.T      !"#$%&'()*+,-./01234 5 6 7 8 9 : ; < = > ? @ABCDEFGHIJKLMNOPQRSNoneTT( currently requires that the bitSize of a divide the bitSize  of w UDue to the limitations of T, U currently requires that the  bitSize of a divide the bitSize of w ( currently requires that the bitSize of a divide 32 ( currently requires that the bitSize of a divide 64 ( currently requires that the bitSize of a divide 64 ( currently requires that the bitSize of a divide 32  shaXXXAscii1 assumes that all characters of the strings are A ISO-latin-1 characters. ie. each characters fits in one octet. V2Below are test cases from the FIPS 180-2 document .WXYZ[\]^_`abcdTefUg Vhijklmnopqrst      %WXYZ[\]^_`abcdTefUg Vhijklmnopqrst Safe-Inferred(uvwxyz{|}~uvwxyz{|}~!uvwxyz{|}~portable experimental!dominic.steinitz@blueyonder.co.uk Safe-Inferred ?In CBC or Cipher Block Chaining mode each block is XORed with B the previous enciphered block before encryption. For the first - block, start with an initialization vector. B Take an encryption function, an initialisation vector, a key and = a list of blocks and return the encrypted blocks using CBC. =To decipher in CBC or Cipher Block Chaining mode, decipher = each block, then XOR the result with the previous block of K plaintext result. Note that the initialization vector is treated as the  zeroth block of plaintext. H Take a decryption function, an initialisation vector, a key and a list < of encrypted blocks using CBC and return plaintext blocks.      Safe-Inferred portable experimental&john@repetae.net (http://repetae.net/) Safe-Inferredportable experimental!dominic.steinitz@blueyonder.co.uk Safe-Inferred Safe-Inferred%%portable experimental!dominic.steinitz@blueyonder.co.uk Safe-InferredABasic DES encryption which takes a key and a block of plaintext J and returns the encrypted block of ciphertext according to the standard. EBasic DES decryption which takes a key and a block of ciphertext and E returns the decrypted block of plaintext according to the standard.  Safe-Inferred !"#$%&'(  !"#$%&'(  $!"#%&(' !"#$%&'(portable experimental!dominic.steinitz@blueyonder.co.uk Safe-Inferred )*The basic type for encoding and decoding. *:Take a number a convert it to base n as a list of octets. BThis is used to (approximately) get back to a starting word list. G For example, if you have a list of 3 Word8 and try to convert them to H a Word32, the Word32 will get null-padded, and without correction, you ; will get 4 Word8s when converting back. This corrects it. H Unfortunately, it also means you will have errors if trying to convert $ Word8 lists with nulls on the end. +2Converts a list of numbers into a list of octets. I The resultant list has nulls trimmed from the end to make this the dual J of listFromOctets (except when the original octet list ended with nulls;  see ). ,The most significant bit of an ). -DTake a list of octets (a number expressed in base n) and convert it  to a number. .See +. /BTake the length of the required number of octets and convert the D number to base 256 padding it out to the required length. If the F required length is less than the number of octets of the converted F number then return the converted number. NB this is different from  the standard  8ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf % but mimics how replicate behaves. 0Convert from twos complement. )*+,-./01 )*+,-./01 ),01*-.+/ )*+,-./01 non-portable experimental!dominic.steinitz@blueyonder.co.uk Safe-Inferred2BTake the modulus of the RSA key and the public exponent expressed B as lists of octets and the plaintext also expressed as a list of B octets and return the ciphertext as a list of octets. Of course, > these are all large integers but using lists of octets makes  everything easier. See   9http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/index.html for more  details. 3CTake the modulus of the RSA key and the private exponent expressed C as lists of octets and the ciphertext also expressed as a list of 6 octets and return the plaintext as a list of octets. 23232323  non-portable experimental!dominic.steinitz@blueyonder.co.uk Safe-Inferred4HTake a mask generating function, a hash function, a label (which may be L null), a random seed, the modulus of the key and the message and returns F an encoded message. NB you could pass in the length of the modulus F but it seems safer to pass in the modulus itself and calculate the  length when required. See   8ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf for more  details. 5HTake a mask generating function, a hash function, a label (which may be 2 null) and the message and returns the decoded. 45454545 portable experimental!dominic.steinitz@blueyonder.co.uk Safe-Inferred6<Take a hash function, a seed and the intended length of the 8 the mask and deliver a mask of the requested length. 6666 Safe-Inferred#key (16 octets) msg (16 octets) enciphered msg (16 octets) key (24 octets) msg (16 octets) enciphered msg (16 octets) key (32 octets) msg (16 octets) enciphered msg (16 octets) key (16 octets) enciphered msg (16 octets) deciphered msg (16 octets) key (24 octets) enciphered msg (16 octets) deciphered msg (16 octets) key (32 octets) enciphered msg (16 octets) deciphered msg (16 octets) nr nk key msg enciphered msg nr nk key enciphered msg deciphered msg      "      portable experimental!dominic.steinitz@blueyonder.co.uk Safe-Inferred8ABasic AES encryption which takes a key and a block of plaintext J and returns the encrypted block of ciphertext according to the standard. 9EBasic AES decryption which takes a key and a block of ciphertext and E returns the decrypted block of plaintext according to the standard. 789 !789897 789 !  non-portable experimental!dominic.steinitz@blueyonder.co.uk Safe-Inferred:FBasic Blowfish encryption which takes a key and a block of plaintext J and returns the encrypted block of ciphertext according to the standard. ? Typical keys are Word8, Word16, Word32, Word64, Word128. See   &http://www.counterpane.com/vectors.txt. ;FBasic Blowfish decryption which takes a key and a block of ciphertext / and returns the decrypted block of plaintext. :;"#:;:;:;"# portable experimental!dominic.steinitz@blueyonder.co.uk Safe-Inferred<HWhen the last block of plaintext is shorter than the block size then it F must be padded. PKCS5 specifies that the padding octets should each K contain the number of octets which must be stripped off. So, for example,  with a block size of 8, "0a0b0c" will be padded with "05" resulting in  "0a0b0c0505050505"1. If the final block is a full block of 8 octets  then a whole block of "0808080808080808" is appended. =HWhen the last block of plaintext is shorter than the block size then it N must be padded. Nulls padding specifies that the padding octets should each " contain a null. So, for example,  with a block size of 8, "0a0b0c" will be padded to  "0a0b0c0000000000"1. If the final block is a full block of 8 octets  then a whole block of "0000000000000000" is appended. A NB this is only suitable for data which does not contain nulls,  for example, ASCII. >ATake a list of blocks padded using the method described in PKCS5  (see  .http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5) C and return the list of unpadded octets. NB this function does not F currently check that the padded block is correctly formed and should : only be used for blocks that have been padded correctly. ?(Take a list of blocks padded with nulls B and return the list of unpadded octets. NB if the blocks contain * a null then the result is unpredictable. <=$%>?&<=>?<>=?<=$%>?&portable experimental!dominic.steinitz@blueyonder.co.uk Safe-Inferred'()*@A@A@A'()*@Aportable experimental!dominic.steinitz@blueyonder.co.uk Safe-InferredB Take [Octet] and return [Octet] according to the standard. H The length of the result is always 16 octets or 128 bits as required  by the standard. BBBBportable experimental!dominic.steinitz@blueyonder.co.uk Safe-Inferred+,CD-EF./012345678GCDEFGCDGFE+,CD-EF./012345678GNoneH Take [Octet] and return [Octet] according to the standard. H The length of the result is always 28 octets or 224 bits as required  by the standard. HHHHNoneI Take [Octet] and return [Octet] according to the standard. H The length of the result is always 32 octets or 256 bits as required  by the standard. IIIINoneJ Take [Octet] and return [Octet] according to the standard. H The length of the result is always 48 octets or 384 bits as required  by the standard. JJJJNoneK Take [Octet] and return [Octet] according to the standard. H The length of the result is always 64 octets or 512 bits as required  by the standard. KKKK Safe-InferredL;HMAC works over any hash function, which is represented by : HashMethod. A hash function and input block size must  be specified. NAn arbitrary hash function O0Bit size of an input block to the hash function P=Compute an HMAC using SHA-1 as the underlying hash function. Q;Compute an HMAC using MD5 as the underlying hash function. R7Generalized function for creating HMACs on a specified  hash function. LMNO9:P Secret key  Message text Resulting HMAC-SHA1 value Q Secret key  Message text Resulting HMAC-MD5 value ;<=R(Hash function and associated block size  Secret key  Message text Resulting HMAC value >?@ABCLMNOPQRRPQLMNOLMNO9:PQ;<=R>?@ABC Safe-InferredSCEncode binary data into the bubble babble human readable encoding. I Bubble Babble is an encoding that represents binary data as psuedowords O which are more pronouncable and memorable than standard hexadecimal encoding. ?It is mainly used for representing cryptographic fingerprints. O In addition, there is an amount of redundancy and error correction built into Q the representation so that transcription errors can be more readily identified.  see: http:en.wikipedia.orgwikiBubble_Babble DESSSDESF !"#$%&'()**+,-./0123+,456789:;<=>?@ABCDEFGH+, I J K L + , + , M N O PQRS00TUSSSSSVVWXYZ[I\]^_``abcdefghijklmnopqrstuvwxyz{|}~~3                  ! "#$%&''()*!+,-./0123456789:;<=>Crypto-4.2.5.1Data.Digest.SHA2Codec.Encryption.ModesCodec.Encryption.TEAData.LargeWordCodec.Encryption.DES!Codec.Encryption.RSA.NumberTheory Codec.UtilsCodec.Encryption.RSACodec.Encryption.RSA.EMEOAEPCodec.Encryption.RSA.MGFCodec.Encryption.AESCodec.Encryption.BlowfishCodec.Encryption.PaddingCodec.Text.RawData.Digest.MD5Data.Digest.SHA1Data.Digest.SHA224Data.Digest.SHA256Data.Digest.SHA384Data.Digest.SHA512 Data.HMACCodec.Binary.BubbleBabbleData.Digest.MD5AuxCodec.Encryption.BlowfishAuxCodec.Encryption.DESAuxCodec.Encryption.AESAuxtoOctetsHash224Hash384Hash512Hash256sha256sha384sha512sha224 sha256Ascii sha384Ascii sha512Ascii sha224AsciicbcunCbcTEAKeyencryptdecryptWord256Word224Word192Word160Word128Word96LargeKey randomOctetfactorinverse testInverse extEuclGcdgetPrimepgisPrimesimplePrimalityTestrabinMillerPrimalityTestexpmod/|primesOctet listToOctetsmsb fromOctetslistFromOctetsi2osp fromTwosComp toTwosCompencodedecodemgfAESKeypkcs5padNullsunPkcs5 unPadNullshexdump hexdumpByhash toIntegerlift2 HashMethoddigestinput_blocksize hmac_sha1hmac_md5hmacpaddingsha test_sha256HashHash8ShaData bigSigma0 bigSigma1 smallSigma0 smallSigma1kschmaj blockSize bitsToOctetsshaStepstringToOctets test_sha512 test_sha384 test_sha224 test_sha2 moduleTest $fHashHash224 $fHashHash384 $fHashHash8 $fShowHash224 $fShowHash384 $fShowHash8$fShaDataWord64$fShaDataWord32MD5get_nextlen_padfinishedWordListBoolListStrABCDRotationXYZZord64rotLmd5md5smd5imd5_main md5_do_block md5_roundmd5_inner_functionmd5_fmd5_gmd5_hmd5_i magic_numbersroundsabcd_to_stringdisplay_32bits_as_hexabcd_to_integerrev_numstring_to_word32sbools_to_word32slength_to_chars $fNumABCD $fMD5WordList$fMD5Str $fMD5BoolListBFSboxPboxbfEncbfDec bfMakeKey string2PboxprocKeyiPboxiSbox0iSbox1iSbox2iSbox3delta LargeWordlargeWordToIntegerintegerToLargeWord largeWordPlus largeWordAnd largeWordOrlargeWordShift largeWordXor largeBitSizeaoflkboflk$fEnumLargeKey$fRealLargeKey$fIntegralLargeKey$fBoundedLargeKey$fBitsLargeKey $fNumLargeKey$fShowLargeKey$fLargeWordLargeKey$fLargeWordWord64$fLargeWordWord32Bits64Bits56Bits48Bits32Bits6Bits4BitsXEncMessageKeybitifyunbitifyinitial_permutationkey_transformationdes_encdes_decdo_desdes_workdo_roundget_keycompression_permutationexpansion_permutations_boxs_box_1s_box_2s_box_3s_box_4s_box_5s_box_6s_box_7s_box_8p_box final_permtakeDrop$fBits[]$fNum[]factor_1factor_2extEuclGcd_iter getNumber largestPowerrabinMillerPrimalityTest_iter_1rabinMillerPrimalityTest_iter_2intSqrt trimNullspowersOftoBaseplusOnersaeprsadp xorOctetsState aes128Encrypt aes192Encrypt aes256Encrypt aes128Decrypt aes192Decrypt aes256Decrypt aesEncrypt aesDecryptsboxsboxRevxtimextimeX2xtimeX3xtime03xtime0extime09xtime0dxtime0b generateKeywordify generateKeyssubBytes subBytesRev shiftRows shiftRowsRev mixColumn mixColumns mixColumnRev mixColumnsRev addRoundKeygenAddRoundKey getWord32 putWord32AESKeyIndirectionf$fAESKeyLargeKey$fAESKeyLargeKey0$fAESKeyLargeKey1$fAESKeyIndirectionLargeKey$fAESKeyIndirectionLargeKey0$fAESKeyIndirectionLargeKey1 splitZord64 mergeWord32testPadpadunPad OctetsPerLinesplitgsh AccAndWord160koneBlockssblockWord8sIn512 fromBytesblockWord8sIn32 getWord32sblockWord32sIn512hashOncesha1_hmmd5_hm w160_to_w8s w160_to_w32s w32_to_w8s key_from_user process_padsmake_start_pad opad_pattern ipad_patternbitcountvowel consonant