Na}{

File Content: `PKCS1_v1_5.cpython-37.pyc`

B

������c�#������������������@���sF���d�Z�dZddgZddlmZ�ddlT�ddlZG�dd��d�Zd	d��ZdS�)
a[��RSA encryption protocol according to PKCS#1 v1.5

See RFC3447__ or the `original RSA Labs specification`__ .

This scheme is more properly called ``RSAES-PKCS1-v1_5``.

**If you are designing a new protocol, consider using the more robust PKCS#1 OAEP.**

As an example, a sender may encrypt a message in this way:

        >>> from Crypto.Cipher import PKCS1_v1_5
        >>> from Crypto.PublicKey import RSA
        >>> from Crypto.Hash import SHA
        >>>
        >>> message = 'To be encrypted'
        >>> h = SHA.new(message)
        >>>
        >>> key = RSA.importKey(open('pubkey.der').read())
        >>> cipher = PKCS1_v1_5.new(key)
        >>> ciphertext = cipher.encrypt(message+h.digest())

At the receiver side, decryption can be done using the private part of
the RSA key:

        >>> From Crypto.Hash import SHA
        >>> from Crypto import Random
        >>>
        >>> key = RSA.importKey(open('privkey.der').read())
        >>>
        >>> dsize = SHA.digest_size
        >>> sentinel = Random.new().read(15+dsize)      # Let's assume that average data length is 15
        >>>
        >>> cipher = PKCS1_v1_5.new(key)
        >>> message = cipher.decrypt(ciphertext, sentinel)
        >>>
        >>> digest = SHA.new(message[:-dsize]).digest()
        >>> if digest==message[-dsize:]:                # Note how we DO NOT look for the sentinel
        >>>     print "Encryption was correct."
        >>> else:
        >>>     print "Encryption was not correct."

:undocumented: __revision__, __package__

.. __: http://www.ietf.org/rfc/rfc3447.txt
.. __: http://www.rsa.com/rsalabs/node.asp?id=2125.
z$Id$�new�PKCS115_Cipher�����)�ceil_div)�*Nc���������������@���s8���e�Zd�ZdZdd��Zdd��Zdd��Zdd	��Zd
d��ZdS�)
r���zAThis cipher can perform PKCS#1 v1.5 RSA encryption or decryption.c�������������C���s
���||�_�dS�)a��Initialize this PKCS#1 v1.5 cipher object.
        
        :Parameters:
         key : an RSA key object
          If a private half is given, both encryption and decryption are possible.
          If a public half is given, only encryption is possible.
        N)�_key)�self�key��r	����K/opt/alt/python37/lib64/python3.7/site-packages/Crypto/Cipher/PKCS1_v1_5.py�__init__P���s����zPKCS115_Cipher.__init__c�������������C���s
���|�j����S�)z=Return True if this cipher object can be used for encryption.)r����can_encrypt)r���r	���r	���r
���r���Z���s����zPKCS115_Cipher.can_encryptc�������������C���s
���|�j����S�)z=Return True if this cipher object can be used for decryption.)r����can_decrypt)r���r	���r	���r
���r
���^���s����zPKCS115_Cipher.can_decryptc�������������C���s����|�j�j}tjj�|�j�j�}t|d�}t|�}||d�kr@t	d��G�dd��d�}t
tt||�|||�d�����}t
d�|�td��|�}|�j��|d�d�}	td�|t|	���|	�}
|
S�)	a���Produce the PKCS#1 v1.5 encryption of a message.
    
        This function is named ``RSAES-PKCS1-V1_5-ENCRYPT``, and is specified in
        section 7.2.1 of RFC3447.
        For a complete example see `Crypto.Cipher.PKCS1_v1_5`.
    
        :Parameters:
         message : byte string
                The message to encrypt, also known as plaintext. It can be of
                variable length, but not longer than the RSA modulus (in bytes) minus 11.
    
        :Return: A byte string, the ciphertext in which the message is encrypted.
            It is as long as the RSA modulus (in bytes).
        :Raise ValueError:
            If the RSA key length is not sufficiently long to deal with the given
            message.

        ��������zPlaintext is too long.c���������������@���s���e�Zd�Zdd��Zdd��ZdS�)z/PKCS115_Cipher.encrypt.<locals>.nonZeroRandBytec�������������S���s
���||�_�d�S�)N)�rf)r���r���r	���r	���r
���r������������z8PKCS115_Cipher.encrypt.<locals>.nonZeroRandByte.__init__c�������������S���s$���xt�|�dkr|��d�d�}qW�|S�)Nr�������)Zbordr���)r����cr	���r	���r
����__call__����s�����z8PKCS115_Cipher.encrypt.<locals>.nonZeroRandByte.__call__N)�__name__�
__module__�__qualname__r���r���r	���r	���r	���r
����nonZeroRandByte����s���r�������z�r���)r���Z	_randfunc�Crypto�Util�number�size�nr����len�
ValueError�tobytes�list�map�b�bchr�encrypt)r����messageZrandFunc�modBits�kZmLenr���Zps�em�mr���r	���r	���r
���r&���b���s����
"zPKCS115_Cipher.encryptc�������������C���s����t�jj�|�jj�}t|d�}t|�|kr0td��|�j�	|�}t
d�|t|���|�}|�t
d�d�}|�t
d��rz|dk�r~|S�||d�d��S�)	a�
��Decrypt a PKCS#1 v1.5 ciphertext.
    
        This function is named ``RSAES-PKCS1-V1_5-DECRYPT``, and is specified in
        section 7.2.2 of RFC3447.
        For a complete example see `Crypto.Cipher.PKCS1_v1_5`.
    
        :Parameters:
         ct : byte string
                The ciphertext that contains the message to recover.
         sentinel : any type
                The object to return to indicate that an error was detected during decryption.
    
        :Return: A byte string. It is either the original message or the ``sentinel`` (in case of an error).
        :Raise ValueError:
            If the ciphertext length is incorrect
        :Raise TypeError:
            If the RSA key has no private half.
    
        :attention:
            You should **never** let the party who submitted the ciphertext know that
            this function returned the ``sentinel`` value.
            Armed with such knowledge (for a fair amount of carefully crafted but invalid ciphertexts),
            an attacker is able to recontruct the plaintext of any other encryption that were carried out
            with the same RSA public key (see `Bleichenbacher's`__ attack).
            
            In general, it should not be possible for the other party to distinguish
            whether processing at the server side failed because the value returned
            was a ``sentinel`` as opposed to a random, invalid message.
            
            In fact, the second option is not that unlikely: encryption done according to PKCS#1 v1.5
            embeds no good integrity check. There is roughly one chance
            in 2^16 for a random ciphertext to be returned as a valid message
            (although random looking).
    
            It is therefore advisabled to:
    
            1. Select as ``sentinel`` a value that resembles a plausable random, invalid message.
            2. Not report back an error as soon as you detect a ``sentinel`` value.
               Put differently, you should not explicitly check if the returned value is the ``sentinel`` or not.
            3. Cover all possible errors with a single, generic error indicator.
            4. Embed into the definition of ``message`` (at the protocol level) a digest (e.g. ``SHA-1``).
               It is recommended for it to be the rightmost part ``message``.
            5. Where possible, monitor the number of errors due to ciphertexts originating from the same party,
               and slow down the rate of the requests from such party (or even blacklist it altogether).
     
            **If you are designing a new protocol, consider using the more robust PKCS#1 OAEP.**
    
            .. __: http://www.bell-labs.com/user/bleichen/papers/pkcs.ps
    
        r���z!Ciphertext with incorrect length.r�������z��
���r���N)r���r���r���r���r���r���r���r���r ����decryptr%����find�
startswithr$���)r���Zct�sentinelr(���r)���r+���r*����sepr	���r	���r
���r.�������s����7
zPKCS115_Cipher.decryptN)	r���r���r����__doc__r���r���r
���r&���r.���r	���r	���r	���r
���r���M���s���
.c�������������C���s���t�|��S�)a=��Return a cipher object `PKCS115_Cipher` that can be used to perform PKCS#1 v1.5 encryption or decryption.

    :Parameters:
     key : RSA key object
      The key to use to encrypt or decrypt the message. This is a `Crypto.PublicKey.RSA` object.
      Decryption is only possible if *key* is a private RSA key.

    )r���)r���r	���r	���r
���r�������s����	)	r3���Z__revision__�__all__ZCrypto.Util.numberr���ZCrypto.Util.py3compatr���r���r���r	���r	���r	���r
����<module>D���s����
Name	Size	Permission
AES.cpython-37.opt-1.pyc	3252 bytes	0644
AES.cpython-37.pyc	3252 bytes	0644
ARC2.cpython-37.opt-1.pyc	3948 bytes	0644
ARC2.cpython-37.pyc	3948 bytes	0644
ARC4.cpython-37.opt-1.pyc	3639 bytes	0644
ARC4.cpython-37.pyc	3639 bytes	0644
Blowfish.cpython-37.opt-1.pyc	3486 bytes	0644
Blowfish.cpython-37.pyc	3486 bytes	0644
CAST.cpython-37.opt-1.pyc	3534 bytes	0644
CAST.cpython-37.pyc	3534 bytes	0644
DES.cpython-37.opt-1.pyc	3436 bytes	0644
DES.cpython-37.pyc	3436 bytes	0644
DES3.cpython-37.opt-1.pyc	4164 bytes	0644
DES3.cpython-37.pyc	4164 bytes	0644
PKCS1_OAEP.cpython-37.opt-1.pyc	7569 bytes	0644
PKCS1_OAEP.cpython-37.pyc	7569 bytes	0644
PKCS1_v1_5.cpython-37.opt-1.pyc	8446 bytes	0644
PKCS1_v1_5.cpython-37.pyc	8446 bytes	0644
XOR.cpython-37.opt-1.pyc	2107 bytes	0644
XOR.cpython-37.pyc	2107 bytes	0644
__init__.cpython-37.opt-1.pyc	2586 bytes	0644
__init__.cpython-37.pyc	2586 bytes	0644
blockalgo.cpython-37.opt-1.pyc	5451 bytes	0644
blockalgo.cpython-37.pyc	5451 bytes	0644
File Content: PKCS1_v1_5.cpython-37.pyc

File Content: `PKCS1_v1_5.cpython-37.pyc`
