修改健康检查接口

.idea/devops.iml

@@ -4,8 +4,10 @@
     <option name="enabled" value="true" />
   </component>
   <component name="NewModuleRootManager">
-    <content url="file://$MODULE_DIR$" />
-    <orderEntry type="inheritedJdk" />
+    <content url="file://$MODULE_DIR$">
+      <excludeFolder url="file://$MODULE_DIR$/venv" />
+    </content>
+    <orderEntry type="jdk" jdkName="Python 3.7 (devops)" jdkType="Python SDK" />
     <orderEntry type="sourceFolder" forTests="false" />
   </component>
   <component name="TemplatesService">

.idea/misc.xml

@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
-  <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.7" project-jdk-type="Python SDK" />
+  <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.7 (devops)" project-jdk-type="Python SDK" />
 </project>

app.py

@@ -17,10 +17,19 @@ from scheduler_jobs import interface_info_count
 from ex_response import ex_response
 import time
 import  threading
+import  logging
+logging.basicConfig(level=logging.INFO)
+
+
 app = Flask(__name__)
 registry = CollectorRegistry(auto_describe=False)
 
 
+
+
+
+
+
 # 定义后台执行调度器
 scheduler = BackgroundScheduler()
 scheduler.add_job(func=update_request_url_list, trigger="interval", seconds=300)
@@ -182,8 +191,8 @@ def  slb_request_status_metric():
 @app.route('/metrics')
 def all_metric():
     """视频合成类metrics"""
-
     """视频合成成功率"""
+    current_app.logger.info("测试")
     time_stamp = int(time.time())
     end_time = int(datetime.datetime.fromtimestamp(time_stamp).strftime('%Y%m%d%H%M%S')) * 1000000000
     start_time = int(datetime.datetime.fromtimestamp(time_stamp-300).strftime('%Y%m%d%H%M%S')) * 1000000000
@@ -201,7 +210,6 @@ def all_metric():
 
                 )
     res = db_query(query_sql)
-
     if res[0] is not None:
         total_cnt = res[0]
     else:
@@ -240,19 +248,6 @@ def all_metric():
 
 
 
-
-
-
-    """今日视频合成任务数"""
-
-
-
-    """今日视频合成成功数量"""
-
-    """今日视频合成失败数量"""
-
-    """视频合成中任务数量"""
-
     res = produce_video_task_cnt()
     if res:
         if res[0]:
@@ -519,4 +514,6 @@ def produce_video_data():
 
 if __name__ == '__main__':
     # app.run()
-    app.run(host='192.168.201.1', port=9091)
+    # app.run(host='192.168.201.1', port=9091)
+    app.run()
+

scheduler_jobs.py

@@ -8,7 +8,6 @@ registry = CollectorRegistry(auto_describe=False)
 
 
 
-
 def interface_info_count():
     with session_maker() as session:
         intface_infos = session.query(IntfaceList).filter(IntfaceList.app_type == "1").all()

test3.py

@@ -0,0 +1,61 @@
+#import oss2
+import  pandas  as pd
+def download():
+    df = pd.read_csv('/data2/data3/top3.csv')
+    data = df.values.tolist()
+
+    for i in  data :
+        id = i[0]
+        object_uri = i[3]
+        print(object_uri)
+        file_path, file_type = os.path.splitext(object_uri)
+        local_filename = str(id) + file_type
+
+        print(local_filename)
+        cmd = "/data2/data3/rov/ossutil cp  oss://art-pubbucket/{}  /data2/data3/attention_LSTM_train/{}".format(object_uri,local_filename)
+        m3u8tomp4_cmd = "ffmpeg -i  https://rescdn.yishihui.com/{} -vcodec copy -acodec copy -absf aac_adtstoasc /data2/data3/attention_LSTM_train/{}".format(object_uri,local_filename)
+        if    file_type == ".mp4":
+            os.system(cmd)
+        if file_type == '.m3u8'
+            os.system(m3u8tomp4_cmd)
+
+def process():
+    file_path='/data2/data3/attention_LSTM_train'
+    video_name=[]
+    for name in os.listdir(file_path):
+        try:
+            name_split=name.split('.')
+            if name_split[1]=='mp4':
+                with open('/root/video_tag/data/TsnExtractor.list','a')as nf:
+                    nf.write(os.path.join(file_path+'/'+name))
+                    nf.write('\n')
+        except:
+            pass
+download()
+process()
+
+
+
+
+# # -*- coding: utf-8 -*-
+# import oss2
+# import  os
+#
+# # 阿里云主账号AccessKey拥有所有API的访问权限，风险很高。强烈建议您创建并使用RAM账号进行API访问或日常运维，请登录RAM控制台创建RAM账号。
+# objet_name = "longvideo/transcode/video/vpc/20210611/10701970KpI498nAktSSfYLUnZ.m3u8"
+# auth = oss2.Auth('LTAI4GHwyxgwTEfRwLWdgM5i', '5APqF5KdDC4ZDmPQ3xKrS2HsYSlO2B')
+# prefix = objet_name[0:-5]
+# bucket = oss2.Bucket(auth, 'oss-cn-hangzhou.aliyuncs.com', 'art-pubbucket')
+# local_path = "/data/oss_video/"
+# ts_list = []
+# file_object = os.path.basename(objet_name)
+# file_name = os.path.basename(file_object[:-5])
+#
+# for obj in oss2.ObjectIterator(bucket, prefix=prefix):
+#     file_object = obj.key
+#     cmd = "ossutil  cp oss://art-pubbucket/{}  /data/oss_video/{}".format(file_object, file_name)
+#     # os.system(cmd)
+#     ts_list.append(file_name)
+#     ts_list.sort()
+#
+# ffmpeg -i https://rescdn.yishihui.com/longvideo/transcode/video/vpc/20210611/10701970KpI498nAktSSfYLUnZ.m3u8 -vcodec copy -acodec copy -absf aac_adtstoasc /data/123.mp4

utils.py

@@ -17,6 +17,8 @@ from sqlalchemy.sql import func
 from model_longvideo import produce_video_project
 from datetime import date, timedelta
 from DBSession import  session_maker
+import logging
+from flask import current_app
 
 
 
@@ -99,16 +101,16 @@ def healthcheck(ipaddr,server_name):
         res = requests.post(url, timeout=5)
         return res.status_code
     elif svc_name == "manager.prod":
-        url = "http://{}:8971/dev/test/healthcheck".format(ipaddr)
+        url = "http://{}:8080/manager/healthcheck".format(ipaddr)
         res = requests.post(url, timeout=5)
         return res.status_code
     elif svc_name == "recommend-queue.prod":
-        url = "http://{}:8080".format(ipaddr)
+        url = "http://{}:8080/video-recommend-queue/healthcheck".format(ipaddr)
         res = requests.post(url, timeout=5)
         return res.status_code
 
     elif svc_name == "recommend-api.prod":
-        url = "http://{}:8080/healthcheck".format(ipaddr)
+        url = "http://{}:8080/longvideoapi/healthcheck".format(ipaddr)
         res = requests.post(url, timeout=5)
         return res.status_code
 
@@ -118,12 +120,12 @@ def healthcheck(ipaddr,server_name):
         return res.status_code
 
     elif svc_name == "measure-queue.prod":
-        url = "http://{}:8080/healthcheck".format(ipaddr)
+        url = "http://{}:8080/video-measure-queue/healthcheck".format(ipaddr)
         res = requests.post(url, timeout=5)
         return res.status_code
 
     elif svc_name == "message-queue.prod":
-        url = "http://{}:8080/healthcheck".format(ipaddr)
+        url = "http://{}:8080/video-message-queue/healthcheck".format(ipaddr)
         res = requests.post(url, timeout=5)
         return res.status_code
 
@@ -141,13 +143,13 @@ def healthcheck(ipaddr,server_name):
         return res.status_code
 
     elif svc_name == "video-job.prod":
-        url = "http://{}:8080/healthcheck".format(ipaddr)
+        url = "http://{}:8080/video-job/healthcheck".format(ipaddr)
         res = requests.post(url, timeout=5)
         return res.status_code
 
 
     elif svc_name == "combine-job.prod":
-        url = "http://{}:8080/healthcheck".format(ipaddr)
+        url = "http://{}:8080/video-combine-job/healthcheck".format(ipaddr)
         res = requests.post(url, timeout=5)
         return res.status_code
 
@@ -192,6 +194,7 @@ def count_qps(appType, url):
         else:
             qps = 0
     print(int(time.time())-start_time)
+    current_app.logger.info(qps)
     return  qps
 
 def  count_avg_time(appType ,url):
@@ -500,7 +503,7 @@ def  update_request_url_list():
     PASSWORD = 'devops@123456'
     conn = pymysql.connect(host=HOST, user=USERNAME, password=PASSWORD, database=DATABASE, charset="utf8")
     cursor = conn.cursor()
-    print("5m定时任务开始")
+    current_app.logger.info("定时任务开始5m")
     appType = ['0', '4', '5', '6', '12', '15']
     for index in range(len(appType)):
         type = appType[index]
@@ -638,6 +641,17 @@ def  produce_video_ratio_cnt():
     return  res
 
 
+def  create_log():
+    LOG_PATH = os.path.abspath(os.path.join(os.path.join(basedir, os.path.pardir), 'logs'))
+    # 创建handler
+    handler = RotatingFileHandler(os.path.join(LOG_PATH, 'flask_demo.log'), maxBytes=100 * 1024 * 1024, backupCount=10,
+                                  encoding="utf-8")
+    # 设置handler日志级别
+    handler.setLevel(logging.INFO)
+    # 设置handler打印格式
+    fmt_str = logging.Formatter(
+        '时间:%(asctime)-15s 日志级别:%(levelname)s 文件名:%(filename)s 行数:%(lineno)d 进程号:%(process)d 当前线程号:%(thread)s 日志信息:%(message)s')
+    handler.setFormatter(fmt_str)
 # if __name__ == '__main__':
 #     res = logs_tts_ratio("aliyun",1)
 #     print(res)

venv/bin/activate

@@ -0,0 +1,76 @@
+# This file must be used with "source bin/activate" *from bash*
+# you cannot run it directly
+
+deactivate () {
+    # reset old environment variables
+    if [ -n "${_OLD_VIRTUAL_PATH:-}" ] ; then
+        PATH="${_OLD_VIRTUAL_PATH:-}"
+        export PATH
+        unset _OLD_VIRTUAL_PATH
+    fi
+    if [ -n "${_OLD_VIRTUAL_PYTHONHOME:-}" ] ; then
+        PYTHONHOME="${_OLD_VIRTUAL_PYTHONHOME:-}"
+        export PYTHONHOME
+        unset _OLD_VIRTUAL_PYTHONHOME
+    fi
+
+    # This should detect bash and zsh, which have a hash command that must
+    # be called to get it to forget past commands.  Without forgetting
+    # past commands the $PATH changes we made may not be respected
+    if [ -n "${BASH:-}" -o -n "${ZSH_VERSION:-}" ] ; then
+        hash -r
+    fi
+
+    if [ -n "${_OLD_VIRTUAL_PS1:-}" ] ; then
+        PS1="${_OLD_VIRTUAL_PS1:-}"
+        export PS1
+        unset _OLD_VIRTUAL_PS1
+    fi
+
+    unset VIRTUAL_ENV
+    if [ ! "${1:-}" = "nondestructive" ] ; then
+    # Self destruct!
+        unset -f deactivate
+    fi
+}
+
+# unset irrelevant variables
+deactivate nondestructive
+
+VIRTUAL_ENV="/Users/panwang/Documents/devops/venv"
+export VIRTUAL_ENV
+
+_OLD_VIRTUAL_PATH="$PATH"
+PATH="$VIRTUAL_ENV/bin:$PATH"
+export PATH
+
+# unset PYTHONHOME if set
+# this will fail if PYTHONHOME is set to the empty string (which is bad anyway)
+# could use `if (set -u; : $PYTHONHOME) ;` in bash
+if [ -n "${PYTHONHOME:-}" ] ; then
+    _OLD_VIRTUAL_PYTHONHOME="${PYTHONHOME:-}"
+    unset PYTHONHOME
+fi
+
+if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then
+    _OLD_VIRTUAL_PS1="${PS1:-}"
+    if [ "x(venv) " != x ] ; then
+	PS1="(venv) ${PS1:-}"
+    else
+    if [ "`basename \"$VIRTUAL_ENV\"`" = "__" ] ; then
+        # special case for Aspen magic directories
+        # see http://www.zetadev.com/software/aspen/
+        PS1="[`basename \`dirname \"$VIRTUAL_ENV\"\``] $PS1"
+    else
+        PS1="(`basename \"$VIRTUAL_ENV\"`)$PS1"
+    fi
+    fi
+    export PS1
+fi
+
+# This should detect bash and zsh, which have a hash command that must
+# be called to get it to forget past commands.  Without forgetting
+# past commands the $PATH changes we made may not be respected
+if [ -n "${BASH:-}" -o -n "${ZSH_VERSION:-}" ] ; then
+    hash -r
+fi

venv/bin/activate.csh

@@ -0,0 +1,37 @@
+# This file must be used with "source bin/activate.csh" *from csh*.
+# You cannot run it directly.
+# Created by Davide Di Blasi <davidedb@gmail.com>.
+# Ported to Python 3.3 venv by Andrew Svetlov <andrew.svetlov@gmail.com>
+
+alias deactivate 'test $?_OLD_VIRTUAL_PATH != 0 && setenv PATH "$_OLD_VIRTUAL_PATH" && unset _OLD_VIRTUAL_PATH; rehash; test $?_OLD_VIRTUAL_PROMPT != 0 && set prompt="$_OLD_VIRTUAL_PROMPT" && unset _OLD_VIRTUAL_PROMPT; unsetenv VIRTUAL_ENV; test "\!:*" != "nondestructive" && unalias deactivate'
+
+# Unset irrelevant variables.
+deactivate nondestructive
+
+setenv VIRTUAL_ENV "/Users/panwang/Documents/devops/venv"
+
+set _OLD_VIRTUAL_PATH="$PATH"
+setenv PATH "$VIRTUAL_ENV/bin:$PATH"
+
+
+set _OLD_VIRTUAL_PROMPT="$prompt"
+
+if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then
+    if ("venv" != "") then
+        set env_name = "venv"
+    else
+        if (`basename "VIRTUAL_ENV"` == "__") then
+            # special case for Aspen magic directories
+            # see http://www.zetadev.com/software/aspen/
+            set env_name = `basename \`dirname "$VIRTUAL_ENV"\``
+        else
+            set env_name = `basename "$VIRTUAL_ENV"`
+        endif
+    endif
+    set prompt = "[$env_name] $prompt"
+    unset env_name
+endif
+
+alias pydoc python -m pydoc
+
+rehash

venv/bin/activate.fish

@@ -0,0 +1,75 @@
+# This file must be used with ". bin/activate.fish" *from fish* (http://fishshell.org)
+# you cannot run it directly
+
+function deactivate  -d "Exit virtualenv and return to normal shell environment"
+    # reset old environment variables
+    if test -n "$_OLD_VIRTUAL_PATH"
+        set -gx PATH $_OLD_VIRTUAL_PATH
+        set -e _OLD_VIRTUAL_PATH
+    end
+    if test -n "$_OLD_VIRTUAL_PYTHONHOME"
+        set -gx PYTHONHOME $_OLD_VIRTUAL_PYTHONHOME
+        set -e _OLD_VIRTUAL_PYTHONHOME
+    end
+
+    if test -n "$_OLD_FISH_PROMPT_OVERRIDE"
+        functions -e fish_prompt
+        set -e _OLD_FISH_PROMPT_OVERRIDE
+        functions -c _old_fish_prompt fish_prompt
+        functions -e _old_fish_prompt
+    end
+
+    set -e VIRTUAL_ENV
+    if test "$argv[1]" != "nondestructive"
+        # Self destruct!
+        functions -e deactivate
+    end
+end
+
+# unset irrelevant variables
+deactivate nondestructive
+
+set -gx VIRTUAL_ENV "/Users/panwang/Documents/devops/venv"
+
+set -gx _OLD_VIRTUAL_PATH $PATH
+set -gx PATH "$VIRTUAL_ENV/bin" $PATH
+
+# unset PYTHONHOME if set
+if set -q PYTHONHOME
+    set -gx _OLD_VIRTUAL_PYTHONHOME $PYTHONHOME
+    set -e PYTHONHOME
+end
+
+if test -z "$VIRTUAL_ENV_DISABLE_PROMPT"
+    # fish uses a function instead of an env var to generate the prompt.
+
+    # save the current fish_prompt function as the function _old_fish_prompt
+    functions -c fish_prompt _old_fish_prompt
+
+    # with the original prompt function renamed, we can override with our own.
+    function fish_prompt
+        # Save the return status of the last command
+        set -l old_status $status
+
+        # Prompt override?
+        if test -n "(venv) "
+            printf "%s%s" "(venv) " (set_color normal)
+        else
+            # ...Otherwise, prepend env
+            set -l _checkbase (basename "$VIRTUAL_ENV")
+            if test $_checkbase = "__"
+                # special case for Aspen magic directories
+                # see http://www.zetadev.com/software/aspen/
+                printf "%s[%s]%s " (set_color -b blue white) (basename (dirname "$VIRTUAL_ENV")) (set_color normal)
+            else
+                printf "%s(%s)%s" (set_color -b blue white) (basename "$VIRTUAL_ENV") (set_color normal)
+            end
+        end
+
+        # Restore the return status of the previous command.
+        echo "exit $old_status" | .
+        _old_fish_prompt
+    end
+
+    set -gx _OLD_FISH_PROMPT_OVERRIDE "$VIRTUAL_ENV"
+end

venv/bin/jp.py

@@ -0,0 +1,54 @@
+#!/Users/panwang/Documents/devops/venv/bin/python
+
+import sys
+import json
+import argparse
+from pprint import pformat
+
+import jmespath
+from jmespath import exceptions
+
+
+def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument('expression')
+    parser.add_argument('-f', '--filename',
+                        help=('The filename containing the input data.  '
+                              'If a filename is not given then data is '
+                              'read from stdin.'))
+    parser.add_argument('--ast', action='store_true',
+                        help=('Pretty print the AST, do not search the data.'))
+    args = parser.parse_args()
+    expression = args.expression
+    if args.ast:
+        # Only print the AST
+        expression = jmespath.compile(args.expression)
+        sys.stdout.write(pformat(expression.parsed))
+        sys.stdout.write('\n')
+        return 0
+    if args.filename:
+        with open(args.filename, 'r') as f:
+            data = json.load(f)
+    else:
+        data = sys.stdin.read()
+        data = json.loads(data)
+    try:
+        sys.stdout.write(json.dumps(
+            jmespath.search(expression, data), indent=4, ensure_ascii=False))
+        sys.stdout.write('\n')
+    except exceptions.ArityError as e:
+        sys.stderr.write("invalid-arity: %s\n" % e)
+        return 1
+    except exceptions.JMESPathTypeError as e:
+        sys.stderr.write("invalid-type: %s\n" % e)
+        return 1
+    except exceptions.UnknownFunctionError as e:
+        sys.stderr.write("unknown-function: %s\n" % e)
+        return 1
+    except exceptions.ParseError as e:
+        sys.stderr.write("syntax-error: %s\n" % e)
+        return 1
+
+
+if __name__ == '__main__':
+    sys.exit(main())

venv/bin/normalizer

@@ -0,0 +1,8 @@
+#!/Users/panwang/Documents/devops/venv/bin/python
+# -*- coding: utf-8 -*-
+import re
+import sys
+from charset_normalizer.cli.normalizer import cli_detect
+if __name__ == '__main__':
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    sys.exit(cli_detect())

venv/bin/pip

@@ -0,0 +1,8 @@
+#!/Users/panwang/Documents/devops/venv/bin/python
+# -*- coding: utf-8 -*-
+import re
+import sys
+from pip._internal.cli.main import main
+if __name__ == '__main__':
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    sys.exit(main())

venv/bin/pip3

@@ -0,0 +1,8 @@
+#!/Users/panwang/Documents/devops/venv/bin/python
+# -*- coding: utf-8 -*-
+import re
+import sys
+from pip._internal.cli.main import main
+if __name__ == '__main__':
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    sys.exit(main())

venv/bin/pip3.7

@@ -0,0 +1,8 @@
+#!/Users/panwang/Documents/devops/venv/bin/python
+# -*- coding: utf-8 -*-
+import re
+import sys
+from pip._internal.cli.main import main
+if __name__ == '__main__':
+    sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
+    sys.exit(main())

venv/bin/python

@@ -0,0 +1 @@
+python3

venv/bin/python3

@@ -0,0 +1 @@
+/usr/local/Cellar/python/3.7.7/bin/python3

venv/lib/python3.7/site-packages/Crypto/Cipher/AES.py

@@ -0,0 +1,250 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/AES.py : AES
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+"""
+Module's constants for the modes of operation supported with AES:
+
+:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>`
+:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>`
+:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>`
+:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>`
+:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>`
+:var MODE_OPENPGP:  :ref:`OpenPGP Mode <openpgp_mode>`
+:var MODE_CCM: :ref:`Counter with CBC-MAC (CCM) Mode <ccm_mode>`
+:var MODE_EAX: :ref:`EAX Mode <eax_mode>`
+:var MODE_GCM: :ref:`Galois Counter Mode (GCM) <gcm_mode>`
+:var MODE_SIV: :ref:`Syntethic Initialization Vector (SIV) <siv_mode>`
+:var MODE_OCB: :ref:`Offset Code Book (OCB) <ocb_mode>`
+"""
+
+import sys
+
+from Crypto.Cipher import _create_cipher
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
+                                  VoidPointer, SmartPointer,
+                                  c_size_t, c_uint8_ptr)
+
+from Crypto.Util import _cpu_features
+from Crypto.Random import get_random_bytes
+
+
+_cproto = """
+        int AES_start_operation(const uint8_t key[],
+                                size_t key_len,
+                                void **pResult);
+        int AES_encrypt(const void *state,
+                        const uint8_t *in,
+                        uint8_t *out,
+                        size_t data_len);
+        int AES_decrypt(const void *state,
+                        const uint8_t *in,
+                        uint8_t *out,
+                        size_t data_len);
+        int AES_stop_operation(void *state);
+        """
+
+
+# Load portable AES
+_raw_aes_lib = load_pycryptodome_raw_lib("Crypto.Cipher._raw_aes",
+                                         _cproto)
+
+# Try to load AES with AES NI instructions
+try:
+    _raw_aesni_lib = None
+    if _cpu_features.have_aes_ni():
+        _raw_aesni_lib = load_pycryptodome_raw_lib("Crypto.Cipher._raw_aesni",
+                                                   _cproto.replace("AES",
+                                                                   "AESNI"))
+# _raw_aesni may not have been compiled in
+except OSError:
+    pass
+
+
+def _create_base_cipher(dict_parameters):
+    """This method instantiates and returns a handle to a low-level
+    base cipher. It will absorb named parameters in the process."""
+
+    use_aesni = dict_parameters.pop("use_aesni", True)
+
+    try:
+        key = dict_parameters.pop("key")
+    except KeyError:
+        raise TypeError("Missing 'key' parameter")
+
+    if len(key) not in key_size:
+        raise ValueError("Incorrect AES key length (%d bytes)" % len(key))
+
+    if use_aesni and _raw_aesni_lib:
+        start_operation = _raw_aesni_lib.AESNI_start_operation
+        stop_operation = _raw_aesni_lib.AESNI_stop_operation
+    else:
+        start_operation = _raw_aes_lib.AES_start_operation
+        stop_operation = _raw_aes_lib.AES_stop_operation
+
+    cipher = VoidPointer()
+    result = start_operation(c_uint8_ptr(key),
+                             c_size_t(len(key)),
+                             cipher.address_of())
+    if result:
+        raise ValueError("Error %X while instantiating the AES cipher"
+                         % result)
+    return SmartPointer(cipher.get(), stop_operation)
+
+
+def _derive_Poly1305_key_pair(key, nonce):
+    """Derive a tuple (r, s, nonce) for a Poly1305 MAC.
+    
+    If nonce is ``None``, a new 16-byte nonce is generated.
+    """
+
+    if len(key) != 32:
+        raise ValueError("Poly1305 with AES requires a 32-byte key")
+
+    if nonce is None:
+        nonce = get_random_bytes(16)
+    elif len(nonce) != 16:
+        raise ValueError("Poly1305 with AES requires a 16-byte nonce")
+
+    s = new(key[:16], MODE_ECB).encrypt(nonce)
+    return key[16:], s, nonce
+
+
+def new(key, mode, *args, **kwargs):
+    """Create a new AES cipher.
+
+    :param key:
+        The secret key to use in the symmetric cipher.
+
+        It must be 16, 24 or 32 bytes long (respectively for *AES-128*,
+        *AES-192* or *AES-256*).
+
+        For ``MODE_SIV`` only, it doubles to 32, 48, or 64 bytes.
+    :type key: bytes/bytearray/memoryview
+
+    :param mode:
+        The chaining mode to use for encryption or decryption.
+        If in doubt, use ``MODE_EAX``.
+    :type mode: One of the supported ``MODE_*`` constants
+
+    :Keyword Arguments:
+        *   **iv** (*bytes*, *bytearray*, *memoryview*) --
+            (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``,
+            and ``MODE_OPENPGP`` modes).
+
+            The initialization vector to use for encryption or decryption.
+
+            For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 16 bytes long.
+
+            For ``MODE_OPENPGP`` mode only,
+            it must be 16 bytes long for encryption
+            and 18 bytes for decryption (in the latter case, it is
+            actually the *encrypted* IV which was prefixed to the ciphertext).
+
+            If not provided, a random byte string is generated (you must then
+            read its value with the :attr:`iv` attribute).
+
+        *   **nonce** (*bytes*, *bytearray*, *memoryview*) --
+            (Only applicable for ``MODE_CCM``, ``MODE_EAX``, ``MODE_GCM``,
+            ``MODE_SIV``, ``MODE_OCB``, and ``MODE_CTR``).
+
+            A value that must never be reused for any other encryption done
+            with this key (except possibly for ``MODE_SIV``, see below).
+
+            For ``MODE_EAX``, ``MODE_GCM`` and ``MODE_SIV`` there are no
+            restrictions on its length (recommended: **16** bytes).
+
+            For ``MODE_CCM``, its length must be in the range **[7..13]**.
+            Bear in mind that with CCM there is a trade-off between nonce
+            length and maximum message size. Recommendation: **11** bytes.
+
+            For ``MODE_OCB``, its length must be in the range **[1..15]**
+            (recommended: **15**).
+
+            For ``MODE_CTR``, its length must be in the range **[0..15]**
+            (recommended: **8**).
+            
+            For ``MODE_SIV``, the nonce is optional, if it is not specified,
+            then no nonce is being used, which renders the encryption
+            deterministic.
+
+            If not provided, for modes other than ``MODE_SIV```, a random
+            byte string of the recommended length is used (you must then
+            read its value with the :attr:`nonce` attribute).
+
+        *   **segment_size** (*integer*) --
+            (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext
+            are segmented in. It must be a multiple of 8.
+            If not specified, it will be assumed to be 8.
+
+        *   **mac_len** : (*integer*) --
+            (Only ``MODE_EAX``, ``MODE_GCM``, ``MODE_OCB``, ``MODE_CCM``)
+            Length of the authentication tag, in bytes.
+
+            It must be even and in the range **[4..16]**.
+            The recommended value (and the default, if not specified) is **16**.
+
+        *   **msg_len** : (*integer*) --
+            (Only ``MODE_CCM``). Length of the message to (de)cipher.
+            If not specified, ``encrypt`` must be called with the entire message.
+            Similarly, ``decrypt`` can only be called once.
+
+        *   **assoc_len** : (*integer*) --
+            (Only ``MODE_CCM``). Length of the associated data.
+            If not specified, all associated data is buffered internally,
+            which may represent a problem for very large messages.
+
+        *   **initial_value** : (*integer* or *bytes/bytearray/memoryview*) --
+            (Only ``MODE_CTR``).
+            The initial value for the counter. If not present, the cipher will
+            start counting from 0. The value is incremented by one for each block.
+            The counter number is encoded in big endian mode.
+
+        *   **counter** : (*object*) --
+            Instance of ``Crypto.Util.Counter``, which allows full customization
+            of the counter block. This parameter is incompatible to both ``nonce``
+            and ``initial_value``.
+
+        *   **use_aesni** : (*boolean*) --
+            Use Intel AES-NI hardware extensions (default: use if available).
+
+    :Return: an AES object, of the applicable mode.
+    """
+
+    kwargs["add_aes_modes"] = True
+    return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs)
+
+
+MODE_ECB = 1
+MODE_CBC = 2
+MODE_CFB = 3
+MODE_OFB = 5
+MODE_CTR = 6
+MODE_OPENPGP = 7
+MODE_CCM = 8
+MODE_EAX = 9
+MODE_SIV = 10
+MODE_GCM = 11
+MODE_OCB = 12
+
+# Size of a data block (in bytes)
+block_size = 16
+# Size of a key (in bytes)
+key_size = (16, 24, 32)

venv/lib/python3.7/site-packages/Crypto/Cipher/AES.pyi

@@ -0,0 +1,47 @@
+from typing import Union, Tuple, Optional, Dict
+
+from Crypto.Cipher._mode_ecb import EcbMode
+from Crypto.Cipher._mode_cbc import CbcMode
+from Crypto.Cipher._mode_cfb import CfbMode
+from Crypto.Cipher._mode_ofb import OfbMode
+from Crypto.Cipher._mode_ctr import CtrMode
+from Crypto.Cipher._mode_openpgp import OpenPgpMode
+from Crypto.Cipher._mode_ccm import CcmMode
+from Crypto.Cipher._mode_eax import EaxMode
+from Crypto.Cipher._mode_gcm import GcmMode
+from Crypto.Cipher._mode_siv import SivMode
+from Crypto.Cipher._mode_ocb import OcbMode
+
+AESMode = int
+
+MODE_ECB: AESMode
+MODE_CBC: AESMode
+MODE_CFB: AESMode
+MODE_OFB: AESMode
+MODE_CTR: AESMode
+MODE_OPENPGP: AESMode
+MODE_CCM: AESMode
+MODE_EAX: AESMode
+MODE_GCM: AESMode
+MODE_SIV: AESMode
+MODE_OCB: AESMode
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+def new(key: Buffer,
+        mode: AESMode,
+        iv : Buffer = ...,
+        IV : Buffer = ...,
+        nonce : Buffer = ...,
+        segment_size : int = ...,
+        mac_len : int = ...,
+        assoc_len : int = ...,
+        initial_value : Union[int, Buffer] = ...,
+        counter : Dict = ...,
+        use_aesni : bool = ...) -> \
+        Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode,
+              OpenPgpMode, CcmMode, EaxMode, GcmMode,
+              SivMode, OcbMode]: ...
+
+block_size: int
+key_size: Tuple[int, int, int]

venv/lib/python3.7/site-packages/Crypto/Cipher/ARC2.py

@@ -0,0 +1,175 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/ARC2.py : ARC2.py
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+"""
+Module's constants for the modes of operation supported with ARC2:
+
+:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>`
+:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>`
+:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>`
+:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>`
+:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>`
+:var MODE_OPENPGP:  :ref:`OpenPGP Mode <openpgp_mode>`
+:var MODE_EAX: :ref:`EAX Mode <eax_mode>`
+"""
+
+import sys
+
+from Crypto.Cipher import _create_cipher
+from Crypto.Util.py3compat import byte_string
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
+                                  VoidPointer, SmartPointer,
+                                  c_size_t, c_uint8_ptr)
+
+_raw_arc2_lib = load_pycryptodome_raw_lib(
+                        "Crypto.Cipher._raw_arc2",
+                        """
+                        int ARC2_start_operation(const uint8_t key[],
+                                                 size_t key_len,
+                                                 size_t effective_key_len,
+                                                 void **pResult);
+                        int ARC2_encrypt(const void *state,
+                                         const uint8_t *in,
+                                         uint8_t *out,
+                                         size_t data_len);
+                        int ARC2_decrypt(const void *state,
+                                         const uint8_t *in,
+                                         uint8_t *out,
+                                         size_t data_len);
+                        int ARC2_stop_operation(void *state);
+                        """
+                        )
+
+
+def _create_base_cipher(dict_parameters):
+    """This method instantiates and returns a handle to a low-level
+    base cipher. It will absorb named parameters in the process."""
+
+    try:
+        key = dict_parameters.pop("key")
+    except KeyError:
+        raise TypeError("Missing 'key' parameter")
+
+    effective_keylen = dict_parameters.pop("effective_keylen", 1024)
+
+    if len(key) not in key_size:
+        raise ValueError("Incorrect ARC2 key length (%d bytes)" % len(key))
+
+    if not (40 <= effective_keylen <= 1024):
+        raise ValueError("'effective_key_len' must be at least 40 and no larger than 1024 "
+                         "(not %d)" % effective_keylen)
+
+    start_operation = _raw_arc2_lib.ARC2_start_operation
+    stop_operation = _raw_arc2_lib.ARC2_stop_operation
+
+    cipher = VoidPointer()
+    result = start_operation(c_uint8_ptr(key),
+                             c_size_t(len(key)),
+                             c_size_t(effective_keylen),
+                             cipher.address_of())
+    if result:
+        raise ValueError("Error %X while instantiating the ARC2 cipher"
+                         % result)
+
+    return SmartPointer(cipher.get(), stop_operation)
+
+
+def new(key, mode, *args, **kwargs):
+    """Create a new RC2 cipher.
+
+    :param key:
+        The secret key to use in the symmetric cipher.
+        Its length can vary from 5 to 128 bytes; the actual search space
+        (and the cipher strength) can be reduced with the ``effective_keylen`` parameter.
+    :type key: bytes, bytearray, memoryview
+
+    :param mode:
+        The chaining mode to use for encryption or decryption.
+    :type mode: One of the supported ``MODE_*`` constants
+
+    :Keyword Arguments:
+        *   **iv** (*bytes*, *bytearray*, *memoryview*) --
+            (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``,
+            and ``MODE_OPENPGP`` modes).
+
+            The initialization vector to use for encryption or decryption.
+
+            For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 8 bytes long.
+
+            For ``MODE_OPENPGP`` mode only,
+            it must be 8 bytes long for encryption
+            and 10 bytes for decryption (in the latter case, it is
+            actually the *encrypted* IV which was prefixed to the ciphertext).
+
+            If not provided, a random byte string is generated (you must then
+            read its value with the :attr:`iv` attribute).
+
+        *   **nonce** (*bytes*, *bytearray*, *memoryview*) --
+            (Only applicable for ``MODE_EAX`` and ``MODE_CTR``).
+
+            A value that must never be reused for any other encryption done
+            with this key.
+
+            For ``MODE_EAX`` there are no
+            restrictions on its length (recommended: **16** bytes).
+
+            For ``MODE_CTR``, its length must be in the range **[0..7]**.
+
+            If not provided for ``MODE_EAX``, a random byte string is generated (you
+            can read it back via the ``nonce`` attribute).
+
+        *   **effective_keylen** (*integer*) --
+            Optional. Maximum strength in bits of the actual key used by the ARC2 algorithm.
+            If the supplied ``key`` parameter is longer (in bits) of the value specified
+            here, it will be weakened to match it.
+            If not specified, no limitation is applied.
+
+        *   **segment_size** (*integer*) --
+            (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext
+            are segmented in. It must be a multiple of 8.
+            If not specified, it will be assumed to be 8.
+
+        *   **mac_len** : (*integer*) --
+            (Only ``MODE_EAX``)
+            Length of the authentication tag, in bytes.
+            It must be no longer than 8 (default).
+
+        *   **initial_value** : (*integer*) --
+            (Only ``MODE_CTR``). The initial value for the counter within
+            the counter block. By default it is **0**.
+
+    :Return: an ARC2 object, of the applicable mode.
+    """
+
+    return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs)
+
+MODE_ECB = 1
+MODE_CBC = 2
+MODE_CFB = 3
+MODE_OFB = 5
+MODE_CTR = 6
+MODE_OPENPGP = 7
+MODE_EAX = 9
+
+# Size of a data block (in bytes)
+block_size = 8
+# Size of a key (in bytes)
+key_size = range(5, 128 + 1)

venv/lib/python3.7/site-packages/Crypto/Cipher/ARC2.pyi

@@ -0,0 +1,35 @@
+from typing import Union, Dict, Iterable
+
+from Crypto.Cipher._mode_ecb import EcbMode
+from Crypto.Cipher._mode_cbc import CbcMode
+from Crypto.Cipher._mode_cfb import CfbMode
+from Crypto.Cipher._mode_ofb import OfbMode
+from Crypto.Cipher._mode_ctr import CtrMode
+from Crypto.Cipher._mode_openpgp import OpenPgpMode
+from Crypto.Cipher._mode_eax import EaxMode
+
+ARC2Mode = int
+
+MODE_ECB: ARC2Mode
+MODE_CBC: ARC2Mode
+MODE_CFB: ARC2Mode
+MODE_OFB: ARC2Mode
+MODE_CTR: ARC2Mode
+MODE_OPENPGP: ARC2Mode
+MODE_EAX: ARC2Mode
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+def new(key: Buffer,
+        mode: ARC2Mode,
+        iv : Buffer = ...,
+        IV : Buffer = ...,
+        nonce : Buffer = ...,
+        segment_size : int = ...,
+        mac_len : int = ...,
+        initial_value : Union[int, Buffer] = ...,
+        counter : Dict = ...) -> \
+        Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: ...
+
+block_size: int
+key_size: Iterable[int]

venv/lib/python3.7/site-packages/Crypto/Cipher/ARC4.py

@@ -0,0 +1,137 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/ARC4.py : ARC4
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+from Crypto.Util.py3compat import b
+
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer,
+                                  create_string_buffer, get_raw_buffer,
+                                  SmartPointer, c_size_t, c_uint8_ptr)
+
+
+_raw_arc4_lib = load_pycryptodome_raw_lib("Crypto.Cipher._ARC4", """
+                    int ARC4_stream_encrypt(void *rc4State, const uint8_t in[],
+                                            uint8_t out[], size_t len);
+                    int ARC4_stream_init(uint8_t *key, size_t keylen,
+                                         void **pRc4State);
+                    int ARC4_stream_destroy(void *rc4State);
+                    """)
+
+
+class ARC4Cipher:
+    """ARC4 cipher object. Do not create it directly. Use
+    :func:`Crypto.Cipher.ARC4.new` instead.
+    """
+
+    def __init__(self, key, *args, **kwargs):
+        """Initialize an ARC4 cipher object
+
+        See also `new()` at the module level."""
+
+        if len(args) > 0:
+            ndrop = args[0]
+            args = args[1:]
+        else:
+            ndrop = kwargs.pop('drop', 0)
+
+        if len(key) not in key_size:
+            raise ValueError("Incorrect ARC4 key length (%d bytes)" %
+                             len(key))
+
+        self._state = VoidPointer()
+        result = _raw_arc4_lib.ARC4_stream_init(c_uint8_ptr(key),
+                                                c_size_t(len(key)),
+                                                self._state.address_of())
+        if result != 0:
+            raise ValueError("Error %d while creating the ARC4 cipher"
+                             % result)
+        self._state = SmartPointer(self._state.get(),
+                                   _raw_arc4_lib.ARC4_stream_destroy)
+
+        if ndrop > 0:
+            # This is OK even if the cipher is used for decryption,
+            # since encrypt and decrypt are actually the same thing
+            # with ARC4.
+            self.encrypt(b'\x00' * ndrop)
+
+        self.block_size = 1
+        self.key_size = len(key)
+
+    def encrypt(self, plaintext):
+        """Encrypt a piece of data.
+
+        :param plaintext: The data to encrypt, of any size.
+        :type plaintext: bytes, bytearray, memoryview
+        :returns: the encrypted byte string, of equal length as the
+          plaintext.
+        """
+
+        ciphertext = create_string_buffer(len(plaintext))
+        result = _raw_arc4_lib.ARC4_stream_encrypt(self._state.get(),
+                                                   c_uint8_ptr(plaintext),
+                                                   ciphertext,
+                                                   c_size_t(len(plaintext)))
+        if result:
+            raise ValueError("Error %d while encrypting with RC4" % result)
+        return get_raw_buffer(ciphertext)
+
+    def decrypt(self, ciphertext):
+        """Decrypt a piece of data.
+
+        :param ciphertext: The data to decrypt, of any size.
+        :type ciphertext: bytes, bytearray, memoryview
+        :returns: the decrypted byte string, of equal length as the
+          ciphertext.
+        """
+
+        try:
+            return self.encrypt(ciphertext)
+        except ValueError as e:
+            raise ValueError(str(e).replace("enc", "dec"))
+
+
+def new(key, *args, **kwargs):
+    """Create a new ARC4 cipher.
+
+    :param key:
+        The secret key to use in the symmetric cipher.
+        Its length must be in the range ``[5..256]``.
+        The recommended length is 16 bytes.
+    :type key: bytes, bytearray, memoryview
+
+    :Keyword Arguments:
+        *   *drop* (``integer``) --
+            The amount of bytes to discard from the initial part of the keystream.
+            In fact, such part has been found to be distinguishable from random
+            data (while it shouldn't) and also correlated to key.
+
+            The recommended value is 3072_ bytes. The default value is 0.
+
+    :Return: an `ARC4Cipher` object
+
+    .. _3072: http://eprint.iacr.org/2002/067.pdf
+    """
+    return ARC4Cipher(key, *args, **kwargs)
+
+# Size of a data block (in bytes)
+block_size = 1
+# Size of a key (in bytes)
+key_size = range(5, 256+1)

venv/lib/python3.7/site-packages/Crypto/Cipher/ARC4.pyi

@@ -0,0 +1,16 @@
+from typing import Any, Union, Iterable
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+class ARC4Cipher:
+    block_size: int
+    key_size: int
+
+    def __init__(self, key: Buffer, *args: Any, **kwargs: Any) -> None: ...
+    def encrypt(self, plaintext: Buffer) -> bytes: ...
+    def decrypt(self, ciphertext: Buffer) -> bytes: ...
+
+def new(key: Buffer, drop : int = ...) -> ARC4Cipher: ...
+
+block_size: int
+key_size: Iterable[int]

venv/lib/python3.7/site-packages/Crypto/Cipher/Blowfish.py

@@ -0,0 +1,159 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/Blowfish.py : Blowfish
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+"""
+Module's constants for the modes of operation supported with Blowfish:
+
+:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>`
+:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>`
+:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>`
+:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>`
+:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>`
+:var MODE_OPENPGP:  :ref:`OpenPGP Mode <openpgp_mode>`
+:var MODE_EAX: :ref:`EAX Mode <eax_mode>`
+"""
+
+import sys
+
+from Crypto.Cipher import _create_cipher
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
+                                  VoidPointer, SmartPointer, c_size_t,
+                                  c_uint8_ptr)
+
+_raw_blowfish_lib = load_pycryptodome_raw_lib(
+        "Crypto.Cipher._raw_blowfish",
+        """
+        int Blowfish_start_operation(const uint8_t key[],
+                                     size_t key_len,
+                                     void **pResult);
+        int Blowfish_encrypt(const void *state,
+                             const uint8_t *in,
+                             uint8_t *out,
+                             size_t data_len);
+        int Blowfish_decrypt(const void *state,
+                             const uint8_t *in,
+                             uint8_t *out,
+                             size_t data_len);
+        int Blowfish_stop_operation(void *state);
+        """
+        )
+
+
+def _create_base_cipher(dict_parameters):
+    """This method instantiates and returns a smart pointer to
+    a low-level base cipher. It will absorb named parameters in
+    the process."""
+
+    try:
+        key = dict_parameters.pop("key")
+    except KeyError:
+        raise TypeError("Missing 'key' parameter")
+
+    if len(key) not in key_size:
+        raise ValueError("Incorrect Blowfish key length (%d bytes)" % len(key))
+
+    start_operation = _raw_blowfish_lib.Blowfish_start_operation
+    stop_operation = _raw_blowfish_lib.Blowfish_stop_operation
+
+    void_p = VoidPointer()
+    result = start_operation(c_uint8_ptr(key),
+                             c_size_t(len(key)),
+                             void_p.address_of())
+    if result:
+        raise ValueError("Error %X while instantiating the Blowfish cipher"
+                         % result)
+    return SmartPointer(void_p.get(), stop_operation)
+
+
+def new(key, mode, *args, **kwargs):
+    """Create a new Blowfish cipher
+
+    :param key:
+        The secret key to use in the symmetric cipher.
+        Its length can vary from 5 to 56 bytes.
+    :type key: bytes, bytearray, memoryview
+
+    :param mode:
+        The chaining mode to use for encryption or decryption.
+    :type mode: One of the supported ``MODE_*`` constants
+
+    :Keyword Arguments:
+        *   **iv** (*bytes*, *bytearray*, *memoryview*) --
+            (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``,
+            and ``MODE_OPENPGP`` modes).
+
+            The initialization vector to use for encryption or decryption.
+
+            For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 8 bytes long.
+
+            For ``MODE_OPENPGP`` mode only,
+            it must be 8 bytes long for encryption
+            and 10 bytes for decryption (in the latter case, it is
+            actually the *encrypted* IV which was prefixed to the ciphertext).
+
+            If not provided, a random byte string is generated (you must then
+            read its value with the :attr:`iv` attribute).
+
+        *   **nonce** (*bytes*, *bytearray*, *memoryview*) --
+            (Only applicable for ``MODE_EAX`` and ``MODE_CTR``).
+
+            A value that must never be reused for any other encryption done
+            with this key.
+
+            For ``MODE_EAX`` there are no
+            restrictions on its length (recommended: **16** bytes).
+
+            For ``MODE_CTR``, its length must be in the range **[0..7]**.
+
+            If not provided for ``MODE_EAX``, a random byte string is generated (you
+            can read it back via the ``nonce`` attribute).
+
+        *   **segment_size** (*integer*) --
+            (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext
+            are segmented in. It must be a multiple of 8.
+            If not specified, it will be assumed to be 8.
+
+        *   **mac_len** : (*integer*) --
+            (Only ``MODE_EAX``)
+            Length of the authentication tag, in bytes.
+            It must be no longer than 8 (default).
+
+        *   **initial_value** : (*integer*) --
+            (Only ``MODE_CTR``). The initial value for the counter within
+            the counter block. By default it is **0**.
+
+    :Return: a Blowfish object, of the applicable mode.
+    """
+
+    return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs)
+
+MODE_ECB = 1
+MODE_CBC = 2
+MODE_CFB = 3
+MODE_OFB = 5
+MODE_CTR = 6
+MODE_OPENPGP = 7
+MODE_EAX = 9
+
+# Size of a data block (in bytes)
+block_size = 8
+# Size of a key (in bytes)
+key_size = range(4, 56 + 1)

venv/lib/python3.7/site-packages/Crypto/Cipher/Blowfish.pyi

@@ -0,0 +1,35 @@
+from typing import Union, Dict, Iterable
+
+from Crypto.Cipher._mode_ecb import EcbMode
+from Crypto.Cipher._mode_cbc import CbcMode
+from Crypto.Cipher._mode_cfb import CfbMode
+from Crypto.Cipher._mode_ofb import OfbMode
+from Crypto.Cipher._mode_ctr import CtrMode
+from Crypto.Cipher._mode_openpgp import OpenPgpMode
+from Crypto.Cipher._mode_eax import EaxMode
+
+BlowfishMode = int
+
+MODE_ECB: BlowfishMode
+MODE_CBC: BlowfishMode
+MODE_CFB: BlowfishMode
+MODE_OFB: BlowfishMode
+MODE_CTR: BlowfishMode
+MODE_OPENPGP: BlowfishMode
+MODE_EAX: BlowfishMode
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+def new(key: Buffer,
+        mode: BlowfishMode,
+        iv : Buffer = ...,
+        IV : Buffer = ...,
+        nonce : Buffer = ...,
+        segment_size : int = ...,
+        mac_len : int = ...,
+        initial_value : Union[int, Buffer] = ...,
+        counter : Dict = ...) -> \
+        Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: ...
+
+block_size: int
+key_size: Iterable[int]

venv/lib/python3.7/site-packages/Crypto/Cipher/CAST.py

@@ -0,0 +1,159 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/CAST.py : CAST
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+"""
+Module's constants for the modes of operation supported with CAST:
+
+:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>`
+:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>`
+:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>`
+:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>`
+:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>`
+:var MODE_OPENPGP:  :ref:`OpenPGP Mode <openpgp_mode>`
+:var MODE_EAX: :ref:`EAX Mode <eax_mode>`
+"""
+
+import sys
+
+from Crypto.Cipher import _create_cipher
+from Crypto.Util.py3compat import byte_string
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
+                                  VoidPointer, SmartPointer,
+                                  c_size_t, c_uint8_ptr)
+
+_raw_cast_lib = load_pycryptodome_raw_lib(
+                    "Crypto.Cipher._raw_cast",
+                    """
+                    int CAST_start_operation(const uint8_t key[],
+                                             size_t key_len,
+                                             void **pResult);
+                    int CAST_encrypt(const void *state,
+                                     const uint8_t *in,
+                                     uint8_t *out,
+                                     size_t data_len);
+                    int CAST_decrypt(const void *state,
+                                     const uint8_t *in,
+                                     uint8_t *out,
+                                     size_t data_len);
+                    int CAST_stop_operation(void *state);
+                    """)
+
+
+def _create_base_cipher(dict_parameters):
+    """This method instantiates and returns a handle to a low-level
+    base cipher. It will absorb named parameters in the process."""
+
+    try:
+        key = dict_parameters.pop("key")
+    except KeyError:
+        raise TypeError("Missing 'key' parameter")
+
+    if len(key) not in key_size:
+        raise ValueError("Incorrect CAST key length (%d bytes)" % len(key))
+
+    start_operation = _raw_cast_lib.CAST_start_operation
+    stop_operation = _raw_cast_lib.CAST_stop_operation
+
+    cipher = VoidPointer()
+    result = start_operation(c_uint8_ptr(key),
+                             c_size_t(len(key)),
+                             cipher.address_of())
+    if result:
+        raise ValueError("Error %X while instantiating the CAST cipher"
+                         % result)
+
+    return SmartPointer(cipher.get(), stop_operation)
+
+
+def new(key, mode, *args, **kwargs):
+    """Create a new CAST cipher
+
+    :param key:
+        The secret key to use in the symmetric cipher.
+        Its length can vary from 5 to 16 bytes.
+    :type key: bytes, bytearray, memoryview
+
+    :param mode:
+        The chaining mode to use for encryption or decryption.
+    :type mode: One of the supported ``MODE_*`` constants
+
+    :Keyword Arguments:
+        *   **iv** (*bytes*, *bytearray*, *memoryview*) --
+            (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``,
+            and ``MODE_OPENPGP`` modes).
+
+            The initialization vector to use for encryption or decryption.
+
+            For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 8 bytes long.
+
+            For ``MODE_OPENPGP`` mode only,
+            it must be 8 bytes long for encryption
+            and 10 bytes for decryption (in the latter case, it is
+            actually the *encrypted* IV which was prefixed to the ciphertext).
+
+            If not provided, a random byte string is generated (you must then
+            read its value with the :attr:`iv` attribute).
+
+        *   **nonce** (*bytes*, *bytearray*, *memoryview*) --
+            (Only applicable for ``MODE_EAX`` and ``MODE_CTR``).
+
+            A value that must never be reused for any other encryption done
+            with this key.
+
+            For ``MODE_EAX`` there are no
+            restrictions on its length (recommended: **16** bytes).
+
+            For ``MODE_CTR``, its length must be in the range **[0..7]**.
+
+            If not provided for ``MODE_EAX``, a random byte string is generated (you
+            can read it back via the ``nonce`` attribute).
+
+        *   **segment_size** (*integer*) --
+            (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext
+            are segmented in. It must be a multiple of 8.
+            If not specified, it will be assumed to be 8.
+
+        *   **mac_len** : (*integer*) --
+            (Only ``MODE_EAX``)
+            Length of the authentication tag, in bytes.
+            It must be no longer than 8 (default).
+
+        *   **initial_value** : (*integer*) --
+            (Only ``MODE_CTR``). The initial value for the counter within
+            the counter block. By default it is **0**.
+
+    :Return: a CAST object, of the applicable mode.
+    """
+
+    return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs)
+
+MODE_ECB = 1
+MODE_CBC = 2
+MODE_CFB = 3
+MODE_OFB = 5
+MODE_CTR = 6
+MODE_OPENPGP = 7
+MODE_EAX = 9
+
+# Size of a data block (in bytes)
+block_size = 8
+# Size of a key (in bytes)
+key_size = range(5, 16 + 1)

venv/lib/python3.7/site-packages/Crypto/Cipher/CAST.pyi

@@ -0,0 +1,35 @@
+from typing import Union, Dict, Iterable
+
+from Crypto.Cipher._mode_ecb import EcbMode
+from Crypto.Cipher._mode_cbc import CbcMode
+from Crypto.Cipher._mode_cfb import CfbMode
+from Crypto.Cipher._mode_ofb import OfbMode
+from Crypto.Cipher._mode_ctr import CtrMode
+from Crypto.Cipher._mode_openpgp import OpenPgpMode
+from Crypto.Cipher._mode_eax import EaxMode
+
+CASTMode = int
+
+MODE_ECB: CASTMode
+MODE_CBC: CASTMode
+MODE_CFB: CASTMode
+MODE_OFB: CASTMode
+MODE_CTR: CASTMode
+MODE_OPENPGP: CASTMode
+MODE_EAX: CASTMode
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+def new(key: Buffer,
+        mode: CASTMode,
+        iv : Buffer = ...,
+        IV : Buffer = ...,
+        nonce : Buffer = ...,
+        segment_size : int = ...,
+        mac_len : int = ...,
+        initial_value : Union[int, Buffer] = ...,
+        counter : Dict = ...) -> \
+        Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: ...
+
+block_size: int
+key_size : Iterable[int]

venv/lib/python3.7/site-packages/Crypto/Cipher/ChaCha20.py

@@ -0,0 +1,287 @@
+# ===================================================================
+#
+# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# ===================================================================
+
+from Crypto.Random import get_random_bytes
+
+from Crypto.Util.py3compat import _copy_bytes
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
+                                  create_string_buffer,
+                                  get_raw_buffer, VoidPointer,
+                                  SmartPointer, c_size_t,
+                                  c_uint8_ptr, c_ulong,
+                                  is_writeable_buffer)
+
+_raw_chacha20_lib = load_pycryptodome_raw_lib("Crypto.Cipher._chacha20",
+                    """
+                    int chacha20_init(void **pState,
+                                      const uint8_t *key,
+                                      size_t keySize,
+                                      const uint8_t *nonce,
+                                      size_t nonceSize);
+
+                    int chacha20_destroy(void *state);
+
+                    int chacha20_encrypt(void *state,
+                                         const uint8_t in[],
+                                         uint8_t out[],
+                                         size_t len);
+
+                    int chacha20_seek(void *state,
+                                      unsigned long block_high,
+                                      unsigned long block_low,
+                                      unsigned offset);
+                    int hchacha20(  const uint8_t key[32],
+                                    const uint8_t nonce16[16],
+                                    uint8_t subkey[32]);
+                    """)
+
+
+def _HChaCha20(key, nonce):
+
+    assert(len(key) == 32)
+    assert(len(nonce) == 16)
+
+    subkey = bytearray(32)
+    result = _raw_chacha20_lib.hchacha20(
+                c_uint8_ptr(key),
+                c_uint8_ptr(nonce),
+                c_uint8_ptr(subkey))
+    if result:
+        raise ValueError("Error %d when deriving subkey with HChaCha20" % result)
+
+    return subkey
+
+
+class ChaCha20Cipher(object):
+    """ChaCha20 (or XChaCha20) cipher object.
+    Do not create it directly. Use :py:func:`new` instead.
+
+    :var nonce: The nonce with length 8, 12 or 24 bytes
+    :vartype nonce: bytes
+    """
+
+    block_size = 1
+
+    def __init__(self, key, nonce):
+        """Initialize a ChaCha20/XChaCha20 cipher object
+
+        See also `new()` at the module level."""
+
+        self.nonce = _copy_bytes(None, None, nonce)
+
+        # XChaCha20 requires a key derivation with HChaCha20
+        # See 2.3 in https://tools.ietf.org/html/draft-arciszewski-xchacha-03
+        if len(nonce) == 24:
+            key = _HChaCha20(key, nonce[:16])
+            nonce = b'\x00' * 4 + nonce[16:]
+            self._name = "XChaCha20"
+        else:
+            self._name = "ChaCha20"
+            nonce = self.nonce
+
+        self._next = ( self.encrypt, self.decrypt )
+
+        self._state = VoidPointer()
+        result = _raw_chacha20_lib.chacha20_init(
+                        self._state.address_of(),
+                        c_uint8_ptr(key),
+                        c_size_t(len(key)),
+                        nonce,
+                        c_size_t(len(nonce)))
+        if result:
+            raise ValueError("Error %d instantiating a %s cipher" % (result,
+                                                                     self._name))
+        self._state = SmartPointer(self._state.get(),
+                                   _raw_chacha20_lib.chacha20_destroy)
+
+    def encrypt(self, plaintext, output=None):
+        """Encrypt a piece of data.
+
+        Args:
+          plaintext(bytes/bytearray/memoryview): The data to encrypt, of any size.
+        Keyword Args:
+          output(bytes/bytearray/memoryview): The location where the ciphertext
+            is written to. If ``None``, the ciphertext is returned.
+        Returns:
+          If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.encrypt not in self._next:
+            raise TypeError("Cipher object can only be used for decryption")
+        self._next = ( self.encrypt, )
+        return self._encrypt(plaintext, output)
+
+    def _encrypt(self, plaintext, output):
+        """Encrypt without FSM checks"""
+
+        if output is None:
+            ciphertext = create_string_buffer(len(plaintext))
+        else:
+            ciphertext = output
+
+            if not is_writeable_buffer(output):
+                raise TypeError("output must be a bytearray or a writeable memoryview")
+
+            if len(plaintext) != len(output):
+                raise ValueError("output must have the same length as the input"
+                                 "  (%d bytes)" % len(plaintext))
+
+        result = _raw_chacha20_lib.chacha20_encrypt(
+                                         self._state.get(),
+                                         c_uint8_ptr(plaintext),
+                                         c_uint8_ptr(ciphertext),
+                                         c_size_t(len(plaintext)))
+        if result:
+            raise ValueError("Error %d while encrypting with %s" % (result, self._name))
+
+        if output is None:
+            return get_raw_buffer(ciphertext)
+        else:
+            return None
+
+    def decrypt(self, ciphertext, output=None):
+        """Decrypt a piece of data.
+
+        Args:
+          ciphertext(bytes/bytearray/memoryview): The data to decrypt, of any size.
+        Keyword Args:
+          output(bytes/bytearray/memoryview): The location where the plaintext
+            is written to. If ``None``, the plaintext is returned.
+        Returns:
+          If ``output`` is ``None``, the plaintext is returned as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.decrypt not in self._next:
+            raise TypeError("Cipher object can only be used for encryption")
+        self._next = ( self.decrypt, )
+
+        try:
+            return self._encrypt(ciphertext, output)
+        except ValueError as e:
+            raise ValueError(str(e).replace("enc", "dec"))
+
+    def seek(self, position):
+        """Seek to a certain position in the key stream.
+
+        Args:
+          position (integer):
+            The absolute position within the key stream, in bytes.
+        """
+
+        position, offset = divmod(position, 64)
+        block_low = position & 0xFFFFFFFF
+        block_high = position >> 32
+
+        result = _raw_chacha20_lib.chacha20_seek(
+                                                 self._state.get(),
+                                                 c_ulong(block_high),
+                                                 c_ulong(block_low),
+                                                 offset
+                                                 )
+        if result:
+            raise ValueError("Error %d while seeking with %s" % (result, self._name))
+
+
+def _derive_Poly1305_key_pair(key, nonce):
+    """Derive a tuple (r, s, nonce) for a Poly1305 MAC.
+
+    If nonce is ``None``, a new 12-byte nonce is generated.
+    """
+
+    if len(key) != 32:
+        raise ValueError("Poly1305 with ChaCha20 requires a 32-byte key")
+
+    if nonce is None:
+        padded_nonce = nonce = get_random_bytes(12)
+    elif len(nonce) == 8:
+        # See RFC7538, 2.6: [...] ChaCha20 as specified here requires a 96-bit
+        # nonce.  So if the provided nonce is only 64-bit, then the first 32
+        # bits of the nonce will be set to a constant number.
+        # This will usually be zero, but for protocols with multiple senders it may be
+        # different for each sender, but should be the same for all
+        # invocations of the function with the same key by a particular
+        # sender.
+        padded_nonce = b'\x00\x00\x00\x00' + nonce
+    elif len(nonce) == 12:
+        padded_nonce = nonce
+    else:
+        raise ValueError("Poly1305 with ChaCha20 requires an 8- or 12-byte nonce")
+
+    rs = new(key=key, nonce=padded_nonce).encrypt(b'\x00' * 32)
+    return rs[:16], rs[16:], nonce
+
+
+def new(**kwargs):
+    """Create a new ChaCha20 or XChaCha20 cipher
+
+    Keyword Args:
+        key (bytes/bytearray/memoryview): The secret key to use.
+            It must be 32 bytes long.
+        nonce (bytes/bytearray/memoryview): A mandatory value that
+            must never be reused for any other encryption
+            done with this key.
+
+            For ChaCha20, it must be 8 or 12 bytes long.
+
+            For XChaCha20, it must be 24 bytes long.
+
+            If not provided, 8 bytes will be randomly generated
+            (you can find them back in the ``nonce`` attribute).
+
+    :Return: a :class:`Crypto.Cipher.ChaCha20.ChaCha20Cipher` object
+    """
+
+    try:
+        key = kwargs.pop("key")
+    except KeyError as e:
+        raise TypeError("Missing parameter %s" % e)
+
+    nonce = kwargs.pop("nonce", None)
+    if nonce is None:
+        nonce = get_random_bytes(8)
+
+    if len(key) != 32:
+        raise ValueError("ChaCha20/XChaCha20 key must be 32 bytes long")
+
+    if len(nonce) not in (8, 12, 24):
+        raise ValueError("Nonce must be 8/12 bytes(ChaCha20) or 24 bytes (XChaCha20)")
+
+    if kwargs:
+        raise TypeError("Unknown parameters: " + str(kwargs))
+
+    return ChaCha20Cipher(key, nonce)
+
+# Size of a data block (in bytes)
+block_size = 1
+
+# Size of a key (in bytes)
+key_size = 32

venv/lib/python3.7/site-packages/Crypto/Cipher/ChaCha20.pyi

@@ -0,0 +1,25 @@
+from typing import Union, overload
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+def _HChaCha20(key: Buffer, nonce: Buffer) -> bytearray: ...
+
+class ChaCha20Cipher:
+    block_size: int
+    nonce: bytes
+
+    def __init__(self, key: Buffer, nonce: Buffer) -> None: ...
+    @overload
+    def encrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+    @overload
+    def decrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+    def seek(self, position: int) -> None: ...
+
+def new(key: Buffer, nonce: Buffer = ...) -> ChaCha20Cipher: ...
+
+block_size: int
+key_size: int

venv/lib/python3.7/site-packages/Crypto/Cipher/ChaCha20_Poly1305.py

@@ -0,0 +1,336 @@
+# ===================================================================
+#
+# Copyright (c) 2018, Helder Eijs <helderijs@gmail.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# ===================================================================
+
+from binascii import unhexlify
+
+from Crypto.Cipher import ChaCha20
+from Crypto.Cipher.ChaCha20 import _HChaCha20
+from Crypto.Hash import Poly1305, BLAKE2s
+
+from Crypto.Random import get_random_bytes
+
+from Crypto.Util.number import long_to_bytes
+from Crypto.Util.py3compat import _copy_bytes, bord
+from Crypto.Util._raw_api import is_buffer
+
+
+def _enum(**enums):
+    return type('Enum', (), enums)
+
+
+_CipherStatus = _enum(PROCESSING_AUTH_DATA=1,
+                      PROCESSING_CIPHERTEXT=2,
+                      PROCESSING_DONE=3)
+
+
+class ChaCha20Poly1305Cipher(object):
+    """ChaCha20-Poly1305 and XChaCha20-Poly1305 cipher object.
+    Do not create it directly. Use :py:func:`new` instead.
+
+    :var nonce: The nonce with length 8, 12 or 24 bytes
+    :vartype nonce: byte string
+    """
+
+    def __init__(self, key, nonce):
+        """Initialize a ChaCha20-Poly1305 AEAD cipher object
+
+        See also `new()` at the module level."""
+
+        self.nonce = _copy_bytes(None, None, nonce)
+
+        self._next = (self.update, self.encrypt, self.decrypt, self.digest,
+                      self.verify)
+
+        self._authenticator = Poly1305.new(key=key, nonce=nonce, cipher=ChaCha20)
+
+        self._cipher = ChaCha20.new(key=key, nonce=nonce)
+        self._cipher.seek(64)   # Block counter starts at 1
+
+        self._len_aad = 0
+        self._len_ct = 0
+        self._mac_tag = None
+        self._status = _CipherStatus.PROCESSING_AUTH_DATA
+
+    def update(self, data):
+        """Protect the associated data.
+
+        Associated data (also known as *additional authenticated data* - AAD)
+        is the piece of the message that must stay in the clear, while
+        still allowing the receiver to verify its integrity.
+        An example is packet headers.
+
+        The associated data (possibly split into multiple segments) is
+        fed into :meth:`update` before any call to :meth:`decrypt` or :meth:`encrypt`.
+        If there is no associated data, :meth:`update` is not called.
+
+        :param bytes/bytearray/memoryview assoc_data:
+            A piece of associated data. There are no restrictions on its size.
+        """
+
+        if self.update not in self._next:
+            raise TypeError("update() method cannot be called")
+
+        self._len_aad += len(data)
+        self._authenticator.update(data)
+
+    def _pad_aad(self):
+
+        assert(self._status == _CipherStatus.PROCESSING_AUTH_DATA)
+        if self._len_aad & 0x0F:
+            self._authenticator.update(b'\x00' * (16 - (self._len_aad & 0x0F)))
+        self._status = _CipherStatus.PROCESSING_CIPHERTEXT
+
+    def encrypt(self, plaintext, output=None):
+        """Encrypt a piece of data.
+
+        Args:
+          plaintext(bytes/bytearray/memoryview): The data to encrypt, of any size.
+        Keyword Args:
+          output(bytes/bytearray/memoryview): The location where the ciphertext
+            is written to. If ``None``, the ciphertext is returned.
+        Returns:
+          If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.encrypt not in self._next:
+            raise TypeError("encrypt() method cannot be called")
+
+        if self._status == _CipherStatus.PROCESSING_AUTH_DATA:
+            self._pad_aad()
+
+        self._next = (self.encrypt, self.digest)
+
+        result = self._cipher.encrypt(plaintext, output=output)
+        self._len_ct += len(plaintext)
+        if output is None:
+            self._authenticator.update(result)
+        else:
+            self._authenticator.update(output)
+        return result
+
+    def decrypt(self, ciphertext, output=None):
+        """Decrypt a piece of data.
+
+        Args:
+          ciphertext(bytes/bytearray/memoryview): The data to decrypt, of any size.
+        Keyword Args:
+          output(bytes/bytearray/memoryview): The location where the plaintext
+            is written to. If ``None``, the plaintext is returned.
+        Returns:
+          If ``output`` is ``None``, the plaintext is returned as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.decrypt not in self._next:
+            raise TypeError("decrypt() method cannot be called")
+
+        if self._status == _CipherStatus.PROCESSING_AUTH_DATA:
+            self._pad_aad()
+
+        self._next = (self.decrypt, self.verify)
+
+        self._len_ct += len(ciphertext)
+        self._authenticator.update(ciphertext)
+        return self._cipher.decrypt(ciphertext, output=output)
+
+    def _compute_mac(self):
+        """Finalize the cipher (if not done already) and return the MAC."""
+
+        if self._mac_tag:
+            assert(self._status == _CipherStatus.PROCESSING_DONE)
+            return self._mac_tag
+
+        assert(self._status != _CipherStatus.PROCESSING_DONE)
+
+        if self._status == _CipherStatus.PROCESSING_AUTH_DATA:
+            self._pad_aad()
+
+        if self._len_ct & 0x0F:
+            self._authenticator.update(b'\x00' * (16 - (self._len_ct & 0x0F)))
+
+        self._status = _CipherStatus.PROCESSING_DONE
+
+        self._authenticator.update(long_to_bytes(self._len_aad, 8)[::-1])
+        self._authenticator.update(long_to_bytes(self._len_ct, 8)[::-1])
+        self._mac_tag = self._authenticator.digest()
+        return self._mac_tag
+
+    def digest(self):
+        """Compute the *binary* authentication tag (MAC).
+
+        :Return: the MAC tag, as 16 ``bytes``.
+        """
+
+        if self.digest not in self._next:
+            raise TypeError("digest() method cannot be called")
+        self._next = (self.digest,)
+
+        return self._compute_mac()
+
+    def hexdigest(self):
+        """Compute the *printable* authentication tag (MAC).
+
+        This method is like :meth:`digest`.
+
+        :Return: the MAC tag, as a hexadecimal string.
+        """
+        return "".join(["%02x" % bord(x) for x in self.digest()])
+
+    def verify(self, received_mac_tag):
+        """Validate the *binary* authentication tag (MAC).
+
+        The receiver invokes this method at the very end, to
+        check if the associated data (if any) and the decrypted
+        messages are valid.
+
+        :param bytes/bytearray/memoryview received_mac_tag:
+            This is the 16-byte *binary* MAC, as received from the sender.
+        :Raises ValueError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        if self.verify not in self._next:
+            raise TypeError("verify() cannot be called"
+                            " when encrypting a message")
+        self._next = (self.verify,)
+
+        secret = get_random_bytes(16)
+
+        self._compute_mac()
+
+        mac1 = BLAKE2s.new(digest_bits=160, key=secret,
+                           data=self._mac_tag)
+        mac2 = BLAKE2s.new(digest_bits=160, key=secret,
+                           data=received_mac_tag)
+
+        if mac1.digest() != mac2.digest():
+            raise ValueError("MAC check failed")
+
+    def hexverify(self, hex_mac_tag):
+        """Validate the *printable* authentication tag (MAC).
+
+        This method is like :meth:`verify`.
+
+        :param string hex_mac_tag:
+            This is the *printable* MAC.
+        :Raises ValueError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        self.verify(unhexlify(hex_mac_tag))
+
+    def encrypt_and_digest(self, plaintext):
+        """Perform :meth:`encrypt` and :meth:`digest` in one step.
+
+        :param plaintext: The data to encrypt, of any size.
+        :type plaintext: bytes/bytearray/memoryview
+        :return: a tuple with two ``bytes`` objects:
+
+            - the ciphertext, of equal length as the plaintext
+            - the 16-byte MAC tag
+        """
+
+        return self.encrypt(plaintext), self.digest()
+
+    def decrypt_and_verify(self, ciphertext, received_mac_tag):
+        """Perform :meth:`decrypt` and :meth:`verify` in one step.
+
+        :param ciphertext: The piece of data to decrypt.
+        :type ciphertext: bytes/bytearray/memoryview
+        :param bytes received_mac_tag:
+            This is the 16-byte *binary* MAC, as received from the sender.
+        :return: the decrypted data (as ``bytes``)
+        :raises ValueError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        plaintext = self.decrypt(ciphertext)
+        self.verify(received_mac_tag)
+        return plaintext
+
+
+def new(**kwargs):
+    """Create a new ChaCha20-Poly1305 or XChaCha20-Poly1305 AEAD cipher.
+
+    :keyword key: The secret key to use. It must be 32 bytes long.
+    :type key: byte string
+
+    :keyword nonce:
+        A value that must never be reused for any other encryption
+        done with this key.
+
+        For ChaCha20-Poly1305, it must be 8 or 12 bytes long.
+
+        For XChaCha20-Poly1305, it must be 24 bytes long.
+
+        If not provided, 12 ``bytes`` will be generated randomly
+        (you can find them back in the ``nonce`` attribute).
+    :type nonce: bytes, bytearray, memoryview
+
+    :Return: a :class:`Crypto.Cipher.ChaCha20.ChaCha20Poly1305Cipher` object
+    """
+
+    try:
+        key = kwargs.pop("key")
+    except KeyError as e:
+        raise TypeError("Missing parameter %s" % e)
+
+        self._len_ct += len(plaintext)
+
+    if len(key) != 32:
+        raise ValueError("Key must be 32 bytes long")
+
+    nonce = kwargs.pop("nonce", None)
+    if nonce is None:
+        nonce = get_random_bytes(12)
+
+    if len(nonce) in (8, 12):
+        pass
+    elif len(nonce) == 24:
+        key = _HChaCha20(key, nonce[:16])
+        nonce = b'\x00\x00\x00\x00' + nonce[16:]
+    else:
+        raise ValueError("Nonce must be 8, 12 or 24 bytes long")
+
+    if not is_buffer(nonce):
+        raise TypeError("nonce must be bytes, bytearray or memoryview")
+
+    if kwargs:
+        raise TypeError("Unknown parameters: " + str(kwargs))
+
+    return ChaCha20Poly1305Cipher(key, nonce)
+
+
+# Size of a key (in bytes)
+key_size = 32

venv/lib/python3.7/site-packages/Crypto/Cipher/ChaCha20_Poly1305.pyi

@@ -0,0 +1,28 @@
+from typing import Union, Tuple, overload
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+class ChaCha20Poly1305Cipher:
+    nonce: bytes
+
+    def __init__(self, key: Buffer, nonce: Buffer) -> None: ...
+    def update(self, data: Buffer) -> None: ...
+    @overload
+    def encrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+    @overload
+    def decrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+    def digest(self) -> bytes: ...
+    def hexdigest(self) -> str: ...
+    def verify(self, received_mac_tag: Buffer) -> None: ...
+    def hexverify(self, received_mac_tag: str) -> None: ...
+    def encrypt_and_digest(self, plaintext: Buffer) -> Tuple[bytes, bytes]: ...
+    def decrypt_and_verify(self, ciphertext: Buffer, received_mac_tag: Buffer) -> bytes: ...
+
+def new(key: Buffer, nonce: Buffer = ...) -> ChaCha20Poly1305Cipher: ...
+
+block_size: int
+key_size: int

venv/lib/python3.7/site-packages/Crypto/Cipher/DES.py

@@ -0,0 +1,158 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/DES.py : DES
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+"""
+Module's constants for the modes of operation supported with Single DES:
+
+:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>`
+:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>`
+:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>`
+:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>`
+:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>`
+:var MODE_OPENPGP:  :ref:`OpenPGP Mode <openpgp_mode>`
+:var MODE_EAX: :ref:`EAX Mode <eax_mode>`
+"""
+
+import sys
+
+from Crypto.Cipher import _create_cipher
+from Crypto.Util.py3compat import byte_string
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
+                                  VoidPointer, SmartPointer,
+                                  c_size_t, c_uint8_ptr)
+
+_raw_des_lib = load_pycryptodome_raw_lib(
+                "Crypto.Cipher._raw_des",
+                """
+                int DES_start_operation(const uint8_t key[],
+                                        size_t key_len,
+                                        void **pResult);
+                int DES_encrypt(const void *state,
+                                const uint8_t *in,
+                                uint8_t *out,
+                                size_t data_len);
+                int DES_decrypt(const void *state,
+                                const uint8_t *in,
+                                uint8_t *out,
+                                size_t data_len);
+                int DES_stop_operation(void *state);
+                """)
+
+
+def _create_base_cipher(dict_parameters):
+    """This method instantiates and returns a handle to a low-level
+    base cipher. It will absorb named parameters in the process."""
+
+    try:
+        key = dict_parameters.pop("key")
+    except KeyError:
+        raise TypeError("Missing 'key' parameter")
+
+    if len(key) != key_size:
+        raise ValueError("Incorrect DES key length (%d bytes)" % len(key))
+
+    start_operation = _raw_des_lib.DES_start_operation
+    stop_operation = _raw_des_lib.DES_stop_operation
+
+    cipher = VoidPointer()
+    result = start_operation(c_uint8_ptr(key),
+                             c_size_t(len(key)),
+                             cipher.address_of())
+    if result:
+        raise ValueError("Error %X while instantiating the DES cipher"
+                         % result)
+    return SmartPointer(cipher.get(), stop_operation)
+
+
+def new(key, mode, *args, **kwargs):
+    """Create a new DES cipher.
+
+    :param key:
+        The secret key to use in the symmetric cipher.
+        It must be 8 byte long. The parity bits will be ignored.
+    :type key: bytes/bytearray/memoryview
+
+    :param mode:
+        The chaining mode to use for encryption or decryption.
+    :type mode: One of the supported ``MODE_*`` constants
+
+    :Keyword Arguments:
+        *   **iv** (*byte string*) --
+            (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``,
+            and ``MODE_OPENPGP`` modes).
+
+            The initialization vector to use for encryption or decryption.
+
+            For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 8 bytes long.
+
+            For ``MODE_OPENPGP`` mode only,
+            it must be 8 bytes long for encryption
+            and 10 bytes for decryption (in the latter case, it is
+            actually the *encrypted* IV which was prefixed to the ciphertext).
+
+            If not provided, a random byte string is generated (you must then
+            read its value with the :attr:`iv` attribute).
+
+        *   **nonce** (*byte string*) --
+            (Only applicable for ``MODE_EAX`` and ``MODE_CTR``).
+
+            A value that must never be reused for any other encryption done
+            with this key.
+
+            For ``MODE_EAX`` there are no
+            restrictions on its length (recommended: **16** bytes).
+
+            For ``MODE_CTR``, its length must be in the range **[0..7]**.
+
+            If not provided for ``MODE_EAX``, a random byte string is generated (you
+            can read it back via the ``nonce`` attribute).
+
+        *   **segment_size** (*integer*) --
+            (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext
+            are segmented in. It must be a multiple of 8.
+            If not specified, it will be assumed to be 8.
+
+        *   **mac_len** : (*integer*) --
+            (Only ``MODE_EAX``)
+            Length of the authentication tag, in bytes.
+            It must be no longer than 8 (default).
+
+        *   **initial_value** : (*integer*) --
+            (Only ``MODE_CTR``). The initial value for the counter within
+            the counter block. By default it is **0**.
+
+    :Return: a DES object, of the applicable mode.
+    """
+
+    return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs)
+
+MODE_ECB = 1
+MODE_CBC = 2
+MODE_CFB = 3
+MODE_OFB = 5
+MODE_CTR = 6
+MODE_OPENPGP = 7
+MODE_EAX = 9
+
+# Size of a data block (in bytes)
+block_size = 8
+# Size of a key (in bytes)
+key_size = 8

venv/lib/python3.7/site-packages/Crypto/Cipher/DES.pyi

@@ -0,0 +1,35 @@
+from typing import Union, Dict, Iterable
+
+from Crypto.Cipher._mode_ecb import EcbMode
+from Crypto.Cipher._mode_cbc import CbcMode
+from Crypto.Cipher._mode_cfb import CfbMode
+from Crypto.Cipher._mode_ofb import OfbMode
+from Crypto.Cipher._mode_ctr import CtrMode
+from Crypto.Cipher._mode_openpgp import OpenPgpMode
+from Crypto.Cipher._mode_eax import EaxMode
+
+DESMode = int
+
+MODE_ECB: DESMode
+MODE_CBC: DESMode
+MODE_CFB: DESMode
+MODE_OFB: DESMode
+MODE_CTR: DESMode
+MODE_OPENPGP: DESMode
+MODE_EAX: DESMode
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+def new(key: Buffer,
+        mode: DESMode,
+        iv : Buffer = ...,
+        IV : Buffer = ...,
+        nonce : Buffer = ...,
+        segment_size : int = ...,
+        mac_len : int = ...,
+        initial_value : Union[int, Buffer] = ...,
+        counter : Dict = ...) -> \
+        Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: ...
+
+block_size: int
+key_size: int

venv/lib/python3.7/site-packages/Crypto/Cipher/DES3.py

@@ -0,0 +1,187 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/DES3.py : DES3
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+"""
+Module's constants for the modes of operation supported with Triple DES:
+
+:var MODE_ECB: :ref:`Electronic Code Book (ECB) <ecb_mode>`
+:var MODE_CBC: :ref:`Cipher-Block Chaining (CBC) <cbc_mode>`
+:var MODE_CFB: :ref:`Cipher FeedBack (CFB) <cfb_mode>`
+:var MODE_OFB: :ref:`Output FeedBack (OFB) <ofb_mode>`
+:var MODE_CTR: :ref:`CounTer Mode (CTR) <ctr_mode>`
+:var MODE_OPENPGP:  :ref:`OpenPGP Mode <openpgp_mode>`
+:var MODE_EAX: :ref:`EAX Mode <eax_mode>`
+"""
+
+import sys
+
+from Crypto.Cipher import _create_cipher
+from Crypto.Util.py3compat import byte_string, bchr, bord, bstr
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
+                                  VoidPointer, SmartPointer,
+                                  c_size_t)
+
+_raw_des3_lib = load_pycryptodome_raw_lib(
+                    "Crypto.Cipher._raw_des3",
+                    """
+                    int DES3_start_operation(const uint8_t key[],
+                                             size_t key_len,
+                                             void **pResult);
+                    int DES3_encrypt(const void *state,
+                                     const uint8_t *in,
+                                     uint8_t *out,
+                                     size_t data_len);
+                    int DES3_decrypt(const void *state,
+                                     const uint8_t *in,
+                                     uint8_t *out,
+                                     size_t data_len);
+                    int DES3_stop_operation(void *state);
+                    """)
+
+
+def adjust_key_parity(key_in):
+    """Set the parity bits in a TDES key.
+
+    :param key_in: the TDES key whose bits need to be adjusted
+    :type key_in: byte string
+
+    :returns: a copy of ``key_in``, with the parity bits correctly set
+    :rtype: byte string
+
+    :raises ValueError: if the TDES key is not 16 or 24 bytes long
+    :raises ValueError: if the TDES key degenerates into Single DES
+    """
+
+    def parity_byte(key_byte):
+        parity = 1
+        for i in range(1, 8):
+            parity ^= (key_byte >> i) & 1
+        return (key_byte & 0xFE) | parity
+
+    if len(key_in) not in key_size:
+        raise ValueError("Not a valid TDES key")
+
+    key_out = b"".join([ bchr(parity_byte(bord(x))) for x in key_in ])
+
+    if key_out[:8] == key_out[8:16] or key_out[-16:-8] == key_out[-8:]:
+        raise ValueError("Triple DES key degenerates to single DES")
+
+    return key_out
+
+
+def _create_base_cipher(dict_parameters):
+    """This method instantiates and returns a handle to a low-level base cipher.
+    It will absorb named parameters in the process."""
+
+    try:
+        key_in = dict_parameters.pop("key")
+    except KeyError:
+        raise TypeError("Missing 'key' parameter")
+
+    key = adjust_key_parity(bstr(key_in))
+
+    start_operation = _raw_des3_lib.DES3_start_operation
+    stop_operation = _raw_des3_lib.DES3_stop_operation
+
+    cipher = VoidPointer()
+    result = start_operation(key,
+                             c_size_t(len(key)),
+                             cipher.address_of())
+    if result:
+        raise ValueError("Error %X while instantiating the TDES cipher"
+                         % result)
+    return SmartPointer(cipher.get(), stop_operation)
+
+
+def new(key, mode, *args, **kwargs):
+    """Create a new Triple DES cipher.
+
+    :param key:
+        The secret key to use in the symmetric cipher.
+        It must be 16 or 24 byte long. The parity bits will be ignored.
+    :type key: bytes/bytearray/memoryview
+
+    :param mode:
+        The chaining mode to use for encryption or decryption.
+    :type mode: One of the supported ``MODE_*`` constants
+
+    :Keyword Arguments:
+        *   **iv** (*bytes*, *bytearray*, *memoryview*) --
+            (Only applicable for ``MODE_CBC``, ``MODE_CFB``, ``MODE_OFB``,
+            and ``MODE_OPENPGP`` modes).
+
+            The initialization vector to use for encryption or decryption.
+
+            For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 8 bytes long.
+
+            For ``MODE_OPENPGP`` mode only,
+            it must be 8 bytes long for encryption
+            and 10 bytes for decryption (in the latter case, it is
+            actually the *encrypted* IV which was prefixed to the ciphertext).
+
+            If not provided, a random byte string is generated (you must then
+            read its value with the :attr:`iv` attribute).
+
+        *   **nonce** (*bytes*, *bytearray*, *memoryview*) --
+            (Only applicable for ``MODE_EAX`` and ``MODE_CTR``).
+
+            A value that must never be reused for any other encryption done
+            with this key.
+
+            For ``MODE_EAX`` there are no
+            restrictions on its length (recommended: **16** bytes).
+
+            For ``MODE_CTR``, its length must be in the range **[0..7]**.
+
+            If not provided for ``MODE_EAX``, a random byte string is generated (you
+            can read it back via the ``nonce`` attribute).
+
+        *   **segment_size** (*integer*) --
+            (Only ``MODE_CFB``).The number of **bits** the plaintext and ciphertext
+            are segmented in. It must be a multiple of 8.
+            If not specified, it will be assumed to be 8.
+
+        *   **mac_len** : (*integer*) --
+            (Only ``MODE_EAX``)
+            Length of the authentication tag, in bytes.
+            It must be no longer than 8 (default).
+
+        *   **initial_value** : (*integer*) --
+            (Only ``MODE_CTR``). The initial value for the counter within
+            the counter block. By default it is **0**.
+
+    :Return: a Triple DES object, of the applicable mode.
+    """
+
+    return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs)
+
+MODE_ECB = 1
+MODE_CBC = 2
+MODE_CFB = 3
+MODE_OFB = 5
+MODE_CTR = 6
+MODE_OPENPGP = 7
+MODE_EAX = 9
+
+# Size of a data block (in bytes)
+block_size = 8
+# Size of a key (in bytes)
+key_size = (16, 24)

venv/lib/python3.7/site-packages/Crypto/Cipher/DES3.pyi

@@ -0,0 +1,37 @@
+from typing import Union, Dict, Tuple
+
+from Crypto.Cipher._mode_ecb import EcbMode
+from Crypto.Cipher._mode_cbc import CbcMode
+from Crypto.Cipher._mode_cfb import CfbMode
+from Crypto.Cipher._mode_ofb import OfbMode
+from Crypto.Cipher._mode_ctr import CtrMode
+from Crypto.Cipher._mode_openpgp import OpenPgpMode
+from Crypto.Cipher._mode_eax import EaxMode
+
+def adjust_key_parity(key_in: bytes) -> bytes: ...
+
+DES3Mode = int
+
+MODE_ECB: DES3Mode
+MODE_CBC: DES3Mode
+MODE_CFB: DES3Mode
+MODE_OFB: DES3Mode
+MODE_CTR: DES3Mode
+MODE_OPENPGP: DES3Mode
+MODE_EAX: DES3Mode
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+def new(key: Buffer,
+        mode: DES3Mode,
+        iv : Buffer = ...,
+        IV : Buffer = ...,
+        nonce : Buffer = ...,
+        segment_size : int = ...,
+        mac_len : int = ...,
+        initial_value : Union[int, Buffer] = ...,
+        counter : Dict = ...) -> \
+        Union[EcbMode, CbcMode, CfbMode, OfbMode, CtrMode, OpenPgpMode]: ...
+
+block_size: int
+key_size: Tuple[int, int]

venv/lib/python3.7/site-packages/Crypto/Cipher/PKCS1_OAEP.py

@@ -0,0 +1,239 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/PKCS1_OAEP.py : PKCS#1 OAEP
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+from Crypto.Signature.pss import MGF1
+import Crypto.Hash.SHA1
+
+from Crypto.Util.py3compat import bord, _copy_bytes
+import Crypto.Util.number
+from   Crypto.Util.number import ceil_div, bytes_to_long, long_to_bytes
+from   Crypto.Util.strxor import strxor
+from Crypto import Random
+
+class PKCS1OAEP_Cipher:
+    """Cipher object for PKCS#1 v1.5 OAEP.
+    Do not create directly: use :func:`new` instead."""
+
+    def __init__(self, key, hashAlgo, mgfunc, label, randfunc):
+        """Initialize this PKCS#1 OAEP cipher object.
+
+        :Parameters:
+         key : an RSA key object
+                If a private half is given, both encryption and decryption are possible.
+                If a public half is given, only encryption is possible.
+         hashAlgo : hash object
+                The hash function to use. This can be a module under `Crypto.Hash`
+                or an existing hash object created from any of such modules. If not specified,
+                `Crypto.Hash.SHA1` is used.
+         mgfunc : callable
+                A mask generation function that accepts two parameters: a string to
+                use as seed, and the lenth of the mask to generate, in bytes.
+                If not specified, the standard MGF1 consistent with ``hashAlgo`` is used (a safe choice).
+         label : bytes/bytearray/memoryview
+                A label to apply to this particular encryption. If not specified,
+                an empty string is used. Specifying a label does not improve
+                security.
+         randfunc : callable
+                A function that returns random bytes.
+
+        :attention: Modify the mask generation function only if you know what you are doing.
+                    Sender and receiver must use the same one.
+        """
+        self._key = key
+
+        if hashAlgo:
+            self._hashObj = hashAlgo
+        else:
+            self._hashObj = Crypto.Hash.SHA1
+
+        if mgfunc:
+            self._mgf = mgfunc
+        else:
+            self._mgf = lambda x,y: MGF1(x,y,self._hashObj)
+
+        self._label = _copy_bytes(None, None, label)
+        self._randfunc = randfunc
+
+    def can_encrypt(self):
+        """Legacy function to check if you can call :meth:`encrypt`.
+
+        .. deprecated:: 3.0"""
+        return self._key.can_encrypt()
+
+    def can_decrypt(self):
+        """Legacy function to check if you can call :meth:`decrypt`.
+
+        .. deprecated:: 3.0"""
+        return self._key.can_decrypt()
+
+    def encrypt(self, message):
+        """Encrypt a message with PKCS#1 OAEP.
+
+        :param message:
+            The message to encrypt, also known as plaintext. It can be of
+            variable length, but not longer than the RSA modulus (in bytes)
+            minus 2, minus twice the hash output size.
+            For instance, if you use RSA 2048 and SHA-256, the longest message
+            you can encrypt is 190 byte long.
+        :type message: bytes/bytearray/memoryview
+
+        :returns: The ciphertext, as large as the RSA modulus.
+        :rtype: bytes
+
+        :raises ValueError:
+            if the message is too long.
+        """
+
+        # See 7.1.1 in RFC3447
+        modBits = Crypto.Util.number.size(self._key.n)
+        k = ceil_div(modBits, 8) # Convert from bits to bytes
+        hLen = self._hashObj.digest_size
+        mLen = len(message)
+
+        # Step 1b
+        ps_len = k - mLen - 2 * hLen - 2
+        if ps_len < 0:
+            raise ValueError("Plaintext is too long.")
+        # Step 2a
+        lHash = self._hashObj.new(self._label).digest()
+        # Step 2b
+        ps = b'\x00' * ps_len
+        # Step 2c
+        db = lHash + ps + b'\x01' + _copy_bytes(None, None, message)
+        # Step 2d
+        ros = self._randfunc(hLen)
+        # Step 2e
+        dbMask = self._mgf(ros, k-hLen-1)
+        # Step 2f
+        maskedDB = strxor(db, dbMask)
+        # Step 2g
+        seedMask = self._mgf(maskedDB, hLen)
+        # Step 2h
+        maskedSeed = strxor(ros, seedMask)
+        # Step 2i
+        em = b'\x00' + maskedSeed + maskedDB
+        # Step 3a (OS2IP)
+        em_int = bytes_to_long(em)
+        # Step 3b (RSAEP)
+        m_int = self._key._encrypt(em_int)
+        # Step 3c (I2OSP)
+        c = long_to_bytes(m_int, k)
+        return c
+
+    def decrypt(self, ciphertext):
+        """Decrypt a message with PKCS#1 OAEP.
+
+        :param ciphertext: The encrypted message.
+        :type ciphertext: bytes/bytearray/memoryview
+
+        :returns: The original message (plaintext).
+        :rtype: bytes
+
+        :raises ValueError:
+            if the ciphertext has the wrong length, or if decryption
+            fails the integrity check (in which case, the decryption
+            key is probably wrong).
+        :raises TypeError:
+            if the RSA key has no private half (i.e. you are trying
+            to decrypt using a public key).
+        """
+
+        # See 7.1.2 in RFC3447
+        modBits = Crypto.Util.number.size(self._key.n)
+        k = ceil_div(modBits,8) # Convert from bits to bytes
+        hLen = self._hashObj.digest_size
+
+        # Step 1b and 1c
+        if len(ciphertext) != k or k<hLen+2:
+            raise ValueError("Ciphertext with incorrect length.")
+        # Step 2a (O2SIP)
+        ct_int = bytes_to_long(ciphertext)
+        # Step 2b (RSADP)
+        m_int = self._key._decrypt(ct_int)
+        # Complete step 2c (I2OSP)
+        em = long_to_bytes(m_int, k)
+        # Step 3a
+        lHash = self._hashObj.new(self._label).digest()
+        # Step 3b
+        y = em[0]
+        # y must be 0, but we MUST NOT check it here in order not to
+        # allow attacks like Manger's (http://dl.acm.org/citation.cfm?id=704143)
+        maskedSeed = em[1:hLen+1]
+        maskedDB = em[hLen+1:]
+        # Step 3c
+        seedMask = self._mgf(maskedDB, hLen)
+        # Step 3d
+        seed = strxor(maskedSeed, seedMask)
+        # Step 3e
+        dbMask = self._mgf(seed, k-hLen-1)
+        # Step 3f
+        db = strxor(maskedDB, dbMask)
+        # Step 3g
+        one_pos = db[hLen:].find(b'\x01')
+        lHash1 = db[:hLen]
+        invalid = bord(y) | int(one_pos < 0)
+        hash_compare = strxor(lHash1, lHash)
+        for x in hash_compare:
+            invalid |= bord(x)
+        for x in db[hLen:one_pos]:
+            invalid |= bord(x)
+        if invalid != 0:
+            raise ValueError("Incorrect decryption.")
+        # Step 4
+        return db[hLen + one_pos + 1:]
+
+def new(key, hashAlgo=None, mgfunc=None, label=b'', randfunc=None):
+    """Return a cipher object :class:`PKCS1OAEP_Cipher` that can be used to perform PKCS#1 OAEP encryption or decryption.
+
+    :param key:
+      The key object to use to encrypt or decrypt the message.
+      Decryption is only possible with a private RSA key.
+    :type key: RSA key object
+
+    :param hashAlgo:
+      The hash function to use. This can be a module under `Crypto.Hash`
+      or an existing hash object created from any of such modules.
+      If not specified, `Crypto.Hash.SHA1` is used.
+    :type hashAlgo: hash object
+
+    :param mgfunc:
+      A mask generation function that accepts two parameters: a string to
+      use as seed, and the lenth of the mask to generate, in bytes.
+      If not specified, the standard MGF1 consistent with ``hashAlgo`` is used (a safe choice).
+    :type mgfunc: callable
+
+    :param label:
+      A label to apply to this particular encryption. If not specified,
+      an empty string is used. Specifying a label does not improve
+      security.
+    :type label: bytes/bytearray/memoryview
+
+    :param randfunc:
+      A function that returns random bytes.
+      The default is `Random.get_random_bytes`.
+    :type randfunc: callable
+    """
+
+    if randfunc is None:
+        randfunc = Random.get_random_bytes
+    return PKCS1OAEP_Cipher(key, hashAlgo, mgfunc, label, randfunc)
+

venv/lib/python3.7/site-packages/Crypto/Cipher/PKCS1_OAEP.pyi

@@ -0,0 +1,35 @@
+from typing import Optional, Union, Callable, Any, overload
+from typing_extensions import Protocol
+
+from Crypto.PublicKey.RSA import RsaKey
+
+class HashLikeClass(Protocol):
+    digest_size : int
+    def new(self, data: Optional[bytes] = ...) -> Any: ...
+
+class HashLikeModule(Protocol):
+    digest_size : int
+    @staticmethod
+    def new(data: Optional[bytes] = ...) -> Any: ...
+
+HashLike = Union[HashLikeClass, HashLikeModule]
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+class PKCS1OAEP_Cipher:
+    def __init__(self,
+                 key: RsaKey,
+                 hashAlgo: HashLike,
+                 mgfunc: Callable[[bytes, int], bytes],
+                 label: Buffer,
+                 randfunc: Callable[[int], bytes]) -> None: ...
+    def can_encrypt(self) -> bool: ...
+    def can_decrypt(self) -> bool: ...
+    def encrypt(self, message: Buffer) -> bytes: ...
+    def decrypt(self, ciphertext: Buffer) -> bytes: ...
+
+def new(key: RsaKey,
+        hashAlgo: Optional[HashLike] = ...,
+        mgfunc: Optional[Callable[[bytes, int], bytes]] = ...,
+        label: Optional[Buffer] = ...,
+        randfunc: Optional[Callable[[int], bytes]] = ...) -> PKCS1OAEP_Cipher: ...

venv/lib/python3.7/site-packages/Crypto/Cipher/PKCS1_v1_5.py

@@ -0,0 +1,199 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/PKCS1-v1_5.py : PKCS#1 v1.5
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+__all__ = [ 'new', 'PKCS115_Cipher' ]
+
+from Crypto.Util.number import ceil_div, bytes_to_long, long_to_bytes
+from Crypto.Util.py3compat import bord, _copy_bytes
+import Crypto.Util.number
+from Crypto import Random
+
+class PKCS115_Cipher:
+    """This cipher can perform PKCS#1 v1.5 RSA encryption or decryption.
+    Do not instantiate directly. Use :func:`Crypto.Cipher.PKCS1_v1_5.new` instead."""
+
+    def __init__(self, key, randfunc):
+        """Initialize this PKCS#1 v1.5 cipher object.
+
+        :Parameters:
+         key : an RSA key object
+          If a private half is given, both encryption and decryption are possible.
+          If a public half is given, only encryption is possible.
+         randfunc : callable
+          Function that returns random bytes.
+        """
+
+        self._key = key
+        self._randfunc = randfunc
+
+    def can_encrypt(self):
+        """Return True if this cipher object can be used for encryption."""
+        return self._key.can_encrypt()
+
+    def can_decrypt(self):
+        """Return True if this cipher object can be used for decryption."""
+        return self._key.can_decrypt()
+
+    def encrypt(self, message):
+        """Produce the PKCS#1 v1.5 encryption of a message.
+
+        This function is named ``RSAES-PKCS1-V1_5-ENCRYPT``, and it is specified in
+        `section 7.2.1 of RFC8017
+        <https://tools.ietf.org/html/rfc8017#page-28>`_.
+
+        :param message:
+            The message to encrypt, also known as plaintext. It can be of
+            variable length, but not longer than the RSA modulus (in bytes) minus 11.
+        :type message: bytes/bytearray/memoryview
+
+        :Returns: A byte string, the ciphertext in which the message is encrypted.
+            It is as long as the RSA modulus (in bytes).
+
+        :Raises ValueError:
+            If the RSA key length is not sufficiently long to deal with the given
+            message.
+        """
+
+        # See 7.2.1 in RFC8017
+        modBits = Crypto.Util.number.size(self._key.n)
+        k = ceil_div(modBits,8) # Convert from bits to bytes
+        mLen = len(message)
+
+        # Step 1
+        if mLen > k - 11:
+            raise ValueError("Plaintext is too long.")
+        # Step 2a
+        ps = []
+        while len(ps) != k - mLen - 3:
+            new_byte = self._randfunc(1)
+            if bord(new_byte[0]) == 0x00:
+                continue
+            ps.append(new_byte)
+        ps = b"".join(ps)
+        assert(len(ps) == k - mLen - 3)
+        # Step 2b
+        em = b'\x00\x02' + ps + b'\x00' + _copy_bytes(None, None, message)
+        # Step 3a (OS2IP)
+        em_int = bytes_to_long(em)
+        # Step 3b (RSAEP)
+        m_int = self._key._encrypt(em_int)
+        # Step 3c (I2OSP)
+        c = long_to_bytes(m_int, k)
+        return c
+
+    def decrypt(self, ciphertext, sentinel):
+        r"""Decrypt a PKCS#1 v1.5 ciphertext.
+
+        This function is named ``RSAES-PKCS1-V1_5-DECRYPT``, and is specified in
+        `section 7.2.2 of RFC8017
+        <https://tools.ietf.org/html/rfc8017#page-29>`_.
+
+        :param ciphertext:
+            The ciphertext that contains the message to recover.
+        :type ciphertext: bytes/bytearray/memoryview
+
+        :param sentinel:
+            The object to return whenever an error is detected.
+        :type sentinel: any type
+
+        :Returns: A byte string. It is either the original message or the ``sentinel`` (in case of an error).
+
+        :Raises ValueError:
+            If the ciphertext length is incorrect
+        :Raises TypeError:
+            If the RSA key has no private half (i.e. it cannot be used for
+            decyption).
+
+        .. warning::
+            You should **never** let the party who submitted the ciphertext know that
+            this function returned the ``sentinel`` value.
+            Armed with such knowledge (for a fair amount of carefully crafted but invalid ciphertexts),
+            an attacker is able to recontruct the plaintext of any other encryption that were carried out
+            with the same RSA public key (see `Bleichenbacher's`__ attack).
+
+            In general, it should not be possible for the other party to distinguish
+            whether processing at the server side failed because the value returned
+            was a ``sentinel`` as opposed to a random, invalid message.
+
+            In fact, the second option is not that unlikely: encryption done according to PKCS#1 v1.5
+            embeds no good integrity check. There is roughly one chance
+            in 2\ :sup:`16` for a random ciphertext to be returned as a valid message
+            (although random looking).
+
+            It is therefore advisabled to:
+
+            1. Select as ``sentinel`` a value that resembles a plausable random, invalid message.
+            2. Not report back an error as soon as you detect a ``sentinel`` value.
+               Put differently, you should not explicitly check if the returned value is the ``sentinel`` or not.
+            3. Cover all possible errors with a single, generic error indicator.
+            4. Embed into the definition of ``message`` (at the protocol level) a digest (e.g. ``SHA-1``).
+               It is recommended for it to be the rightmost part ``message``.
+            5. Where possible, monitor the number of errors due to ciphertexts originating from the same party,
+               and slow down the rate of the requests from such party (or even blacklist it altogether).
+
+            **If you are designing a new protocol, consider using the more robust PKCS#1 OAEP.**
+
+            .. __: http://www.bell-labs.com/user/bleichen/papers/pkcs.ps
+
+        """
+
+        # See 7.2.1 in RFC3447
+        modBits = Crypto.Util.number.size(self._key.n)
+        k = ceil_div(modBits,8) # Convert from bits to bytes
+
+        # Step 1
+        if len(ciphertext) != k:
+            raise ValueError("Ciphertext with incorrect length.")
+        # Step 2a (O2SIP)
+        ct_int = bytes_to_long(ciphertext)
+        # Step 2b (RSADP)
+        m_int = self._key._decrypt(ct_int)
+        # Complete step 2c (I2OSP)
+        em = long_to_bytes(m_int, k)
+        # Step 3
+        sep = em.find(b'\x00', 2)
+        if  not em.startswith(b'\x00\x02') or sep < 10:
+            return sentinel
+        # Step 4
+        return em[sep + 1:]
+
+
+def new(key, randfunc=None):
+    """Create a cipher for performing PKCS#1 v1.5 encryption or decryption.
+
+    :param key:
+      The key to use to encrypt or decrypt the message. This is a `Crypto.PublicKey.RSA` object.
+      Decryption is only possible if *key* is a private RSA key.
+    :type key: RSA key object
+
+    :param randfunc:
+      Function that return random bytes.
+      The default is :func:`Crypto.Random.get_random_bytes`.
+    :type randfunc: callable
+
+    :returns: A cipher object `PKCS115_Cipher`.
+    """
+
+    if randfunc is None:
+        randfunc = Random.get_random_bytes
+    return PKCS115_Cipher(key, randfunc)
+

venv/lib/python3.7/site-packages/Crypto/Cipher/PKCS1_v1_5.pyi

@@ -0,0 +1,17 @@
+from typing import Callable, Union, Any, Optional
+
+from Crypto.PublicKey.RSA import RsaKey
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+class PKCS115_Cipher:
+    def __init__(self,
+                 key: RsaKey,
+                 randfunc: Callable[[int], bytes]) -> None: ...
+    def can_encrypt(self) -> bool: ...
+    def can_decrypt(self) -> bool: ...
+    def encrypt(self, message: Buffer) -> bytes: ...
+    def decrypt(self, ciphertext: Buffer, sentinel: Buffer) -> bytes: ...
+
+def new(key: RsaKey,
+        randfunc: Optional[Callable[[int], bytes]] = ...) -> PKCS115_Cipher: ...

venv/lib/python3.7/site-packages/Crypto/Cipher/Salsa20.py

@@ -0,0 +1,167 @@
+# -*- coding: utf-8 -*-
+#
+# Cipher/Salsa20.py : Salsa20 stream cipher (http://cr.yp.to/snuffle.html)
+#
+# Contributed by Fabrizio Tarizzo <fabrizio@fabriziotarizzo.org>.
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+from Crypto.Util.py3compat import _copy_bytes
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
+                                  create_string_buffer,
+                                  get_raw_buffer, VoidPointer,
+                                  SmartPointer, c_size_t,
+                                  c_uint8_ptr, is_writeable_buffer)
+
+from Crypto.Random import get_random_bytes
+
+_raw_salsa20_lib = load_pycryptodome_raw_lib("Crypto.Cipher._Salsa20",
+                    """
+                    int Salsa20_stream_init(uint8_t *key, size_t keylen,
+                                            uint8_t *nonce, size_t nonce_len,
+                                            void **pSalsaState);
+                    int Salsa20_stream_destroy(void *salsaState);
+                    int Salsa20_stream_encrypt(void *salsaState,
+                                               const uint8_t in[],
+                                               uint8_t out[], size_t len);
+                    """)
+
+
+class Salsa20Cipher:
+    """Salsa20 cipher object. Do not create it directly. Use :py:func:`new`
+    instead.
+
+    :var nonce: The nonce with length 8
+    :vartype nonce: byte string
+    """
+
+    def __init__(self, key, nonce):
+        """Initialize a Salsa20 cipher object
+
+        See also `new()` at the module level."""
+
+        if len(key) not in key_size:
+            raise ValueError("Incorrect key length for Salsa20 (%d bytes)" % len(key))
+
+        if len(nonce) != 8:
+            raise ValueError("Incorrect nonce length for Salsa20 (%d bytes)" %
+                             len(nonce))
+
+        self.nonce = _copy_bytes(None, None, nonce)
+
+        self._state = VoidPointer()
+        result = _raw_salsa20_lib.Salsa20_stream_init(
+                        c_uint8_ptr(key),
+                        c_size_t(len(key)),
+                        c_uint8_ptr(nonce),
+                        c_size_t(len(nonce)),
+                        self._state.address_of())
+        if result:
+            raise ValueError("Error %d instantiating a Salsa20 cipher")
+        self._state = SmartPointer(self._state.get(),
+                                   _raw_salsa20_lib.Salsa20_stream_destroy)
+
+        self.block_size = 1
+        self.key_size = len(key)
+
+    def encrypt(self, plaintext, output=None):
+        """Encrypt a piece of data.
+
+        Args:
+          plaintext(bytes/bytearray/memoryview): The data to encrypt, of any size.
+        Keyword Args:
+          output(bytes/bytearray/memoryview): The location where the ciphertext
+            is written to. If ``None``, the ciphertext is returned.
+        Returns:
+          If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
+          Otherwise, ``None``.
+        """
+        
+        if output is None:
+            ciphertext = create_string_buffer(len(plaintext))
+        else:
+            ciphertext = output
+           
+            if not is_writeable_buffer(output):
+                raise TypeError("output must be a bytearray or a writeable memoryview")
+        
+            if len(plaintext) != len(output):
+                raise ValueError("output must have the same length as the input"
+                                 "  (%d bytes)" % len(plaintext))
+
+        result = _raw_salsa20_lib.Salsa20_stream_encrypt(
+                                         self._state.get(),
+                                         c_uint8_ptr(plaintext),
+                                         c_uint8_ptr(ciphertext),
+                                         c_size_t(len(plaintext)))
+        if result:
+            raise ValueError("Error %d while encrypting with Salsa20" % result)
+
+        if output is None:
+            return get_raw_buffer(ciphertext)
+        else:
+            return None
+
+    def decrypt(self, ciphertext, output=None):
+        """Decrypt a piece of data.
+        
+        Args:
+          ciphertext(bytes/bytearray/memoryview): The data to decrypt, of any size.
+        Keyword Args:
+          output(bytes/bytearray/memoryview): The location where the plaintext
+            is written to. If ``None``, the plaintext is returned.
+        Returns:
+          If ``output`` is ``None``, the plaintext is returned as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        try:
+            return self.encrypt(ciphertext, output=output)
+        except ValueError as e:
+            raise ValueError(str(e).replace("enc", "dec"))
+
+
+def new(key, nonce=None):
+    """Create a new Salsa20 cipher
+
+    :keyword key: The secret key to use. It must be 16 or 32 bytes long.
+    :type key: bytes/bytearray/memoryview
+
+    :keyword nonce:
+        A value that must never be reused for any other encryption
+        done with this key. It must be 8 bytes long.
+
+        If not provided, a random byte string will be generated (you can read
+        it back via the ``nonce`` attribute of the returned object).
+    :type nonce: bytes/bytearray/memoryview
+
+    :Return: a :class:`Crypto.Cipher.Salsa20.Salsa20Cipher` object
+    """
+
+    if nonce is None:
+        nonce = get_random_bytes(8)
+
+    return Salsa20Cipher(key, nonce)
+
+# Size of a data block (in bytes)
+block_size = 1
+
+# Size of a key (in bytes)
+key_size = (16, 32)
+

venv/lib/python3.7/site-packages/Crypto/Cipher/Salsa20.pyi

@@ -0,0 +1,27 @@
+from typing import Union, Tuple, Optional, overload
+
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+class Salsa20Cipher:
+    nonce: bytes
+    block_size: int
+    key_size: int
+
+    def __init__(self,
+                 key: Buffer,
+                 nonce: Buffer) -> None: ...
+    @overload
+    def encrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+    @overload
+    def decrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+
+def new(key: Buffer, nonce: Optional[Buffer] = ...) -> Salsa20Cipher: ...
+
+block_size: int
+key_size: Tuple[int, int]
+

venv/lib/python3.7/site-packages/Crypto/Cipher/_EKSBlowfish.py

@@ -0,0 +1,131 @@
+# ===================================================================
+#
+# Copyright (c) 2019, Legrandin <helderijs@gmail.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# ===================================================================
+
+import sys
+
+from Crypto.Cipher import _create_cipher
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
+                                  VoidPointer, SmartPointer, c_size_t,
+                                  c_uint8_ptr, c_uint)
+
+_raw_blowfish_lib = load_pycryptodome_raw_lib(
+        "Crypto.Cipher._raw_eksblowfish",
+        """
+        int EKSBlowfish_start_operation(const uint8_t key[],
+                                        size_t key_len,
+                                        const uint8_t salt[16],
+                                        size_t salt_len,
+                                        unsigned cost,
+                                        unsigned invert,
+                                        void **pResult);
+        int EKSBlowfish_encrypt(const void *state,
+                                const uint8_t *in,
+                                uint8_t *out,
+                                size_t data_len);
+        int EKSBlowfish_decrypt(const void *state,
+                                const uint8_t *in,
+                                uint8_t *out,
+                                size_t data_len);
+        int EKSBlowfish_stop_operation(void *state);
+        """
+        )
+
+
+def _create_base_cipher(dict_parameters):
+    """This method instantiates and returns a smart pointer to
+    a low-level base cipher. It will absorb named parameters in
+    the process."""
+
+    try:
+        key = dict_parameters.pop("key")
+        salt = dict_parameters.pop("salt")
+        cost = dict_parameters.pop("cost")
+    except KeyError as e:
+        raise TypeError("Missing EKSBlowfish parameter: " + str(e))
+    invert = dict_parameters.pop("invert", True)
+
+    if len(key) not in key_size:
+        raise ValueError("Incorrect EKSBlowfish key length (%d bytes)" % len(key))
+
+    start_operation = _raw_blowfish_lib.EKSBlowfish_start_operation
+    stop_operation = _raw_blowfish_lib.EKSBlowfish_stop_operation
+
+    void_p = VoidPointer()
+    result = start_operation(c_uint8_ptr(key),
+                             c_size_t(len(key)),
+                             c_uint8_ptr(salt),
+                             c_size_t(len(salt)),
+                             c_uint(cost),
+                             c_uint(int(invert)),
+                             void_p.address_of())
+    if result:
+        raise ValueError("Error %X while instantiating the EKSBlowfish cipher"
+                         % result)
+    return SmartPointer(void_p.get(), stop_operation)
+
+
+def new(key, mode, salt, cost, invert):
+    """Create a new EKSBlowfish cipher
+    
+    Args:
+
+      key (bytes, bytearray, memoryview):
+        The secret key to use in the symmetric cipher.
+        Its length can vary from 0 to 72 bytes.
+
+      mode (one of the supported ``MODE_*`` constants):
+        The chaining mode to use for encryption or decryption.
+
+      salt (bytes, bytearray, memoryview):
+        The salt that bcrypt uses to thwart rainbow table attacks
+
+      cost (integer):
+        The complexity factor in bcrypt
+
+      invert (bool):
+        If ``False``, in the inner loop use ``ExpandKey`` first over the salt
+        and then over the key, as defined in
+        the `original bcrypt specification <https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node4.html>`_.
+        If ``True``, reverse the order, as in the first implementation of
+        `bcrypt` in OpenBSD.
+
+    :Return: an EKSBlowfish object
+    """
+
+    kwargs = { 'salt':salt, 'cost':cost, 'invert':invert }
+    return _create_cipher(sys.modules[__name__], key, mode, **kwargs)
+
+
+MODE_ECB = 1
+
+# Size of a data block (in bytes)
+block_size = 8
+# Size of a key (in bytes)
+key_size = range(0, 72 + 1)

venv/lib/python3.7/site-packages/Crypto/Cipher/_EKSBlowfish.pyi

@@ -0,0 +1,15 @@
+from typing import Union, Iterable
+
+from Crypto.Cipher._mode_ecb import EcbMode
+
+MODE_ECB: int
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+def new(key: Buffer,
+        mode: int,
+	salt: Buffer,
+	cost: int) -> EcbMode: ...
+
+block_size: int
+key_size: Iterable[int]

venv/lib/python3.7/site-packages/Crypto/Cipher/__init__.py

@@ -0,0 +1,79 @@
+#
+# A block cipher is instantiated as a combination of:
+# 1. A base cipher (such as AES)
+# 2. A mode of operation (such as CBC)
+#
+# Both items are implemented as C modules.
+#
+# The API of #1 is (replace "AES" with the name of the actual cipher):
+# - AES_start_operaion(key) --> base_cipher_state
+# - AES_encrypt(base_cipher_state, in, out, length)
+# - AES_decrypt(base_cipher_state, in, out, length)
+# - AES_stop_operation(base_cipher_state)
+#
+# Where base_cipher_state is AES_State, a struct with BlockBase (set of
+# pointers to encrypt/decrypt/stop) followed by cipher-specific data.
+#
+# The API of #2 is (replace "CBC" with the name of the actual mode):
+# - CBC_start_operation(base_cipher_state) --> mode_state
+# - CBC_encrypt(mode_state, in, out, length)
+# - CBC_decrypt(mode_state, in, out, length)
+# - CBC_stop_operation(mode_state)
+#
+# where mode_state is a a pointer to base_cipher_state plus mode-specific data.
+
+import os
+
+from Crypto.Cipher._mode_ecb import _create_ecb_cipher
+from Crypto.Cipher._mode_cbc import _create_cbc_cipher
+from Crypto.Cipher._mode_cfb import _create_cfb_cipher
+from Crypto.Cipher._mode_ofb import _create_ofb_cipher
+from Crypto.Cipher._mode_ctr import _create_ctr_cipher
+from Crypto.Cipher._mode_openpgp import _create_openpgp_cipher
+from Crypto.Cipher._mode_ccm import _create_ccm_cipher
+from Crypto.Cipher._mode_eax import _create_eax_cipher
+from Crypto.Cipher._mode_siv import _create_siv_cipher
+from Crypto.Cipher._mode_gcm import _create_gcm_cipher
+from Crypto.Cipher._mode_ocb import _create_ocb_cipher
+
+_modes = { 1:_create_ecb_cipher,
+           2:_create_cbc_cipher,
+           3:_create_cfb_cipher,
+           5:_create_ofb_cipher,
+           6:_create_ctr_cipher,
+           7:_create_openpgp_cipher,
+           9:_create_eax_cipher
+           }
+
+_extra_modes = { 8:_create_ccm_cipher,
+                10:_create_siv_cipher,
+                11:_create_gcm_cipher,
+                12:_create_ocb_cipher
+                }
+
+def _create_cipher(factory, key, mode, *args, **kwargs):
+
+    kwargs["key"] = key
+
+    modes = dict(_modes)
+    if kwargs.pop("add_aes_modes", False):
+        modes.update(_extra_modes)
+    if not mode in modes:
+        raise ValueError("Mode not supported")
+
+    if args:
+        if mode in (8, 9, 10, 11, 12):
+            if len(args) > 1:
+                raise TypeError("Too many arguments for this mode")
+            kwargs["nonce"] = args[0]
+        elif mode in (2, 3, 5, 7):
+            if len(args) > 1:
+                raise TypeError("Too many arguments for this mode")
+            kwargs["IV"] = args[0]
+        elif mode == 6:
+            if len(args) > 0:
+                raise TypeError("Too many arguments for this mode")
+        elif mode == 1:
+            raise TypeError("IV is not meaningful for the ECB mode")
+
+    return modes[mode](factory, **kwargs)

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_cbc.py

@@ -0,0 +1,293 @@
+# ===================================================================
+#
+# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# ===================================================================
+
+"""
+Ciphertext Block Chaining (CBC) mode.
+"""
+
+__all__ = ['CbcMode']
+
+from Crypto.Util.py3compat import _copy_bytes
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer,
+                                  create_string_buffer, get_raw_buffer,
+                                  SmartPointer, c_size_t, c_uint8_ptr,
+                                  is_writeable_buffer)
+
+from Crypto.Random import get_random_bytes
+
+raw_cbc_lib = load_pycryptodome_raw_lib("Crypto.Cipher._raw_cbc", """
+                int CBC_start_operation(void *cipher,
+                                        const uint8_t iv[],
+                                        size_t iv_len,
+                                        void **pResult);
+                int CBC_encrypt(void *cbcState,
+                                const uint8_t *in,
+                                uint8_t *out,
+                                size_t data_len);
+                int CBC_decrypt(void *cbcState,
+                                const uint8_t *in,
+                                uint8_t *out,
+                                size_t data_len);
+                int CBC_stop_operation(void *state);
+                """
+                )
+
+
+class CbcMode(object):
+    """*Cipher-Block Chaining (CBC)*.
+
+    Each of the ciphertext blocks depends on the current
+    and all previous plaintext blocks.
+
+    An Initialization Vector (*IV*) is required.
+
+    See `NIST SP800-38A`_ , Section 6.2 .
+
+    .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+
+    :undocumented: __init__
+    """
+
+    def __init__(self, block_cipher, iv):
+        """Create a new block cipher, configured in CBC mode.
+
+        :Parameters:
+          block_cipher : C pointer
+            A smart pointer to the low-level block cipher instance.
+
+          iv : bytes/bytearray/memoryview
+            The initialization vector to use for encryption or decryption.
+            It is as long as the cipher block.
+
+            **The IV must be unpredictable**. Ideally it is picked randomly.
+
+            Reusing the *IV* for encryptions performed with the same key
+            compromises confidentiality.
+        """
+
+        self._state = VoidPointer()
+        result = raw_cbc_lib.CBC_start_operation(block_cipher.get(),
+                                                 c_uint8_ptr(iv),
+                                                 c_size_t(len(iv)),
+                                                 self._state.address_of())
+        if result:
+            raise ValueError("Error %d while instantiating the CBC mode"
+                             % result)
+
+        # Ensure that object disposal of this Python object will (eventually)
+        # free the memory allocated by the raw library for the cipher mode
+        self._state = SmartPointer(self._state.get(),
+                                   raw_cbc_lib.CBC_stop_operation)
+
+        # Memory allocated for the underlying block cipher is now owed
+        # by the cipher mode
+        block_cipher.release()
+
+        self.block_size = len(iv)
+        """The block size of the underlying cipher, in bytes."""
+
+        self.iv = _copy_bytes(None, None, iv)
+        """The Initialization Vector originally used to create the object.
+        The value does not change."""
+
+        self.IV = self.iv
+        """Alias for `iv`"""
+
+        self._next = [ self.encrypt, self.decrypt ]
+
+    def encrypt(self, plaintext, output=None):
+        """Encrypt data with the key and the parameters set at initialization.
+
+        A cipher object is stateful: once you have encrypted a message
+        you cannot encrypt (or decrypt) another message using the same
+        object.
+
+        The data to encrypt can be broken up in two or
+        more pieces and `encrypt` can be called multiple times.
+
+        That is, the statement:
+
+            >>> c.encrypt(a) + c.encrypt(b)
+
+        is equivalent to:
+
+             >>> c.encrypt(a+b)
+
+        That also means that you cannot reuse an object for encrypting
+        or decrypting other data with the same key.
+
+        This function does not add any padding to the plaintext.
+
+        :Parameters:
+          plaintext : bytes/bytearray/memoryview
+            The piece of data to encrypt.
+            Its lenght must be multiple of the cipher block size.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the ciphertext must be written to.
+            If ``None``, the ciphertext is returned.
+        :Return:
+          If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.encrypt not in self._next:
+            raise TypeError("encrypt() cannot be called after decrypt()")
+        self._next = [ self.encrypt ]
+        
+        if output is None:
+            ciphertext = create_string_buffer(len(plaintext))
+        else:
+            ciphertext = output
+            
+            if not is_writeable_buffer(output):
+                raise TypeError("output must be a bytearray or a writeable memoryview")
+        
+            if len(plaintext) != len(output):
+                raise ValueError("output must have the same length as the input"
+                                 "  (%d bytes)" % len(plaintext))
+
+        result = raw_cbc_lib.CBC_encrypt(self._state.get(),
+                                         c_uint8_ptr(plaintext),
+                                         c_uint8_ptr(ciphertext),
+                                         c_size_t(len(plaintext)))
+        if result:
+            if result == 3:
+                raise ValueError("Data must be padded to %d byte boundary in CBC mode" % self.block_size)
+            raise ValueError("Error %d while encrypting in CBC mode" % result)
+
+        if output is None:
+            return get_raw_buffer(ciphertext)
+        else:
+            return None
+
+    def decrypt(self, ciphertext, output=None):
+        """Decrypt data with the key and the parameters set at initialization.
+
+        A cipher object is stateful: once you have decrypted a message
+        you cannot decrypt (or encrypt) another message with the same
+        object.
+
+        The data to decrypt can be broken up in two or
+        more pieces and `decrypt` can be called multiple times.
+
+        That is, the statement:
+
+            >>> c.decrypt(a) + c.decrypt(b)
+
+        is equivalent to:
+
+             >>> c.decrypt(a+b)
+
+        This function does not remove any padding from the plaintext.
+
+        :Parameters:
+          ciphertext : bytes/bytearray/memoryview
+            The piece of data to decrypt.
+            Its length must be multiple of the cipher block size.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the plaintext must be written to.
+            If ``None``, the plaintext is returned.
+        :Return:
+          If ``output`` is ``None``, the plaintext is returned as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.decrypt not in self._next:
+            raise TypeError("decrypt() cannot be called after encrypt()")
+        self._next = [ self.decrypt ]
+        
+        if output is None:
+            plaintext = create_string_buffer(len(ciphertext))
+        else:
+            plaintext = output
+
+            if not is_writeable_buffer(output):
+                raise TypeError("output must be a bytearray or a writeable memoryview")
+            
+            if len(ciphertext) != len(output):
+                raise ValueError("output must have the same length as the input"
+                                 "  (%d bytes)" % len(plaintext))
+
+        result = raw_cbc_lib.CBC_decrypt(self._state.get(),
+                                         c_uint8_ptr(ciphertext),
+                                         c_uint8_ptr(plaintext),
+                                         c_size_t(len(ciphertext)))
+        if result:
+            if result == 3:
+                raise ValueError("Data must be padded to %d byte boundary in CBC mode" % self.block_size)
+            raise ValueError("Error %d while decrypting in CBC mode" % result)
+
+        if output is None:
+            return get_raw_buffer(plaintext)
+        else:
+            return None
+
+
+def _create_cbc_cipher(factory, **kwargs):
+    """Instantiate a cipher object that performs CBC encryption/decryption.
+
+    :Parameters:
+      factory : module
+        The underlying block cipher, a module from ``Crypto.Cipher``.
+
+    :Keywords:
+      iv : bytes/bytearray/memoryview
+        The IV to use for CBC.
+
+      IV : bytes/bytearray/memoryview
+        Alias for ``iv``.
+
+    Any other keyword will be passed to the underlying block cipher.
+    See the relevant documentation for details (at least ``key`` will need
+    to be present).
+    """
+
+    cipher_state = factory._create_base_cipher(kwargs)
+    iv = kwargs.pop("IV", None)
+    IV = kwargs.pop("iv", None)
+
+    if (None, None) == (iv, IV):
+        iv = get_random_bytes(factory.block_size)
+    if iv is not None:
+        if IV is not None:
+            raise TypeError("You must either use 'iv' or 'IV', not both")
+    else:
+        iv = IV
+
+    if len(iv) != factory.block_size:
+        raise ValueError("Incorrect IV length (it must be %d bytes long)" %
+                factory.block_size)
+
+    if kwargs:
+        raise TypeError("Unknown parameters for CBC: %s" % str(kwargs))
+
+    return CbcMode(cipher_state, iv)

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_cbc.pyi

@@ -0,0 +1,25 @@
+from typing import Union, overload
+
+from Crypto.Util._raw_api import SmartPointer
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+__all__ = ['CbcMode']
+
+class CbcMode(object):
+    block_size: int
+    iv: Buffer
+    IV: Buffer
+
+    def __init__(self,
+                 block_cipher: SmartPointer,
+                 iv: Buffer) -> None: ...
+    @overload
+    def encrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+    @overload
+    def decrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_ccm.py

@@ -0,0 +1,650 @@
+# ===================================================================
+#
+# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# ===================================================================
+
+"""
+Counter with CBC-MAC (CCM) mode.
+"""
+
+__all__ = ['CcmMode']
+
+import struct
+from binascii import unhexlify
+
+from Crypto.Util.py3compat import (byte_string, bord,
+                                   _copy_bytes)
+from Crypto.Util._raw_api import is_writeable_buffer
+
+from Crypto.Util.strxor import strxor
+from Crypto.Util.number import long_to_bytes
+
+from Crypto.Hash import BLAKE2s
+from Crypto.Random import get_random_bytes
+
+
+def enum(**enums):
+    return type('Enum', (), enums)
+
+MacStatus = enum(NOT_STARTED=0, PROCESSING_AUTH_DATA=1, PROCESSING_PLAINTEXT=2)
+
+
+class CcmMode(object):
+    """Counter with CBC-MAC (CCM).
+
+    This is an Authenticated Encryption with Associated Data (`AEAD`_) mode.
+    It provides both confidentiality and authenticity.
+
+    The header of the message may be left in the clear, if needed, and it will
+    still be subject to authentication. The decryption step tells the receiver
+    if the message comes from a source that really knowns the secret key.
+    Additionally, decryption detects if any part of the message - including the
+    header - has been modified or corrupted.
+
+    This mode requires a nonce. The nonce shall never repeat for two
+    different messages encrypted with the same key, but it does not need
+    to be random.
+    Note that there is a trade-off between the size of the nonce and the
+    maximum size of a single message you can encrypt.
+
+    It is important to use a large nonce if the key is reused across several
+    messages and the nonce is chosen randomly.
+
+    It is acceptable to us a short nonce if the key is only used a few times or
+    if the nonce is taken from a counter.
+
+    The following table shows the trade-off when the nonce is chosen at
+    random. The column on the left shows how many messages it takes
+    for the keystream to repeat **on average**. In practice, you will want to
+    stop using the key way before that.
+
+    +--------------------+---------------+-------------------+
+    | Avg. # of messages |    nonce      |     Max. message  |
+    | before keystream   |    size       |     size          |
+    | repeats            |    (bytes)    |     (bytes)       |
+    +====================+===============+===================+
+    |       2^52         |      13       |        64K        |
+    +--------------------+---------------+-------------------+
+    |       2^48         |      12       |        16M        |
+    +--------------------+---------------+-------------------+
+    |       2^44         |      11       |         4G        |
+    +--------------------+---------------+-------------------+
+    |       2^40         |      10       |         1T        |
+    +--------------------+---------------+-------------------+
+    |       2^36         |       9       |        64P        |
+    +--------------------+---------------+-------------------+
+    |       2^32         |       8       |        16E        |
+    +--------------------+---------------+-------------------+
+
+    This mode is only available for ciphers that operate on 128 bits blocks
+    (e.g. AES but not TDES).
+
+    See `NIST SP800-38C`_ or RFC3610_.
+
+    .. _`NIST SP800-38C`: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
+    .. _RFC3610: https://tools.ietf.org/html/rfc3610
+    .. _AEAD: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
+
+    :undocumented: __init__
+    """
+
+    def __init__(self, factory, key, nonce, mac_len, msg_len, assoc_len,
+                 cipher_params):
+
+        self.block_size = factory.block_size
+        """The block size of the underlying cipher, in bytes."""
+
+        self.nonce = _copy_bytes(None, None, nonce)
+        """The nonce used for this cipher instance"""
+
+        self._factory = factory
+        self._key = _copy_bytes(None, None, key)
+        self._mac_len = mac_len
+        self._msg_len = msg_len
+        self._assoc_len = assoc_len
+        self._cipher_params = cipher_params
+
+        self._mac_tag = None  # Cache for MAC tag
+
+        if self.block_size != 16:
+            raise ValueError("CCM mode is only available for ciphers"
+                             " that operate on 128 bits blocks")
+
+        # MAC tag length (Tlen)
+        if mac_len not in (4, 6, 8, 10, 12, 14, 16):
+            raise ValueError("Parameter 'mac_len' must be even"
+                             " and in the range 4..16 (not %d)" % mac_len)
+
+        # Nonce value
+        if not (nonce and 7 <= len(nonce) <= 13):
+            raise ValueError("Length of parameter 'nonce' must be"
+                             " in the range 7..13 bytes")
+
+        # Create MAC object (the tag will be the last block
+        # bytes worth of ciphertext)
+        self._mac = self._factory.new(key,
+                                      factory.MODE_CBC,
+                                      iv=b'\x00' * 16,
+                                      **cipher_params)
+        self._mac_status = MacStatus.NOT_STARTED
+        self._t = None
+
+        # Allowed transitions after initialization
+        self._next = [self.update, self.encrypt, self.decrypt,
+                      self.digest, self.verify]
+
+        # Cumulative lengths
+        self._cumul_assoc_len = 0
+        self._cumul_msg_len = 0
+
+        # Cache for unaligned associated data/plaintext.
+        # This is a list with byte strings, but when the MAC starts,
+        # it will become a binary string no longer than the block size.
+        self._cache = []
+
+        # Start CTR cipher, by formatting the counter (A.3)
+        q = 15 - len(nonce)  # length of Q, the encoded message length
+        self._cipher = self._factory.new(key,
+                                         self._factory.MODE_CTR,
+                                         nonce=struct.pack("B", q - 1) + self.nonce,
+                                         **cipher_params)
+
+        # S_0, step 6 in 6.1 for j=0
+        self._s_0 = self._cipher.encrypt(b'\x00' * 16)
+
+        # Try to start the MAC
+        if None not in (assoc_len, msg_len):
+            self._start_mac()
+
+    def _start_mac(self):
+
+        assert(self._mac_status == MacStatus.NOT_STARTED)
+        assert(None not in (self._assoc_len, self._msg_len))
+        assert(isinstance(self._cache, list))
+
+        # Formatting control information and nonce (A.2.1)
+        q = 15 - len(self.nonce)  # length of Q, the encoded message length
+        flags = (64 * (self._assoc_len > 0) + 8 * ((self._mac_len - 2) // 2) +
+                 (q - 1))
+        b_0 = struct.pack("B", flags) + self.nonce + long_to_bytes(self._msg_len, q)
+
+        # Formatting associated data (A.2.2)
+        # Encoded 'a' is concatenated with the associated data 'A'
+        assoc_len_encoded = b''
+        if self._assoc_len > 0:
+            if self._assoc_len < (2 ** 16 - 2 ** 8):
+                enc_size = 2
+            elif self._assoc_len < (2 ** 32):
+                assoc_len_encoded = b'\xFF\xFE'
+                enc_size = 4
+            else:
+                assoc_len_encoded = b'\xFF\xFF'
+                enc_size = 8
+            assoc_len_encoded += long_to_bytes(self._assoc_len, enc_size)
+
+        # b_0 and assoc_len_encoded must be processed first
+        self._cache.insert(0, b_0)
+        self._cache.insert(1, assoc_len_encoded)
+
+        # Process all the data cached so far
+        first_data_to_mac = b"".join(self._cache)
+        self._cache = b""
+        self._mac_status = MacStatus.PROCESSING_AUTH_DATA
+        self._update(first_data_to_mac)
+
+    def _pad_cache_and_update(self):
+
+        assert(self._mac_status != MacStatus.NOT_STARTED)
+        assert(len(self._cache) < self.block_size)
+
+        # Associated data is concatenated with the least number
+        # of zero bytes (possibly none) to reach alignment to
+        # the 16 byte boundary (A.2.3)
+        len_cache = len(self._cache)
+        if len_cache > 0:
+            self._update(b'\x00' * (self.block_size - len_cache))
+
+    def update(self, assoc_data):
+        """Protect associated data
+
+        If there is any associated data, the caller has to invoke
+        this function one or more times, before using
+        ``decrypt`` or ``encrypt``.
+
+        By *associated data* it is meant any data (e.g. packet headers) that
+        will not be encrypted and will be transmitted in the clear.
+        However, the receiver is still able to detect any modification to it.
+        In CCM, the *associated data* is also called
+        *additional authenticated data* (AAD).
+
+        If there is no associated data, this method must not be called.
+
+        The caller may split associated data in segments of any size, and
+        invoke this method multiple times, each time with the next segment.
+
+        :Parameters:
+          assoc_data : bytes/bytearray/memoryview
+            A piece of associated data. There are no restrictions on its size.
+        """
+
+        if self.update not in self._next:
+            raise TypeError("update() can only be called"
+                            " immediately after initialization")
+
+        self._next = [self.update, self.encrypt, self.decrypt,
+                      self.digest, self.verify]
+
+        self._cumul_assoc_len += len(assoc_data)
+        if self._assoc_len is not None and \
+           self._cumul_assoc_len > self._assoc_len:
+            raise ValueError("Associated data is too long")
+
+        self._update(assoc_data)
+        return self
+
+    def _update(self, assoc_data_pt=b""):
+        """Update the MAC with associated data or plaintext
+           (without FSM checks)"""
+
+        # If MAC has not started yet, we just park the data into a list.
+        # If the data is mutable, we create a copy and store that instead.
+        if self._mac_status == MacStatus.NOT_STARTED:
+            if is_writeable_buffer(assoc_data_pt):
+                assoc_data_pt = _copy_bytes(None, None, assoc_data_pt)
+            self._cache.append(assoc_data_pt)
+            return
+
+        assert(len(self._cache) < self.block_size)
+
+        if len(self._cache) > 0:
+            filler = min(self.block_size - len(self._cache),
+                         len(assoc_data_pt))
+            self._cache += _copy_bytes(None, filler, assoc_data_pt)
+            assoc_data_pt = _copy_bytes(filler, None, assoc_data_pt)
+
+            if len(self._cache) < self.block_size:
+                return
+
+            # The cache is exactly one block
+            self._t = self._mac.encrypt(self._cache)
+            self._cache = b""
+
+        update_len = len(assoc_data_pt) // self.block_size * self.block_size
+        self._cache = _copy_bytes(update_len, None, assoc_data_pt)
+        if update_len > 0:
+            self._t = self._mac.encrypt(assoc_data_pt[:update_len])[-16:]
+
+    def encrypt(self, plaintext, output=None):
+        """Encrypt data with the key set at initialization.
+
+        A cipher object is stateful: once you have encrypted a message
+        you cannot encrypt (or decrypt) another message using the same
+        object.
+
+        This method can be called only **once** if ``msg_len`` was
+        not passed at initialization.
+
+        If ``msg_len`` was given, the data to encrypt can be broken
+        up in two or more pieces and `encrypt` can be called
+        multiple times.
+
+        That is, the statement:
+
+            >>> c.encrypt(a) + c.encrypt(b)
+
+        is equivalent to:
+
+             >>> c.encrypt(a+b)
+
+        This function does not add any padding to the plaintext.
+
+        :Parameters:
+          plaintext : bytes/bytearray/memoryview
+            The piece of data to encrypt.
+            It can be of any length.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the ciphertext must be written to.
+            If ``None``, the ciphertext is returned.
+        :Return:
+          If ``output`` is ``None``, the ciphertext as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.encrypt not in self._next:
+            raise TypeError("encrypt() can only be called after"
+                            " initialization or an update()")
+        self._next = [self.encrypt, self.digest]
+
+        # No more associated data allowed from now
+        if self._assoc_len is None:
+            assert(isinstance(self._cache, list))
+            self._assoc_len = sum([len(x) for x in self._cache])
+            if self._msg_len is not None:
+                self._start_mac()
+        else:
+            if self._cumul_assoc_len < self._assoc_len:
+                raise ValueError("Associated data is too short")
+
+        # Only once piece of plaintext accepted if message length was
+        # not declared in advance
+        if self._msg_len is None:
+            self._msg_len = len(plaintext)
+            self._start_mac()
+            self._next = [self.digest]
+
+        self._cumul_msg_len += len(plaintext)
+        if self._cumul_msg_len > self._msg_len:
+            raise ValueError("Message is too long")
+
+        if self._mac_status == MacStatus.PROCESSING_AUTH_DATA:
+            # Associated data is concatenated with the least number
+            # of zero bytes (possibly none) to reach alignment to
+            # the 16 byte boundary (A.2.3)
+            self._pad_cache_and_update()
+            self._mac_status = MacStatus.PROCESSING_PLAINTEXT
+
+        self._update(plaintext)
+        return self._cipher.encrypt(plaintext, output=output)
+
+    def decrypt(self, ciphertext, output=None):
+        """Decrypt data with the key set at initialization.
+
+        A cipher object is stateful: once you have decrypted a message
+        you cannot decrypt (or encrypt) another message with the same
+        object.
+
+        This method can be called only **once** if ``msg_len`` was
+        not passed at initialization.
+
+        If ``msg_len`` was given, the data to decrypt can be
+        broken up in two or more pieces and `decrypt` can be
+        called multiple times.
+
+        That is, the statement:
+
+            >>> c.decrypt(a) + c.decrypt(b)
+
+        is equivalent to:
+
+             >>> c.decrypt(a+b)
+
+        This function does not remove any padding from the plaintext.
+
+        :Parameters:
+          ciphertext : bytes/bytearray/memoryview
+            The piece of data to decrypt.
+            It can be of any length.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the plaintext must be written to.
+            If ``None``, the plaintext is returned.
+        :Return:
+          If ``output`` is ``None``, the plaintext as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.decrypt not in self._next:
+            raise TypeError("decrypt() can only be called"
+                            " after initialization or an update()")
+        self._next = [self.decrypt, self.verify]
+
+        # No more associated data allowed from now
+        if self._assoc_len is None:
+            assert(isinstance(self._cache, list))
+            self._assoc_len = sum([len(x) for x in self._cache])
+            if self._msg_len is not None:
+                self._start_mac()
+        else:
+            if self._cumul_assoc_len < self._assoc_len:
+                raise ValueError("Associated data is too short")
+
+        # Only once piece of ciphertext accepted if message length was
+        # not declared in advance
+        if self._msg_len is None:
+            self._msg_len = len(ciphertext)
+            self._start_mac()
+            self._next = [self.verify]
+
+        self._cumul_msg_len += len(ciphertext)
+        if self._cumul_msg_len > self._msg_len:
+            raise ValueError("Message is too long")
+
+        if self._mac_status == MacStatus.PROCESSING_AUTH_DATA:
+            # Associated data is concatenated with the least number
+            # of zero bytes (possibly none) to reach alignment to
+            # the 16 byte boundary (A.2.3)
+            self._pad_cache_and_update()
+            self._mac_status = MacStatus.PROCESSING_PLAINTEXT
+
+        # Encrypt is equivalent to decrypt with the CTR mode
+        plaintext = self._cipher.encrypt(ciphertext, output=output)
+        if output is None:
+            self._update(plaintext)
+        else:
+            self._update(output)
+        return plaintext
+
+    def digest(self):
+        """Compute the *binary* MAC tag.
+
+        The caller invokes this function at the very end.
+
+        This method returns the MAC that shall be sent to the receiver,
+        together with the ciphertext.
+
+        :Return: the MAC, as a byte string.
+        """
+
+        if self.digest not in self._next:
+            raise TypeError("digest() cannot be called when decrypting"
+                            " or validating a message")
+        self._next = [self.digest]
+        return self._digest()
+
+    def _digest(self):
+        if self._mac_tag:
+            return self._mac_tag
+
+        if self._assoc_len is None:
+            assert(isinstance(self._cache, list))
+            self._assoc_len = sum([len(x) for x in self._cache])
+            if self._msg_len is not None:
+                self._start_mac()
+        else:
+            if self._cumul_assoc_len < self._assoc_len:
+                raise ValueError("Associated data is too short")
+
+        if self._msg_len is None:
+            self._msg_len = 0
+            self._start_mac()
+
+        if self._cumul_msg_len != self._msg_len:
+            raise ValueError("Message is too short")
+
+        # Both associated data and payload are concatenated with the least
+        # number of zero bytes (possibly none) that align it to the
+        # 16 byte boundary (A.2.2 and A.2.3)
+        self._pad_cache_and_update()
+
+        # Step 8 in 6.1 (T xor MSB_Tlen(S_0))
+        self._mac_tag = strxor(self._t, self._s_0)[:self._mac_len]
+
+        return self._mac_tag
+
+    def hexdigest(self):
+        """Compute the *printable* MAC tag.
+
+        This method is like `digest`.
+
+        :Return: the MAC, as a hexadecimal string.
+        """
+        return "".join(["%02x" % bord(x) for x in self.digest()])
+
+    def verify(self, received_mac_tag):
+        """Validate the *binary* MAC tag.
+
+        The caller invokes this function at the very end.
+
+        This method checks if the decrypted message is indeed valid
+        (that is, if the key is correct) and it has not been
+        tampered with while in transit.
+
+        :Parameters:
+          received_mac_tag : bytes/bytearray/memoryview
+            This is the *binary* MAC, as received from the sender.
+        :Raises ValueError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        if self.verify not in self._next:
+            raise TypeError("verify() cannot be called"
+                            " when encrypting a message")
+        self._next = [self.verify]
+
+        self._digest()
+        secret = get_random_bytes(16)
+
+        mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=self._mac_tag)
+        mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=received_mac_tag)
+
+        if mac1.digest() != mac2.digest():
+            raise ValueError("MAC check failed")
+
+    def hexverify(self, hex_mac_tag):
+        """Validate the *printable* MAC tag.
+
+        This method is like `verify`.
+
+        :Parameters:
+          hex_mac_tag : string
+            This is the *printable* MAC, as received from the sender.
+        :Raises ValueError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        self.verify(unhexlify(hex_mac_tag))
+
+    def encrypt_and_digest(self, plaintext, output=None):
+        """Perform encrypt() and digest() in one step.
+
+        :Parameters:
+          plaintext : bytes/bytearray/memoryview
+            The piece of data to encrypt.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the ciphertext must be written to.
+            If ``None``, the ciphertext is returned.
+        :Return:
+            a tuple with two items:
+
+            - the ciphertext, as ``bytes``
+            - the MAC tag, as ``bytes``
+
+            The first item becomes ``None`` when the ``output`` parameter
+            specified a location for the result.
+        """
+
+        return self.encrypt(plaintext, output=output), self.digest()
+
+    def decrypt_and_verify(self, ciphertext, received_mac_tag, output=None):
+        """Perform decrypt() and verify() in one step.
+
+        :Parameters:
+          ciphertext : bytes/bytearray/memoryview
+            The piece of data to decrypt.
+          received_mac_tag : bytes/bytearray/memoryview
+            This is the *binary* MAC, as received from the sender.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the plaintext must be written to.
+            If ``None``, the plaintext is returned.
+        :Return: the plaintext as ``bytes`` or ``None`` when the ``output``
+            parameter specified a location for the result.
+        :Raises ValueError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        plaintext = self.decrypt(ciphertext, output=output)
+        self.verify(received_mac_tag)
+        return plaintext
+
+
+def _create_ccm_cipher(factory, **kwargs):
+    """Create a new block cipher, configured in CCM mode.
+
+    :Parameters:
+      factory : module
+        A symmetric cipher module from `Crypto.Cipher` (like
+        `Crypto.Cipher.AES`).
+
+    :Keywords:
+      key : bytes/bytearray/memoryview
+        The secret key to use in the symmetric cipher.
+
+      nonce : bytes/bytearray/memoryview
+        A value that must never be reused for any other encryption.
+
+        Its length must be in the range ``[7..13]``.
+        11 or 12 bytes are reasonable values in general. Bear in
+        mind that with CCM there is a trade-off between nonce length and
+        maximum message size.
+
+        If not specified, a 11 byte long random string is used.
+
+      mac_len : integer
+        Length of the MAC, in bytes. It must be even and in
+        the range ``[4..16]``. The default is 16.
+
+      msg_len : integer
+        Length of the message to (de)cipher.
+        If not specified, ``encrypt`` or ``decrypt`` may only be called once.
+
+      assoc_len : integer
+        Length of the associated data.
+        If not specified, all data is internally buffered.
+    """
+
+    try:
+        key = key = kwargs.pop("key")
+    except KeyError as e:
+        raise TypeError("Missing parameter: " + str(e))
+
+    nonce = kwargs.pop("nonce", None)  # N
+    if nonce is None:
+        nonce = get_random_bytes(11)
+    mac_len = kwargs.pop("mac_len", factory.block_size)
+    msg_len = kwargs.pop("msg_len", None)      # p
+    assoc_len = kwargs.pop("assoc_len", None)  # a
+    cipher_params = dict(kwargs)
+
+    return CcmMode(factory, key, nonce, mac_len, msg_len,
+                   assoc_len, cipher_params)

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_ccm.pyi

@@ -0,0 +1,47 @@
+from types import ModuleType
+from typing import Union, overload, Dict, Tuple, Optional
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+__all__ = ['CcmMode']
+
+class CcmMode(object):
+    block_size: int
+    nonce: bytes
+
+    def __init__(self,
+                 factory: ModuleType,
+                 key: Buffer,
+                 nonce: Buffer,
+                 mac_len: int,
+                 msg_len: int,
+                 assoc_len: int,
+                 cipher_params: Dict) -> None: ...
+    
+    def update(self, assoc_data: Buffer) -> CcmMode: ...
+
+    @overload
+    def encrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+    @overload
+    def decrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+
+    def digest(self) -> bytes: ...
+    def hexdigest(self) -> str: ...
+    def verify(self, received_mac_tag: Buffer) -> None: ...
+    def hexverify(self, hex_mac_tag: str) -> None: ...
+
+    @overload
+    def encrypt_and_digest(self,
+                           plaintext: Buffer) -> Tuple[bytes, bytes]: ...
+    @overload
+    def encrypt_and_digest(self,
+                           plaintext: Buffer,
+                           output: Buffer) -> Tuple[None, bytes]: ...
+    def decrypt_and_verify(self,
+                           ciphertext: Buffer,
+                           received_mac_tag: Buffer,
+                           output: Optional[Union[bytearray, memoryview]] = ...) -> bytes: ...

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_cfb.py

@@ -0,0 +1,293 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/mode_cfb.py : CFB mode
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""
+Counter Feedback (CFB) mode.
+"""
+
+__all__ = ['CfbMode']
+
+from Crypto.Util.py3compat import _copy_bytes
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer,
+                                  create_string_buffer, get_raw_buffer,
+                                  SmartPointer, c_size_t, c_uint8_ptr,
+                                  is_writeable_buffer)
+
+from Crypto.Random import get_random_bytes
+
+raw_cfb_lib = load_pycryptodome_raw_lib("Crypto.Cipher._raw_cfb","""
+                    int CFB_start_operation(void *cipher,
+                                            const uint8_t iv[],
+                                            size_t iv_len,
+                                            size_t segment_len, /* In bytes */
+                                            void **pResult);
+                    int CFB_encrypt(void *cfbState,
+                                    const uint8_t *in,
+                                    uint8_t *out,
+                                    size_t data_len);
+                    int CFB_decrypt(void *cfbState,
+                                    const uint8_t *in,
+                                    uint8_t *out,
+                                    size_t data_len);
+                    int CFB_stop_operation(void *state);"""
+                    )
+
+
+class CfbMode(object):
+    """*Cipher FeedBack (CFB)*.
+
+    This mode is similar to CFB, but it transforms
+    the underlying block cipher into a stream cipher.
+
+    Plaintext and ciphertext are processed in *segments*
+    of **s** bits. The mode is therefore sometimes
+    labelled **s**-bit CFB.
+
+    An Initialization Vector (*IV*) is required.
+
+    See `NIST SP800-38A`_ , Section 6.3.
+
+    .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+
+    :undocumented: __init__
+    """
+
+    def __init__(self, block_cipher, iv, segment_size):
+        """Create a new block cipher, configured in CFB mode.
+
+        :Parameters:
+          block_cipher : C pointer
+            A smart pointer to the low-level block cipher instance.
+
+          iv : bytes/bytearray/memoryview
+            The initialization vector to use for encryption or decryption.
+            It is as long as the cipher block.
+
+            **The IV must be unpredictable**. Ideally it is picked randomly.
+
+            Reusing the *IV* for encryptions performed with the same key
+            compromises confidentiality.
+
+          segment_size : integer
+            The number of bytes the plaintext and ciphertext are segmented in.
+        """
+
+        self._state = VoidPointer()
+        result = raw_cfb_lib.CFB_start_operation(block_cipher.get(),
+                                                 c_uint8_ptr(iv),
+                                                 c_size_t(len(iv)),
+                                                 c_size_t(segment_size),
+                                                 self._state.address_of())
+        if result:
+            raise ValueError("Error %d while instantiating the CFB mode" % result)
+
+        # Ensure that object disposal of this Python object will (eventually)
+        # free the memory allocated by the raw library for the cipher mode
+        self._state = SmartPointer(self._state.get(),
+                                   raw_cfb_lib.CFB_stop_operation)
+
+        # Memory allocated for the underlying block cipher is now owed
+        # by the cipher mode
+        block_cipher.release()
+
+        self.block_size = len(iv)
+        """The block size of the underlying cipher, in bytes."""
+
+        self.iv = _copy_bytes(None, None, iv)
+        """The Initialization Vector originally used to create the object.
+        The value does not change."""
+
+        self.IV = self.iv
+        """Alias for `iv`"""
+
+        self._next = [ self.encrypt, self.decrypt ]
+
+    def encrypt(self, plaintext, output=None):
+        """Encrypt data with the key and the parameters set at initialization.
+
+        A cipher object is stateful: once you have encrypted a message
+        you cannot encrypt (or decrypt) another message using the same
+        object.
+
+        The data to encrypt can be broken up in two or
+        more pieces and `encrypt` can be called multiple times.
+
+        That is, the statement:
+
+            >>> c.encrypt(a) + c.encrypt(b)
+
+        is equivalent to:
+
+             >>> c.encrypt(a+b)
+
+        This function does not add any padding to the plaintext.
+
+        :Parameters:
+          plaintext : bytes/bytearray/memoryview
+            The piece of data to encrypt.
+            It can be of any length.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the ciphertext must be written to.
+            If ``None``, the ciphertext is returned.
+        :Return:
+          If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.encrypt not in self._next:
+            raise TypeError("encrypt() cannot be called after decrypt()")
+        self._next = [ self.encrypt ]
+        
+        if output is None:
+            ciphertext = create_string_buffer(len(plaintext))
+        else:
+            ciphertext = output
+            
+            if not is_writeable_buffer(output):
+                raise TypeError("output must be a bytearray or a writeable memoryview")
+        
+            if len(plaintext) != len(output):
+                raise ValueError("output must have the same length as the input"
+                                 "  (%d bytes)" % len(plaintext))
+
+        result = raw_cfb_lib.CFB_encrypt(self._state.get(),
+                                         c_uint8_ptr(plaintext),
+                                         c_uint8_ptr(ciphertext),
+                                         c_size_t(len(plaintext)))
+        if result:
+            raise ValueError("Error %d while encrypting in CFB mode" % result)
+
+        if output is None:
+            return get_raw_buffer(ciphertext)
+        else:
+            return None
+
+    def decrypt(self, ciphertext,  output=None):
+        """Decrypt data with the key and the parameters set at initialization.
+
+        A cipher object is stateful: once you have decrypted a message
+        you cannot decrypt (or encrypt) another message with the same
+        object.
+
+        The data to decrypt can be broken up in two or
+        more pieces and `decrypt` can be called multiple times.
+
+        That is, the statement:
+
+            >>> c.decrypt(a) + c.decrypt(b)
+
+        is equivalent to:
+
+             >>> c.decrypt(a+b)
+
+        This function does not remove any padding from the plaintext.
+
+        :Parameters:
+          ciphertext : bytes/bytearray/memoryview
+            The piece of data to decrypt.
+            It can be of any length.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the plaintext must be written to.
+            If ``None``, the plaintext is returned.
+        :Return:
+          If ``output`` is ``None``, the plaintext is returned as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.decrypt not in self._next:
+            raise TypeError("decrypt() cannot be called after encrypt()")
+        self._next = [ self.decrypt ]
+        
+        if output is None:
+            plaintext = create_string_buffer(len(ciphertext))
+        else:
+            plaintext = output
+
+            if not is_writeable_buffer(output):
+                raise TypeError("output must be a bytearray or a writeable memoryview")
+            
+            if len(ciphertext) != len(output):
+                raise ValueError("output must have the same length as the input"
+                                 "  (%d bytes)" % len(plaintext))
+        
+        result = raw_cfb_lib.CFB_decrypt(self._state.get(),
+                                         c_uint8_ptr(ciphertext),
+                                         c_uint8_ptr(plaintext),
+                                         c_size_t(len(ciphertext)))
+        if result:
+            raise ValueError("Error %d while decrypting in CFB mode" % result)
+
+        if output is None:
+            return get_raw_buffer(plaintext)
+        else:
+            return None
+
+
+def _create_cfb_cipher(factory, **kwargs):
+    """Instantiate a cipher object that performs CFB encryption/decryption.
+
+    :Parameters:
+      factory : module
+        The underlying block cipher, a module from ``Crypto.Cipher``.
+
+    :Keywords:
+      iv : bytes/bytearray/memoryview
+        The IV to use for CFB.
+
+      IV : bytes/bytearray/memoryview
+        Alias for ``iv``.
+
+      segment_size : integer
+        The number of bit the plaintext and ciphertext are segmented in.
+        If not present, the default is 8.
+
+    Any other keyword will be passed to the underlying block cipher.
+    See the relevant documentation for details (at least ``key`` will need
+    to be present).
+    """
+
+    cipher_state = factory._create_base_cipher(kwargs)
+
+    iv = kwargs.pop("IV", None)
+    IV = kwargs.pop("iv", None)
+
+    if (None, None) == (iv, IV):
+        iv = get_random_bytes(factory.block_size)
+    if iv is not None:
+        if IV is not None:
+            raise TypeError("You must either use 'iv' or 'IV', not both")
+    else:
+        iv = IV
+
+    if len(iv) != factory.block_size:
+        raise ValueError("Incorrect IV length (it must be %d bytes long)" %
+                factory.block_size)
+
+    segment_size_bytes, rem = divmod(kwargs.pop("segment_size", 8), 8)
+    if segment_size_bytes == 0 or rem != 0:
+        raise ValueError("'segment_size' must be positive and multiple of 8 bits")
+
+    if kwargs:
+        raise TypeError("Unknown parameters for CFB: %s" % str(kwargs))
+    return CfbMode(cipher_state, iv, segment_size_bytes)

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_cfb.pyi

@@ -0,0 +1,26 @@
+from typing import Union, overload
+
+from Crypto.Util._raw_api import SmartPointer
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+__all__ = ['CfbMode']
+
+
+class CfbMode(object):
+    block_size: int
+    iv: Buffer
+    IV: Buffer
+    
+    def __init__(self,
+                 block_cipher: SmartPointer,
+                 iv: Buffer,
+                 segment_size: int) -> None: ...
+    @overload
+    def encrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+    @overload
+    def decrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_ctr.py

@@ -0,0 +1,393 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/mode_ctr.py : CTR mode
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""
+Counter (CTR) mode.
+"""
+
+__all__ = ['CtrMode']
+
+import struct
+
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer,
+                                  create_string_buffer, get_raw_buffer,
+                                  SmartPointer, c_size_t, c_uint8_ptr,
+                                  is_writeable_buffer)
+
+from Crypto.Random import get_random_bytes
+from Crypto.Util.py3compat import _copy_bytes, is_native_int
+from Crypto.Util.number import long_to_bytes
+
+raw_ctr_lib = load_pycryptodome_raw_lib("Crypto.Cipher._raw_ctr", """
+                    int CTR_start_operation(void *cipher,
+                                            uint8_t   initialCounterBlock[],
+                                            size_t    initialCounterBlock_len,
+                                            size_t    prefix_len,
+                                            unsigned  counter_len,
+                                            unsigned  littleEndian,
+                                            void **pResult);
+                    int CTR_encrypt(void *ctrState,
+                                    const uint8_t *in,
+                                    uint8_t *out,
+                                    size_t data_len);
+                    int CTR_decrypt(void *ctrState,
+                                    const uint8_t *in,
+                                    uint8_t *out,
+                                    size_t data_len);
+                    int CTR_stop_operation(void *ctrState);"""
+                                        )
+
+
+class CtrMode(object):
+    """*CounTeR (CTR)* mode.
+
+    This mode is very similar to ECB, in that
+    encryption of one block is done independently of all other blocks.
+
+    Unlike ECB, the block *position* contributes to the encryption
+    and no information leaks about symbol frequency.
+
+    Each message block is associated to a *counter* which
+    must be unique across all messages that get encrypted
+    with the same key (not just within the same message).
+    The counter is as big as the block size.
+
+    Counters can be generated in several ways. The most
+    straightword one is to choose an *initial counter block*
+    (which can be made public, similarly to the *IV* for the
+    other modes) and increment its lowest **m** bits by one
+    (modulo *2^m*) for each block. In most cases, **m** is
+    chosen to be half the block size.
+
+    See `NIST SP800-38A`_, Section 6.5 (for the mode) and
+    Appendix B (for how to manage the *initial counter block*).
+
+    .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+
+    :undocumented: __init__
+    """
+
+    def __init__(self, block_cipher, initial_counter_block,
+                 prefix_len, counter_len, little_endian):
+        """Create a new block cipher, configured in CTR mode.
+
+        :Parameters:
+          block_cipher : C pointer
+            A smart pointer to the low-level block cipher instance.
+
+          initial_counter_block : bytes/bytearray/memoryview
+            The initial plaintext to use to generate the key stream.
+
+            It is as large as the cipher block, and it embeds
+            the initial value of the counter.
+
+            This value must not be reused.
+            It shall contain a nonce or a random component.
+            Reusing the *initial counter block* for encryptions
+            performed with the same key compromises confidentiality.
+
+          prefix_len : integer
+            The amount of bytes at the beginning of the counter block
+            that never change.
+
+          counter_len : integer
+            The length in bytes of the counter embedded in the counter
+            block.
+
+          little_endian : boolean
+            True if the counter in the counter block is an integer encoded
+            in little endian mode. If False, it is big endian.
+        """
+
+        if len(initial_counter_block) == prefix_len + counter_len:
+            self.nonce = _copy_bytes(None, prefix_len, initial_counter_block)
+            """Nonce; not available if there is a fixed suffix"""
+
+        self._state = VoidPointer()
+        result = raw_ctr_lib.CTR_start_operation(block_cipher.get(),
+                                                 c_uint8_ptr(initial_counter_block),
+                                                 c_size_t(len(initial_counter_block)),
+                                                 c_size_t(prefix_len),
+                                                 counter_len,
+                                                 little_endian,
+                                                 self._state.address_of())
+        if result:
+            raise ValueError("Error %X while instantiating the CTR mode"
+                             % result)
+
+        # Ensure that object disposal of this Python object will (eventually)
+        # free the memory allocated by the raw library for the cipher mode
+        self._state = SmartPointer(self._state.get(),
+                                   raw_ctr_lib.CTR_stop_operation)
+
+        # Memory allocated for the underlying block cipher is now owed
+        # by the cipher mode
+        block_cipher.release()
+
+        self.block_size = len(initial_counter_block)
+        """The block size of the underlying cipher, in bytes."""
+
+        self._next = [self.encrypt, self.decrypt]
+
+    def encrypt(self, plaintext, output=None):
+        """Encrypt data with the key and the parameters set at initialization.
+
+        A cipher object is stateful: once you have encrypted a message
+        you cannot encrypt (or decrypt) another message using the same
+        object.
+
+        The data to encrypt can be broken up in two or
+        more pieces and `encrypt` can be called multiple times.
+
+        That is, the statement:
+
+            >>> c.encrypt(a) + c.encrypt(b)
+
+        is equivalent to:
+
+             >>> c.encrypt(a+b)
+
+        This function does not add any padding to the plaintext.
+
+        :Parameters:
+          plaintext : bytes/bytearray/memoryview
+            The piece of data to encrypt.
+            It can be of any length.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the ciphertext must be written to.
+            If ``None``, the ciphertext is returned.
+        :Return:
+          If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.encrypt not in self._next:
+            raise TypeError("encrypt() cannot be called after decrypt()")
+        self._next = [self.encrypt]
+
+        if output is None:
+            ciphertext = create_string_buffer(len(plaintext))
+        else:
+            ciphertext = output
+
+            if not is_writeable_buffer(output):
+                raise TypeError("output must be a bytearray or a writeable memoryview")
+
+            if len(plaintext) != len(output):
+                raise ValueError("output must have the same length as the input"
+                                 "  (%d bytes)" % len(plaintext))
+
+        result = raw_ctr_lib.CTR_encrypt(self._state.get(),
+                                         c_uint8_ptr(plaintext),
+                                         c_uint8_ptr(ciphertext),
+                                         c_size_t(len(plaintext)))
+        if result:
+            if result == 0x60002:
+                raise OverflowError("The counter has wrapped around in"
+                                    " CTR mode")
+            raise ValueError("Error %X while encrypting in CTR mode" % result)
+
+        if output is None:
+            return get_raw_buffer(ciphertext)
+        else:
+            return None
+
+    def decrypt(self, ciphertext, output=None):
+        """Decrypt data with the key and the parameters set at initialization.
+
+        A cipher object is stateful: once you have decrypted a message
+        you cannot decrypt (or encrypt) another message with the same
+        object.
+
+        The data to decrypt can be broken up in two or
+        more pieces and `decrypt` can be called multiple times.
+
+        That is, the statement:
+
+            >>> c.decrypt(a) + c.decrypt(b)
+
+        is equivalent to:
+
+             >>> c.decrypt(a+b)
+
+        This function does not remove any padding from the plaintext.
+
+        :Parameters:
+          ciphertext : bytes/bytearray/memoryview
+            The piece of data to decrypt.
+            It can be of any length.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the plaintext must be written to.
+            If ``None``, the plaintext is returned.
+        :Return:
+          If ``output`` is ``None``, the plaintext is returned as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.decrypt not in self._next:
+            raise TypeError("decrypt() cannot be called after encrypt()")
+        self._next = [self.decrypt]
+
+        if output is None:
+            plaintext = create_string_buffer(len(ciphertext))
+        else:
+            plaintext = output
+
+            if not is_writeable_buffer(output):
+                raise TypeError("output must be a bytearray or a writeable memoryview")
+
+            if len(ciphertext) != len(output):
+                raise ValueError("output must have the same length as the input"
+                                 "  (%d bytes)" % len(plaintext))
+
+        result = raw_ctr_lib.CTR_decrypt(self._state.get(),
+                                         c_uint8_ptr(ciphertext),
+                                         c_uint8_ptr(plaintext),
+                                         c_size_t(len(ciphertext)))
+        if result:
+            if result == 0x60002:
+                raise OverflowError("The counter has wrapped around in"
+                                    " CTR mode")
+            raise ValueError("Error %X while decrypting in CTR mode" % result)
+
+        if output is None:
+            return get_raw_buffer(plaintext)
+        else:
+            return None
+
+
+def _create_ctr_cipher(factory, **kwargs):
+    """Instantiate a cipher object that performs CTR encryption/decryption.
+
+    :Parameters:
+      factory : module
+        The underlying block cipher, a module from ``Crypto.Cipher``.
+
+    :Keywords:
+      nonce : bytes/bytearray/memoryview
+        The fixed part at the beginning of the counter block - the rest is
+        the counter number that gets increased when processing the next block.
+        The nonce must be such that no two messages are encrypted under the
+        same key and the same nonce.
+
+        The nonce must be shorter than the block size (it can have
+        zero length; the counter is then as long as the block).
+
+        If this parameter is not present, a random nonce will be created with
+        length equal to half the block size. No random nonce shorter than
+        64 bits will be created though - you must really think through all
+        security consequences of using such a short block size.
+
+      initial_value : posive integer or bytes/bytearray/memoryview
+        The initial value for the counter. If not present, the cipher will
+        start counting from 0. The value is incremented by one for each block.
+        The counter number is encoded in big endian mode.
+
+      counter : object
+        Instance of ``Crypto.Util.Counter``, which allows full customization
+        of the counter block. This parameter is incompatible to both ``nonce``
+        and ``initial_value``.
+
+    Any other keyword will be passed to the underlying block cipher.
+    See the relevant documentation for details (at least ``key`` will need
+    to be present).
+    """
+
+    cipher_state = factory._create_base_cipher(kwargs)
+
+    counter = kwargs.pop("counter", None)
+    nonce = kwargs.pop("nonce", None)
+    initial_value = kwargs.pop("initial_value", None)
+    if kwargs:
+        raise TypeError("Invalid parameters for CTR mode: %s" % str(kwargs))
+
+    if counter is not None and (nonce, initial_value) != (None, None):
+        raise TypeError("'counter' and 'nonce'/'initial_value'"
+                        " are mutually exclusive")
+
+    if counter is None:
+        # Crypto.Util.Counter is not used
+        if nonce is None:
+            if factory.block_size < 16:
+                raise TypeError("Impossible to create a safe nonce for short"
+                                " block sizes")
+            nonce = get_random_bytes(factory.block_size // 2)
+        else:
+            if len(nonce) >= factory.block_size:
+                raise ValueError("Nonce is too long")
+
+        # What is not nonce is counter
+        counter_len = factory.block_size - len(nonce)
+
+        if initial_value is None:
+            initial_value = 0
+
+        if is_native_int(initial_value):
+            if (1 << (counter_len * 8)) - 1 < initial_value:
+                raise ValueError("Initial counter value is too large")
+            initial_counter_block = nonce + long_to_bytes(initial_value, counter_len)
+        else:
+            if len(initial_value) != counter_len:
+                raise ValueError("Incorrect length for counter byte string (%d bytes, expected %d)" %
+                                 (len(initial_value), counter_len))
+            initial_counter_block = nonce + initial_value
+
+        return CtrMode(cipher_state,
+                       initial_counter_block,
+                       len(nonce),                     # prefix
+                       counter_len,
+                       False)                          # little_endian
+
+    # Crypto.Util.Counter is used
+
+    # 'counter' used to be a callable object, but now it is
+    # just a dictionary for backward compatibility.
+    _counter = dict(counter)
+    try:
+        counter_len = _counter.pop("counter_len")
+        prefix = _counter.pop("prefix")
+        suffix = _counter.pop("suffix")
+        initial_value = _counter.pop("initial_value")
+        little_endian = _counter.pop("little_endian")
+    except KeyError:
+        raise TypeError("Incorrect counter object"
+                        " (use Crypto.Util.Counter.new)")
+
+    # Compute initial counter block
+    words = []
+    while initial_value > 0:
+        words.append(struct.pack('B', initial_value & 255))
+        initial_value >>= 8
+    words += [b'\x00'] * max(0, counter_len - len(words))
+    if not little_endian:
+        words.reverse()
+    initial_counter_block = prefix + b"".join(words) + suffix
+
+    if len(initial_counter_block) != factory.block_size:
+        raise ValueError("Size of the counter block (%d bytes) must match"
+                         " block size (%d)" % (len(initial_counter_block),
+                                               factory.block_size))
+
+    return CtrMode(cipher_state, initial_counter_block,
+                   len(prefix), counter_len, little_endian)

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_ctr.pyi

@@ -0,0 +1,27 @@
+from typing import Union, overload
+
+from Crypto.Util._raw_api import SmartPointer
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+__all__ = ['CtrMode']
+
+class CtrMode(object):
+    block_size: int
+    nonce: bytes
+
+    def __init__(self,
+                 block_cipher: SmartPointer,
+                 initial_counter_block: Buffer,
+                 prefix_len: int,
+                 counter_len: int,
+                 little_endian: bool) -> None: ...
+    @overload
+    def encrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+    @overload
+    def decrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_eax.py

@@ -0,0 +1,408 @@
+# ===================================================================
+#
+# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# ===================================================================
+
+"""
+EAX mode.
+"""
+
+__all__ = ['EaxMode']
+
+import struct
+from binascii import unhexlify
+
+from Crypto.Util.py3compat import byte_string, bord, _copy_bytes
+
+from Crypto.Util._raw_api import is_buffer
+
+from Crypto.Util.strxor import strxor
+from Crypto.Util.number import long_to_bytes, bytes_to_long
+
+from Crypto.Hash import CMAC, BLAKE2s
+from Crypto.Random import get_random_bytes
+
+
+class EaxMode(object):
+    """*EAX* mode.
+
+    This is an Authenticated Encryption with Associated Data
+    (`AEAD`_) mode. It provides both confidentiality and authenticity.
+
+    The header of the message may be left in the clear, if needed,
+    and it will still be subject to authentication.
+
+    The decryption step tells the receiver if the message comes
+    from a source that really knowns the secret key.
+    Additionally, decryption detects if any part of the message -
+    including the header - has been modified or corrupted.
+
+    This mode requires a *nonce*.
+
+    This mode is only available for ciphers that operate on 64 or
+    128 bits blocks.
+
+    There are no official standards defining EAX.
+    The implementation is based on `a proposal`__ that
+    was presented to NIST.
+
+    .. _AEAD: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
+    .. __: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
+
+    :undocumented: __init__
+    """
+
+    def __init__(self, factory, key, nonce, mac_len, cipher_params):
+        """EAX cipher mode"""
+
+        self.block_size = factory.block_size
+        """The block size of the underlying cipher, in bytes."""
+
+        self.nonce = _copy_bytes(None, None, nonce)
+        """The nonce originally used to create the object."""
+
+        self._mac_len = mac_len
+        self._mac_tag = None  # Cache for MAC tag
+
+        # Allowed transitions after initialization
+        self._next = [self.update, self.encrypt, self.decrypt,
+                      self.digest, self.verify]
+
+        # MAC tag length
+        if not (4 <= self._mac_len <= self.block_size):
+            raise ValueError("Parameter 'mac_len' must not be larger than %d"
+                             % self.block_size)
+
+        # Nonce cannot be empty and must be a byte string
+        if len(self.nonce) == 0:
+            raise ValueError("Nonce cannot be empty in EAX mode")
+        if not is_buffer(nonce):
+            raise TypeError("nonce must be bytes, bytearray or memoryview")
+
+        self._omac = [
+                CMAC.new(key,
+                         b'\x00' * (self.block_size - 1) + struct.pack('B', i),
+                         ciphermod=factory,
+                         cipher_params=cipher_params)
+                for i in range(0, 3)
+                ]
+
+        # Compute MAC of nonce
+        self._omac[0].update(self.nonce)
+        self._signer = self._omac[1]
+
+        # MAC of the nonce is also the initial counter for CTR encryption
+        counter_int = bytes_to_long(self._omac[0].digest())
+        self._cipher = factory.new(key,
+                                   factory.MODE_CTR,
+                                   initial_value=counter_int,
+                                   nonce=b"",
+                                   **cipher_params)
+
+    def update(self, assoc_data):
+        """Protect associated data
+
+        If there is any associated data, the caller has to invoke
+        this function one or more times, before using
+        ``decrypt`` or ``encrypt``.
+
+        By *associated data* it is meant any data (e.g. packet headers) that
+        will not be encrypted and will be transmitted in the clear.
+        However, the receiver is still able to detect any modification to it.
+
+        If there is no associated data, this method must not be called.
+
+        The caller may split associated data in segments of any size, and
+        invoke this method multiple times, each time with the next segment.
+
+        :Parameters:
+          assoc_data : bytes/bytearray/memoryview
+            A piece of associated data. There are no restrictions on its size.
+        """
+
+        if self.update not in self._next:
+            raise TypeError("update() can only be called"
+                                " immediately after initialization")
+
+        self._next = [self.update, self.encrypt, self.decrypt,
+                      self.digest, self.verify]
+
+        self._signer.update(assoc_data)
+        return self
+
+    def encrypt(self, plaintext, output=None):
+        """Encrypt data with the key and the parameters set at initialization.
+
+        A cipher object is stateful: once you have encrypted a message
+        you cannot encrypt (or decrypt) another message using the same
+        object.
+
+        The data to encrypt can be broken up in two or
+        more pieces and `encrypt` can be called multiple times.
+
+        That is, the statement:
+
+            >>> c.encrypt(a) + c.encrypt(b)
+
+        is equivalent to:
+
+             >>> c.encrypt(a+b)
+
+        This function does not add any padding to the plaintext.
+
+        :Parameters:
+          plaintext : bytes/bytearray/memoryview
+            The piece of data to encrypt.
+            It can be of any length.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the ciphertext must be written to.
+            If ``None``, the ciphertext is returned.
+        :Return:
+          If ``output`` is ``None``, the ciphertext as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.encrypt not in self._next:
+            raise TypeError("encrypt() can only be called after"
+                            " initialization or an update()")
+        self._next = [self.encrypt, self.digest]
+        ct = self._cipher.encrypt(plaintext, output=output)
+        if output is None:
+            self._omac[2].update(ct)
+        else:
+            self._omac[2].update(output)
+        return ct
+
+    def decrypt(self, ciphertext, output=None):
+        """Decrypt data with the key and the parameters set at initialization.
+
+        A cipher object is stateful: once you have decrypted a message
+        you cannot decrypt (or encrypt) another message with the same
+        object.
+
+        The data to decrypt can be broken up in two or
+        more pieces and `decrypt` can be called multiple times.
+
+        That is, the statement:
+
+            >>> c.decrypt(a) + c.decrypt(b)
+
+        is equivalent to:
+
+             >>> c.decrypt(a+b)
+
+        This function does not remove any padding from the plaintext.
+
+        :Parameters:
+          ciphertext : bytes/bytearray/memoryview
+            The piece of data to decrypt.
+            It can be of any length.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the plaintext must be written to.
+            If ``None``, the plaintext is returned.
+        :Return:
+          If ``output`` is ``None``, the plaintext as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.decrypt not in self._next:
+            raise TypeError("decrypt() can only be called"
+                            " after initialization or an update()")
+        self._next = [self.decrypt, self.verify]
+        self._omac[2].update(ciphertext)
+        return self._cipher.decrypt(ciphertext, output=output)
+
+    def digest(self):
+        """Compute the *binary* MAC tag.
+
+        The caller invokes this function at the very end.
+
+        This method returns the MAC that shall be sent to the receiver,
+        together with the ciphertext.
+
+        :Return: the MAC, as a byte string.
+        """
+
+        if self.digest not in self._next:
+            raise TypeError("digest() cannot be called when decrypting"
+                                " or validating a message")
+        self._next = [self.digest]
+
+        if not self._mac_tag:
+            tag = b'\x00' * self.block_size
+            for i in range(3):
+                tag = strxor(tag, self._omac[i].digest())
+            self._mac_tag = tag[:self._mac_len]
+
+        return self._mac_tag
+
+    def hexdigest(self):
+        """Compute the *printable* MAC tag.
+
+        This method is like `digest`.
+
+        :Return: the MAC, as a hexadecimal string.
+        """
+        return "".join(["%02x" % bord(x) for x in self.digest()])
+
+    def verify(self, received_mac_tag):
+        """Validate the *binary* MAC tag.
+
+        The caller invokes this function at the very end.
+
+        This method checks if the decrypted message is indeed valid
+        (that is, if the key is correct) and it has not been
+        tampered with while in transit.
+
+        :Parameters:
+          received_mac_tag : bytes/bytearray/memoryview
+            This is the *binary* MAC, as received from the sender.
+        :Raises MacMismatchError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        if self.verify not in self._next:
+            raise TypeError("verify() cannot be called"
+                                " when encrypting a message")
+        self._next = [self.verify]
+
+        if not self._mac_tag:
+            tag = b'\x00' * self.block_size
+            for i in range(3):
+                tag = strxor(tag, self._omac[i].digest())
+            self._mac_tag = tag[:self._mac_len]
+
+        secret = get_random_bytes(16)
+
+        mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=self._mac_tag)
+        mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=received_mac_tag)
+
+        if mac1.digest() != mac2.digest():
+            raise ValueError("MAC check failed")
+
+    def hexverify(self, hex_mac_tag):
+        """Validate the *printable* MAC tag.
+
+        This method is like `verify`.
+
+        :Parameters:
+          hex_mac_tag : string
+            This is the *printable* MAC, as received from the sender.
+        :Raises MacMismatchError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        self.verify(unhexlify(hex_mac_tag))
+
+    def encrypt_and_digest(self, plaintext, output=None):
+        """Perform encrypt() and digest() in one step.
+
+        :Parameters:
+          plaintext : bytes/bytearray/memoryview
+            The piece of data to encrypt.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the ciphertext must be written to.
+            If ``None``, the ciphertext is returned.
+        :Return:
+            a tuple with two items:
+
+            - the ciphertext, as ``bytes``
+            - the MAC tag, as ``bytes``
+
+            The first item becomes ``None`` when the ``output`` parameter
+            specified a location for the result.
+        """
+
+        return self.encrypt(plaintext, output=output), self.digest()
+
+    def decrypt_and_verify(self, ciphertext, received_mac_tag, output=None):
+        """Perform decrypt() and verify() in one step.
+
+        :Parameters:
+          ciphertext : bytes/bytearray/memoryview
+            The piece of data to decrypt.
+          received_mac_tag : bytes/bytearray/memoryview
+            This is the *binary* MAC, as received from the sender.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the plaintext must be written to.
+            If ``None``, the plaintext is returned.
+        :Return: the plaintext as ``bytes`` or ``None`` when the ``output``
+            parameter specified a location for the result.
+        :Raises MacMismatchError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        pt = self.decrypt(ciphertext, output=output)
+        self.verify(received_mac_tag)
+        return pt
+
+
+def _create_eax_cipher(factory, **kwargs):
+    """Create a new block cipher, configured in EAX mode.
+
+    :Parameters:
+      factory : module
+        A symmetric cipher module from `Crypto.Cipher` (like
+        `Crypto.Cipher.AES`).
+
+    :Keywords:
+      key : bytes/bytearray/memoryview
+        The secret key to use in the symmetric cipher.
+
+      nonce : bytes/bytearray/memoryview
+        A value that must never be reused for any other encryption.
+        There are no restrictions on its length, but it is recommended to use
+        at least 16 bytes.
+
+        The nonce shall never repeat for two different messages encrypted with
+        the same key, but it does not need to be random.
+
+        If not specified, a 16 byte long random string is used.
+
+      mac_len : integer
+        Length of the MAC, in bytes. It must be no larger than the cipher
+        block bytes (which is the default).
+    """
+
+    try:
+        key = kwargs.pop("key")
+        nonce = kwargs.pop("nonce", None)
+        if nonce is None:
+            nonce = get_random_bytes(16)
+        mac_len = kwargs.pop("mac_len", factory.block_size)
+    except KeyError as e:
+        raise TypeError("Missing parameter: " + str(e))
+
+    return EaxMode(factory, key, nonce, mac_len, kwargs)

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_eax.pyi

@@ -0,0 +1,45 @@
+from types import ModuleType
+from typing import Any, Union, Tuple, Dict, overload, Optional
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+__all__ = ['EaxMode']
+
+class EaxMode(object):
+    block_size: int
+    nonce: bytes
+    
+    def __init__(self,
+                 factory: ModuleType,
+                 key: Buffer,
+                 nonce: Buffer,
+                 mac_len: int,
+                 cipher_params: Dict) -> None: ...
+    
+    def update(self, assoc_data: Buffer) -> EaxMode: ...
+
+    @overload
+    def encrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+    @overload
+    def decrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+
+    def digest(self) -> bytes: ...
+    def hexdigest(self) -> str: ...
+    def verify(self, received_mac_tag: Buffer) -> None: ...
+    def hexverify(self, hex_mac_tag: str) -> None: ...
+
+    @overload
+    def encrypt_and_digest(self,
+                           plaintext: Buffer) -> Tuple[bytes, bytes]: ...
+    @overload
+    def encrypt_and_digest(self,
+                           plaintext: Buffer,
+                           output: Buffer) -> Tuple[None, bytes]: ...
+    def decrypt_and_verify(self,
+                           ciphertext: Buffer,
+                           received_mac_tag: Buffer,
+                           output: Optional[Union[bytearray, memoryview]] = ...) -> bytes: ...

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_ecb.py

@@ -0,0 +1,220 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/mode_ecb.py : ECB mode
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""
+Electronic Code Book (ECB) mode.
+"""
+
+__all__ = [ 'EcbMode' ]
+
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib,
+                                  VoidPointer, create_string_buffer,
+                                  get_raw_buffer, SmartPointer,
+                                  c_size_t, c_uint8_ptr,
+                                  is_writeable_buffer)
+
+raw_ecb_lib = load_pycryptodome_raw_lib("Crypto.Cipher._raw_ecb", """
+                    int ECB_start_operation(void *cipher,
+                                            void **pResult);
+                    int ECB_encrypt(void *ecbState,
+                                    const uint8_t *in,
+                                    uint8_t *out,
+                                    size_t data_len);
+                    int ECB_decrypt(void *ecbState,
+                                    const uint8_t *in,
+                                    uint8_t *out,
+                                    size_t data_len);
+                    int ECB_stop_operation(void *state);
+                    """
+                                        )
+
+
+class EcbMode(object):
+    """*Electronic Code Book (ECB)*.
+
+    This is the simplest encryption mode. Each of the plaintext blocks
+    is directly encrypted into a ciphertext block, independently of
+    any other block.
+
+    This mode is dangerous because it exposes frequency of symbols
+    in your plaintext. Other modes (e.g. *CBC*) should be used instead.
+
+    See `NIST SP800-38A`_ , Section 6.1.
+
+    .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+
+    :undocumented: __init__
+    """
+
+    def __init__(self, block_cipher):
+        """Create a new block cipher, configured in ECB mode.
+
+        :Parameters:
+          block_cipher : C pointer
+            A smart pointer to the low-level block cipher instance.
+        """
+        self.block_size = block_cipher.block_size
+
+        self._state = VoidPointer()
+        result = raw_ecb_lib.ECB_start_operation(block_cipher.get(),
+                                                 self._state.address_of())
+        if result:
+            raise ValueError("Error %d while instantiating the ECB mode"
+                             % result)
+
+        # Ensure that object disposal of this Python object will (eventually)
+        # free the memory allocated by the raw library for the cipher
+        # mode
+        self._state = SmartPointer(self._state.get(),
+                                   raw_ecb_lib.ECB_stop_operation)
+
+        # Memory allocated for the underlying block cipher is now owned
+        # by the cipher mode
+        block_cipher.release()
+
+    def encrypt(self, plaintext, output=None):
+        """Encrypt data with the key set at initialization.
+
+        The data to encrypt can be broken up in two or
+        more pieces and `encrypt` can be called multiple times.
+
+        That is, the statement:
+
+            >>> c.encrypt(a) + c.encrypt(b)
+
+        is equivalent to:
+
+             >>> c.encrypt(a+b)
+
+        This function does not add any padding to the plaintext.
+
+        :Parameters:
+          plaintext : bytes/bytearray/memoryview
+            The piece of data to encrypt.
+            The length must be multiple of the cipher block length.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the ciphertext must be written to.
+            If ``None``, the ciphertext is returned.
+        :Return:
+          If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if output is None:
+            ciphertext = create_string_buffer(len(plaintext))
+        else:
+            ciphertext = output
+            
+            if not is_writeable_buffer(output):
+                raise TypeError("output must be a bytearray or a writeable memoryview")
+        
+            if len(plaintext) != len(output):
+                raise ValueError("output must have the same length as the input"
+                                 "  (%d bytes)" % len(plaintext))
+
+        result = raw_ecb_lib.ECB_encrypt(self._state.get(),
+                                         c_uint8_ptr(plaintext),
+                                         c_uint8_ptr(ciphertext),
+                                         c_size_t(len(plaintext)))
+        if result:
+            if result == 3:
+                raise ValueError("Data must be aligned to block boundary in ECB mode")
+            raise ValueError("Error %d while encrypting in ECB mode" % result)
+        
+        if output is None:
+            return get_raw_buffer(ciphertext)
+        else:
+            return None
+
+    def decrypt(self, ciphertext, output=None):
+        """Decrypt data with the key set at initialization.
+
+        The data to decrypt can be broken up in two or
+        more pieces and `decrypt` can be called multiple times.
+
+        That is, the statement:
+
+            >>> c.decrypt(a) + c.decrypt(b)
+
+        is equivalent to:
+
+             >>> c.decrypt(a+b)
+
+        This function does not remove any padding from the plaintext.
+
+        :Parameters:
+          ciphertext : bytes/bytearray/memoryview
+            The piece of data to decrypt.
+            The length must be multiple of the cipher block length.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the plaintext must be written to.
+            If ``None``, the plaintext is returned.
+        :Return:
+          If ``output`` is ``None``, the plaintext is returned as ``bytes``.
+          Otherwise, ``None``.
+        """
+        
+        if output is None:
+            plaintext = create_string_buffer(len(ciphertext))
+        else:
+            plaintext = output
+
+            if not is_writeable_buffer(output):
+                raise TypeError("output must be a bytearray or a writeable memoryview")
+            
+            if len(ciphertext) != len(output):
+                raise ValueError("output must have the same length as the input"
+                                 "  (%d bytes)" % len(plaintext))
+
+        result = raw_ecb_lib.ECB_decrypt(self._state.get(),
+                                         c_uint8_ptr(ciphertext),
+                                         c_uint8_ptr(plaintext),
+                                         c_size_t(len(ciphertext)))
+        if result:
+            if result == 3:
+                raise ValueError("Data must be aligned to block boundary in ECB mode")
+            raise ValueError("Error %d while decrypting in ECB mode" % result)
+
+        if output is None:
+            return get_raw_buffer(plaintext)
+        else:
+            return None
+
+
+def _create_ecb_cipher(factory, **kwargs):
+    """Instantiate a cipher object that performs ECB encryption/decryption.
+
+    :Parameters:
+      factory : module
+        The underlying block cipher, a module from ``Crypto.Cipher``.
+
+    All keywords are passed to the underlying block cipher.
+    See the relevant documentation for details (at least ``key`` will need
+    to be present"""
+
+    cipher_state = factory._create_base_cipher(kwargs)
+    cipher_state.block_size = factory.block_size
+    if kwargs:
+        raise TypeError("Unknown parameters for ECB: %s" % str(kwargs))
+    return EcbMode(cipher_state)

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_ecb.pyi

@@ -0,0 +1,19 @@
+from typing import Union, overload
+
+from Crypto.Util._raw_api import SmartPointer
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+__all__ = [ 'EcbMode' ]
+
+class EcbMode(object):
+    def __init__(self, block_cipher: SmartPointer) -> None: ...
+    @overload
+    def encrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+    @overload
+    def decrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_gcm.py

@@ -0,0 +1,620 @@
+# ===================================================================
+#
+# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# ===================================================================
+
+"""
+Galois/Counter Mode (GCM).
+"""
+
+__all__ = ['GcmMode']
+
+from binascii import unhexlify
+
+from Crypto.Util.py3compat import bord, _copy_bytes
+
+from Crypto.Util._raw_api import is_buffer
+
+from Crypto.Util.number import long_to_bytes, bytes_to_long
+from Crypto.Hash import BLAKE2s
+from Crypto.Random import get_random_bytes
+
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer,
+                                  create_string_buffer, get_raw_buffer,
+                                  SmartPointer, c_size_t, c_uint8_ptr)
+
+from Crypto.Util import _cpu_features
+
+
+# C API by module implementing GHASH
+_ghash_api_template = """
+    int ghash_%imp%(uint8_t y_out[16],
+                    const uint8_t block_data[],
+                    size_t len,
+                    const uint8_t y_in[16],
+                    const void *exp_key);
+    int ghash_expand_%imp%(const uint8_t h[16],
+                           void **ghash_tables);
+    int ghash_destroy_%imp%(void *ghash_tables);
+"""
+
+def _build_impl(lib, postfix):
+    from collections import namedtuple
+
+    funcs = ( "ghash", "ghash_expand", "ghash_destroy" )
+    GHASH_Imp = namedtuple('_GHash_Imp', funcs)
+    try:
+        imp_funcs = [ getattr(lib, x + "_" + postfix) for x in funcs ]
+    except AttributeError:      # Make sphinx stop complaining with its mocklib
+        imp_funcs = [ None ] * 3
+    params = dict(zip(funcs, imp_funcs))
+    return GHASH_Imp(**params)
+
+
+def _get_ghash_portable():
+    api = _ghash_api_template.replace("%imp%", "portable")
+    lib = load_pycryptodome_raw_lib("Crypto.Hash._ghash_portable", api)
+    result = _build_impl(lib, "portable")
+    return result
+_ghash_portable = _get_ghash_portable()
+
+
+def _get_ghash_clmul():
+    """Return None if CLMUL implementation is not available"""
+
+    if not _cpu_features.have_clmul():
+        return None
+    try:
+        api = _ghash_api_template.replace("%imp%", "clmul")
+        lib = load_pycryptodome_raw_lib("Crypto.Hash._ghash_clmul", api)
+        result = _build_impl(lib, "clmul")
+    except OSError:
+        result = None
+    return result
+_ghash_clmul = _get_ghash_clmul()
+
+
+class _GHASH(object):
+    """GHASH function defined in NIST SP 800-38D, Algorithm 2.
+
+    If X_1, X_2, .. X_m are the blocks of input data, the function
+    computes:
+
+       X_1*H^{m} + X_2*H^{m-1} + ... + X_m*H
+
+    in the Galois field GF(2^256) using the reducing polynomial
+    (x^128 + x^7 + x^2 + x + 1).
+    """
+
+    def __init__(self, subkey, ghash_c):
+        assert len(subkey) == 16
+
+        self.ghash_c = ghash_c
+
+        self._exp_key = VoidPointer()
+        result = ghash_c.ghash_expand(c_uint8_ptr(subkey),
+                                      self._exp_key.address_of())
+        if result:
+            raise ValueError("Error %d while expanding the GHASH key" % result)
+
+        self._exp_key = SmartPointer(self._exp_key.get(),
+                                     ghash_c.ghash_destroy)
+
+        # create_string_buffer always returns a string of zeroes
+        self._last_y = create_string_buffer(16)
+
+    def update(self, block_data):
+        assert len(block_data) % 16 == 0
+
+        result = self.ghash_c.ghash(self._last_y,
+                                    c_uint8_ptr(block_data),
+                                    c_size_t(len(block_data)),
+                                    self._last_y,
+                                    self._exp_key.get())
+        if result:
+            raise ValueError("Error %d while updating GHASH" % result)
+
+        return self
+
+    def digest(self):
+        return get_raw_buffer(self._last_y)
+
+
+def enum(**enums):
+    return type('Enum', (), enums)
+
+
+MacStatus = enum(PROCESSING_AUTH_DATA=1, PROCESSING_CIPHERTEXT=2)
+
+
+class GcmMode(object):
+    """Galois Counter Mode (GCM).
+
+    This is an Authenticated Encryption with Associated Data (`AEAD`_) mode.
+    It provides both confidentiality and authenticity.
+
+    The header of the message may be left in the clear, if needed, and it will
+    still be subject to authentication. The decryption step tells the receiver
+    if the message comes from a source that really knowns the secret key.
+    Additionally, decryption detects if any part of the message - including the
+    header - has been modified or corrupted.
+
+    This mode requires a *nonce*.
+
+    This mode is only available for ciphers that operate on 128 bits blocks
+    (e.g. AES but not TDES).
+
+    See `NIST SP800-38D`_.
+
+    .. _`NIST SP800-38D`: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
+    .. _AEAD: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
+
+    :undocumented: __init__
+    """
+
+    def __init__(self, factory, key, nonce, mac_len, cipher_params, ghash_c):
+
+        self.block_size = factory.block_size
+        if self.block_size != 16:
+            raise ValueError("GCM mode is only available for ciphers"
+                             " that operate on 128 bits blocks")
+
+        if len(nonce) == 0:
+            raise ValueError("Nonce cannot be empty")
+        
+        if not is_buffer(nonce):
+            raise TypeError("Nonce must be bytes, bytearray or memoryview")
+
+        # See NIST SP 800 38D, 5.2.1.1
+        if len(nonce) > 2**64 - 1:
+            raise ValueError("Nonce exceeds maximum length")
+
+
+        self.nonce = _copy_bytes(None, None, nonce)
+        """Nonce"""
+
+        self._factory = factory
+        self._key = _copy_bytes(None, None, key)
+        self._tag = None  # Cache for MAC tag
+
+        self._mac_len = mac_len
+        if not (4 <= mac_len <= 16):
+            raise ValueError("Parameter 'mac_len' must be in the range 4..16")
+
+        # Allowed transitions after initialization
+        self._next = [self.update, self.encrypt, self.decrypt,
+                      self.digest, self.verify]
+
+        self._no_more_assoc_data = False
+
+        # Length of associated data
+        self._auth_len = 0
+
+        # Length of the ciphertext or plaintext
+        self._msg_len = 0
+
+        # Step 1 in SP800-38D, Algorithm 4 (encryption) - Compute H
+        # See also Algorithm 5 (decryption)
+        hash_subkey = factory.new(key,
+                                  self._factory.MODE_ECB,
+                                  **cipher_params
+                                  ).encrypt(b'\x00' * 16)
+
+        # Step 2 - Compute J0
+        if len(self.nonce) == 12:
+            j0 = self.nonce + b"\x00\x00\x00\x01"
+        else:
+            fill = (16 - (len(nonce) % 16)) % 16 + 8
+            ghash_in = (self.nonce +
+                        b'\x00' * fill +
+                        long_to_bytes(8 * len(nonce), 8))
+            j0 = _GHASH(hash_subkey, ghash_c).update(ghash_in).digest()
+
+        # Step 3 - Prepare GCTR cipher for encryption/decryption
+        nonce_ctr = j0[:12]
+        iv_ctr = (bytes_to_long(j0) + 1) & 0xFFFFFFFF
+        self._cipher = factory.new(key,
+                                   self._factory.MODE_CTR,
+                                   initial_value=iv_ctr,
+                                   nonce=nonce_ctr,
+                                   **cipher_params)
+
+        # Step 5 - Bootstrat GHASH
+        self._signer = _GHASH(hash_subkey, ghash_c)
+
+        # Step 6 - Prepare GCTR cipher for GMAC
+        self._tag_cipher = factory.new(key,
+                                       self._factory.MODE_CTR,
+                                       initial_value=j0,
+                                       nonce=b"",
+                                       **cipher_params)
+
+        # Cache for data to authenticate
+        self._cache = b""
+
+        self._status = MacStatus.PROCESSING_AUTH_DATA
+
+    def update(self, assoc_data):
+        """Protect associated data
+
+        If there is any associated data, the caller has to invoke
+        this function one or more times, before using
+        ``decrypt`` or ``encrypt``.
+
+        By *associated data* it is meant any data (e.g. packet headers) that
+        will not be encrypted and will be transmitted in the clear.
+        However, the receiver is still able to detect any modification to it.
+        In GCM, the *associated data* is also called
+        *additional authenticated data* (AAD).
+
+        If there is no associated data, this method must not be called.
+
+        The caller may split associated data in segments of any size, and
+        invoke this method multiple times, each time with the next segment.
+
+        :Parameters:
+          assoc_data : bytes/bytearray/memoryview
+            A piece of associated data. There are no restrictions on its size.
+        """
+
+        if self.update not in self._next:
+            raise TypeError("update() can only be called"
+                            " immediately after initialization")
+
+        self._next = [self.update, self.encrypt, self.decrypt,
+                      self.digest, self.verify]
+
+        self._update(assoc_data)
+        self._auth_len += len(assoc_data)
+
+        # See NIST SP 800 38D, 5.2.1.1
+        if self._auth_len > 2**64 - 1:
+            raise ValueError("Additional Authenticated Data exceeds maximum length")
+
+        return self
+
+    def _update(self, data):
+        assert(len(self._cache) < 16)
+
+        if len(self._cache) > 0:
+            filler = min(16 - len(self._cache), len(data))
+            self._cache += _copy_bytes(None, filler, data)
+            data = data[filler:]
+
+            if len(self._cache) < 16:
+                return
+
+            # The cache is exactly one block
+            self._signer.update(self._cache)
+            self._cache = b""
+
+        update_len = len(data) // 16 * 16
+        self._cache = _copy_bytes(update_len, None, data)
+        if update_len > 0:
+            self._signer.update(data[:update_len])
+
+    def _pad_cache_and_update(self):
+        assert(len(self._cache) < 16)
+
+        # The authenticated data A is concatenated to the minimum
+        # number of zero bytes (possibly none) such that the
+        # - ciphertext C is aligned to the 16 byte boundary.
+        #   See step 5 in section 7.1
+        # - ciphertext C is aligned to the 16 byte boundary.
+        #   See step 6 in section 7.2
+        len_cache = len(self._cache)
+        if len_cache > 0:
+            self._update(b'\x00' * (16 - len_cache))
+
+    def encrypt(self, plaintext, output=None):
+        """Encrypt data with the key and the parameters set at initialization.
+
+        A cipher object is stateful: once you have encrypted a message
+        you cannot encrypt (or decrypt) another message using the same
+        object.
+
+        The data to encrypt can be broken up in two or
+        more pieces and `encrypt` can be called multiple times.
+
+        That is, the statement:
+
+            >>> c.encrypt(a) + c.encrypt(b)
+
+        is equivalent to:
+
+             >>> c.encrypt(a+b)
+
+        This function does not add any padding to the plaintext.
+
+        :Parameters:
+          plaintext : bytes/bytearray/memoryview
+            The piece of data to encrypt.
+            It can be of any length.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the ciphertext must be written to.
+            If ``None``, the ciphertext is returned.
+        :Return:
+          If ``output`` is ``None``, the ciphertext as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.encrypt not in self._next:
+            raise TypeError("encrypt() can only be called after"
+                            " initialization or an update()")
+        self._next = [self.encrypt, self.digest]
+
+        ciphertext = self._cipher.encrypt(plaintext, output=output)
+
+        if self._status == MacStatus.PROCESSING_AUTH_DATA:
+            self._pad_cache_and_update()
+            self._status = MacStatus.PROCESSING_CIPHERTEXT
+
+        self._update(ciphertext if output is None else output)
+        self._msg_len += len(plaintext)
+
+        # See NIST SP 800 38D, 5.2.1.1
+        if self._msg_len > 2**39 - 256:
+            raise ValueError("Plaintext exceeds maximum length")
+
+        return ciphertext
+
+    def decrypt(self, ciphertext, output=None):
+        """Decrypt data with the key and the parameters set at initialization.
+
+        A cipher object is stateful: once you have decrypted a message
+        you cannot decrypt (or encrypt) another message with the same
+        object.
+
+        The data to decrypt can be broken up in two or
+        more pieces and `decrypt` can be called multiple times.
+
+        That is, the statement:
+
+            >>> c.decrypt(a) + c.decrypt(b)
+
+        is equivalent to:
+
+             >>> c.decrypt(a+b)
+
+        This function does not remove any padding from the plaintext.
+
+        :Parameters:
+          ciphertext : bytes/bytearray/memoryview
+            The piece of data to decrypt.
+            It can be of any length.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the plaintext must be written to.
+            If ``None``, the plaintext is returned.
+        :Return:
+          If ``output`` is ``None``, the plaintext as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.decrypt not in self._next:
+            raise TypeError("decrypt() can only be called"
+                            " after initialization or an update()")
+        self._next = [self.decrypt, self.verify]
+
+        if self._status == MacStatus.PROCESSING_AUTH_DATA:
+            self._pad_cache_and_update()
+            self._status = MacStatus.PROCESSING_CIPHERTEXT
+
+        self._update(ciphertext)
+        self._msg_len += len(ciphertext)
+
+        return self._cipher.decrypt(ciphertext, output=output)
+
+    def digest(self):
+        """Compute the *binary* MAC tag in an AEAD mode.
+
+        The caller invokes this function at the very end.
+
+        This method returns the MAC that shall be sent to the receiver,
+        together with the ciphertext.
+
+        :Return: the MAC, as a byte string.
+        """
+
+        if self.digest not in self._next:
+            raise TypeError("digest() cannot be called when decrypting"
+                            " or validating a message")
+        self._next = [self.digest]
+
+        return self._compute_mac()
+
+    def _compute_mac(self):
+        """Compute MAC without any FSM checks."""
+
+        if self._tag:
+            return self._tag
+
+        # Step 5 in NIST SP 800-38D, Algorithm 4 - Compute S
+        self._pad_cache_and_update()
+        self._update(long_to_bytes(8 * self._auth_len, 8))
+        self._update(long_to_bytes(8 * self._msg_len, 8))
+        s_tag = self._signer.digest()
+
+        # Step 6 - Compute T
+        self._tag = self._tag_cipher.encrypt(s_tag)[:self._mac_len]
+
+        return self._tag
+
+    def hexdigest(self):
+        """Compute the *printable* MAC tag.
+
+        This method is like `digest`.
+
+        :Return: the MAC, as a hexadecimal string.
+        """
+        return "".join(["%02x" % bord(x) for x in self.digest()])
+
+    def verify(self, received_mac_tag):
+        """Validate the *binary* MAC tag.
+
+        The caller invokes this function at the very end.
+
+        This method checks if the decrypted message is indeed valid
+        (that is, if the key is correct) and it has not been
+        tampered with while in transit.
+
+        :Parameters:
+          received_mac_tag : bytes/bytearray/memoryview
+            This is the *binary* MAC, as received from the sender.
+        :Raises ValueError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        if self.verify not in self._next:
+            raise TypeError("verify() cannot be called"
+                            " when encrypting a message")
+        self._next = [self.verify]
+
+        secret = get_random_bytes(16)
+
+        mac1 = BLAKE2s.new(digest_bits=160, key=secret,
+                           data=self._compute_mac())
+        mac2 = BLAKE2s.new(digest_bits=160, key=secret,
+                           data=received_mac_tag)
+
+        if mac1.digest() != mac2.digest():
+            raise ValueError("MAC check failed")
+
+    def hexverify(self, hex_mac_tag):
+        """Validate the *printable* MAC tag.
+
+        This method is like `verify`.
+
+        :Parameters:
+          hex_mac_tag : string
+            This is the *printable* MAC, as received from the sender.
+        :Raises ValueError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        self.verify(unhexlify(hex_mac_tag))
+
+    def encrypt_and_digest(self, plaintext, output=None):
+        """Perform encrypt() and digest() in one step.
+
+        :Parameters:
+          plaintext : bytes/bytearray/memoryview
+            The piece of data to encrypt.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the ciphertext must be written to.
+            If ``None``, the ciphertext is returned.
+        :Return:
+            a tuple with two items:
+
+            - the ciphertext, as ``bytes``
+            - the MAC tag, as ``bytes``
+
+            The first item becomes ``None`` when the ``output`` parameter
+            specified a location for the result.
+        """
+
+        return self.encrypt(plaintext, output=output), self.digest()
+
+    def decrypt_and_verify(self, ciphertext, received_mac_tag, output=None):
+        """Perform decrypt() and verify() in one step.
+
+        :Parameters:
+          ciphertext : bytes/bytearray/memoryview
+            The piece of data to decrypt.
+          received_mac_tag : byte string
+            This is the *binary* MAC, as received from the sender.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the plaintext must be written to.
+            If ``None``, the plaintext is returned.
+        :Return: the plaintext as ``bytes`` or ``None`` when the ``output``
+            parameter specified a location for the result.
+        :Raises ValueError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        plaintext = self.decrypt(ciphertext, output=output)
+        self.verify(received_mac_tag)
+        return plaintext
+
+
+def _create_gcm_cipher(factory, **kwargs):
+    """Create a new block cipher, configured in Galois Counter Mode (GCM).
+
+    :Parameters:
+      factory : module
+        A block cipher module, taken from `Crypto.Cipher`.
+        The cipher must have block length of 16 bytes.
+        GCM has been only defined for `Crypto.Cipher.AES`.
+
+    :Keywords:
+      key : bytes/bytearray/memoryview
+        The secret key to use in the symmetric cipher.
+        It must be 16 (e.g. *AES-128*), 24 (e.g. *AES-192*)
+        or 32 (e.g. *AES-256*) bytes long.
+
+      nonce : bytes/bytearray/memoryview
+        A value that must never be reused for any other encryption.
+
+        There are no restrictions on its length,
+        but it is recommended to use at least 16 bytes.
+
+        The nonce shall never repeat for two
+        different messages encrypted with the same key,
+        but it does not need to be random.
+
+        If not provided, a 16 byte nonce will be randomly created.
+
+      mac_len : integer
+        Length of the MAC, in bytes.
+        It must be no larger than 16 bytes (which is the default).
+    """
+
+    try:
+        key = kwargs.pop("key")
+    except KeyError as e:
+        raise TypeError("Missing parameter:" + str(e))
+
+    nonce = kwargs.pop("nonce", None)
+    if nonce is None:
+        nonce = get_random_bytes(16)
+    mac_len = kwargs.pop("mac_len", 16)
+
+    # Not documented - only used for testing
+    use_clmul = kwargs.pop("use_clmul", True)
+    if use_clmul and _ghash_clmul:
+        ghash_c = _ghash_clmul
+    else:
+        ghash_c = _ghash_portable
+
+    return GcmMode(factory, key, nonce, mac_len, kwargs, ghash_c)

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_gcm.pyi

@@ -0,0 +1,45 @@
+from types import ModuleType
+from typing import Union, Tuple, Dict, overload, Optional
+
+__all__ = ['GcmMode']
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+class GcmMode(object):
+    block_size: int
+    nonce: Buffer
+    
+    def __init__(self,
+                 factory: ModuleType,
+                 key: Buffer,
+                 nonce: Buffer,
+                 mac_len: int,
+                 cipher_params: Dict) -> None: ...
+    
+    def update(self, assoc_data: Buffer) -> GcmMode: ...
+
+    @overload
+    def encrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+    @overload
+    def decrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+
+    def digest(self) -> bytes: ...
+    def hexdigest(self) -> str: ...
+    def verify(self, received_mac_tag: Buffer) -> None: ...
+    def hexverify(self, hex_mac_tag: str) -> None: ...
+
+    @overload
+    def encrypt_and_digest(self,
+                           plaintext: Buffer) -> Tuple[bytes, bytes]: ...
+    @overload
+    def encrypt_and_digest(self,
+                           plaintext: Buffer,
+                           output: Buffer) -> Tuple[None, bytes]: ...
+    def decrypt_and_verify(self,
+                           ciphertext: Buffer,
+                           received_mac_tag: Buffer,
+                           output: Optional[Union[bytearray, memoryview]] = ...) -> bytes: ...

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_ocb.py

@@ -0,0 +1,525 @@
+# ===================================================================
+#
+# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# ===================================================================
+
+"""
+Offset Codebook (OCB) mode.
+
+OCB is Authenticated Encryption with Associated Data (AEAD) cipher mode
+designed by Prof. Phillip Rogaway and specified in `RFC7253`_.
+
+The algorithm provides both authenticity and privacy, it is very efficient,
+it uses only one key and it can be used in online mode (so that encryption
+or decryption can start before the end of the message is available).
+
+This module implements the third and last variant of OCB (OCB3) and it only
+works in combination with a 128-bit block symmetric cipher, like AES.
+
+OCB is patented in US but `free licenses`_ exist for software implementations
+meant for non-military purposes.
+
+Example:
+    >>> from Crypto.Cipher import AES
+    >>> from Crypto.Random import get_random_bytes
+    >>>
+    >>> key = get_random_bytes(32)
+    >>> cipher = AES.new(key, AES.MODE_OCB)
+    >>> plaintext = b"Attack at dawn"
+    >>> ciphertext, mac = cipher.encrypt_and_digest(plaintext)
+    >>> # Deliver cipher.nonce, ciphertext and mac
+    ...
+    >>> cipher = AES.new(key, AES.MODE_OCB, nonce=nonce)
+    >>> try:
+    >>>     plaintext = cipher.decrypt_and_verify(ciphertext, mac)
+    >>> except ValueError:
+    >>>     print "Invalid message"
+    >>> else:
+    >>>     print plaintext
+
+:undocumented: __package__
+
+.. _RFC7253: http://www.rfc-editor.org/info/rfc7253
+.. _free licenses: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
+"""
+
+import struct
+from binascii import unhexlify
+
+from Crypto.Util.py3compat import bord, _copy_bytes
+from Crypto.Util.number import long_to_bytes, bytes_to_long
+from Crypto.Util.strxor import strxor
+
+from Crypto.Hash import BLAKE2s
+from Crypto.Random import get_random_bytes
+
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer,
+                                  create_string_buffer, get_raw_buffer,
+                                  SmartPointer, c_size_t, c_uint8_ptr,
+                                  is_buffer)
+
+_raw_ocb_lib = load_pycryptodome_raw_lib("Crypto.Cipher._raw_ocb", """
+                                    int OCB_start_operation(void *cipher,
+                                        const uint8_t *offset_0,
+                                        size_t offset_0_len,
+                                        void **pState);
+                                    int OCB_encrypt(void *state,
+                                        const uint8_t *in,
+                                        uint8_t *out,
+                                        size_t data_len);
+                                    int OCB_decrypt(void *state,
+                                        const uint8_t *in,
+                                        uint8_t *out,
+                                        size_t data_len);
+                                    int OCB_update(void *state,
+                                        const uint8_t *in,
+                                        size_t data_len);
+                                    int OCB_digest(void *state,
+                                        uint8_t *tag,
+                                        size_t tag_len);
+                                    int OCB_stop_operation(void *state);
+                                    """)
+
+
+class OcbMode(object):
+    """Offset Codebook (OCB) mode.
+
+    :undocumented: __init__
+    """
+
+    def __init__(self, factory, nonce, mac_len, cipher_params):
+
+        if factory.block_size != 16:
+            raise ValueError("OCB mode is only available for ciphers"
+                             " that operate on 128 bits blocks")
+
+        self.block_size = 16
+        """The block size of the underlying cipher, in bytes."""
+
+        self.nonce = _copy_bytes(None, None, nonce)
+        """Nonce used for this session."""
+        if len(nonce) not in range(1, 16):
+            raise ValueError("Nonce must be at most 15 bytes long")
+        if not is_buffer(nonce):
+            raise TypeError("Nonce must be bytes, bytearray or memoryview")
+
+        self._mac_len = mac_len
+        if not 8 <= mac_len <= 16:
+            raise ValueError("MAC tag must be between 8 and 16 bytes long")
+
+        # Cache for MAC tag
+        self._mac_tag = None
+
+        # Cache for unaligned associated data
+        self._cache_A = b""
+
+        # Cache for unaligned ciphertext/plaintext
+        self._cache_P = b""
+
+        # Allowed transitions after initialization
+        self._next = [self.update, self.encrypt, self.decrypt,
+                      self.digest, self.verify]
+
+        # Compute Offset_0
+        params_without_key = dict(cipher_params)
+        key = params_without_key.pop("key")
+        nonce = (struct.pack('B', self._mac_len << 4 & 0xFF) +
+                 b'\x00' * (14 - len(nonce)) +
+                 b'\x01' + self.nonce)
+
+        bottom_bits = bord(nonce[15]) & 0x3F    # 6 bits, 0..63
+        top_bits = bord(nonce[15]) & 0xC0       # 2 bits
+
+        ktop_cipher = factory.new(key,
+                                  factory.MODE_ECB,
+                                  **params_without_key)
+        ktop = ktop_cipher.encrypt(struct.pack('15sB',
+                                               nonce[:15],
+                                               top_bits))
+
+        stretch = ktop + strxor(ktop[:8], ktop[1:9])    # 192 bits
+        offset_0 = long_to_bytes(bytes_to_long(stretch) >>
+                                 (64 - bottom_bits), 24)[8:]
+
+        # Create low-level cipher instance
+        raw_cipher = factory._create_base_cipher(cipher_params)
+        if cipher_params:
+            raise TypeError("Unknown keywords: " + str(cipher_params))
+
+        self._state = VoidPointer()
+        result = _raw_ocb_lib.OCB_start_operation(raw_cipher.get(),
+                                                  offset_0,
+                                                  c_size_t(len(offset_0)),
+                                                  self._state.address_of())
+        if result:
+            raise ValueError("Error %d while instantiating the OCB mode"
+                             % result)
+
+        # Ensure that object disposal of this Python object will (eventually)
+        # free the memory allocated by the raw library for the cipher mode
+        self._state = SmartPointer(self._state.get(),
+                                   _raw_ocb_lib.OCB_stop_operation)
+
+        # Memory allocated for the underlying block cipher is now owed
+        # by the cipher mode
+        raw_cipher.release()
+
+    def _update(self, assoc_data, assoc_data_len):
+        result = _raw_ocb_lib.OCB_update(self._state.get(),
+                                         c_uint8_ptr(assoc_data),
+                                         c_size_t(assoc_data_len))
+        if result:
+            raise ValueError("Error %d while computing MAC in OCB mode" % result)
+
+    def update(self, assoc_data):
+        """Process the associated data.
+
+        If there is any associated data, the caller has to invoke
+        this method one or more times, before using
+        ``decrypt`` or ``encrypt``.
+
+        By *associated data* it is meant any data (e.g. packet headers) that
+        will not be encrypted and will be transmitted in the clear.
+        However, the receiver shall still able to detect modifications.
+
+        If there is no associated data, this method must not be called.
+
+        The caller may split associated data in segments of any size, and
+        invoke this method multiple times, each time with the next segment.
+
+        :Parameters:
+          assoc_data : bytes/bytearray/memoryview
+            A piece of associated data.
+        """
+
+        if self.update not in self._next:
+            raise TypeError("update() can only be called"
+                            " immediately after initialization")
+
+        self._next = [self.encrypt, self.decrypt, self.digest,
+                      self.verify, self.update]
+
+        if len(self._cache_A) > 0:
+            filler = min(16 - len(self._cache_A), len(assoc_data))
+            self._cache_A += _copy_bytes(None, filler, assoc_data)
+            assoc_data = assoc_data[filler:]
+
+            if len(self._cache_A) < 16:
+                return self
+
+            # Clear the cache, and proceeding with any other aligned data
+            self._cache_A, seg = b"", self._cache_A
+            self.update(seg)
+
+        update_len = len(assoc_data) // 16 * 16
+        self._cache_A = _copy_bytes(update_len, None, assoc_data)
+        self._update(assoc_data, update_len)
+        return self
+
+    def _transcrypt_aligned(self, in_data, in_data_len,
+                            trans_func, trans_desc):
+
+        out_data = create_string_buffer(in_data_len)
+        result = trans_func(self._state.get(),
+                            in_data,
+                            out_data,
+                            c_size_t(in_data_len))
+        if result:
+            raise ValueError("Error %d while %sing in OCB mode"
+                             % (result, trans_desc))
+        return get_raw_buffer(out_data)
+
+    def _transcrypt(self, in_data, trans_func, trans_desc):
+        # Last piece to encrypt/decrypt
+        if in_data is None:
+            out_data = self._transcrypt_aligned(self._cache_P,
+                                                len(self._cache_P),
+                                                trans_func,
+                                                trans_desc)
+            self._cache_P = b""
+            return out_data
+
+        # Try to fill up the cache, if it already contains something
+        prefix = b""
+        if len(self._cache_P) > 0:
+            filler = min(16 - len(self._cache_P), len(in_data))
+            self._cache_P += _copy_bytes(None, filler, in_data)
+            in_data = in_data[filler:]
+
+            if len(self._cache_P) < 16:
+                # We could not manage to fill the cache, so there is certainly
+                # no output yet.
+                return b""
+
+            # Clear the cache, and proceeding with any other aligned data
+            prefix = self._transcrypt_aligned(self._cache_P,
+                                              len(self._cache_P),
+                                              trans_func,
+                                              trans_desc)
+            self._cache_P = b""
+
+        # Process data in multiples of the block size
+        trans_len = len(in_data) // 16 * 16
+        result = self._transcrypt_aligned(c_uint8_ptr(in_data),
+                                          trans_len,
+                                          trans_func,
+                                          trans_desc)
+        if prefix:
+            result = prefix + result
+
+        # Left-over
+        self._cache_P = _copy_bytes(trans_len, None, in_data)
+
+        return result
+
+    def encrypt(self, plaintext=None):
+        """Encrypt the next piece of plaintext.
+
+        After the entire plaintext has been passed (but before `digest`),
+        you **must** call this method one last time with no arguments to collect
+        the final piece of ciphertext.
+
+        If possible, use the method `encrypt_and_digest` instead.
+
+        :Parameters:
+          plaintext : bytes/bytearray/memoryview
+            The next piece of data to encrypt or ``None`` to signify
+            that encryption has finished and that any remaining ciphertext
+            has to be produced.
+        :Return:
+            the ciphertext, as a byte string.
+            Its length may not match the length of the *plaintext*.
+        """
+
+        if self.encrypt not in self._next:
+            raise TypeError("encrypt() can only be called after"
+                            " initialization or an update()")
+
+        if plaintext is None:
+            self._next = [self.digest]
+        else:
+            self._next = [self.encrypt]
+        return self._transcrypt(plaintext, _raw_ocb_lib.OCB_encrypt, "encrypt")
+
+    def decrypt(self, ciphertext=None):
+        """Decrypt the next piece of ciphertext.
+
+        After the entire ciphertext has been passed (but before `verify`),
+        you **must** call this method one last time with no arguments to collect
+        the remaining piece of plaintext.
+
+        If possible, use the method `decrypt_and_verify` instead.
+
+        :Parameters:
+          ciphertext : bytes/bytearray/memoryview
+            The next piece of data to decrypt or ``None`` to signify
+            that decryption has finished and that any remaining plaintext
+            has to be produced.
+        :Return:
+            the plaintext, as a byte string.
+            Its length may not match the length of the *ciphertext*.
+        """
+
+        if self.decrypt not in self._next:
+            raise TypeError("decrypt() can only be called after"
+                            " initialization or an update()")
+
+        if ciphertext is None:
+            self._next = [self.verify]
+        else:
+            self._next = [self.decrypt]
+        return self._transcrypt(ciphertext,
+                                _raw_ocb_lib.OCB_decrypt,
+                                "decrypt")
+
+    def _compute_mac_tag(self):
+
+        if self._mac_tag is not None:
+            return
+
+        if self._cache_A:
+            self._update(self._cache_A, len(self._cache_A))
+            self._cache_A = b""
+
+        mac_tag = create_string_buffer(16)
+        result = _raw_ocb_lib.OCB_digest(self._state.get(),
+                                         mac_tag,
+                                         c_size_t(len(mac_tag))
+                                         )
+        if result:
+            raise ValueError("Error %d while computing digest in OCB mode"
+                             % result)
+        self._mac_tag = get_raw_buffer(mac_tag)[:self._mac_len]
+
+    def digest(self):
+        """Compute the *binary* MAC tag.
+
+        Call this method after the final `encrypt` (the one with no arguments)
+        to obtain the MAC tag.
+
+        The MAC tag is needed by the receiver to determine authenticity
+        of the message.
+
+        :Return: the MAC, as a byte string.
+        """
+
+        if self.digest not in self._next:
+            raise TypeError("digest() cannot be called now for this cipher")
+
+        assert(len(self._cache_P) == 0)
+
+        self._next = [self.digest]
+
+        if self._mac_tag is None:
+            self._compute_mac_tag()
+
+        return self._mac_tag
+
+    def hexdigest(self):
+        """Compute the *printable* MAC tag.
+
+        This method is like `digest`.
+
+        :Return: the MAC, as a hexadecimal string.
+        """
+        return "".join(["%02x" % bord(x) for x in self.digest()])
+
+    def verify(self, received_mac_tag):
+        """Validate the *binary* MAC tag.
+
+        Call this method after the final `decrypt` (the one with no arguments)
+        to check if the message is authentic and valid.
+
+        :Parameters:
+          received_mac_tag : bytes/bytearray/memoryview
+            This is the *binary* MAC, as received from the sender.
+        :Raises ValueError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        if self.verify not in self._next:
+            raise TypeError("verify() cannot be called now for this cipher")
+
+        assert(len(self._cache_P) == 0)
+
+        self._next = [self.verify]
+
+        if self._mac_tag is None:
+            self._compute_mac_tag()
+
+        secret = get_random_bytes(16)
+        mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=self._mac_tag)
+        mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=received_mac_tag)
+
+        if mac1.digest() != mac2.digest():
+            raise ValueError("MAC check failed")
+
+    def hexverify(self, hex_mac_tag):
+        """Validate the *printable* MAC tag.
+
+        This method is like `verify`.
+
+        :Parameters:
+          hex_mac_tag : string
+            This is the *printable* MAC, as received from the sender.
+        :Raises ValueError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        self.verify(unhexlify(hex_mac_tag))
+
+    def encrypt_and_digest(self, plaintext):
+        """Encrypt the message and create the MAC tag in one step.
+
+        :Parameters:
+          plaintext : bytes/bytearray/memoryview
+            The entire message to encrypt.
+        :Return:
+            a tuple with two byte strings:
+
+            - the encrypted data
+            - the MAC
+        """
+
+        return self.encrypt(plaintext) + self.encrypt(), self.digest()
+
+    def decrypt_and_verify(self, ciphertext, received_mac_tag):
+        """Decrypted the message and verify its authenticity in one step.
+
+        :Parameters:
+          ciphertext : bytes/bytearray/memoryview
+            The entire message to decrypt.
+          received_mac_tag : byte string
+            This is the *binary* MAC, as received from the sender.
+
+        :Return: the decrypted data (byte string).
+        :Raises ValueError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        plaintext = self.decrypt(ciphertext) + self.decrypt()
+        self.verify(received_mac_tag)
+        return plaintext
+
+
+def _create_ocb_cipher(factory, **kwargs):
+    """Create a new block cipher, configured in OCB mode.
+
+    :Parameters:
+      factory : module
+        A symmetric cipher module from `Crypto.Cipher`
+        (like `Crypto.Cipher.AES`).
+
+    :Keywords:
+      nonce : bytes/bytearray/memoryview
+        A  value that must never be reused for any other encryption.
+        Its length can vary from 1 to 15 bytes.
+        If not specified, a random 15 bytes long nonce is generated.
+
+      mac_len : integer
+        Length of the MAC, in bytes.
+        It must be in the range ``[8..16]``.
+        The default is 16 (128 bits).
+
+    Any other keyword will be passed to the underlying block cipher.
+    See the relevant documentation for details (at least ``key`` will need
+    to be present).
+    """
+
+    try:
+        nonce = kwargs.pop("nonce", None)
+        if nonce is None:
+            nonce = get_random_bytes(15)
+        mac_len = kwargs.pop("mac_len", 16)
+    except KeyError as e:
+        raise TypeError("Keyword missing: " + str(e))
+
+    return OcbMode(factory, nonce, mac_len, kwargs)

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_ocb.pyi

@@ -0,0 +1,36 @@
+from types import ModuleType
+from typing import Union, Any, Optional, Tuple, Dict, overload
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+class OcbMode(object):
+    block_size: int
+    nonce: Buffer
+
+    def __init__(self,
+                 factory: ModuleType,
+                 nonce: Buffer,
+                 mac_len: int,
+                 cipher_params: Dict) -> None: ...
+    
+    def update(self, assoc_data: Buffer) -> OcbMode: ...
+
+    @overload
+    def encrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+    @overload
+    def decrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+
+    def digest(self) -> bytes: ...
+    def hexdigest(self) -> str: ...
+    def verify(self, received_mac_tag: Buffer) -> None: ...
+    def hexverify(self, hex_mac_tag: str) -> None: ...
+
+    def encrypt_and_digest(self,
+                           plaintext: Buffer) -> Tuple[bytes, bytes]: ...
+    def decrypt_and_verify(self,
+                           ciphertext: Buffer,
+                           received_mac_tag: Buffer) -> bytes: ...

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_ofb.py

@@ -0,0 +1,282 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/mode_ofb.py : OFB mode
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""
+Output Feedback (CFB) mode.
+"""
+
+__all__ = ['OfbMode']
+
+from Crypto.Util.py3compat import _copy_bytes
+from Crypto.Util._raw_api import (load_pycryptodome_raw_lib, VoidPointer,
+                                  create_string_buffer, get_raw_buffer,
+                                  SmartPointer, c_size_t, c_uint8_ptr,
+                                  is_writeable_buffer)
+
+from Crypto.Random import get_random_bytes
+
+raw_ofb_lib = load_pycryptodome_raw_lib("Crypto.Cipher._raw_ofb", """
+                        int OFB_start_operation(void *cipher,
+                                                const uint8_t iv[],
+                                                size_t iv_len,
+                                                void **pResult);
+                        int OFB_encrypt(void *ofbState,
+                                        const uint8_t *in,
+                                        uint8_t *out,
+                                        size_t data_len);
+                        int OFB_decrypt(void *ofbState,
+                                        const uint8_t *in,
+                                        uint8_t *out,
+                                        size_t data_len);
+                        int OFB_stop_operation(void *state);
+                        """
+                                        )
+
+
+class OfbMode(object):
+    """*Output FeedBack (OFB)*.
+
+    This mode is very similar to CBC, but it
+    transforms the underlying block cipher into a stream cipher.
+
+    The keystream is the iterated block encryption of the
+    previous ciphertext block.
+
+    An Initialization Vector (*IV*) is required.
+
+    See `NIST SP800-38A`_ , Section 6.4.
+
+    .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+
+    :undocumented: __init__
+    """
+
+    def __init__(self, block_cipher, iv):
+        """Create a new block cipher, configured in OFB mode.
+
+        :Parameters:
+          block_cipher : C pointer
+            A smart pointer to the low-level block cipher instance.
+
+          iv : bytes/bytearray/memoryview
+            The initialization vector to use for encryption or decryption.
+            It is as long as the cipher block.
+
+            **The IV must be a nonce, to to be reused for any other
+            message**. It shall be a nonce or a random value.
+
+            Reusing the *IV* for encryptions performed with the same key
+            compromises confidentiality.
+        """
+
+        self._state = VoidPointer()
+        result = raw_ofb_lib.OFB_start_operation(block_cipher.get(),
+                                                 c_uint8_ptr(iv),
+                                                 c_size_t(len(iv)),
+                                                 self._state.address_of())
+        if result:
+            raise ValueError("Error %d while instantiating the OFB mode"
+                             % result)
+
+        # Ensure that object disposal of this Python object will (eventually)
+        # free the memory allocated by the raw library for the cipher mode
+        self._state = SmartPointer(self._state.get(),
+                                   raw_ofb_lib.OFB_stop_operation)
+
+        # Memory allocated for the underlying block cipher is now owed
+        # by the cipher mode
+        block_cipher.release()
+
+        self.block_size = len(iv)
+        """The block size of the underlying cipher, in bytes."""
+
+        self.iv = _copy_bytes(None, None, iv)
+        """The Initialization Vector originally used to create the object.
+        The value does not change."""
+
+        self.IV = self.iv
+        """Alias for `iv`"""
+
+        self._next = [ self.encrypt, self.decrypt ]
+
+    def encrypt(self, plaintext, output=None):
+        """Encrypt data with the key and the parameters set at initialization.
+
+        A cipher object is stateful: once you have encrypted a message
+        you cannot encrypt (or decrypt) another message using the same
+        object.
+
+        The data to encrypt can be broken up in two or
+        more pieces and `encrypt` can be called multiple times.
+
+        That is, the statement:
+
+            >>> c.encrypt(a) + c.encrypt(b)
+
+        is equivalent to:
+
+             >>> c.encrypt(a+b)
+
+        This function does not add any padding to the plaintext.
+
+        :Parameters:
+          plaintext : bytes/bytearray/memoryview
+            The piece of data to encrypt.
+            It can be of any length.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the ciphertext must be written to.
+            If ``None``, the ciphertext is returned.
+        :Return:
+          If ``output`` is ``None``, the ciphertext is returned as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.encrypt not in self._next:
+            raise TypeError("encrypt() cannot be called after decrypt()")
+        self._next = [ self.encrypt ]
+        
+        if output is None:
+            ciphertext = create_string_buffer(len(plaintext))
+        else:
+            ciphertext = output
+            
+            if not is_writeable_buffer(output):
+                raise TypeError("output must be a bytearray or a writeable memoryview")
+        
+            if len(plaintext) != len(output):
+                raise ValueError("output must have the same length as the input"
+                                 "  (%d bytes)" % len(plaintext))
+
+        result = raw_ofb_lib.OFB_encrypt(self._state.get(),
+                                         c_uint8_ptr(plaintext),
+                                         c_uint8_ptr(ciphertext),
+                                         c_size_t(len(plaintext)))
+        if result:
+            raise ValueError("Error %d while encrypting in OFB mode" % result)
+
+        if output is None:
+            return get_raw_buffer(ciphertext)
+        else:
+            return None
+
+    def decrypt(self, ciphertext, output=None):
+        """Decrypt data with the key and the parameters set at initialization.
+
+        A cipher object is stateful: once you have decrypted a message
+        you cannot decrypt (or encrypt) another message with the same
+        object.
+
+        The data to decrypt can be broken up in two or
+        more pieces and `decrypt` can be called multiple times.
+
+        That is, the statement:
+
+            >>> c.decrypt(a) + c.decrypt(b)
+
+        is equivalent to:
+
+             >>> c.decrypt(a+b)
+
+        This function does not remove any padding from the plaintext.
+
+        :Parameters:
+          ciphertext : bytes/bytearray/memoryview
+            The piece of data to decrypt.
+            It can be of any length.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the plaintext is written to.
+            If ``None``, the plaintext is returned.
+        :Return:
+          If ``output`` is ``None``, the plaintext is returned as ``bytes``.
+          Otherwise, ``None``.
+        """
+
+        if self.decrypt not in self._next:
+            raise TypeError("decrypt() cannot be called after encrypt()")
+        self._next = [ self.decrypt ]
+        
+        if output is None:
+            plaintext = create_string_buffer(len(ciphertext))
+        else:
+            plaintext = output
+
+            if not is_writeable_buffer(output):
+                raise TypeError("output must be a bytearray or a writeable memoryview")
+            
+            if len(ciphertext) != len(output):
+                raise ValueError("output must have the same length as the input"
+                                 "  (%d bytes)" % len(plaintext))
+
+        result = raw_ofb_lib.OFB_decrypt(self._state.get(),
+                                         c_uint8_ptr(ciphertext),
+                                         c_uint8_ptr(plaintext),
+                                         c_size_t(len(ciphertext)))
+        if result:
+            raise ValueError("Error %d while decrypting in OFB mode" % result)
+
+        if output is None:
+            return get_raw_buffer(plaintext)
+        else:
+            return None
+
+
+def _create_ofb_cipher(factory, **kwargs):
+    """Instantiate a cipher object that performs OFB encryption/decryption.
+
+    :Parameters:
+      factory : module
+        The underlying block cipher, a module from ``Crypto.Cipher``.
+
+    :Keywords:
+      iv : bytes/bytearray/memoryview
+        The IV to use for OFB.
+
+      IV : bytes/bytearray/memoryview
+        Alias for ``iv``.
+
+    Any other keyword will be passed to the underlying block cipher.
+    See the relevant documentation for details (at least ``key`` will need
+    to be present).
+    """
+
+    cipher_state = factory._create_base_cipher(kwargs)
+    iv = kwargs.pop("IV", None)
+    IV = kwargs.pop("iv", None)
+
+    if (None, None) == (iv, IV):
+        iv = get_random_bytes(factory.block_size)
+    if iv is not None:
+        if IV is not None:
+            raise TypeError("You must either use 'iv' or 'IV', not both")
+    else:
+        iv = IV
+
+    if len(iv) != factory.block_size:
+        raise ValueError("Incorrect IV length (it must be %d bytes long)" %
+                factory.block_size)
+
+    if kwargs:
+        raise TypeError("Unknown parameters for OFB: %s" % str(kwargs))
+
+    return OfbMode(cipher_state, iv)

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_ofb.pyi

@@ -0,0 +1,25 @@
+from typing import Union, overload
+
+from Crypto.Util._raw_api import SmartPointer
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+__all__ = ['OfbMode']
+
+class OfbMode(object):
+    block_size: int
+    iv: Buffer
+    IV: Buffer
+    
+    def __init__(self,
+                 block_cipher: SmartPointer,
+                 iv: Buffer) -> None: ...
+    @overload
+    def encrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def encrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+    @overload
+    def decrypt(self, plaintext: Buffer) -> bytes: ...
+    @overload
+    def decrypt(self, plaintext: Buffer, output: Union[bytearray, memoryview]) -> None: ...
+

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_openpgp.py

@@ -0,0 +1,206 @@
+# ===================================================================
+#
+# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# ===================================================================
+
+"""
+OpenPGP mode.
+"""
+
+__all__ = ['OpenPgpMode']
+
+from Crypto.Util.py3compat import _copy_bytes
+from Crypto.Random import get_random_bytes
+
+class OpenPgpMode(object):
+    """OpenPGP mode.
+
+    This mode is a variant of CFB, and it is only used in PGP and
+    OpenPGP_ applications. If in doubt, use another mode.
+
+    An Initialization Vector (*IV*) is required.
+
+    Unlike CFB, the *encrypted* IV (not the IV itself) is
+    transmitted to the receiver.
+
+    The IV is a random data block. For legacy reasons, two of its bytes are
+    duplicated to act as a checksum for the correctness of the key, which is now
+    known to be insecure and is ignored. The encrypted IV is therefore 2 bytes
+    longer than the clean IV.
+
+    .. _OpenPGP: http://tools.ietf.org/html/rfc4880
+
+    :undocumented: __init__
+    """
+
+    def __init__(self, factory, key, iv, cipher_params):
+
+        #: The block size of the underlying cipher, in bytes.
+        self.block_size = factory.block_size
+
+        self._done_first_block = False  # True after the first encryption
+
+        # Instantiate a temporary cipher to process the IV
+        IV_cipher = factory.new(
+                        key,
+                        factory.MODE_CFB,
+                        IV=b'\x00' * self.block_size,
+                        segment_size=self.block_size * 8,
+                        **cipher_params)
+
+        iv = _copy_bytes(None, None, iv)
+
+        # The cipher will be used for...
+        if len(iv) == self.block_size:
+            # ... encryption
+            self._encrypted_IV = IV_cipher.encrypt(iv + iv[-2:])
+        elif len(iv) == self.block_size + 2:
+            # ... decryption
+            self._encrypted_IV = iv
+            # Last two bytes are for a deprecated "quick check" feature that
+            # should not be used. (https://eprint.iacr.org/2005/033)
+            iv = IV_cipher.decrypt(iv)[:-2]
+        else:
+            raise ValueError("Length of IV must be %d or %d bytes"
+                             " for MODE_OPENPGP"
+                             % (self.block_size, self.block_size + 2))
+
+        self.iv = self.IV = iv
+
+        # Instantiate the cipher for the real PGP data
+        self._cipher = factory.new(
+                            key,
+                            factory.MODE_CFB,
+                            IV=self._encrypted_IV[-self.block_size:],
+                            segment_size=self.block_size * 8,
+                            **cipher_params)
+
+    def encrypt(self, plaintext):
+        """Encrypt data with the key and the parameters set at initialization.
+
+        A cipher object is stateful: once you have encrypted a message
+        you cannot encrypt (or decrypt) another message using the same
+        object.
+
+        The data to encrypt can be broken up in two or
+        more pieces and `encrypt` can be called multiple times.
+
+        That is, the statement:
+
+            >>> c.encrypt(a) + c.encrypt(b)
+
+        is equivalent to:
+
+             >>> c.encrypt(a+b)
+
+        This function does not add any padding to the plaintext.
+
+        :Parameters:
+          plaintext : bytes/bytearray/memoryview
+            The piece of data to encrypt.
+
+        :Return:
+            the encrypted data, as a byte string.
+            It is as long as *plaintext* with one exception:
+            when encrypting the first message chunk,
+            the encypted IV is prepended to the returned ciphertext.
+        """
+
+        res = self._cipher.encrypt(plaintext)
+        if not self._done_first_block:
+            res = self._encrypted_IV + res
+            self._done_first_block = True
+        return res
+
+    def decrypt(self, ciphertext):
+        """Decrypt data with the key and the parameters set at initialization.
+
+        A cipher object is stateful: once you have decrypted a message
+        you cannot decrypt (or encrypt) another message with the same
+        object.
+
+        The data to decrypt can be broken up in two or
+        more pieces and `decrypt` can be called multiple times.
+
+        That is, the statement:
+
+            >>> c.decrypt(a) + c.decrypt(b)
+
+        is equivalent to:
+
+             >>> c.decrypt(a+b)
+
+        This function does not remove any padding from the plaintext.
+
+        :Parameters:
+          ciphertext : bytes/bytearray/memoryview
+            The piece of data to decrypt.
+
+        :Return: the decrypted data (byte string).
+        """
+
+        return self._cipher.decrypt(ciphertext)
+
+
+def _create_openpgp_cipher(factory, **kwargs):
+    """Create a new block cipher, configured in OpenPGP mode.
+
+    :Parameters:
+      factory : module
+        The module.
+
+    :Keywords:
+      key : bytes/bytearray/memoryview
+        The secret key to use in the symmetric cipher.
+
+      IV : bytes/bytearray/memoryview
+        The initialization vector to use for encryption or decryption.
+
+        For encryption, the IV must be as long as the cipher block size.
+
+        For decryption, it must be 2 bytes longer (it is actually the
+        *encrypted* IV which was prefixed to the ciphertext).
+    """
+
+    iv = kwargs.pop("IV", None)
+    IV = kwargs.pop("iv", None)
+
+    if (None, None) == (iv, IV):
+        iv = get_random_bytes(factory.block_size)
+    if iv is not None:
+        if IV is not None:
+            raise TypeError("You must either use 'iv' or 'IV', not both")
+    else:
+        iv = IV
+
+    try:
+        key = kwargs.pop("key")
+    except KeyError as e:
+        raise TypeError("Missing component: " + str(e))
+
+    return OpenPgpMode(factory, key, iv, kwargs)

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_openpgp.pyi

@@ -0,0 +1,20 @@
+from types import ModuleType
+from typing import Union, Dict
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+__all__ = ['OpenPgpMode']
+
+class OpenPgpMode(object):
+    block_size: int
+    iv: Union[bytes, bytearray, memoryview]
+    IV: Union[bytes, bytearray, memoryview]
+    
+    def __init__(self,
+                 factory: ModuleType,
+                 key: Buffer,
+                 iv: Buffer,
+                 cipher_params: Dict) -> None: ...
+    def encrypt(self, plaintext: Buffer) -> bytes: ...
+    def decrypt(self, plaintext: Buffer) -> bytes: ...
+

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_siv.py

@@ -0,0 +1,392 @@
+# ===================================================================
+#
+# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+# ===================================================================
+
+"""
+Synthetic Initialization Vector (SIV) mode.
+"""
+
+__all__ = ['SivMode']
+
+from binascii import hexlify, unhexlify
+
+from Crypto.Util.py3compat import bord, _copy_bytes
+
+from Crypto.Util._raw_api import is_buffer
+
+from Crypto.Util.number import long_to_bytes, bytes_to_long
+from Crypto.Protocol.KDF import _S2V
+from Crypto.Hash import BLAKE2s
+from Crypto.Random import get_random_bytes
+
+
+class SivMode(object):
+    """Synthetic Initialization Vector (SIV).
+
+    This is an Authenticated Encryption with Associated Data (`AEAD`_) mode.
+    It provides both confidentiality and authenticity.
+
+    The header of the message may be left in the clear, if needed, and it will
+    still be subject to authentication. The decryption step tells the receiver
+    if the message comes from a source that really knowns the secret key.
+    Additionally, decryption detects if any part of the message - including the
+    header - has been modified or corrupted.
+
+    Unlike other AEAD modes such as CCM, EAX or GCM, accidental reuse of a
+    nonce is not catastrophic for the confidentiality of the message. The only
+    effect is that an attacker can tell when the same plaintext (and same
+    associated data) is protected with the same key.
+
+    The length of the MAC is fixed to the block size of the underlying cipher.
+    The key size is twice the length of the key of the underlying cipher.
+
+    This mode is only available for AES ciphers.
+
+    +--------------------+---------------+-------------------+
+    |      Cipher        | SIV MAC size  |   SIV key length  |
+    |                    |    (bytes)    |     (bytes)       |
+    +====================+===============+===================+
+    |    AES-128         |      16       |        32         |
+    +--------------------+---------------+-------------------+
+    |    AES-192         |      16       |        48         |
+    +--------------------+---------------+-------------------+
+    |    AES-256         |      16       |        64         |
+    +--------------------+---------------+-------------------+
+
+    See `RFC5297`_ and the `original paper`__.
+
+    .. _RFC5297: https://tools.ietf.org/html/rfc5297
+    .. _AEAD: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
+    .. __: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
+
+    :undocumented: __init__
+    """
+
+    def __init__(self, factory, key, nonce, kwargs):
+
+        self.block_size = factory.block_size
+        """The block size of the underlying cipher, in bytes."""
+
+        self._factory = factory
+
+        self._cipher_params = kwargs
+
+        if len(key) not in (32, 48, 64):
+            raise ValueError("Incorrect key length (%d bytes)" % len(key))
+
+        if nonce is not None:
+            if not is_buffer(nonce):
+                raise TypeError("When provided, the nonce must be bytes, bytearray or memoryview")
+
+            if len(nonce) == 0:
+                raise ValueError("When provided, the nonce must be non-empty")
+
+            self.nonce = _copy_bytes(None, None, nonce)
+            """Public attribute is only available in case of non-deterministic
+            encryption."""
+
+        subkey_size = len(key) // 2
+
+        self._mac_tag = None  # Cache for MAC tag
+        self._kdf = _S2V(key[:subkey_size],
+                         ciphermod=factory,
+                         cipher_params=self._cipher_params)
+        self._subkey_cipher = key[subkey_size:]
+
+        # Purely for the purpose of verifying that cipher_params are OK
+        factory.new(key[:subkey_size], factory.MODE_ECB, **kwargs)
+
+        # Allowed transitions after initialization
+        self._next = [self.update, self.encrypt, self.decrypt,
+                      self.digest, self.verify]
+
+    def _create_ctr_cipher(self, v):
+        """Create a new CTR cipher from V in SIV mode"""
+
+        v_int = bytes_to_long(v)
+        q = v_int & 0xFFFFFFFFFFFFFFFF7FFFFFFF7FFFFFFF
+        return self._factory.new(
+                    self._subkey_cipher,
+                    self._factory.MODE_CTR,
+                    initial_value=q,
+                    nonce=b"",
+                    **self._cipher_params)
+
+    def update(self, component):
+        """Protect one associated data component
+
+        For SIV, the associated data is a sequence (*vector*) of non-empty
+        byte strings (*components*).
+
+        This method consumes the next component. It must be called
+        once for each of the components that constitue the associated data.
+
+        Note that the components have clear boundaries, so that:
+
+            >>> cipher.update(b"builtin")
+            >>> cipher.update(b"securely")
+
+        is not equivalent to:
+
+            >>> cipher.update(b"built")
+            >>> cipher.update(b"insecurely")
+
+        If there is no associated data, this method must not be called.
+
+        :Parameters:
+          component : bytes/bytearray/memoryview
+            The next associated data component.
+        """
+
+        if self.update not in self._next:
+            raise TypeError("update() can only be called"
+                                " immediately after initialization")
+
+        self._next = [self.update, self.encrypt, self.decrypt,
+                      self.digest, self.verify]
+
+        return self._kdf.update(component)
+
+    def encrypt(self, plaintext):
+        """
+        For SIV, encryption and MAC authentication must take place at the same
+        point. This method shall not be used.
+
+        Use `encrypt_and_digest` instead.
+        """
+
+        raise TypeError("encrypt() not allowed for SIV mode."
+                        " Use encrypt_and_digest() instead.")
+
+    def decrypt(self, ciphertext):
+        """
+        For SIV, decryption and verification must take place at the same
+        point. This method shall not be used.
+
+        Use `decrypt_and_verify` instead.
+        """
+
+        raise TypeError("decrypt() not allowed for SIV mode."
+                        " Use decrypt_and_verify() instead.")
+
+    def digest(self):
+        """Compute the *binary* MAC tag.
+
+        The caller invokes this function at the very end.
+
+        This method returns the MAC that shall be sent to the receiver,
+        together with the ciphertext.
+
+        :Return: the MAC, as a byte string.
+        """
+
+        if self.digest not in self._next:
+            raise TypeError("digest() cannot be called when decrypting"
+                            " or validating a message")
+        self._next = [self.digest]
+        if self._mac_tag is None:
+            self._mac_tag = self._kdf.derive()
+        return self._mac_tag
+
+    def hexdigest(self):
+        """Compute the *printable* MAC tag.
+
+        This method is like `digest`.
+
+        :Return: the MAC, as a hexadecimal string.
+        """
+        return "".join(["%02x" % bord(x) for x in self.digest()])
+
+    def verify(self, received_mac_tag):
+        """Validate the *binary* MAC tag.
+
+        The caller invokes this function at the very end.
+
+        This method checks if the decrypted message is indeed valid
+        (that is, if the key is correct) and it has not been
+        tampered with while in transit.
+
+        :Parameters:
+          received_mac_tag : bytes/bytearray/memoryview
+            This is the *binary* MAC, as received from the sender.
+        :Raises ValueError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        if self.verify not in self._next:
+            raise TypeError("verify() cannot be called"
+                            " when encrypting a message")
+        self._next = [self.verify]
+
+        if self._mac_tag is None:
+            self._mac_tag = self._kdf.derive()
+
+        secret = get_random_bytes(16)
+
+        mac1 = BLAKE2s.new(digest_bits=160, key=secret, data=self._mac_tag)
+        mac2 = BLAKE2s.new(digest_bits=160, key=secret, data=received_mac_tag)
+
+        if mac1.digest() != mac2.digest():
+            raise ValueError("MAC check failed")
+
+    def hexverify(self, hex_mac_tag):
+        """Validate the *printable* MAC tag.
+
+        This method is like `verify`.
+
+        :Parameters:
+          hex_mac_tag : string
+            This is the *printable* MAC, as received from the sender.
+        :Raises ValueError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        self.verify(unhexlify(hex_mac_tag))
+
+    def encrypt_and_digest(self, plaintext, output=None):
+        """Perform encrypt() and digest() in one step.
+
+        :Parameters:
+          plaintext : bytes/bytearray/memoryview
+            The piece of data to encrypt.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the ciphertext must be written to.
+            If ``None``, the ciphertext is returned.
+        :Return:
+            a tuple with two items:
+
+            - the ciphertext, as ``bytes``
+            - the MAC tag, as ``bytes``
+
+            The first item becomes ``None`` when the ``output`` parameter
+            specified a location for the result.
+        """
+        
+        if self.encrypt not in self._next:
+            raise TypeError("encrypt() can only be called after"
+                            " initialization or an update()")
+
+        self._next = [ self.digest ]
+
+        # Compute V (MAC)
+        if hasattr(self, 'nonce'):
+            self._kdf.update(self.nonce)
+        self._kdf.update(plaintext)
+        self._mac_tag = self._kdf.derive()
+        
+        cipher = self._create_ctr_cipher(self._mac_tag)
+
+        return cipher.encrypt(plaintext, output=output), self._mac_tag
+
+    def decrypt_and_verify(self, ciphertext, mac_tag, output=None):
+        """Perform decryption and verification in one step.
+
+        A cipher object is stateful: once you have decrypted a message
+        you cannot decrypt (or encrypt) another message with the same
+        object.
+
+        You cannot reuse an object for encrypting
+        or decrypting other data with the same key.
+
+        This function does not remove any padding from the plaintext.
+
+        :Parameters:
+          ciphertext : bytes/bytearray/memoryview
+            The piece of data to decrypt.
+            It can be of any length.
+          mac_tag : bytes/bytearray/memoryview
+            This is the *binary* MAC, as received from the sender.
+        :Keywords:
+          output : bytearray/memoryview
+            The location where the plaintext must be written to.
+            If ``None``, the plaintext is returned.
+        :Return: the plaintext as ``bytes`` or ``None`` when the ``output``
+            parameter specified a location for the result.
+        :Raises ValueError:
+            if the MAC does not match. The message has been tampered with
+            or the key is incorrect.
+        """
+
+        if self.decrypt not in self._next:
+            raise TypeError("decrypt() can only be called"
+                            " after initialization or an update()")
+        self._next = [ self.verify ]
+
+        # Take the MAC and start the cipher for decryption
+        self._cipher = self._create_ctr_cipher(mac_tag)
+
+        plaintext = self._cipher.decrypt(ciphertext, output=output)
+
+        if hasattr(self, 'nonce'):
+            self._kdf.update(self.nonce)
+        self._kdf.update(plaintext if output is None else output)
+        self.verify(mac_tag)
+        
+        return plaintext
+
+
+def _create_siv_cipher(factory, **kwargs):
+    """Create a new block cipher, configured in
+    Synthetic Initializaton Vector (SIV) mode.
+
+    :Parameters:
+
+      factory : object
+        A symmetric cipher module from `Crypto.Cipher`
+        (like `Crypto.Cipher.AES`).
+
+    :Keywords:
+
+      key : bytes/bytearray/memoryview
+        The secret key to use in the symmetric cipher.
+        It must be 32, 48 or 64 bytes long.
+        If AES is the chosen cipher, the variants *AES-128*,
+        *AES-192* and or *AES-256* will be used internally.
+
+      nonce : bytes/bytearray/memoryview
+        For deterministic encryption, it is not present.
+
+        Otherwise, it is a value that must never be reused
+        for encrypting message under this key.
+
+        There are no restrictions on its length,
+        but it is recommended to use at least 16 bytes.
+    """
+
+    try:
+        key = kwargs.pop("key")
+    except KeyError as e:
+        raise TypeError("Missing parameter: " + str(e))
+
+    nonce = kwargs.pop("nonce", None)
+
+    return SivMode(factory, key, nonce, kwargs)

venv/lib/python3.7/site-packages/Crypto/Cipher/_mode_siv.pyi

@@ -0,0 +1,38 @@
+from types import ModuleType
+from typing import Union, Tuple, Dict, Optional, overload
+
+Buffer = Union[bytes, bytearray, memoryview]
+
+__all__ = ['SivMode']
+
+class SivMode(object):
+    block_size: int
+    nonce: bytes
+    
+    def __init__(self,
+                 factory: ModuleType,
+                 key: Buffer,
+                 nonce: Buffer,
+                 kwargs: Dict) -> None: ...
+    
+    def update(self, component: Buffer) -> SivMode: ...
+
+    def encrypt(self, plaintext: Buffer) -> bytes: ...
+    def decrypt(self, plaintext: Buffer) -> bytes: ...
+
+    def digest(self) -> bytes: ...
+    def hexdigest(self) -> str: ...
+    def verify(self, received_mac_tag: Buffer) -> None: ...
+    def hexverify(self, hex_mac_tag: str) -> None: ...
+
+    @overload
+    def encrypt_and_digest(self,
+                           plaintext: Buffer) -> Tuple[bytes, bytes]: ...
+    @overload
+    def encrypt_and_digest(self,
+                           plaintext: Buffer,
+                           output: Buffer) -> Tuple[None, bytes]: ...
+    def decrypt_and_verify(self,
+                           ciphertext: Buffer,
+                           received_mac_tag: Buffer,
+                           output: Optional[Union[bytearray, memoryview]] = ...) -> bytes: ...