paxan
diff --git a/‎.bzrignore
+4 b/‎.bzrignore
+4
diff --git a/‎ChangeLog
+112 b/‎ChangeLog
+112
diff --git a/‎Cipher/__init__.py
+6 b/‎Cipher/__init__.py
+6
diff --git a/‎Demo/README
+29 b/‎Demo/README
+29
diff --git a/‎Demo/cipher
+150 b/‎Demo/cipher
+150
diff --git a/‎Demo/secimp/README
+24 b/‎Demo/secimp/README
+24
@@ -0,0 +1,4 @@
+project.log
+tailor.state
+tailor.state.old
+tailor.state.journal
@@ -0,0 +1,112 @@
+
+Changes since 1.1a1
+===================
+	* Most importantly, the distribution has been broken into two
+parts: exportable, and export-controlled.  The exportable part
+contains all the hashing algorithms, signature-only public key
+algorithms, chaffing & winnowing, random number generation, various
+utility modules, and the documentation.
+
+	The export-controlled part contains public-key encryption
+algorithms such as RSA and ElGamal, and bulk encryption algorithms
+like DES, IDEA, or Skipjack.  Getting this code still requires that
+you go through an access control CGI script, and denies you access if
+you're outside the US or Canada.
+
+	* Added the RIPEMD hashing algorithm.  (Contributed by
+Hirendra Hindocha.)
+
+	* Implemented the recently declassified Skipjack block
+encryption algorithm.  My implementation runs at 864 K/sec on a
+PII/266, which isn't particularly fast, but you're probably better off
+using another algorithm anyway.  :)
+
+	* A simple XOR cipher has been added, mostly for use by the
+chaffing/winnowing code.  (Contributed by Barry Warsaw.)
+
+	* Added Protocol.Chaffing and Hash.HMAC.py.  (Contributed by
+Barry Warsaw.)  
+
+	Protocol.Chaffing implements chaffing and winnowing, recently
+proposed by R. Rivest, which hides a message (the wheat) by adding
+many noise messages to it (the chaff).  The chaff can be discarded by
+the receiver through a message authentication code.  The neat thing
+about this is that it allows secret communication without actually
+having an encryption algorithm, and therefore this falls within the
+exportable subset.  
+
+	* Tidied up randpool.py, and removed its use of a block
+cipher; this makes it work with only the export-controlled subset
+available.
+
+	* Various renamings and reorganizations, mostly internal.
+	
+Changes since 1.0.2
+===================
+
+	* Changed files to work with Python 1.5; everything has been
+re-arranged into a hierarchical package.  (Not backward compatible.)
+The package organization is:
+Crypto.
+	Hash.
+		MD2, MD4, MD5, SHA, HAVAL
+	Cipher.
+		ARC2, ARC4, Blowfish, CAST, DES, DES3, Diamond, 
+		IDEA, RC5, Sapphire
+	PublicKey.
+		DSA, ElGamal, qNEW, RSA
+	Util.
+		number, randpool, RFC1751
+
+        Since this is backward-incompatible anyway, I also changed
+module names from all lower-case to mixed-case: diamond -> Diamond,
+rc5 -> RC5, etc.  That had been an annoying inconsistency for a while.
+	
+	* Added CAST5 module contributed by <[email protected]>.
+
+        * Added qNEW digital signature algorithm (from the digisign.py
+I advertised a while back).  (If anyone would like to suggest new
+algorithms that should be implemented, please do; I think I've got
+everything that's really useful at the moment, but...)
+
+	* Support for keyword arguments has been added.  This allowed
+removing the obnoxious key handling for Diamond and RC5, where the
+first few bytes of the key indicated the number of rounds to use, and
+various other parameters.  Now you need only do something like:
+
+from Crypto.Cipher import RC5
+obj = RC5.new(key, RC5.ECB, rounds=8)
+
+(Not backward compatible.) 
+
+	* Various function names have been changed, and parameter
+names altered.  None of these were part of the public interface, so it
+shouldn't really matter much.
+
+	* Various bugs fixed, the test suite has been expanded, and
+the build process simplified.
+
+	* Updated the documentation accordingly.
+
+Changes since 1.0.1:
+====================
+	
+	* Changed files to work with Python 1.4 .
+
+	* The DES and DES3 modules now automatically correct the
+parity of their keys.
+	
+	* Added R. Rivest's DES test (see http://theory.lcs.mit.edu/~rivest/destest.txt)
+
+	Changes since 1.0.0:
+
+	* REDOC III succumbed to differential cryptanalysis, and has
+been removed. 
+
+	* The crypt and rotor modules have been dropped; they're still
+available in the standard Python distribution. 
+
+	* The Ultra-Fast crypt() module has been placed in a separate
+distribution; see <http://starship.skyport.net/crew/amk/maintained/crypto.html>.  
+
+	* Various bugs fixed.
@@ -0,0 +1,6 @@
+
+__all__ = ['ARC2', 'Blowfish', 'DES', 'DES3', 'IDEA', 'RC5', 'Diamond', 'CAST',
+           'Skipjack', 'ARC4', 'Sapphire', 'XOR' ]	
+
+
+
@@ -0,0 +1,29 @@
+This directory contains demonstration files that use the modules
+included in the Python Cryptography Toolkit.  
+
+Note: These programs have version numbers of their own, which are not
+necessarily the same as the version number of the Toolkit package.
+
+cipher		Encrypt and decrypt sensitive files; type 'cipher -h'
+		for a usage message.
+
+voice		Allows secure voice communication over a TCP/IP link.
+		Currently this is Linux-specific; changes to make it
+		run on other systems would be greatly appreciated.
+
+RSAgen.py	Generates a new RSA key.  Demonstrates using
+		randpool.py, and maintains a file of random data in
+		"randseed".  Requires that the IDEA and MD5 modules
+		are installed.
+
+testkey.py	RSA public/private key pair used by example programs.
+
+Secure importing of Python modules:
+
+	sign.py	        Sign all *.pyc files in a directory, using the
+			key defined in testkey.py.
+
+	secimp.py	Implementation of the secure 'import' command. 
+
+
+
@@ -0,0 +1,150 @@
+#!/usr/bin/env python 
+# -*-Python-*-
+# Cipher 1.00
+#
+# Part of the Python Cryptography Toolkit, version 1.1
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+#
+
+import sys, getopt, os
+
+# Determine the name of this executable
+executable = os.path.basename(sys.argv[0])
+if executable=='': executable='cipher'
+cipher = ''                             # Unknown ciphering algorithm
+key = (0, '')                           # Empty key
+magic = 'ctx\001'                       # Magic string prefixed to the data
+NoInputFile = ''                        # Exceptions raised on file errors
+NoOutputFile = ''
+
+def PrintUsage():
+    print 'Usage: cipher [OPTIONS] file1 file2 ...'
+    print '\n -c ciphername             Force use of ciphername to encrypt/decrypt'
+    print   ' -k key                    Key to use for encryption/decryption'
+    print '\nThe default cipher algorithm is IDEA; if no key is set on the command'
+    print 'line, you will be prompted to enter a key.'
+    print 'Files are read completely into memory, so do not try to encrypt'
+    print 'very large files.'
+
+def GenerateIV(length):
+    import whrandom
+    IV=''
+    for i in range(0, length):
+        IV=IV + chr(int(256*whrandom.random()))
+    return IV
+    
+def Encipher(filename, cipher, key):
+    if (cipher==''): cipher='IDEA'
+    try:
+        exec ('from Crypto.Cipher import '+cipher)
+        module=eval(cipher)
+    except ImportError:
+        print executable+ ':', cipher, ': Cipher does not exist.'
+        sys.exit(1)
+    import Crypto.Hash.MD5
+    try:
+        input=open(filename, 'r')
+    except IOError:
+        raise NoInputFile
+    try:
+        output=open(filename+'.cip', 'w')
+    except IOError:
+        raise NoOutputFile, filename+'.cip'
+
+    if (key[0]==0):
+        key=raw_input('Enter encryption key for '+ filename+ ':')
+    else: key=key[1]
+    key=Crypto.Hash.MD5.new(key).digest()
+    IV=''
+    for i in range(0, module.blocksize): IV=IV+'A'
+    if (module.keysize==0):
+        cipherobj=module.new(key, module.CBC, IV)
+    else:
+        cipherobj=module.new(key[0:module.keysize], module.CBC, IV)
+    output.write(magic+cipher+'\0')
+    data = GenerateIV(module.blocksize)
+    filedata=input.read()
+    data = data + magic + str(len(filedata))+'\0'+filename+'\0'
+    data = data + filedata
+    input.close()
+    padding=module.blocksize - (len(data) % module.blocksize)
+    for i in range(0, padding):
+        data = data + chr(i)
+    ciphertext=cipherobj.encrypt(data)
+    output.write(ciphertext)
+    output.close()
+    
+def Decipher(filename, cipher, key):
+    import Crypto.Hash.MD5, string
+    try:
+        input=open(filename, 'r')
+    except IOError:
+        raise NoInputFile
+    if (input.read(len(magic))!=magic):
+        print executable+':', filename+': Does not seem to be a ciphered file'
+        return
+    t=''
+    while (1):
+        c=input.read(1)
+        if (ord(c)==0): break
+        t=t+c
+    if (cipher==''): cipher=t
+    try:
+        from Crypto.Cipher import *
+        module=eval(cipher)
+    except ImportError:
+        print executable+ ':', cipher, ': Cipher does not exist.'
+        sys.exit(1)
+    if (key[0]==0):
+        key=raw_input('Enter encryption key for '+ filename+ ':')
+    else: key=key[1]
+    key=Crypto.Hash.MD5.new(key).digest()
+    IV = ''
+    for i in range(0, module.blocksize): IV=IV+'A'
+    data=input.read()
+    if (module.keysize==0):
+        cipherobj=module.new(key, module.CBC, IV)
+    else:
+        cipherobj=module.new(key[0:module.keysize], module.CBC, IV)
+    plain=cipherobj.decrypt(data)       # Decrypt the data
+    plain=plain[module.blocksize:]      # Discard first block of random data
+    if (plain[0:len(magic)]!=magic):
+        print executable+':', filename+': Incorrect key or cipher algorithm'
+        return
+    else: plain=plain[len(magic):]
+    i=string.find(plain, '\0')
+    length=string.atoi(plain[0:i])
+    j=string.find(plain, '\0', i+1)
+    newfilename=plain[i+1:j]
+    try:
+        output=open(newfilename, 'w')
+    except IOError:
+        raise NoOutputFile, newfilename
+    output.write(plain[j+1:j+1+length])
+    output.close()
+
+if len(sys.argv)==1: PrintUsage() ; sys.exit(0)
+     
+options, args=getopt.getopt(sys.argv[1:], 'c:k:hH')
+for opt in options:
+    letter, param = opt
+    if (letter=='-c'): cipher = param
+    if (letter=='-k'): key = (1, param)
+    if (letter=='-h' or letter=='-H'):
+        PrintUsage()
+        sys.exit(0)
+
+for file in args:
+    try:
+        if (file[-4:]=='.cip'):
+            Decipher(file, cipher, key)
+        else:
+            Encipher(file, cipher, key)
+    except NoInputFile:
+        print executable+ ':', file+ ': No such file.'
+    except NoOutputFile, filename:
+        print executable+ ':', filename+ ': Cannot open file'
+    
@@ -0,0 +1,24 @@
+
+This is a simple demonstration of adding an import hook that verifies
+a digital signature on a Python code object before allowing it to be
+imported.  There are three files:
+
+	* sign.py, which signs all the *.pyc files in the directories
+listed on the command line.  The contents of the .pyc file is stored
+along with the signature in a file whose name ends with .pys .
+
+	* secimp.py, which implements a secimport() function which
+will use *.pys files.  
+
+	* testkey.py is the key used to sign and verify *.pys files.
+
+To try it out:
+	1. Run "sign.py ." to compile and sign all the *.py files in
+the current directory.
+
+	2. Run secimp.py from the command-line; it will try to
+securely import testkey.pys, which should succeed.
+
+	3. Fire up your favorite editor, and change a single byte in a
+string somewhere in testkey.pys.  Run secimp.py again; it should raise
+an exception when the signature can't be verified.