libraries/Python/PyCrypto.config at master · SecAlgo/libraries · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
PyCrypto Configuration Details

"""
 Symmetric block cipher object constructors
 key: a random byte string, possible sizes determined by each block cipher.
 mode: block cipher mode of operation, allows block cipher to encrypt
    input of arbitrary size
 IV: (optional) an unpredictable byte string of block size used to randomize
    the encryption of the first block of messages for modes that use block
    chaining; only used for modes CBC, CFB, OFB, PGP, and OPENPGP
 counter: (optional) stateful function that returns the next counter value,
    a block size byte string; only used for mode CTR
 segment_size: (optional) number of bits the plaintext and ciphertext are
    segmented in; must be a multiple of 8; only used for mode CFB
"""
Crypto.Cipher.{AES, DES, DES3, Blowfish, ARC2, CAST}.new(key, mode, IV, counter, segment_size) :
    key : N/A {byte string}
        :: if AES, then key size is 16, 24, or 32 bytes
        :: if DES, then key size is 8 bytes
        :: if DES3, then key size is 16 or 24 bytes
        :: if Blowfish, then key size is in range [4, 56] bytes
        :: if ARC2, then key size is in range [1, 128] bytes
        :: if CAST, then key size is in range [5, 16] bytes
    mode: ECB {ECB, CBC, CFB, PGP, OFB, CTR, OPENPGP}
    iv: block_size byte string of all zeroes {block_size length byte string}
    counter: N/A {Crypto.Util.Counter object}
    segment_size: 8 {positive integer multiple of 8}

-- Symmetric stream cipher object constructors
-- key: a random bytestring, possible sizes determined by each stream cipher
Crypto.Cipher.{ARC4, XOR}.new(key)
    key : N/A {byte string}
        :: if ARC4, then key size is in range [5, 256] bytes
        :: if XOR, then key size is in range [1, 32] bytes

-- Hash-based Message Authentication Code (HMAC) object constructor
-- key: a random byte string, technically, no limit on key size, but practically
    no benefit to key size larger than the size of the digest produced by the
    hash function passed in as digestmod
-- msg: (optional) first chunk of method to be authenticated
-- digestmod: Hash module or object (from Crypto.Hash) used by HMAC algorithm
Crypto.Hash.HMAC.new(key, msg, digest_mod)
    key : N/A {byte string}
        :: (weak constraint) key size should equal the output size of digest_mod
            in bytes
    msg : N/A {byte string}
    digestmod : MD5 {MD2, MD4, MD5, RIPEMD, SHA, SHA224, SHA256, SHA384, SHA512}

-- RSA public key cryptography key pair generator
-- bits: the size of the RSA modulus in bits; must be a multiple of 256 and
    greater than, or equal to, 1024; treated as keysize
-- randfunc: (optional) a random number generator function
-- progress_func: (optional) function called with string denoting the key
    parameter currently being generated (useful for interactive applications to
    communicate key generation progress to user)
-- e: the RSA exponent; must be an odd positive integer, typically a small
    number with very few ones in its binary representation
Crypto.PublicKey.RSA.generate(bits, randfunc, progress_func, e)
    bits: N/A {positive integer}
        :: >= 1024
        :: bits % 256 == 0
    randfunc: Crypto.Random.new().read {Crypto.Random.new().read}
    progress_func: None {No idea}
    e: 65537 {5, 7, 17, 257}

-- DSA public key signature algorithm key pair generator
-- bits: size of the DSA modulus; treated as keysize; must be a multiple of 64
    in the closed interval [512, 1024]
-- randfunc: (optional) a random number generator function
-- progress_func: (optional) function called with string denoting the key
    parameter currently being generated (useful for interactive applications to
    communicate key generation progress to user)
Crypto.PublicKey.DSA.generate(bits, randfunc, progress_func)
    bits : N/A {512, 576, 640, 704, 768, 832, 896, 960, 1024}
    randfunc: Crypto.Random.new().read {Crypto.Random.new().read}
    progress_func: None {No idea}

-- ElGamal public key cryptography key pair generator
-- bits: size of the ElGamal modulus; treated as key size
-- randfunc: a random number generation function
-- progress_fun: (optional) function called with string denoting the key
    parameter currently being generated (useful for interactive applications to
    communicate key generation progress to user)
Crypto.PublicKey.ElGamal.generate(bits, randfunc, progress_func)
    bits : N/A {positive integer}
    randfunc : Crypto.Random.new().read {Crypto.Random.new().read}
    progress_func : None {No idea}

-- Public key encryption scheme RSAES-OAEP, or PKCS#1 OAEP, cipher object
    constructor (defined in RFC 3447)
-- key: An RSA key object. Should be public key for encryption and private key
    for decryption.
-- hashAlgo: Hash module or object (from Crypto.Hash) used by OAEP scheme
-- mgfunc: a mask generation function
-- label: a string label that identifies this particular encryption; no security
    benefit to label inclusion.
Crypto.Cipher.PKCS1_OAEP.new(key, hashAlgo, mgfunc, label)
    key : N/A {RSA key object}
    hashAlgo : SHA {MD2, MD4, MD5, RIPEMD, SHA, SHA224, SHA256, SHA384, SHA256}
    mgfunc : MGF1 {MGF1}
    label : "" {string}

-- Public key encryption scheme RSAES-PKCS1-v1_5, or PKCS#1 v1.5, cipher object
    constructor (defined in RFC 3447)
-- If the example in the documentation is representative of general use of this
    encryption scheme, then there are several extra steps involved that require
    configuration, but cannot be easily expressed in this format.
-- key: An RSA key object. Should be public key for encryption and private key
    for decryption.
Crypto.Cipher.PKCS1_v1_5.new(key)
    key : N/A {RSA key object}

Public key signature scheme RSASSA-PKCS1-v1_5, or PKCS#1 v1.5, object
    constructor
key: An RSA key object. Should be the private key for signing and the public key
    for verification.
Crypto.Signature.PKCS1_v1_5.new(key)
    key : N/A {RSA key object}

Public key signature scheme RSASSA-PSS, or PKCS#1 PSS, object constructor
key: An RSA key object. Should be the private key for signing and the public key
    for verification.
Crypto.signature.PKCS1_PSS.new(key)
    key : N/A {RSA key object}

-- Hashing algorithms
-- data: (optional) the first chunk of the message to be hashed; passing a
    value, v, to the data parameter is equivalent to calling
    "h = HashAlg.new(); h.update(v)"
Crypto.Hash.{MD2, MD4, MD5, SHA, SHA224, SHA256, SHA384, SHA512}.new(data)
    data : None {byte string}