ve      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXY Z [ \ ] ^ _ ` a b c d Good experimental#Vincent Hanquez <vincent@snarc.org>None#Egenerate params from a specific generator (2 or 5 are common values) R we generate a safe prime (a prime number of the form 2p+1 where p is also prime) $4generate a private number with no specific property - this number is usually called X in DH text. %?generate a public number that is for the other party benefits. - this number is usually called Y in DH text. &Qgenerate a shared key using our private number and the other party public number #$%&  !"#$%&  !"#$%&#$%&Good experimental#Vincent Hanquez <vincent@snarc.org> Safe-Inferred ';Describe a hash function and a way to wrap the digest into + an DER encoded ASN1 marshalled structure. +3A standard hash function returning a digest object ,#Describe the MD2 hashing algorithm -#Describe the MD5 hashing algorithm .$Describe the SHA1 hashing algorithm /&Describe the SHA224 hashing algorithm 0&Describe the SHA256 hashing algorithm 1&Describe the SHA384 hashing algorithm 2&Describe the SHA512 hashing algorithm eEGenerate the marshalled structure with the following ASN1 structure: Start Sequence  ,Start Sequence  ,OID oid  ,Null  ,End Sequence  ,OctetString digest  ,End Sequence '()*+,-./0123e '()*+,-./0123 +'()*,-./0123 '()*+,-./0123eGood experimental#Vincent Hanquez <vincent@snarc.org>None4&Represent a mask generation algorithm 5Mask generation algorithm MGF1 4hash function to use seed length to generate 5454545Good experimental#Vincent Hanquez <vincent@snarc.org>None6=sign message using the private key and an explicit k number. 7$sign message using the private key. 8*verify a bytestring using the public key. 6k random number  private key hash function message to sign 78f678768678f Good experimental#Vincent Hanquez <vincent@snarc.org>None g2ElGamal Ephemeral key. also called Temporary key. hElGamal Signature i4generate a private number with no specific property 8 this number is usually called a and need to be between ! 0 and q (order of the group G). jGgenerate an ephemeral key which is a number with no specific property, 8 and need to be between 0 and q (order of the group G). k?generate a public number that is for the other party benefits. % this number is usually called h=g^a l'encrypt with a specified ephemeral key  do not reuse ephemeral key. m/encrypt a message using params and public keys , will generate b (called the ephemeral key) ndecrypt message o)sign a message with an explicit k number 8if k is not appropriate, then no signature is returned. Ewith some appropriate value of k, the signature generation can fail, C and no signature is returned. User of this function need to retry  with a different k value. p sign message 5This function will generate a random number, however D as the signature might fail, the function will automatically retry , until a proper signature has been created. qverify a signature grhsijklmno4random number k, between 0 and p-1 and gcd(k,p-1)=1 DH params (p,g) DH private key "collision resistant hash function message to sign prandom number generator DH params (p,g) DH private key "collision resistant hash function message to sign q !"grhiklmnopq grhsijklmnopq Good experimental#Vincent Hanquez <vincent@snarc.org> Safe-Inferredt This is a strict version of and uThis is a strict version of &&. tututu Good experimental#Vincent Hanquez <vincent@snarc.org> Safe-Inferred99error possible during encryption, decryption or signing. :.some parameters lead to breaking assumptions. ; the message's digest is too long <the message decrypted doesn')t have a PKCS15 structure (0 2 .. 0 msg) =#the message to encrypt is too long >Othe message to decrypt is not of the correct size (need to be == private_size) ?.Blinder which is used to obfuscate the timing ? of the decryption primitive (used by decryption and signing). 9:;<=>?@9:;<=>?@9>=<;:?@Good experimental#Vincent Hanquez <vincent@snarc.org>NoneA#Compute the RSA decrypt primitive. ; if the p and q numbers are available, then dpFast is used 3 otherwise, we use dpSlow which only need d and n. B"Compute the RSA encrypt primitive vLmultiply 2 integers in Zm only performing the modulo operation if necessary wxyABzvABABwxyABzvGood experimental#Vincent Hanquez <vincent@snarc.org>NoneC4generate a public key and private key with p and q. ,p and q need to be distinct primes numbers. _e need to be coprime to phi=(p-1)*(q-1). a small hamming weight results in better performance. c 0x10001 is a popular choice. 3 is popular as well, but proven to not be as secure for some cases. D;generate a pair of (private, public) key of size in bytes. E@Generate a blinder to use with decryption and signing operation Cthe unique parameter apart from the random number generator is the  public key value N. CDE CPRG to use. RSA public N parameters.  9:;<=>?@CDE9>=<;: ?@CDECDEGood experimental#Vincent Hanquez <vincent@snarc.org>None F7This produce a standard PKCS1.5 padding for encryption G1Produce a standard PKCS1.5 padding for signature H5Try to remove a standard PKCS1.5 encryption padding. I'decrypt message using the private key. EWhen the decryption is not in a context where an attacker could gain O information from the timing of the operation, the blinder can be set to None. 3If unsure always set a blinder or use decryptSafer JQdecrypt message using the private key and by automatically generating a blinder. KGencrypt a bytestring using the public key and a CPRG random generator. 6the message need to be smaller than the key size - 11 L@sign message using private key, a hash and its ASN1 description DWhen the signature is not in a context where an attacker could gain O information from the timing of the operation, the blinder can be set to None. 0If unsure always set a blinder or use signSafer MNsign message using the private key and by automatically generating a blinder. N'verify message with the signed message FGHIoptional blinder RSA private key  cipher text Jrandom generator RSA private key  cipher text KLoptional blinder hash descriptor  private key message to sign Mrandom generator Hash descriptor  private key message to sign N{ FGHIJKLMN FGHIJLMKN FGHIJKLMN{None OParameters for OAEP encryption/ decryption QHash function to use. RMask Gen algorithm to use. S%Optional label prepended to message. T.Default Params with a specified hash function VEncrypt a message using OAEP |un-pad a OAEP encoded message. It doesn'%t apply the RSA decryption primitive W Decrypt a ciphertext using OAEP DWhen the signature is not in a context where an attacker could gain O information from the timing of the operation, the blinder can be set to None. 3If unsure always set a blinder or use decryptSafer XKDecrypt a ciphertext using OAEP and by automatically generating a blinder. OPQRSTUVrandom number generator. #OAEP params to use for encryption.  Public key. Message to encrypt |OAEP params to use size of the key in bytes  encoded message (not encrypted) WOptional blinder "OAEP params to use for decryption  Private key  Cipher text Xrandom number generator "OAEP params to use for decryption  Private key  Cipher text OPQRSTUVWX OPQRSTUVWXOPQRSTUV|WX Good experimental#Vincent Hanquez <vincent@snarc.org>None YParameters for PSS signature/verification. [Hash function to use \Mask Gen algorithm to use ]Length of salt. need to be < = to hLen. ^Trailer field, usually 0xbc _.Default Params with a specified hash function `%Default Params using SHA1 algorithm. aMSign using the PSS parameters and the salt explicitely passed as parameters. 7the function ignore SaltLength from the PSS Parameters bSign using the PSS Parameters cFSign using the PSS Parameters and an automatically generated blinder. d,Verify a signature using the PSS Parameters YZ[\]^_`a Salt to use optional blinder to use PSS Parameters to use RSA Private Key Message to sign b-random generator to use to generate the salt optional blinder to use PSS Parameters to use RSA Private Key Message to sign crandom generator PSS Parameters to use  private key message to sign d!PSS Parameters to use to verify, < this need to be identical to the parameters when signing RSA Public Key Message to verify  Signature } YZ[\]^_`abcd YZ[\]^_`abcdYZ[\]^_`abcd}~                     ! "   # $   % % % % %& %' %()*+,--./0123456789:;<= > ? @ A B C D DEFGHIJKLMNO<P=QQRSTUVOMN W W X Y Z [ \ ] ^ < P =_` a  * b + c O M ; < = a  d efghi`jL klcrypto-pubkey-0.1.3Crypto.PubKey.RSACrypto.PubKey.DSACrypto.PubKey.DHCrypto.PubKey.HashDescrCrypto.PubKey.MaskGenFunctionCrypto.PubKey.RSA.PrimCrypto.PubKey.RSA.PKCS15Crypto.PubKey.RSA.OAEPCrypto.PubKey.RSA.PSSCrypto.PubKey.ElGamalCrypto.PubKey.InternalCrypto.PubKey.RSA.Typescrypto-pubkey-types-0.3.0Crypto.Types.PubKey.RSApublic_epublic_n public_size PublicKey private_qinv private_dQ private_dP private_q private_p private_d private_pub PrivateKeyCrypto.Types.PubKey.DSAparams_qparams_gparams_pParams Signaturepublic_y public_params private_xprivate_paramsCrypto.Types.PubKey.DH PublicNumber PrivateNumber SharedKeygenerateParamsgeneratePrivategeneratePublic getShared HashDescr hashFunction digestToASN1 HashFunction hashDescrMD2 hashDescrMD5 hashDescrSHA1hashDescrSHA224hashDescrSHA256hashDescrSHA384hashDescrSHA512hashDescrRIPEMD160MaskGenAlgorithmmgf1signWithsignverifyErrorInvalidParametersSignatureTooLongMessageNotRecognizedMessageTooLongMessageSizeIncorrectBlinderdpep generateWithgenerategenerateBlinderpad padSignatureunpaddecrypt decryptSaferencrypt signSafer OAEPParamsoaepHashoaepMaskGenAlg oaepLabeldefaultOAEPParamsencryptWithSeed PSSParamspssHash pssMaskGenAlg pssSaltLengthpssTrailerFielddefaultPSSParamsdefaultPSSParamsSHA1 signWithSalttoHashWithInfoexpmod EphemeralKeygenerateEphemeral encryptWithand'&&!multiplicationdpSlowdpFastdpFastNoBlinder makeSignaturenormalizeToKeySize