciphers for key derivation).
-* Added support for ChaCha20-Poly1305 AEAD cipher.
-* New parameter ``output`` for ``Crypto.Util.strxor.strxor``, ``Crypto.Util.strxor.strxor_c``,
-  ``encrypt`` and ``decrypt`` methods in symmetric ciphers (``Crypto.Cipher`` package).
-  ``output`` is a pre-allocated buffer (a ``bytearray`` or a writeable ``memoryview``)
-  where the result must be stored.
-  This requires less memory for very large payloads; it is also more efficient when
-  encrypting (or decrypting) several small payloads.
-
-Resolved issues
----------------
-
-* GH#266: AES-GCM hangs when processing more than 4GB at a time on x86 with PCLMULQDQ instruction.
-
-Breaks in compatibility
------------------------
-
-* Drop support for Python 3.3.
-* Remove ``Crypto.Util.py3compat.unhexlify`` and ``Crypto.Util.py3compat.hexlify``.
-* With the old Python 2.6, use only ``ctypes`` (and not ``cffi``) to interface to native code.
-
-3.6.6 (17 August 2018)
-++++++++++++++++++++++
-
-Resolved issues
----------------
-
-* GH#198: Fix vulnerability on AESNI ECB with payloads smaller than 16 bytes (CVE-2018-15560).
-
-3.6.5 (12 August 2018)
-++++++++++++++++++++++
-
-Resolved issues
----------------
-
-* GH#187: Fixed incorrect AES encryption/decryption with AES acceleration on x86
-  due to gcc's optimization and strict aliasing rules.
-* GH#188: More prime number candidates than necessary where discarded as composite
-  due to the limited way D values were searched in the Lucas test.
-* Fixed ResouceWarnings and DeprecationWarnings.
-* Workaround for Python 3.7.0 bug on Windows (https://bugs.python.org/issue34108).
-
-3.6.4 (10 July 2018)
-+++++++++++++++++++++
-
-New features
-------------
-
-* Build Python 3.7 wheels on Linux, Windows and Mac.
-
-Resolved issues
----------------
-
-* GH#178: Rename ``_cpuid`` module to make upgrades more robust.
-* More meaningful exceptions in case of mismatch in IV length (CBC/OFB/CFB modes).
-* Fix compilation issues on Solaris 10/11.
-
-3.6.3 (21 June 2018)
-+++++++++++++++++++++
-
-Resolved issues
----------------
-
-* GH#175: Fixed incorrect results for CTR encryption/decryption with more than 8 blocks.
-
-3.6.2 (19 June 2018)
-+++++++++++++++++++++
-
-New features
-------------
-* ChaCha20 accepts 96 bit nonces (in addition to 64 bit nonces)
-  as defined in RFC7539.
-* Accelerate AES-GCM on x86 using PCLMULQDQ instruction.
-* Accelerate AES-ECB and AES-CTR on x86 by pipelining AESNI instructions.
-* As result of the two improvements above, on x86 (Broadwell):
-
-  - AES-ECB and AES-CTR are 3x faster
-  - AES-GCM is 9x faster
-
-Resolved issues
----------------
-
-* On Windows, MPIR library was stilled pulled in if renamed to ``gmp.dll``.
-
-Breaks in compatibility
------------------------
-
-* In ``Crypto.Util.number``, functions ``floor_div`` and ``exact_div``
-  have been removed. Also, ``ceil_div`` is limited to non-negative terms only.
-
-3.6.1 (15 April 2018)
-+++++++++++++++++++++
-
-New features
-------------
-* Added Google Wycheproof tests (https://github.com/google/wycheproof)
-  for RSA, DSA, ECDSA, GCM, SIV, EAX, CMAC.
-* New parameter ``mac_len`` (length of MAC tag) for CMAC.
-
-Resolved issues
----------------
-
-* In certain circumstances (at counter wrapping, which happens on average after
-  32 GB) AES GCM produced wrong ciphertexts.
-* Method ``encrypt()`` of AES SIV cipher could be still called,
-  whereas only ``encrypt_and_digest()`` is allowed.
-
-3.6.0 (8 April 2018)
-++++++++++++++++++++
-
-New features
-------------
-* Introduced ``export_key`` and deprecated ``exportKey`` for DSA and RSA key
-  objects.
-* Ciphers and hash functions accept ``memoryview`` objects in input.
-* Added support for SHA-512/224 and SHA-512/256.
-
-Resolved issues
----------------
-
-* Reintroduced ``Crypto.__version__`` variable as in PyCrypto.
-* Fixed compilation problem with MinGW.
-
-3.5.1 (8 March 2018)
-++++++++++++++++++++
-
-Resolved issues
----------------
-
-* GH#142. Fix mismatch with declaration and definition of addmul128.
-
-3.5.0 (7 March 2018)
-++++++++++++++++++++
-
-New features
-------------
-* Import and export of ECC curves in compressed form.
-* The initial counter for a cipher in CTR mode can be a byte string
-  (in addition to an integer).
-* Faster PBKDF2 for HMAC-based PRFs (at least 20x for short passwords,
-  more for longer passwords). Thanks to Christian Heimes for pointing
-  out the implementation was under-optimized.
-* The salt for PBKDF2 can be either a string or bytes (GH#67).
-* Ciphers and hash functions accept data as `bytearray`, not just
-  binary strings.
-* The old SHA-1 and MD5 hash functions are available even when Python's
-  own `hashlib` does not include them.
-
-Resolved issues
----------------
-
-* Without libgmp, modular exponentiation (since v3.4.8) crashed
-  on 32-bit big-endian systems.
-
-Breaks in compatibility
------------------------
-
-* Removed support for Python < 2.6.
-
-3.4.12 (5 February 2018)
-++++++++++++++++++++++++
-
-Resolved issues
----------------
-
-* GH#129. pycryptodomex could only be installed via wheels.
-
-3.4.11 (5 February 2018)
-++++++++++++++++++++++++
-
-Resolved issues
----------------
-
-* GH#121. the record list was still not correct due to PEP3147
-  and __pycache__ directories. Thanks again to John O'Brien.
-
-3.4.10 (2 February 2018)
-++++++++++++++++++++++++
-
-Resolved issues
----------------
-
-* When creating ElGamal keys, the generator wasn't a square residue:
-  ElGamal encryption done with those keys cannot be secure under
-  the DDH assumption. Thanks to Weikeng Chen.
-
-3.4.9 (1 February 2018)
-+++++++++++++++++++++++
-
-New features
-------------
-* More meaningful error messages while importing an ECC key.
-
-Resolved issues
----------------
-
-* GH#123 and #125. The SSE2 command line switch was not always passed on 32-bit x86 platforms.
-* GH#121. The record list (--record) was not always correctly filled for the
-  pycryptodomex package. Thanks to John W. O'Brien.
-
-3.4.8 (27 January 2018)
-+++++++++++++++++++++++
-
-New features
-------------
-
-* Added a native extension in pure C for modular exponentiation, optimized for SSE2 on x86.
-  In the process, we drop support for the arbitrary arithmetic library MPIR
-  on Windows, which is painful to compile and deploy.
-  The custom  modular exponentiation is 130% (160%) slower on an Intel CPU in 32-bit (64-bit) mode,
-  compared to MPIR. Still, that is much faster that CPython's own `pow()` function which
-  is 900% (855%) slower than MPIR. Support for the GMP library on Unix remains.
-* Added support for *manylinux* wheels.
-* Support for Python 3.7.
-
-Resolved issues
----------------
-
-* The DSA parameter 'p' prime was created with 255 bits cleared
-  (but still with the correct strength).
-* GH#106. Not all docs were included in the tar ball.
-  Thanks to Christopher Hoskin.
-* GH#109. ECDSA verification failed for DER encoded signatures.
-  Thanks to Alastair Houghton.
-* Human-friendly messages for padding errors with ECB and CBC.
-
-3.4.7 (26 August 2017)
-++++++++++++++++++++++
-
-New features
-------------
-
-* API documentation is made with sphinx instead of epydoc.
-* Start using ``importlib`` instead of ``imp`` where available.
-
-Resolved issues
----------------
-
-* GH#82. Fixed PEM header for RSA/DSA public keys.
-
-3.4.6 (18 May 2017)
-+++++++++++++++++++++++
-
-Resolved issues
----------------
-
-* GH#65. Keccak, SHA3, SHAKE and the seek functionality for ChaCha20 were
-  not working on big endian machines. Fixed. Thanks to Mike Gilbert.
-* A few fixes in the documentation.
-
-3.4.5 (6 February 2017)
-+++++++++++++++++++++++
-
-Resolved issues
----------------
-
-* The library can also be compiled using MinGW.
-
-3.4.4 (1 February 2017)
-+++++++++++++++++++++++
-
-Resolved issues
----------------
-
-* Removed use of ``alloca()``.
-* [Security] Removed implementation of deprecated "quick check" feature of PGP block cipher mode.
-* Improved the performance of ``scrypt`` by converting some Python to C.
-
-3.4.3 (17 October 2016)
-+++++++++++++++++++++++
-
-Resolved issues
----------------
-
-* Undefined warning was raised with libgmp version < 5
-* Forgot inclusion of ``alloca.h``
-* Fixed a warning about type mismatch raised by recent versions of cffi
-
-3.4.2 (8 March 2016)
-++++++++++++++++++++
-
-
-Resolved issues
----------------
-
-* Fix renaming of package for ``install`` command.
-
-
-3.4.1 (21 February 2016)
-++++++++++++++++++++++++
-
-New features
-------------
-
-* Added option to install the library under the ``Cryptodome`` package
-  (instead of ``Crypto``).
-
-3.4 (7 February 2016)
-+++++++++++++++++++++
-
-New features
-------------
-
-* Added ``Crypto.PublicKey.ECC`` module (NIST P-256 curve only), including export/import of ECC keys.
-* Added support for ECDSA (FIPS 186-3 and RFC6979).
-* For CBC/CFB/OFB/CTR cipher objects, ``encrypt()`` and ``decrypt()`` cannot be intermixed.
-* CBC/CFB/OFB, the cipher objects have both ``IV`` and ``iv`` attributes.
-  ``new()`` accepts ``IV`` as well as ``iv`` as parameter.
-* For CFB/OPENPGP cipher object, ``encrypt()`` and ``decrypt()`` do not require the plaintext
-  or ciphertext pieces to have length multiple of the CFB segment size.
-* Added dedicated tests for all cipher modes, including NIST test vectors
-* CTR/CCM/EAX/GCM/SIV/Salsa20/ChaCha20 objects expose the ``nonce`` attribute.
-* For performance reasons, CCM cipher optionally accepted a pre-declaration of
-  the length of the associated data, but never checked if the actual data passed
-  to the cipher really matched that length. Such check is now enforced.
-* CTR cipher objects accept parameter ``nonce`` and possibly ``initial_value`` in
-  alternative to ``counter`` (which is deprecated).
-* All ``iv``/``IV`` and ``nonce`` parameters are optional. If not provided,
-  they will be randomly generated (exception: ``nonce`` for CTR mode in case
-  of block sizes smaller than 16 bytes).
-* Refactored ARC2 cipher.
-* Added ``Crypto.Cipher.DES3.adjust_key_parity()`` function.
-* Added ``RSA.import_key`` as an alias to the deprecated ``RSA.importKey``
-  (same for the ``DSA`` module).
-* Added ``size_in_bits()`` and ``size_in_bytes()`` methods to ``RsaKey``.
-
-Resolved issues
----------------
-
-* RSA key size is now returned correctly in ``RsaKey.__repr__()`` method (kudos to *hannesv*).
-* CTR mode does not modify anymore ``counter`` parameter passed to ``new()`` method.
-* CTR raises ``OverflowError`` instead of ``ValueError`` when the counter wraps around.
-* PEM files with Windows newlines could not be imported.
-* ``Crypto.IO.PEM`` and ``Crypto.IO.PKCS8`` used to accept empty passphrases.
-* GH#6: NotImplementedError now raised for unsupported methods ``sign``, ``verify``,
-  ``encrypt``, ``decrypt``, ``blind``, ``unblind`` and ``size`` in objects ``RsaKey``, ``DsaKey``,
-  ``ElGamalKey``.
-
-Breaks in compatibility
------------------------
-
-* Parameter ``segment_size`` cannot be 0 for the CFB mode.
-* For OCB ciphers, a final call without parameters to ``encrypt`` must end a sequence
-  of calls to ``encrypt`` with data (similarly for ``decrypt``).
-* Key size for ``ARC2``, ``ARC4`` and ``Blowfish`` must be at least 40 bits long (still very weak).
-* DES3 (Triple DES module) does not allow keys that degenerate to Single DES.
-* Removed method ``getRandomNumber`` in ``Crypto.Util.number``.
-* Removed module ``Crypto.pct_warnings``.
-* Removed attribute ``Crypto.PublicKey.RSA.algorithmIdentifier``.
-
-3.3.1 (1 November 2015)
-+++++++++++++++++++++++
-
-New features
-------------
-
-* Opt-in for ``update()`` after ``digest()`` for SHA-3, keccak, BLAKE2 hashes
-
-Resolved issues
----------------
-
-* Removed unused SHA-3 and keccak test vectors, therefore significantly reducing
-  the package from 13MB to 3MB.
-
-Breaks in compatibility
------------------------
-
-* Removed method ``copy()`` from BLAKE2 hashes
-* Removed ability to ``update()`` a BLAKE2 hash after the first call to ``(hex)digest()``
-
-3.3 (29 October 2015)
-+++++++++++++++++++++
-
-New features
-------------
-
-* Windows wheels bundle the MPIR library
-* Detection of faults occurring during secret RSA operations
-* Detection of non-prime (weak) q value in DSA domain parameters
-* Added original Keccak hash family (b=1600 only).
-  In the process, simplified the C code base for SHA-3.
-* Added SHAKE128 and SHAKE256 (of SHA-3 family)
-
-Resolved issues
----------------
-
-* GH#3: gcc 4.4.7 unhappy about double typedef
-
-Breaks in compatibility
------------------------
-
-* Removed method ``copy()`` from all SHA-3 hashes
-* Removed ability to ``update()`` a SHA-3 hash after the first call to ``(hex)digest()``
-
-3.2.1 (9 September 2015)
-++++++++++++++++++++++++
-
-New features
-------------
-
-* Windows wheels are automatically built on Appveyor
-
-3.2 (6 September 2015)
-++++++++++++++++++++++
-
-New features
-------------
-
-* Added hash functions BLAKE2b and BLAKE2s.
-* Added stream cipher ChaCha20.
-* Added OCB cipher mode.
-* CMAC raises an exception whenever the message length is found to be
-  too large and the chance of collisions not negligeable.
-* New attribute ``oid`` for Hash objects with ASN.1 Object ID
-* Added ``Crypto.Signature.pss`` and ``Crypto.Signature.pkcs1_15``
-* Added NIST test vectors (roughly 1200) for PKCS#1 v1.5 and PSS signatures.
-
-Resolved issues
----------------
-
-* tomcrypt_macros.h asm error #1
-
-Breaks in compatibility
------------------------
-
-* Removed keyword ``verify_x509_cert`` from module method ``importKey`` (RSA and DSA).
-* Reverted to original PyCrypto behavior of method ``verify`` in ``PKCS1_v1_5``
-  and ``PKCS1_PSS``.
-
-3.1 (15 March 2015)
-+++++++++++++++++++
-
-New features
-------------
-
-* Speed up execution of Public Key algorithms on PyPy, when backed
-  by the Gnu Multiprecision (GMP) library.
-* GMP headers and static libraries are not required anymore at the time
-  PyCryptodome is built. Instead, the code will automatically use the
-  GMP dynamic library (.so/.DLL) if found in the system at runtime.
-* Reduced the amount of C code by almost 40% (4700 lines).
-  Modularized and simplified all code (C and Python) related to block ciphers.
-  Pycryptodome is now free of CPython extensions.
-* Add support for CI in Windows via Appveyor.
-* RSA and DSA key generation more closely follows FIPS 186-4 (though it is
-  not 100% compliant).
-
-Resolved issues
----------------
-
-* None
-
-Breaks in compatibility
------------------------
-
-* New dependency on ctypes with Python 2.4.
-* The ``counter`` parameter of a CTR mode cipher must be generated via
-  ``Crypto.Util.Counter``. It cannot be a generic callable anymore.
-* Removed the ``Crypto.Random.Fortuna`` package (due to lack of test vectors).
-* Removed the ``Crypto.Hash.new`` function.
-* The ``allow_wraparound`` parameter of ``Crypto.Util.Counter`` is ignored.
-  An exception is always generated if the counter is reused.
-* ``DSA.generate``, ``RSA.generate`` and ``ElGamal.generate`` do not
-  accept the ``progress_func`` parameter anymore.
-* Removed ``Crypto.PublicKey.RSA.RSAImplementation``.
-* Removed ``Crypto.PublicKey.DSA.DSAImplementation``.
-* Removed ambiguous method ``size()`` from RSA, DSA and ElGamal keys.
-
-3.0 (24 June 2014)
-++++++++++++++++++
-
-New features
-------------
-
-* Initial support for PyPy.
-* SHA-3 hash family based on the April 2014 draft of FIPS 202.
-  See modules ``Crypto.Hash.SHA3_224/256/384/512``.
-  Initial Keccak patch by Fabrizio Tarizzo.
-* Salsa20 stream cipher. See module ``Crypto.Cipher.Salsa20``.
-  Patch by Fabrizio Tarizzo.
-* Colin Percival's ``scrypt`` key derivation function (``Crypto.Protocol.KDF.scrypt``).
-* Proper interface to FIPS 186-3 DSA. See module ``Crypto.Signature.DSS``.
-* Deterministic DSA (RFC6979). Again, see ``Crypto.Signature.DSS``.
-* HMAC-based Extract-and-Expand key derivation function
-  (``Crypto.Protocol.KDF.HKDF``, RFC5869).
-* Shamir's Secret Sharing protocol, compatible with *ssss* (128 bits only).
-  See module ``Crypto.Protocol.SecretSharing``.
-* Ability to generate a DSA key given the domain parameters.
-* Ability to test installation with a simple ``python -m Crypto.SelfTest``.
-
-Resolved issues
----------------
-
-* LP#1193521: ``mpz_powm_sec()`` (and Python) crashed when modulus was odd.
-* Benchmarks work again (they broke when ECB stopped working if
-  an IV was passed. Patch by Richard Mitchell.
-* LP#1178485: removed some catch-all exception handlers.
-  Patch by Richard Mitchell.
-* LP#1209399: Removal of Python wrappers caused HMAC to silently
-  produce the wrong data with SHA-2 algorithms.
-* LP#1279231: remove dead code that does nothing in SHA-2 hashes.
-  Patch by Richard Mitchell.
-* LP#1327081: AESNI code accesses memory beyond buffer end.
-* Stricter checks on ciphertext and plaintext size for textbook RSA
-  (kudos to sharego).
-
-Breaks in compatibility
------------------------
-
-* Removed support for Python < 2.4.
-* Removed the following methods from all 3 public key object types (RSA, DSA, ElGamal):
-
-  - ``sign``
-  - ``verify``
-  - ``encrypt``
-  - ``decrypt``
-  - ``blind``
-  - ``unblind``
-
-  Code that uses such methods is doomed anyway. It should be fixed ASAP to
-  use the algorithms available in ``Crypto.Signature`` and ``Crypto.Cipher``.
-* The 3 public key object types (RSA, DSA, ElGamal) are now unpickable.
-* Symmetric ciphers do not have a default mode anymore (used to be ECB).
-  An expression like ``AES.new(key)`` will now fail. If ECB is the desired mode,
-  one has to explicitly use ``AES.new(key, AES.MODE_ECB)``.
-* Unsuccessful verification of a signature will now raise an exception [reverted in 3.2].
-* Removed the ``Crypto.Random.OSRNG`` package.
-* Removed the ``Crypto.Util.winrandom`` module.
-* Removed the ``Crypto.Random.randpool`` module.
-* Removed the ``Crypto.Cipher.XOR`` module.
-* Removed the ``Crypto.Protocol.AllOrNothing`` module.
-* Removed the ``Crypto.Protocol.Chaffing`` module.
-* Removed the parameters ``disabled_shortcut`` and ``overflow`` from ``Crypto.Util.Counter.new``.
-
-Other changes
--------------
-
-* ``Crypto.Random`` stops being a userspace CSPRNG. It is now a pure wrapper over ``os.urandom``.
-* Added certain resistance against side-channel attacks for GHASH (GCM) and DSA.
-* More test vectors for ``HMAC-RIPEMD-160``.
-* Update ``libtomcrypt`` headers and code to v1.17 (kudos to Richard Mitchell).
-* RSA and DSA keys are checked for consistency as they are imported.
-* Simplified build process by removing autoconf.
-* Speed optimization to PBKDF2.
-* Add support for MSVC.
-* Replaced HMAC code with a BSD implementation. Clarified that starting from the fork,
-  all contributions are released under the BSD license.

tls/pycryptoMod/FuturePlans.rst

@@ -1,29 +0,0 @@
-Future releases will include:
-
-- Update `Crypto.Signature.DSS` to FIPS 186-4
-- Make all hash objects non-copyable and immutable after the first digest
-- Add alias 'segment_bits' to parameter 'segment_size' for CFB
-- Coverage testing
-- Implement AES with bitslicing
-- Add unit tests for PEM I/O
-- Move old ciphers into a Museum submodule
-- Add more ECC curves
-- Import/export of ECC keys with compressed points
-- Add algorithms:
-    - Elliptic Curves (ECIES, ECDH)
-    - Camellia, GOST
-    - Diffie-Hellman
-    - bcrypt
-    - argon2
-    - SRP
-- Add more key management:
-    - Export/import of DSA domain parameters
-    - JWK
-- Add support for CMS/PKCS#7
-- Add support for RNG backed by PKCS#11 and/or KMIP
-- Add support for Format-Preserving Encryption
-- Remove dependency on libtomcrypto headers
-- Speed up (T)DES with a bitsliced implementation
-- Run lint on the C code
-- Add (minimal) support for PGP
-- Add (minimal) support for PKIX / X.509

tls/pycryptoMod/INSTALL.rst

@@ -1,281 +0,0 @@
-Installation
-------------
-
-The installation procedure depends on the package you want the library to be in.
-PyCryptodome can be used as:
-
- #. **an almost drop-in replacement for the old PyCrypto library**.
-    You install it with::
-
-        pip install pycryptodome
-   
-    In this case, all modules are installed under the ``Crypto`` package.
-    You can test everything is right with::
-		
-         python -m Crypto.SelfTest
-   
-    One must avoid having both PyCrypto and PyCryptodome installed
-    at the same time, as they will interfere with each other.
-
-    This option is therefore recommended only when you are sure that
-    the whole application is deployed in a ``virtualenv``.
-
- #. **a library independent of the old PyCrypto**.
-    You install it with::
-
-        pip install pycryptodomex
-   
-    You can test everything is right with::
-		
-        python -m Cryptodome.SelfTest
-  
-    In this case, all modules are installed under the ``Cryptodome`` package.
-    PyCrypto and PyCryptodome can coexist.
-
-The procedures below go a bit more in detail, by explaining
-how to setup the environment for compiling the C extensions
-for each OS, and how to install the GMP library.
-
-Compiling in Linux Ubuntu
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. note::
-    If you want to install under the ``Crypto`` package, replace
-    below ``pycryptodomex`` with ``pycryptodome``.
-
-For Python 2.x::
-
-        $ sudo apt-get install build-essential python-dev
-        $ pip install pycryptodomex
-        $ python -m Cryptodome.SelfTest
-
-For Python 3.x::
-
-        $ sudo apt-get install build-essential python3-dev
-        $ pip install pycryptodomex
-        $ python3 -m Cryptodome.SelfTest
-
-For PyPy::
-
-        $ sudo apt-get install build-essential pypy-dev
-        $ pip install pycryptodomex
-        $ pypy -m Cryptodome.SelfTest
-
-Compiling in Linux Fedora
-~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. note::
-    If you want to install under the ``Crypto`` package, replace
-    below ``pycryptodomex`` with ``pycryptodome``.
-
-For Python 2.x::
-
-        $ sudo yum install gcc gmp python-devel
-        $ pip install pycryptodomex
-        $ python -m Cryptodome.SelfTest
-
-For Python 3.x::
-
-        $ sudo yum install gcc gmp python3-devel
-        $ pip install pycryptodomex
-        $ python3 -m Cryptodome.SelfTest
-
-For PyPy::
-
-        $ sudo yum install gcc gmp pypy-devel
-        $ pip install pycryptodomex
-        $ pypy -m Cryptodome.SelfTest
-
-
-Windows (from sources, Python 2.x, Python <=3.2)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. note::
-    If you want to install under the ``Crypto`` package, replace
-    below ``pycryptodomex`` with ``pycryptodome``.
-
-Windows does not come with a C compiler like most Unix systems.
-The simplest way to compile the *Pycryptodome* extensions from
-source code is to install the minimum set of Visual Studio
-components freely made available by Microsoft.
-
-#. Run Python from the command line and note down its version
-   and whether it is a 32 bit or a 64 bit application.
-
-   For instance, if you see::
-
-        Python 2.7.2+ ... [MSC v.1500 32 bit (Intel)] on win32
-
-   you clearly have Python 2.7 and it is a 32 bit application.
-
-#. **[Only once]** Install `Virtual Clone Drive`_.
-
-#. **[Only once]** Download the ISO image of the
-   `MS SDK for Windows 7 and . NET Framework 3.5 SP1 <http://www.microsoft.com/en-us/download/details.aspx?id=18950>`_.
-   It contains the Visual C++ 2008 compiler.
-   
-   There are three ISO images available: you will need ``GRMSDK_EN_DVD.iso`` if your
-   Windows OS is 32 bits or ``GRMSDKX_EN_DVD.iso`` if 64 bits.
-
-   Mount the ISO with *Virtual Clone Drive* and install the C/C++ compilers and the
-   redistributable only.
-
-#. If your Python is a 64 bit application, open a command prompt and perform the following steps::
-
-        > cd "C:\Program Files\Microsoft SDKs\Windows\v7.0"
-        > cmd /V:ON /K Bin\SetEnv.Cmd /x64 /release
-        > set DISTUTILS_USE_SDK=1
-   
-   Replace ``/x64`` with ``/x86`` if your Python is a 32 bit application.
-
-#. Compile and install PyCryptodome::
-
-        > pip install pycryptodomex --no-use-wheel
-
-#. To make sure everything work fine, run the test suite::
-
-        > python -m Cryptodome.SelfTest
-
-Windows (from sources, Python 3.3 and 3.4)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. note::
-    If you want to install under the ``Crypto`` package, replace
-    below ``pycryptodomex`` with ``pycryptodome``.
-
-Windows does not come with a C compiler like most Unix systems.
-The simplest way to compile the *Pycryptodome* extensions from
-source code is to install the minimum set of Visual Studio
-components freely made available by Microsoft.
-
-#. Run Python from the command line and note down its version
-   and whether it is a 32 bit or a 64 bit application.
-
-   For instance, if you see::
-
-        Python 2.7.2+ ... [MSC v.1500 32 bit (Intel)] on win32
-
-   you clearly have Python 2.7 and it is a 32 bit application.
-
-#. **[Only once]** Install `Virtual Clone Drive <https://www.redfox.bz/virtual-clonedrive.html>`_.
-
-#. **[Only once]** Download the ISO image of the
-   `MS SDK for Windows 7 and . NET Framework 4 <https://www.microsoft.com/en-us/download/details.aspx?id=8442>`_.
-   It contains the Visual C++ 2010 compiler.
-   
-   There are three ISO images available: you will need ``GRMSDK_EN_DVD.iso`` if your
-   Windows OS is 32 bits or ``GRMSDKX_EN_DVD.iso`` if 64 bits.
-
-   Mount the ISO with *Virtual Clone Drive* and install the C/C++ compilers and the
-   redistributable only.
-
-#. If your Python is a 64 bit application, open a command prompt and perform the following steps::
-
-        > cd "C:\Program Files\Microsoft SDKs\Windows\v7.1"
-        > cmd /V:ON /K Bin\SetEnv.Cmd /x64 /release
-        > set DISTUTILS_USE_SDK=1
-   
-   Replace ``/x64`` with ``/x86`` if your Python is a 32 bit application.
-
-#. Compile and install PyCryptodome::
-
-        > pip install pycryptodomex --no-use-wheel
-
-#. To make sure everything work fine, run the test suite::
-
-        > python -m Cryptodome.SelfTest
-
-Windows (from sources, Python 3.5 and newer)
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. note::
-    If you want to install under the ``Crypto`` package, replace
-    below ``pycryptodomex`` with ``pycryptodome``.
-
-Windows does not come with a C compiler like most Unix systems.
-The simplest way to compile the *PyCryptodome* extensions from
-source code is to install the minimum set of Visual Studio
-components freely made available by Microsoft.
-
-#. **[Once only]** Download `Build Tools for Visual Studio 2019 <https://visualstudio.microsoft.com/downloads/#build-tools-for-visual-studio-2019>`_.
-   In the installer, select the *C++ build tools*, the *Windows 10 SDK*, and the latest version of *MSVC v142 x64/x86 build tools*.
-
-#. Compile and install PyCryptodome::
-
-        > pip install pycryptodomex --no-binary :all:
-
-#. To make sure everything work fine, run the test suite::
-
-        > python -m Cryptodome.SelfTest
-
-Documentation
-~~~~~~~~~~~~~
-
-Project documentation is written in reStructuredText and it is stored under ``Doc/src``.
-To publish it as HTML files, you need to install `sphinx <http://www.sphinx-doc.org/en/stable/>`_ and
-use::
-
-    > make -C Doc/ html
-
-It will then be available under ``Doc/_build/html/``.
-
-PGP verification
-~~~~~~~~~~~~~~~~
-
-All source packages and wheels on PyPI are cryptographically signed.
-They can be verified with the following PGP key::
-
- -----BEGIN PGP PUBLIC KEY BLOCK-----
- 
- mQINBFTXjPgBEADc3j7vnma9MXRshBPPXXenVpthQD6lrF/3XaBT2RptSf/viOD+
- tz85du5XVp+r0SYYGeMNJCQ9NsztxblN/lnKgkfWRmSrB+V6QGS+e3bR5d9OIxzN
- 7haPxBnyRj//hCT/kKis6fa7N9wtwKBBjbaSX+9vpt7Rrt203sKfcChA4iR3EG89
- TNQoc/kGGmwk/gyjfU38726v0NOhMKJp2154iQQVZ76hTDk6GkOYHTcPxdkAj4jS
- Dd74M9sOtoOlyDLHOLcWNnlWGgZjtz0z0qSyFXRSuOfggTxrepWQgKWXXzgVB4Jo
- 0bhmXPAV8vkX5BoG6zGkYb47NGGvknax6jCvFYTCp1sOmVtf5UTVKPplFm077tQg
- 0KZNAvEQrdWRIiQ1cCGCoF2Alex3VmVdefHOhNmyY7xAlzpP0c8z1DsgZgMnytNn
- GPusWeqQVijRxenl+lyhbkb9ZLDq7mOkCRXSze9J2+5aLTJbJu3+Wx6BEyNIHP/f
- K3E77nXvC0oKaYTbTwEQSBAggAXP+7oQaA0ea2SLO176xJdNfC5lkQEtMMSZI4gN
- iSqjUxXW2N5qEHHex1atmTtk4W9tQEw030a0UCxzDJMhD0aWFKq7wOxoCQ1q821R
- vxBH4cfGWdL/1FUcuCMSUlc6fhTM9pvMXgjdEXcoiLSTdaHuVLuqmF/E0wARAQAB
- tB9MZWdyYW5kaW4gPGhlbGRlcmlqc0BnbWFpbC5jb20+iQI4BBMBAgAiBQJU14z4
- AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDabO+N4RaZEn7IEACpApha
- vRwPB+Dv87aEyVmjZ96Nb3mxHdeP2uSmUxAODzoB5oJJ1QL6HRxEVlU8idjdf73H
- DX39ZC7izD+oYIve9sNwTbKqJCZaTxlTDdgSF1N57eJOlELAy+SqpHtaMJPk7SfJ
- l/iYoUYxByPLZU1wDwZEDNzt9RCGy3bd/vF/AxWjdUJJPh3E4j5hswvIGSf8/Tp3
- MDROU1BaNBOd0CLvBHok8/xavwO6Dk/fE4hJhd5uZcEPtd1GJcPq51z2yr7PGUcb
- oERsKZyG8cgfd7j8qoTd6jMIW6fBVHdxiMxW6/Z45X/vVciQSzzEl/yjPUW42kyr
- Ib6M16YmnDzp8bl4NNFvvR9uWvOdUkep2Bi8s8kBMJ7G9rHHJcdVy/tP1ECS9Bse
- hN4v5oJJ4v5mM/MiWRGKykZULWklonpiq6CewYkmXQDMRnjGXhjCWrB6LuSIkIXd
- gKvDNpJ8yEhAfmpvA4I3laMoof/tSZ7ZuyLSZGLKl6hoNIB13HCn4dnjNBeaXCWX
- pThgeOWxV6u1fhz4CeC1Hc8WOYr8S7G8P10Ji6owOcj/a1QuCW8XDB2omCTXlhFj
- zpC9dX8HgmUVnbPNiMjphihbKXoOcunRx4ZvqIa8mnTbI4tHtR0K0tI4MmbpcVOZ
- 8IFJ0nZJXuZiL57ijLREisPYmHfBHAgmh1j/W7kCDQRU14z4ARAA3QATRgvOSYFh
- nJOnIz6PO3G9kXWjJ8wvp3yE1/PwwTc3NbVUSNCW14xgM2Ryhn9NVh8iEGtPGmUP
- 4vu7rvuLC2rBs1joBTyqf0mDghlZrb5ZjXv5LcG9SA6FdAXRU6T+b1G2ychKkhEh
- d/ulLw/TKLds9zHhE+hkAagLQ5jqjcQN0iX5EYaOukiPUGmnd9fOEGi9YMYtRdrH
- +3bZxUpsRStLBWJ6auY7Bla8NJOhaWpr5p/ls+mnDWoqf+tXCCps1Da/pfHKYDFc
- 2VVdyM/VfNny9eaczYpnj5hvIAACWChgGDBwxPh2DGdUfiQi/QqrK96+F7ulqz6V
- 2exX4CL0cPv5fUpQqSU/0R5WApM9bl2+wljFhoCXlydU9HNn+0GatGzEoo3yrV/m
- PXv7d6NdZxyOqgxu/ai/z++F2pWUXSBxZN3Gv28boFKQhmtthTcFudNUtQOchhn8
- Pf/ipVISqrsZorTx9Qx4fPScEWjwbh84Uz20bx0sQs1oYcek2YG5RhEdzqJ6W78R
- S/dbzlNYMXGdkxB6C63m8oiGvw0hdN/iGVqpNAoldFmjnFqSgKpyPwfLmmdstJ6f
- xFZdGPnKexCpHbKr9fg50jZRenIGai79qPIiEtCZHIdpeemSrc7TKRPV3H2aMNfG
- L5HTqcyaM2+QrMtHPMoOFzcjkigLimMAEQEAAYkCHwQYAQIACQUCVNeM+AIbDAAK
- CRDabO+N4RaZEo7lD/45J6z2wbL8aIudGEL0aY3hfmW3qrUyoHgaw35KsOY9vZwb
- cZuJe0RlYptOreH/NrbR5SXODfhd2sxYyyvXBOuZh9i7OOBsrAd5UE01GCvToPwh
- 7IpMV3GSSAB4P8XyJh20tZqiZOYKhmbf29gUDzqAI6GzUa0U8xidUKpW2zqYGZjp
- wk3RI1fS7tyi/0N8B9tIZF48kbvpFDAjF8w7NSCrgRquAL7zJZIG5o5zXJM/ffF3
- 67Dnz278MbifdM/HJ+Tj0R0Uvvki9Z61nT653SoUgvILQyC72XI+x0+3GQwsE38a
- 5aJNZ1NBD3/v+gERQxRfhM5iLFLXK0Xe4K2XFM1g0yN4L4bQPbhSCq88g9Dhmygk
- XPbBsrK0NKPVnyGyUXM0VpgRbot11hxx02jC3HxS1nlLF+oQdkKFzJAMOU7UbpX/
- oO+286J1FmpG+fihIbvp1Quq48immtnzTeLZbYCsG4mrM+ySYd0Er0G8TBdAOTiN
- 3zMbGX0QOO2fOsJ1d980cVjHn5CbAo8C0A/4/R2cXAfpacbvTiNq5BVk9NKa2dNb
- kmnTStP2qILWmm5ASXlWhOjWNmptvsUcK+8T+uQboLioEv19Ob4j5Irs/OpOuP0K
- v4woCi9+03HMS42qGSe/igClFO3+gUMZg9PJnTJhuaTbytXhUBgBRUPsS+lQAQ==
- =DpoI
- -----END PGP PUBLIC KEY BLOCK-----
-
-.. _pypi: https://pypi.python.org/pypi/pycryptodome
-.. _get-pip.py: https://bootstrap.pypa.io/get-pip.py
-.. _GMP: http://gmplib.org

tls/pycryptoMod/LICENSE.rst

@@ -1,274 +0,0 @@
-The source code in PyCryptodome is partially in the public domain
-and partially released under the BSD 2-Clause license.
-
-In either case, there are minimal if no restrictions on the redistribution,
-modification and usage of the software.
-
-Public domain
-=============
-
-All code originating from  PyCrypto is free and unencumbered software
-released into the public domain.
-
-Anyone is free to copy, modify, publish, use, compile, sell, or
-distribute this software, either in source code form or as a compiled
-binary, for any purpose, commercial or non-commercial, and by any
-means.
-
-In jurisdictions that recognize copyright laws, the author or authors
-of this software dedicate any and all copyright interest in the
-software to the public domain. We make this dedication for the benefit
-of the public at large and to the detriment of our heirs and
-successors. We intend this dedication to be an overt act of
-relinquishment in perpetuity of all present and future rights to this
-software under copyright law.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
-OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-OTHER DEALINGS IN THE SOFTWARE.
-
-For more information, please refer to <http://unlicense.org>
-
-BSD license
-===========
-
-All direct contributions to PyCryptodome are released under the following
-license. The copyright of each piece belongs to the respective author.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice,
-   this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright notice,
-   this list of conditions and the following disclaimer in the documentation
-   and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-OCB license
-===========
-
-The OCB cipher mode is patented in the US under patent numbers 7,949,129 and 
-8,321,675. The directory Doc/ocb contains three free licenses for implementors 
-and users. As a general statement, OCB can be freely used for software not meant 
-for military purposes. Contact your attorney for further information.
-
-Apache 2.0 license (Wycheproof)
-===============================
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.

tls/pycryptoMod/MANIFEST.in

@@ -1,12 +0,0 @@
-include MANIFEST.in
-include *.rst
-include .separate_namespace
-include setup.py pct-speedtest.py compiler_opt.py setup.cfg
-graft Doc
-prune Doc/_build
-include appveyor.yml appveyor/get_wheels.sh appveyor/install.ps1 appveyor/run_with_env.cmd
-include .travis.yml travis/*.sh
-recursive-include src *.h *.c
-graft src/test
-recursive-exclude src *.pyc
-prune src/test/build

tls/pycryptoMod/README.rst

@@ -1,75 +0,0 @@
-.. image:: https://travis-ci.org/Legrandin/pycryptodome.svg?branch=master
-   :target: https://travis-ci.org/Legrandin/pycryptodome
-
-.. image:: https://ci.appveyor.com/api/projects/status/mbxyqdodw9ylfib9/branch/master?svg=true
-   :target: https://ci.appveyor.com/project/Legrandin/pycryptodome
-
-PyCryptodome
-============
-
-PyCryptodome is a self-contained Python package of low-level
-cryptographic primitives.
-
-It supports Python 2.6 and 2.7, Python 3.4 and newer, and PyPy.
-
-The installation procedure depends on the package you want the library to be in.
-PyCryptodome can be used as:
-
-#. **an almost drop-in replacement for the old PyCrypto library**.
-   You install it with::
-
-       pip install pycryptodome
-   
-   In this case, all modules are installed under the ``Crypto`` package.
-    
-   One must avoid having both PyCrypto and PyCryptodome installed
-   at the same time, as they will interfere with each other.
-
-   This option is therefore recommended only when you are sure that
-   the whole application is deployed in a ``virtualenv``.
-
-#. **a library independent of the old PyCrypto**.
-   You install it with::
-
-       pip install pycryptodomex
-   
-   In this case, all modules are installed under the ``Cryptodome`` package.
-   PyCrypto and PyCryptodome can coexist.
-
-For faster public key operations in Unix, you should install `GMP`_ in your system.
-
-PyCryptodome is a fork of PyCrypto. It brings the following enhancements
-with respect to the last official version of PyCrypto (2.6.1):
-
-* Authenticated encryption modes (GCM, CCM, EAX, SIV, OCB)
-* Accelerated AES on Intel platforms via AES-NI
-* First class support for PyPy
-* Elliptic curves cryptography (NIST P-256, P-384 and P-521 curves only)
-* Better and more compact API (`nonce` and `iv` attributes for ciphers,
-  automatic generation of random nonces and IVs, simplified CTR cipher mode,
-  and more)
-* SHA-3 (including SHAKE XOFs), truncated SHA-512 and BLAKE2 hash algorithms
-* Salsa20 and ChaCha20/XChaCha20 stream ciphers
-* Poly1305 MAC
-* ChaCha20-Poly1305 and XChaCha20-Poly1305 authenticated ciphers
-* scrypt, bcrypt and HKDF derivation functions
-* Deterministic (EC)DSA
-* Password-protected PKCS#8 key containers
-* Shamir's Secret Sharing scheme
-* Random numbers get sourced directly from the OS (and not from a CSPRNG in userspace)
-* Simplified install process, including better support for Windows
-* Cleaner RSA and DSA key generation (largely based on FIPS 186-4)
-* Major clean ups and simplification of the code base
-
-PyCryptodome is not a wrapper to a separate C library like *OpenSSL*.
-To the largest possible extent, algorithms are implemented in pure Python.
-Only the pieces that are extremely critical to performance (e.g. block ciphers)
-are implemented as C extensions.
-
-For more information, see the `homepage`_.
-
-All the code can be downloaded from `GitHub`_.
-
-.. _`homepage`: https://www.pycryptodome.org
-.. _`GMP`: https://gmplib.org
-.. _GitHub: https://github.com/Legrandin/pycryptodome

tls/pycryptoMod/appveyor.yml

@@ -1,89 +0,0 @@
-environment:
-
-  global:
-    # SDK v7.0 MSVC Express 2008's SetEnv.cmd script will fail if the
-    # /E:ON and /V:ON options are not enabled in the batch script interpreter
-    # See: http://stackoverflow.com/a/13751649/163740
-    WITH_COMPILER: "cmd /E:ON /V:ON /C .\\appveyor\\run_with_env.cmd"
-
-  matrix:
-    - PYTHON: "C:\\Python27"
-      PYTHON_VERSION: "2.7.8"
-      PYTHON_ARCH: "32"
-
-    - PYTHON: "C:\\Python27-x64"
-      PYTHON_VERSION: "2.7.8"
-      PYTHON_ARCH: "64"
-      WINDOWS_SDK_VERSION: "v7.0"
-
-    - PYTHON: "C:\\Python35"
-      PYTHON_VERSION: "3.5.0"
-      PYTHON_ARCH: "32"
-
-    - PYTHON: "C:\\Python35-x64"
-      PYTHON_VERSION: "3.5.0"
-      PYTHON_ARCH: "64"
-
-    - PYTHON: "C:\\Python36"
-      PYTHON_VERSION: "3.6.0"
-      PYTHON_ARCH: "32"
-
-    - PYTHON: "C:\\Python36-x64"
-      PYTHON_VERSION: "3.6.0"
-      PYTHON_ARCH: "64"
-
-    - PYTHON: "C:\\Python37"
-      PYTHON_VERSION: "3.7.0"
-      PYTHON_ARCH: "32"
-
-    - PYTHON: "C:\\Python37-x64"
-      PYTHON_VERSION: "3.7.0"
-      PYTHON_ARCH: "64"
-
-    - PYTHON: "C:\\Python38"
-      PYTHON_VERSION: "3.8.0"
-      PYTHON_ARCH: "32"
-
-    - PYTHON: "C:\\Python38-x64"
-      PYTHON_VERSION: "3.8.0"
-      PYTHON_ARCH: "64"
-
-init:
-  - ECHO "%PYTHON% %PYTHON_VERSION% %PYTHON_ARCH%"
-
-  - ECHO "Filesystem root:"
-  - ps: "ls \"C:/\""
-
-  - ECHO "Installed SDKs:"
-  - ps: "ls \"C:/Program Files/Microsoft SDKs/Windows\""
-
-  # Prepend newly installed Python to the PATH of this build (this cannot be
-  # done from inside the powershell script as it would require to restart
-  # the parent CMD process).
-  - "SET PATH=%PYTHON%;%PYTHON%\\Scripts;%PATH%"
-
-  # Check that we have the expected version and architecture for Python
-  - "python --version"
-  - "python -c \"import struct; print(struct.calcsize('P') * 8)\""
-
-install:
-  - "powershell appveyor\\install.ps1"
-
-#build: off
-
-build_script:
-  - "%WITH_COMPILER% python setup.py build"
-
-test_script:
-  - "dir %PYTHON%"
-  - "%WITH_COMPILER% python setup.py test"
-
-after_test:
-  - "%WITH_COMPILER% python setup.py bdist_wheel"
-
-artifacts:
-  - path: dist\*
-
-#on_success:
-#  - TODO: upload the content of dist/*.whl to a public wheelhouse
-

tls/pycryptoMod/bench_monty.py

@@ -1,99 +0,0 @@
-#!/usr/bin/env python3
-
-import time
-from tls.Crypto.PublicKey import RSA
-from tls.Crypto.Math import Numbers
-from tls.Crypto.Math.Numbers import Integer
-from tls.Crypto.Util.number import long_to_bytes
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
-                                  create_string_buffer,
-                                  c_size_t)
-
-ITER = 100
-
-print(Numbers._implementation)
-
-rsa_pem="""-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA1maRsgBxvk1m1LcQMrN/oAfPq/V5/LkeUL/CdTs/DOe+dOIW
-rvfibUrhgLwg170+qIpsv2+HOA5hPIl5tbBDsgCo/4hWo7EodeNumKdWnzhS0Cjp
-Z1UQALAsGen6UugxFbiTCaq7Hhzx4stjadY31Gd1zkUj6jH2StJ5TLw2XdijXgB+
-07V2lYd/vxAtvrizISSROY5JQxTpNyaSbhOD+Ku1iJvqlU64wMocYsjp2D9BiICV
-xeZF7W0yUV/gxYwTaMrYRpThjaQ2aMb0PmHXybymM93Np671t5vDltSp9I4qmr4I
-NsxFXkNTBTVyKOk9JartRrlS3vrg9XM5vyb1qQIDAQABAoIBACzgr2KJAUYKQZoI
-75UNSYuf1vJxoaUqwpO4b+XGDv6Oi6k/oevh6z1hTS57Moy2CiWRRA4WNEGhkOzx
-Ac7sJF9gD//c8/WzoXp7rqy5akJNsdfsmF6OyZi7R5/s//7Wp1+akPyXBi/ZczA7
-zoVa17jYJyqUAl6FMr6aq9VKGD8wNTjSp+YhtBMdWegjpGJfOb19UY13hPfDqPGQ
-Ydp0l0/0L6HAY97C25fUYeKRp9bnIXCKUineFmwSRjYzcoVOJ/PwiuJ0vBa/0gWw
-KKTYE4ZJRDPVFt+7NfSVrLpeTh0YQ8s8MSm2ZCqF/HJEzlhF+sBxx/Yi5O4SrEP6
-vuqgzQECgYEA/E9vn6XKnJXX3hiy0XVsUQK+Ana2xn63TxmiMJtrrUjD5WCiy9kD
-eTU82igdg9JJGBWOd7mkSAWxVZT9MPaQ4/Vz6ggoZcPHZokmVP7qPePNmFXX6Jdz
-hQx8HD0QcwwaYbIJ91WdoAP/cEuu+o+WPKB0CDYWrv3Dx9eTircemlECgYEA2Yk2
-WXkOdD2KlnZgHNYp23F2XP6dF4Ny5n478thlJXdexRwRDSKCN/41jfC0FlPpZBcF
-7EFTo+p7lhyJVxPBWSOIhJArMe98bdWoo+6TBuAPLisu7+i+HVRaoyHf0x3t7ViG
-JqQOGjHN0G57cgSCrpaFwE2bAZ4dkA27M8Oy99kCgYEAw+HoB0nvwyGSNht2uKcx
-MLOwULlZrUEzj3WXNaV0M1QKwkoEGb6hs7hhRf1e7LiVht01fj3iDQheZNMGvryu
-QEyPcWJj+p3EcRaJa/N8aBAzzdDXjvwF84V91W6TFr6OvMo8colFlrWD2urnLh/L
-w8XOT5Guiqz5Em2LXmZMnAECgYEAuZ1Ksq2Il8arKhd3iyNyM7xssozOnfGbaPDt
-VhkutPlV8/ou0nZPhldyetqXzzVqP+0lMKHNLGA3c66Fwbcpk1Wudu5M7R7bnRxh
-+P7olUU5rrtKIYsGLSB89hVBVnKDQbH3RaFWJyO36dFbo74Vg8ML/To6uPahYvlU
-cqbZXoECgYAOybAyRS9vivcYoKywxtI0aU1HHibPrUl3izYLfDxfWgA0S6IGcBg1
-Sx6XG8GYbzkouGb30yjIpn7JB1147DH1oxf8wcHXbAsgNX4IC6rQ1Iwef9P4pORF
-icKO95pcPRhmfzuqfhEu/d/ZYjabao95baBHcrRxEbXZtjg88KVXKg==
------END RSA PRIVATE KEY-----
-"""
-
-c_defs = """
-int monty_pow(const uint8_t *base,
-               const uint8_t *exp,
-               const uint8_t *modulus,
-               uint8_t       *out,
-               size_t len,
-               uint64_t seed);
-"""
-
-_raw_montgomery = load_pycryptodome_raw_lib("Crypto.Math._montgomery", c_defs)
-
-key = RSA.import_key(rsa_pem)
-message = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-SIZE = key.size_in_bytes()
-
-# -----------------------------------------------------------------
-start = time.time()
-for x in range(ITER):
-	result_cpython = pow(message, key.d, key.n)
-end = time.time()
-print("CPython =", end-start)
-
-# -----------------------------------------------------------------
-base_b = long_to_bytes(message, SIZE)
-exp_b = long_to_bytes(key.d, SIZE)
-modulus_b = long_to_bytes(key.n, SIZE)
-out = create_string_buffer(SIZE)
-
-start = time.time()
-for _ in range(ITER):
-    _raw_montgomery.monty_pow(
-                base_b,
-                exp_b,
-                modulus_b,
-                out,
-                c_size_t(SIZE),
-                32
-                )
-end = time.time()
-my_time = end-start
-print("Custom modexp =", my_time)
-
-# -----------------------------------------------------------------
-mg = Integer(message)
-md = Integer(key.d)
-mn = Integer(key.n)
-start = time.time()
-for x in range(ITER):
-	result_gmp = pow(mg, md, mn)
-end = time.time()
-gmp_time = end - start
-print("GMP =", gmp_time)
-
-# -----------------------------------------------------------------
-print("%.2f%%" % float((my_time/gmp_time-1)*100), "slower")

tls/pycryptoMod/compiler_opt.py

@@ -1,423 +0,0 @@
-# ===================================================================
-#
-# Copyright (c) 2018, Helder Eijs <helderijs@gmail.com>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# ===================================================================
-
-
-import os
-import sys
-import struct
-import distutils
-from distutils import ccompiler
-from distutils.errors import CCompilerError
-
-
-def test_compilation(program, extra_cc_options=None, extra_libraries=None,
-                     msg=''):
-    """Test if a certain C program can be compiled."""
-
-    # Create a temporary file with the C program
-    if not os.path.exists("build"):
-        os.makedirs("build")
-    fname = os.path.join("build", "test1.c")
-    f = open(fname, 'w')
-    f.write(program)
-    f.close()
-
-    # Name for the temporary executable
-    oname = os.path.join("build", "test1.out")
-
-    debug = bool(os.environ.get('PYCRYPTODOME_DEBUG', None))
-    # Mute the compiler and the linker
-    if msg:
-        print("Testing support for %s" % msg)
-    if not (debug or os.name == 'nt'):
-        old_stdout = os.dup(sys.stdout.fileno())
-        old_stderr = os.dup(sys.stderr.fileno())
-        dev_null = open(os.devnull, "w")
-        os.dup2(dev_null.fileno(), sys.stdout.fileno())
-        os.dup2(dev_null.fileno(), sys.stderr.fileno())
-
-    objects = []
-    try:
-        compiler = ccompiler.new_compiler()
-        distutils.sysconfig.customize_compiler(compiler)
-
-        if compiler.compiler_type in ['msvc']:
-            # Force creation of the manifest file (http://bugs.python.org/issue16296)
-            # as needed by VS2010
-            extra_linker_options = ["/MANIFEST"]
-        else:
-            extra_linker_options = []
-
-        # In Unix, force the linker step to use CFLAGS and not CC alone (see GH#180)
-        if compiler.compiler_type in ['unix']:
-            compiler.set_executables(linker_exe=compiler.compiler)
-
-        objects = compiler.compile([fname], extra_postargs=extra_cc_options)
-        compiler.link_executable(objects, oname, libraries=extra_libraries,
-                                 extra_preargs=extra_linker_options)
-        result = True
-    except (CCompilerError, OSError):
-        result = False
-    for f in objects + [fname, oname]:
-        try:
-            os.remove(f)
-        except OSError:
-            pass
-
-    # Restore stdout and stderr
-    if not (debug or os.name == 'nt'):
-        if old_stdout is not None:
-            os.dup2(old_stdout, sys.stdout.fileno())
-        if old_stderr is not None:
-            os.dup2(old_stderr, sys.stderr.fileno())
-        if dev_null is not None:
-            dev_null.close()
-    if msg:
-        if result:
-            x = ""
-        else:
-            x = " not"
-        print("Target does%s support %s" % (x, msg))
-
-    return result
-
-
-def has_stdint_h():
-    source = """
-    #include <stdint.h>
-    int main(void) {
-        uint32_t u;
-        u = 0;
-        return u + 2;
-    }
-    """
-    return test_compilation(source, msg="stdint.h header")
-
-
-def compiler_supports_uint128():
-    source = """
-    int main(void)
-    {
-        __uint128_t x;
-        return 0;
-    }
-    """
-    return test_compilation(source, msg="128-bit integer")
-
-
-def compiler_has_intrin_h():
-    # Windows
-    source = """
-    #include <intrin.h>
-    int main(void)
-    {
-        int a, b[4];
-        __cpuid(b, a);
-        return 0;
-    }
-    """
-    return test_compilation(source, msg="intrin.h header")
-
-
-def compiler_has_cpuid_h():
-    # UNIX
-    source = """
-    #include <cpuid.h>
-    int main(void)
-    {
-        unsigned int eax, ebx, ecx, edx;
-        __get_cpuid(1, &eax, &ebx, &ecx, &edx);
-        return 0;
-    }
-    """
-    return test_compilation(source, msg="cpuid.h header")
-
-
-def compiler_supports_aesni():
-    source = """
-    #include <wmmintrin.h>
-    __m128i f(__m128i x, __m128i y) {
-        return _mm_aesenc_si128(x, y);
-    }
-    int main(void) {
-        return 0;
-    }
-    """
-
-    if test_compilation(source):
-        return {'extra_cc_options': [], 'extra_macros': []}
-
-    if test_compilation(source, extra_cc_options=['-maes'], msg='AESNI intrinsics'):
-        return {'extra_cc_options': ['-maes'], 'extra_macros': []}
-
-    return False
-
-
-def compiler_supports_clmul():
-    result = {'extra_cc_options': [], 'extra_macros' : ['HAVE_WMMINTRIN_H', 'HAVE_TMMINTRIN_H']}
-
-    source = """
-    #include <wmmintrin.h>
-    #include <tmmintrin.h>
-
-    __m128i f(__m128i x, __m128i y) {
-        return _mm_clmulepi64_si128(x, y, 0x00);
-    }
-
-    __m128i g(__m128i a) {
-        __m128i mask;
-
-        mask = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15);
-        return _mm_shuffle_epi8(a, mask);
-    }
-
-    int main(void) {
-        return 0;
-    }
-    """
-
-    if test_compilation(source):
-        return result
-
-    if test_compilation(source, extra_cc_options=['-mpclmul', '-mssse3'], msg='CLMUL intrinsics'):
-        result['extra_cc_options'].extend(['-mpclmul', '-mssse3'])
-        return result
-
-    return False
-
-
-def compiler_has_posix_memalign():
-    source = """
-    #include <stdlib.h>
-    int main(void) {
-        void *new_mem;
-        int res;
-        res = posix_memalign((void**)&new_mem, 16, 101);
-        return res == 0;
-    }
-    """
-    return test_compilation(source, msg="posix_memalign")
-
-
-def compiler_has_memalign():
-    source = """
-    #include <malloc.h>
-    int main(void) {
-        void *p;
-        p = memalign(16, 101);
-        return p != (void*)0;
-    }
-    """
-    return test_compilation(source, msg="memalign")
-
-
-def compiler_is_clang():
-    source = """
-    #if !defined(__clang__)
-    #error Not clang
-    #endif
-    int main(void)
-    {
-        return 0;
-    }
-    """
-    return test_compilation(source, msg="clang")
-
-
-def compiler_is_gcc():
-    source = """
-    #if defined(__clang__) || !defined(__GNUC__)
-    #error Not GCC
-    #endif
-    int main(void)
-    {
-        return 0;
-    }"""
-    return test_compilation(source, msg="gcc")
-
-
-def support_gcc_realign():
-    source = """
-    void __attribute__((force_align_arg_pointer)) a(void) {}
-    int main(void) { return 0; }
-    """
-    return test_compilation(source, msg="gcc")
-
-
-def compiler_supports_sse2():
-    source = """
-    #include <intrin.h>
-    int main(void)
-    {
-        __m128i r0;
-        int mask;
-        r0 = _mm_set1_epi32(0);
-        mask = _mm_movemask_epi8(r0);
-        return mask;
-    }
-    """
-    if test_compilation(source, msg="SSE2(intrin.h)"):
-        return {'extra_cc_options': [], 'extra_macros': ['HAVE_INTRIN_H', 'USE_SSE2']}
-
-    source = """
-    #include <x86intrin.h>
-    int main(void)
-    {
-        __m128i r0;
-        int mask;
-        r0 = _mm_set1_epi32(0);
-        mask = _mm_movemask_epi8(r0);
-        return mask;
-    }
-    """
-    if test_compilation(source, extra_cc_options=['-msse2'], msg="SSE2(x86intrin.h)"):
-        return {'extra_cc_options': ['-msse2'], 'extra_macros': ['HAVE_X86INTRIN_H', 'USE_SSE2']}
-
-    source = """
-    #include <xmmintrin.h>
-    #include <emmintrin.h>
-    int main(void)
-    {
-        __m128i r0;
-        int mask;
-        r0 = _mm_set1_epi32(0);
-        mask = _mm_movemask_epi8(r0);
-        return mask;
-    }
-    """
-    if test_compilation(source, extra_cc_options=['-msse2'], msg="SSE2(emmintrin.h)"):
-        return {'extra_cc_options': ['-msse2'], 'extra_macros': ['HAVE_EMMINTRIN_H', 'USE_SSE2']}
-
-    return False
-
-
-def remove_extension(extensions, name):
-    idxs = [i for i, x in enumerate(extensions) if x.name == name]
-    if len(idxs) != 1:
-        raise ValueError("There is no or there are multiple extensions named '%s'" % name)
-    del extensions[idxs[0]]
-
-
-def set_compiler_options(package_root, extensions):
-    """Environment specific settings for extension modules.
-
-    This function modifies how each module gets compiled, to
-    match the capabilities of the platform.
-    Also, it removes existing modules when not supported, such as:
-      - AESNI
-      - CLMUL
-    """
-
-    extra_cc_options = []
-    extra_macros = []
-
-    clang = compiler_is_clang()
-    gcc = compiler_is_gcc()
-
-    if has_stdint_h():
-        extra_macros.append(("HAVE_STDINT_H", None))
-
-    # Endianess
-    extra_macros.append(("PYCRYPTO_" + sys.byteorder.upper() + "_ENDIAN", None))
-
-    # System
-    system_bits = 8 * struct.calcsize("P")
-    extra_macros.append(("SYS_BITS", str(system_bits)))
-
-    # Disable any assembly in libtomcrypt files
-    extra_macros.append(("LTC_NO_ASM", None))
-
-    # Native 128-bit integer
-    if compiler_supports_uint128():
-        extra_macros.append(("HAVE_UINT128", None))
-
-    # Auto-detecting CPU features
-    cpuid_h_present = compiler_has_cpuid_h()
-    if cpuid_h_present:
-        extra_macros.append(("HAVE_CPUID_H", None))
-    intrin_h_present = compiler_has_intrin_h()
-    if intrin_h_present:
-        extra_macros.append(("HAVE_INTRIN_H", None))
-
-    # Platform-specific call for getting a block of aligned memory
-    if compiler_has_posix_memalign():
-        extra_macros.append(("HAVE_POSIX_MEMALIGN", None))
-    elif compiler_has_memalign():
-        extra_macros.append(("HAVE_MEMALIGN", None))
-
-    # SSE2
-    sse2_result = compiler_supports_sse2()
-    if sse2_result:
-        extra_cc_options.extend(sse2_result['extra_cc_options'])
-        for macro in sse2_result['extra_macros']:
-            extra_macros.append((macro, None))
-
-    # Compiler specific settings
-    if gcc:
-        # On 32-bit x86 platforms, gcc assumes the stack to be aligned to 16
-        # bytes, but the caller may actually only align it to 4 bytes, which
-        # make functions crash if they use SSE2 intrinsics.
-        # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=40838
-        if system_bits == 32 and support_gcc_realign():
-            extra_macros.append(("GCC_REALIGN", None))
-
-    # Module-specific options
-
-    # AESNI
-    aesni_result = (cpuid_h_present or intrin_h_present) and compiler_supports_aesni()
-    aesni_mod_name = package_root + ".Cipher._raw_aesni"
-    if aesni_result:
-        print("Compiling support for AESNI instructions")
-        aes_mods = [x for x in extensions if x.name == aesni_mod_name]
-        for x in aes_mods:
-            x.extra_compile_args.extend(aesni_result['extra_cc_options'])
-            for macro in aesni_result['extra_macros']:
-                x.define_macros.append((macro, None))
-    else:
-        print("Warning: compiler does not support AESNI instructions")
-        remove_extension(extensions, aesni_mod_name)
-
-    # CLMUL
-    clmul_result = (cpuid_h_present or intrin_h_present) and compiler_supports_clmul()
-    clmul_mod_name = package_root + ".Hash._ghash_clmul"
-    if clmul_result:
-        print("Compiling support for CLMUL instructions")
-        clmul_mods = [x for x in extensions if x.name == clmul_mod_name]
-        for x in clmul_mods:
-            x.extra_compile_args.extend(clmul_result['extra_cc_options'])
-            for macro in clmul_result['extra_macros']:
-                x.define_macros.append((macro, None))
-    else:
-        print("Warning: compiler does not support CLMUL instructions")
-        remove_extension(extensions, clmul_mod_name)
-
-    for x in extensions:
-        x.extra_compile_args.extend(extra_cc_options)
-        x.define_macros.extend(extra_macros)

tls/pycryptoMod/lib/Crypto/Cipher/AES.py

@@ -1,250 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-#  Cipher/AES.py : AES
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain.  To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-"""
-Module's constants for the modes of operation supported with AES:
-
-:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>`
-:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>`
-:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>`
-:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>`
-:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>`
-:var MODE_OPENPGP:  :ref:`OpenPGP Mode <openpgp_mode>`
-:var MODE_CCM: :ref:`Counter with CBC-MAC (CCM) Mode <ccm_mode>`
-:var MODE_EAX: :ref:`EAX Mode <eax_mode>`
-:var MODE_GCM: :ref:`Galois Counter Mode (GCM) <gcm_mode>`
-:var MODE_SIV: :ref:`Syntethic Initialization Vector (SIV) <siv_mode>`
-:var MODE_OCB: :ref:`Offset Code Book (OCB) <ocb_mode>`
-"""
-
-import sys
-
-from tls.Crypto.Cipher import _create_cipher
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
-                                  VoidPointer, SmartPointer,
-                                  c_size_t, c_uint8_ptr)
-
-from tls.Crypto.Util import _cpu_features
-from tls.Crypto.Random import get_random_bytes
-
-
-_cproto = """
-        int AES_start_operation(const uint8_t key[],
-                                size_t key_len,
-                                void **pResult);
-        int AES_encrypt(const void *state,
-                        const uint8_t *in,
-                        uint8_t *out,
-                        size_t data_len);
-        int AES_decrypt(const void *state,
-                        const uint8_t *in,
-                        uint8_t *out,
-                        size_t data_len);
-        int AES_stop_operation(void *state);
-        """
-
-
-# Load portable AES
-_raw_aes_lib = load_pycryptodome_raw_lib("Crypto.Cipher._raw_aes",
-                                         _cproto)
-
-# Try to load AES with AES NI instructions
-try:
-    _raw_aesni_lib = None
-    if _cpu_features.have_aes_ni():
-        _raw_aesni_lib = load_pycryptodome_raw_lib("Crypto.Cipher._raw_aesni",
-                                                   _cproto.replace("AES",
-                                                                   "AESNI"))
-# _raw_aesni may not have been compiled in
-except OSError:
-    pass
-
-
-def _create_base_cipher(dict_parameters):
-    """This method instantiates and returns a handle to a low-level
-    base cipher. It will absorb named parameters in the process."""
-
-    use_aesni = dict_parameters.pop("use_aesni", True)
-
-    try:
-        key = dict_parameters.pop("key")
-    except KeyError:
-        raise TypeError("Missing 'key' parameter")
-
-    if len(key) not in key_size:
-        raise ValueError("Incorrect AES key length (%d bytes)" % len(key))
-
-    if use_aesni and _raw_aesni_lib:
-        start_operation = _raw_aesni_lib.AESNI_start_operation
-        stop_operation = _raw_aesni_lib.AESNI_stop_operation
-    else:
-        start_operation = _raw_aes_lib.AES_start_operation
-        stop_operation = _raw_aes_lib.AES_stop_operation
-
-    cipher = VoidPointer()
-    result = start_operation(c_uint8_ptr(key),
-                             c_size_t(len(key)),
-                             cipher.address_of())
-    if result:
-        raise ValueError("Error %X while instantiating the AES cipher"
-                         % result)
-    return SmartPointer(cipher.get(), stop_operation)
-
-
-def _derive_Poly1305_key_pair(key, nonce):
-    """Derive a tuple (r, s, nonce) for a Poly1305 MAC.
-    
-    If nonce is ``None``, a new 16-byte nonce is generated.
-    """
-
-    if len(key) != 32:
-        raise ValueError("Poly1305 with AES requires a 32-byte key")
-
-    if nonce is None:
-        nonce = get_random_bytes(16)
-    elif len(nonce) != 16:
-        raise ValueError("Poly1305 with AES requires a 16-byte nonce")
-
-    s = new(key[:16], MODE_ECB).encrypt(nonce)
-    return key[16:], s, nonce
-
-
-def new(key, mode, *args, **kwargs):
-    """Create a new AES cipher.
-
-    :param key:
-        The secret key to use in the symmetric cipher.
-
-        It must be 16, 24 or 32 bytes long (respectively for *AES-128*,
-        *AES-192* or *AES-256*).
-
-        For ``MODE_SIV`` only, it doubles to 32, 48, or 64 bytes.
-    :type key: bytes/bytearray/memoryview
-
-    :param mode:
-        The chaining mode to use for encryption or decryption.
-        If in doubt, use ``MODE_EAX``.
-    :type mode: One of the supported ``MODE_*`` constants
-
-    :Keyword Arguments:
-        *   **iv** (*bytes*, *bytearray*, *memoryview*) --
-            (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``,
-            and ``MODE_OPENPGP`` modes).
-
-            The initialization vector to use for encryption or decryption.
-
-            For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 16 bytes long.
-
-            For ``MODE_OPENPGP`` mode only,
-            it must be 16 bytes long for encryption
-            and 18 bytes for decryption (in the latter case, it is
-            actually the *encrypted* IV which was prefixed to the ciphertext).
-
-            If not provided, a random byte string is generated (you must then
-            read its value with the :attr:`iv` attribute).
-
-        *   **nonce** (*bytes*, *bytearray*, *memoryview*) --
-            (Only applicable for ``MODE_CCM``, ``MODE_EAX``, ``MODE_GCM``,
-            ``MODE_SIV``, ``MODE_OCB``, and ``MODE_CTR``).
-
-            A value that must never be reused for any other encryption done
-            with this key (except possibly for ``MODE_SIV``, see below).
-
-            For ``MODE_EAX``, ``MODE_GCM`` and ``MODE_SIV`` there are no
-            restrictions on its length (recommended: **16** bytes).
-
-            For ``MODE_CCM``, its length must be in the range **[7..13]**.
-            Bear in mind that with CCM there is a trade-off between nonce
-            length and maximum message size. Recommendation: **11** bytes.
-
-            For ``MODE_OCB``, its length must be in the range **[1..15]**
-            (recommended: **15**).
-
-            For ``MODE_CTR``, its length must be in the range **[0..15]**
-            (recommended: **8**).
-            
-            For ``MODE_SIV``, the nonce is optional, if it is not specified,
-            then no nonce is being used, which renders the encryption
-            deterministic.
-
-            If not provided, for modes other than ``MODE_SIV```, a random
-            byte string of the recommended length is used (you must then
-            read its value with the :attr:`nonce` attribute).
-
-        *   **segment_size** (*integer*) --
-            (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext
-            are segmented in. It must be a multiple of 8.
-            If not specified, it will be assumed to be 8.
-
-        *   **mac_len** : (*integer*) --
-            (Only ``MODE_EAX``, ``MODE_GCM``, ``MODE_OCB``, ``MODE_CCM``)
-            Length of the authentication tag, in bytes.
-
-            It must be even and in the range **[4..16]**.
-            The recommended value (and the default, if not specified) is **16**.
-
-        *   **msg_len** : (*integer*) --
-            (Only ``MODE_CCM``). Length of the message to (de)cipher.
-            If not specified, ``encrypt`` must be called with the entire message.
-            Similarly, ``decrypt`` can only be called once.
-
-        *   **assoc_len** : (*integer*) --
-            (Only ``MODE_CCM``). Length of the associated data.
-            If not specified, all associated data is buffered internally,
-            which may represent a problem for very large messages.
-
-        *   **initial_value** : (*integer* or *bytes/bytearray/memoryview*) --
-            (Only ``MODE_CTR``).
-            The initial value for the counter. If not present, the cipher will
-            start counting from 0. The value is incremented by one for each block.
-            The counter number is encoded in big endian mode.
-
-        *   **counter** : (*object*) --
-            Instance of ``Crypto.Util.Counter``, which allows full customization
-            of the counter block. This parameter is incompatible to both ``nonce``
-            and ``initial_value``.
-
-        *   **use_aesni** : (*boolean*) --
-            Use Intel AES-NI hardware extensions (default: use if available).
-
-    :Return: an AES object, of the applicable mode.
-    """
-
-    kwargs["add_aes_modes"] = True
-    return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs)
-
-
-MODE_ECB = 1
-MODE_CBC = 2
-MODE_CFB = 3
-MODE_OFB = 5
-MODE_CTR = 6
-MODE_OPENPGP = 7
-MODE_CCM = 8
-MODE_EAX = 9
-MODE_SIV = 10
-MODE_GCM = 11
-MODE_OCB = 12
-
-# Size of a data block (in bytes)
-block_size = 16
-# Size of a key (in bytes)
-key_size = (16, 24, 32)

tls/pycryptoMod/lib/Crypto/Cipher/AES.pyi

@@ -1,47 +0,0 @@
-from typing import Union, Tuple, Optional, Dict
-
-from tls.Crypto.Cipher._mode_ecb import EcbMode
-from tls.Crypto.Cipher._mode_cbc import CbcMode
-from tls.Crypto.Cipher._mode_cfb import CfbMode
-from tls.Crypto.Cipher._mode_ofb import OfbMode
-from tls.Crypto.Cipher._mode_ctr import CtrMode
-from tls.Crypto.Cipher._mode_openpgp import OpenPgpMode
-from tls.Crypto.Cipher._mode_ccm import CcmMode
-from tls.Crypto.Cipher._mode_eax import EaxMode
-from tls.Crypto.Cipher._mode_gcm import GcmMode
-from tls.Crypto.Cipher._mode_siv import SivMode
-from tls.Crypto.Cipher._mode_ocb import OcbMode
-
-AESMode = int
-
-MODE_ECB: AESMode
-MODE_CBC: AESMode
-MODE_CFB: AESMode
-MODE_OFB: AESMode
-MODE_CTR: AESMode
-MODE_OPENPGP: AESMode
-MODE_CCM: AESMode
-MODE_EAX: AESMode
-MODE_GCM: AESMode
-MODE_SIV: AESMode
-MODE_OCB: AESMode
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-def new(key: Buffer,
-        mode: AESMode,
-        iv : Buffer = ...,
-        IV : Buffer = ...,
-        nonce : Buffer = ...,
-        segment_size : int = ...,
-        mac_len : int = ...,
-        assoc_len : int = ...,
-        initial_value : Union[int, Buffer] = ...,
-        counter : Dict = ...,
-        use_aesni : bool = ...) -> \
-        Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode,
-              OpenPgpMode, CcmMode, EaxMode, GcmMode,
-              SivMode, OcbMode]: ...
-
-block_size: int
-key_size: Tuple[int, int, int]

tls/pycryptoMod/lib/Crypto/Cipher/ARC2.py

@@ -1,175 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-#  Cipher/ARC2.py : ARC2.py
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain.  To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-"""
-Module's constants for the modes of operation supported with ARC2:
-
-:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>`
-:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>`
-:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>`
-:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>`
-:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>`
-:var MODE_OPENPGP:  :ref:`OpenPGP Mode <openpgp_mode>`
-:var MODE_EAX: :ref:`EAX Mode <eax_mode>`
-"""
-
-import sys
-
-from tls.Crypto.Cipher import _create_cipher
-from tls.Crypto.Util.py3compat import byte_string
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
-                                  VoidPointer, SmartPointer,
-                                  c_size_t, c_uint8_ptr)
-
-_raw_arc2_lib = load_pycryptodome_raw_lib(
-                        "Crypto.Cipher._raw_arc2",
-                        """
-                        int ARC2_start_operation(const uint8_t key[],
-                                                 size_t key_len,
-                                                 size_t effective_key_len,
-                                                 void **pResult);
-                        int ARC2_encrypt(const void *state,
-                                         const uint8_t *in,
-                                         uint8_t *out,
-                                         size_t data_len);
-                        int ARC2_decrypt(const void *state,
-                                         const uint8_t *in,
-                                         uint8_t *out,
-                                         size_t data_len);
-                        int ARC2_stop_operation(void *state);
-                        """
-                        )
-
-
-def _create_base_cipher(dict_parameters):
-    """This method instantiates and returns a handle to a low-level
-    base cipher. It will absorb named parameters in the process."""
-
-    try:
-        key = dict_parameters.pop("key")
-    except KeyError:
-        raise TypeError("Missing 'key' parameter")
-
-    effective_keylen = dict_parameters.pop("effective_keylen", 1024)
-
-    if len(key) not in key_size:
-        raise ValueError("Incorrect ARC2 key length (%d bytes)" % len(key))
-
-    if not (40 <= effective_keylen <= 1024):
-        raise ValueError("'effective_key_len' must be at least 40 and no larger than 1024 "
-                         "(not %d)" % effective_keylen)
-
-    start_operation = _raw_arc2_lib.ARC2_start_operation
-    stop_operation = _raw_arc2_lib.ARC2_stop_operation
-
-    cipher = VoidPointer()
-    result = start_operation(c_uint8_ptr(key),
-                             c_size_t(len(key)),
-                             c_size_t(effective_keylen),
-                             cipher.address_of())
-    if result:
-        raise ValueError("Error %X while instantiating the ARC2 cipher"
-                         % result)
-
-    return SmartPointer(cipher.get(), stop_operation)
-
-
-def new(key, mode, *args, **kwargs):
-    """Create a new RC2 cipher.
-
-    :param key:
-        The secret key to use in the symmetric cipher.
-        Its length can vary from 5 to 128 bytes; the actual search space
-        (and the cipher strength) can be reduced with the ``effective_keylen`` parameter.
-    :type key: bytes, bytearray, memoryview
-
-    :param mode:
-        The chaining mode to use for encryption or decryption.
-    :type mode: One of the supported ``MODE_*`` constants
-
-    :Keyword Arguments:
-        *   **iv** (*bytes*, *bytearray*, *memoryview*) --
-            (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``,
-            and ``MODE_OPENPGP`` modes).
-
-            The initialization vector to use for encryption or decryption.
-
-            For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 8 bytes long.
-
-            For ``MODE_OPENPGP`` mode only,
-            it must be 8 bytes long for encryption
-            and 10 bytes for decryption (in the latter case, it is
-            actually the *encrypted* IV which was prefixed to the ciphertext).
-
-            If not provided, a random byte string is generated (you must then
-            read its value with the :attr:`iv` attribute).
-
-        *   **nonce** (*bytes*, *bytearray*, *memoryview*) --
-            (Only applicable for ``MODE_EAX`` and ``MODE_CTR``).
-
-            A value that must never be reused for any other encryption done
-            with this key.
-
-            For ``MODE_EAX`` there are no
-            restrictions on its length (recommended: **16** bytes).
-
-            For ``MODE_CTR``, its length must be in the range **[0..7]**.
-
-            If not provided for ``MODE_EAX``, a random byte string is generated (you
-            can read it back via the ``nonce`` attribute).
-
-        *   **effective_keylen** (*integer*) --
-            Optional. Maximum strength in bits of the actual key used by the ARC2 algorithm.
-            If the supplied ``key`` parameter is longer (in bits) of the value specified
-            here, it will be weakened to match it.
-            If not specified, no limitation is applied.
-
-        *   **segment_size** (*integer*) --
-            (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext
-            are segmented in. It must be a multiple of 8.
-            If not specified, it will be assumed to be 8.
-
-        *   **mac_len** : (*integer*) --
-            (Only ``MODE_EAX``)
-            Length of the authentication tag, in bytes.
-            It must be no longer than 8 (default).
-
-        *   **initial_value** : (*integer*) --
-            (Only ``MODE_CTR``). The initial value for the counter within
-            the counter block. By default it is **0**.
-
-    :Return: an ARC2 object, of the applicable mode.
-    """
-
-    return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs)
-
-MODE_ECB = 1
-MODE_CBC = 2
-MODE_CFB = 3
-MODE_OFB = 5
-MODE_CTR = 6
-MODE_OPENPGP = 7
-MODE_EAX = 9
-
-# Size of a data block (in bytes)
-block_size = 8
-# Size of a key (in bytes)
-key_size = range(5, 128 + 1)

tls/pycryptoMod/lib/Crypto/Cipher/ARC2.pyi

@@ -1,35 +0,0 @@
-from typing import Union, Dict, Iterable
-
-from tls.Crypto.Cipher._mode_ecb import EcbMode
-from tls.Crypto.Cipher._mode_cbc import CbcMode
-from tls.Crypto.Cipher._mode_cfb import CfbMode
-from tls.Crypto.Cipher._mode_ofb import OfbMode
-from tls.Crypto.Cipher._mode_ctr import CtrMode
-from tls.Crypto.Cipher._mode_openpgp import OpenPgpMode
-from tls.Crypto.Cipher._mode_eax import EaxMode
-
-ARC2Mode = int
-
-MODE_ECB: ARC2Mode
-MODE_CBC: ARC2Mode
-MODE_CFB: ARC2Mode
-MODE_OFB: ARC2Mode
-MODE_CTR: ARC2Mode
-MODE_OPENPGP: ARC2Mode
-MODE_EAX: ARC2Mode
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-def new(key: Buffer,
-        mode: ARC2Mode,
-        iv : Buffer = ...,
-        IV : Buffer = ...,
-        nonce : Buffer = ...,
-        segment_size : int = ...,
-        mac_len : int = ...,
-        initial_value : Union[int, Buffer] = ...,
-        counter : Dict = ...) -> \
-        Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: ...
-
-block_size: int
-key_size: Iterable[int]

tls/pycryptoMod/lib/Crypto/Cipher/ARC4.py

@@ -1,137 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-#  Cipher/ARC4.py : ARC4
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain.  To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-
-from tls.Crypto.Util.py3compat import b
-
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer,
-                                  create_string_buffer, get_raw_buffer,
-                                  SmartPointer, c_size_t, c_uint8_ptr)
-
-
-_raw_arc4_lib = load_pycryptodome_raw_lib("Crypto.Cipher._ARC4", """
-                    int ARC4_stream_encrypt(void *rc4State, const uint8_t in[],
-                                            uint8_t out[], size_t len);
-                    int ARC4_stream_init(uint8_t *key, size_t keylen,
-                                         void **pRc4State);
-                    int ARC4_stream_destroy(void *rc4State);
-                    """)
-
-
-class ARC4Cipher:
-    """ARC4 cipher object. Do not create it directly. Use
-    :func:`Crypto.Cipher.ARC4.new` instead.
-    """
-
-    def __init__(self, key, *args, **kwargs):
-        """Initialize an ARC4 cipher object
-
-        See also `new()` at the module level."""
-
-        if len(args) > 0:
-            ndrop = args[0]
-            args = args[1:]
-        else:
-            ndrop = kwargs.pop('drop', 0)
-
-        if len(key) not in key_size:
-            raise ValueError("Incorrect ARC4 key length (%d bytes)" %
-                             len(key))
-
-        self._state = VoidPointer()
-        result = _raw_arc4_lib.ARC4_stream_init(c_uint8_ptr(key),
-                                                c_size_t(len(key)),
-                                                self._state.address_of())
-        if result != 0:
-            raise ValueError("Error %d while creating the ARC4 cipher"
-                             % result)
-        self._state = SmartPointer(self._state.get(),
-                                   _raw_arc4_lib.ARC4_stream_destroy)
-
-        if ndrop > 0:
-            # This is OK even if the cipher is used for decryption,
-            # since encrypt and decrypt are actually the same thing
-            # with ARC4.
-            self.encrypt(b'\x00' * ndrop)
-
-        self.block_size = 1
-        self.key_size = len(key)
-
-    def encrypt(self, plaintext):
-        """Encrypt a piece of data.
-
-        :param plaintext: The data to encrypt, of any size.
-        :type plaintext: bytes, bytearray, memoryview
-        :returns: the encrypted byte string, of equal length as the
-          plaintext.
-        """
-
-        ciphertext = create_string_buffer(len(plaintext))
-        result = _raw_arc4_lib.ARC4_stream_encrypt(self._state.get(),
-                                                   c_uint8_ptr(plaintext),
-                                                   ciphertext,
-                                                   c_size_t(len(plaintext)))
-        if result:
-            raise ValueError("Error %d while encrypting with RC4" % result)
-        return get_raw_buffer(ciphertext)
-
-    def decrypt(self, ciphertext):
-        """Decrypt a piece of data.
-
-        :param ciphertext: The data to decrypt, of any size.
-        :type ciphertext: bytes, bytearray, memoryview
-        :returns: the decrypted byte string, of equal length as the
-          ciphertext.
-        """
-
-        try:
-            return self.encrypt(ciphertext)
-        except ValueError as e:
-            raise ValueError(str(e).replace("enc", "dec"))
-
-
-def new(key, *args, **kwargs):
-    """Create a new ARC4 cipher.
-
-    :param key:
-        The secret key to use in the symmetric cipher.
-        Its length must be in the range ``[5..256]``.
-        The recommended length is 16 bytes.
-    :type key: bytes, bytearray, memoryview
-
-    :Keyword Arguments:
-        *   *drop* (``integer``) --
-            The amount of bytes to discard from the initial part of the keystream.
-            In fact, such part has been found to be distinguishable from random
-            data (while it shouldn't) and also correlated to key.
-
-            The recommended value is 3072_ bytes. The default value is 0.
-
-    :Return: an `ARC4Cipher` object
-
-    .. _3072: http://eprint.iacr.org/2002/067.pdf
-    """
-    return ARC4Cipher(key, *args, **kwargs)
-
-# Size of a data block (in bytes)
-block_size = 1
-# Size of a key (in bytes)
-key_size = range(5, 256+1)

tls/pycryptoMod/lib/Crypto/Cipher/ARC4.pyi

@@ -1,16 +0,0 @@
-from typing import Any, Union, Iterable
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-class ARC4Cipher:
-    block_size: int
-    key_size: int
-
-    def __init__(self, key: Buffer, *args: Any, **kwargs: Any) -> None: ...
-    def encrypt(self, plaintext: Buffer) -> bytes: ...
-    def decrypt(self, ciphertext: Buffer) -> bytes: ...
-
-def new(key: Buffer, drop : int = ...) -> ARC4Cipher: ...
-
-block_size: int
-key_size: Iterable[int]

tls/pycryptoMod/lib/Crypto/Cipher/Blowfish.py

@@ -1,159 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-#  Cipher/Blowfish.py : Blowfish
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain.  To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-"""
-Module's constants for the modes of operation supported with Blowfish:
-
-:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>`
-:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>`
-:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>`
-:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>`
-:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>`
-:var MODE_OPENPGP:  :ref:`OpenPGP Mode <openpgp_mode>`
-:var MODE_EAX: :ref:`EAX Mode <eax_mode>`
-"""
-
-import sys
-
-from tls.Crypto.Cipher import _create_cipher
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
-                                  VoidPointer, SmartPointer, c_size_t,
-                                  c_uint8_ptr)
-
-_raw_blowfish_lib = load_pycryptodome_raw_lib(
-        "Crypto.Cipher._raw_blowfish",
-        """
-        int Blowfish_start_operation(const uint8_t key[],
-                                     size_t key_len,
-                                     void **pResult);
-        int Blowfish_encrypt(const void *state,
-                             const uint8_t *in,
-                             uint8_t *out,
-                             size_t data_len);
-        int Blowfish_decrypt(const void *state,
-                             const uint8_t *in,
-                             uint8_t *out,
-                             size_t data_len);
-        int Blowfish_stop_operation(void *state);
-        """
-        )
-
-
-def _create_base_cipher(dict_parameters):
-    """This method instantiates and returns a smart pointer to
-    a low-level base cipher. It will absorb named parameters in
-    the process."""
-
-    try:
-        key = dict_parameters.pop("key")
-    except KeyError:
-        raise TypeError("Missing 'key' parameter")
-
-    if len(key) not in key_size:
-        raise ValueError("Incorrect Blowfish key length (%d bytes)" % len(key))
-
-    start_operation = _raw_blowfish_lib.Blowfish_start_operation
-    stop_operation = _raw_blowfish_lib.Blowfish_stop_operation
-
-    void_p = VoidPointer()
-    result = start_operation(c_uint8_ptr(key),
-                             c_size_t(len(key)),
-                             void_p.address_of())
-    if result:
-        raise ValueError("Error %X while instantiating the Blowfish cipher"
-                         % result)
-    return SmartPointer(void_p.get(), stop_operation)
-
-
-def new(key, mode, *args, **kwargs):
-    """Create a new Blowfish cipher
-
-    :param key:
-        The secret key to use in the symmetric cipher.
-        Its length can vary from 5 to 56 bytes.
-    :type key: bytes, bytearray, memoryview
-
-    :param mode:
-        The chaining mode to use for encryption or decryption.
-    :type mode: One of the supported ``MODE_*`` constants
-
-    :Keyword Arguments:
-        *   **iv** (*bytes*, *bytearray*, *memoryview*) --
-            (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``,
-            and ``MODE_OPENPGP`` modes).
-
-            The initialization vector to use for encryption or decryption.
-
-            For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 8 bytes long.
-
-            For ``MODE_OPENPGP`` mode only,
-            it must be 8 bytes long for encryption
-            and 10 bytes for decryption (in the latter case, it is
-            actually the *encrypted* IV which was prefixed to the ciphertext).
-
-            If not provided, a random byte string is generated (you must then
-            read its value with the :attr:`iv` attribute).
-
-        *   **nonce** (*bytes*, *bytearray*, *memoryview*) --
-            (Only applicable for ``MODE_EAX`` and ``MODE_CTR``).
-
-            A value that must never be reused for any other encryption done
-            with this key.
-
-            For ``MODE_EAX`` there are no
-            restrictions on its length (recommended: **16** bytes).
-
-            For ``MODE_CTR``, its length must be in the range **[0..7]**.
-
-            If not provided for ``MODE_EAX``, a random byte string is generated (you
-            can read it back via the ``nonce`` attribute).
-
-        *   **segment_size** (*integer*) --
-            (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext
-            are segmented in. It must be a multiple of 8.
-            If not specified, it will be assumed to be 8.
-
-        *   **mac_len** : (*integer*) --
-            (Only ``MODE_EAX``)
-            Length of the authentication tag, in bytes.
-            It must be no longer than 8 (default).
-
-        *   **initial_value** : (*integer*) --
-            (Only ``MODE_CTR``). The initial value for the counter within
-            the counter block. By default it is **0**.
-
-    :Return: a Blowfish object, of the applicable mode.
-    """
-
-    return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs)
-
-MODE_ECB = 1
-MODE_CBC = 2
-MODE_CFB = 3
-MODE_OFB = 5
-MODE_CTR = 6
-MODE_OPENPGP = 7
-MODE_EAX = 9
-
-# Size of a data block (in bytes)
-block_size = 8
-# Size of a key (in bytes)
-key_size = range(4, 56 + 1)

tls/pycryptoMod/lib/Crypto/Cipher/Blowfish.pyi

@@ -1,35 +0,0 @@
-from typing import Union, Dict, Iterable
-
-from tls.Crypto.Cipher._mode_ecb import EcbMode
-from tls.Crypto.Cipher._mode_cbc import CbcMode
-from tls.Crypto.Cipher._mode_cfb import CfbMode
-from tls.Crypto.Cipher._mode_ofb import OfbMode
-from tls.Crypto.Cipher._mode_ctr import CtrMode
-from tls.Crypto.Cipher._mode_openpgp import OpenPgpMode
-from tls.Crypto.Cipher._mode_eax import EaxMode
-
-BlowfishMode = int
-
-MODE_ECB: BlowfishMode
-MODE_CBC: BlowfishMode
-MODE_CFB: BlowfishMode
-MODE_OFB: BlowfishMode
-MODE_CTR: BlowfishMode
-MODE_OPENPGP: BlowfishMode
-MODE_EAX: BlowfishMode
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-def new(key: Buffer,
-        mode: BlowfishMode,
-        iv : Buffer = ...,
-        IV : Buffer = ...,
-        nonce : Buffer = ...,
-        segment_size : int = ...,
-        mac_len : int = ...,
-        initial_value : Union[int, Buffer] = ...,
-        counter : Dict = ...) -> \
-        Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: ...
-
-block_size: int
-key_size: Iterable[int]

tls/pycryptoMod/lib/Crypto/Cipher/CAST.py

@@ -1,159 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-#  Cipher/CAST.py : CAST
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain.  To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-"""
-Module's constants for the modes of operation supported with CAST:
-
-:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>`
-:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>`
-:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>`
-:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>`
-:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>`
-:var MODE_OPENPGP:  :ref:`OpenPGP Mode <openpgp_mode>`
-:var MODE_EAX: :ref:`EAX Mode <eax_mode>`
-"""
-
-import sys
-
-from tls.Crypto.Cipher import _create_cipher
-from tls.Crypto.Util.py3compat import byte_string
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
-                                  VoidPointer, SmartPointer,
-                                  c_size_t, c_uint8_ptr)
-
-_raw_cast_lib = load_pycryptodome_raw_lib(
-                    "Crypto.Cipher._raw_cast",
-                    """
-                    int CAST_start_operation(const uint8_t key[],
-                                             size_t key_len,
-                                             void **pResult);
-                    int CAST_encrypt(const void *state,
-                                     const uint8_t *in,
-                                     uint8_t *out,
-                                     size_t data_len);
-                    int CAST_decrypt(const void *state,
-                                     const uint8_t *in,
-                                     uint8_t *out,
-                                     size_t data_len);
-                    int CAST_stop_operation(void *state);
-                    """)
-
-
-def _create_base_cipher(dict_parameters):
-    """This method instantiates and returns a handle to a low-level
-    base cipher. It will absorb named parameters in the process."""
-
-    try:
-        key = dict_parameters.pop("key")
-    except KeyError:
-        raise TypeError("Missing 'key' parameter")
-
-    if len(key) not in key_size:
-        raise ValueError("Incorrect CAST key length (%d bytes)" % len(key))
-
-    start_operation = _raw_cast_lib.CAST_start_operation
-    stop_operation = _raw_cast_lib.CAST_stop_operation
-
-    cipher = VoidPointer()
-    result = start_operation(c_uint8_ptr(key),
-                             c_size_t(len(key)),
-                             cipher.address_of())
-    if result:
-        raise ValueError("Error %X while instantiating the CAST cipher"
-                         % result)
-
-    return SmartPointer(cipher.get(), stop_operation)
-
-
-def new(key, mode, *args, **kwargs):
-    """Create a new CAST cipher
-
-    :param key:
-        The secret key to use in the symmetric cipher.
-        Its length can vary from 5 to 16 bytes.
-    :type key: bytes, bytearray, memoryview
-
-    :param mode:
-        The chaining mode to use for encryption or decryption.
-    :type mode: One of the supported ``MODE_*`` constants
-
-    :Keyword Arguments:
-        *   **iv** (*bytes*, *bytearray*, *memoryview*) --
-            (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``,
-            and ``MODE_OPENPGP`` modes).
-
-            The initialization vector to use for encryption or decryption.
-
-            For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 8 bytes long.
-
-            For ``MODE_OPENPGP`` mode only,
-            it must be 8 bytes long for encryption
-            and 10 bytes for decryption (in the latter case, it is
-            actually the *encrypted* IV which was prefixed to the ciphertext).
-
-            If not provided, a random byte string is generated (you must then
-            read its value with the :attr:`iv` attribute).
-
-        *   **nonce** (*bytes*, *bytearray*, *memoryview*) --
-            (Only applicable for ``MODE_EAX`` and ``MODE_CTR``).
-
-            A value that must never be reused for any other encryption done
-            with this key.
-
-            For ``MODE_EAX`` there are no
-            restrictions on its length (recommended: **16** bytes).
-
-            For ``MODE_CTR``, its length must be in the range **[0..7]**.
-
-            If not provided for ``MODE_EAX``, a random byte string is generated (you
-            can read it back via the ``nonce`` attribute).
-
-        *   **segment_size** (*integer*) --
-            (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext
-            are segmented in. It must be a multiple of 8.
-            If not specified, it will be assumed to be 8.
-
-        *   **mac_len** : (*integer*) --
-            (Only ``MODE_EAX``)
-            Length of the authentication tag, in bytes.
-            It must be no longer than 8 (default).
-
-        *   **initial_value** : (*integer*) --
-            (Only ``MODE_CTR``). The initial value for the counter within
-            the counter block. By default it is **0**.
-
-    :Return: a CAST object, of the applicable mode.
-    """
-
-    return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs)
-
-MODE_ECB = 1
-MODE_CBC = 2
-MODE_CFB = 3
-MODE_OFB = 5
-MODE_CTR = 6
-MODE_OPENPGP = 7
-MODE_EAX = 9
-
-# Size of a data block (in bytes)
-block_size = 8
-# Size of a key (in bytes)
-key_size = range(5, 16 + 1)

tls/pycryptoMod/lib/Crypto/Cipher/CAST.pyi

@@ -1,35 +0,0 @@
-from typing import Union, Dict, Iterable
-
-from tls.Crypto.Cipher._mode_ecb import EcbMode
-from tls.Crypto.Cipher._mode_cbc import CbcMode
-from tls.Crypto.Cipher._mode_cfb import CfbMode
-from tls.Crypto.Cipher._mode_ofb import OfbMode
-from tls.Crypto.Cipher._mode_ctr import CtrMode
-from tls.Crypto.Cipher._mode_openpgp import OpenPgpMode
-from tls.Crypto.Cipher._mode_eax import EaxMode
-
-CASTMode = int
-
-MODE_ECB: CASTMode
-MODE_CBC: CASTMode
-MODE_CFB: CASTMode
-MODE_OFB: CASTMode
-MODE_CTR: CASTMode
-MODE_OPENPGP: CASTMode
-MODE_EAX: CASTMode
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-def new(key: Buffer,
-        mode: CASTMode,
-        iv : Buffer = ...,
-        IV : Buffer = ...,
-        nonce : Buffer = ...,
-        segment_size : int = ...,
-        mac_len : int = ...,
-        initial_value : Union[int, Buffer] = ...,
-        counter : Dict = ...) -> \
-        Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: ...
-
-block_size: int
-key_size : Iterable[int]

tls/pycryptoMod/lib/Crypto/Cipher/ChaCha20.py

@@ -1,286 +0,0 @@
-# ===================================================================
-#
-# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# ===================================================================
-
-from tls.Crypto.Random import get_random_bytes
-
-from tls.Crypto.Util.py3compat import _copy_bytes
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
-                                  create_string_buffer,
-                                  get_raw_buffer, VoidPointer,
-                                  SmartPointer, c_size_t,
-                                  c_uint8_ptr, c_ulong,
-                                  is_writeable_buffer)
-
-_raw_chacha20_lib = load_pycryptodome_raw_lib("Crypto.Cipher._chacha20",
-                    """
-                    int chacha20_init(void **pState,
-                                      const uint8_t *key,
-                                      size_t keySize,
-                                      const uint8_t *nonce,
-                                      size_t nonceSize);
-
-                    int chacha20_destroy(void *state);
-
-                    int chacha20_encrypt(void *state,
-                                         const uint8_t in[],
-                                         uint8_t out[],
-                                         size_t len);
-
-                    int chacha20_seek(void *state,
-                                      unsigned long block_high,
-                                      unsigned long block_low,
-                                      unsigned offset);
-                    int hchacha20(  const uint8_t key[32],
-                                    const uint8_t nonce16[16],
-                                    uint8_t subkey[32]);
-                    """)
-
-
-def _HChaCha20(key, nonce):
-
-    assert(len(key) == 32)
-    assert(len(nonce) == 16)
-
-    subkey = bytearray(32)
-    result = _raw_chacha20_lib.hchacha20(
-                c_uint8_ptr(key),
-                c_uint8_ptr(nonce),
-                c_uint8_ptr(subkey))
-    if result:
-        raise ValueError("Error %d when deriving subkey with HChaCha20" % result)
-
-    return subkey
-
-
-class ChaCha20Cipher(object):
-    """ChaCha20 (or XChaCha20) cipher object.
-    Do not create it directly. Use :py:func:`new` instead.
-
-    :var nonce: The nonce with length 8, 12 or 24 bytes
-    :vartype nonce: bytes
-    """
-
-    block_size = 1
-
-    def __init__(self, key, nonce):
-        """Initialize a ChaCha20/XChaCha20 cipher object
-
-        See also `new()` at the module level."""
-
-        # XChaCha20 requires a key derivation with HChaCha20
-        # See 2.3 in https://tools.ietf.org/html/draft-arciszewski-xchacha-03
-        if len(nonce) == 24:
-            key = _HChaCha20(key, nonce[:16])
-            nonce = b'\x00' * 4 + nonce[16:]
-            self._name = "XChaCha20"
-        else:
-            self._name = "ChaCha20"
-
-        self.nonce = _copy_bytes(None, None, nonce)
-
-        self._next = ( self.encrypt, self.decrypt )
-
-        self._state = VoidPointer()
-        result = _raw_chacha20_lib.chacha20_init(
-                        self._state.address_of(),
-                        c_uint8_ptr(key),
-                        c_size_t(len(key)),
-                        self.nonce,
-                        c_size_t(len(nonce)))
-        if result:
-            raise ValueError("Error %d instantiating a %s cipher" % (result,
-                                                                     self._name))
-        self._state = SmartPointer(self._state.get(),
-                                   _raw_chacha20_lib.chacha20_destroy)
-
-    def encrypt(self, plaintext, output=None):
-        """Encrypt a piece of data.
-
-        Args:
-          plaintext(bytes/bytearray/memoryview): The data to encrypt, of any size.
-        Keyword Args:
-          output(bytes/bytearray/memoryview): The location where the ciphertext
-            is written to. If ``None``, the ciphertext is returned.
-        Returns:
-          If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.encrypt not in self._next:
-            raise TypeError("Cipher object can only be used for decryption")
-        self._next = ( self.encrypt, )
-        return self._encrypt(plaintext, output)
-
-    def _encrypt(self, plaintext, output):
-        """Encrypt without FSM checks"""
-
-        if output is None:
-            ciphertext = create_string_buffer(len(plaintext))
-        else:
-            ciphertext = output
-
-            if not is_writeable_buffer(output):
-                raise TypeError("output must be a bytearray or a writeable memoryview")
-
-            if len(plaintext) != len(output):
-                raise ValueError("output must have the same length as the input"
-                                 "  (%d bytes)" % len(plaintext))
-
-        result = _raw_chacha20_lib.chacha20_encrypt(
-                                         self._state.get(),
-                                         c_uint8_ptr(plaintext),
-                                         c_uint8_ptr(ciphertext),
-                                         c_size_t(len(plaintext)))
-        if result:
-            raise ValueError("Error %d while encrypting with %s" % (result, self._name))
-
-        if output is None:
-            return get_raw_buffer(ciphertext)
-        else:
-            return None
-
-    def decrypt(self, ciphertext, output=None):
-        """Decrypt a piece of data.
-
-        Args:
-          ciphertext(bytes/bytearray/memoryview): The data to decrypt, of any size.
-        Keyword Args:
-          output(bytes/bytearray/memoryview): The location where the plaintext
-            is written to. If ``None``, the plaintext is returned.
-        Returns:
-          If ``output`` is ``None``, the plaintext is returned as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.decrypt not in self._next:
-            raise TypeError("Cipher object can only be used for encryption")
-        self._next = ( self.decrypt, )
-
-        try:
-            return self._encrypt(ciphertext, output)
-        except ValueError as e:
-            raise ValueError(str(e).replace("enc", "dec"))
-
-    def seek(self, position):
-        """Seek to a certain position in the key stream.
-
-        Args:
-          position (integer):
-            The absolute position within the key stream, in bytes.
-        """
-
-        position, offset = divmod(position, 64)
-        block_low = position & 0xFFFFFFFF
-        block_high = position >> 32
-
-        result = _raw_chacha20_lib.chacha20_seek(
-                                                 self._state.get(),
-                                                 c_ulong(block_high),
-                                                 c_ulong(block_low),
-                                                 offset
-                                                 )
-        if result:
-            raise ValueError("Error %d while seeking with %s" % (result, self._name))
-
-
-def _derive_Poly1305_key_pair(key, nonce):
-    """Derive a tuple (r, s, nonce) for a Poly1305 MAC.
-
-    If nonce is ``None``, a new 12-byte nonce is generated.
-    """
-
-    if len(key) != 32:
-        raise ValueError("Poly1305 with ChaCha20 requires a 32-byte key")
-
-    if nonce is None:
-        padded_nonce = nonce = get_random_bytes(12)
-    elif len(nonce) == 8:
-        # See RFC7538, 2.6: [...] ChaCha20 as specified here requires a 96-bit
-        # nonce.  So if the provided nonce is only 64-bit, then the first 32
-        # bits of the nonce will be set to a constant number.
-        # This will usually be zero, but for protocols with multiple senders it may be
-        # different for each sender, but should be the same for all
-        # invocations of the function with the same key by a particular
-        # sender.
-        padded_nonce = b'\x00\x00\x00\x00' + nonce
-    elif len(nonce) == 12:
-        padded_nonce = nonce
-    else:
-        raise ValueError("Poly1305 with ChaCha20 requires an 8- or 12-byte nonce")
-
-    rs = new(key=key, nonce=padded_nonce).encrypt(b'\x00' * 32)
-    return rs[:16], rs[16:], nonce
-
-
-def new(**kwargs):
-    """Create a new ChaCha20 or XChaCha20 cipher
-
-    Keyword Args:
-        key (bytes/bytearray/memoryview): The secret key to use.
-            It must be 32 bytes long.
-        nonce (bytes/bytearray/memoryview): A mandatory value that
-            must never be reused for any other encryption
-            done with this key.
-
-            For ChaCha20, it must be 8 or 12 bytes long.
-
-            For XChaCha20, it must be 24 bytes long.
-
-            If not provided, 8 bytes will be randomly generated
-            (you can find them back in the ``nonce`` attribute).
-
-    :Return: a :class:`Crypto.Cipher.ChaCha20.ChaCha20Cipher` object
-    """
-
-    try:
-        key = kwargs.pop("key")
-    except KeyError as e:
-        raise TypeError("Missing parameter %s" % e)
-
-    nonce = kwargs.pop("nonce", None)
-    if nonce is None:
-        nonce = get_random_bytes(8)
-
-    if len(key) != 32:
-        raise ValueError("ChaCha20/XChaCha20 key must be 32 bytes long")
-
-    if len(nonce) not in (8, 12, 24):
-        raise ValueError("Nonce must be 8/12 bytes(ChaCha20) or 24 bytes (XChaCha20)")
-
-    if kwargs:
-        raise TypeError("Unknown parameters: " + str(kwargs))
-
-    return ChaCha20Cipher(key, nonce)
-
-# Size of a data block (in bytes)
-block_size = 1
-
-# Size of a key (in bytes)
-key_size = 32

tls/pycryptoMod/lib/Crypto/Cipher/ChaCha20.pyi

@@ -1,25 +0,0 @@
-from typing import Union, overload
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-def _HChaCha20(key: Buffer, nonce: Buffer) -> bytearray: ...
-
-class ChaCha20Cipher:
-    block_size: int
-    nonce: bytes
-
-    def __init__(self, key: Buffer, nonce: Buffer) -> None: ...
-    @overload
-    def encrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-    @overload
-    def decrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-    def seek(self, position: int) -> None: ...
-
-def new(key: Buffer, nonce: Buffer = ...) -> ChaCha20Cipher: ...
-
-block_size: int
-key_size: int

tls/pycryptoMod/lib/Crypto/Cipher/ChaCha20_Poly1305.py

@@ -1,336 +0,0 @@
-# ===================================================================
-#
-# Copyright (c) 2018, Helder Eijs <helderijs@gmail.com>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# ===================================================================
-
-from binascii import unhexlify
-
-from tls.Crypto.Cipher import ChaCha20
-from tls.Crypto.Cipher.ChaCha20 import _HChaCha20
-from tls.Crypto.Hash import Poly1305, BLAKE2s
-
-from tls.Crypto.Random import get_random_bytes
-
-from tls.Crypto.Util.number import long_to_bytes
-from tls.Crypto.Util.py3compat import _copy_bytes, bord
-from tls.Crypto.Util._raw_api import is_buffer
-
-
-def _enum(**enums):
-    return type('Enum', (), enums)
-
-
-_CipherStatus = _enum(PROCESSING_AUTH_DATA=1,
-                      PROCESSING_CIPHERTEXT=2,
-                      PROCESSING_DONE=3)
-
-
-class ChaCha20Poly1305Cipher(object):
-    """ChaCha20-Poly1305 and XChaCha20-Poly1305 cipher object.
-    Do not create it directly. Use :py:func:`new` instead.
-
-    :var nonce: The nonce with length 8, 12 or 24 bytes
-    :vartype nonce: byte string
-    """
-
-    def __init__(self, key, nonce):
-        """Initialize a ChaCha20-Poly1305 AEAD cipher object
-
-        See also `new()` at the module level."""
-
-        self.nonce = _copy_bytes(None, None, nonce)
-
-        self._next = (self.update, self.encrypt, self.decrypt, self.digest,
-                      self.verify)
-
-        self._authenticator = Poly1305.new(key=key, nonce=nonce, cipher=ChaCha20)
-
-        self._cipher = ChaCha20.new(key=key, nonce=nonce)
-        self._cipher.seek(64)   # Block counter starts at 1
-
-        self._len_aad = 0
-        self._len_ct = 0
-        self._mac_tag = None
-        self._status = _CipherStatus.PROCESSING_AUTH_DATA
-
-    def update(self, data):
-        """Protect the associated data.
-
-        Associated data (also known as *additional authenticated data* - AAD)
-        is the piece of the message that must stay in the clear, while
-        still allowing the receiver to verify its integrity.
-        An example is packet headers.
-
-        The associated data (possibly split into multiple segments) is
-        fed into :meth:`update` before any call to :meth:`decrypt` or :meth:`encrypt`.
-        If there is no associated data, :meth:`update` is not called.
-
-        :param bytes/bytearray/memoryview assoc_data:
-            A piece of associated data. There are no restrictions on its size.
-        """
-
-        if self.update not in self._next:
-            raise TypeError("update() method cannot be called")
-
-        self._len_aad += len(data)
-        self._authenticator.update(data)
-
-    def _pad_aad(self):
-
-        assert(self._status == _CipherStatus.PROCESSING_AUTH_DATA)
-        if self._len_aad & 0x0F:
-            self._authenticator.update(b'\x00' * (16 - (self._len_aad & 0x0F)))
-        self._status = _CipherStatus.PROCESSING_CIPHERTEXT
-
-    def encrypt(self, plaintext, output=None):
-        """Encrypt a piece of data.
-
-        Args:
-          plaintext(bytes/bytearray/memoryview): The data to encrypt, of any size.
-        Keyword Args:
-          output(bytes/bytearray/memoryview): The location where the ciphertext
-            is written to. If ``None``, the ciphertext is returned.
-        Returns:
-          If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.encrypt not in self._next:
-            raise TypeError("encrypt() method cannot be called")
-
-        if self._status == _CipherStatus.PROCESSING_AUTH_DATA:
-            self._pad_aad()
-
-        self._next = (self.encrypt, self.digest)
-
-        result = self._cipher.encrypt(plaintext, output=output)
-        self._len_ct += len(plaintext)
-        if output is None:
-            self._authenticator.update(result)
-        else:
-            self._authenticator.update(output)
-        return result
-
-    def decrypt(self, ciphertext, output=None):
-        """Decrypt a piece of data.
-
-        Args:
-          ciphertext(bytes/bytearray/memoryview): The data to decrypt, of any size.
-        Keyword Args:
-          output(bytes/bytearray/memoryview): The location where the plaintext
-            is written to. If ``None``, the plaintext is returned.
-        Returns:
-          If ``output`` is ``None``, the plaintext is returned as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.decrypt not in self._next:
-            raise TypeError("decrypt() method cannot be called")
-
-        if self._status == _CipherStatus.PROCESSING_AUTH_DATA:
-            self._pad_aad()
-
-        self._next = (self.decrypt, self.verify)
-
-        self._len_ct += len(ciphertext)
-        self._authenticator.update(ciphertext)
-        return self._cipher.decrypt(ciphertext, output=output)
-
-    def _compute_mac(self):
-        """Finalize the cipher (if not done already) and return the MAC."""
-
-        if self._mac_tag:
-            assert(self._status == _CipherStatus.PROCESSING_DONE)
-            return self._mac_tag
-
-        assert(self._status != _CipherStatus.PROCESSING_DONE)
-
-        if self._status == _CipherStatus.PROCESSING_AUTH_DATA:
-            self._pad_aad()
-
-        if self._len_ct & 0x0F:
-            self._authenticator.update(b'\x00' * (16 - (self._len_ct & 0x0F)))
-
-        self._status = _CipherStatus.PROCESSING_DONE
-
-        self._authenticator.update(long_to_bytes(self._len_aad, 8)[::-1])
-        self._authenticator.update(long_to_bytes(self._len_ct, 8)[::-1])
-        self._mac_tag = self._authenticator.digest()
-        return self._mac_tag
-
-    def digest(self):
-        """Compute the *binary* authentication tag (MAC).
-
-        :Return: the MAC tag, as 16 ``bytes``.
-        """
-
-        if self.digest not in self._next:
-            raise TypeError("digest() method cannot be called")
-        self._next = (self.digest,)
-
-        return self._compute_mac()
-
-    def hexdigest(self):
-        """Compute the *printable* authentication tag (MAC).
-
-        This method is like :meth:`digest`.
-
-        :Return: the MAC tag, as a hexadecimal string.
-        """
-        return "".join(["%02x" % bord(x) for x in self.digest()])
-
-    def verify(self, received_mac_tag):
-        """Validate the *binary* authentication tag (MAC).
-
-        The receiver invokes this method at the very end, to
-        check if the associated data (if any) and the decrypted
-        messages are valid.
-
-        :param bytes/bytearray/memoryview received_mac_tag:
-            This is the 16-byte *binary* MAC, as received from the sender.
-        :Raises ValueError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        if self.verify not in self._next:
-            raise TypeError("verify() cannot be called"
-                            " when encrypting a message")
-        self._next = (self.verify,)
-
-        secret = get_random_bytes(16)
-
-        self._compute_mac()
-
-        mac1 = BLAKE2s.new(digest_bits=160, key=secret,
-                           data=self._mac_tag)
-        mac2 = BLAKE2s.new(digest_bits=160, key=secret,
-                           data=received_mac_tag)
-
-        if mac1.digest() != mac2.digest():
-            raise ValueError("MAC check failed")
-
-    def hexverify(self, hex_mac_tag):
-        """Validate the *printable* authentication tag (MAC).
-
-        This method is like :meth:`verify`.
-
-        :param string hex_mac_tag:
-            This is the *printable* MAC.
-        :Raises ValueError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        self.verify(unhexlify(hex_mac_tag))
-
-    def encrypt_and_digest(self, plaintext):
-        """Perform :meth:`encrypt` and :meth:`digest` in one step.
-
-        :param plaintext: The data to encrypt, of any size.
-        :type plaintext: bytes/bytearray/memoryview
-        :return: a tuple with two ``bytes`` objects:
-
-            - the ciphertext, of equal length as the plaintext
-            - the 16-byte MAC tag
-        """
-
-        return self.encrypt(plaintext), self.digest()
-
-    def decrypt_and_verify(self, ciphertext, received_mac_tag):
-        """Perform :meth:`decrypt` and :meth:`verify` in one step.
-
-        :param ciphertext: The piece of data to decrypt.
-        :type ciphertext: bytes/bytearray/memoryview
-        :param bytes received_mac_tag:
-            This is the 16-byte *binary* MAC, as received from the sender.
-        :return: the decrypted data (as ``bytes``)
-        :raises ValueError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        plaintext = self.decrypt(ciphertext)
-        self.verify(received_mac_tag)
-        return plaintext
-
-
-def new(**kwargs):
-    """Create a new ChaCha20-Poly1305 or XChaCha20-Poly1305 AEAD cipher.
-
-    :keyword key: The secret key to use. It must be 32 bytes long.
-    :type key: byte string
-
-    :keyword nonce:
-        A value that must never be reused for any other encryption
-        done with this key.
-
-        For ChaCha20-Poly1305, it must be 8 or 12 bytes long.
-
-        For XChaCha20-Poly1305, it must be 24 bytes long.
-
-        If not provided, 12 ``bytes`` will be generated randomly
-        (you can find them back in the ``nonce`` attribute).
-    :type nonce: bytes, bytearray, memoryview
-
-    :Return: a :class:`Crypto.Cipher.ChaCha20.ChaCha20Poly1305Cipher` object
-    """
-
-    try:
-        key = kwargs.pop("key")
-    except KeyError as e:
-        raise TypeError("Missing parameter %s" % e)
-
-        self._len_ct += len(plaintext)
-
-    if len(key) != 32:
-        raise ValueError("Key must be 32 bytes long")
-
-    nonce = kwargs.pop("nonce", None)
-    if nonce is None:
-        nonce = get_random_bytes(12)
-
-    if len(nonce) in (8, 12):
-        pass
-    elif len(nonce) == 24:
-        key = _HChaCha20(key, nonce[:16])
-        nonce = b'\x00\x00\x00\x00' + nonce[16:]
-    else:
-        raise ValueError("Nonce must be 8, 12 or 24 bytes long")
-
-    if not is_buffer(nonce):
-        raise TypeError("nonce must be bytes, bytearray or memoryview")
-
-    if kwargs:
-        raise TypeError("Unknown parameters: " + str(kwargs))
-
-    return ChaCha20Poly1305Cipher(key, nonce)
-
-
-# Size of a key (in bytes)
-key_size = 32

tls/pycryptoMod/lib/Crypto/Cipher/ChaCha20_Poly1305.pyi

@@ -1,28 +0,0 @@
-from typing import Union, Tuple, overload
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-class ChaCha20Poly1305Cipher:
-    nonce: bytes
-
-    def __init__(self, key: Buffer, nonce: Buffer) -> None: ...
-    def update(self, data: Buffer) -> None: ...
-    @overload
-    def encrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-    @overload
-    def decrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-    def digest(self) -> bytes: ...
-    def hexdigest(self) -> str: ...
-    def verify(self, received_mac_tag: Buffer) -> None: ...
-    def hexverify(self, received_mac_tag: str) -> None: ...
-    def encrypt_and_digest(self, plaintext: Buffer) -> Tuple[bytes, bytes]: ...
-    def decrypt_and_verify(self, ciphertext: Buffer, received_mac_tag: Buffer) -> bytes: ...
-
-def new(key: Buffer, nonce: Buffer = ...) -> ChaCha20Poly1305Cipher: ...
-
-block_size: int
-key_size: int

tls/pycryptoMod/lib/Crypto/Cipher/DES.py

@@ -1,158 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-#  Cipher/DES.py : DES
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain.  To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-"""
-Module's constants for the modes of operation supported with Single DES:
-
-:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>`
-:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>`
-:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>`
-:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>`
-:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>`
-:var MODE_OPENPGP:  :ref:`OpenPGP Mode <openpgp_mode>`
-:var MODE_EAX: :ref:`EAX Mode <eax_mode>`
-"""
-
-import sys
-
-from tls.Crypto.Cipher import _create_cipher
-from tls.Crypto.Util.py3compat import byte_string
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
-                                  VoidPointer, SmartPointer,
-                                  c_size_t, c_uint8_ptr)
-
-_raw_des_lib = load_pycryptodome_raw_lib(
-                "Crypto.Cipher._raw_des",
-                """
-                int DES_start_operation(const uint8_t key[],
-                                        size_t key_len,
-                                        void **pResult);
-                int DES_encrypt(const void *state,
-                                const uint8_t *in,
-                                uint8_t *out,
-                                size_t data_len);
-                int DES_decrypt(const void *state,
-                                const uint8_t *in,
-                                uint8_t *out,
-                                size_t data_len);
-                int DES_stop_operation(void *state);
-                """)
-
-
-def _create_base_cipher(dict_parameters):
-    """This method instantiates and returns a handle to a low-level
-    base cipher. It will absorb named parameters in the process."""
-
-    try:
-        key = dict_parameters.pop("key")
-    except KeyError:
-        raise TypeError("Missing 'key' parameter")
-
-    if len(key) != key_size:
-        raise ValueError("Incorrect DES key length (%d bytes)" % len(key))
-
-    start_operation = _raw_des_lib.DES_start_operation
-    stop_operation = _raw_des_lib.DES_stop_operation
-
-    cipher = VoidPointer()
-    result = start_operation(c_uint8_ptr(key),
-                             c_size_t(len(key)),
-                             cipher.address_of())
-    if result:
-        raise ValueError("Error %X while instantiating the DES cipher"
-                         % result)
-    return SmartPointer(cipher.get(), stop_operation)
-
-
-def new(key, mode, *args, **kwargs):
-    """Create a new DES cipher.
-
-    :param key:
-        The secret key to use in the symmetric cipher.
-        It must be 8 byte long. The parity bits will be ignored.
-    :type key: bytes/bytearray/memoryview
-
-    :param mode:
-        The chaining mode to use for encryption or decryption.
-    :type mode: One of the supported ``MODE_*`` constants
-
-    :Keyword Arguments:
-        *   **iv** (*byte string*) --
-            (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``,
-            and ``MODE_OPENPGP`` modes).
-
-            The initialization vector to use for encryption or decryption.
-
-            For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 8 bytes long.
-
-            For ``MODE_OPENPGP`` mode only,
-            it must be 8 bytes long for encryption
-            and 10 bytes for decryption (in the latter case, it is
-            actually the *encrypted* IV which was prefixed to the ciphertext).
-
-            If not provided, a random byte string is generated (you must then
-            read its value with the :attr:`iv` attribute).
-
-        *   **nonce** (*byte string*) --
-            (Only applicable for ``MODE_EAX`` and ``MODE_CTR``).
-
-            A value that must never be reused for any other encryption done
-            with this key.
-
-            For ``MODE_EAX`` there are no
-            restrictions on its length (recommended: **16** bytes).
-
-            For ``MODE_CTR``, its length must be in the range **[0..7]**.
-
-            If not provided for ``MODE_EAX``, a random byte string is generated (you
-            can read it back via the ``nonce`` attribute).
-
-        *   **segment_size** (*integer*) --
-            (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext
-            are segmented in. It must be a multiple of 8.
-            If not specified, it will be assumed to be 8.
-
-        *   **mac_len** : (*integer*) --
-            (Only ``MODE_EAX``)
-            Length of the authentication tag, in bytes.
-            It must be no longer than 8 (default).
-
-        *   **initial_value** : (*integer*) --
-            (Only ``MODE_CTR``). The initial value for the counter within
-            the counter block. By default it is **0**.
-
-    :Return: a DES object, of the applicable mode.
-    """
-
-    return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs)
-
-MODE_ECB = 1
-MODE_CBC = 2
-MODE_CFB = 3
-MODE_OFB = 5
-MODE_CTR = 6
-MODE_OPENPGP = 7
-MODE_EAX = 9
-
-# Size of a data block (in bytes)
-block_size = 8
-# Size of a key (in bytes)
-key_size = 8

tls/pycryptoMod/lib/Crypto/Cipher/DES.pyi

@@ -1,35 +0,0 @@
-from typing import Union, Dict, Iterable
-
-from tls.Crypto.Cipher._mode_ecb import EcbMode
-from tls.Crypto.Cipher._mode_cbc import CbcMode
-from tls.Crypto.Cipher._mode_cfb import CfbMode
-from tls.Crypto.Cipher._mode_ofb import OfbMode
-from tls.Crypto.Cipher._mode_ctr import CtrMode
-from tls.Crypto.Cipher._mode_openpgp import OpenPgpMode
-from tls.Crypto.Cipher._mode_eax import EaxMode
-
-DESMode = int
-
-MODE_ECB: DESMode
-MODE_CBC: DESMode
-MODE_CFB: DESMode
-MODE_OFB: DESMode
-MODE_CTR: DESMode
-MODE_OPENPGP: DESMode
-MODE_EAX: DESMode
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-def new(key: Buffer,
-        mode: DESMode,
-        iv : Buffer = ...,
-        IV : Buffer = ...,
-        nonce : Buffer = ...,
-        segment_size : int = ...,
-        mac_len : int = ...,
-        initial_value : Union[int, Buffer] = ...,
-        counter : Dict = ...) -> \
-        Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: ...
-
-block_size: int
-key_size: int

tls/pycryptoMod/lib/Crypto/Cipher/DES3.py

@@ -1,187 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-#  Cipher/DES3.py : DES3
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain.  To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-"""
-Module's constants for the modes of operation supported with Triple DES:
-
-:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>`
-:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>`
-:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>`
-:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>`
-:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>`
-:var MODE_OPENPGP:  :ref:`OpenPGP Mode <openpgp_mode>`
-:var MODE_EAX: :ref:`EAX Mode <eax_mode>`
-"""
-
-import sys
-
-from tls.Crypto.Cipher import _create_cipher
-from tls.Crypto.Util.py3compat import byte_string, bchr, bord, bstr
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
-                                  VoidPointer, SmartPointer,
-                                  c_size_t)
-
-_raw_des3_lib = load_pycryptodome_raw_lib(
-                    "Crypto.Cipher._raw_des3",
-                    """
-                    int DES3_start_operation(const uint8_t key[],
-                                             size_t key_len,
-                                             void **pResult);
-                    int DES3_encrypt(const void *state,
-                                     const uint8_t *in,
-                                     uint8_t *out,
-                                     size_t data_len);
-                    int DES3_decrypt(const void *state,
-                                     const uint8_t *in,
-                                     uint8_t *out,
-                                     size_t data_len);
-                    int DES3_stop_operation(void *state);
-                    """)
-
-
-def adjust_key_parity(key_in):
-    """Set the parity bits in a TDES key.
-
-    :param key_in: the TDES key whose bits need to be adjusted
-    :type key_in: byte string
-
-    :returns: a copy of ``key_in``, with the parity bits correctly set
-    :rtype: byte string
-
-    :raises ValueError: if the TDES key is not 16 or 24 bytes long
-    :raises ValueError: if the TDES key degenerates into Single DES
-    """
-
-    def parity_byte(key_byte):
-        parity = 1
-        for i in range(1, 8):
-            parity ^= (key_byte >> i) & 1
-        return (key_byte & 0xFE) | parity
-
-    if len(key_in) not in key_size:
-        raise ValueError("Not a valid TDES key")
-
-    key_out = b"".join([ bchr(parity_byte(bord(x))) for x in key_in ])
-
-    if key_out[:8] == key_out[8:16] or key_out[-16:-8] == key_out[-8:]:
-        raise ValueError("Triple DES key degenerates to single DES")
-
-    return key_out
-
-
-def _create_base_cipher(dict_parameters):
-    """This method instantiates and returns a handle to a low-level base cipher.
-    It will absorb named parameters in the process."""
-
-    try:
-        key_in = dict_parameters.pop("key")
-    except KeyError:
-        raise TypeError("Missing 'key' parameter")
-
-    key = adjust_key_parity(bstr(key_in))
-
-    start_operation = _raw_des3_lib.DES3_start_operation
-    stop_operation = _raw_des3_lib.DES3_stop_operation
-
-    cipher = VoidPointer()
-    result = start_operation(key,
-                             c_size_t(len(key)),
-                             cipher.address_of())
-    if result:
-        raise ValueError("Error %X while instantiating the TDES cipher"
-                         % result)
-    return SmartPointer(cipher.get(), stop_operation)
-
-
-def new(key, mode, *args, **kwargs):
-    """Create a new Triple DES cipher.
-
-    :param key:
-        The secret key to use in the symmetric cipher.
-        It must be 16 or 24 byte long. The parity bits will be ignored.
-    :type key: bytes/bytearray/memoryview
-
-    :param mode:
-        The chaining mode to use for encryption or decryption.
-    :type mode: One of the supported ``MODE_*`` constants
-
-    :Keyword Arguments:
-        *   **iv** (*bytes*, *bytearray*, *memoryview*) --
-            (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``,
-            and ``MODE_OPENPGP`` modes).
-
-            The initialization vector to use for encryption or decryption.
-
-            For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 8 bytes long.
-
-            For ``MODE_OPENPGP`` mode only,
-            it must be 8 bytes long for encryption
-            and 10 bytes for decryption (in the latter case, it is
-            actually the *encrypted* IV which was prefixed to the ciphertext).
-
-            If not provided, a random byte string is generated (you must then
-            read its value with the :attr:`iv` attribute).
-
-        *   **nonce** (*bytes*, *bytearray*, *memoryview*) --
-            (Only applicable for ``MODE_EAX`` and ``MODE_CTR``).
-
-            A value that must never be reused for any other encryption done
-            with this key.
-
-            For ``MODE_EAX`` there are no
-            restrictions on its length (recommended: **16** bytes).
-
-            For ``MODE_CTR``, its length must be in the range **[0..7]**.
-
-            If not provided for ``MODE_EAX``, a random byte string is generated (you
-            can read it back via the ``nonce`` attribute).
-
-        *   **segment_size** (*integer*) --
-            (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext
-            are segmented in. It must be a multiple of 8.
-            If not specified, it will be assumed to be 8.
-
-        *   **mac_len** : (*integer*) --
-            (Only ``MODE_EAX``)
-            Length of the authentication tag, in bytes.
-            It must be no longer than 8 (default).
-
-        *   **initial_value** : (*integer*) --
-            (Only ``MODE_CTR``). The initial value for the counter within
-            the counter block. By default it is **0**.
-
-    :Return: a Triple DES object, of the applicable mode.
-    """
-
-    return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs)
-
-MODE_ECB = 1
-MODE_CBC = 2
-MODE_CFB = 3
-MODE_OFB = 5
-MODE_CTR = 6
-MODE_OPENPGP = 7
-MODE_EAX = 9
-
-# Size of a data block (in bytes)
-block_size = 8
-# Size of a key (in bytes)
-key_size = (16, 24)

tls/pycryptoMod/lib/Crypto/Cipher/DES3.pyi

@@ -1,37 +0,0 @@
-from typing import Union, Dict, Tuple
-
-from tls.Crypto.Cipher._mode_ecb import EcbMode
-from tls.Crypto.Cipher._mode_cbc import CbcMode
-from tls.Crypto.Cipher._mode_cfb import CfbMode
-from tls.Crypto.Cipher._mode_ofb import OfbMode
-from tls.Crypto.Cipher._mode_ctr import CtrMode
-from tls.Crypto.Cipher._mode_openpgp import OpenPgpMode
-from tls.Crypto.Cipher._mode_eax import EaxMode
-
-def adjust_key_parity(key_in: bytes) -> bytes: ...
-
-DES3Mode = int
-
-MODE_ECB: DES3Mode
-MODE_CBC: DES3Mode
-MODE_CFB: DES3Mode
-MODE_OFB: DES3Mode
-MODE_CTR: DES3Mode
-MODE_OPENPGP: DES3Mode
-MODE_EAX: DES3Mode
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-def new(key: Buffer,
-        mode: DES3Mode,
-        iv : Buffer = ...,
-        IV : Buffer = ...,
-        nonce : Buffer = ...,
-        segment_size : int = ...,
-        mac_len : int = ...,
-        initial_value : Union[int, Buffer] = ...,
-        counter : Dict = ...) -> \
-        Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: ...
-
-block_size: int
-key_size: Tuple[int, int]

tls/pycryptoMod/lib/Crypto/Cipher/PKCS1_OAEP.py

@@ -1,239 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-#  Cipher/PKCS1_OAEP.py : PKCS#1 OAEP
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain.  To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-
-from tls.Crypto.Signature.pss import MGF1
-import Crypto.Hash.SHA1
-
-from tls.Crypto.Util.py3compat import bord, _copy_bytes
-import Crypto.Util.number
-from   Crypto.Util.number import ceil_div, bytes_to_long, long_to_bytes
-from   Crypto.Util.strxor import strxor
-from tls.Crypto import Random
-
-class PKCS1OAEP_Cipher:
-    """Cipher object for PKCS#1 v1.5 OAEP.
-    Do not create directly: use :func:`new` instead."""
-
-    def __init__(self, key, hashAlgo, mgfunc, label, randfunc):
-        """Initialize this PKCS#1 OAEP cipher object.
-
-        :Parameters:
-         key : an RSA key object
-                If a private half is given, both encryption and decryption are possible.
-                If a public half is given, only encryption is possible.
-         hashAlgo : hash object
-                The hash function to use. This can be a module under `Crypto.Hash`
-                or an existing hash object created from any of such modules. If not specified,
-                `Crypto.Hash.SHA1` is used.
-         mgfunc : callable
-                A mask generation function that accepts two parameters: a string to
-                use as seed, and the lenth of the mask to generate, in bytes.
-                If not specified, the standard MGF1 consistent with ``hashAlgo`` is used (a safe choice).
-         label : bytes/bytearray/memoryview
-                A label to apply to this particular encryption. If not specified,
-                an empty string is used. Specifying a label does not improve
-                security.
-         randfunc : callable
-                A function that returns random bytes.
-
-        :attention: Modify the mask generation function only if you know what you are doing.
-                    Sender and receiver must use the same one.
-        """
-        self._key = key
-
-        if hashAlgo:
-            self._hashObj = hashAlgo
-        else:
-            self._hashObj = Crypto.Hash.SHA1
-
-        if mgfunc:
-            self._mgf = mgfunc
-        else:
-            self._mgf = lambda x,y: MGF1(x,y,self._hashObj)
-
-        self._label = _copy_bytes(None, None, label)
-        self._randfunc = randfunc
-
-    def can_encrypt(self):
-        """Legacy function to check if you can call :meth:`encrypt`.
-
-        .. deprecated:: 3.0"""
-        return self._key.can_encrypt()
-
-    def can_decrypt(self):
-        """Legacy function to check if you can call :meth:`decrypt`.
-
-        .. deprecated:: 3.0"""
-        return self._key.can_decrypt()
-
-    def encrypt(self, message):
-        """Encrypt a message with PKCS#1 OAEP.
-
-        :param message:
-            The message to encrypt, also known as plaintext. It can be of
-            variable length, but not longer than the RSA modulus (in bytes)
-            minus 2, minus twice the hash output size.
-            For instance, if you use RSA 2048 and SHA-256, the longest message
-            you can encrypt is 190 byte long.
-        :type message: bytes/bytearray/memoryview
-
-        :returns: The ciphertext, as large as the RSA modulus.
-        :rtype: bytes
-
-        :raises ValueError:
-            if the message is too long.
-        """
-
-        # See 7.1.1 in RFC3447
-        modBits = Crypto.Util.number.size(self._key.n)
-        k = ceil_div(modBits, 8) # Convert from bits to bytes
-        hLen = self._hashObj.digest_size
-        mLen = len(message)
-
-        # Step 1b
-        ps_len = k - mLen - 2 * hLen - 2
-        if ps_len < 0:
-            raise ValueError("Plaintext is too long.")
-        # Step 2a
-        lHash = self._hashObj.new(self._label).digest()
-        # Step 2b
-        ps = b'\x00' * ps_len
-        # Step 2c
-        db = lHash + ps + b'\x01' + _copy_bytes(None, None, message)
-        # Step 2d
-        ros = self._randfunc(hLen)
-        # Step 2e
-        dbMask = self._mgf(ros, k-hLen-1)
-        # Step 2f
-        maskedDB = strxor(db, dbMask)
-        # Step 2g
-        seedMask = self._mgf(maskedDB, hLen)
-        # Step 2h
-        maskedSeed = strxor(ros, seedMask)
-        # Step 2i
-        em = b'\x00' + maskedSeed + maskedDB
-        # Step 3a (OS2IP)
-        em_int = bytes_to_long(em)
-        # Step 3b (RSAEP)
-        m_int = self._key._encrypt(em_int)
-        # Step 3c (I2OSP)
-        c = long_to_bytes(m_int, k)
-        return c
-
-    def decrypt(self, ciphertext):
-        """Decrypt a message with PKCS#1 OAEP.
-
-        :param ciphertext: The encrypted message.
-        :type ciphertext: bytes/bytearray/memoryview
-
-        :returns: The original message (plaintext).
-        :rtype: bytes
-
-        :raises ValueError:
-            if the ciphertext has the wrong length, or if decryption
-            fails the integrity check (in which case, the decryption
-            key is probably wrong).
-        :raises TypeError:
-            if the RSA key has no private half (i.e. you are trying
-            to decrypt using a public key).
-        """
-
-        # See 7.1.2 in RFC3447
-        modBits = Crypto.Util.number.size(self._key.n)
-        k = ceil_div(modBits,8) # Convert from bits to bytes
-        hLen = self._hashObj.digest_size
-
-        # Step 1b and 1c
-        if len(ciphertext) != k or k<hLen+2:
-            raise ValueError("Ciphertext with incorrect length.")
-        # Step 2a (O2SIP)
-        ct_int = bytes_to_long(ciphertext)
-        # Step 2b (RSADP)
-        m_int = self._key._decrypt(ct_int)
-        # Complete step 2c (I2OSP)
-        em = long_to_bytes(m_int, k)
-        # Step 3a
-        lHash = self._hashObj.new(self._label).digest()
-        # Step 3b
-        y = em[0]
-        # y must be 0, but we MUST NOT check it here in order not to
-        # allow attacks like Manger's (http://dl.acm.org/citation.cfm?id=704143)
-        maskedSeed = em[1:hLen+1]
-        maskedDB = em[hLen+1:]
-        # Step 3c
-        seedMask = self._mgf(maskedDB, hLen)
-        # Step 3d
-        seed = strxor(maskedSeed, seedMask)
-        # Step 3e
-        dbMask = self._mgf(seed, k-hLen-1)
-        # Step 3f
-        db = strxor(maskedDB, dbMask)
-        # Step 3g
-        one_pos = db[hLen:].find(b'\x01')
-        lHash1 = db[:hLen]
-        invalid = bord(y) | int(one_pos < 0)
-        hash_compare = strxor(lHash1, lHash)
-        for x in hash_compare:
-            invalid |= bord(x)
-        for x in db[hLen:one_pos]:
-            invalid |= bord(x)
-        if invalid != 0:
-            raise ValueError("Incorrect decryption.")
-        # Step 4
-        return db[hLen + one_pos + 1:]
-
-def new(key, hashAlgo=None, mgfunc=None, label=b'', randfunc=None):
-    """Return a cipher object :class:`PKCS1OAEP_Cipher` that can be used to perform PKCS#1 OAEP encryption or decryption.
-
-    :param key:
-      The key object to use to encrypt or decrypt the message.
-      Decryption is only possible with a private RSA key.
-    :type key: RSA key object
-
-    :param hashAlgo:
-      The hash function to use. This can be a module under `Crypto.Hash`
-      or an existing hash object created from any of such modules.
-      If not specified, `Crypto.Hash.SHA1` is used.
-    :type hashAlgo: hash object
-
-    :param mgfunc:
-      A mask generation function that accepts two parameters: a string to
-      use as seed, and the lenth of the mask to generate, in bytes.
-      If not specified, the standard MGF1 consistent with ``hashAlgo`` is used (a safe choice).
-    :type mgfunc: callable
-
-    :param label:
-      A label to apply to this particular encryption. If not specified,
-      an empty string is used. Specifying a label does not improve
-      security.
-    :type label: bytes/bytearray/memoryview
-
-    :param randfunc:
-      A function that returns random bytes.
-      The default is `Random.get_random_bytes`.
-    :type randfunc: callable
-    """
-
-    if randfunc is None:
-        randfunc = Random.get_random_bytes
-    return PKCS1OAEP_Cipher(key, hashAlgo, mgfunc, label, randfunc)
-

tls/pycryptoMod/lib/Crypto/Cipher/PKCS1_OAEP.pyi

@@ -1,35 +0,0 @@
-from typing import Optional, Union, Callable, Any, overload
-from typing_extensions import Protocol
-
-from tls.Crypto.PublicKey.RSA import RsaKey
-
-class HashLikeClass(Protocol):
-    digest_size : int
-    def new(self, data: Optional[bytes] = ...) -> Any: ...
-
-class HashLikeModule(Protocol):
-    digest_size : int
-    @staticmethod
-    def new(data: Optional[bytes] = ...) -> Any: ...
-
-HashLike = Union[HashLikeClass, HashLikeModule]
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-class PKCS1OAEP_Cipher:
-    def __init__(self,
-                 key: RsaKey,
-                 hashAlgo: HashLike,
-                 mgfunc: Callable[[bytes, int], bytes],
-                 label: Buffer,
-                 randfunc: Callable[[int], bytes]) -> None: ...
-    def can_encrypt(self) -> bool: ...
-    def can_decrypt(self) -> bool: ...
-    def encrypt(self, message: Buffer) -> bytes: ...
-    def decrypt(self, ciphertext: Buffer) -> bytes: ...
-
-def new(key: RsaKey,
-        hashAlgo: Optional[HashLike] = ...,
-        mgfunc: Optional[Callable[[bytes, int], bytes]] = ...,
-        label: Optional[Buffer] = ...,
-        randfunc: Optional[Callable[[int], bytes]] = ...) -> PKCS1OAEP_Cipher: ...

tls/pycryptoMod/lib/Crypto/Cipher/PKCS1_v1_5.py

@@ -1,199 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-#  Cipher/PKCS1-v1_5.py : PKCS#1 v1.5
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain.  To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-
-__all__ = [ 'new', 'PKCS115_Cipher' ]
-
-from tls.Crypto.Util.number import ceil_div, bytes_to_long, long_to_bytes
-from tls.Crypto.Util.py3compat import bord, _copy_bytes
-import Crypto.Util.number
-from tls.Crypto import Random
-
-class PKCS115_Cipher:
-    """This cipher can perform PKCS#1 v1.5 RSA encryption or decryption.
-    Do not instantiate directly. Use :func:`Crypto.Cipher.PKCS1_v1_5.new` instead."""
-
-    def __init__(self, key, randfunc):
-        """Initialize this PKCS#1 v1.5 cipher object.
-
-        :Parameters:
-         key : an RSA key object
-          If a private half is given, both encryption and decryption are possible.
-          If a public half is given, only encryption is possible.
-         randfunc : callable
-          Function that returns random bytes.
-        """
-
-        self._key = key
-        self._randfunc = randfunc
-
-    def can_encrypt(self):
-        """Return True if this cipher object can be used for encryption."""
-        return self._key.can_encrypt()
-
-    def can_decrypt(self):
-        """Return True if this cipher object can be used for decryption."""
-        return self._key.can_decrypt()
-
-    def encrypt(self, message):
-        """Produce the PKCS#1 v1.5 encryption of a message.
-
-        This function is named ``RSAES-PKCS1-V1_5-ENCRYPT``, and it is specified in
-        `section 7.2.1 of RFC8017
-        <https://tools.ietf.org/html/rfc8017#page-28>`_.
-
-        :param message:
-            The message to encrypt, also known as plaintext. It can be of
-            variable length, but not longer than the RSA modulus (in bytes) minus 11.
-        :type message: bytes/bytearray/memoryview
-
-        :Returns: A byte string, the ciphertext in which the message is encrypted.
-            It is as long as the RSA modulus (in bytes).
-
-        :Raises ValueError:
-            If the RSA key length is not sufficiently long to deal with the given
-            message.
-        """
-
-        # See 7.2.1 in RFC8017
-        modBits = Crypto.Util.number.size(self._key.n)
-        k = ceil_div(modBits,8) # Convert from bits to bytes
-        mLen = len(message)
-
-        # Step 1
-        if mLen > k - 11:
-            raise ValueError("Plaintext is too long.")
-        # Step 2a
-        ps = []
-        while len(ps) != k - mLen - 3:
-            new_byte = self._randfunc(1)
-            if bord(new_byte[0]) == 0x00:
-                continue
-            ps.append(new_byte)
-        ps = b"".join(ps)
-        assert(len(ps) == k - mLen - 3)
-        # Step 2b
-        em = b'\x00\x02' + ps + b'\x00' + _copy_bytes(None, None, message)
-        # Step 3a (OS2IP)
-        em_int = bytes_to_long(em)
-        # Step 3b (RSAEP)
-        m_int = self._key._encrypt(em_int)
-        # Step 3c (I2OSP)
-        c = long_to_bytes(m_int, k)
-        return c
-
-    def decrypt(self, ciphertext, sentinel):
-        r"""Decrypt a PKCS#1 v1.5 ciphertext.
-
-        This function is named ``RSAES-PKCS1-V1_5-DECRYPT``, and is specified in
-        `section 7.2.2 of RFC8017
-        <https://tools.ietf.org/html/rfc8017#page-29>`_.
-
-        :param ciphertext:
-            The ciphertext that contains the message to recover.
-        :type ciphertext: bytes/bytearray/memoryview
-
-        :param sentinel:
-            The object to return whenever an error is detected.
-        :type sentinel: any type
-
-        :Returns: A byte string. It is either the original message or the ``sentinel`` (in case of an error).
-
-        :Raises ValueError:
-            If the ciphertext length is incorrect
-        :Raises TypeError:
-            If the RSA key has no private half (i.e. it cannot be used for
-            decyption).
-
-        .. warning::
-            You should **never** let the party who submitted the ciphertext know that
-            this function returned the ``sentinel`` value.
-            Armed with such knowledge (for a fair amount of carefully crafted but invalid ciphertexts),
-            an attacker is able to recontruct the plaintext of any other encryption that were carried out
-            with the same RSA public key (see `Bleichenbacher's`__ attack).
-
-            In general, it should not be possible for the other party to distinguish
-            whether processing at the server side failed because the value returned
-            was a ``sentinel`` as opposed to a random, invalid message.
-
-            In fact, the second option is not that unlikely: encryption done according to PKCS#1 v1.5
-            embeds no good integrity check. There is roughly one chance
-            in 2\ :sup:`16` for a random ciphertext to be returned as a valid message
-            (although random looking).
-
-            It is therefore advisabled to:
-
-            1. Select as ``sentinel`` a value that resembles a plausable random, invalid message.
-            2. Not report back an error as soon as you detect a ``sentinel`` value.
-               Put differently, you should not explicitly check if the returned value is the ``sentinel`` or not.
-            3. Cover all possible errors with a single, generic error indicator.
-            4. Embed into the definition of ``message`` (at the protocol level) a digest (e.g. ``SHA-1``).
-               It is recommended for it to be the rightmost part ``message``.
-            5. Where possible, monitor the number of errors due to ciphertexts originating from the same party,
-               and slow down the rate of the requests from such party (or even blacklist it altogether).
-
-            **If you are designing a new protocol, consider using the more robust PKCS#1 OAEP.**
-
-            .. __: http://www.bell-labs.com/user/bleichen/papers/pkcs.ps
-
-        """
-
-        # See 7.2.1 in RFC3447
-        modBits = Crypto.Util.number.size(self._key.n)
-        k = ceil_div(modBits,8) # Convert from bits to bytes
-
-        # Step 1
-        if len(ciphertext) != k:
-            raise ValueError("Ciphertext with incorrect length.")
-        # Step 2a (O2SIP)
-        ct_int = bytes_to_long(ciphertext)
-        # Step 2b (RSADP)
-        m_int = self._key._decrypt(ct_int)
-        # Complete step 2c (I2OSP)
-        em = long_to_bytes(m_int, k)
-        # Step 3
-        sep = em.find(b'\x00', 2)
-        if  not em.startswith(b'\x00\x02') or sep < 10:
-            return sentinel
-        # Step 4
-        return em[sep + 1:]
-
-
-def new(key, randfunc=None):
-    """Create a cipher for performing PKCS#1 v1.5 encryption or decryption.
-
-    :param key:
-      The key to use to encrypt or decrypt the message. This is a `Crypto.PublicKey.RSA` object.
-      Decryption is only possible if *key* is a private RSA key.
-    :type key: RSA key object
-
-    :param randfunc:
-      Function that return random bytes.
-      The default is :func:`Crypto.Random.get_random_bytes`.
-    :type randfunc: callable
-
-    :returns: A cipher object `PKCS115_Cipher`.
-    """
-
-    if randfunc is None:
-        randfunc = Random.get_random_bytes
-    return PKCS115_Cipher(key, randfunc)
-

tls/pycryptoMod/lib/Crypto/Cipher/PKCS1_v1_5.pyi

@@ -1,17 +0,0 @@
-from typing import Callable, Union, Any, Optional
-
-from tls.Crypto.PublicKey.RSA import RsaKey
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-class PKCS115_Cipher:
-    def __init__(self,
-                 key: RsaKey,
-                 randfunc: Callable[[int], bytes]) -> None: ...
-    def can_encrypt(self) -> bool: ...
-    def can_decrypt(self) -> bool: ...
-    def encrypt(self, message: Buffer) -> bytes: ...
-    def decrypt(self, ciphertext: Buffer) -> bytes: ...
-
-def new(key: Buffer,
-        randfunc: Optional[Callable[[int], bytes]] = ...) -> PKCS115_Cipher: ...

tls/pycryptoMod/lib/Crypto/Cipher/Salsa20.py

@@ -1,167 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-# Cipher/Salsa20.py : Salsa20 stream cipher (http://cr.yp.to/snuffle.html)
-#
-# Contributed by Fabrizio Tarizzo <fabrizio@fabriziotarizzo.org>.
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain.  To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-
-from tls.Crypto.Util.py3compat import _copy_bytes
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
-                                  create_string_buffer,
-                                  get_raw_buffer, VoidPointer,
-                                  SmartPointer, c_size_t,
-                                  c_uint8_ptr, is_writeable_buffer)
-
-from tls.Crypto.Random import get_random_bytes
-
-_raw_salsa20_lib = load_pycryptodome_raw_lib("Crypto.Cipher._Salsa20",
-                    """
-                    int Salsa20_stream_init(uint8_t *key, size_t keylen,
-                                            uint8_t *nonce, size_t nonce_len,
-                                            void **pSalsaState);
-                    int Salsa20_stream_destroy(void *salsaState);
-                    int Salsa20_stream_encrypt(void *salsaState,
-                                               const uint8_t in[],
-                                               uint8_t out[], size_t len);
-                    """)
-
-
-class Salsa20Cipher:
-    """Salsa20 cipher object. Do not create it directly. Use :py:func:`new`
-    instead.
-
-    :var nonce: The nonce with length 8
-    :vartype nonce: byte string
-    """
-
-    def __init__(self, key, nonce):
-        """Initialize a Salsa20 cipher object
-
-        See also `new()` at the module level."""
-
-        if len(key) not in key_size:
-            raise ValueError("Incorrect key length for Salsa20 (%d bytes)" % len(key))
-
-        if len(nonce) != 8:
-            raise ValueError("Incorrect nonce length for Salsa20 (%d bytes)" %
-                             len(nonce))
-
-        self.nonce = _copy_bytes(None, None, nonce)
-
-        self._state = VoidPointer()
-        result = _raw_salsa20_lib.Salsa20_stream_init(
-                        c_uint8_ptr(key),
-                        c_size_t(len(key)),
-                        c_uint8_ptr(nonce),
-                        c_size_t(len(nonce)),
-                        self._state.address_of())
-        if result:
-            raise ValueError("Error %d instantiating a Salsa20 cipher")
-        self._state = SmartPointer(self._state.get(),
-                                   _raw_salsa20_lib.Salsa20_stream_destroy)
-
-        self.block_size = 1
-        self.key_size = len(key)
-
-    def encrypt(self, plaintext, output=None):
-        """Encrypt a piece of data.
-
-        Args:
-          plaintext(bytes/bytearray/memoryview): The data to encrypt, of any size.
-        Keyword Args:
-          output(bytes/bytearray/memoryview): The location where the ciphertext
-            is written to. If ``None``, the ciphertext is returned.
-        Returns:
-          If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
-          Otherwise, ``None``.
-        """
-        
-        if output is None:
-            ciphertext = create_string_buffer(len(plaintext))
-        else:
-            ciphertext = output
-           
-            if not is_writeable_buffer(output):
-                raise TypeError("output must be a bytearray or a writeable memoryview")
-        
-            if len(plaintext) != len(output):
-                raise ValueError("output must have the same length as the input"
-                                 "  (%d bytes)" % len(plaintext))
-
-        result = _raw_salsa20_lib.Salsa20_stream_encrypt(
-                                         self._state.get(),
-                                         c_uint8_ptr(plaintext),
-                                         c_uint8_ptr(ciphertext),
-                                         c_size_t(len(plaintext)))
-        if result:
-            raise ValueError("Error %d while encrypting with Salsa20" % result)
-
-        if output is None:
-            return get_raw_buffer(ciphertext)
-        else:
-            return None
-
-    def decrypt(self, ciphertext, output=None):
-        """Decrypt a piece of data.
-        
-        Args:
-          ciphertext(bytes/bytearray/memoryview): The data to decrypt, of any size.
-        Keyword Args:
-          output(bytes/bytearray/memoryview): The location where the plaintext
-            is written to. If ``None``, the plaintext is returned.
-        Returns:
-          If ``output`` is ``None``, the plaintext is returned as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        try:
-            return self.encrypt(ciphertext, output=output)
-        except ValueError as e:
-            raise ValueError(str(e).replace("enc", "dec"))
-
-
-def new(key, nonce=None):
-    """Create a new Salsa20 cipher
-
-    :keyword key: The secret key to use. It must be 16 or 32 bytes long.
-    :type key: bytes/bytearray/memoryview
-
-    :keyword nonce:
-        A value that must never be reused for any other encryption
-        done with this key. It must be 8 bytes long.
-
-        If not provided, a random byte string will be generated (you can read
-        it back via the ``nonce`` attribute of the returned object).
-    :type nonce: bytes/bytearray/memoryview
-
-    :Return: a :class:`Crypto.Cipher.Salsa20.Salsa20Cipher` object
-    """
-
-    if nonce is None:
-        nonce = get_random_bytes(8)
-
-    return Salsa20Cipher(key, nonce)
-
-# Size of a data block (in bytes)
-block_size = 1
-
-# Size of a key (in bytes)
-key_size = (16, 32)
-

tls/pycryptoMod/lib/Crypto/Cipher/Salsa20.pyi

@@ -1,27 +0,0 @@
-from typing import Union, Tuple, Optional, overload
-
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-class Salsa20Cipher:
-    nonce: bytes
-    block_size: int
-    key_size: int
-
-    def __init__(self,
-                 key: Buffer,
-                 nonce: Buffer) -> None: ...
-    @overload
-    def encrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-    @overload
-    def decrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-
-def new(key: Buffer, nonce: Optional[Buffer] = ...) -> Salsa20Cipher: ...
-
-block_size: int
-key_size: Tuple[int, int]
-

tls/pycryptoMod/lib/Crypto/Cipher/_EKSBlowfish.py

@@ -1,131 +0,0 @@
-# ===================================================================
-#
-# Copyright (c) 2019, Legrandin <helderijs@gmail.com>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# ===================================================================
-
-import sys
-
-from tls.Crypto.Cipher import _create_cipher
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
-                                  VoidPointer, SmartPointer, c_size_t,
-                                  c_uint8_ptr, c_uint)
-
-_raw_blowfish_lib = load_pycryptodome_raw_lib(
-        "Crypto.Cipher._raw_eksblowfish",
-        """
-        int EKSBlowfish_start_operation(const uint8_t key[],
-                                        size_t key_len,
-                                        const uint8_t salt[16],
-                                        size_t salt_len,
-                                        unsigned cost,
-                                        unsigned invert,
-                                        void **pResult);
-        int EKSBlowfish_encrypt(const void *state,
-                                const uint8_t *in,
-                                uint8_t *out,
-                                size_t data_len);
-        int EKSBlowfish_decrypt(const void *state,
-                                const uint8_t *in,
-                                uint8_t *out,
-                                size_t data_len);
-        int EKSBlowfish_stop_operation(void *state);
-        """
-        )
-
-
-def _create_base_cipher(dict_parameters):
-    """This method instantiates and returns a smart pointer to
-    a low-level base cipher. It will absorb named parameters in
-    the process."""
-
-    try:
-        key = dict_parameters.pop("key")
-        salt = dict_parameters.pop("salt")
-        cost = dict_parameters.pop("cost")
-    except KeyError as e:
-        raise TypeError("Missing EKSBlowfish parameter: " + str(e))
-    invert = dict_parameters.pop("invert", True)
-
-    if len(key) not in key_size:
-        raise ValueError("Incorrect EKSBlowfish key length (%d bytes)" % len(key))
-
-    start_operation = _raw_blowfish_lib.EKSBlowfish_start_operation
-    stop_operation = _raw_blowfish_lib.EKSBlowfish_stop_operation
-
-    void_p = VoidPointer()
-    result = start_operation(c_uint8_ptr(key),
-                             c_size_t(len(key)),
-                             c_uint8_ptr(salt),
-                             c_size_t(len(salt)),
-                             c_uint(cost),
-                             c_uint(int(invert)),
-                             void_p.address_of())
-    if result:
-        raise ValueError("Error %X while instantiating the EKSBlowfish cipher"
-                         % result)
-    return SmartPointer(void_p.get(), stop_operation)
-
-
-def new(key, mode, salt, cost, invert):
-    """Create a new EKSBlowfish cipher
-    
-    Args:
-
-      key (bytes, bytearray, memoryview):
-        The secret key to use in the symmetric cipher.
-        Its length can vary from 0 to 72 bytes.
-
-      mode (one of the supported ``MODE_*`` constants):
-        The chaining mode to use for encryption or decryption.
-
-      salt (bytes, bytearray, memoryview):
-        The salt that bcrypt uses to thwart rainbow table attacks
-
-      cost (integer):
-        The complexity factor in bcrypt
-
-      invert (bool):
-        If ``False``, in the inner loop use ``ExpandKey`` first over the salt
-        and then over the key, as defined in
-        the `original bcrypt specification <https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node4.html>`_.
-        If ``True``, reverse the order, as in the first implementation of
-        `bcrypt` in OpenBSD.
-
-    :Return: an EKSBlowfish object
-    """
-
-    kwargs = { 'salt':salt, 'cost':cost, 'invert':invert }
-    return _create_cipher(sys.modules[__name__], key, mode, **kwargs)
-
-
-MODE_ECB = 1
-
-# Size of a data block (in bytes)
-block_size = 8
-# Size of a key (in bytes)
-key_size = range(0, 72 + 1)

tls/pycryptoMod/lib/Crypto/Cipher/_EKSBlowfish.pyi

@@ -1,15 +0,0 @@
-from typing import Union, Iterable
-
-from tls.Crypto.Cipher._mode_ecb import EcbMode
-
-MODE_ECB: int
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-def new(key: Buffer,
-        mode: int,
-	salt: Buffer,
-	cost: int) -> EcbMode: ...
-
-block_size: int
-key_size: Iterable[int]

tls/pycryptoMod/lib/Crypto/Cipher/__init__.py

@@ -1,79 +0,0 @@
-#
-# A block cipher is instantiated as a combination of:
-# 1. A base cipher (such as AES)
-# 2. A mode of operation (such as CBC)
-#
-# Both items are implemented as C modules.
-#
-# The API of #1 is (replace "AES" with the name of the actual cipher):
-# - AES_start_operaion(key) --> base_cipher_state
-# - AES_encrypt(base_cipher_state, in, out, length)
-# - AES_decrypt(base_cipher_state, in, out, length)
-# - AES_stop_operation(base_cipher_state)
-#
-# Where base_cipher_state is AES_State, a struct with BlockBase (set of
-# pointers to encrypt/decrypt/stop) followed by cipher-specific data.
-#
-# The API of #2 is (replace "CBC" with the name of the actual mode):
-# - CBC_start_operation(base_cipher_state) --> mode_state
-# - CBC_encrypt(mode_state, in, out, length)
-# - CBC_decrypt(mode_state, in, out, length)
-# - CBC_stop_operation(mode_state)
-#
-# where mode_state is a a pointer to base_cipher_state plus mode-specific data.
-
-import os
-
-from tls.Crypto.Cipher._mode_ecb import _create_ecb_cipher
-from tls.Crypto.Cipher._mode_cbc import _create_cbc_cipher
-from tls.Crypto.Cipher._mode_cfb import _create_cfb_cipher
-from tls.Crypto.Cipher._mode_ofb import _create_ofb_cipher
-from tls.Crypto.Cipher._mode_ctr import _create_ctr_cipher
-from tls.Crypto.Cipher._mode_openpgp import _create_openpgp_cipher
-from tls.Crypto.Cipher._mode_ccm import _create_ccm_cipher
-from tls.Crypto.Cipher._mode_eax import _create_eax_cipher
-from tls.Crypto.Cipher._mode_siv import _create_siv_cipher
-from tls.Crypto.Cipher._mode_gcm import _create_gcm_cipher
-from tls.Crypto.Cipher._mode_ocb import _create_ocb_cipher
-
-_modes = { 1:_create_ecb_cipher,
-           2:_create_cbc_cipher,
-           3:_create_cfb_cipher,
-           5:_create_ofb_cipher,
-           6:_create_ctr_cipher,
-           7:_create_openpgp_cipher,
-           9:_create_eax_cipher
-           }
-
-_extra_modes = { 8:_create_ccm_cipher,
-                10:_create_siv_cipher,
-                11:_create_gcm_cipher,
-                12:_create_ocb_cipher
-                }
-
-def _create_cipher(factory, key, mode, *args, **kwargs):
-
-    kwargs["key"] = key
-
-    modes = dict(_modes)
-    if kwargs.pop("add_aes_modes", False):
-        modes.update(_extra_modes)
-    if not mode in modes:
-        raise ValueError("Mode not supported")
-
-    if args:
-        if mode in (8, 9, 10, 11, 12):
-            if len(args) > 1:
-                raise TypeError("Too many arguments for this mode")
-            kwargs["nonce"] = args[0]
-        elif mode in (2, 3, 5, 7):
-            if len(args) > 1:
-                raise TypeError("Too many arguments for this mode")
-            kwargs["IV"] = args[0]
-        elif mode == 6:
-            if len(args) > 0:
-                raise TypeError("Too many arguments for this mode")
-        elif mode == 1:
-            raise TypeError("IV is not meaningful for the ECB mode")
-
-    return modes[mode](factory, **kwargs)

tls/pycryptoMod/lib/Crypto/Cipher/_mode_cbc.py

@@ -1,293 +0,0 @@
-# ===================================================================
-#
-# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# ===================================================================
-
-"""
-Ciphertext Block Chaining (CBC) mode.
-"""
-
-__all__ = ['CbcMode']
-
-from tls.Crypto.Util.py3compat import _copy_bytes
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer,
-                                  create_string_buffer, get_raw_buffer,
-                                  SmartPointer, c_size_t, c_uint8_ptr,
-                                  is_writeable_buffer)
-
-from tls.Crypto.Random import get_random_bytes
-
-raw_cbc_lib = load_pycryptodome_raw_lib("Crypto.Cipher._raw_cbc", """
-                int CBC_start_operation(void *cipher,
-                                        const uint8_t iv[],
-                                        size_t iv_len,
-                                        void **pResult);
-                int CBC_encrypt(void *cbcState,
-                                const uint8_t *in,
-                                uint8_t *out,
-                                size_t data_len);
-                int CBC_decrypt(void *cbcState,
-                                const uint8_t *in,
-                                uint8_t *out,
-                                size_t data_len);
-                int CBC_stop_operation(void *state);
-                """
-                )
-
-
-class CbcMode(object):
-    """*Cipher-Block Chaining (CBC)*.
-
-    Each of the ciphertext blocks depends on the current
-    and all previous plaintext blocks.
-
-    An Initialization Vector (*IV*) is required.
-
-    See `NIST SP800-38A`_ , Section 6.2 .
-
-    .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
-
-    :undocumented: __init__
-    """
-
-    def __init__(self, block_cipher, iv):
-        """Create a new block cipher, configured in CBC mode.
-
-        :Parameters:
-          block_cipher : C pointer
-            A smart pointer to the low-level block cipher instance.
-
-          iv : bytes/bytearray/memoryview
-            The initialization vector to use for encryption or decryption.
-            It is as long as the cipher block.
-
-            **The IV must be unpredictable**. Ideally it is picked randomly.
-
-            Reusing the *IV* for encryptions performed with the same key
-            compromises confidentiality.
-        """
-
-        self._state = VoidPointer()
-        result = raw_cbc_lib.CBC_start_operation(block_cipher.get(),
-                                                 c_uint8_ptr(iv),
-                                                 c_size_t(len(iv)),
-                                                 self._state.address_of())
-        if result:
-            raise ValueError("Error %d while instantiating the CBC mode"
-                             % result)
-
-        # Ensure that object disposal of this Python object will (eventually)
-        # free the memory allocated by the raw library for the cipher mode
-        self._state = SmartPointer(self._state.get(),
-                                   raw_cbc_lib.CBC_stop_operation)
-
-        # Memory allocated for the underlying block cipher is now owed
-        # by the cipher mode
-        block_cipher.release()
-
-        self.block_size = len(iv)
-        """The block size of the underlying cipher, in bytes."""
-
-        self.iv = _copy_bytes(None, None, iv)
-        """The Initialization Vector originally used to create the object.
-        The value does not change."""
-
-        self.IV = self.iv
-        """Alias for `iv`"""
-
-        self._next = [ self.encrypt, self.decrypt ]
-
-    def encrypt(self, plaintext, output=None):
-        """Encrypt data with the key and the parameters set at initialization.
-
-        A cipher object is stateful: once you have encrypted a message
-        you cannot encrypt (or decrypt) another message using the same
-        object.
-
-        The data to encrypt can be broken up in two or
-        more pieces and `encrypt` can be called multiple times.
-
-        That is, the statement:
-
-            >>> c.encrypt(a) + c.encrypt(b)
-
-        is equivalent to:
-
-             >>> c.encrypt(a+b)
-
-        That also means that you cannot reuse an object for encrypting
-        or decrypting other data with the same key.
-
-        This function does not add any padding to the plaintext.
-
-        :Parameters:
-          plaintext : bytes/bytearray/memoryview
-            The piece of data to encrypt.
-            Its lenght must be multiple of the cipher block size.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the ciphertext must be written to.
-            If ``None``, the ciphertext is returned.
-        :Return:
-          If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.encrypt not in self._next:
-            raise TypeError("encrypt() cannot be called after decrypt()")
-        self._next = [ self.encrypt ]
-        
-        if output is None:
-            ciphertext = create_string_buffer(len(plaintext))
-        else:
-            ciphertext = output
-            
-            if not is_writeable_buffer(output):
-                raise TypeError("output must be a bytearray or a writeable memoryview")
-        
-            if len(plaintext) != len(output):
-                raise ValueError("output must have the same length as the input"
-                                 "  (%d bytes)" % len(plaintext))
-
-        result = raw_cbc_lib.CBC_encrypt(self._state.get(),
-                                         c_uint8_ptr(plaintext),
-                                         c_uint8_ptr(ciphertext),
-                                         c_size_t(len(plaintext)))
-        if result:
-            if result == 3:
-                raise ValueError("Data must be padded to %d byte boundary in CBC mode" % self.block_size)
-            raise ValueError("Error %d while encrypting in CBC mode" % result)
-
-        if output is None:
-            return get_raw_buffer(ciphertext)
-        else:
-            return None
-
-    def decrypt(self, ciphertext, output=None):
-        """Decrypt data with the key and the parameters set at initialization.
-
-        A cipher object is stateful: once you have decrypted a message
-        you cannot decrypt (or encrypt) another message with the same
-        object.
-
-        The data to decrypt can be broken up in two or
-        more pieces and `decrypt` can be called multiple times.
-
-        That is, the statement:
-
-            >>> c.decrypt(a) + c.decrypt(b)
-
-        is equivalent to:
-
-             >>> c.decrypt(a+b)
-
-        This function does not remove any padding from the plaintext.
-
-        :Parameters:
-          ciphertext : bytes/bytearray/memoryview
-            The piece of data to decrypt.
-            Its length must be multiple of the cipher block size.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the plaintext must be written to.
-            If ``None``, the plaintext is returned.
-        :Return:
-          If ``output`` is ``None``, the plaintext is returned as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.decrypt not in self._next:
-            raise TypeError("decrypt() cannot be called after encrypt()")
-        self._next = [ self.decrypt ]
-        
-        if output is None:
-            plaintext = create_string_buffer(len(ciphertext))
-        else:
-            plaintext = output
-
-            if not is_writeable_buffer(output):
-                raise TypeError("output must be a bytearray or a writeable memoryview")
-            
-            if len(ciphertext) != len(output):
-                raise ValueError("output must have the same length as the input"
-                                 "  (%d bytes)" % len(plaintext))
-
-        result = raw_cbc_lib.CBC_decrypt(self._state.get(),
-                                         c_uint8_ptr(ciphertext),
-                                         c_uint8_ptr(plaintext),
-                                         c_size_t(len(ciphertext)))
-        if result:
-            if result == 3:
-                raise ValueError("Data must be padded to %d byte boundary in CBC mode" % self.block_size)
-            raise ValueError("Error %d while decrypting in CBC mode" % result)
-
-        if output is None:
-            return get_raw_buffer(plaintext)
-        else:
-            return None
-
-
-def _create_cbc_cipher(factory, **kwargs):
-    """Instantiate a cipher object that performs CBC encryption/decryption.
-
-    :Parameters:
-      factory : module
-        The underlying block cipher, a module from ``Crypto.Cipher``.
-
-    :Keywords:
-      iv : bytes/bytearray/memoryview
-        The IV to use for CBC.
-
-      IV : bytes/bytearray/memoryview
-        Alias for ``iv``.
-
-    Any other keyword will be passed to the underlying block cipher.
-    See the relevant documentation for details (at least ``key`` will need
-    to be present).
-    """
-
-    cipher_state = factory._create_base_cipher(kwargs)
-    iv = kwargs.pop("IV", None)
-    IV = kwargs.pop("iv", None)
-
-    if (None, None) == (iv, IV):
-        iv = get_random_bytes(factory.block_size)
-    if iv is not None:
-        if IV is not None:
-            raise TypeError("You must either use 'iv' or 'IV', not both")
-    else:
-        iv = IV
-
-    if len(iv) != factory.block_size:
-        raise ValueError("Incorrect IV length (it must be %d bytes long)" %
-                factory.block_size)
-
-    if kwargs:
-        raise TypeError("Unknown parameters for CBC: %s" % str(kwargs))
-
-    return CbcMode(cipher_state, iv)

tls/pycryptoMod/lib/Crypto/Cipher/_mode_cbc.pyi

@@ -1,25 +0,0 @@
-from typing import Union, overload
-
-from tls.Crypto.Util._raw_api import SmartPointer
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-__all__ = ['CbcMode']
-
-class CbcMode(object):
-    block_size: int
-    iv: Buffer
-    IV: Buffer
-
-    def __init__(self,
-                 block_cipher: SmartPointer,
-                 iv: Buffer) -> None: ...
-    @overload
-    def encrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-    @overload
-    def decrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-

tls/pycryptoMod/lib/Crypto/Cipher/_mode_ccm.py

@@ -1,650 +0,0 @@
-# ===================================================================
-#
-# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# ===================================================================
-
-"""
-Counter with CBC-MAC (CCM) mode.
-"""
-
-__all__ = ['CcmMode']
-
-import struct
-from binascii import unhexlify
-
-from tls.Crypto.Util.py3compat import (byte_string, bord,
-                                   _copy_bytes)
-from tls.Crypto.Util._raw_api import is_writeable_buffer
-
-from tls.Crypto.Util.strxor import strxor
-from tls.Crypto.Util.number import long_to_bytes
-
-from tls.Crypto.Hash import BLAKE2s
-from tls.Crypto.Random import get_random_bytes
-
-
-def enum(**enums):
-    return type('Enum', (), enums)
-
-MacStatus = enum(NOT_STARTED=0, PROCESSING_AUTH_DATA=1, PROCESSING_PLAINTEXT=2)
-
-
-class CcmMode(object):
-    """Counter with CBC-MAC (CCM).
-
-    This is an Authenticated Encryption with Associated Data (`AEAD`_) mode.
-    It provides both confidentiality and authenticity.
-
-    The header of the message may be left in the clear, if needed, and it will
-    still be subject to authentication. The decryption step tells the receiver
-    if the message comes from a source that really knowns the secret key.
-    Additionally, decryption detects if any part of the message - including the
-    header - has been modified or corrupted.
-
-    This mode requires a nonce. The nonce shall never repeat for two
-    different messages encrypted with the same key, but it does not need
-    to be random.
-    Note that there is a trade-off between the size of the nonce and the
-    maximum size of a single message you can encrypt.
-
-    It is important to use a large nonce if the key is reused across several
-    messages and the nonce is chosen randomly.
-
-    It is acceptable to us a short nonce if the key is only used a few times or
-    if the nonce is taken from a counter.
-
-    The following table shows the trade-off when the nonce is chosen at
-    random. The column on the left shows how many messages it takes
-    for the keystream to repeat **on average**. In practice, you will want to
-    stop using the key way before that.
-
-    +--------------------+---------------+-------------------+
-    | Avg. # of messages |    nonce      |     Max. message  |
-    | before keystream   |    size       |     size          |
-    | repeats            |    (bytes)    |     (bytes)       |
-    +====================+===============+===================+
-    |       2^52         |      13       |        64K        |
-    +--------------------+---------------+-------------------+
-    |       2^48         |      12       |        16M        |
-    +--------------------+---------------+-------------------+
-    |       2^44         |      11       |         4G        |
-    +--------------------+---------------+-------------------+
-    |       2^40         |      10       |         1T        |
-    +--------------------+---------------+-------------------+
-    |       2^36         |       9       |        64P        |
-    +--------------------+---------------+-------------------+
-    |       2^32         |       8       |        16E        |
-    +--------------------+---------------+-------------------+
-
-    This mode is only available for ciphers that operate on 128 bits blocks
-    (e.g. AES but not TDES).
-
-    See `NIST SP800-38C`_ or RFC3610_.
-
-    .. _`NIST SP800-38C`: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
-    .. _RFC3610: https://tools.ietf.org/html/rfc3610
-    .. _AEAD: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
-
-    :undocumented: __init__
-    """
-
-    def __init__(self, factory, key, nonce, mac_len, msg_len, assoc_len,
-                 cipher_params):
-
-        self.block_size = factory.block_size
-        """The block size of the underlying cipher, in bytes."""
-
-        self.nonce = _copy_bytes(None, None, nonce)
-        """The nonce used for this cipher instance"""
-
-        self._factory = factory
-        self._key = _copy_bytes(None, None, key)
-        self._mac_len = mac_len
-        self._msg_len = msg_len
-        self._assoc_len = assoc_len
-        self._cipher_params = cipher_params
-
-        self._mac_tag = None  # Cache for MAC tag
-
-        if self.block_size != 16:
-            raise ValueError("CCM mode is only available for ciphers"
-                             " that operate on 128 bits blocks")
-
-        # MAC tag length (Tlen)
-        if mac_len not in (4, 6, 8, 10, 12, 14, 16):
-            raise ValueError("Parameter 'mac_len' must be even"
-                             " and in the range 4..16 (not %d)" % mac_len)
-
-        # Nonce value
-        if not (nonce and 7 <= len(nonce) <= 13):
-            raise ValueError("Length of parameter 'nonce' must be"
-                             " in the range 7..13 bytes")
-
-        # Create MAC object (the tag will be the last block
-        # bytes worth of ciphertext)
-        self._mac = self._factory.new(key,
-                                      factory.MODE_CBC,
-                                      iv=b'\x00' * 16,
-                                      **cipher_params)
-        self._mac_status = MacStatus.NOT_STARTED
-        self._t = None
-
-        # Allowed transitions after initialization
-        self._next = [self.update, self.encrypt, self.decrypt,
-                      self.digest, self.verify]
-
-        # Cumulative lengths
-        self._cumul_assoc_len = 0
-        self._cumul_msg_len = 0
-
-        # Cache for unaligned associated data/plaintext.
-        # This is a list with byte strings, but when the MAC starts,
-        # it will become a binary string no longer than the block size.
-        self._cache = []
-
-        # Start CTR cipher, by formatting the counter (A.3)
-        q = 15 - len(nonce)  # length of Q, the encoded message length
-        self._cipher = self._factory.new(key,
-                                         self._factory.MODE_CTR,
-                                         nonce=struct.pack("B", q - 1) + self.nonce,
-                                         **cipher_params)
-
-        # S_0, step 6 in 6.1 for j=0
-        self._s_0 = self._cipher.encrypt(b'\x00' * 16)
-
-        # Try to start the MAC
-        if None not in (assoc_len, msg_len):
-            self._start_mac()
-
-    def _start_mac(self):
-
-        assert(self._mac_status == MacStatus.NOT_STARTED)
-        assert(None not in (self._assoc_len, self._msg_len))
-        assert(isinstance(self._cache, list))
-
-        # Formatting control information and nonce (A.2.1)
-        q = 15 - len(self.nonce)  # length of Q, the encoded message length
-        flags = (64 * (self._assoc_len > 0) + 8 * ((self._mac_len - 2) // 2) +
-                 (q - 1))
-        b_0 = struct.pack("B", flags) + self.nonce + long_to_bytes(self._msg_len, q)
-
-        # Formatting associated data (A.2.2)
-        # Encoded 'a' is concatenated with the associated data 'A'
-        assoc_len_encoded = b''
-        if self._assoc_len > 0:
-            if self._assoc_len < (2 ** 16 - 2 ** 8):
-                enc_size = 2
-            elif self._assoc_len < (2 ** 32):
-                assoc_len_encoded = b'\xFF\xFE'
-                enc_size = 4
-            else:
-                assoc_len_encoded = b'\xFF\xFF'
-                enc_size = 8
-            assoc_len_encoded += long_to_bytes(self._assoc_len, enc_size)
-
-        # b_0 and assoc_len_encoded must be processed first
-        self._cache.insert(0, b_0)
-        self._cache.insert(1, assoc_len_encoded)
-
-        # Process all the data cached so far
-        first_data_to_mac = b"".join(self._cache)
-        self._cache = b""
-        self._mac_status = MacStatus.PROCESSING_AUTH_DATA
-        self._update(first_data_to_mac)
-
-    def _pad_cache_and_update(self):
-
-        assert(self._mac_status != MacStatus.NOT_STARTED)
-        assert(len(self._cache) < self.block_size)
-
-        # Associated data is concatenated with the least number
-        # of zero bytes (possibly none) to reach alignment to
-        # the 16 byte boundary (A.2.3)
-        len_cache = len(self._cache)
-        if len_cache > 0:
-            self._update(b'\x00' * (self.block_size - len_cache))
-
-    def update(self, assoc_data):
-        """Protect associated data
-
-        If there is any associated data, the caller has to invoke
-        this function one or more times, before using
-        ``decrypt`` or ``encrypt``.
-
-        By *associated data* it is meant any data (e.g. packet headers) that
-        will not be encrypted and will be transmitted in the clear.
-        However, the receiver is still able to detect any modification to it.
-        In CCM, the *associated data* is also called
-        *additional authenticated data* (AAD).
-
-        If there is no associated data, this method must not be called.
-
-        The caller may split associated data in segments of any size, and
-        invoke this method multiple times, each time with the next segment.
-
-        :Parameters:
-          assoc_data : bytes/bytearray/memoryview
-            A piece of associated data. There are no restrictions on its size.
-        """
-
-        if self.update not in self._next:
-            raise TypeError("update() can only be called"
-                            " immediately after initialization")
-
-        self._next = [self.update, self.encrypt, self.decrypt,
-                      self.digest, self.verify]
-
-        self._cumul_assoc_len += len(assoc_data)
-        if self._assoc_len is not None and \
-           self._cumul_assoc_len > self._assoc_len:
-            raise ValueError("Associated data is too long")
-
-        self._update(assoc_data)
-        return self
-
-    def _update(self, assoc_data_pt=b""):
-        """Update the MAC with associated data or plaintext
-           (without FSM checks)"""
-
-        # If MAC has not started yet, we just park the data into a list.
-        # If the data is mutable, we create a copy and store that instead.
-        if self._mac_status == MacStatus.NOT_STARTED:
-            if is_writeable_buffer(assoc_data_pt):
-                assoc_data_pt = _copy_bytes(None, None, assoc_data_pt)
-            self._cache.append(assoc_data_pt)
-            return
-
-        assert(len(self._cache) < self.block_size)
-
-        if len(self._cache) > 0:
-            filler = min(self.block_size - len(self._cache),
-                         len(assoc_data_pt))
-            self._cache += _copy_bytes(None, filler, assoc_data_pt)
-            assoc_data_pt = _copy_bytes(filler, None, assoc_data_pt)
-
-            if len(self._cache) < self.block_size:
-                return
-
-            # The cache is exactly one block
-            self._t = self._mac.encrypt(self._cache)
-            self._cache = b""
-
-        update_len = len(assoc_data_pt) // self.block_size * self.block_size
-        self._cache = _copy_bytes(update_len, None, assoc_data_pt)
-        if update_len > 0:
-            self._t = self._mac.encrypt(assoc_data_pt[:update_len])[-16:]
-
-    def encrypt(self, plaintext, output=None):
-        """Encrypt data with the key set at initialization.
-
-        A cipher object is stateful: once you have encrypted a message
-        you cannot encrypt (or decrypt) another message using the same
-        object.
-
-        This method can be called only **once** if ``msg_len`` was
-        not passed at initialization.
-
-        If ``msg_len`` was given, the data to encrypt can be broken
-        up in two or more pieces and `encrypt` can be called
-        multiple times.
-
-        That is, the statement:
-
-            >>> c.encrypt(a) + c.encrypt(b)
-
-        is equivalent to:
-
-             >>> c.encrypt(a+b)
-
-        This function does not add any padding to the plaintext.
-
-        :Parameters:
-          plaintext : bytes/bytearray/memoryview
-            The piece of data to encrypt.
-            It can be of any length.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the ciphertext must be written to.
-            If ``None``, the ciphertext is returned.
-        :Return:
-          If ``output`` is ``None``, the ciphertext as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.encrypt not in self._next:
-            raise TypeError("encrypt() can only be called after"
-                            " initialization or an update()")
-        self._next = [self.encrypt, self.digest]
-
-        # No more associated data allowed from now
-        if self._assoc_len is None:
-            assert(isinstance(self._cache, list))
-            self._assoc_len = sum([len(x) for x in self._cache])
-            if self._msg_len is not None:
-                self._start_mac()
-        else:
-            if self._cumul_assoc_len < self._assoc_len:
-                raise ValueError("Associated data is too short")
-
-        # Only once piece of plaintext accepted if message length was
-        # not declared in advance
-        if self._msg_len is None:
-            self._msg_len = len(plaintext)
-            self._start_mac()
-            self._next = [self.digest]
-
-        self._cumul_msg_len += len(plaintext)
-        if self._cumul_msg_len > self._msg_len:
-            raise ValueError("Message is too long")
-
-        if self._mac_status == MacStatus.PROCESSING_AUTH_DATA:
-            # Associated data is concatenated with the least number
-            # of zero bytes (possibly none) to reach alignment to
-            # the 16 byte boundary (A.2.3)
-            self._pad_cache_and_update()
-            self._mac_status = MacStatus.PROCESSING_PLAINTEXT
-
-        self._update(plaintext)
-        return self._cipher.encrypt(plaintext, output=output)
-
-    def decrypt(self, ciphertext, output=None):
-        """Decrypt data with the key set at initialization.
-
-        A cipher object is stateful: once you have decrypted a message
-        you cannot decrypt (or encrypt) another message with the same
-        object.
-
-        This method can be called only **once** if ``msg_len`` was
-        not passed at initialization.
-
-        If ``msg_len`` was given, the data to decrypt can be
-        broken up in two or more pieces and `decrypt` can be
-        called multiple times.
-
-        That is, the statement:
-
-            >>> c.decrypt(a) + c.decrypt(b)
-
-        is equivalent to:
-
-             >>> c.decrypt(a+b)
-
-        This function does not remove any padding from the plaintext.
-
-        :Parameters:
-          ciphertext : bytes/bytearray/memoryview
-            The piece of data to decrypt.
-            It can be of any length.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the plaintext must be written to.
-            If ``None``, the plaintext is returned.
-        :Return:
-          If ``output`` is ``None``, the plaintext as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.decrypt not in self._next:
-            raise TypeError("decrypt() can only be called"
-                            " after initialization or an update()")
-        self._next = [self.decrypt, self.verify]
-
-        # No more associated data allowed from now
-        if self._assoc_len is None:
-            assert(isinstance(self._cache, list))
-            self._assoc_len = sum([len(x) for x in self._cache])
-            if self._msg_len is not None:
-                self._start_mac()
-        else:
-            if self._cumul_assoc_len < self._assoc_len:
-                raise ValueError("Associated data is too short")
-
-        # Only once piece of ciphertext accepted if message length was
-        # not declared in advance
-        if self._msg_len is None:
-            self._msg_len = len(ciphertext)
-            self._start_mac()
-            self._next = [self.verify]
-
-        self._cumul_msg_len += len(ciphertext)
-        if self._cumul_msg_len > self._msg_len:
-            raise ValueError("Message is too long")
-
-        if self._mac_status == MacStatus.PROCESSING_AUTH_DATA:
-            # Associated data is concatenated with the least number
-            # of zero bytes (possibly none) to reach alignment to
-            # the 16 byte boundary (A.2.3)
-            self._pad_cache_and_update()
-            self._mac_status = MacStatus.PROCESSING_PLAINTEXT
-
-        # Encrypt is equivalent to decrypt with the CTR mode
-        plaintext = self._cipher.encrypt(ciphertext, output=output)
-        if output is None:
-            self._update(plaintext)
-        else:
-            self._update(output)
-        return plaintext
-
-    def digest(self):
-        """Compute the *binary* MAC tag.
-
-        The caller invokes this function at the very end.
-
-        This method returns the MAC that shall be sent to the receiver,
-        together with the ciphertext.
-
-        :Return: the MAC, as a byte string.
-        """
-
-        if self.digest not in self._next:
-            raise TypeError("digest() cannot be called when decrypting"
-                            " or validating a message")
-        self._next = [self.digest]
-        return self._digest()
-
-    def _digest(self):
-        if self._mac_tag:
-            return self._mac_tag
-
-        if self._assoc_len is None:
-            assert(isinstance(self._cache, list))
-            self._assoc_len = sum([len(x) for x in self._cache])
-            if self._msg_len is not None:
-                self._start_mac()
-        else:
-            if self._cumul_assoc_len < self._assoc_len:
-                raise ValueError("Associated data is too short")
-
-        if self._msg_len is None:
-            self._msg_len = 0
-            self._start_mac()
-
-        if self._cumul_msg_len != self._msg_len:
-            raise ValueError("Message is too short")
-
-        # Both associated data and payload are concatenated with the least
-        # number of zero bytes (possibly none) that align it to the
-        # 16 byte boundary (A.2.2 and A.2.3)
-        self._pad_cache_and_update()
-
-        # Step 8 in 6.1 (T xor MSB_Tlen(S_0))
-        self._mac_tag = strxor(self._t, self._s_0)[:self._mac_len]
-
-        return self._mac_tag
-
-    def hexdigest(self):
-        """Compute the *printable* MAC tag.
-
-        This method is like `digest`.
-
-        :Return: the MAC, as a hexadecimal string.
-        """
-        return "".join(["%02x" % bord(x) for x in self.digest()])
-
-    def verify(self, received_mac_tag):
-        """Validate the *binary* MAC tag.
-
-        The caller invokes this function at the very end.
-
-        This method checks if the decrypted message is indeed valid
-        (that is, if the key is correct) and it has not been
-        tampered with while in transit.
-
-        :Parameters:
-          received_mac_tag : bytes/bytearray/memoryview
-            This is the *binary* MAC, as received from the sender.
-        :Raises ValueError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        if self.verify not in self._next:
-            raise TypeError("verify() cannot be called"
-                            " when encrypting a message")
-        self._next = [self.verify]
-
-        self._digest()
-        secret = get_random_bytes(16)
-
-        mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=self._mac_tag)
-        mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=received_mac_tag)
-
-        if mac1.digest() != mac2.digest():
-            raise ValueError("MAC check failed")
-
-    def hexverify(self, hex_mac_tag):
-        """Validate the *printable* MAC tag.
-
-        This method is like `verify`.
-
-        :Parameters:
-          hex_mac_tag : string
-            This is the *printable* MAC, as received from the sender.
-        :Raises ValueError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        self.verify(unhexlify(hex_mac_tag))
-
-    def encrypt_and_digest(self, plaintext, output=None):
-        """Perform encrypt() and digest() in one step.
-
-        :Parameters:
-          plaintext : bytes/bytearray/memoryview
-            The piece of data to encrypt.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the ciphertext must be written to.
-            If ``None``, the ciphertext is returned.
-        :Return:
-            a tuple with two items:
-
-            - the ciphertext, as ``bytes``
-            - the MAC tag, as ``bytes``
-
-            The first item becomes ``None`` when the ``output`` parameter
-            specified a location for the result.
-        """
-
-        return self.encrypt(plaintext, output=output), self.digest()
-
-    def decrypt_and_verify(self, ciphertext, received_mac_tag, output=None):
-        """Perform decrypt() and verify() in one step.
-
-        :Parameters:
-          ciphertext : bytes/bytearray/memoryview
-            The piece of data to decrypt.
-          received_mac_tag : bytes/bytearray/memoryview
-            This is the *binary* MAC, as received from the sender.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the plaintext must be written to.
-            If ``None``, the plaintext is returned.
-        :Return: the plaintext as ``bytes`` or ``None`` when the ``output``
-            parameter specified a location for the result.
-        :Raises ValueError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        plaintext = self.decrypt(ciphertext, output=output)
-        self.verify(received_mac_tag)
-        return plaintext
-
-
-def _create_ccm_cipher(factory, **kwargs):
-    """Create a new block cipher, configured in CCM mode.
-
-    :Parameters:
-      factory : module
-        A symmetric cipher module from `Crypto.Cipher` (like
-        `Crypto.Cipher.AES`).
-
-    :Keywords:
-      key : bytes/bytearray/memoryview
-        The secret key to use in the symmetric cipher.
-
-      nonce : bytes/bytearray/memoryview
-        A value that must never be reused for any other encryption.
-
-        Its length must be in the range ``[7..13]``.
-        11 or 12 bytes are reasonable values in general. Bear in
-        mind that with CCM there is a trade-off between nonce length and
-        maximum message size.
-
-        If not specified, a 11 byte long random string is used.
-
-      mac_len : integer
-        Length of the MAC, in bytes. It must be even and in
-        the range ``[4..16]``. The default is 16.
-
-      msg_len : integer
-        Length of the message to (de)cipher.
-        If not specified, ``encrypt`` or ``decrypt`` may only be called once.
-
-      assoc_len : integer
-        Length of the associated data.
-        If not specified, all data is internally buffered.
-    """
-
-    try:
-        key = key = kwargs.pop("key")
-    except KeyError as e:
-        raise TypeError("Missing parameter: " + str(e))
-
-    nonce = kwargs.pop("nonce", None)  # N
-    if nonce is None:
-        nonce = get_random_bytes(11)
-    mac_len = kwargs.pop("mac_len", factory.block_size)
-    msg_len = kwargs.pop("msg_len", None)      # p
-    assoc_len = kwargs.pop("assoc_len", None)  # a
-    cipher_params = dict(kwargs)
-
-    return CcmMode(factory, key, nonce, mac_len, msg_len,
-                   assoc_len, cipher_params)

tls/pycryptoMod/lib/Crypto/Cipher/_mode_ccm.pyi

@@ -1,47 +0,0 @@
-from types import ModuleType
-from typing import Union, overload, Dict, Tuple, Optional
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-__all__ = ['CcmMode']
-
-class CcmMode(object):
-    block_size: int
-    nonce: bytes
-
-    def __init__(self,
-                 factory: ModuleType,
-                 key: Buffer,
-                 nonce: Buffer,
-                 mac_len: int,
-                 msg_len: int,
-                 assoc_len: int,
-                 cipher_params: Dict) -> None: ...
-    
-    def update(self, assoc_data: Buffer) -> CcmMode: ...
-
-    @overload
-    def encrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-    @overload
-    def decrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-
-    def digest(self) -> bytes: ...
-    def hexdigest(self) -> str: ...
-    def verify(self, received_mac_tag: Buffer) -> None: ...
-    def hexverify(self, hex_mac_tag: str) -> None: ...
-
-    @overload
-    def encrypt_and_digest(self,
-                           plaintext: Buffer) -> Tuple[bytes, bytes]: ...
-    @overload
-    def encrypt_and_digest(self,
-                           plaintext: Buffer,
-                           output: Buffer) -> Tuple[None, bytes]: ...
-    def decrypt_and_verify(self,
-                           ciphertext: Buffer,
-                           received_mac_tag: Buffer,
-                           output: Optional[Union[bytearray, memoryview]] = ...) -> bytes: ...

tls/pycryptoMod/lib/Crypto/Cipher/_mode_cfb.py

@@ -1,293 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-#  Cipher/mode_cfb.py : CFB mode
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain.  To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-
-"""
-Counter Feedback (CFB) mode.
-"""
-
-__all__ = ['CfbMode']
-
-from tls.Crypto.Util.py3compat import _copy_bytes
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer,
-                                  create_string_buffer, get_raw_buffer,
-                                  SmartPointer, c_size_t, c_uint8_ptr,
-                                  is_writeable_buffer)
-
-from tls.Crypto.Random import get_random_bytes
-
-raw_cfb_lib = load_pycryptodome_raw_lib("Crypto.Cipher._raw_cfb","""
-                    int CFB_start_operation(void *cipher,
-                                            const uint8_t iv[],
-                                            size_t iv_len,
-                                            size_t segment_len, /* In bytes */
-                                            void **pResult);
-                    int CFB_encrypt(void *cfbState,
-                                    const uint8_t *in,
-                                    uint8_t *out,
-                                    size_t data_len);
-                    int CFB_decrypt(void *cfbState,
-                                    const uint8_t *in,
-                                    uint8_t *out,
-                                    size_t data_len);
-                    int CFB_stop_operation(void *state);"""
-                    )
-
-
-class CfbMode(object):
-    """*Cipher FeedBack (CFB)*.
-
-    This mode is similar to CFB, but it transforms
-    the underlying block cipher into a stream cipher.
-
-    Plaintext and ciphertext are processed in *segments*
-    of **s** bits. The mode is therefore sometimes
-    labelled **s**-bit CFB.
-
-    An Initialization Vector (*IV*) is required.
-
-    See `NIST SP800-38A`_ , Section 6.3.
-
-    .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
-
-    :undocumented: __init__
-    """
-
-    def __init__(self, block_cipher, iv, segment_size):
-        """Create a new block cipher, configured in CFB mode.
-
-        :Parameters:
-          block_cipher : C pointer
-            A smart pointer to the low-level block cipher instance.
-
-          iv : bytes/bytearray/memoryview
-            The initialization vector to use for encryption or decryption.
-            It is as long as the cipher block.
-
-            **The IV must be unpredictable**. Ideally it is picked randomly.
-
-            Reusing the *IV* for encryptions performed with the same key
-            compromises confidentiality.
-
-          segment_size : integer
-            The number of bytes the plaintext and ciphertext are segmented in.
-        """
-
-        self._state = VoidPointer()
-        result = raw_cfb_lib.CFB_start_operation(block_cipher.get(),
-                                                 c_uint8_ptr(iv),
-                                                 c_size_t(len(iv)),
-                                                 c_size_t(segment_size),
-                                                 self._state.address_of())
-        if result:
-            raise ValueError("Error %d while instantiating the CFB mode" % result)
-
-        # Ensure that object disposal of this Python object will (eventually)
-        # free the memory allocated by the raw library for the cipher mode
-        self._state = SmartPointer(self._state.get(),
-                                   raw_cfb_lib.CFB_stop_operation)
-
-        # Memory allocated for the underlying block cipher is now owed
-        # by the cipher mode
-        block_cipher.release()
-
-        self.block_size = len(iv)
-        """The block size of the underlying cipher, in bytes."""
-
-        self.iv = _copy_bytes(None, None, iv)
-        """The Initialization Vector originally used to create the object.
-        The value does not change."""
-
-        self.IV = self.iv
-        """Alias for `iv`"""
-
-        self._next = [ self.encrypt, self.decrypt ]
-
-    def encrypt(self, plaintext, output=None):
-        """Encrypt data with the key and the parameters set at initialization.
-
-        A cipher object is stateful: once you have encrypted a message
-        you cannot encrypt (or decrypt) another message using the same
-        object.
-
-        The data to encrypt can be broken up in two or
-        more pieces and `encrypt` can be called multiple times.
-
-        That is, the statement:
-
-            >>> c.encrypt(a) + c.encrypt(b)
-
-        is equivalent to:
-
-             >>> c.encrypt(a+b)
-
-        This function does not add any padding to the plaintext.
-
-        :Parameters:
-          plaintext : bytes/bytearray/memoryview
-            The piece of data to encrypt.
-            It can be of any length.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the ciphertext must be written to.
-            If ``None``, the ciphertext is returned.
-        :Return:
-          If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.encrypt not in self._next:
-            raise TypeError("encrypt() cannot be called after decrypt()")
-        self._next = [ self.encrypt ]
-        
-        if output is None:
-            ciphertext = create_string_buffer(len(plaintext))
-        else:
-            ciphertext = output
-            
-            if not is_writeable_buffer(output):
-                raise TypeError("output must be a bytearray or a writeable memoryview")
-        
-            if len(plaintext) != len(output):
-                raise ValueError("output must have the same length as the input"
-                                 "  (%d bytes)" % len(plaintext))
-
-        result = raw_cfb_lib.CFB_encrypt(self._state.get(),
-                                         c_uint8_ptr(plaintext),
-                                         c_uint8_ptr(ciphertext),
-                                         c_size_t(len(plaintext)))
-        if result:
-            raise ValueError("Error %d while encrypting in CFB mode" % result)
-
-        if output is None:
-            return get_raw_buffer(ciphertext)
-        else:
-            return None
-
-    def decrypt(self, ciphertext,  output=None):
-        """Decrypt data with the key and the parameters set at initialization.
-
-        A cipher object is stateful: once you have decrypted a message
-        you cannot decrypt (or encrypt) another message with the same
-        object.
-
-        The data to decrypt can be broken up in two or
-        more pieces and `decrypt` can be called multiple times.
-
-        That is, the statement:
-
-            >>> c.decrypt(a) + c.decrypt(b)
-
-        is equivalent to:
-
-             >>> c.decrypt(a+b)
-
-        This function does not remove any padding from the plaintext.
-
-        :Parameters:
-          ciphertext : bytes/bytearray/memoryview
-            The piece of data to decrypt.
-            It can be of any length.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the plaintext must be written to.
-            If ``None``, the plaintext is returned.
-        :Return:
-          If ``output`` is ``None``, the plaintext is returned as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.decrypt not in self._next:
-            raise TypeError("decrypt() cannot be called after encrypt()")
-        self._next = [ self.decrypt ]
-        
-        if output is None:
-            plaintext = create_string_buffer(len(ciphertext))
-        else:
-            plaintext = output
-
-            if not is_writeable_buffer(output):
-                raise TypeError("output must be a bytearray or a writeable memoryview")
-            
-            if len(ciphertext) != len(output):
-                raise ValueError("output must have the same length as the input"
-                                 "  (%d bytes)" % len(plaintext))
-        
-        result = raw_cfb_lib.CFB_decrypt(self._state.get(),
-                                         c_uint8_ptr(ciphertext),
-                                         c_uint8_ptr(plaintext),
-                                         c_size_t(len(ciphertext)))
-        if result:
-            raise ValueError("Error %d while decrypting in CFB mode" % result)
-
-        if output is None:
-            return get_raw_buffer(plaintext)
-        else:
-            return None
-
-
-def _create_cfb_cipher(factory, **kwargs):
-    """Instantiate a cipher object that performs CFB encryption/decryption.
-
-    :Parameters:
-      factory : module
-        The underlying block cipher, a module from ``Crypto.Cipher``.
-
-    :Keywords:
-      iv : bytes/bytearray/memoryview
-        The IV to use for CFB.
-
-      IV : bytes/bytearray/memoryview
-        Alias for ``iv``.
-
-      segment_size : integer
-        The number of bit the plaintext and ciphertext are segmented in.
-        If not present, the default is 8.
-
-    Any other keyword will be passed to the underlying block cipher.
-    See the relevant documentation for details (at least ``key`` will need
-    to be present).
-    """
-
-    cipher_state = factory._create_base_cipher(kwargs)
-
-    iv = kwargs.pop("IV", None)
-    IV = kwargs.pop("iv", None)
-
-    if (None, None) == (iv, IV):
-        iv = get_random_bytes(factory.block_size)
-    if iv is not None:
-        if IV is not None:
-            raise TypeError("You must either use 'iv' or 'IV', not both")
-    else:
-        iv = IV
-
-    if len(iv) != factory.block_size:
-        raise ValueError("Incorrect IV length (it must be %d bytes long)" %
-                factory.block_size)
-
-    segment_size_bytes, rem = divmod(kwargs.pop("segment_size", 8), 8)
-    if segment_size_bytes == 0 or rem != 0:
-        raise ValueError("'segment_size' must be positive and multiple of 8 bits")
-
-    if kwargs:
-        raise TypeError("Unknown parameters for CFB: %s" % str(kwargs))
-    return CfbMode(cipher_state, iv, segment_size_bytes)

tls/pycryptoMod/lib/Crypto/Cipher/_mode_cfb.pyi

@@ -1,26 +0,0 @@
-from typing import Union, overload
-
-from tls.Crypto.Util._raw_api import SmartPointer
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-__all__ = ['CfbMode']
-
-
-class CfbMode(object):
-    block_size: int
-    iv: Buffer
-    IV: Buffer
-    
-    def __init__(self,
-                 block_cipher: SmartPointer,
-                 iv: Buffer,
-                 segment_size: int) -> None: ...
-    @overload
-    def encrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-    @overload
-    def decrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...

tls/pycryptoMod/lib/Crypto/Cipher/_mode_ctr.py

@@ -1,393 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-#  Cipher/mode_ctr.py : CTR mode
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain.  To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-
-"""
-Counter (CTR) mode.
-"""
-
-__all__ = ['CtrMode']
-
-import struct
-
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer,
-                                  create_string_buffer, get_raw_buffer,
-                                  SmartPointer, c_size_t, c_uint8_ptr,
-                                  is_writeable_buffer)
-
-from tls.Crypto.Random import get_random_bytes
-from tls.Crypto.Util.py3compat import _copy_bytes, is_native_int
-from tls.Crypto.Util.number import long_to_bytes
-
-raw_ctr_lib = load_pycryptodome_raw_lib("Crypto.Cipher._raw_ctr", """
-                    int CTR_start_operation(void *cipher,
-                                            uint8_t   initialCounterBlock[],
-                                            size_t    initialCounterBlock_len,
-                                            size_t    prefix_len,
-                                            unsigned  counter_len,
-                                            unsigned  littleEndian,
-                                            void **pResult);
-                    int CTR_encrypt(void *ctrState,
-                                    const uint8_t *in,
-                                    uint8_t *out,
-                                    size_t data_len);
-                    int CTR_decrypt(void *ctrState,
-                                    const uint8_t *in,
-                                    uint8_t *out,
-                                    size_t data_len);
-                    int CTR_stop_operation(void *ctrState);"""
-                                        )
-
-
-class CtrMode(object):
-    """*CounTeR (CTR)* mode.
-
-    This mode is very similar to ECB, in that
-    encryption of one block is done independently of all other blocks.
-
-    Unlike ECB, the block *position* contributes to the encryption
-    and no information leaks about symbol frequency.
-
-    Each message block is associated to a *counter* which
-    must be unique across all messages that get encrypted
-    with the same key (not just within the same message).
-    The counter is as big as the block size.
-
-    Counters can be generated in several ways. The most
-    straightword one is to choose an *initial counter block*
-    (which can be made public, similarly to the *IV* for the
-    other modes) and increment its lowest **m** bits by one
-    (modulo *2^m*) for each block. In most cases, **m** is
-    chosen to be half the block size.
-
-    See `NIST SP800-38A`_, Section 6.5 (for the mode) and
-    Appendix B (for how to manage the *initial counter block*).
-
-    .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
-
-    :undocumented: __init__
-    """
-
-    def __init__(self, block_cipher, initial_counter_block,
-                 prefix_len, counter_len, little_endian):
-        """Create a new block cipher, configured in CTR mode.
-
-        :Parameters:
-          block_cipher : C pointer
-            A smart pointer to the low-level block cipher instance.
-
-          initial_counter_block : bytes/bytearray/memoryview
-            The initial plaintext to use to generate the key stream.
-
-            It is as large as the cipher block, and it embeds
-            the initial value of the counter.
-
-            This value must not be reused.
-            It shall contain a nonce or a random component.
-            Reusing the *initial counter block* for encryptions
-            performed with the same key compromises confidentiality.
-
-          prefix_len : integer
-            The amount of bytes at the beginning of the counter block
-            that never change.
-
-          counter_len : integer
-            The length in bytes of the counter embedded in the counter
-            block.
-
-          little_endian : boolean
-            True if the counter in the counter block is an integer encoded
-            in little endian mode. If False, it is big endian.
-        """
-
-        if len(initial_counter_block) == prefix_len + counter_len:
-            self.nonce = _copy_bytes(None, prefix_len, initial_counter_block)
-            """Nonce; not available if there is a fixed suffix"""
-
-        self._state = VoidPointer()
-        result = raw_ctr_lib.CTR_start_operation(block_cipher.get(),
-                                                 c_uint8_ptr(initial_counter_block),
-                                                 c_size_t(len(initial_counter_block)),
-                                                 c_size_t(prefix_len),
-                                                 counter_len,
-                                                 little_endian,
-                                                 self._state.address_of())
-        if result:
-            raise ValueError("Error %X while instantiating the CTR mode"
-                             % result)
-
-        # Ensure that object disposal of this Python object will (eventually)
-        # free the memory allocated by the raw library for the cipher mode
-        self._state = SmartPointer(self._state.get(),
-                                   raw_ctr_lib.CTR_stop_operation)
-
-        # Memory allocated for the underlying block cipher is now owed
-        # by the cipher mode
-        block_cipher.release()
-
-        self.block_size = len(initial_counter_block)
-        """The block size of the underlying cipher, in bytes."""
-
-        self._next = [self.encrypt, self.decrypt]
-
-    def encrypt(self, plaintext, output=None):
-        """Encrypt data with the key and the parameters set at initialization.
-
-        A cipher object is stateful: once you have encrypted a message
-        you cannot encrypt (or decrypt) another message using the same
-        object.
-
-        The data to encrypt can be broken up in two or
-        more pieces and `encrypt` can be called multiple times.
-
-        That is, the statement:
-
-            >>> c.encrypt(a) + c.encrypt(b)
-
-        is equivalent to:
-
-             >>> c.encrypt(a+b)
-
-        This function does not add any padding to the plaintext.
-
-        :Parameters:
-          plaintext : bytes/bytearray/memoryview
-            The piece of data to encrypt.
-            It can be of any length.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the ciphertext must be written to.
-            If ``None``, the ciphertext is returned.
-        :Return:
-          If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.encrypt not in self._next:
-            raise TypeError("encrypt() cannot be called after decrypt()")
-        self._next = [self.encrypt]
-        
-        if output is None:
-            ciphertext = create_string_buffer(len(plaintext))
-        else:
-            ciphertext = output
-            
-            if not is_writeable_buffer(output):
-                raise TypeError("output must be a bytearray or a writeable memoryview")
-        
-            if len(plaintext) != len(output):
-                raise ValueError("output must have the same length as the input"
-                                 "  (%d bytes)" % len(plaintext))
-
-        result = raw_ctr_lib.CTR_encrypt(self._state.get(),
-                                         c_uint8_ptr(plaintext),
-                                         c_uint8_ptr(ciphertext),
-                                         c_size_t(len(plaintext)))
-        if result:
-            if result == 0x60002:
-                raise OverflowError("The counter has wrapped around in"
-                                    " CTR mode")
-            raise ValueError("Error %X while encrypting in CTR mode" % result)
-        
-        if output is None:
-            return get_raw_buffer(ciphertext)
-        else:
-            return None
-
-    def decrypt(self, ciphertext, output=None):
-        """Decrypt data with the key and the parameters set at initialization.
-
-        A cipher object is stateful: once you have decrypted a message
-        you cannot decrypt (or encrypt) another message with the same
-        object.
-
-        The data to decrypt can be broken up in two or
-        more pieces and `decrypt` can be called multiple times.
-
-        That is, the statement:
-
-            >>> c.decrypt(a) + c.decrypt(b)
-
-        is equivalent to:
-
-             >>> c.decrypt(a+b)
-
-        This function does not remove any padding from the plaintext.
-
-        :Parameters:
-          ciphertext : bytes/bytearray/memoryview
-            The piece of data to decrypt.
-            It can be of any length.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the plaintext must be written to.
-            If ``None``, the plaintext is returned.
-        :Return:
-          If ``output`` is ``None``, the plaintext is returned as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.decrypt not in self._next:
-            raise TypeError("decrypt() cannot be called after encrypt()")
-        self._next = [self.decrypt]
-        
-        if output is None:
-            plaintext = create_string_buffer(len(ciphertext))
-        else:
-            plaintext = output
-
-            if not is_writeable_buffer(output):
-                raise TypeError("output must be a bytearray or a writeable memoryview")
-            
-            if len(ciphertext) != len(output):
-                raise ValueError("output must have the same length as the input"
-                                 "  (%d bytes)" % len(plaintext))
-
-
-        result = raw_ctr_lib.CTR_decrypt(self._state.get(),
-                                         c_uint8_ptr(ciphertext),
-                                         c_uint8_ptr(plaintext),
-                                         c_size_t(len(ciphertext)))
-        if result:
-            if result == 0x60002:
-                raise OverflowError("The counter has wrapped around in"
-                                    " CTR mode")
-            raise ValueError("Error %X while decrypting in CTR mode" % result)
-        
-        if output is None:
-            return get_raw_buffer(plaintext)
-        else:
-            return None
-
-
-def _create_ctr_cipher(factory, **kwargs):
-    """Instantiate a cipher object that performs CTR encryption/decryption.
-
-    :Parameters:
-      factory : module
-        The underlying block cipher, a module from ``Crypto.Cipher``.
-
-    :Keywords:
-      nonce : bytes/bytearray/memoryview
-        The fixed part at the beginning of the counter block - the rest is
-        the counter number that gets increased when processing the next block.
-        The nonce must be such that no two messages are encrypted under the
-        same key and the same nonce.
-
-        The nonce must be shorter than the block size (it can have
-        zero length; the counter is then as long as the block).
-
-        If this parameter is not present, a random nonce will be created with
-        length equal to half the block size. No random nonce shorter than
-        64 bits will be created though - you must really think through all
-        security consequences of using such a short block size.
-
-      initial_value : posive integer or bytes/bytearray/memoryview
-        The initial value for the counter. If not present, the cipher will
-        start counting from 0. The value is incremented by one for each block.
-        The counter number is encoded in big endian mode.
-
-      counter : object
-        Instance of ``Crypto.Util.Counter``, which allows full customization
-        of the counter block. This parameter is incompatible to both ``nonce``
-        and ``initial_value``.
-
-    Any other keyword will be passed to the underlying block cipher.
-    See the relevant documentation for details (at least ``key`` will need
-    to be present).
-    """
-
-    cipher_state = factory._create_base_cipher(kwargs)
-
-    counter = kwargs.pop("counter", None)
-    nonce = kwargs.pop("nonce", None)
-    initial_value = kwargs.pop("initial_value", None)
-    if kwargs:
-        raise TypeError("Invalid parameters for CTR mode: %s" % str(kwargs))
-
-    if counter is not None and (nonce, initial_value) != (None, None):
-            raise TypeError("'counter' and 'nonce'/'initial_value'"
-                            " are mutually exclusive")
-
-    if counter is None:
-        # Crypto.Util.Counter is not used
-        if nonce is None:
-            if factory.block_size < 16:
-                raise TypeError("Impossible to create a safe nonce for short"
-                                " block sizes")
-            nonce = get_random_bytes(factory.block_size // 2)
-        else:
-            if len(nonce) >= factory.block_size:
-                raise ValueError("Nonce is too long")
-        
-        # What is not nonce is counter
-        counter_len = factory.block_size - len(nonce)
-
-        if initial_value is None:
-            initial_value = 0
-
-        if is_native_int(initial_value):
-            if (1 << (counter_len * 8)) - 1 < initial_value:
-                raise ValueError("Initial counter value is too large")
-            initial_counter_block = nonce + long_to_bytes(initial_value, counter_len)
-        else:
-            if len(initial_value) != counter_len:
-                raise ValueError("Incorrect length for counter byte string (%d bytes, expected %d)" % (len(initial_value), counter_len))
-            initial_counter_block = nonce + initial_value
-
-        return CtrMode(cipher_state,
-                       initial_counter_block,
-                       len(nonce),                     # prefix
-                       counter_len,
-                       False)                          # little_endian
-
-    # Crypto.Util.Counter is used
-
-    # 'counter' used to be a callable object, but now it is
-    # just a dictionary for backward compatibility.
-    _counter = dict(counter)
-    try:
-        counter_len = _counter.pop("counter_len")
-        prefix = _counter.pop("prefix")
-        suffix = _counter.pop("suffix")
-        initial_value = _counter.pop("initial_value")
-        little_endian = _counter.pop("little_endian")
-    except KeyError:
-        raise TypeError("Incorrect counter object"
-                        " (use Crypto.Util.Counter.new)")
-
-    # Compute initial counter block
-    words = []
-    while initial_value > 0:
-        words.append(struct.pack('B', initial_value & 255))
-        initial_value >>= 8
-    words += [ b'\x00' ] * max(0, counter_len - len(words))
-    if not little_endian:
-        words.reverse()
-    initial_counter_block = prefix + b"".join(words) + suffix
-
-    if len(initial_counter_block) != factory.block_size:
-        raise ValueError("Size of the counter block (%d bytes) must match"
-                         " block size (%d)" % (len(initial_counter_block),
-                                               factory.block_size))
-
-    return CtrMode(cipher_state, initial_counter_block,
-                   len(prefix), counter_len, little_endian)

tls/pycryptoMod/lib/Crypto/Cipher/_mode_ctr.pyi

@@ -1,27 +0,0 @@
-from typing import Union, overload
-
-from tls.Crypto.Util._raw_api import SmartPointer
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-__all__ = ['CtrMode']
-
-class CtrMode(object):
-    block_size: int
-    nonce: bytes
-
-    def __init__(self,
-                 block_cipher: SmartPointer,
-                 initial_counter_block: Buffer,
-                 prefix_len: int,
-                 counter_len: int,
-                 little_endian: bool) -> None: ...
-    @overload
-    def encrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-    @overload
-    def decrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-

tls/pycryptoMod/lib/Crypto/Cipher/_mode_eax.py

@@ -1,408 +0,0 @@
-# ===================================================================
-#
-# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# ===================================================================
-
-"""
-EAX mode.
-"""
-
-__all__ = ['EaxMode']
-
-import struct
-from binascii import unhexlify
-
-from tls.Crypto.Util.py3compat import byte_string, bord, _copy_bytes
-
-from tls.Crypto.Util._raw_api import is_buffer
-
-from tls.Crypto.Util.strxor import strxor
-from tls.Crypto.Util.number import long_to_bytes, bytes_to_long
-
-from tls.Crypto.Hash import CMAC, BLAKE2s
-from tls.Crypto.Random import get_random_bytes
-
-
-class EaxMode(object):
-    """*EAX* mode.
-
-    This is an Authenticated Encryption with Associated Data
-    (`AEAD`_) mode. It provides both confidentiality and authenticity.
-
-    The header of the message may be left in the clear, if needed,
-    and it will still be subject to authentication.
-
-    The decryption step tells the receiver if the message comes
-    from a source that really knowns the secret key.
-    Additionally, decryption detects if any part of the message -
-    including the header - has been modified or corrupted.
-
-    This mode requires a *nonce*.
-
-    This mode is only available for ciphers that operate on 64 or
-    128 bits blocks.
-
-    There are no official standards defining EAX.
-    The implementation is based on `a proposal`__ that
-    was presented to NIST.
-
-    .. _AEAD: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
-    .. __: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
-
-    :undocumented: __init__
-    """
-
-    def __init__(self, factory, key, nonce, mac_len, cipher_params):
-        """EAX cipher mode"""
-
-        self.block_size = factory.block_size
-        """The block size of the underlying cipher, in bytes."""
-
-        self.nonce = _copy_bytes(None, None, nonce)
-        """The nonce originally used to create the object."""
-
-        self._mac_len = mac_len
-        self._mac_tag = None  # Cache for MAC tag
-
-        # Allowed transitions after initialization
-        self._next = [self.update, self.encrypt, self.decrypt,
-                      self.digest, self.verify]
-
-        # MAC tag length
-        if not (4 <= self._mac_len <= self.block_size):
-            raise ValueError("Parameter 'mac_len' must not be larger than %d"
-                             % self.block_size)
-
-        # Nonce cannot be empty and must be a byte string
-        if len(self.nonce) == 0:
-            raise ValueError("Nonce cannot be empty in EAX mode")
-        if not is_buffer(nonce):
-            raise TypeError("nonce must be bytes, bytearray or memoryview")
-
-        self._omac = [
-                CMAC.new(key,
-                         b'\x00' * (self.block_size - 1) + struct.pack('B', i),
-                         ciphermod=factory,
-                         cipher_params=cipher_params)
-                for i in range(0, 3)
-                ]
-
-        # Compute MAC of nonce
-        self._omac[0].update(self.nonce)
-        self._signer = self._omac[1]
-
-        # MAC of the nonce is also the initial counter for CTR encryption
-        counter_int = bytes_to_long(self._omac[0].digest())
-        self._cipher = factory.new(key,
-                                   factory.MODE_CTR,
-                                   initial_value=counter_int,
-                                   nonce=b"",
-                                   **cipher_params)
-
-    def update(self, assoc_data):
-        """Protect associated data
-
-        If there is any associated data, the caller has to invoke
-        this function one or more times, before using
-        ``decrypt`` or ``encrypt``.
-
-        By *associated data* it is meant any data (e.g. packet headers) that
-        will not be encrypted and will be transmitted in the clear.
-        However, the receiver is still able to detect any modification to it.
-
-        If there is no associated data, this method must not be called.
-
-        The caller may split associated data in segments of any size, and
-        invoke this method multiple times, each time with the next segment.
-
-        :Parameters:
-          assoc_data : bytes/bytearray/memoryview
-            A piece of associated data. There are no restrictions on its size.
-        """
-
-        if self.update not in self._next:
-            raise TypeError("update() can only be called"
-                                " immediately after initialization")
-
-        self._next = [self.update, self.encrypt, self.decrypt,
-                      self.digest, self.verify]
-
-        self._signer.update(assoc_data)
-        return self
-
-    def encrypt(self, plaintext, output=None):
-        """Encrypt data with the key and the parameters set at initialization.
-
-        A cipher object is stateful: once you have encrypted a message
-        you cannot encrypt (or decrypt) another message using the same
-        object.
-
-        The data to encrypt can be broken up in two or
-        more pieces and `encrypt` can be called multiple times.
-
-        That is, the statement:
-
-            >>> c.encrypt(a) + c.encrypt(b)
-
-        is equivalent to:
-
-             >>> c.encrypt(a+b)
-
-        This function does not add any padding to the plaintext.
-
-        :Parameters:
-          plaintext : bytes/bytearray/memoryview
-            The piece of data to encrypt.
-            It can be of any length.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the ciphertext must be written to.
-            If ``None``, the ciphertext is returned.
-        :Return:
-          If ``output`` is ``None``, the ciphertext as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.encrypt not in self._next:
-            raise TypeError("encrypt() can only be called after"
-                            " initialization or an update()")
-        self._next = [self.encrypt, self.digest]
-        ct = self._cipher.encrypt(plaintext, output=output)
-        if output is None:
-            self._omac[2].update(ct)
-        else:
-            self._omac[2].update(output)
-        return ct
-
-    def decrypt(self, ciphertext, output=None):
-        """Decrypt data with the key and the parameters set at initialization.
-
-        A cipher object is stateful: once you have decrypted a message
-        you cannot decrypt (or encrypt) another message with the same
-        object.
-
-        The data to decrypt can be broken up in two or
-        more pieces and `decrypt` can be called multiple times.
-
-        That is, the statement:
-
-            >>> c.decrypt(a) + c.decrypt(b)
-
-        is equivalent to:
-
-             >>> c.decrypt(a+b)
-
-        This function does not remove any padding from the plaintext.
-
-        :Parameters:
-          ciphertext : bytes/bytearray/memoryview
-            The piece of data to decrypt.
-            It can be of any length.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the plaintext must be written to.
-            If ``None``, the plaintext is returned.
-        :Return:
-          If ``output`` is ``None``, the plaintext as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.decrypt not in self._next:
-            raise TypeError("decrypt() can only be called"
-                            " after initialization or an update()")
-        self._next = [self.decrypt, self.verify]
-        self._omac[2].update(ciphertext)
-        return self._cipher.decrypt(ciphertext, output=output)
-
-    def digest(self):
-        """Compute the *binary* MAC tag.
-
-        The caller invokes this function at the very end.
-
-        This method returns the MAC that shall be sent to the receiver,
-        together with the ciphertext.
-
-        :Return: the MAC, as a byte string.
-        """
-
-        if self.digest not in self._next:
-            raise TypeError("digest() cannot be called when decrypting"
-                                " or validating a message")
-        self._next = [self.digest]
-
-        if not self._mac_tag:
-            tag = b'\x00' * self.block_size
-            for i in range(3):
-                tag = strxor(tag, self._omac[i].digest())
-            self._mac_tag = tag[:self._mac_len]
-
-        return self._mac_tag
-
-    def hexdigest(self):
-        """Compute the *printable* MAC tag.
-
-        This method is like `digest`.
-
-        :Return: the MAC, as a hexadecimal string.
-        """
-        return "".join(["%02x" % bord(x) for x in self.digest()])
-
-    def verify(self, received_mac_tag):
-        """Validate the *binary* MAC tag.
-
-        The caller invokes this function at the very end.
-
-        This method checks if the decrypted message is indeed valid
-        (that is, if the key is correct) and it has not been
-        tampered with while in transit.
-
-        :Parameters:
-          received_mac_tag : bytes/bytearray/memoryview
-            This is the *binary* MAC, as received from the sender.
-        :Raises MacMismatchError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        if self.verify not in self._next:
-            raise TypeError("verify() cannot be called"
-                                " when encrypting a message")
-        self._next = [self.verify]
-
-        if not self._mac_tag:
-            tag = b'\x00' * self.block_size
-            for i in range(3):
-                tag = strxor(tag, self._omac[i].digest())
-            self._mac_tag = tag[:self._mac_len]
-
-        secret = get_random_bytes(16)
-
-        mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=self._mac_tag)
-        mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=received_mac_tag)
-
-        if mac1.digest() != mac2.digest():
-            raise ValueError("MAC check failed")
-
-    def hexverify(self, hex_mac_tag):
-        """Validate the *printable* MAC tag.
-
-        This method is like `verify`.
-
-        :Parameters:
-          hex_mac_tag : string
-            This is the *printable* MAC, as received from the sender.
-        :Raises MacMismatchError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        self.verify(unhexlify(hex_mac_tag))
-
-    def encrypt_and_digest(self, plaintext, output=None):
-        """Perform encrypt() and digest() in one step.
-
-        :Parameters:
-          plaintext : bytes/bytearray/memoryview
-            The piece of data to encrypt.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the ciphertext must be written to.
-            If ``None``, the ciphertext is returned.
-        :Return:
-            a tuple with two items:
-
-            - the ciphertext, as ``bytes``
-            - the MAC tag, as ``bytes``
-
-            The first item becomes ``None`` when the ``output`` parameter
-            specified a location for the result.
-        """
-
-        return self.encrypt(plaintext, output=output), self.digest()
-
-    def decrypt_and_verify(self, ciphertext, received_mac_tag, output=None):
-        """Perform decrypt() and verify() in one step.
-
-        :Parameters:
-          ciphertext : bytes/bytearray/memoryview
-            The piece of data to decrypt.
-          received_mac_tag : bytes/bytearray/memoryview
-            This is the *binary* MAC, as received from the sender.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the plaintext must be written to.
-            If ``None``, the plaintext is returned.
-        :Return: the plaintext as ``bytes`` or ``None`` when the ``output``
-            parameter specified a location for the result.
-        :Raises MacMismatchError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        pt = self.decrypt(ciphertext, output=output)
-        self.verify(received_mac_tag)
-        return pt
-
-
-def _create_eax_cipher(factory, **kwargs):
-    """Create a new block cipher, configured in EAX mode.
-
-    :Parameters:
-      factory : module
-        A symmetric cipher module from `Crypto.Cipher` (like
-        `Crypto.Cipher.AES`).
-
-    :Keywords:
-      key : bytes/bytearray/memoryview
-        The secret key to use in the symmetric cipher.
-
-      nonce : bytes/bytearray/memoryview
-        A value that must never be reused for any other encryption.
-        There are no restrictions on its length, but it is recommended to use
-        at least 16 bytes.
-
-        The nonce shall never repeat for two different messages encrypted with
-        the same key, but it does not need to be random.
-
-        If not specified, a 16 byte long random string is used.
-
-      mac_len : integer
-        Length of the MAC, in bytes. It must be no larger than the cipher
-        block bytes (which is the default).
-    """
-
-    try:
-        key = kwargs.pop("key")
-        nonce = kwargs.pop("nonce", None)
-        if nonce is None:
-            nonce = get_random_bytes(16)
-        mac_len = kwargs.pop("mac_len", factory.block_size)
-    except KeyError as e:
-        raise TypeError("Missing parameter: " + str(e))
-
-    return EaxMode(factory, key, nonce, mac_len, kwargs)

tls/pycryptoMod/lib/Crypto/Cipher/_mode_eax.pyi

@@ -1,45 +0,0 @@
-from types import ModuleType
-from typing import Any, Union, Tuple, Dict, overload, Optional
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-__all__ = ['EaxMode']
-
-class EaxMode(object):
-    block_size: int
-    nonce: bytes
-    
-    def __init__(self,
-                 factory: ModuleType,
-                 key: Buffer,
-                 nonce: Buffer,
-                 mac_len: int,
-                 cipher_params: Dict) -> None: ...
-    
-    def update(self, assoc_data: Buffer) -> EaxMode: ...
-
-    @overload
-    def encrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-    @overload
-    def decrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-
-    def digest(self) -> bytes: ...
-    def hexdigest(self) -> str: ...
-    def verify(self, received_mac_tag: Buffer) -> None: ...
-    def hexverify(self, hex_mac_tag: str) -> None: ...
-
-    @overload
-    def encrypt_and_digest(self,
-                           plaintext: Buffer) -> Tuple[bytes, bytes]: ...
-    @overload
-    def encrypt_and_digest(self,
-                           plaintext: Buffer,
-                           output: Buffer) -> Tuple[None, bytes]: ...
-    def decrypt_and_verify(self,
-                           ciphertext: Buffer,
-                           received_mac_tag: Buffer,
-                           output: Optional[Union[bytearray, memoryview]] = ...) -> bytes: ...

tls/pycryptoMod/lib/Crypto/Cipher/_mode_ecb.py

@@ -1,218 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-#  Cipher/mode_ecb.py : ECB mode
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain.  To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-
-"""
-Electronic Code Book (ECB) mode.
-"""
-
-__all__ = [ 'EcbMode' ]
-
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
-                                  VoidPointer, create_string_buffer,
-                                  get_raw_buffer, SmartPointer,
-                                  c_size_t, c_uint8_ptr,
-                                  is_writeable_buffer)
-
-raw_ecb_lib = load_pycryptodome_raw_lib("Crypto.Cipher._raw_ecb", """
-                    int ECB_start_operation(void *cipher,
-                                            void **pResult);
-                    int ECB_encrypt(void *ecbState,
-                                    const uint8_t *in,
-                                    uint8_t *out,
-                                    size_t data_len);
-                    int ECB_decrypt(void *ecbState,
-                                    const uint8_t *in,
-                                    uint8_t *out,
-                                    size_t data_len);
-                    int ECB_stop_operation(void *state);
-                    """
-                                        )
-
-
-class EcbMode(object):
-    """*Electronic Code Book (ECB)*.
-
-    This is the simplest encryption mode. Each of the plaintext blocks
-    is directly encrypted into a ciphertext block, independently of
-    any other block.
-
-    This mode is dangerous because it exposes frequency of symbols
-    in your plaintext. Other modes (e.g. *CBC*) should be used instead.
-
-    See `NIST SP800-38A`_ , Section 6.1.
-
-    .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
-
-    :undocumented: __init__
-    """
-
-    def __init__(self, block_cipher):
-        """Create a new block cipher, configured in ECB mode.
-
-        :Parameters:
-          block_cipher : C pointer
-            A smart pointer to the low-level block cipher instance.
-        """
-
-        self._state = VoidPointer()
-        result = raw_ecb_lib.ECB_start_operation(block_cipher.get(),
-                                                 self._state.address_of())
-        if result:
-            raise ValueError("Error %d while instantiating the ECB mode"
-                             % result)
-
-        # Ensure that object disposal of this Python object will (eventually)
-        # free the memory allocated by the raw library for the cipher
-        # mode
-        self._state = SmartPointer(self._state.get(),
-                                   raw_ecb_lib.ECB_stop_operation)
-
-        # Memory allocated for the underlying block cipher is now owned
-        # by the cipher mode
-        block_cipher.release()
-
-    def encrypt(self, plaintext, output=None):
-        """Encrypt data with the key set at initialization.
-
-        The data to encrypt can be broken up in two or
-        more pieces and `encrypt` can be called multiple times.
-
-        That is, the statement:
-
-            >>> c.encrypt(a) + c.encrypt(b)
-
-        is equivalent to:
-
-             >>> c.encrypt(a+b)
-
-        This function does not add any padding to the plaintext.
-
-        :Parameters:
-          plaintext : bytes/bytearray/memoryview
-            The piece of data to encrypt.
-            The length must be multiple of the cipher block length.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the ciphertext must be written to.
-            If ``None``, the ciphertext is returned.
-        :Return:
-          If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if output is None:
-            ciphertext = create_string_buffer(len(plaintext))
-        else:
-            ciphertext = output
-            
-            if not is_writeable_buffer(output):
-                raise TypeError("output must be a bytearray or a writeable memoryview")
-        
-            if len(plaintext) != len(output):
-                raise ValueError("output must have the same length as the input"
-                                 "  (%d bytes)" % len(plaintext))
-
-        result = raw_ecb_lib.ECB_encrypt(self._state.get(),
-                                         c_uint8_ptr(plaintext),
-                                         c_uint8_ptr(ciphertext),
-                                         c_size_t(len(plaintext)))
-        if result:
-            if result == 3:
-                raise ValueError("Data must be aligned to block boundary in ECB mode")
-            raise ValueError("Error %d while encrypting in ECB mode" % result)
-        
-        if output is None:
-            return get_raw_buffer(ciphertext)
-        else:
-            return None
-
-    def decrypt(self, ciphertext, output=None):
-        """Decrypt data with the key set at initialization.
-
-        The data to decrypt can be broken up in two or
-        more pieces and `decrypt` can be called multiple times.
-
-        That is, the statement:
-
-            >>> c.decrypt(a) + c.decrypt(b)
-
-        is equivalent to:
-
-             >>> c.decrypt(a+b)
-
-        This function does not remove any padding from the plaintext.
-
-        :Parameters:
-          ciphertext : bytes/bytearray/memoryview
-            The piece of data to decrypt.
-            The length must be multiple of the cipher block length.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the plaintext must be written to.
-            If ``None``, the plaintext is returned.
-        :Return:
-          If ``output`` is ``None``, the plaintext is returned as ``bytes``.
-          Otherwise, ``None``.
-        """
-        
-        if output is None:
-            plaintext = create_string_buffer(len(ciphertext))
-        else:
-            plaintext = output
-
-            if not is_writeable_buffer(output):
-                raise TypeError("output must be a bytearray or a writeable memoryview")
-            
-            if len(ciphertext) != len(output):
-                raise ValueError("output must have the same length as the input"
-                                 "  (%d bytes)" % len(plaintext))
-
-        result = raw_ecb_lib.ECB_decrypt(self._state.get(),
-                                         c_uint8_ptr(ciphertext),
-                                         c_uint8_ptr(plaintext),
-                                         c_size_t(len(ciphertext)))
-        if result:
-            if result == 3:
-                raise ValueError("Data must be aligned to block boundary in ECB mode")
-            raise ValueError("Error %d while decrypting in ECB mode" % result)
-
-        if output is None:
-            return get_raw_buffer(plaintext)
-        else:
-            return None
-
-
-def _create_ecb_cipher(factory, **kwargs):
-    """Instantiate a cipher object that performs ECB encryption/decryption.
-
-    :Parameters:
-      factory : module
-        The underlying block cipher, a module from ``Crypto.Cipher``.
-
-    All keywords are passed to the underlying block cipher.
-    See the relevant documentation for details (at least ``key`` will need
-    to be present"""
-
-    cipher_state = factory._create_base_cipher(kwargs)
-    if kwargs:
-        raise TypeError("Unknown parameters for ECB: %s" % str(kwargs))
-    return EcbMode(cipher_state)

tls/pycryptoMod/lib/Crypto/Cipher/_mode_ecb.pyi

@@ -1,19 +0,0 @@
-from typing import Union, overload
-
-from tls.Crypto.Util._raw_api import SmartPointer
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-__all__ = [ 'EcbMode' ]
-
-class EcbMode(object):
-    def __init__(self, block_cipher: SmartPointer) -> None: ...
-    @overload
-    def encrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-    @overload
-    def decrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-

tls/pycryptoMod/lib/Crypto/Cipher/_mode_gcm.py

@@ -1,620 +0,0 @@
-# ===================================================================
-#
-# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# ===================================================================
-
-"""
-Galois/Counter Mode (GCM).
-"""
-
-__all__ = ['GcmMode']
-
-from binascii import unhexlify
-
-from tls.Crypto.Util.py3compat import bord, _copy_bytes
-
-from tls.Crypto.Util._raw_api import is_buffer
-
-from tls.Crypto.Util.number import long_to_bytes, bytes_to_long
-from tls.Crypto.Hash import BLAKE2s
-from tls.Crypto.Random import get_random_bytes
-
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer,
-                                  create_string_buffer, get_raw_buffer,
-                                  SmartPointer, c_size_t, c_uint8_ptr)
-
-from tls.Crypto.Util import _cpu_features
-
-
-# C API by module implementing GHASH
-_ghash_api_template = """
-    int ghash_%imp%(uint8_t y_out[16],
-                    const uint8_t block_data[],
-                    size_t len,
-                    const uint8_t y_in[16],
-                    const void *exp_key);
-    int ghash_expand_%imp%(const uint8_t h[16],
-                           void **ghash_tables);
-    int ghash_destroy_%imp%(void *ghash_tables);
-"""
-
-def _build_impl(lib, postfix):
-    from collections import namedtuple
-
-    funcs = ( "ghash", "ghash_expand", "ghash_destroy" )
-    GHASH_Imp = namedtuple('_GHash_Imp', funcs)
-    try:
-        imp_funcs = [ getattr(lib, x + "_" + postfix) for x in funcs ]
-    except AttributeError:      # Make sphinx stop complaining with its mocklib
-        imp_funcs = [ None ] * 3
-    params = dict(zip(funcs, imp_funcs))
-    return GHASH_Imp(**params)
-
-
-def _get_ghash_portable():
-    api = _ghash_api_template.replace("%imp%", "portable")
-    lib = load_pycryptodome_raw_lib("Crypto.Hash._ghash_portable", api)
-    result = _build_impl(lib, "portable")
-    return result
-_ghash_portable = _get_ghash_portable()
-
-
-def _get_ghash_clmul():
-    """Return None if CLMUL implementation is not available"""
-
-    if not _cpu_features.have_clmul():
-        return None
-    try:
-        api = _ghash_api_template.replace("%imp%", "clmul")
-        lib = load_pycryptodome_raw_lib("Crypto.Hash._ghash_clmul", api)
-        result = _build_impl(lib, "clmul")
-    except OSError:
-        result = None
-    return result
-_ghash_clmul = _get_ghash_clmul()
-
-
-class _GHASH(object):
-    """GHASH function defined in NIST SP 800-38D, Algorithm 2.
-
-    If X_1, X_2, .. X_m are the blocks of input data, the function
-    computes:
-
-       X_1*H^{m} + X_2*H^{m-1} + ... + X_m*H
-
-    in the Galois field GF(2^256) using the reducing polynomial
-    (x^128 + x^7 + x^2 + x + 1).
-    """
-
-    def __init__(self, subkey, ghash_c):
-        assert len(subkey) == 16
-
-        self.ghash_c = ghash_c
-
-        self._exp_key = VoidPointer()
-        result = ghash_c.ghash_expand(c_uint8_ptr(subkey),
-                                      self._exp_key.address_of())
-        if result:
-            raise ValueError("Error %d while expanding the GHASH key" % result)
-
-        self._exp_key = SmartPointer(self._exp_key.get(),
-                                     ghash_c.ghash_destroy)
-
-        # create_string_buffer always returns a string of zeroes
-        self._last_y = create_string_buffer(16)
-
-    def update(self, block_data):
-        assert len(block_data) % 16 == 0
-
-        result = self.ghash_c.ghash(self._last_y,
-                                    c_uint8_ptr(block_data),
-                                    c_size_t(len(block_data)),
-                                    self._last_y,
-                                    self._exp_key.get())
-        if result:
-            raise ValueError("Error %d while updating GHASH" % result)
-
-        return self
-
-    def digest(self):
-        return get_raw_buffer(self._last_y)
-
-
-def enum(**enums):
-    return type('Enum', (), enums)
-
-
-MacStatus = enum(PROCESSING_AUTH_DATA=1, PROCESSING_CIPHERTEXT=2)
-
-
-class GcmMode(object):
-    """Galois Counter Mode (GCM).
-
-    This is an Authenticated Encryption with Associated Data (`AEAD`_) mode.
-    It provides both confidentiality and authenticity.
-
-    The header of the message may be left in the clear, if needed, and it will
-    still be subject to authentication. The decryption step tells the receiver
-    if the message comes from a source that really knowns the secret key.
-    Additionally, decryption detects if any part of the message - including the
-    header - has been modified or corrupted.
-
-    This mode requires a *nonce*.
-
-    This mode is only available for ciphers that operate on 128 bits blocks
-    (e.g. AES but not TDES).
-
-    See `NIST SP800-38D`_.
-
-    .. _`NIST SP800-38D`: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
-    .. _AEAD: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
-
-    :undocumented: __init__
-    """
-
-    def __init__(self, factory, key, nonce, mac_len, cipher_params, ghash_c):
-
-        self.block_size = factory.block_size
-        if self.block_size != 16:
-            raise ValueError("GCM mode is only available for ciphers"
-                             " that operate on 128 bits blocks")
-
-        if len(nonce) == 0:
-            raise ValueError("Nonce cannot be empty")
-        
-        if not is_buffer(nonce):
-            raise TypeError("Nonce must be bytes, bytearray or memoryview")
-
-        # See NIST SP 800 38D, 5.2.1.1
-        if len(nonce) > 2**64 - 1:
-            raise ValueError("Nonce exceeds maximum length")
-
-
-        self.nonce = _copy_bytes(None, None, nonce)
-        """Nonce"""
-
-        self._factory = factory
-        self._key = _copy_bytes(None, None, key)
-        self._tag = None  # Cache for MAC tag
-
-        self._mac_len = mac_len
-        if not (4 <= mac_len <= 16):
-            raise ValueError("Parameter 'mac_len' must be in the range 4..16")
-
-        # Allowed transitions after initialization
-        self._next = [self.update, self.encrypt, self.decrypt,
-                      self.digest, self.verify]
-
-        self._no_more_assoc_data = False
-
-        # Length of associated data
-        self._auth_len = 0
-
-        # Length of the ciphertext or plaintext
-        self._msg_len = 0
-
-        # Step 1 in SP800-38D, Algorithm 4 (encryption) - Compute H
-        # See also Algorithm 5 (decryption)
-        hash_subkey = factory.new(key,
-                                  self._factory.MODE_ECB,
-                                  **cipher_params
-                                  ).encrypt(b'\x00' * 16)
-
-        # Step 2 - Compute J0
-        if len(self.nonce) == 12:
-            j0 = self.nonce + b"\x00\x00\x00\x01"
-        else:
-            fill = (16 - (len(nonce) % 16)) % 16 + 8
-            ghash_in = (self.nonce +
-                        b'\x00' * fill +
-                        long_to_bytes(8 * len(nonce), 8))
-            j0 = _GHASH(hash_subkey, ghash_c).update(ghash_in).digest()
-
-        # Step 3 - Prepare GCTR cipher for encryption/decryption
-        nonce_ctr = j0[:12]
-        iv_ctr = (bytes_to_long(j0) + 1) & 0xFFFFFFFF
-        self._cipher = factory.new(key,
-                                   self._factory.MODE_CTR,
-                                   initial_value=iv_ctr,
-                                   nonce=nonce_ctr,
-                                   **cipher_params)
-
-        # Step 5 - Bootstrat GHASH
-        self._signer = _GHASH(hash_subkey, ghash_c)
-
-        # Step 6 - Prepare GCTR cipher for GMAC
-        self._tag_cipher = factory.new(key,
-                                       self._factory.MODE_CTR,
-                                       initial_value=j0,
-                                       nonce=b"",
-                                       **cipher_params)
-
-        # Cache for data to authenticate
-        self._cache = b""
-
-        self._status = MacStatus.PROCESSING_AUTH_DATA
-
-    def update(self, assoc_data):
-        """Protect associated data
-
-        If there is any associated data, the caller has to invoke
-        this function one or more times, before using
-        ``decrypt`` or ``encrypt``.
-
-        By *associated data* it is meant any data (e.g. packet headers) that
-        will not be encrypted and will be transmitted in the clear.
-        However, the receiver is still able to detect any modification to it.
-        In GCM, the *associated data* is also called
-        *additional authenticated data* (AAD).
-
-        If there is no associated data, this method must not be called.
-
-        The caller may split associated data in segments of any size, and
-        invoke this method multiple times, each time with the next segment.
-
-        :Parameters:
-          assoc_data : bytes/bytearray/memoryview
-            A piece of associated data. There are no restrictions on its size.
-        """
-
-        if self.update not in self._next:
-            raise TypeError("update() can only be called"
-                            " immediately after initialization")
-
-        self._next = [self.update, self.encrypt, self.decrypt,
-                      self.digest, self.verify]
-
-        self._update(assoc_data)
-        self._auth_len += len(assoc_data)
-
-        # See NIST SP 800 38D, 5.2.1.1
-        if self._auth_len > 2**64 - 1:
-            raise ValueError("Additional Authenticated Data exceeds maximum length")
-
-        return self
-
-    def _update(self, data):
-        assert(len(self._cache) < 16)
-
-        if len(self._cache) > 0:
-            filler = min(16 - len(self._cache), len(data))
-            self._cache += _copy_bytes(None, filler, data)
-            data = data[filler:]
-
-            if len(self._cache) < 16:
-                return
-
-            # The cache is exactly one block
-            self._signer.update(self._cache)
-            self._cache = b""
-
-        update_len = len(data) // 16 * 16
-        self._cache = _copy_bytes(update_len, None, data)
-        if update_len > 0:
-            self._signer.update(data[:update_len])
-
-    def _pad_cache_and_update(self):
-        assert(len(self._cache) < 16)
-
-        # The authenticated data A is concatenated to the minimum
-        # number of zero bytes (possibly none) such that the
-        # - ciphertext C is aligned to the 16 byte boundary.
-        #   See step 5 in section 7.1
-        # - ciphertext C is aligned to the 16 byte boundary.
-        #   See step 6 in section 7.2
-        len_cache = len(self._cache)
-        if len_cache > 0:
-            self._update(b'\x00' * (16 - len_cache))
-
-    def encrypt(self, plaintext, output=None):
-        """Encrypt data with the key and the parameters set at initialization.
-
-        A cipher object is stateful: once you have encrypted a message
-        you cannot encrypt (or decrypt) another message using the same
-        object.
-
-        The data to encrypt can be broken up in two or
-        more pieces and `encrypt` can be called multiple times.
-
-        That is, the statement:
-
-            >>> c.encrypt(a) + c.encrypt(b)
-
-        is equivalent to:
-
-             >>> c.encrypt(a+b)
-
-        This function does not add any padding to the plaintext.
-
-        :Parameters:
-          plaintext : bytes/bytearray/memoryview
-            The piece of data to encrypt.
-            It can be of any length.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the ciphertext must be written to.
-            If ``None``, the ciphertext is returned.
-        :Return:
-          If ``output`` is ``None``, the ciphertext as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.encrypt not in self._next:
-            raise TypeError("encrypt() can only be called after"
-                            " initialization or an update()")
-        self._next = [self.encrypt, self.digest]
-
-        ciphertext = self._cipher.encrypt(plaintext, output=output)
-
-        if self._status == MacStatus.PROCESSING_AUTH_DATA:
-            self._pad_cache_and_update()
-            self._status = MacStatus.PROCESSING_CIPHERTEXT
-
-        self._update(ciphertext if output is None else output)
-        self._msg_len += len(plaintext)
-
-        # See NIST SP 800 38D, 5.2.1.1
-        if self._msg_len > 2**39 - 256:
-            raise ValueError("Plaintext exceeds maximum length")
-
-        return ciphertext
-
-    def decrypt(self, ciphertext, output=None):
-        """Decrypt data with the key and the parameters set at initialization.
-
-        A cipher object is stateful: once you have decrypted a message
-        you cannot decrypt (or encrypt) another message with the same
-        object.
-
-        The data to decrypt can be broken up in two or
-        more pieces and `decrypt` can be called multiple times.
-
-        That is, the statement:
-
-            >>> c.decrypt(a) + c.decrypt(b)
-
-        is equivalent to:
-
-             >>> c.decrypt(a+b)
-
-        This function does not remove any padding from the plaintext.
-
-        :Parameters:
-          ciphertext : bytes/bytearray/memoryview
-            The piece of data to decrypt.
-            It can be of any length.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the plaintext must be written to.
-            If ``None``, the plaintext is returned.
-        :Return:
-          If ``output`` is ``None``, the plaintext as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.decrypt not in self._next:
-            raise TypeError("decrypt() can only be called"
-                            " after initialization or an update()")
-        self._next = [self.decrypt, self.verify]
-
-        if self._status == MacStatus.PROCESSING_AUTH_DATA:
-            self._pad_cache_and_update()
-            self._status = MacStatus.PROCESSING_CIPHERTEXT
-
-        self._update(ciphertext)
-        self._msg_len += len(ciphertext)
-
-        return self._cipher.decrypt(ciphertext, output=output)
-
-    def digest(self):
-        """Compute the *binary* MAC tag in an AEAD mode.
-
-        The caller invokes this function at the very end.
-
-        This method returns the MAC that shall be sent to the receiver,
-        together with the ciphertext.
-
-        :Return: the MAC, as a byte string.
-        """
-
-        if self.digest not in self._next:
-            raise TypeError("digest() cannot be called when decrypting"
-                            " or validating a message")
-        self._next = [self.digest]
-
-        return self._compute_mac()
-
-    def _compute_mac(self):
-        """Compute MAC without any FSM checks."""
-
-        if self._tag:
-            return self._tag
-
-        # Step 5 in NIST SP 800-38D, Algorithm 4 - Compute S
-        self._pad_cache_and_update()
-        self._update(long_to_bytes(8 * self._auth_len, 8))
-        self._update(long_to_bytes(8 * self._msg_len, 8))
-        s_tag = self._signer.digest()
-
-        # Step 6 - Compute T
-        self._tag = self._tag_cipher.encrypt(s_tag)[:self._mac_len]
-
-        return self._tag
-
-    def hexdigest(self):
-        """Compute the *printable* MAC tag.
-
-        This method is like `digest`.
-
-        :Return: the MAC, as a hexadecimal string.
-        """
-        return "".join(["%02x" % bord(x) for x in self.digest()])
-
-    def verify(self, received_mac_tag):
-        """Validate the *binary* MAC tag.
-
-        The caller invokes this function at the very end.
-
-        This method checks if the decrypted message is indeed valid
-        (that is, if the key is correct) and it has not been
-        tampered with while in transit.
-
-        :Parameters:
-          received_mac_tag : bytes/bytearray/memoryview
-            This is the *binary* MAC, as received from the sender.
-        :Raises ValueError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        if self.verify not in self._next:
-            raise TypeError("verify() cannot be called"
-                            " when encrypting a message")
-        self._next = [self.verify]
-
-        secret = get_random_bytes(16)
-
-        mac1 = BLAKE2s.new(digest_bits=160, key=secret,
-                           data=self._compute_mac())
-        mac2 = BLAKE2s.new(digest_bits=160, key=secret,
-                           data=received_mac_tag)
-
-        if mac1.digest() != mac2.digest():
-            raise ValueError("MAC check failed")
-
-    def hexverify(self, hex_mac_tag):
-        """Validate the *printable* MAC tag.
-
-        This method is like `verify`.
-
-        :Parameters:
-          hex_mac_tag : string
-            This is the *printable* MAC, as received from the sender.
-        :Raises ValueError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        self.verify(unhexlify(hex_mac_tag))
-
-    def encrypt_and_digest(self, plaintext, output=None):
-        """Perform encrypt() and digest() in one step.
-
-        :Parameters:
-          plaintext : bytes/bytearray/memoryview
-            The piece of data to encrypt.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the ciphertext must be written to.
-            If ``None``, the ciphertext is returned.
-        :Return:
-            a tuple with two items:
-
-            - the ciphertext, as ``bytes``
-            - the MAC tag, as ``bytes``
-
-            The first item becomes ``None`` when the ``output`` parameter
-            specified a location for the result.
-        """
-
-        return self.encrypt(plaintext, output=output), self.digest()
-
-    def decrypt_and_verify(self, ciphertext, received_mac_tag, output=None):
-        """Perform decrypt() and verify() in one step.
-
-        :Parameters:
-          ciphertext : bytes/bytearray/memoryview
-            The piece of data to decrypt.
-          received_mac_tag : byte string
-            This is the *binary* MAC, as received from the sender.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the plaintext must be written to.
-            If ``None``, the plaintext is returned.
-        :Return: the plaintext as ``bytes`` or ``None`` when the ``output``
-            parameter specified a location for the result.
-        :Raises ValueError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        plaintext = self.decrypt(ciphertext, output=output)
-        self.verify(received_mac_tag)
-        return plaintext
-
-
-def _create_gcm_cipher(factory, **kwargs):
-    """Create a new block cipher, configured in Galois Counter Mode (GCM).
-
-    :Parameters:
-      factory : module
-        A block cipher module, taken from `Crypto.Cipher`.
-        The cipher must have block length of 16 bytes.
-        GCM has been only defined for `Crypto.Cipher.AES`.
-
-    :Keywords:
-      key : bytes/bytearray/memoryview
-        The secret key to use in the symmetric cipher.
-        It must be 16 (e.g. *AES-128*), 24 (e.g. *AES-192*)
-        or 32 (e.g. *AES-256*) bytes long.
-
-      nonce : bytes/bytearray/memoryview
-        A value that must never be reused for any other encryption.
-
-        There are no restrictions on its length,
-        but it is recommended to use at least 16 bytes.
-
-        The nonce shall never repeat for two
-        different messages encrypted with the same key,
-        but it does not need to be random.
-
-        If not provided, a 16 byte nonce will be randomly created.
-
-      mac_len : integer
-        Length of the MAC, in bytes.
-        It must be no larger than 16 bytes (which is the default).
-    """
-
-    try:
-        key = kwargs.pop("key")
-    except KeyError as e:
-        raise TypeError("Missing parameter:" + str(e))
-
-    nonce = kwargs.pop("nonce", None)
-    if nonce is None:
-        nonce = get_random_bytes(16)
-    mac_len = kwargs.pop("mac_len", 16)
-
-    # Not documented - only used for testing
-    use_clmul = kwargs.pop("use_clmul", True)
-    if use_clmul and _ghash_clmul:
-        ghash_c = _ghash_clmul
-    else:
-        ghash_c = _ghash_portable
-
-    return GcmMode(factory, key, nonce, mac_len, kwargs, ghash_c)

tls/pycryptoMod/lib/Crypto/Cipher/_mode_gcm.pyi

@@ -1,45 +0,0 @@
-from types import ModuleType
-from typing import Union, Tuple, Dict, overload, Optional
-
-__all__ = ['GcmMode']
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-class GcmMode(object):
-    block_size: int
-    nonce: Buffer
-    
-    def __init__(self,
-                 factory: ModuleType,
-                 key: Buffer,
-                 nonce: Buffer,
-                 mac_len: int,
-                 cipher_params: Dict) -> None: ...
-    
-    def update(self, assoc_data: Buffer) -> GcmMode: ...
-
-    @overload
-    def encrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-    @overload
-    def decrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-
-    def digest(self) -> bytes: ...
-    def hexdigest(self) -> str: ...
-    def verify(self, received_mac_tag: Buffer) -> None: ...
-    def hexverify(self, hex_mac_tag: str) -> None: ...
-
-    @overload
-    def encrypt_and_digest(self,
-                           plaintext: Buffer) -> Tuple[bytes, bytes]: ...
-    @overload
-    def encrypt_and_digest(self,
-                           plaintext: Buffer,
-                           output: Buffer) -> Tuple[None, bytes]: ...
-    def decrypt_and_verify(self,
-                           ciphertext: Buffer,
-                           received_mac_tag: Buffer,
-                           output: Optional[Union[bytearray, memoryview]] = ...) -> bytes: ...

tls/pycryptoMod/lib/Crypto/Cipher/_mode_ocb.py

@@ -1,525 +0,0 @@
-# ===================================================================
-#
-# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# ===================================================================
-
-"""
-Offset Codebook (OCB) mode.
-
-OCB is Authenticated Encryption with Associated Data (AEAD) cipher mode
-designed by Prof. Phillip Rogaway and specified in `RFC7253`_.
-
-The algorithm provides both authenticity and privacy, it is very efficient,
-it uses only one key and it can be used in online mode (so that encryption
-or decryption can start before the end of the message is available).
-
-This module implements the third and last variant of OCB (OCB3) and it only
-works in combination with a 128-bit block symmetric cipher, like AES.
-
-OCB is patented in US but `free licenses`_ exist for software implementations
-meant for non-military purposes.
-
-Example:
-    >>> from tls.Crypto.Cipher import AES
-    >>> from tls.Crypto.Random import get_random_bytes
-    >>>
-    >>> key = get_random_bytes(32)
-    >>> cipher = AES.new(key, AES.MODE_OCB)
-    >>> plaintext = b"Attack at dawn"
-    >>> ciphertext, mac = cipher.encrypt_and_digest(plaintext)
-    >>> # Deliver cipher.nonce, ciphertext and mac
-    ...
-    >>> cipher = AES.new(key, AES.MODE_OCB, nonce=nonce)
-    >>> try:
-    >>>     plaintext = cipher.decrypt_and_verify(ciphertext, mac)
-    >>> except ValueError:
-    >>>     print "Invalid message"
-    >>> else:
-    >>>     print plaintext
-
-:undocumented: __package__
-
-.. _RFC7253: http://www.rfc-editor.org/info/rfc7253
-.. _free licenses: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
-"""
-
-import struct
-from binascii import unhexlify
-
-from tls.Crypto.Util.py3compat import bord, _copy_bytes
-from tls.Crypto.Util.number import long_to_bytes, bytes_to_long
-from tls.Crypto.Util.strxor import strxor
-
-from tls.Crypto.Hash import BLAKE2s
-from tls.Crypto.Random import get_random_bytes
-
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer,
-                                  create_string_buffer, get_raw_buffer,
-                                  SmartPointer, c_size_t, c_uint8_ptr,
-                                  is_buffer)
-
-_raw_ocb_lib = load_pycryptodome_raw_lib("Crypto.Cipher._raw_ocb", """
-                                    int OCB_start_operation(void *cipher,
-                                        const uint8_t *offset_0,
-                                        size_t offset_0_len,
-                                        void **pState);
-                                    int OCB_encrypt(void *state,
-                                        const uint8_t *in,
-                                        uint8_t *out,
-                                        size_t data_len);
-                                    int OCB_decrypt(void *state,
-                                        const uint8_t *in,
-                                        uint8_t *out,
-                                        size_t data_len);
-                                    int OCB_update(void *state,
-                                        const uint8_t *in,
-                                        size_t data_len);
-                                    int OCB_digest(void *state,
-                                        uint8_t *tag,
-                                        size_t tag_len);
-                                    int OCB_stop_operation(void *state);
-                                    """)
-
-
-class OcbMode(object):
-    """Offset Codebook (OCB) mode.
-
-    :undocumented: __init__
-    """
-
-    def __init__(self, factory, nonce, mac_len, cipher_params):
-
-        if factory.block_size != 16:
-            raise ValueError("OCB mode is only available for ciphers"
-                             " that operate on 128 bits blocks")
-
-        self.block_size = 16
-        """The block size of the underlying cipher, in bytes."""
-
-        self.nonce = _copy_bytes(None, None, nonce)
-        """Nonce used for this session."""
-        if len(nonce) not in range(1, 16):
-            raise ValueError("Nonce must be at most 15 bytes long")
-        if not is_buffer(nonce):
-            raise TypeError("Nonce must be bytes, bytearray or memoryview")
-
-        self._mac_len = mac_len
-        if not 8 <= mac_len <= 16:
-            raise ValueError("MAC tag must be between 8 and 16 bytes long")
-
-        # Cache for MAC tag
-        self._mac_tag = None
-
-        # Cache for unaligned associated data
-        self._cache_A = b""
-
-        # Cache for unaligned ciphertext/plaintext
-        self._cache_P = b""
-
-        # Allowed transitions after initialization
-        self._next = [self.update, self.encrypt, self.decrypt,
-                      self.digest, self.verify]
-
-        # Compute Offset_0
-        params_without_key = dict(cipher_params)
-        key = params_without_key.pop("key")
-        nonce = (struct.pack('B', self._mac_len << 4 & 0xFF) +
-                 b'\x00' * (14 - len(nonce)) +
-                 b'\x01' + self.nonce)
-
-        bottom_bits = bord(nonce[15]) & 0x3F    # 6 bits, 0..63
-        top_bits = bord(nonce[15]) & 0xC0       # 2 bits
-
-        ktop_cipher = factory.new(key,
-                                  factory.MODE_ECB,
-                                  **params_without_key)
-        ktop = ktop_cipher.encrypt(struct.pack('15sB',
-                                               nonce[:15],
-                                               top_bits))
-
-        stretch = ktop + strxor(ktop[:8], ktop[1:9])    # 192 bits
-        offset_0 = long_to_bytes(bytes_to_long(stretch) >>
-                                 (64 - bottom_bits), 24)[8:]
-
-        # Create low-level cipher instance
-        raw_cipher = factory._create_base_cipher(cipher_params)
-        if cipher_params:
-            raise TypeError("Unknown keywords: " + str(cipher_params))
-
-        self._state = VoidPointer()
-        result = _raw_ocb_lib.OCB_start_operation(raw_cipher.get(),
-                                                  offset_0,
-                                                  c_size_t(len(offset_0)),
-                                                  self._state.address_of())
-        if result:
-            raise ValueError("Error %d while instantiating the OCB mode"
-                             % result)
-
-        # Ensure that object disposal of this Python object will (eventually)
-        # free the memory allocated by the raw library for the cipher mode
-        self._state = SmartPointer(self._state.get(),
-                                   _raw_ocb_lib.OCB_stop_operation)
-
-        # Memory allocated for the underlying block cipher is now owed
-        # by the cipher mode
-        raw_cipher.release()
-
-    def _update(self, assoc_data, assoc_data_len):
-        result = _raw_ocb_lib.OCB_update(self._state.get(),
-                                         c_uint8_ptr(assoc_data),
-                                         c_size_t(assoc_data_len))
-        if result:
-            raise ValueError("Error %d while computing MAC in OCB mode" % result)
-
-    def update(self, assoc_data):
-        """Process the associated data.
-
-        If there is any associated data, the caller has to invoke
-        this method one or more times, before using
-        ``decrypt`` or ``encrypt``.
-
-        By *associated data* it is meant any data (e.g. packet headers) that
-        will not be encrypted and will be transmitted in the clear.
-        However, the receiver shall still able to detect modifications.
-
-        If there is no associated data, this method must not be called.
-
-        The caller may split associated data in segments of any size, and
-        invoke this method multiple times, each time with the next segment.
-
-        :Parameters:
-          assoc_data : bytes/bytearray/memoryview
-            A piece of associated data.
-        """
-
-        if self.update not in self._next:
-            raise TypeError("update() can only be called"
-                            " immediately after initialization")
-
-        self._next = [self.encrypt, self.decrypt, self.digest,
-                      self.verify, self.update]
-
-        if len(self._cache_A) > 0:
-            filler = min(16 - len(self._cache_A), len(assoc_data))
-            self._cache_A += _copy_bytes(None, filler, assoc_data)
-            assoc_data = assoc_data[filler:]
-
-            if len(self._cache_A) < 16:
-                return self
-
-            # Clear the cache, and proceeding with any other aligned data
-            self._cache_A, seg = b"", self._cache_A
-            self.update(seg)
-
-        update_len = len(assoc_data) // 16 * 16
-        self._cache_A = _copy_bytes(update_len, None, assoc_data)
-        self._update(assoc_data, update_len)
-        return self
-
-    def _transcrypt_aligned(self, in_data, in_data_len,
-                            trans_func, trans_desc):
-
-        out_data = create_string_buffer(in_data_len)
-        result = trans_func(self._state.get(),
-                            in_data,
-                            out_data,
-                            c_size_t(in_data_len))
-        if result:
-            raise ValueError("Error %d while %sing in OCB mode"
-                             % (result, trans_desc))
-        return get_raw_buffer(out_data)
-
-    def _transcrypt(self, in_data, trans_func, trans_desc):
-        # Last piece to encrypt/decrypt
-        if in_data is None:
-            out_data = self._transcrypt_aligned(self._cache_P,
-                                                len(self._cache_P),
-                                                trans_func,
-                                                trans_desc)
-            self._cache_P = b""
-            return out_data
-
-        # Try to fill up the cache, if it already contains something
-        prefix = b""
-        if len(self._cache_P) > 0:
-            filler = min(16 - len(self._cache_P), len(in_data))
-            self._cache_P += _copy_bytes(None, filler, in_data)
-            in_data = in_data[filler:]
-
-            if len(self._cache_P) < 16:
-                # We could not manage to fill the cache, so there is certainly
-                # no output yet.
-                return b""
-
-            # Clear the cache, and proceeding with any other aligned data
-            prefix = self._transcrypt_aligned(self._cache_P,
-                                              len(self._cache_P),
-                                              trans_func,
-                                              trans_desc)
-            self._cache_P = b""
-
-        # Process data in multiples of the block size
-        trans_len = len(in_data) // 16 * 16
-        result = self._transcrypt_aligned(c_uint8_ptr(in_data),
-                                          trans_len,
-                                          trans_func,
-                                          trans_desc)
-        if prefix:
-            result = prefix + result
-
-        # Left-over
-        self._cache_P = _copy_bytes(trans_len, None, in_data)
-
-        return result
-
-    def encrypt(self, plaintext=None):
-        """Encrypt the next piece of plaintext.
-
-        After the entire plaintext has been passed (but before `digest`),
-        you **must** call this method one last time with no arguments to collect
-        the final piece of ciphertext.
-
-        If possible, use the method `encrypt_and_digest` instead.
-
-        :Parameters:
-          plaintext : bytes/bytearray/memoryview
-            The next piece of data to encrypt or ``None`` to signify
-            that encryption has finished and that any remaining ciphertext
-            has to be produced.
-        :Return:
-            the ciphertext, as a byte string.
-            Its length may not match the length of the *plaintext*.
-        """
-
-        if self.encrypt not in self._next:
-            raise TypeError("encrypt() can only be called after"
-                            " initialization or an update()")
-
-        if plaintext is None:
-            self._next = [self.digest]
-        else:
-            self._next = [self.encrypt]
-        return self._transcrypt(plaintext, _raw_ocb_lib.OCB_encrypt, "encrypt")
-
-    def decrypt(self, ciphertext=None):
-        """Decrypt the next piece of ciphertext.
-
-        After the entire ciphertext has been passed (but before `verify`),
-        you **must** call this method one last time with no arguments to collect
-        the remaining piece of plaintext.
-
-        If possible, use the method `decrypt_and_verify` instead.
-
-        :Parameters:
-          ciphertext : bytes/bytearray/memoryview
-            The next piece of data to decrypt or ``None`` to signify
-            that decryption has finished and that any remaining plaintext
-            has to be produced.
-        :Return:
-            the plaintext, as a byte string.
-            Its length may not match the length of the *ciphertext*.
-        """
-
-        if self.decrypt not in self._next:
-            raise TypeError("decrypt() can only be called after"
-                            " initialization or an update()")
-
-        if ciphertext is None:
-            self._next = [self.verify]
-        else:
-            self._next = [self.decrypt]
-        return self._transcrypt(ciphertext,
-                                _raw_ocb_lib.OCB_decrypt,
-                                "decrypt")
-
-    def _compute_mac_tag(self):
-
-        if self._mac_tag is not None:
-            return
-
-        if self._cache_A:
-            self._update(self._cache_A, len(self._cache_A))
-            self._cache_A = b""
-
-        mac_tag = create_string_buffer(16)
-        result = _raw_ocb_lib.OCB_digest(self._state.get(),
-                                         mac_tag,
-                                         c_size_t(len(mac_tag))
-                                         )
-        if result:
-            raise ValueError("Error %d while computing digest in OCB mode"
-                             % result)
-        self._mac_tag = get_raw_buffer(mac_tag)[:self._mac_len]
-
-    def digest(self):
-        """Compute the *binary* MAC tag.
-
-        Call this method after the final `encrypt` (the one with no arguments)
-        to obtain the MAC tag.
-
-        The MAC tag is needed by the receiver to determine authenticity
-        of the message.
-
-        :Return: the MAC, as a byte string.
-        """
-
-        if self.digest not in self._next:
-            raise TypeError("digest() cannot be called now for this cipher")
-
-        assert(len(self._cache_P) == 0)
-
-        self._next = [self.digest]
-
-        if self._mac_tag is None:
-            self._compute_mac_tag()
-
-        return self._mac_tag
-
-    def hexdigest(self):
-        """Compute the *printable* MAC tag.
-
-        This method is like `digest`.
-
-        :Return: the MAC, as a hexadecimal string.
-        """
-        return "".join(["%02x" % bord(x) for x in self.digest()])
-
-    def verify(self, received_mac_tag):
-        """Validate the *binary* MAC tag.
-
-        Call this method after the final `decrypt` (the one with no arguments)
-        to check if the message is authentic and valid.
-
-        :Parameters:
-          received_mac_tag : bytes/bytearray/memoryview
-            This is the *binary* MAC, as received from the sender.
-        :Raises ValueError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        if self.verify not in self._next:
-            raise TypeError("verify() cannot be called now for this cipher")
-
-        assert(len(self._cache_P) == 0)
-
-        self._next = [self.verify]
-
-        if self._mac_tag is None:
-            self._compute_mac_tag()
-
-        secret = get_random_bytes(16)
-        mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=self._mac_tag)
-        mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=received_mac_tag)
-
-        if mac1.digest() != mac2.digest():
-            raise ValueError("MAC check failed")
-
-    def hexverify(self, hex_mac_tag):
-        """Validate the *printable* MAC tag.
-
-        This method is like `verify`.
-
-        :Parameters:
-          hex_mac_tag : string
-            This is the *printable* MAC, as received from the sender.
-        :Raises ValueError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        self.verify(unhexlify(hex_mac_tag))
-
-    def encrypt_and_digest(self, plaintext):
-        """Encrypt the message and create the MAC tag in one step.
-
-        :Parameters:
-          plaintext : bytes/bytearray/memoryview
-            The entire message to encrypt.
-        :Return:
-            a tuple with two byte strings:
-
-            - the encrypted data
-            - the MAC
-        """
-
-        return self.encrypt(plaintext) + self.encrypt(), self.digest()
-
-    def decrypt_and_verify(self, ciphertext, received_mac_tag):
-        """Decrypted the message and verify its authenticity in one step.
-
-        :Parameters:
-          ciphertext : bytes/bytearray/memoryview
-            The entire message to decrypt.
-          received_mac_tag : byte string
-            This is the *binary* MAC, as received from the sender.
-
-        :Return: the decrypted data (byte string).
-        :Raises ValueError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        plaintext = self.decrypt(ciphertext) + self.decrypt()
-        self.verify(received_mac_tag)
-        return plaintext
-
-
-def _create_ocb_cipher(factory, **kwargs):
-    """Create a new block cipher, configured in OCB mode.
-
-    :Parameters:
-      factory : module
-        A symmetric cipher module from `Crypto.Cipher`
-        (like `Crypto.Cipher.AES`).
-
-    :Keywords:
-      nonce : bytes/bytearray/memoryview
-        A  value that must never be reused for any other encryption.
-        Its length can vary from 1 to 15 bytes.
-        If not specified, a random 15 bytes long nonce is generated.
-
-      mac_len : integer
-        Length of the MAC, in bytes.
-        It must be in the range ``[8..16]``.
-        The default is 16 (128 bits).
-
-    Any other keyword will be passed to the underlying block cipher.
-    See the relevant documentation for details (at least ``key`` will need
-    to be present).
-    """
-
-    try:
-        nonce = kwargs.pop("nonce", None)
-        if nonce is None:
-            nonce = get_random_bytes(15)
-        mac_len = kwargs.pop("mac_len", 16)
-    except KeyError as e:
-        raise TypeError("Keyword missing: " + str(e))
-
-    return OcbMode(factory, nonce, mac_len, kwargs)

tls/pycryptoMod/lib/Crypto/Cipher/_mode_ocb.pyi

@@ -1,36 +0,0 @@
-from types import ModuleType
-from typing import Union, Any, Optional, Tuple, Dict, overload
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-class OcbMode(object):
-    block_size: int
-    nonce: Buffer
-
-    def __init__(self,
-                 factory: ModuleType,
-                 nonce: Buffer,
-                 mac_len: int,
-                 cipher_params: Dict) -> None: ...
-    
-    def update(self, assoc_data: Buffer) -> OcbMode: ...
-
-    @overload
-    def encrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-    @overload
-    def decrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-
-    def digest(self) -> bytes: ...
-    def hexdigest(self) -> str: ...
-    def verify(self, received_mac_tag: Buffer) -> None: ...
-    def hexverify(self, hex_mac_tag: str) -> None: ...
-
-    def encrypt_and_digest(self,
-                           plaintext: Buffer) -> Tuple[bytes, bytes]: ...
-    def decrypt_and_verify(self,
-                           ciphertext: Buffer,
-                           received_mac_tag: Buffer) -> bytes: ...

tls/pycryptoMod/lib/Crypto/Cipher/_mode_ofb.py

@@ -1,282 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-#  Cipher/mode_ofb.py : OFB mode
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain.  To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-
-"""
-Output Feedback (CFB) mode.
-"""
-
-__all__ = ['OfbMode']
-
-from tls.Crypto.Util.py3compat import _copy_bytes
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer,
-                                  create_string_buffer, get_raw_buffer,
-                                  SmartPointer, c_size_t, c_uint8_ptr,
-                                  is_writeable_buffer)
-
-from tls.Crypto.Random import get_random_bytes
-
-raw_ofb_lib = load_pycryptodome_raw_lib("Crypto.Cipher._raw_ofb", """
-                        int OFB_start_operation(void *cipher,
-                                                const uint8_t iv[],
-                                                size_t iv_len,
-                                                void **pResult);
-                        int OFB_encrypt(void *ofbState,
-                                        const uint8_t *in,
-                                        uint8_t *out,
-                                        size_t data_len);
-                        int OFB_decrypt(void *ofbState,
-                                        const uint8_t *in,
-                                        uint8_t *out,
-                                        size_t data_len);
-                        int OFB_stop_operation(void *state);
-                        """
-                                        )
-
-
-class OfbMode(object):
-    """*Output FeedBack (OFB)*.
-
-    This mode is very similar to CBC, but it
-    transforms the underlying block cipher into a stream cipher.
-
-    The keystream is the iterated block encryption of the
-    previous ciphertext block.
-
-    An Initialization Vector (*IV*) is required.
-
-    See `NIST SP800-38A`_ , Section 6.4.
-
-    .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
-
-    :undocumented: __init__
-    """
-
-    def __init__(self, block_cipher, iv):
-        """Create a new block cipher, configured in OFB mode.
-
-        :Parameters:
-          block_cipher : C pointer
-            A smart pointer to the low-level block cipher instance.
-
-          iv : bytes/bytearray/memoryview
-            The initialization vector to use for encryption or decryption.
-            It is as long as the cipher block.
-
-            **The IV must be a nonce, to to be reused for any other
-            message**. It shall be a nonce or a random value.
-
-            Reusing the *IV* for encryptions performed with the same key
-            compromises confidentiality.
-        """
-
-        self._state = VoidPointer()
-        result = raw_ofb_lib.OFB_start_operation(block_cipher.get(),
-                                                 c_uint8_ptr(iv),
-                                                 c_size_t(len(iv)),
-                                                 self._state.address_of())
-        if result:
-            raise ValueError("Error %d while instantiating the OFB mode"
-                             % result)
-
-        # Ensure that object disposal of this Python object will (eventually)
-        # free the memory allocated by the raw library for the cipher mode
-        self._state = SmartPointer(self._state.get(),
-                                   raw_ofb_lib.OFB_stop_operation)
-
-        # Memory allocated for the underlying block cipher is now owed
-        # by the cipher mode
-        block_cipher.release()
-
-        self.block_size = len(iv)
-        """The block size of the underlying cipher, in bytes."""
-
-        self.iv = _copy_bytes(None, None, iv)
-        """The Initialization Vector originally used to create the object.
-        The value does not change."""
-
-        self.IV = self.iv
-        """Alias for `iv`"""
-
-        self._next = [ self.encrypt, self.decrypt ]
-
-    def encrypt(self, plaintext, output=None):
-        """Encrypt data with the key and the parameters set at initialization.
-
-        A cipher object is stateful: once you have encrypted a message
-        you cannot encrypt (or decrypt) another message using the same
-        object.
-
-        The data to encrypt can be broken up in two or
-        more pieces and `encrypt` can be called multiple times.
-
-        That is, the statement:
-
-            >>> c.encrypt(a) + c.encrypt(b)
-
-        is equivalent to:
-
-             >>> c.encrypt(a+b)
-
-        This function does not add any padding to the plaintext.
-
-        :Parameters:
-          plaintext : bytes/bytearray/memoryview
-            The piece of data to encrypt.
-            It can be of any length.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the ciphertext must be written to.
-            If ``None``, the ciphertext is returned.
-        :Return:
-          If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.encrypt not in self._next:
-            raise TypeError("encrypt() cannot be called after decrypt()")
-        self._next = [ self.encrypt ]
-        
-        if output is None:
-            ciphertext = create_string_buffer(len(plaintext))
-        else:
-            ciphertext = output
-            
-            if not is_writeable_buffer(output):
-                raise TypeError("output must be a bytearray or a writeable memoryview")
-        
-            if len(plaintext) != len(output):
-                raise ValueError("output must have the same length as the input"
-                                 "  (%d bytes)" % len(plaintext))
-
-        result = raw_ofb_lib.OFB_encrypt(self._state.get(),
-                                         c_uint8_ptr(plaintext),
-                                         c_uint8_ptr(ciphertext),
-                                         c_size_t(len(plaintext)))
-        if result:
-            raise ValueError("Error %d while encrypting in OFB mode" % result)
-
-        if output is None:
-            return get_raw_buffer(ciphertext)
-        else:
-            return None
-
-    def decrypt(self, ciphertext, output=None):
-        """Decrypt data with the key and the parameters set at initialization.
-
-        A cipher object is stateful: once you have decrypted a message
-        you cannot decrypt (or encrypt) another message with the same
-        object.
-
-        The data to decrypt can be broken up in two or
-        more pieces and `decrypt` can be called multiple times.
-
-        That is, the statement:
-
-            >>> c.decrypt(a) + c.decrypt(b)
-
-        is equivalent to:
-
-             >>> c.decrypt(a+b)
-
-        This function does not remove any padding from the plaintext.
-
-        :Parameters:
-          ciphertext : bytes/bytearray/memoryview
-            The piece of data to decrypt.
-            It can be of any length.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the plaintext is written to.
-            If ``None``, the plaintext is returned.
-        :Return:
-          If ``output`` is ``None``, the plaintext is returned as ``bytes``.
-          Otherwise, ``None``.
-        """
-
-        if self.decrypt not in self._next:
-            raise TypeError("decrypt() cannot be called after encrypt()")
-        self._next = [ self.decrypt ]
-        
-        if output is None:
-            plaintext = create_string_buffer(len(ciphertext))
-        else:
-            plaintext = output
-
-            if not is_writeable_buffer(output):
-                raise TypeError("output must be a bytearray or a writeable memoryview")
-            
-            if len(ciphertext) != len(output):
-                raise ValueError("output must have the same length as the input"
-                                 "  (%d bytes)" % len(plaintext))
-
-        result = raw_ofb_lib.OFB_decrypt(self._state.get(),
-                                         c_uint8_ptr(ciphertext),
-                                         c_uint8_ptr(plaintext),
-                                         c_size_t(len(ciphertext)))
-        if result:
-            raise ValueError("Error %d while decrypting in OFB mode" % result)
-
-        if output is None:
-            return get_raw_buffer(plaintext)
-        else:
-            return None
-
-
-def _create_ofb_cipher(factory, **kwargs):
-    """Instantiate a cipher object that performs OFB encryption/decryption.
-
-    :Parameters:
-      factory : module
-        The underlying block cipher, a module from ``Crypto.Cipher``.
-
-    :Keywords:
-      iv : bytes/bytearray/memoryview
-        The IV to use for OFB.
-
-      IV : bytes/bytearray/memoryview
-        Alias for ``iv``.
-
-    Any other keyword will be passed to the underlying block cipher.
-    See the relevant documentation for details (at least ``key`` will need
-    to be present).
-    """
-
-    cipher_state = factory._create_base_cipher(kwargs)
-    iv = kwargs.pop("IV", None)
-    IV = kwargs.pop("iv", None)
-
-    if (None, None) == (iv, IV):
-        iv = get_random_bytes(factory.block_size)
-    if iv is not None:
-        if IV is not None:
-            raise TypeError("You must either use 'iv' or 'IV', not both")
-    else:
-        iv = IV
-
-    if len(iv) != factory.block_size:
-        raise ValueError("Incorrect IV length (it must be %d bytes long)" %
-                factory.block_size)
-
-    if kwargs:
-        raise TypeError("Unknown parameters for OFB: %s" % str(kwargs))
-
-    return OfbMode(cipher_state, iv)

tls/pycryptoMod/lib/Crypto/Cipher/_mode_ofb.pyi

@@ -1,25 +0,0 @@
-from typing import Union, overload
-
-from tls.Crypto.Util._raw_api import SmartPointer
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-__all__ = ['OfbMode']
-
-class OfbMode(object):
-    block_size: int
-    iv: Buffer
-    IV: Buffer
-    
-    def __init__(self,
-                 block_cipher: SmartPointer,
-                 iv: Buffer) -> None: ...
-    @overload
-    def encrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-    @overload
-    def decrypt(self, plaintext: Buffer) -> bytes: ...
-    @overload
-    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
-

tls/pycryptoMod/lib/Crypto/Cipher/_mode_openpgp.py

@@ -1,206 +0,0 @@
-# ===================================================================
-#
-# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# ===================================================================
-
-"""
-OpenPGP mode.
-"""
-
-__all__ = ['OpenPgpMode']
-
-from tls.Crypto.Util.py3compat import _copy_bytes
-from tls.Crypto.Random import get_random_bytes
-
-class OpenPgpMode(object):
-    """OpenPGP mode.
-
-    This mode is a variant of CFB, and it is only used in PGP and
-    OpenPGP_ applications. If in doubt, use another mode.
-
-    An Initialization Vector (*IV*) is required.
-
-    Unlike CFB, the *encrypted* IV (not the IV itself) is
-    transmitted to the receiver.
-
-    The IV is a random data block. For legacy reasons, two of its bytes are
-    duplicated to act as a checksum for the correctness of the key, which is now
-    known to be insecure and is ignored. The encrypted IV is therefore 2 bytes
-    longer than the clean IV.
-
-    .. _OpenPGP: http://tools.ietf.org/html/rfc4880
-
-    :undocumented: __init__
-    """
-
-    def __init__(self, factory, key, iv, cipher_params):
-
-        #: The block size of the underlying cipher, in bytes.
-        self.block_size = factory.block_size
-
-        self._done_first_block = False  # True after the first encryption
-
-        # Instantiate a temporary cipher to process the IV
-        IV_cipher = factory.new(
-                        key,
-                        factory.MODE_CFB,
-                        IV=b'\x00' * self.block_size,
-                        segment_size=self.block_size * 8,
-                        **cipher_params)
-
-        iv = _copy_bytes(None, None, iv)
-
-        # The cipher will be used for...
-        if len(iv) == self.block_size:
-            # ... encryption
-            self._encrypted_IV = IV_cipher.encrypt(iv + iv[-2:])
-        elif len(iv) == self.block_size + 2:
-            # ... decryption
-            self._encrypted_IV = iv
-            # Last two bytes are for a deprecated "quick check" feature that
-            # should not be used. (https://eprint.iacr.org/2005/033)
-            iv = IV_cipher.decrypt(iv)[:-2]
-        else:
-            raise ValueError("Length of IV must be %d or %d bytes"
-                             " for MODE_OPENPGP"
-                             % (self.block_size, self.block_size + 2))
-
-        self.iv = self.IV = iv
-
-        # Instantiate the cipher for the real PGP data
-        self._cipher = factory.new(
-                            key,
-                            factory.MODE_CFB,
-                            IV=self._encrypted_IV[-self.block_size:],
-                            segment_size=self.block_size * 8,
-                            **cipher_params)
-
-    def encrypt(self, plaintext):
-        """Encrypt data with the key and the parameters set at initialization.
-
-        A cipher object is stateful: once you have encrypted a message
-        you cannot encrypt (or decrypt) another message using the same
-        object.
-
-        The data to encrypt can be broken up in two or
-        more pieces and `encrypt` can be called multiple times.
-
-        That is, the statement:
-
-            >>> c.encrypt(a) + c.encrypt(b)
-
-        is equivalent to:
-
-             >>> c.encrypt(a+b)
-
-        This function does not add any padding to the plaintext.
-
-        :Parameters:
-          plaintext : bytes/bytearray/memoryview
-            The piece of data to encrypt.
-
-        :Return:
-            the encrypted data, as a byte string.
-            It is as long as *plaintext* with one exception:
-            when encrypting the first message chunk,
-            the encypted IV is prepended to the returned ciphertext.
-        """
-
-        res = self._cipher.encrypt(plaintext)
-        if not self._done_first_block:
-            res = self._encrypted_IV + res
-            self._done_first_block = True
-        return res
-
-    def decrypt(self, ciphertext):
-        """Decrypt data with the key and the parameters set at initialization.
-
-        A cipher object is stateful: once you have decrypted a message
-        you cannot decrypt (or encrypt) another message with the same
-        object.
-
-        The data to decrypt can be broken up in two or
-        more pieces and `decrypt` can be called multiple times.
-
-        That is, the statement:
-
-            >>> c.decrypt(a) + c.decrypt(b)
-
-        is equivalent to:
-
-             >>> c.decrypt(a+b)
-
-        This function does not remove any padding from the plaintext.
-
-        :Parameters:
-          ciphertext : bytes/bytearray/memoryview
-            The piece of data to decrypt.
-
-        :Return: the decrypted data (byte string).
-        """
-
-        return self._cipher.decrypt(ciphertext)
-
-
-def _create_openpgp_cipher(factory, **kwargs):
-    """Create a new block cipher, configured in OpenPGP mode.
-
-    :Parameters:
-      factory : module
-        The module.
-
-    :Keywords:
-      key : bytes/bytearray/memoryview
-        The secret key to use in the symmetric cipher.
-
-      IV : bytes/bytearray/memoryview
-        The initialization vector to use for encryption or decryption.
-
-        For encryption, the IV must be as long as the cipher block size.
-
-        For decryption, it must be 2 bytes longer (it is actually the
-        *encrypted* IV which was prefixed to the ciphertext).
-    """
-
-    iv = kwargs.pop("IV", None)
-    IV = kwargs.pop("iv", None)
-
-    if (None, None) == (iv, IV):
-        iv = get_random_bytes(factory.block_size)
-    if iv is not None:
-        if IV is not None:
-            raise TypeError("You must either use 'iv' or 'IV', not both")
-    else:
-        iv = IV
-
-    try:
-        key = kwargs.pop("key")
-    except KeyError as e:
-        raise TypeError("Missing component: " + str(e))
-
-    return OpenPgpMode(factory, key, iv, kwargs)

tls/pycryptoMod/lib/Crypto/Cipher/_mode_openpgp.pyi

@@ -1,20 +0,0 @@
-from types import ModuleType
-from typing import Union, Dict
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-__all__ = ['OpenPgpMode']
-
-class OpenPgpMode(object):
-    block_size: int
-    iv: Union[bytes, bytearray, memoryview]
-    IV: Union[bytes, bytearray, memoryview]
-    
-    def __init__(self,
-                 factory: ModuleType,
-                 key: Buffer,
-                 iv: Buffer,
-                 cipher_params: Dict) -> None: ...
-    def encrypt(self, plaintext: Buffer) -> bytes: ...
-    def decrypt(self, plaintext: Buffer) -> bytes: ...
-

tls/pycryptoMod/lib/Crypto/Cipher/_mode_siv.py

@@ -1,392 +0,0 @@
-# ===================================================================
-#
-# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# ===================================================================
-
-"""
-Synthetic Initialization Vector (SIV) mode.
-"""
-
-__all__ = ['SivMode']
-
-from binascii import hexlify, unhexlify
-
-from tls.Crypto.Util.py3compat import bord, _copy_bytes
-
-from tls.Crypto.Util._raw_api import is_buffer
-
-from tls.Crypto.Util.number import long_to_bytes, bytes_to_long
-from tls.Crypto.Protocol.KDF import _S2V
-from tls.Crypto.Hash import BLAKE2s
-from tls.Crypto.Random import get_random_bytes
-
-
-class SivMode(object):
-    """Synthetic Initialization Vector (SIV).
-
-    This is an Authenticated Encryption with Associated Data (`AEAD`_) mode.
-    It provides both confidentiality and authenticity.
-
-    The header of the message may be left in the clear, if needed, and it will
-    still be subject to authentication. The decryption step tells the receiver
-    if the message comes from a source that really knowns the secret key.
-    Additionally, decryption detects if any part of the message - including the
-    header - has been modified or corrupted.
-
-    Unlike other AEAD modes such as CCM, EAX or GCM, accidental reuse of a
-    nonce is not catastrophic for the confidentiality of the message. The only
-    effect is that an attacker can tell when the same plaintext (and same
-    associated data) is protected with the same key.
-
-    The length of the MAC is fixed to the block size of the underlying cipher.
-    The key size is twice the length of the key of the underlying cipher.
-
-    This mode is only available for AES ciphers.
-
-    +--------------------+---------------+-------------------+
-    |      Cipher        | SIV MAC size  |   SIV key length  |
-    |                    |    (bytes)    |     (bytes)       |
-    +====================+===============+===================+
-    |    AES-128         |      16       |        32         |
-    +--------------------+---------------+-------------------+
-    |    AES-192         |      16       |        48         |
-    +--------------------+---------------+-------------------+
-    |    AES-256         |      16       |        64         |
-    +--------------------+---------------+-------------------+
-
-    See `RFC5297`_ and the `original paper`__.
-
-    .. _RFC5297: https://tools.ietf.org/html/rfc5297
-    .. _AEAD: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
-    .. __: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
-
-    :undocumented: __init__
-    """
-
-    def __init__(self, factory, key, nonce, kwargs):
-
-        self.block_size = factory.block_size
-        """The block size of the underlying cipher, in bytes."""
-
-        self._factory = factory
-
-        self._cipher_params = kwargs
-
-        if len(key) not in (32, 48, 64):
-            raise ValueError("Incorrect key length (%d bytes)" % len(key))
-
-        if nonce is not None:
-            if not is_buffer(nonce):
-                raise TypeError("When provided, the nonce must be bytes, bytearray or memoryview")
-
-            if len(nonce) == 0:
-                raise ValueError("When provided, the nonce must be non-empty")
-
-            self.nonce = _copy_bytes(None, None, nonce)
-            """Public attribute is only available in case of non-deterministic
-            encryption."""
-
-        subkey_size = len(key) // 2
-
-        self._mac_tag = None  # Cache for MAC tag
-        self._kdf = _S2V(key[:subkey_size],
-                         ciphermod=factory,
-                         cipher_params=self._cipher_params)
-        self._subkey_cipher = key[subkey_size:]
-
-        # Purely for the purpose of verifying that cipher_params are OK
-        factory.new(key[:subkey_size], factory.MODE_ECB, **kwargs)
-
-        # Allowed transitions after initialization
-        self._next = [self.update, self.encrypt, self.decrypt,
-                      self.digest, self.verify]
-
-    def _create_ctr_cipher(self, v):
-        """Create a new CTR cipher from V in SIV mode"""
-
-        v_int = bytes_to_long(v)
-        q = v_int & 0xFFFFFFFFFFFFFFFF7FFFFFFF7FFFFFFF
-        return self._factory.new(
-                    self._subkey_cipher,
-                    self._factory.MODE_CTR,
-                    initial_value=q,
-                    nonce=b"",
-                    **self._cipher_params)
-
-    def update(self, component):
-        """Protect one associated data component
-
-        For SIV, the associated data is a sequence (*vector*) of non-empty
-        byte strings (*components*).
-
-        This method consumes the next component. It must be called
-        once for each of the components that constitue the associated data.
-
-        Note that the components have clear boundaries, so that:
-
-            >>> cipher.update(b"builtin")
-            >>> cipher.update(b"securely")
-
-        is not equivalent to:
-
-            >>> cipher.update(b"built")
-            >>> cipher.update(b"insecurely")
-
-        If there is no associated data, this method must not be called.
-
-        :Parameters:
-          component : bytes/bytearray/memoryview
-            The next associated data component.
-        """
-
-        if self.update not in self._next:
-            raise TypeError("update() can only be called"
-                                " immediately after initialization")
-
-        self._next = [self.update, self.encrypt, self.decrypt,
-                      self.digest, self.verify]
-
-        return self._kdf.update(component)
-
-    def encrypt(self, plaintext):
-        """
-        For SIV, encryption and MAC authentication must take place at the same
-        point. This method shall not be used.
-
-        Use `encrypt_and_digest` instead.
-        """
-
-        raise TypeError("encrypt() not allowed for SIV mode."
-                        " Use encrypt_and_digest() instead.")
-
-    def decrypt(self, ciphertext):
-        """
-        For SIV, decryption and verification must take place at the same
-        point. This method shall not be used.
-
-        Use `decrypt_and_verify` instead.
-        """
-
-        raise TypeError("decrypt() not allowed for SIV mode."
-                        " Use decrypt_and_verify() instead.")
-
-    def digest(self):
-        """Compute the *binary* MAC tag.
-
-        The caller invokes this function at the very end.
-
-        This method returns the MAC that shall be sent to the receiver,
-        together with the ciphertext.
-
-        :Return: the MAC, as a byte string.
-        """
-
-        if self.digest not in self._next:
-            raise TypeError("digest() cannot be called when decrypting"
-                            " or validating a message")
-        self._next = [self.digest]
-        if self._mac_tag is None:
-            self._mac_tag = self._kdf.derive()
-        return self._mac_tag
-
-    def hexdigest(self):
-        """Compute the *printable* MAC tag.
-
-        This method is like `digest`.
-
-        :Return: the MAC, as a hexadecimal string.
-        """
-        return "".join(["%02x" % bord(x) for x in self.digest()])
-
-    def verify(self, received_mac_tag):
-        """Validate the *binary* MAC tag.
-
-        The caller invokes this function at the very end.
-
-        This method checks if the decrypted message is indeed valid
-        (that is, if the key is correct) and it has not been
-        tampered with while in transit.
-
-        :Parameters:
-          received_mac_tag : bytes/bytearray/memoryview
-            This is the *binary* MAC, as received from the sender.
-        :Raises ValueError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        if self.verify not in self._next:
-            raise TypeError("verify() cannot be called"
-                            " when encrypting a message")
-        self._next = [self.verify]
-
-        if self._mac_tag is None:
-            self._mac_tag = self._kdf.derive()
-
-        secret = get_random_bytes(16)
-
-        mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=self._mac_tag)
-        mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=received_mac_tag)
-
-        if mac1.digest() != mac2.digest():
-            raise ValueError("MAC check failed")
-
-    def hexverify(self, hex_mac_tag):
-        """Validate the *printable* MAC tag.
-
-        This method is like `verify`.
-
-        :Parameters:
-          hex_mac_tag : string
-            This is the *printable* MAC, as received from the sender.
-        :Raises ValueError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        self.verify(unhexlify(hex_mac_tag))
-
-    def encrypt_and_digest(self, plaintext, output=None):
-        """Perform encrypt() and digest() in one step.
-
-        :Parameters:
-          plaintext : bytes/bytearray/memoryview
-            The piece of data to encrypt.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the ciphertext must be written to.
-            If ``None``, the ciphertext is returned.
-        :Return:
-            a tuple with two items:
-
-            - the ciphertext, as ``bytes``
-            - the MAC tag, as ``bytes``
-
-            The first item becomes ``None`` when the ``output`` parameter
-            specified a location for the result.
-        """
-        
-        if self.encrypt not in self._next:
-            raise TypeError("encrypt() can only be called after"
-                            " initialization or an update()")
-
-        self._next = [ self.digest ]
-
-        # Compute V (MAC)
-        if hasattr(self, 'nonce'):
-            self._kdf.update(self.nonce)
-        self._kdf.update(plaintext)
-        self._mac_tag = self._kdf.derive()
-        
-        cipher = self._create_ctr_cipher(self._mac_tag)
-
-        return cipher.encrypt(plaintext, output=output), self._mac_tag
-
-    def decrypt_and_verify(self, ciphertext, mac_tag, output=None):
-        """Perform decryption and verification in one step.
-
-        A cipher object is stateful: once you have decrypted a message
-        you cannot decrypt (or encrypt) another message with the same
-        object.
-
-        You cannot reuse an object for encrypting
-        or decrypting other data with the same key.
-
-        This function does not remove any padding from the plaintext.
-
-        :Parameters:
-          ciphertext : bytes/bytearray/memoryview
-            The piece of data to decrypt.
-            It can be of any length.
-          mac_tag : bytes/bytearray/memoryview
-            This is the *binary* MAC, as received from the sender.
-        :Keywords:
-          output : bytearray/memoryview
-            The location where the plaintext must be written to.
-            If ``None``, the plaintext is returned.
-        :Return: the plaintext as ``bytes`` or ``None`` when the ``output``
-            parameter specified a location for the result.
-        :Raises ValueError:
-            if the MAC does not match. The message has been tampered with
-            or the key is incorrect.
-        """
-
-        if self.decrypt not in self._next:
-            raise TypeError("decrypt() can only be called"
-                            " after initialization or an update()")
-        self._next = [ self.verify ]
-
-        # Take the MAC and start the cipher for decryption
-        self._cipher = self._create_ctr_cipher(mac_tag)
-
-        plaintext = self._cipher.decrypt(ciphertext, output=output)
-
-        if hasattr(self, 'nonce'):
-            self._kdf.update(self.nonce)
-        self._kdf.update(plaintext if output is None else output)
-        self.verify(mac_tag)
-        
-        return plaintext
-
-
-def _create_siv_cipher(factory, **kwargs):
-    """Create a new block cipher, configured in
-    Synthetic Initializaton Vector (SIV) mode.
-
-    :Parameters:
-
-      factory : object
-        A symmetric cipher module from `Crypto.Cipher`
-        (like `Crypto.Cipher.AES`).
-
-    :Keywords:
-
-      key : bytes/bytearray/memoryview
-        The secret key to use in the symmetric cipher.
-        It must be 32, 48 or 64 bytes long.
-        If AES is the chosen cipher, the variants *AES-128*,
-        *AES-192* and or *AES-256* will be used internally.
-
-      nonce : bytes/bytearray/memoryview
-        For deterministic encryption, it is not present.
-
-        Otherwise, it is a value that must never be reused
-        for encrypting message under this key.
-
-        There are no restrictions on its length,
-        but it is recommended to use at least 16 bytes.
-    """
-
-    try:
-        key = kwargs.pop("key")
-    except KeyError as e:
-        raise TypeError("Missing parameter: " + str(e))
-
-    nonce = kwargs.pop("nonce", None)
-
-    return SivMode(factory, key, nonce, kwargs)

tls/pycryptoMod/lib/Crypto/Cipher/_mode_siv.pyi

@@ -1,38 +0,0 @@
-from types import ModuleType
-from typing import Union, Tuple, Dict, Optional, overload
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-__all__ = ['SivMode']
-
-class SivMode(object):
-    block_size: int
-    nonce: bytes
-    
-    def __init__(self,
-                 factory: ModuleType,
-                 key: Buffer,
-                 nonce: Buffer,
-                 kwargs: Dict) -> None: ...
-    
-    def update(self, component: Buffer) -> SivMode: ...
-
-    def encrypt(self, plaintext: Buffer) -> bytes: ...
-    def decrypt(self, plaintext: Buffer) -> bytes: ...
-
-    def digest(self) -> bytes: ...
-    def hexdigest(self) -> str: ...
-    def verify(self, received_mac_tag: Buffer) -> None: ...
-    def hexverify(self, hex_mac_tag: str) -> None: ...
-
-    @overload
-    def encrypt_and_digest(self,
-                           plaintext: Buffer) -> Tuple[bytes, bytes]: ...
-    @overload
-    def encrypt_and_digest(self,
-                           plaintext: Buffer,
-                           output: Buffer) -> Tuple[None, bytes]: ...
-    def decrypt_and_verify(self,
-                           ciphertext: Buffer,
-                           received_mac_tag: Buffer,
-                           output: Optional[Union[bytearray, memoryview]] = ...) -> bytes: ...

tls/pycryptoMod/lib/Crypto/Hash/BLAKE2b.py

@@ -1,247 +0,0 @@
-# ===================================================================
-#
-# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# ===================================================================
-
-from binascii import unhexlify
-
-from tls.Crypto.Util.py3compat import bord, tobytes
-
-from tls.Crypto.Random import get_random_bytes
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
-                                  VoidPointer, SmartPointer,
-                                  create_string_buffer,
-                                  get_raw_buffer, c_size_t,
-                                  c_uint8_ptr)
-
-_raw_blake2b_lib = load_pycryptodome_raw_lib("Crypto.Hash._BLAKE2b",
-                        """
-                        int blake2b_init(void **state,
-                                         const uint8_t *key,
-                                         size_t key_size,
-                                         size_t digest_size);
-                        int blake2b_destroy(void *state);
-                        int blake2b_update(void *state,
-                                           const uint8_t *buf,
-                                           size_t len);
-                        int blake2b_digest(const void *state,
-                                           uint8_t digest[64]);
-                        int blake2b_copy(const void *src, void *dst);
-                        """)
-
-
-class BLAKE2b_Hash(object):
-    """A BLAKE2b hash object.
-    Do not instantiate directly. Use the :func:`new` function.
-
-    :ivar oid: ASN.1 Object ID
-    :vartype oid: string
-
-    :ivar block_size: the size in bytes of the internal message block,
-                      input to the compression function
-    :vartype block_size: integer
-
-    :ivar digest_size: the size in bytes of the resulting hash
-    :vartype digest_size: integer
-    """
-
-    # The internal block size of the hash algorithm in bytes.
-    block_size = 64
-
-    def __init__(self, data, key, digest_bytes, update_after_digest):
-
-        # The size of the resulting hash in bytes.
-        self.digest_size = digest_bytes
-
-        self._update_after_digest = update_after_digest
-        self._digest_done = False
-
-        # See https://tools.ietf.org/html/rfc7693
-        if digest_bytes in (20, 32, 48, 64) and not key:
-            self.oid = "1.3.6.1.4.1.1722.12.2.1." + str(digest_bytes)
-
-        state = VoidPointer()
-        result = _raw_blake2b_lib.blake2b_init(state.address_of(),
-                                               c_uint8_ptr(key),
-                                               c_size_t(len(key)),
-                                               c_size_t(digest_bytes)
-                                               )
-        if result:
-            raise ValueError("Error %d while instantiating BLAKE2b" % result)
-        self._state = SmartPointer(state.get(),
-                                   _raw_blake2b_lib.blake2b_destroy)
-        if data:
-            self.update(data)
-
-
-    def update(self, data):
-        """Continue hashing of a message by consuming the next chunk of data.
-
-        Args:
-            data (bytes/bytearray/memoryview): The next chunk of the message being hashed.
-        """
-
-        if self._digest_done and not self._update_after_digest:
-            raise TypeError("You can only call 'digest' or 'hexdigest' on this object")
-
-        result = _raw_blake2b_lib.blake2b_update(self._state.get(),
-                                                 c_uint8_ptr(data),
-                                                 c_size_t(len(data)))
-        if result:
-            raise ValueError("Error %d while hashing BLAKE2b data" % result)
-        return self
-
-
-    def digest(self):
-        """Return the **binary** (non-printable) digest of the message that has been hashed so far.
-
-        :return: The hash digest, computed over the data processed so far.
-                 Binary form.
-        :rtype: byte string
-        """
-
-        bfr = create_string_buffer(64)
-        result = _raw_blake2b_lib.blake2b_digest(self._state.get(),
-                                                 bfr)
-        if result:
-            raise ValueError("Error %d while creating BLAKE2b digest" % result)
-
-        self._digest_done = True
-
-        return get_raw_buffer(bfr)[:self.digest_size]
-
-
-    def hexdigest(self):
-        """Return the **printable** digest of the message that has been hashed so far.
-
-        :return: The hash digest, computed over the data processed so far.
-                 Hexadecimal encoded.
-        :rtype: string
-        """
-
-        return "".join(["%02x" % bord(x) for x in tuple(self.digest())])
-
-
-    def verify(self, mac_tag):
-        """Verify that a given **binary** MAC (computed by another party)
-        is valid.
-
-        Args:
-          mac_tag (bytes/bytearray/memoryview): the expected MAC of the message.
-
-        Raises:
-            ValueError: if the MAC does not match. It means that the message
-                has been tampered with or that the MAC key is incorrect.
-        """
-
-        secret = get_random_bytes(16)
-
-        mac1 = new(digest_bits=160, key=secret, data=mac_tag)
-        mac2 = new(digest_bits=160, key=secret, data=self.digest())
-
-        if mac1.digest() != mac2.digest():
-            raise ValueError("MAC check failed")
-
-
-    def hexverify(self, hex_mac_tag):
-        """Verify that a given **printable** MAC (computed by another party)
-        is valid.
-
-        Args:
-            hex_mac_tag (string): the expected MAC of the message, as a hexadecimal string.
-
-        Raises:
-            ValueError: if the MAC does not match. It means that the message
-                has been tampered with or that the MAC key is incorrect.
-        """
-
-        self.verify(unhexlify(tobytes(hex_mac_tag)))
-
-
-    def new(self, **kwargs):
-        """Return a new instance of a BLAKE2b hash object.
-        See :func:`new`.
-        """
-
-        if "digest_bytes" not in kwargs and "digest_bits" not in kwargs:
-            kwargs["digest_bytes"] = self.digest_size
-
-        return new(**kwargs)
-
-
-def new(**kwargs):
-    """Create a new hash object.
-
-    Args:
-        data (bytes/bytearray/memoryview):
-            Optional. The very first chunk of the message to hash.
-            It is equivalent to an early call to :meth:`BLAKE2b_Hash.update`.
-        digest_bytes (integer):
-            Optional. The size of the digest, in bytes (1 to 64). Default is 64.
-        digest_bits (integer):
-            Optional and alternative to ``digest_bytes``.
-            The size of the digest, in bits (8 to 512, in steps of 8).
-            Default is 512.
-        key (bytes/bytearray/memoryview):
-            Optional. The key to use to compute the MAC (1 to 64 bytes).
-            If not specified, no key will be used.
-        update_after_digest (boolean):
-            Optional. By default, a hash object cannot be updated anymore after
-            the digest is computed. When this flag is ``True``, such check
-            is no longer enforced.
-
-    Returns:
-        A :class:`BLAKE2b_Hash` hash object
-    """
-
-    data = kwargs.pop("data", None)
-    update_after_digest = kwargs.pop("update_after_digest", False)
-
-    digest_bytes = kwargs.pop("digest_bytes", None)
-    digest_bits = kwargs.pop("digest_bits", None)
-    if None not in (digest_bytes, digest_bits):
-        raise TypeError("Only one digest parameter must be provided")
-    if (None, None) == (digest_bytes, digest_bits):
-        digest_bytes = 64
-    if digest_bytes is not None:
-        if not (1 <= digest_bytes <= 64):
-            raise ValueError("'digest_bytes' not in range 1..64")
-    else:
-        if not (8 <= digest_bits <= 512) or (digest_bits % 8):
-            raise ValueError("'digest_bytes' not in range 8..512, "
-                             "with steps of 8")
-        digest_bytes = digest_bits // 8
-
-    key = kwargs.pop("key", b"")
-    if len(key) > 64:
-        raise ValueError("BLAKE2s key cannot exceed 64 bytes")
-
-    if kwargs:
-        raise TypeError("Unknown parameters: " + str(kwargs))
-
-    return BLAKE2b_Hash(data, key, digest_bytes, update_after_digest)

tls/pycryptoMod/lib/Crypto/Hash/BLAKE2b.pyi

@@ -1,31 +0,0 @@
-from typing import Any, Union
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-class BLAKE2b_Hash(object):
-    block_size: int
-    digest_size: int
-    oid: str
-
-    def __init__(self,
-                 data: Buffer,
-		 key: Buffer,
-		 digest_bytes: bytes,
-		 update_after_digest: bool) -> None: ...
-    def update(self, data: Buffer) -> BLAKE2b_Hash: ...
-    def digest(self) -> bytes: ...
-    def hexdigest(self) -> str: ...
-    def verify(self, mac_tag: Buffer) -> None: ...
-    def hexverify(self, hex_mac_tag: str) -> None: ...
-    def new(self,
-            data: Buffer = ...,
-	    digest_bytes: int = ...,
-	    digest_bits: int = ...,
-	    key: Buffer = ...,
-	    update_after_digest: bool = ...) -> BLAKE2b_Hash: ...
-
-def new(data: Buffer = ...,
-	digest_bytes: int = ...,
-	digest_bits: int = ...,
-	key: Buffer = ...,
-	update_after_digest: bool = ...) -> BLAKE2b_Hash: ...

tls/pycryptoMod/lib/Crypto/Hash/BLAKE2s.py

@@ -1,247 +0,0 @@
-# ===================================================================
-#
-# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# ===================================================================
-
-from binascii import unhexlify
-
-from tls.Crypto.Util.py3compat import bord, tobytes
-
-from tls.Crypto.Random import get_random_bytes
-from tls.Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
-                                  VoidPointer, SmartPointer,
-                                  create_string_buffer,
-                                  get_raw_buffer, c_size_t,
-                                  c_uint8_ptr)
-
-_raw_blake2s_lib = load_pycryptodome_raw_lib("Crypto.Hash._BLAKE2s",
-                        """
-                        int blake2s_init(void **state,
-                                         const uint8_t *key,
-                                         size_t key_size,
-                                         size_t digest_size);
-                        int blake2s_destroy(void *state);
-                        int blake2s_update(void *state,
-                                           const uint8_t *buf,
-                                           size_t len);
-                        int blake2s_digest(const void *state,
-                                           uint8_t digest[32]);
-                        int blake2s_copy(const void *src, void *dst);
-                        """)
-
-
-class BLAKE2s_Hash(object):
-    """A BLAKE2s hash object.
-    Do not instantiate directly. Use the :func:`new` function.
-
-    :ivar oid: ASN.1 Object ID
-    :vartype oid: string
-
-    :ivar block_size: the size in bytes of the internal message block,
-                      input to the compression function
-    :vartype block_size: integer
-
-    :ivar digest_size: the size in bytes of the resulting hash
-    :vartype digest_size: integer
-    """
-
-    # The internal block size of the hash algorithm in bytes.
-    block_size = 32
-
-    def __init__(self, data, key, digest_bytes, update_after_digest):
-
-        # The size of the resulting hash in bytes.
-        self.digest_size = digest_bytes
-
-        self._update_after_digest = update_after_digest
-        self._digest_done = False
-
-        # See https://tools.ietf.org/html/rfc7693
-        if digest_bytes in (16, 20, 28, 32) and not key:
-            self.oid = "1.3.6.1.4.1.1722.12.2.2." + str(digest_bytes)
-
-        state = VoidPointer()
-        result = _raw_blake2s_lib.blake2s_init(state.address_of(),
-                                               c_uint8_ptr(key),
-                                               c_size_t(len(key)),
-                                               c_size_t(digest_bytes)
-                                               )
-        if result:
-            raise ValueError("Error %d while instantiating BLAKE2s" % result)
-        self._state = SmartPointer(state.get(),
-                                   _raw_blake2s_lib.blake2s_destroy)
-        if data:
-            self.update(data)
-
-
-    def update(self, data):
-        """Continue hashing of a message by consuming the next chunk of data.
-
-        Args:
-            data (byte string/byte array/memoryview): The next chunk of the message being hashed.
-        """
-
-        if self._digest_done and not self._update_after_digest:
-            raise TypeError("You can only call 'digest' or 'hexdigest' on this object")
-
-        result = _raw_blake2s_lib.blake2s_update(self._state.get(),
-                                                 c_uint8_ptr(data),
-                                                 c_size_t(len(data)))
-        if result:
-            raise ValueError("Error %d while hashing BLAKE2s data" % result)
-        return self
-
-
-    def digest(self):
-        """Return the **binary** (non-printable) digest of the message that has been hashed so far.
-
-        :return: The hash digest, computed over the data processed so far.
-                 Binary form.
-        :rtype: byte string
-        """
-
-        bfr = create_string_buffer(32)
-        result = _raw_blake2s_lib.blake2s_digest(self._state.get(),
-                                                 bfr)
-        if result:
-            raise ValueError("Error %d while creating BLAKE2s digest" % result)
-
-        self._digest_done = True
-
-        return get_raw_buffer(bfr)[:self.digest_size]
-
-
-    def hexdigest(self):
-        """Return the **printable** digest of the message that has been hashed so far.
-
-        :return: The hash digest, computed over the data processed so far.
-                 Hexadecimal encoded.
-        :rtype: string
-        """
-
-        return "".join(["%02x" % bord(x) for x in tuple(self.digest())])
-
-
-    def verify(self, mac_tag):
-        """Verify that a given **binary** MAC (computed by another party)
-        is valid.
-
-        Args:
-          mac_tag (byte string/byte array/memoryview): the expected MAC of the message.
-
-        Raises:
-            ValueError: if the MAC does not match. It means that the message
-                has been tampered with or that the MAC key is incorrect.
-        """
-
-        secret = get_random_bytes(16)
-
-        mac1 = new(digest_bits=160, key=secret, data=mac_tag)
-        mac2 = new(digest_bits=160, key=secret, data=self.digest())
-
-        if mac1.digest() != mac2.digest():
-            raise ValueError("MAC check failed")
-
-
-    def hexverify(self, hex_mac_tag):
-        """Verify that a given **printable** MAC (computed by another party)
-        is valid.
-
-        Args:
-            hex_mac_tag (string): the expected MAC of the message, as a hexadecimal string.
-
-        Raises:
-            ValueError: if the MAC does not match. It means that the message
-                has been tampered with or that the MAC key is incorrect.
-        """
-
-        self.verify(unhexlify(tobytes(hex_mac_tag)))
-
-
-    def new(self, **kwargs):
-        """Return a new instance of a BLAKE2s hash object.
-        See :func:`new`.
-        """
-
-        if "digest_bytes" not in kwargs and "digest_bits" not in kwargs:
-            kwargs["digest_bytes"] = self.digest_size
-
-        return new(**kwargs)
-
-
-def new(**kwargs):
-    """Create a new hash object.
-
-    Args:
-        data (byte string/byte array/memoryview):
-            Optional. The very first chunk of the message to hash.
-            It is equivalent to an early call to :meth:`BLAKE2s_Hash.update`.
-        digest_bytes (integer):
-            Optional. The size of the digest, in bytes (1 to 32). Default is 32.
-        digest_bits (integer):
-            Optional and alternative to ``digest_bytes``.
-            The size of the digest, in bits (8 to 256, in steps of 8).
-            Default is 256.
-        key (byte string):
-            Optional. The key to use to compute the MAC (1 to 64 bytes).
-            If not specified, no key will be used.
-        update_after_digest (boolean):
-            Optional. By default, a hash object cannot be updated anymore after
-            the digest is computed. When this flag is ``True``, such check
-            is no longer enforced.
-
-    Returns:
-        A :class:`BLAKE2s_Hash` hash object
-    """
-
-    data = kwargs.pop("data", None)
-    update_after_digest = kwargs.pop("update_after_digest", False)
-
-    digest_bytes = kwargs.pop("digest_bytes", None)
-    digest_bits = kwargs.pop("digest_bits", None)
-    if None not in (digest_bytes, digest_bits):
-        raise TypeError("Only one digest parameter must be provided")
-    if (None, None) == (digest_bytes, digest_bits):
-        digest_bytes = 32
-    if digest_bytes is not None:
-        if not (1 <= digest_bytes <= 32):
-            raise ValueError("'digest_bytes' not in range 1..32")
-    else:
-        if not (8 <= digest_bits <= 256) or (digest_bits % 8):
-            raise ValueError("'digest_bytes' not in range 8..256, "
-                             "with steps of 8")
-        digest_bytes = digest_bits // 8
-
-    key = kwargs.pop("key", b"")
-    if len(key) > 32:
-        raise ValueError("BLAKE2s key cannot exceed 32 bytes")
-
-    if kwargs:
-        raise TypeError("Unknown parameters: " + str(kwargs))
-
-    return BLAKE2s_Hash(data, key, digest_bytes, update_after_digest)

tls/pycryptoMod/lib/Crypto/Hash/BLAKE2s.pyi

@@ -1,26 +0,0 @@
-from typing import Any, Union
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-class BLAKE2s_Hash(object):
-    block_size: int
-    digest_size: int
-    oid: str
-
-    def __init__(self,
-                 data: Buffer,
-		 key: Buffer,
-		 digest_bytes: bytes,
-		 update_after_digest: bool) -> None: ...
-    def update(self, data: Buffer) -> BLAKE2s_Hash: ...
-    def digest(self) -> bytes: ...
-    def hexdigest(self) -> str: ...
-    def verify(self, mac_tag: Buffer) -> None: ...
-    def hexverify(self, hex_mac_tag: str) -> None: ...
-    def new(self, **kwargs: Any) -> BLAKE2s_Hash: ...
-
-def new(data: Buffer = ...,
-	digest_bytes: int = ...,
-	digest_bits: int = ...,
-	key: Buffer = ...,
-	update_after_digest: bool = ...) -> BLAKE2s_Hash: ...

tls/pycryptoMod/lib/Crypto/Hash/CMAC.py

@@ -1,305 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-# Hash/CMAC.py - Implements the CMAC algorithm
-#
-# ===================================================================
-# The contents of this file are dedicated to the public domain.  To
-# the extent that dedication to the public domain is not available,
-# everyone is granted a worldwide, perpetual, royalty-free,
-# non-exclusive license to exercise all rights associated with the
-# contents of this file for any purpose whatsoever.
-# No rights are reserved.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
-# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
-# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-# ===================================================================
-
-import sys
-from binascii import unhexlify
-
-from tls.Crypto.Hash import BLAKE2s
-from tls.Crypto.Util.strxor import strxor
-from tls.Crypto.Util.number import long_to_bytes, bytes_to_long
-from tls.Crypto.Util.py3compat import bord, tobytes, _copy_bytes
-from tls.Crypto.Random import get_random_bytes
-
-if sys.version_info[:2] == (2, 6):
-    memoryview = bytes
-
-# The size of the authentication tag produced by the MAC.
-digest_size = None
-
-
-def _shift_bytes(bs, xor_lsb=0):
-    num = (bytes_to_long(bs) << 1) ^ xor_lsb
-    return long_to_bytes(num, len(bs))[-len(bs):]
-
-
-class CMAC(object):
-    """A CMAC hash object.
-    Do not instantiate directly. Use the :func:`new` function.
-
-    :ivar digest_size: the size in bytes of the resulting MAC tag
-    :vartype digest_size: integer
-    """
-
-    digest_size = None
-
-    def __init__(self, key, msg, ciphermod, cipher_params, mac_len,
-                 update_after_digest):
-
-        self.digest_size = mac_len
-
-        self._key = _copy_bytes(None, None, key)
-        self._factory = ciphermod
-        self._cipher_params = cipher_params
-        self._block_size = bs = ciphermod.block_size
-        self._mac_tag = None
-        self._update_after_digest = update_after_digest
-
-        # Section 5.3 of NIST SP 800 38B and Appendix B
-        if bs == 8:
-            const_Rb = 0x1B
-            self._max_size = 8 * (2 ** 21)
-        elif bs == 16:
-            const_Rb = 0x87
-            self._max_size = 16 * (2 ** 48)
-        else:
-            raise TypeError("CMAC requires a cipher with a block size"
-                            " of 8 or 16 bytes, not %d" % bs)
-
-        # Compute sub-keys
-        zero_block = b'\x00' * bs
-        self._ecb = ciphermod.new(key,
-                                  ciphermod.MODE_ECB,
-                                  **self._cipher_params)
-        L = self._ecb.encrypt(zero_block)
-        if bord(L[0]) & 0x80:
-            self._k1 = _shift_bytes(L, const_Rb)
-        else:
-            self._k1 = _shift_bytes(L)
-        if bord(self._k1[0]) & 0x80:
-            self._k2 = _shift_bytes(self._k1, const_Rb)
-        else:
-            self._k2 = _shift_bytes(self._k1)
-
-        # Initialize CBC cipher with zero IV
-        self._cbc = ciphermod.new(key,
-                                  ciphermod.MODE_CBC,
-                                  zero_block,
-                                  **self._cipher_params)
-
-        # Cache for outstanding data to authenticate
-        self._cache = bytearray(bs)
-        self._cache_n = 0
-
-        # Last piece of ciphertext produced
-        self._last_ct = zero_block
-
-        # Last block that was encrypted with AES
-        self._last_pt = None
-
-        # Counter for total message size
-        self._data_size = 0
-
-        if msg:
-            self.update(msg)
-
-    def update(self, msg):
-        """Authenticate the next chunk of message.
-
-        Args:
-            data (byte string/byte array/memoryview): The next chunk of data
-        """
-
-        if self._mac_tag is not None and not self._update_after_digest:
-            raise TypeError("update() cannot be called after digest() or verify()")
-
-        self._data_size += len(msg)
-        bs = self._block_size
-
-        if self._cache_n > 0:
-            filler = min(bs - self._cache_n, len(msg))
-            self._cache[self._cache_n:self._cache_n+filler] = msg[:filler]
-            self._cache_n += filler
-
-            if self._cache_n < bs:
-                return self
-
-            msg = memoryview(msg)[filler:]
-            self._update(self._cache)
-            self._cache_n = 0
-
-        remain = len(msg) % bs
-        if remain > 0:
-            self._update(msg[:-remain])
-            self._cache[:remain] = msg[-remain:]
-        else:
-            self._update(msg)
-        self._cache_n = remain
-        return self
-
-    def _update(self, data_block):
-        """Update a block aligned to the block boundary"""
-        
-        bs = self._block_size
-        assert len(data_block) % bs == 0
-
-        if len(data_block) == 0:
-            return
-
-        ct = self._cbc.encrypt(data_block)
-        if len(data_block) == bs:
-            second_last = self._last_ct
-        else:
-            second_last = ct[-bs*2:-bs]
-        self._last_ct = ct[-bs:]
-        self._last_pt = strxor(second_last, data_block[-bs:])
-
-    def copy(self):
-        """Return a copy ("clone") of the CMAC object.
-
-        The copy will have the same internal state as the original CMAC
-        object.
-        This can be used to efficiently compute the MAC tag of byte
-        strings that share a common initial substring.
-
-        :return: An :class:`CMAC`
-        """
-
-        obj = self.__new__(CMAC)
-        obj.__dict__ = self.__dict__.copy()
-        obj._cbc = self._factory.new(self._key,
-                                     self._factory.MODE_CBC,
-                                     self._last_ct,
-                                     **self._cipher_params)
-        obj._cache = self._cache[:]
-        obj._last_ct = self._last_ct[:]
-        return obj
-
-    def digest(self):
-        """Return the **binary** (non-printable) MAC tag of the message
-        that has been authenticated so far.
-
-        :return: The MAC tag, computed over the data processed so far.
-                 Binary form.
-        :rtype: byte string
-        """
-
-        bs = self._block_size
-
-        if self._mac_tag is not None and not self._update_after_digest:
-            return self._mac_tag
-
-        if self._data_size > self._max_size:
-            raise ValueError("MAC is unsafe for this message")
-
-        if self._cache_n == 0 and self._data_size > 0:
-            # Last block was full
-            pt = strxor(self._last_pt, self._k1)
-        else:
-            # Last block is partial (or message length is zero)
-            partial = self._cache[:]
-            partial[self._cache_n:] = b'\x80' + b'\x00' * (bs - self._cache_n - 1)
-            pt = strxor(strxor(self._last_ct, partial), self._k2)
-
-        self._mac_tag = self._ecb.encrypt(pt)[:self.digest_size]
-
-        return self._mac_tag
-
-    def hexdigest(self):
-        """Return the **printable** MAC tag of the message authenticated so far.
-
-        :return: The MAC tag, computed over the data processed so far.
-                 Hexadecimal encoded.
-        :rtype: string
-        """
-
-        return "".join(["%02x" % bord(x)
-                        for x in tuple(self.digest())])
-
-    def verify(self, mac_tag):
-        """Verify that a given **binary** MAC (computed by another party)
-        is valid.
-
-        Args:
-          mac_tag (byte string/byte array/memoryview): the expected MAC of the message.
-
-        Raises:
-            ValueError: if the MAC does not match. It means that the message
-                has been tampered with or that the MAC key is incorrect.
-        """
-
-        secret = get_random_bytes(16)
-
-        mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=mac_tag)
-        mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=self.digest())
-
-        if mac1.digest() != mac2.digest():
-            raise ValueError("MAC check failed")
-
-    def hexverify(self, hex_mac_tag):
-        """Return the **printable** MAC tag of the message authenticated so far.
-
-        :return: The MAC tag, computed over the data processed so far.
-                 Hexadecimal encoded.
-        :rtype: string
-        """
-
-        self.verify(unhexlify(tobytes(hex_mac_tag)))
-
-
-def new(key, msg=None, ciphermod=None, cipher_params=None, mac_len=None,
-        update_after_digest=False):
-    """Create a new MAC object.
-
-    Args:
-        key (byte string/byte array/memoryview):
-            key for the CMAC object.
-            The key must be valid for the underlying cipher algorithm.
-            For instance, it must be 16 bytes long for AES-128.
-        ciphermod (module):
-            A cipher module from :mod:`Crypto.Cipher`.
-            The cipher's block size has to be 128 bits,
-            like :mod:`Crypto.Cipher.AES`, to reduce the probability
-            of collisions.
-        msg (byte string/byte array/memoryview):
-            Optional. The very first chunk of the message to authenticate.
-            It is equivalent to an early call to `CMAC.update`. Optional.
-        cipher_params (dict):
-            Optional. A set of parameters to use when instantiating a cipher
-            object.
-        mac_len (integer):
-            Length of the MAC, in bytes.
-            It must be at least 4 bytes long.
-            The default (and recommended) length matches the size of a cipher block.
-        update_after_digest (boolean):
-            Optional. By default, a hash object cannot be updated anymore after
-            the digest is computed. When this flag is ``True``, such check
-            is no longer enforced.
-    Returns:
-        A :class:`CMAC` object
-    """
-
-    if ciphermod is None:
-        raise TypeError("ciphermod must be specified (try AES)")
-
-    cipher_params = {} if cipher_params is None else dict(cipher_params)
-
-    if mac_len is None:
-        mac_len = ciphermod.block_size
-    
-    if mac_len < 4:
-        raise ValueError("MAC tag length must be at least 4 bytes long")
-    
-    if mac_len > ciphermod.block_size:
-        raise ValueError("MAC tag length cannot be larger than a cipher block (%d) bytes" % ciphermod.block_size)
-
-    return CMAC(key, msg, ciphermod, cipher_params, mac_len,
-                update_after_digest)

tls/pycryptoMod/lib/Crypto/Hash/CMAC.pyi

@@ -1,30 +0,0 @@
-from types import ModuleType
-from typing import Union, Dict
-
-Buffer = Union[bytes, bytearray, memoryview]
-
-digest_size: int
-
-class CMAC(object):
-    digest_size: int
-
-    def __init__(self,
-		 key: Buffer,
-                 msg: Buffer,
-		 ciphermod: ModuleType,
-		 cipher_params: dict,
-                 mac_len: int, update_after_digest: bool) -> None: ...
-    def update(self, data: Buffer) -> CMAC: ...
-    def copy(self) -> CMAC: ...
-    def digest(self) -> bytes: ...
-    def hexdigest(self) -> str: ...
-    def verify(self, mac_tag: Buffer) -> None: ...
-    def hexverify(self, hex_mac_tag: str) -> None: ...
-
-
-def new(key: Buffer,
-        msg: Buffer = ...,
-	ciphermod: ModuleType = ...,
-	cipher_params: Dict = ...,
-	mac_len: int = ...,
-        update_after_digest: bool = ...) -> CMAC: ...

tls/pycryptoMod/lib/Crypto/Hash/HMAC.py

@@ -1,213 +0,0 @@
-#
-# HMAC.py - Implements the HMAC algorithm as described by RFC 2104.
-#
-# ===================================================================
-#
-# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-# ===================================================================
-
-from tls.Crypto.Util.py3compat import bord, tobytes, _memoryview
-
-from binascii import unhexlify
-
-from tls.Crypto.Hash import MD5
-from tls.Crypto.Hash import BLAKE2s
-from tls.Crypto.Util.strxor import strxor
-from tls.Crypto.Random import get_random_bytes
-
-__all__ = ['new', 'HMAC']
-
-
-class HMAC(object):
-    """An HMAC hash object.
-    Do not instantiate directly. Use the :func:`new` function.
-
-    :ivar digest_size: the size in bytes of the resulting MAC tag
-    :vartype digest_size: integer
-    """
-
-    def __init__(self, key, msg=b"", digestmod=None):
-
-        if digestmod is None:
-            digestmod = MD5
-
-        if msg is None:
-            msg = b""
-
-        # Size of the MAC tag
-        self.digest_size = digestmod.digest_size
-
-        self._digestmod = digestmod
-
-        if isinstance(key, _memoryview):
-            key = key.tobytes()
-
-        try:
-            if len(key) <= digestmod.block_size:
-                # Step 1 or 2
-                key_0 = key + b"\x00" * (digestmod.block_size - len(key))
-            else:
-                # Step 3
-                hash_k = digestmod.new(key).digest()
-                key_0 = hash_k + b"\x00" * (digestmod.block_size - len(hash_k))
-        except AttributeError:
-            # Not all hash types have "block_size"
-            raise ValueError("Hash type incompatible to HMAC")
-
-        # Step 4
-        key_0_ipad = strxor(key_0, b"\x36" * len(key_0))
-
-        # Start step 5 and 6
-        self._inner = digestmod.new(key_0_ipad)
-        self._inner.update(msg)
-
-        # Step 7
-        key_0_opad = strxor(key_0, b"\x5c" * len(key_0))
-
-        # Start step 8 and 9
-        self._outer = digestmod.new(key_0_opad)
-
-    def update(self, msg):
-        """Authenticate the next chunk of message.
-
-        Args:
-            data (byte string/byte array/memoryview): The next chunk of data
-        """
-
-        self._inner.update(msg)
-        return self
-
-    def _pbkdf2_hmac_assist(self, first_digest, iterations):
-        """Carry out the expensive inner loop for PBKDF2-HMAC"""
-
-        result = self._digestmod._pbkdf2_hmac_assist(
-                                    self._inner,
-                                    self._outer,
-                                    first_digest,
-                                    iterations)
-        return result
-
-    def copy(self):
-        """Return a copy ("clone") of the HMAC object.
-
-        The copy will have the same internal state as the original HMAC
-        object.
-        This can be used to efficiently compute the MAC tag of byte
-        strings that share a common initial substring.
-
-        :return: An :class:`HMAC`
-        """
-
-        new_hmac = HMAC(b"fake key", digestmod=self._digestmod)
-
-        # Syncronize the state
-        new_hmac._inner = self._inner.copy()
-        new_hmac._outer = self._outer.copy()
-
-        return new_hmac
-
-    def digest(self):
-        """Return the **binary** (non-printable) MAC tag of the message
-        authenticated so far.
-
-        :return: The MAC tag digest, computed over the data processed so far.
-                 Binary form.
-        :rtype: byte string
-        """
-
-        frozen_outer_hash = self._outer.copy()
-        frozen_outer_hash.update(self._inner.digest())
-        return frozen_outer_hash.digest()
-
-    def verify(self, mac_tag):
-        """Verify that a given **binary** MAC (computed by another party)
-        is valid.
-
-        Args:
-          mac_tag (byte string/byte string/memoryview): the expected MAC of the message.
-
-        Raises:
-            ValueError: if the MAC does not match. It means that the message
-                has been tampered with or that the MAC key is incorrect.
-        """
-
-        secret = get_random_bytes(16)
-
-        mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=mac_tag)
-        mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=self.digest())
-
-        if mac1.digest() != mac2.digest():
-            raise ValueError("MAC check failed")
-
-    def hexdigest(self):
-        """Return the **printable** MAC tag of the message authenticated so far.
-
-        :return: The MAC tag, computed over the data processed so far.
-                 Hexadecimal encoded.
-        :rtype: string
-        """
-
-        return "".join(["%02x" % bord(x)
-                        for x in tuple(self.digest())])
-
-    def hexverify(self, hex_mac_tag):
-        """Verify that a given **printable** MAC (computed by another party)
-        is valid.
-
-        Args:
-            hex_mac_tag (string): the expected MAC of the message,
-                as a hexadecimal string.
-
-        Raises:
-            ValueError: if the MAC does not match. It means that the message
-                has been tampered with or that the MAC key is incorrect.
-        """
-
-        self.verify(unhexlify(tobytes(hex_mac_tag)))
-
-
-def new(key, msg=b"", digestmod=None):
-    """Create a new MAC object.
-
-    Args:
-        key (bytes/bytearray/memoryview):
-            key for the MAC object.
-            It must be long enough to match the expected security level of the
-            MAC.
-        msg (bytes/bytearray/memoryview):
-            Optional. The very first chunk of the message to authenticate.
-            It is equivalent to an early call to :meth:`HMAC.update`.
-        digestmod (module):
-            The hash to use to implement the HMAC.
-            Default is :mod:`Crypto.Hash.MD5`.
-
-    Returns:
-        An :class:`HMAC` object
-    """
-
-    return HMAC(key, msg, digestmod)