hdZgdZddlZddlZddlZddlZddlZddlmZm Z m Z m Z m Z ddl mZmZmZmZmZmZddlmZmZmZmZmZmZddlmZmZmZ ddlm Z dd l!m"Z"dd l#m$Z$m%Z%m&Z& dd l'm%Z(n #e)$re%Z(YnwxYwn#e)$r e)d wxYwe(j*Z+efd e,de,de,de-dede,f dZ.Gddej/Z0Gddej/Z1Gdde2Z3dZ4dZ5dZ6dZ7dZ8e9gdZ:gd Z;Gd!d"ej<Z=Gd#d$e>Z?Gd%d&e=Z@Gd'd(e?ZAGd)d*e?ZBGd+d,e@ZCGd-d.eCZDGd/d0eCZEGd1d2e@ZFGd3d4eAZGGd5d6e@ej<ZHGd7d8eHZIGd9d:eHZJGd;deAZLGd?d@e?ZMGdAdBe=ZNGdCdDeNZOGdEdFeHej<ZPGdGdHePZQGdIdJePZRGdKdLeAZSGdMdNeAZTe0jUeDe0jVeEe0jWeFe0jXeIe0jYeJe0jZeQe0j[eRe0j\eNe0j]eOi Z^e1j_eBe1j`eGe1jaeKe1jbeLe1jceSe1jdeTe1jeeMdOeMiZfGdPdQe>ZgdRZhdS)Sa Implementation of cryptographic functions for Kerberos 5 - RFC 3961: Encryption and Checksum Specifications for Kerberos 5 - RFC 3962: Advanced Encryption Standard (AES) Encryption for Kerberos 5 - RFC 4757: The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows - RFC 6113: A Generalized Framework for Kerberos Pre-Authentication - RFC 8009: AES Encryption with HMAC-SHA2 for Kerberos 5 )EncryptionType ChecksumTypeKeyInvalidChecksum _rfc1964padN)orbchb int_bytes bytes_int plain_str)AnyCallableListOptionalTypeUnion) _GenericHashHash_MD4Hash_MD5Hash_SHA Hash_SHA256 Hash_SHA384)HmacHmac_MD5Hmac_SHA)hashes) PBKDF2HMAC)Cipher algorithmsmodes)rz?To use kerberos cryptography, you need to install cryptography.K_ILabelContextLhashmodreturnct||j|j}tj|z }|dkrt ddfdtd|dzD}|ddzS)z KDF in Counter Mode as section 5.1 of [SP800-108] This assumes r=32, and defaults to SHA256 ([MS-SMB2] default). lz"Invalid n value in SP800108_KDFCTRc3K|]A}tjd|zdzztjdzVBdS)z>INstructpack).0ir#r$r"PRFs V/mounts/lovelace/software/anaconda3/lib/python3.11/site-packages/scapy/libs/rfc3961.py z"SP800108_KDFCTR..ysn  FKa 5 (7 2W >> XXq!a%F (AF( r(c6eZdZdZdZdZdZdZdZdZ dZ d Z d Z d S) rr3N) __name__ __module__ __qualname__ DES_CBC_CRC DES_CBC_MD4 DES_CBC_MD5DES3_CBC_SHA1_KDAES128_CTS_HMAC_SHA1_96AES256_CTS_HMAC_SHA1_96AES128_CTS_HMAC_SHA256_128AES256_CTS_HMAC_SHA384_192RC4_HMAC RC4_HMAC_EXPr(r1rrsEKKK  !#!#HLLLr(rc2eZdZdZdZdZdZdZdZdZ dZ d Z d S) rr3rBr4 rCrFrGivN) rJrKrLCRC32 RSA_MD4_DES RSA_MD5_DESHMAC_SHA1_DES3_KDHMAC_SHA1_96_AES128HMAC_SHA1_96_AES256HMAC_SHA256_128_AES128HMAC_SHA384_192_AES256HMAC_MD5rWr(r1rrsF EKK HHHr(rceZdZdS)rN)rJrKrLrWr(r1rrsDr(rcdd}d}t|}|tj||z|z}t}t ||zD]}||z }|||}td|z}t d||D]} |||| | |z|}t |S)z n-fold is an algorithm that takes m input bits and "stretches" them to form n output bits with equal contribution from each input bit to the output (quote from RFC 3961 sect 3.1). ct|}d|dzzdz }|dkr|S|dkr"t|dz ||dzdz zz|z|St|dz ||dzdz zz|z|S)Nr3r4r )r r )ynbxmods r1rot13z_n_fold..rot13s aLLR!V}! 77H 1WWqAv!Q *;<CRHH HqBw1a"+=>#ErJJ Jr(cdt||DtdDr5fdtDtdD5tdDS)Ncg|] \}}||z SrWrW)r.abs r1 z*_n_fold..ocadd..s ) ) )tq!QU ) ) )r(c3 K|] }|dzV dS)iNrWr.rks r1r2z)_n_fold..ocadd..s&''!e)''''''r(cJg|]}|z dzdz |dzz S)r3r4rW)r.r/rjvs r1rrz*_n_fold..ocadd..s7III!!AFQJ-1$15IIIr(c3K|]}|VdSNrWrts r1r2z)_n_fold..ocadd..sqr()zipanyr; bytearray)rkrirjrws `@r1ocaddz_n_fold..ocadds ) )s1ayy ) ) )''Q''''' JIIIIIuRyyIIIA''Q''''' JA&&&r(r*r)lenr7gcdr|r;bytes) sr=rmr}mlcmbuf_outr/s r1_n_foldrs K K K''' AA tx1~~  !C ++C 3!8__ q E!QKK GaK C 1c1  ,,eCQQY++ ::r(c4|dt| |zzzS)z@ Return s padded with 0 bytes to a multiple of padsize. r*)r~)rpadsizes r1_zeropadrs! w3q66'G+, ,,r(c^t| dz}||tjd|zzS)z- Return s padded as RFC1964 mandates r4z!B)r~r,r-)rpads r1rrs1 FF7a-C sV[s+++ ++r(ct|t|ksJtdt||DS)zB xor two strings together and return the resulting string c3&K|] \}}||z V dSryrWr.rkris r1r2z_xorbytes..s*55Aa!e555555r()r~r|rz)b1b2s r1 _xorbytesrsF r77c"gg     55R555 5 55r(cPtdt||DS)Nc3(K|] \}}||kVdSryrWrs r1r2z_mac_equal..s*22$!QqAv222222r()allrz)mac1mac2s r1 _mac_equalrs) 22#dD//222 2 22r()ssssssssssssssss(ri0wl,a\lQ2imijpl5%Rl<i2iyliAlY/i+L i|~l-pOl~!idi jlHqrglA| i}imlQ5iliVlikdlzyzlIiO\ilclc=tl i n;i^iLlA*lrqDijm iZjzl OHl&i' i}lD`l#ihiil]Wnlgiq6liknlv}l+iZziJglo_sslo}iCiՎ`l#-l~Ci8iROlgv#lgWxMi?iK6Hl+0lL^iJ6i`zAlo>lU_Pin1iyiFl3lxio%i6hRlwlGvi"i/&Ul;t l( zeiZ+ij\ll1Oki,i[lB6l&rXijui ml8l?6VigriWlJ~+lzpEi+{i8 l%l >Ki|i! lR lBbcihinl|l[&rmiwoiwGlZlpj~i;fi\ lli.pikaiEllxb@lR.iTNi³9la&Nl iMGiIiwn>lJj]lZ3if @i;7lS.ySlw=iϲGi0lr{{lBui0Si$l6uli)WTig#l.zflJih]i+o*l7>hliZi-c(eZdZdZdZdZdZdZee j dZ ee j dZ ee j dZ ee j dZee j dZedZdS) _EncryptionAlgorithmProfilea Base class for etype profiles. Usable etype classes must define: :attr etype: etype number :attr keysize: protocol size of key in bytes :attr seedsize: random_to_key input size in bytes :attr reqcksum: 'required checksum mechanism' per RFC3961. this is the default checksum used for this algorithm. :attr random_to_key: (if the keyspace is not dense) :attr string_to_key: :attr encrypt: :attr decrypt: :attr prf: NcdSryrW)clskeyconstants r1derivez"_EncryptionAlgorithmProfile.derive  r(cdSryrW)rrkeyusage plaintext confounders r1encryptz#_EncryptionAlgorithmProfile.encryptrr(cdSryrW)rrr ciphertexts r1decryptz#_EncryptionAlgorithmProfile.decryptrr(cdSryrWrrstrings r1prfz_EncryptionAlgorithmProfile.prfrr(cdSryrW)rrsaltparamss r1 string_to_keyz)_EncryptionAlgorithmProfile.string_to_keyrr(c|t||jkrtdt|j|S)NWrong seed lengthr)r~seedsizer9retype)rseeds r1 random_to_keyz)_EncryptionAlgorithmProfile.random_to_keys; t99 $ $011 139$''''r()rJrKrL__doc__rkeysizerreqcksum classmethodabcabstractmethodrrrrrrrWr(r1rrks EGHH  [   [   [   [   [ (([(((r(rc\eZdZdZdZeejdZedZ dS)_ChecksumProfilez Base class for checksum profiles. Usable checksum classes must define: :func checksum: :attr macsize: Size of checksum in bytes :func verify: (if verification is not just checksum-and-compare) NcdSryrW)rrrtexts r1checksumz_ChecksumProfile.checksumrr(cr||||}t||stddS)Nzchecksum verification failure)rrr)rrrrcksumexpecteds r1verifyz_ChecksumProfile.verifysG<<Xt44%** C!"ABB B C Cr() rJrKrLrmacsizerrrrrrWr(r1rrslG  [ CC[CCCr(rceZdZdZdZdZdZdZdZe e j dZ e e j dZ e dZe d dZe d dZe d ZdS) _SimplifiedEncryptionProfilea Base class for etypes using the RFC 3961 simplified profile. Defines the encrypt, decrypt, and prf methods. Subclasses must define: :param blocksize: Underlying cipher block size in bytes :param padsize: Underlying cipher padding multiple (1 or blocksize) :param macsize: Size of integrity MAC in bytes :param hashmod: underlying hash function :param basic_encrypt, basic_decrypt: Underlying CBC/CTS cipher NFcdSryrW)rrrs r1 basic_encryptz*_SimplifiedEncryptionProfile.basic_encryptrr(cdSryrW)rrrs r1 basic_decryptz*_SimplifiedEncryptionProfile.basic_decryptrr(c"t||j}d}t||jkr:||j|}||z }|}t||jk:||d|jjS)z0 Also known as "DK" in RFC3961. r(r)r blocksizer~rrrr)rrrrrndseedrs r1rz#_SimplifiedEncryptionProfile.derivesHcm44 'llS\))**37I>>J z !G"I'llS\))   S\)9!:;;??r(cD|jsU||tjd|d}||tjd|d}nf||tjd|d|jdz}||tjd|d|jdz}|t j|j}|t||j z}||}|jsNt||j  |} |||| d|jzS|||} t||j  d| z} | | d|jzS)a Encryption function. :param key: the key :param keyusage: the keyusage :param plaintext: the text to encrypt :param confounder: (optional) the confounder. If none, will be random :param signtext: (optional) make the checksum include different data than what is encrypted. Useful for kerberos GSS_WrapEx. If none, same as plaintext. >IBUr4N)rfc8009rr,r-rrosurandomrrrrr%r5r) rrrrrsigntextkikebasic_plaintexthmacCs r1rz$_SimplifiedEncryptionProfile.encrypts~{ VCUHd!C!CDDBCUHd!C!CDDBBCUHd!C!CS[ST_UUBCUHd!C!CS[ST_UUB  CM22J$x 3;'G'GG  &H{ +CK((//99D$$R99D3; ??@G ZZV $ $  W---r(ry)rJrKrLrrrrr%rrrrrrrrrrrWr(r1rrs  IGGGG  [   [ @@[@& + + +[ +D/7/7/7[/7b . .[ . . .r(rcPeZdZdZdZdZedZefdZxZ S)_SimplifiedChecksumz Base class for checksums using the RFC 3961 simplified profile. Defines the checksum and verify methods. Subclasses must define: :attr enc: Profile of associated etype NFcX|js0|j|tjd|d}n8|j|tjd|d|jdz}t ||jj|}|d|jS)Nrr4) rencrr,r-rrr%r5)rrrrkcrs r1rz_SimplifiedChecksum.checksumus{ V[$%G%GHHBBV[$77qBB((//55MckM""r(c|j|jjkrtdtt|||||dSNzWrong key type for checksum)rrr9superrrrrrrr __class__s r1rz_SimplifiedChecksum.verifysP 9 % %:;; ; !3''..sHdEJJJJJr() rJrKrLrrrrrr __classcell__rs@r1rrfs~ CG # #[ #KKKK[KKKKKr(rc(eZdZdZedZdS)_CRC32cd}tt|D]'}|||z }|dz}|dz}|t|z}(|ddS)Nrrvr4rlittle)r;r~ CRC32_TABLEto_bytes)rrrrcr/idxs r1rz_CRC32.checksumsj s4yy!! " "Aq'A+C 4KC !GA S! !AAzz!X&&&r(N)rJrKrLrrrrWr(r1rrs4G ''['''r(rceZdZdZdZdZdZdZeZ e d dZ e d dZ e dZ e dZe dZe d ZdS) _DESCBCr4rCNc|tj|j}|d|jzzt ||jz}||}|dt||z|t|t|zdz}| |j |S)Nr*) rrrrrrr%r5r~rr)rrrrrrrrs r1rz_DESCBC.encrypts  CM22J 3;. .)S[1Q1Q Q ;;==''88 -c*oo- . c*ooH =??@ A    /:::r(ct||j|jzkrtd||j|}|d|j}||j|j|jz}||j|jzd}||d|jzz|z} t|| stdt|S)Nciphertext too shortr*r) r~rrr9rrrr%r5rrr) rrrrrcomplex_plaintext cofounderrmessagers r1rz_DESCBC.decrypts z??S]S[8 8 8344 4--cgzBB%m m4  ckCK.G GH#CK#+$=$?$?@%%i'CK2G&G'&QRR#v&& B!"@AA AW~~r(cd}d}d}d}gd}t||z|jfdtdtdDD]}t } |D]'} | t | d z(|d urd | D]B} t| d dd d z Cdddt } fdtdtd DD]%} | t| d &| }||| }td d||D} t| tvr| d dz | d <t| } tt!| t#j| }|dd}t||}t|tvr|d dz |d <t+|jt|S)Nc d}tt|D]}tt||dddd}|ddddzdkr,|t t|dddzdz }|t t|dddzdz }|S)Nr(rAr401r)r;r~binrrjustcountr int)deskeytempr/ts r1 fixparityz0_DESCBC.mit_des_string_to_key..fixparitysD3v;;'' 5 5VAY((,33As;;RaR5;;s##a'1,,CAbqbECK 3 3444DDCAbqbECK 3 3444DDKr(ct}|D]Q}t|ddzdkr |dzdz}n|dzdz}||R|S)Nr rArr3)listr rappend)l1rbytes r1 addparityz0_DESCBC.mit_des_string_to_key..addparityst66D " "IIOOC((1,22 AI3DD AI3D D!!!!Kr(ct}t||D] \}}|||z dz!|S)N)rrzr)rl2rrrs r1XORz*_DESCBC.mit_des_string_to_key..XORsI66Db"++ 4 4B R"W 23333Kr(T)rrrrrrrrc*g|]}||dzS)r4rW)r.r/rs r1rrz1_DESCBC.mit_des_string_to_key..s%@@@qaAE l@@@r(rr4rFr(rAr r c*g|]}||dzS)r rW)r.r/bintemps r1rrz1_DESCBC.mit_des_string_to_key..s&TTTQga!a%i0TTTr(c34K|]}t|VdSry)r )r.rs r1r2z0_DESCBC.mit_des_string_to_key..s($Q$Q4SYY$Q$Q$Q$Q$Q$Qr(ir)rrr;r~rrrr r encoderr|r:r WEAK_DES_KEYSrDESr CBC encryptorupdaterr)rrrrrrodd tempstringblocktemp56rbits7tempkeytempkeybdes chekcsumkeyr"rs @@r1mit_des_string_to_keyz_DESCBC.mit_des_string_to_keys         --- Vd]CK 0 0@@@@E!SVVQ,?,?@@@ 1 1EVVF 6 6 c$ii*45555e||"DDDs4yy}221c::AACCCGG!$$B$-TTTT%3w<>] * * d*GAJ>>S]]EIh$7$788BBDDjjmmBCC(  + 6 677    . .(^d2KN39% "4"45555r(ct|dzdksJtt|tjd}|t|SNr4rs)r~rr'r r(r)r*r)rrrr2s r1rz_DESCBC.basic_encryptse9~~!Q&&&&SXXuy3344>>@@zz% **+++r(ct|dzdksJtt|tjd}|t|Sr6)r~rr'r r( decryptorr*r)rrrr2s r1rz_DESCBC.basic_decryptse:"a''''SXXuy3344>>@@zz% ++,,,r(c`||dkrtd|||}|S)Nr(z$Invalid DES string-to-key parameters)r9r4)rrrrrs r1rz_DESCBC.string_to_keys;  &C--CDD D''55 r(ry)rJrKrLrrrrrrr%rrrr4rrrrWr(r1rrsGHIGGG ; ; ;[ ;   [ C6C6[C6J,,[, --[- [r(rc.eZdZejZeZej Z dS)_DESMD5N) rJrKrLrrOrrr%rr]rrWr(r1r;r;+#  &EG'HHHr(r;c.eZdZejZeZej Z dS)_DESMD4N) rJrKrLrrNrrr%rr\rrWr(r1r>r>4r<r(r>ceZdZejZdZdZdZdZ dZ e Z e jZedZedZedZedZd S) _DES3CBCrIr4rGcd}t|dkrtd||dd||dd||dd}}}t|j||z|zS)Nc@dtdksJfdD}tfdtdD}t||gz}t |t vr|ddz |d<t |S)Ncj|dz}t|dzddzr|n|dzS)Nr rAr3)r r)rqs r1parityz6_DES3CBC.random_to_key..expand..parityOs=RBKK--c22Q6AqqAEAr(r c,g|]}|dzS)rErW)r.rqrFs r1rrz:_DES3CBC.random_to_key..expand..Vs%777Q&&R..777r(c3:K|]}|dz|dzzVdS)r3NrW)r.r/rs r1r2z9_DES3CBC.random_to_key..expand..Ws4!K!KQ47Q;1q5"8!K!K!K!K!K!Kr(r$)r~sumr;r|rr&)r firstbyteslastbytekeybytesrFs` @r1expandz&_DES3CBC.random_to_key..expandMs B B B t99>>>>7777$777Jvc!K!K!K!K%((!K!K!KKKLLH xj!899HX-//&qkD0 ?? "r(rArr r)r~r9rr)rrrMk1k2k3s r1rz_DES3CBC.random_to_keyGs  # # # t99??011 1VD!H%%vvd1R4j'9'966$rss);L;LB39"r'B,////r(c||dkrtd|t||zd}t|j||dS)Nr(z%Invalid DES3 string-to-key parametersrAkerberosr)r9rrrrr)rrrrks r1rz_DES3CBC.string_to_keybso  &C--DEE E   gftmR88 9 9 I 1k**    r(ct|dzdksJttj|t jd}|t|Sr6) r~rdecrepit_algorithms TripleDESr r(r)r*r)rrrdes3s r1rz_DES3CBC.basic_encryptmsq9~~!Q&&&&  )# . . )0D0D  )++ {{5++,,,r(ct|dzdksJttj|t jd}|t|Sr6) r~rrVrWr r(r8r*r)rrrrXs r1rz_DES3CBC.basic_decryptvsq:"a''''  )# . . )0D0D  )++ {{5,,---r(N)rJrKrLrrPrrrrrrrr%rr^rrrrrrrWr(r1r@r@=s  +EGHIGGG-H00[04  [ --[-..[...r(r@ceZdZdZeZdS) _SHA1DES3rGN)rJrKrLrr@rrWr(r1r[r[sG CCCr(r[c`eZdZdZdZdZeZedZ edZ edZ dS)_AESEncryptionType_SHA1_96rCr3rYc2tjd|pdd}ttj|j||}|||}t|j ||dS)N>Lsr algorithmlengthr iterationsrSr) r,unpackrrSHA1rrrrr)rrrrrckdftkeys r1rz(_AESEncryptionType_SHA1_96.string_to_keys]4)F3FGGJ kmm<!       F!3!344 I 4--    r(ct|dksJttj|t jd}|tt|d}t|dkr>B  )nnr)/RG$3$K%+-c#gxx0HHE r(c tdksJttj|t j}tdkr|SfdtdtdD}t|d}td}d}|ddD]D}|tt|t||z }|}Et|t|d}t|d||d} ||d} |tt|t|dt| z|z }|| zS)NrCcDg|]}t||dzS)rC)r|)r.prs r1rrz<_AESEncryptionType_SHA1_96.basic_decrypt..s;   23IjQV, - -   r(rr r(rE) r~rrrir ECBr8r*r;r|rr) rrrrjcblocksrl prev_cblockrbb lastplaintextomitteds ` r1rz(_AESEncryptionType_SHA1_96.basic_decrypts:"$$$$Z^C((%)++66@@BB z??b ::j)) )    7t|jd||z}n:t|j||}t|||z}|jr |dddz}t||}ttj |d }|| t||zzS)Nr4 fortybitsr  mode) rrexportrrr5rrrARC4r)r*r) rrrrrrrrrc4s r1rz _RC4.encrypt#s  AJ : C#'""))*:S]]8=T=T*TUUBB#'""))#--*A*ABBB ##J$:;; : &BQB+%B b\\  ' 'Z_R((t444>>@@szz% Y(>"?"?@@@@r(c(t|dkrtd|dd|dd}}|jr>t|jd||z}n:t|j||}|jr|dddz}n|}t||}ttj |d } | t|} t|| } t|| } | sr|dkrlt|jtjd d }t|| } t|| } | st!d t| d dS) NrIrrCrr rr rr4r)r~r9rrrr5rrrVrr8r*rrr,r-r) rrrrrrrkierrr exp_cksumoks r1rz _RC4.decrypt3s z??R  344 4'_jo{ : C#'""))*:S]]8=T=T*TUUBB#'""))#--*A*ABBB : RaR&;&CCC c]] ! !% ( ((-b11===GGII**U;%7%788RLL''88 y ) ) .h!mm#'""))&+dA*>*>??B  ++O<t|j||||jS)z; Also known as "KDF-HMAC-SHA2" in RFC8009. )r!r"r#r$r%)r?rr%)rrlabelrTcontexts r1rz'_AESEncryptionType_SHA256_SHA384.derivehs.K     r(c `tjd|pdd}|jdz|z}t||j||}|||}t|j ||d|j dzS) Nr_srr*r`rSr4r) r,rd enctypenamerrrrrrrr)rrrrrcsaltprfrgs r1rz._AESEncryptionType_SHA256_SHA384.string_to_keyws]4)F3FGGJ ')D0llnn<!       F!3!344 I 4ckAo>>    r(cL||d|jjdz|S)Nrr4)rr%r6rs r1rz$_AESEncryptionType_SHA256_SHA384.prfs&zz#vs{';a'?HHHr()r()rJrKrLrr%r__annotations__rr HashAlgorithmrrrrrrWr(r1rr`sK G\   %)Hf")))G    [    [ "II[IIIr(rcLeZdZejZdZdZdZe j Z dZ e ZejZdS)_AES128CTS_SHA256_128rCsaes128-cts-hmac-sha256-128N)rJrKrLrrSrrrrrrarrrr%rSHA256rrWr(r1rr>  5EGHG2H/KG}HHHr(rcLeZdZejZdZdZdZe j Z dZ e ZejZdS)_AES256CTS_SHA384_192r{rIsaes256-cts-hmac-sha384-192N)rJrKrLrrTrrrrrrbrrrr%rSHA384rrWr(r1rrrr(rceZdZdZeZdZdS)_SHA256_128_AES128rCTN)rJrKrLrrrrrWr(r1rrG CGGGr(rceZdZdZeZdZdS)_SHA384_182_AES256rITN)rJrKrLrrrrrWr(r1rrrr(rlvc eZdZ ddeeedfdedeeedfddfdZdZ dd Z d Z d Z dd Z dd ZedZeddZdS)rNr(rr cksumtyper&c|s |s Jd|s Jdt|trt|}t|trt|}||_| t ||_n #t$rtd|zwxYwt||jj kr,tdt|d|jj ||jj tvr |jj }||_ |k t||_ n #t$rtd|zwxYw|j0t|j tr|j jj|_||_dS)z Kerberos Key object. :param etype: the EncryptionType :param cksumtype: the ChecksumType :param key: the bytes containing the key bytes for this Key. z!Provide an etype or a cksumtype !zProvide a key !Nz UNKNOWN/UNIMPLEMENTED etype '%s'zWrong key length. Got z . Expected z$UNKNOWN/UNIMPLEMENTED cksumtype '%s') isinstancerrrr _enctypesepr9r~rr _checksumsrcp issubclassrrr)selfrrrs r1__init__z Key.__init__sF FF#FFFF%%%%%% eS ! ! *"5))E i % % 0$Y//I   M#E* M M M !Ce!KLLL M3xx47?** j3xxxx2 TW%5%C%C G, "   U$Y/ U U U !G)!STTT Uz!j:M&N&N!!W[. s-BBD''Ec|jr |jj}n|jr |jj}ndSd|dt|jzdS)Nz z)rnamerr~r)rrs r1__repr__z Key.__repr__sX : #:?DD ^ #>&DD"? D S]] * * *  r(c H|jj||t||fi|S)z Encrypt data using the current Key. :param keyusage: the key usage :param plaintext: the plain text to encrypt :param confounder: (optional) choose the confounder. Otherwise random. )rrr)rrrrkwargss r1rz Key.encrypts.twtXuY/?/?VVvVVVr(c ,|jj|||fi|S)z Decrypt data using the current Key. :param keyusage: the key usage :param ciphertext: the encrypted text to decrypt )rr)rrrrs r1rz Key.decrypts$twtXzDDVDDDr(c8|j||Sry)rr)rrs r1rzKey.prf+sw{{4(((r(c |/||jkr$t||jjd||d|S|jt d|jj|||fi|S)z Create a checksum using the current Key. :param keyusage: the key usage :param text: the text to create a checksum from :param cksumtype: (optional) override the checksum type Nrr)rrcksumtype not specified !rW)rrr make_checksumr9rr)rrrrrs r1rzKey.make_checksum/s  Y$.%@%@3#HD&.DDD=CDD D > !899 9twh?????r(c|7||jkr,t||j|||S|jt d|j||||dS)z Verify a checksum using the current Key. :param keyusage: the key usage :param text: the text to verify :param cksum: the expected checksum :param cksumtype: (optional) override the checksum type Nr)rrrr)rrrverify_checksumr9rr)rrrrrs r1rzKey.verify_checksumBs  Y$.%@%@#Hoxd%oHH I > !899 9 tXtU33333r(c t|}n #t$rtd|zwxYwt||jkrtd||S)ze random-to-key per RFC3961 This is used to create a random Key from a seed. Unknown etype '%s'zWrong crypto seed length)rr9r~rr)rrrrs r1rzKey.random_to_keyYsx ;5!BB ; ; ;1E9:: : ; t99 # #788 8%%% -c t|}n #t$rtd|zwxYw||||S)zy string-to-key per RFC3961 This is typically used to create a Key object from a password + salt r)rr9r)rrrrrrs r1rzKey.string_to_keyisZ ;5!BB ; ; ;1E9:: : ;f555r)Nr(Nry)rJrKrLrrrrrrrrrrrrrrrrWr(r1rrs&3748 ((^S$./((sD01 (  ((((T     W W W W E E E)))@@@@&4444. & &[ & 6 6 6[ 6 6 6r(rcd}t|jttt |||t |||S)z KRB-FX-CF2 RFC6113 cd}d}t||jjkrJ||t ||zz }|dz }t||jjkJ|d|jjS)Nr(r3)r~rrrr )rpepperrrs r1prfpluszKRB_FX_CF2..prfpluss{#hh(( 3773u::.// /C QJE#hh(($SV_$%%r(r)rrrrr|)key1key2pepper1pepper2rs r1 KRB_FX_CF2r}sv &&&   ''$00119WWT7=S=S3T3T       r()ir__all__renumr7rr, scapy.compatrr r r r typingr rrrrrscapy.layers.tls.crypto.hashrrrrrrscapy.layers.tls.crypto.h_macrrrcryptography.hazmat.primitivesr)cryptography.hazmat.primitives.kdf.pbkdf2r&cryptography.hazmat.primitives.ciphersrrr $cryptography.hazmat.decrepit.ciphersrV ImportErrorrWr'rrr?IntEnumrrr9rrrrrrsetr&rABCMetarobjectrrrrrr;r>r@r[r]rwrzr}rrrrrrrrrrOrNrPrQrRrSrTrUrVrr[r^r_r`rarbrcrrrrWr(r1rs     Y555555DDDDDDPPPPPPPPPP)        )))()YYY +W X XXY #(        8     T\   &4<(     j   ###L---,,,666333 @AAA X9(9(9(9(9(#+9(9(9(~CCCCCvCCC:Y.Y.Y.Y.Y.#>Y.Y.Y.~"K"K"K"K"K*"K"K"KP''''' '''*BBBBB*BBBP(((((g((((((((g(((@.@.@.@.@.+@.@.@.F#D)D)D)D)D)!=s{D)D)D)T000003000000003000) )@@@@@@@@*H0H0H0H0H0 &H0H0H0V$,I,I,I,I,I'A3;,I,I,I^     <        <   , ,#X*,>*,>-/D-/DT  $ "I$o$o');');8! (Y6Y6Y6Y6Y6&Y6Y6Y6Bs0B+A21B2A<9B;A<<BB