odN      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLM Good experimental#Vincent Hanquez <vincent@snarc.org>NOPQR NPQSTUVWXYZRNPQQRGood experimental#Vincent Hanquez <vincent@snarc.org>[*sqrti returns two integer (l,b) so that l < = sqrt i <= b N the implementation is quite naive, use an approximation for the first number L and use a dichotomy algorithm to compute the bound relatively efficiently. \9get the extended GCD of two integer using integer divMod ]Tget the extended GCD of two integer using the extended binary algorithm (HAC 14.61) ? get (x,y,d) where d = gcd(a,b) and x,y satisfying ax + by = d ^(check if a list of integer are all even [\]^[\]^ _5os2ip converts a byte string into a positive integer `5i2osp converts a positive integer into a byte string a;returns the number of bytes to store an integer with i2osp _`a_`a Good experimental#Vincent Hanquez <vincent@snarc.org>b-generate a positive integer between 0 and m. X using as many bytes as necessary to the same size as m, that are converted to integer. c7generate a number between the inclusive bound [low,high]. d8generate a positive integer of a specific size in bits. E the number of bits need to be multiple of 8. It will always returns # an integer that is close 2^(1+bits/'8) by setting the 2 highest bits to 1. bcdbcd Good experimental#Vincent Hanquez <vincent@snarc.org>eGexponantiation_rtl_binary computes modular exponantiation as b^e mod m E using the right-to-left binary exponentiation algorithm (HAC 14.79) f8inverse computes the modular inverse as in g^(-1) mod m efef Good experimental#Vincent Hanquez <vincent@snarc.org> g)returns if the number is probably prime. G first a list of small primes are implicitely tested for divisibility, K then the Miller Rabin algorithm is used with an accuracy of 30 recursions h0generate a prime number of the required bitsize i@generate a prime number of the form 2p+1 where p is also prime. = it is also knowed as a Sophie Germaine prime or safe prime. JThe number of safe prime is significantly smaller to the number of prime,  as such it shouldn'6t be used if this number is supposed to be kept safe. j<find a prime from a starting point where the property hold. k>find a prime from a starting point with no specific property. lLMiller Rabin algorithm return if the number is probably prime or composite. [ the tries parameter is the number of recursion, that determines the accuracy of the test. m"Test naively is integer is prime. D while naive, we skip even number and stop iteration at i > sqrt(n) n.Test is two integer are coprime to each other o%list of the first primes till 2903.. pghijklmnghijklmnGood experimental#Vincent Hanquez <vincent@snarc.org> Sthe random generator returns an error. give the opportunity to reseed for example. <signature is not valid r or s is not between the bound 0..q %sign message using the private key. +verify a bytestring using the public key. q     Good experimental#Vincent Hanquez <vincent@snarc.org> rstEgenerate params from a specific generator (2 or 5 are common values) R we generate a safe prime (a prime number of the form 2p+1 where p is also prime) 4generate a private number with no specific property - this number is usually called X in DH text. ?generate a public number that is for the other party benefits. - this number is usually called Y in DH text. Qgenerate a shared key using our private number and the other party public number Good experimental#Vincent Hanquez <vincent@snarc.org>%size of key in bytes  private p*q private exponant d p prime number q prime number  d mod (p-1) ! d mod (q-1) " q^(-1) mod p #$%size of key in bytes & public p*q 'public exponant e ()Sthe whole key is probably not valid, since the message is bigger than the key size *Sthe random generator returns an error. give the opportunity to reseed for example. +Nthe signature generated through the hash is too long to process with this key ,the message decrypted doesn')t have a PKCS15 structure (0 2 .. 0 msg) -:the message to encrypt is too long (>= private_size - 11) .Othe message to decrypt is not of the correct size (need to be == private_size) uvwx/(decrypt message using the private key. 0Rencrypt a bytestring using the public key and a CryptoRandomGen random generator. 9 - the message need to be smaller than the key size - 11 1Asign message using private key, a hash and its ASN1 description 2(verify message with the signed message 3;generate a pair of (private, public) key of size in bytes. yz{| !"#$%&'()*+,-./0123(.-,+*)#$%&' !"3/012  !" !"#$%&'$%&'(.-,+*))*+,-./0123Good experimental#Vincent Hanquez <vincent@snarc.org>145678}~9:Hencrypt with the key a bytestring and returns the encrypted bytestring ;Hdecrypt with the key a bytestring and returns the encrypted bytestring 456789:;456789:;4567856789:; Good experimental#Vincent Hanquez <vincent@snarc.org>D<=>?@Aencrypt using CBC mode J - IV need to be 16 bytes and the data to encrypt a multiple of 16 bytes Bencrypt using simple EBC mode Cdecrypt using CBC mode J - IV need to be 16 bytes and the data to decrypt a multiple of 16 bytes Ddecrypt using simple EBC mode EFG <=>?@ABCDEFG =<BDACEGF@?> <=>?@ABCDEFGGood experimental#Vincent Hanquez <vincent@snarc.org> HI6initCtx initialize the Ctx with the key as parameter. - the key can be of any size but not empty JHencrypt with the current context a bytestring and returns a new context * and the resulted encrypted bytestring KHdecrypt with the current context a bytestring and returns a new context * and the resulted decrypted bytestring LMencrypt with the current context a lazy bytestring and returns a new context 0 and the resulted lencrypted lazy bytestring MMdecrypt with the current context a lazy bytestring and returns a new context / and the resulted decrypted lazy bytestring HIJKLMHIJKLMHIJKLM !"#$%&'()*+,-./01234567789:;54<7=>?@5A4BCDEF54GHIIJJKLMNOPQRSTUVW X Y Z [ \ ] ^ _ ` a b c d e f g h ijklmnopqjrrstuvwxyz{|}~ 7;cryptocipher-0.2.14Crypto.Cipher.DSACrypto.Cipher.DHCrypto.Cipher.RSACrypto.Cipher.CamelliaCrypto.Cipher.AESCrypto.Cipher.RC4Number.Polynomial Number.BasicNumber.SerializeNumber.GenerateNumber.ModArithmetic Number.Prime System.Endian PrivateKeyprivate_params private_x PublicKey public_paramspublic_y SignatureParamsErrorRandomGenFailureInvalidSignaturesignverify SharedKey PrivateNumber PublicNumbergenerateParamsgeneratePrivategeneratePublic getSharedHashASN1HashF private_sz private_n private_d private_p private_q private_dP private_dQ private_qinv public_szpublic_npublic_eKeyInternalErrorSignatureTooLongMessageNotRecognizedMessageTooLongMessageSizeIncorrectdecryptencryptgenerateKeykkwkeinitKeyIVAES256AES192AES128 encryptCBC decryptCBC initKey128 initKey192 initKey256CtxinitCtx encryptlazy decryptlazy PolynomialMonomialdivPolytoListfromListaddPolysubPolynegPolymulPoly squarePolyexpPolysqrtigcde gcde_binaryareEvenos2ipi2osp lengthBytes generateMaxgenerateBetweengenerateOfSizeexponantiation_rtl_binaryinverseisProbablyPrime generatePrimegenerateSafePrimefindPrimeFromWith findPrimeFromprimalityTestMillerRabinprimalityTestNaive isCoprime smallPrimesdividesexpmodpadPKCS1 unpadPKCS1dpSlowdpFast makeSignaturegetRandomBytesi2ospOfWord128ModeEncryptDecrypt w128tow64 w64tow128w64tow8w8tow64w64tow32w32tow64w128tow8 getWord64 getWord128 putWord128sboxsbox1sbox2sbox3sbox4sigma1sigma2sigma3sigma4sigma5sigma6rotl128 setKeyInterimfeistelflflinvgetKeyKgetKeyKegetKeyKw doBlockRounddoBlock encryptBlock decryptBlock encryptChunk decryptChunkdoChunks littleEndianTableAESStateA256unA256A192unA192A128unA128 serializeKey makeChunks newAESState coreEncrypt coreDecryptgetNbraesMain aesMainInv swapIndex coreExpandKey shiftRows addRoundKey mixColumns shiftRowsInv mixColumnsInvr8w8r32w32msbox32mrsbox32 swapBlock swapBlockInvsbox1Tabsbox2Tabsbox3Tabsbox4Tab sbox_000x sbox_00x0 sbox_0x00 sbox_x000rsboxrcongm2gm3gm9gm11gm13gm14swapsetKey getNextChar genstream