úÎ!x4m      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklNone2`”pRSAÒA 'mask generation function'. The input is a bytestring, and the output is a hash of the given length. Unless you know what you're doing, you should probably use a MGF1 formulation created with generate_MGF1.RSA8The ASN.1 DER encoding of the hash function identifier.RSAThe hash function RSAÿRRandomly generate a key pair of the given modules length (in bits) to use in any of the following functions. Use of a good random number generator is of considerable importance when using this function. The input CryptoRandomGen should never be used again for any other purpose; either use the output'd generator or throw it all away.!RSAÿCompute a signature for the given ByteString, using the SHA256 algorithm in the computation. This is currently defined as rsassa_pkcs1_v1_5_sign hashSHA256. If you want to use a different function, simply use the PKCS function, below; it will accept arbitrarily-length messages."RSAºVerify a signature for the given ByteString, using the SHA25 algorithm in the computation. Again, if you'd like to use a different algorithm, use the rsassa_pkcs1_v1_5_verify function.#RSAÿ+Encrypt an arbitrarily-sized message given the public key and reasonable options. This is equivalent to calling encryptOAEP with SHA-256 as the hash function, MGF1(SHA-256) as the mask generation function, and no label. NOTE: This hash choice means that your key size must be 1024 bits or larger.$RSAÑEncrypt an arbitrarily-sized message using OAEP encoding. This is the encouraged encoding for doing RSA encryption. Note that your key size must be greater than (2 * hash length + 2) * 8. (For example, the #« convenience function uses a 256 bit / 32 byte hash function. Thus, its key must be greater than (2 * 32 + 2) * 8 = 528 bits long, and we suggest 1024 as a lower bound.)%RSAµEncrypt an arbitrarily-sized message using PKCS1 v1.5 encoding. This encoding is deprecated, and should only be used when interacting with legacy software that cannot be modified.&RSAÝDecrypt an arbitrarily-sized message given the public key and reasonable options. This is equivalent to calling encryptOAEP with SHA-256 as the hash function, MGF1(SHA-256) as the mask generation function, and no label.'RSAtDecrypt an arbitrarily-sized message using OAEP encoding. This is the encouraged encoding for doing RSA encryption.(RSAµDecrypt an arbitrarily-sized message using PKCS1 v1.5 encoding. This encoding is deprecated, and should only be used when interacting with legacy software that cannot be modified.mRSAChunk an aribitrarily-sized message into a series of chunks that can be encrypted by an OAEP encryption / decryption function.nRSA‚Chunk an arbitrarily-sized message into a series of chunks that can be encrypted by a PKCS1 1.5 encryption / decryption function.*RSAqThe generalized implementation of RSAES-OAEP-ENCRYPT. Using the default instantiontion of this, provided by the #q function, is a pretty good plan if this makes no sense to you, as it is instantiated with reasonable defaults.ÿXThe message to be encrypted may not be longer then (k - 2*hLen - 2), where k is the length of the RSA modulus in bytes and hLen is the length of a hash in bytes. Passing in a larger message will generate an error, represented by the Left constructor. Note that this means that OAEP encryption cannot be used with keys smaller than 512 bits.‘I have not put in a check for the length of the label, because I don't expect you to use more than 2^32 bytes. So don't make me regret that, eh?+RSA=The generalized implementation of RSAES-OAEP-DECRYPT. Again, &q initializes this with a pretty good set of defaults if you don't understand what all of the arguments involve.ÌThe ciphertext message passed to this function must be k bytes long, where k is the size of the modulus in bytes. If it is not, this function will generate an error, represented by the Left constructor.òFuther, k (the length of the ciphertext in bytes) must be greater than or equal to (2 * hLen + 2), where hLen is the length of the output of the hash function in bytes. If this equation does not hold, a (different) error will be generated.sFinally, there are any number of internal situations that may generate an error indicating that decryption failed.,RSA‘Implements RSAES-PKCS1-v1.5-Encrypt, for completeness and backward compatibility. Also because I've already written everything else, so why not?ÂThis encryption / padding mechanism has several known attacks, which are described in the literature. So unless you absolutely need to use this for some historical reason, you should avoid it.‚The message to be encrypted must be less then or equal to (k - 11) bytes long, where k is the length of the key modulus in bytes.ÿ}Because this function uses an unknown amount of randomly-generated data, it takes an instance of RandomGen rather than taking a random number as input, and returns the resultant generator as output. You should take care that you (a) do not reuse the input generator, thus losing important randomness, and (b) choose a decent instance of RandomGen for passing to this function.-RSAïImplements RSAES-PKCS1-v1.5-Decrypt, for completeness and possible backward compatibility. Please see the notes for rsaes_pkcs_v1_5_encrypt regarding use of this function in new applications without backwards compatibility requirements.wThe ciphertext message passed to this function must be of length k, where k is the length of the key modulus in bytes..RSAûGenerate a signature for the given message using the given private key, using the RSASSA-PKCS1-v1.5-Sign algorithm. Note that in researching the requirements for this project, several independent sources suggested not using the same key across signvalidate and encrypt&decrypt contexts. You've been warned.VThe output of this function is the signature only, not the message and the signature.ÿkSIZE CONSTRAINT: The size of the public key (in bytes) must be greater than or equal to the length of the hash identifier plus the length of a hash plus 1. Thus, for example, you cannot use a 256 bit RSA key with MD5: 32 (the size of a 256-bit RSA key in bytes) is less than 18 (the size of MD5's identier) + 16 (the size of an MD5 hash in bytes) + 1, or 35.`Thus, * for SHA1 and SHA256, use 512+ bit keys * for SHA384 and SHA512, use 1024+ bit keys/RSA¥Validate a signature for the given message using the given public key. The signature must be exactly k bytes long, where k is the size of the RSA modulus IN BYTES.0RSAéGenerate a mask generation function for the rsaes_oaep_*. As suggested by the name, the generated function is an instance of the MGF1 function. The arguments are the underlying hash function to use and the size of a hash in bytes.€The bytestring passed to the generated function cannot be longer than 2^32 * hLen, where hLen is the passed length of the hash.8RSA9Generate a large random prime of a given length in bytes.9RSA0Generate a random ByteString of the given length:RSAACreate a random bytestring of non-zero bytes of the given length.oRSATGiven a number, probabalistically find the first prime number that occurs after it.pRSAÏProbabilistically test whether or not a given number is prime by first checking some obvious factors and then defaulting to the Miller-Rabin test. Should save time for numbers that are trivially composite.qRSA[Probabilistically test whether or not a given number is prime using the Miller-Rabin test.;RSA5Computes a^b mod c using a moderately good algorithm.<RSAUCompute the modular inverse (d = e^-1 mod phi) via the extended euclidean algorithm. "RSAThe key of the signer RSA The message RSAThe purported signature $RSAThe hash function to use RSA$The mask generation function to use RSAAn optional label to include RSAThe public key to encrypt with RSAThe message to encrypt 'RSAThe hash function to use RSA$The mask generation function to use RSAAn optional label to include RSAThe public key to encrypt with RSAThe message to decrypt mRSAThe key being used RSAThe hash function in use RSAThe ByteString to chunk *RSAThe hash function to useRSA)An appropriate mask genereation function RSAThe recipient's public key RSAfA label to associate with the message (feel free to use BS.empty) RSAThe message to encrypt +RSAThe hash function to useRSAA mask generation function RSAThe private key to use RSA“An optional label whose association with the message should be verified. RSAThe ciphertext to decrypt .RSAThe hash function to use RSAThe private key to sign with RSAThe message to sign RSA The signature/RSAThe hash function to use RSA"The public key to validate againstRSAThe message that was signed RSAThe purported signature pRSAa good random number generator RSAthe number to test qRSAa good random number generator RSAthe number to test RSAthe accuracy of the test <RSAe RSAphi B  !"#$%&'()*+,-./0123456789:;<=>?@AB  #$%&'(!"0*+,-./=>?@A87)214365<;9:None2`ÒJRSAÓA 'mask generation function'. The input is a bytestring, and the output is a hash of the given length. Unless you know what you're doing, you should probably use a MGF1 formulation created with generate_MGF1.KRSAÿRRandomly generate a key pair of the given modules length (in bits) to use in any of the following functions. Use of a good random number generator is of considerable importance when using this function. The input CryptoRandomGen should never be used again for any other purpose; either use the output'd generator or throw it all away.LRSAÿCompute a signature for the given ByteString, using the SHA256 algorithm in the computation. This is currently defined as rsassa_pkcs1_v1_5_sign hashSHA256. If you want to use a different function, simply use the PKCS function, below; it will accept arbitrarily-length messages.MRSAºVerify a signature for the given ByteString, using the SHA25 algorithm in the computation. Again, if you'd like to use a different algorithm, use the rsassa_pkcs1_v1_5_verify function.NRSAÿ+Encrypt an arbitrarily-sized message given the public key and reasonable options. This is equivalent to calling encryptOAEP with SHA-256 as the hash function, MGF1(SHA-256) as the mask generation function, and no label. NOTE: This hash choice means that your key size must be 1024 bits or larger.ORSAÑEncrypt an arbitrarily-sized message using OAEP encoding. This is the encouraged encoding for doing RSA encryption. Note that your key size must be greater than (2 * hash length + 2) * 8. (For example, the N« convenience function uses a 256 bit / 32 byte hash function. Thus, its key must be greater than (2 * 32 + 2) * 8 = 528 bits long, and we suggest 1024 as a lower bound.)PRSAµEncrypt an arbitrarily-sized message using PKCS1 v1.5 encoding. This encoding is deprecated, and should only be used when interacting with legacy software that cannot be modified.QRSAÝDecrypt an arbitrarily-sized message given the public key and reasonable options. This is equivalent to calling encryptOAEP with SHA-256 as the hash function, MGF1(SHA-256) as the mask generation function, and no label.RRSAtDecrypt an arbitrarily-sized message using OAEP encoding. This is the encouraged encoding for doing RSA encryption.SRSAµDecrypt an arbitrarily-sized message using PKCS1 v1.5 encoding. This encoding is deprecated, and should only be used when interacting with legacy software that cannot be modified.URSAqThe generalized implementation of RSAES-OAEP-ENCRYPT. Using the default instantiontion of this, provided by the Nq function, is a pretty good plan if this makes no sense to you, as it is instantiated with reasonable defaults.ÿXThe message to be encrypted may not be longer then (k - 2*hLen - 2), where k is the length of the RSA modulus in bytes and hLen is the length of a hash in bytes. Passing in a larger message will generate an error, represented by the Left constructor. Note that this means that OAEP encryption cannot be used with keys smaller than 512 bits.‘I have not put in a check for the length of the label, because I don't expect you to use more than 2^32 bytes. So don't make me regret that, eh?VRSA=The generalized implementation of RSAES-OAEP-DECRYPT. Again, Qq initializes this with a pretty good set of defaults if you don't understand what all of the arguments involve.ÌThe ciphertext message passed to this function must be k bytes long, where k is the size of the modulus in bytes. If it is not, this function will generate an error, represented by the Left constructor.óFuther, k (the length of the ciphertext in bytes) must be greater than or equal to (2 * hLen + 2), where hLen is the length of the output of the hash function in bytes. If this equation does not hold, a (different) error will be generated.sFinally, there are any number of internal situations that may generate an error indicating that decryption failed.WRSA‘Implements RSAES-PKCS1-v1.5-Encrypt, for completeness and backward compatibility. Also because I've already written everything else, so why not?ÂThis encryption / padding mechanism has several known attacks, which are described in the literature. So unless you absolutely need to use this for some historical reason, you should avoid it.‚The message to be encrypted must be less then or equal to (k - 11) bytes long, where k is the length of the key modulus in bytes.ÿ}Because this function uses an unknown amount of randomly-generated data, it takes an instance of RandomGen rather than taking a random number as input, and returns the resultant generator as output. You should take care that you (a) do not reuse the input generator, thus losing important randomness, and (b) choose a decent instance of RandomGen for passing to this function.XRSAïImplements RSAES-PKCS1-v1.5-Decrypt, for completeness and possible backward compatibility. Please see the notes for rsaes_pkcs_v1_5_encrypt regarding use of this function in new applications without backwards compatibility requirements.wThe ciphertext message passed to this function must be of length k, where k is the length of the key modulus in bytes.YRSAûGenerate a signature for the given message using the given private key, using the RSASSA-PKCS1-v1.5-Sign algorithm. Note that in researching the requirements for this project, several independent sources suggested not using the same key across signvalidate and encrypt&decrypt contexts. You've been warned.VThe output of this function is the signature only, not the message and the signature.ÿkSIZE CONSTRAINT: The size of the public key (in bytes) must be greater than or equal to the length of the hash identifier plus the length of a hash plus 1. Thus, for example, you cannot use a 256 bit RSA key with MD5: 32 (the size of a 256-bit RSA key in bytes) is less than 18 (the size of MD5's identier) + 16 (the size of an MD5 hash in bytes) + 1, or 35.`Thus, * for SHA1 and SHA256, use 512+ bit keys * for SHA384 and SHA512, use 1024+ bit keysZRSA¥Validate a signature for the given message using the given public key. The signature must be exactly k bytes long, where k is the size of the RSA modulus IN BYTES.[RSAëGenerate a mask generation function for the rsaes_oaep_*. As suggested by the name, the generated function is an instance of the MGF1 function. The arguments are the underlying hash function to use and the size of a hash in bytes.The bytestring passed to the generated function cannot be longer than 2^32 * hLen, where hLen is the passed length of the hash. cRSA9Generate a large random prime of a given length in bytes.dRSA0Generate a random ByteString of the given lengtheRSAACreate a random bytestring of non-zero bytes of the given length.fRSA5Computes a^b mod c using a moderately good algorithm.gRSAUCompute the modular inverse (d = e^-1 mod phi) via the extended euclidean algorithm.MRSAThe key of the signer RSA The message RSAThe purported signature ORSAThe hash function to use RSA$The mask generation function to use RSAAn optional label to include RSAThe public key to encrypt with RSAThe message to encrypt RRSAThe hash function to use RSA$The mask generation function to use RSAAn optional label to include RSAThe public key to encrypt with RSAThe message to decrypt URSAThe hash function to useRSA)An appropriate mask genereation function RSAThe recipient's public key RSAfA label to associate with the message (feel free to use BS.empty) RSAThe message to encrypt VRSAThe hash function to useRSAA mask generation function RSAThe private key to use RSA“An optional label whose association with the message should be verified. RSAThe ciphertext to decrypt YRSAThe hash function to use RSAThe private key to sign with RSAThe message to sign RSA The signatureZRSAThe hash function to use RSA"The public key to validate againstRSAThe message that was signed RSAThe purported signature gRSAe RSAphi B JKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklB KNOPQRSLMJ[UVWXYZhijklcbT]\_^a`gfdeNone2`(B JKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklr       !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJK"#$%&'()*+,-./0123456789:;<=>?@ABCLMNOPQ RSA-2.4.1-4WRuf23mSvG5Dd5f6qyubpCodec.Crypto.RSA.PureCodec.Crypto.RSA.ExceptionsCodec.Crypto.RSA0crypto-pubkey-types-0.4.3-9Uu7bJhB6vq8aSvlBmivvlCrypto.Types.PubKey.RSApublic_epublic_n public_size PublicKey private_qinv private_dQ private_dP private_q private_p private_d private_pub PrivateKeyMGFHashInfoalgorithmIdent hashFunctionRSAErrorRSAKeySizeTooSmallRSAIntegerTooLargeToPackRSAMessageRepOutOfRangeRSACipherRepOutOfRangeRSAMessageTooShortRSAMessageTooLongRSAMaskTooLongRSAIncorrectSigSizeRSAIncorrectMsgSizeRSADecryptionError RSAGenErrorgenerateKeyPairsignverifyencrypt encryptOAEP encryptPKCSdecrypt decryptOAEP decryptPKCSchunkifyrsaes_oaep_encryptrsaes_oaep_decryptrsaes_pkcs1_v1_5_encryptrsaes_pkcs1_v1_5_decryptrsassa_pkcs1_v1_5_signrsassa_pkcs1_v1_5_verify generateMGF1i2ospos2iprsa_eprsa_dprsa_sp1rsa_vp1 generatePQlargeRandomPrimerandomBS randomNZBSmodular_exponentiationmodular_inversehashSHA1 hashSHA224 hashSHA256 hashSHA384 hashSHA512$fBinaryPrivateKey$fBinaryPublicKey$fShowSystemRandom$fExceptionRSAError$fRSAKeyPrivateKey$fRSAKeyPublicKey $fEqRSAError$fShowRSAErrorchunkBSForOAEPchunkBSForPKCS findNextPrimeisProbablyPrime millerRabin