Missing optional lib

121 files changed, 19521 insertions, 0 deletions

diff --git a/lib/Python/Lib/Crypto/Cipher/AES.py b/lib/Python/Lib/Crypto/Cipher/AES.py
new file mode 100644
index 000000000..14f68d8ca
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Cipher/AES.py
@@ -0,0 +1,115 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/AES.py : AES
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+"""AES symmetric cipher
+
+AES `(Advanced Encryption Standard)`__ is a symmetric block cipher standardized
+by NIST_ . It has a fixed data block size of 16 bytes.
+Its keys can be 128, 192, or 256 bits long.
+
+AES is very fast and secure, and it is the de facto standard for symmetric
+encryption.
+
+As an example, encryption can be done as follows:
+
+    >>> from Crypto.Cipher import AES
+    >>> from Crypto import Random
+    >>>
+    >>> key = b'Sixteen byte key'
+    >>> iv = Random.new().read(AES.block_size)
+    >>> cipher = AES.new(key, AES.MODE_CFB, iv)
+    >>> msg = iv + cipher.encrypt(b'Attack at dawn')
+
+.. __: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
+.. _NIST: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
+
+:undocumented: __revision__, __package__
+"""
+
+__revision__ = "$Id$"
+
+from Crypto.Cipher import blockalgo
+from Crypto.Cipher import _AES
+
+class AESCipher (blockalgo.BlockAlgo):
+    """AES cipher object"""
+
+    def __init__(self, key, *args, **kwargs):
+        """Initialize an AES cipher object
+        
+        See also `new()` at the module level."""
+        blockalgo.BlockAlgo.__init__(self, _AES, key, *args, **kwargs)
+
+def new(key, *args, **kwargs):
+    """Create a new AES cipher
+
+    :Parameters:
+      key : byte string
+        The secret key to use in the symmetric cipher.
+        It must be 16 (*AES-128*), 24 (*AES-192*), or 32 (*AES-256*) bytes long.
+    :Keywords:
+      mode : a *MODE_** constant
+        The chaining mode to use for encryption or decryption.
+        Default is `MODE_ECB`.
+      IV : byte string
+        The initialization vector to use for encryption or decryption.
+        
+        It is ignored for `MODE_ECB` and `MODE_CTR`.
+
+        For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption
+        and `block_size` +2 bytes for decryption (in the latter case, it is
+        actually the *encrypted* IV which was prefixed to the ciphertext).
+        It is mandatory.
+       
+        For all other modes, it must be `block_size` bytes longs. It is optional and
+        when not present it will be given a default value of all zeroes.
+      counter : callable
+        (*Only* `MODE_CTR`). A stateful function that returns the next
+        *counter block*, which is a byte string of `block_size` bytes.
+        For better performance, use `Crypto.Util.Counter`.
+      segment_size : integer
+        (*Only* `MODE_CFB`).The number of bits the plaintext and ciphertext
+        are segmented in.
+        It must be a multiple of 8. If 0 or not specified, it will be assumed to be 8.
+
+    :Return: an `AESCipher` object
+    """
+    return AESCipher(key, *args, **kwargs)
+
+#: Electronic Code Book (ECB). See `blockalgo.MODE_ECB`.
+MODE_ECB = 1
+#: Cipher-Block Chaining (CBC). See `blockalgo.MODE_CBC`.
+MODE_CBC = 2
+#: Cipher FeedBack (CFB). See `blockalgo.MODE_CFB`.
+MODE_CFB = 3
+#: This mode should not be used.
+MODE_PGP = 4
+#: Output FeedBack (OFB). See `blockalgo.MODE_OFB`.
+MODE_OFB = 5
+#: CounTer Mode (CTR). See `blockalgo.MODE_CTR`.
+MODE_CTR = 6
+#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`.
+MODE_OPENPGP = 7
+#: Size of a data block (in bytes)
+block_size = 16
+#: Size of a key (in bytes)
+key_size = ( 16, 24, 32 )
+
diff --git a/lib/Python/Lib/Crypto/Cipher/ARC2.py b/lib/Python/Lib/Crypto/Cipher/ARC2.py
new file mode 100644
index 000000000..7b5f43aa7
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Cipher/ARC2.py
@@ -0,0 +1,130 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/ARC2.py : ARC2.py
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+"""RC2 symmetric cipher
+
+RC2_ (Rivest's Cipher version 2)  is a symmetric block cipher designed
+by Ron Rivest in 1987. The cipher started as a proprietary design,
+that was reverse engineered and anonymously posted on Usenet in 1996.
+For this reason, the algorithm was first called *Alleged* RC2 (ARC2),
+since the company that owned RC2 (RSA Data Inc.) did not confirm whether
+the details leaked into public domain were really correct.
+
+The company eventually published its full specification in RFC2268_.
+
+RC2 has a fixed data block size of 8 bytes. Length of its keys can vary from
+8 to 128 bits. One particular property of RC2 is that the actual
+cryptographic strength of the key (*effective key length*) can be reduced 
+via a parameter.
+
+Even though RC2 is not cryptographically broken, it has not been analyzed as
+thoroughly as AES, which is also faster than RC2.
+
+New designs should not use RC2.
+
+As an example, encryption can be done as follows:
+
+    >>> from Crypto.Cipher import ARC2
+    >>> from Crypto import Random
+    >>>
+    >>> key = b'Sixteen byte key'
+    >>> iv = Random.new().read(ARC2.block_size)
+    >>> cipher = ARC2.new(key, ARC2.MODE_CFB, iv)
+    >>> msg = iv + cipher.encrypt(b'Attack at dawn')
+
+.. _RC2: http://en.wikipedia.org/wiki/RC2
+.. _RFC2268: http://tools.ietf.org/html/rfc2268
+
+:undocumented: __revision__, __package__
+"""
+
+__revision__ = "$Id$"
+
+from Crypto.Cipher import blockalgo
+from Crypto.Cipher import _ARC2
+
+class RC2Cipher (blockalgo.BlockAlgo):
+    """RC2 cipher object"""
+
+    def __init__(self, key, *args, **kwargs):
+        """Initialize an ARC2 cipher object
+        
+        See also `new()` at the module level."""
+        blockalgo.BlockAlgo.__init__(self, _ARC2, key, *args, **kwargs)
+
+def new(key, *args, **kwargs):
+    """Create a new RC2 cipher
+
+    :Parameters:
+      key : byte string
+        The secret key to use in the symmetric cipher.
+        Its length can vary from 1 to 128 bytes.
+    :Keywords:
+      mode : a *MODE_** constant
+        The chaining mode to use for encryption or decryption.
+        Default is `MODE_ECB`.
+      IV : byte string
+        The initialization vector to use for encryption or decryption.
+        
+        It is ignored for `MODE_ECB` and `MODE_CTR`.
+
+        For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption
+        and `block_size` +2 bytes for decryption (in the latter case, it is
+        actually the *encrypted* IV which was prefixed to the ciphertext).
+        It is mandatory.
+       
+        For all other modes, it must be `block_size` bytes longs. It is optional and
+        when not present it will be given a default value of all zeroes.
+      counter : callable
+        (*Only* `MODE_CTR`). A stateful function that returns the next
+        *counter block*, which is a byte string of `block_size` bytes.
+        For better performance, use `Crypto.Util.Counter`.
+      segment_size : integer
+        (*Only* `MODE_CFB`).The number of bits the plaintext and ciphertext
+        are segmented in.
+        It must be a multiple of 8. If 0 or not specified, it will be assumed to be 8.
+      effective_keylen : integer
+        Maximum cryptographic strength of the key, in bits.
+        It can vary from 0 to 1024. The default value is 1024.
+
+    :Return: an `RC2Cipher` object
+    """
+    return RC2Cipher(key, *args, **kwargs)
+
+#: Electronic Code Book (ECB). See `blockalgo.MODE_ECB`.
+MODE_ECB = 1
+#: Cipher-Block Chaining (CBC). See `blockalgo.MODE_CBC`.
+MODE_CBC = 2
+#: Cipher FeedBack (CFB). See `blockalgo.MODE_CFB`.
+MODE_CFB = 3
+#: This mode should not be used.
+MODE_PGP = 4
+#: Output FeedBack (OFB). See `blockalgo.MODE_OFB`.
+MODE_OFB = 5
+#: CounTer Mode (CTR). See `blockalgo.MODE_CTR`.
+MODE_CTR = 6
+#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`.
+MODE_OPENPGP = 7
+#: Size of a data block (in bytes)
+block_size = 8
+#: Size of a key (in bytes)
+key_size = xrange(1,16+1)
+
diff --git a/lib/Python/Lib/Crypto/Cipher/ARC4.py b/lib/Python/Lib/Crypto/Cipher/ARC4.py
new file mode 100644
index 000000000..b745e7ce6
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Cipher/ARC4.py
@@ -0,0 +1,120 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/ARC4.py : ARC4
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+"""ARC4 symmetric cipher
+
+ARC4_ (Alleged RC4) is an implementation of RC4 (Rivest's Cipher version 4),
+a symmetric stream cipher designed by Ron Rivest in 1987.
+
+The cipher started as a proprietary design, that was reverse engineered and
+anonymously posted on Usenet in 1994. The company that owns RC4 (RSA Data
+Inc.) never confirmed the correctness of the leaked algorithm.
+
+Unlike RC2, the company has never published the full specification of RC4,
+of whom it still holds the trademark.
+
+ARC4 keys can vary in length from 40 to 2048 bits.
+
+One problem of ARC4 is that it does not take a nonce or an IV. If it is required
+to encrypt multiple messages with the same long-term key, a distinct
+independent nonce must be created for each message, and a short-term key must
+be derived from the combination of the long-term key and the nonce.
+Due to the weak key scheduling algorithm of RC2, the combination must be carried
+out with a complex function (e.g. a cryptographic hash) and not by simply
+concatenating key and nonce.
+
+New designs should not use ARC4. A good alternative is AES
+(`Crypto.Cipher.AES`) in any of the modes that turn it into a stream cipher (OFB, CFB, or CTR).
+
+As an example, encryption can be done as follows:
+
+    >>> from Crypto.Cipher import ARC4
+    >>> from Crypto.Hash import SHA
+    >>> from Crypto import Random
+    >>>
+    >>> key = b'Very long and confidential key'
+    >>> nonce = Random.new().read(16)
+    >>> tempkey = SHA.new(key+nonce).digest()
+    >>> cipher = ARC4.new(tempkey)
+    >>> msg = nonce + cipher.encrypt(b'Open the pod bay doors, HAL')
+
+.. _ARC4: http://en.wikipedia.org/wiki/RC4
+
+:undocumented: __revision__, __package__
+"""
+
+__revision__ = "$Id$"
+
+from Crypto.Cipher import _ARC4
+
+class ARC4Cipher:
+    """ARC4 cipher object"""
+
+
+    def __init__(self, key, *args, **kwargs):
+        """Initialize an ARC4 cipher object
+        
+        See also `new()` at the module level."""
+
+        self._cipher = _ARC4.new(key, *args, **kwargs)
+        self.block_size = self._cipher.block_size
+        self.key_size = self._cipher.key_size
+
+    def encrypt(self, plaintext):
+        """Encrypt a piece of data.
+
+        :Parameters:
+          plaintext : byte string
+            The piece of data to encrypt. It can be of any size.
+        :Return: the encrypted data (byte string, as long as the
+          plaintext).
+        """
+        return self._cipher.encrypt(plaintext)
+
+    def decrypt(self, ciphertext):
+        """Decrypt a piece of data.
+
+        :Parameters:
+          ciphertext : byte string
+            The piece of data to decrypt. It can be of any size.
+        :Return: the decrypted data (byte string, as long as the
+          ciphertext).
+        """
+        return self._cipher.decrypt(ciphertext)
+
+def new(key, *args, **kwargs):
+    """Create a new ARC4 cipher
+
+    :Parameters:
+      key : byte string
+        The secret key to use in the symmetric cipher.
+        It can have any length, with a minimum of 40 bytes.
+        Its cryptograpic strength is always capped to 2048 bits (256 bytes).
+
+    :Return: an `ARC4Cipher` object
+    """
+    return ARC4Cipher(key, *args, **kwargs)
+
+#: Size of a data block (in bytes)
+block_size = 1
+#: Size of a key (in bytes)
+key_size = xrange(1,256+1)
+
diff --git a/lib/Python/Lib/Crypto/Cipher/Blowfish.py b/lib/Python/Lib/Crypto/Cipher/Blowfish.py
new file mode 100644
index 000000000..3f12bea26
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Cipher/Blowfish.py
@@ -0,0 +1,121 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/Blowfish.py : Blowfish
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+"""Blowfish symmetric cipher
+
+Blowfish_ is a symmetric block cipher designed by Bruce Schneier.
+
+It has a fixed data block size of 8 bytes and its keys can vary in length
+from 32 to 448 bits (4 to 56 bytes).
+
+Blowfish is deemed secure and it is fast. However, its keys should be chosen
+to be big enough to withstand a brute force attack (e.g. at least 16 bytes).
+
+As an example, encryption can be done as follows:
+
+    >>> from Crypto.Cipher import Blowfish
+    >>> from Crypto import Random
+    >>> from struct import pack
+    >>>
+    >>> bs = Blowfish.block_size
+    >>> key = b'An arbitrarily long key'
+    >>> iv = Random.new().read(bs)
+    >>> cipher = Blowfish.new(key, Blowfish.MODE_CBC, iv)
+    >>> plaintext = b'docendo discimus '
+    >>> plen = bs - divmod(len(plaintext),bs)[1]
+    >>> padding = [plen]*plen
+    >>> padding = pack('b'*plen, *padding)
+    >>> msg = iv + cipher.encrypt(plaintext + padding)
+
+.. _Blowfish: http://www.schneier.com/blowfish.html
+
+:undocumented: __revision__, __package__
+"""
+
+__revision__ = "$Id$"
+
+from Crypto.Cipher import blockalgo
+from Crypto.Cipher import _Blowfish
+
+class BlowfishCipher (blockalgo.BlockAlgo):
+    """Blowfish cipher object"""
+
+    def __init__(self, key, *args, **kwargs):
+        """Initialize a Blowfish cipher object
+        
+        See also `new()` at the module level."""
+        blockalgo.BlockAlgo.__init__(self, _Blowfish, key, *args, **kwargs)
+
+def new(key, *args, **kwargs):
+    """Create a new Blowfish cipher
+
+    :Parameters:
+      key : byte string
+        The secret key to use in the symmetric cipher.
+        Its length can vary from 4 to 56 bytes.
+    :Keywords:
+      mode : a *MODE_** constant
+        The chaining mode to use for encryption or decryption.
+        Default is `MODE_ECB`.
+      IV : byte string
+        The initialization vector to use for encryption or decryption.
+        
+        It is ignored for `MODE_ECB` and `MODE_CTR`.
+
+        For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption
+        and `block_size` +2 bytes for decryption (in the latter case, it is
+        actually the *encrypted* IV which was prefixed to the ciphertext).
+        It is mandatory.
+       
+        For all other modes, it must be `block_size` bytes longs. It is optional and
+        when not present it will be given a default value of all zeroes.
+      counter : callable
+        (*Only* `MODE_CTR`). A stateful function that returns the next
+        *counter block*, which is a byte string of `block_size` bytes.
+        For better performance, use `Crypto.Util.Counter`.
+      segment_size : integer
+        (*Only* `MODE_CFB`).The number of bits the plaintext and ciphertext
+        are segmented in.
+        It must be a multiple of 8. If 0 or not specified, it will be assumed to be 8.
+
+    :Return: a `BlowfishCipher` object
+    """
+    return BlowfishCipher(key, *args, **kwargs)
+
+#: Electronic Code Book (ECB). See `blockalgo.MODE_ECB`.
+MODE_ECB = 1
+#: Cipher-Block Chaining (CBC). See `blockalgo.MODE_CBC`.
+MODE_CBC = 2
+#: Cipher FeedBack (CFB). See `blockalgo.MODE_CFB`.
+MODE_CFB = 3
+#: This mode should not be used.
+MODE_PGP = 4
+#: Output FeedBack (OFB). See `blockalgo.MODE_OFB`.
+MODE_OFB = 5
+#: CounTer Mode (CTR). See `blockalgo.MODE_CTR`.
+MODE_CTR = 6
+#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`.
+MODE_OPENPGP = 7
+#: Size of a data block (in bytes)
+block_size = 8
+#: Size of a key (in bytes)
+key_size = xrange(4,56+1)
+
diff --git a/lib/Python/Lib/Crypto/Cipher/CAST.py b/lib/Python/Lib/Crypto/Cipher/CAST.py
new file mode 100644
index 000000000..f08dab3e0
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Cipher/CAST.py
@@ -0,0 +1,123 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/CAST.py : CAST
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+"""CAST-128 symmetric cipher
+
+CAST-128_ (or CAST5) is a symmetric block cipher specified in RFC2144_.
+
+It has a fixed data block size of 8 bytes. Its key can vary in length
+from 40 to 128 bits.
+
+CAST is deemed to be cryptographically secure, but its usage is not widespread.
+Keys of sufficient length should be used to prevent brute force attacks
+(128 bits are recommended).
+
+As an example, encryption can be done as follows:
+
+    >>> from Crypto.Cipher import CAST
+    >>> from Crypto import Random
+    >>>
+    >>> key = b'Sixteen byte key'
+    >>> iv = Random.new().read(CAST.block_size)
+    >>> cipher = CAST.new(key, CAST.MODE_OPENPGP, iv)
+    >>> plaintext = b'sona si latine loqueris '
+    >>> msg = cipher.encrypt(plaintext)
+    >>>
+    ...
+    >>> eiv = msg[:CAST.block_size+2]
+    >>> ciphertext = msg[CAST.block_size+2:]
+    >>> cipher = CAST.new(key, CAST.MODE_OPENPGP, eiv)
+    >>> print cipher.decrypt(ciphertext)
+
+.. _CAST-128: http://en.wikipedia.org/wiki/CAST-128
+.. _RFC2144: http://tools.ietf.org/html/rfc2144
+
+:undocumented: __revision__, __package__
+"""
+
+__revision__ = "$Id$"
+
+from Crypto.Cipher import blockalgo
+from Crypto.Cipher import _CAST
+
+class CAST128Cipher(blockalgo.BlockAlgo):
+    """CAST-128 cipher object"""
+
+    def __init__(self, key, *args, **kwargs):
+        """Initialize a CAST-128 cipher object
+        
+        See also `new()` at the module level."""
+        blockalgo.BlockAlgo.__init__(self, _CAST, key, *args, **kwargs)
+
+def new(key, *args, **kwargs):
+    """Create a new CAST-128 cipher
+
+    :Parameters:
+      key : byte string
+        The secret key to use in the symmetric cipher.
+        Its length may vary from 5 to 16 bytes.
+    :Keywords:
+      mode : a *MODE_** constant
+        The chaining mode to use for encryption or decryption.
+        Default is `MODE_ECB`.
+      IV : byte string
+        The initialization vector to use for encryption or decryption.
+        
+        It is ignored for `MODE_ECB` and `MODE_CTR`.
+
+        For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption
+        and `block_size` +2 bytes for decryption (in the latter case, it is
+        actually the *encrypted* IV which was prefixed to the ciphertext).
+        It is mandatory.
+       
+        For all other modes, it must be `block_size` bytes longs. It is optional and
+        when not present it will be given a default value of all zeroes.
+      counter : callable
+        (*Only* `MODE_CTR`). A stateful function that returns the next
+        *counter block*, which is a byte string of `block_size` bytes.
+        For better performance, use `Crypto.Util.Counter`.
+      segment_size : integer
+        (*Only* `MODE_CFB`).The number of bits the plaintext and ciphertext
+        are segmented in.
+        It must be a multiple of 8. If 0 or not specified, it will be assumed to be 8.
+
+    :Return: an `CAST128Cipher` object
+    """
+    return CAST128Cipher(key, *args, **kwargs)
+
+#: Electronic Code Book (ECB). See `blockalgo.MODE_ECB`.
+MODE_ECB = 1
+#: Cipher-Block Chaining (CBC). See `blockalgo.MODE_CBC`.
+MODE_CBC = 2
+#: Cipher FeedBack (CFB). See `blockalgo.MODE_CFB`.
+MODE_CFB = 3
+#: This mode should not be used.
+MODE_PGP = 4
+#: Output FeedBack (OFB). See `blockalgo.MODE_OFB`.
+MODE_OFB = 5
+#: CounTer Mode (CTR). See `blockalgo.MODE_CTR`.
+MODE_CTR = 6
+#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`.
+MODE_OPENPGP = 7
+#: Size of a data block (in bytes)
+block_size = 8
+#: Size of a key (in bytes)
+key_size = xrange(5,16+1)
diff --git a/lib/Python/Lib/Crypto/Cipher/DES.py b/lib/Python/Lib/Crypto/Cipher/DES.py
new file mode 100644
index 000000000..2fae42fda
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Cipher/DES.py
@@ -0,0 +1,118 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/DES.py : DES
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+"""DES symmetric cipher
+
+DES `(Data Encryption Standard)`__ is a symmetric block cipher standardized
+by NIST_ . It has a fixed data block size of 8 bytes.
+Its keys are 64 bits long, even though 8 bits were used for integrity (now they
+are ignored) and do not contribute to securty.
+
+DES is cryptographically secure, but its key length is too short by nowadays
+standards and it could be brute forced with some effort.
+
+DES should not be used for new designs. Use `AES`.
+
+As an example, encryption can be done as follows:
+
+    >>> from Crypto.Cipher import DES3
+    >>> from Crypto import Random
+    >>>
+    >>> key = b'Sixteen byte key'
+    >>> iv = Random.new().read(DES3.block_size)
+    >>> cipher = DES3.new(key, DES3.MODE_OFB, iv)
+    >>> plaintext = b'sona si latine loqueris '
+    >>> msg = iv + cipher.encrypt(plaintext)
+
+.. __: http://en.wikipedia.org/wiki/Data_Encryption_Standard
+.. _NIST: http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
+
+:undocumented: __revision__, __package__
+"""
+
+__revision__ = "$Id$"
+
+from Crypto.Cipher import blockalgo
+from Crypto.Cipher import _DES
+
+class DESCipher(blockalgo.BlockAlgo):
+    """DES cipher object"""
+
+    def __init__(self, key, *args, **kwargs):
+        """Initialize a DES cipher object
+        
+        See also `new()` at the module level."""
+        blockalgo.BlockAlgo.__init__(self, _DES, key, *args, **kwargs)
+
+def new(key, *args, **kwargs):
+    """Create a new DES cipher
+
+    :Parameters:
+      key : byte string
+        The secret key to use in the symmetric cipher.
+        It must be 8 byte long. The parity bits will be ignored.
+    :Keywords:
+      mode : a *MODE_** constant
+        The chaining mode to use for encryption or decryption.
+        Default is `MODE_ECB`.
+      IV : byte string
+        The initialization vector to use for encryption or decryption.
+        
+        It is ignored for `MODE_ECB` and `MODE_CTR`.
+
+        For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption
+        and `block_size` +2 bytes for decryption (in the latter case, it is
+        actually the *encrypted* IV which was prefixed to the ciphertext).
+        It is mandatory.
+       
+        For all other modes, it must be `block_size` bytes longs. It is optional and
+        when not present it will be given a default value of all zeroes.
+      counter : callable
+        (*Only* `MODE_CTR`). A stateful function that returns the next
+        *counter block*, which is a byte string of `block_size` bytes.
+        For better performance, use `Crypto.Util.Counter`.
+      segment_size : integer
+        (*Only* `MODE_CFB`).The number of bits the plaintext and ciphertext
+        are segmented in.
+        It must be a multiple of 8. If 0 or not specified, it will be assumed to be 8.
+
+    :Return: an `DESCipher` object
+    """
+    return DESCipher(key, *args, **kwargs)
+
+#: Electronic Code Book (ECB). See `blockalgo.MODE_ECB`.
+MODE_ECB = 1
+#: Cipher-Block Chaining (CBC). See `blockalgo.MODE_CBC`.
+MODE_CBC = 2
+#: Cipher FeedBack (CFB). See `blockalgo.MODE_CFB`.
+MODE_CFB = 3
+#: This mode should not be used.
+MODE_PGP = 4
+#: Output FeedBack (OFB). See `blockalgo.MODE_OFB`.
+MODE_OFB = 5
+#: CounTer Mode (CTR). See `blockalgo.MODE_CTR`.
+MODE_CTR = 6
+#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`.
+MODE_OPENPGP = 7
+#: Size of a data block (in bytes)
+block_size = 8
+#: Size of a key (in bytes)
+key_size = 8
diff --git a/lib/Python/Lib/Crypto/Cipher/DES3.py b/lib/Python/Lib/Crypto/Cipher/DES3.py
new file mode 100644
index 000000000..7fedac847
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Cipher/DES3.py
@@ -0,0 +1,133 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/DES3.py : DES3
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+"""Triple DES symmetric cipher
+
+`Triple DES`__ (or TDES or TDEA or 3DES) is a symmetric block cipher standardized by NIST_.
+It has a fixed data block size of 8 bytes. Its keys are 128 (*Option 1*) or 192
+bits (*Option 2*) long.
+However, 1 out of 8 bits is used for redundancy and do not contribute to
+security. The effective key length is respectively 112 or 168 bits.
+
+TDES consists of the concatenation of 3 simple `DES` ciphers.
+
+The plaintext is first DES encrypted with *K1*, then decrypted with *K2*,
+and finally encrypted again with *K3*.  The ciphertext is decrypted in the reverse manner.
+
+The 192 bit key is a bundle of three 64 bit independent subkeys: *K1*, *K2*, and *K3*.
+
+The 128 bit key is split into *K1* and *K2*, whereas *K1=K3*.
+
+It is important that all subkeys are different, otherwise TDES would degrade to
+single `DES`.
+
+TDES is cryptographically secure, even though it is neither as secure nor as fast
+as `AES`.
+
+As an example, encryption can be done as follows:
+
+    >>> from Crypto.Cipher import DES
+    >>> from Crypto import Random
+    >>> from Crypto.Util import Counter
+    >>>
+    >>> key = b'-8B key-'
+    >>> nonce = Random.new().read(DES.block_size/2)
+    >>> ctr = Counter.new(DES.block_size*8/2, prefix=nonce)
+    >>> cipher = DES.new(key, DES.MODE_CTR, counter=ctr)
+    >>> plaintext = b'We are no longer the knights who say ni!'
+    >>> msg = nonce + cipher.encrypt(plaintext)
+
+.. __: http://en.wikipedia.org/wiki/Triple_DES
+.. _NIST: http://csrc.nist.gov/publications/nistpubs/800-67/SP800-67.pdf
+
+:undocumented: __revision__, __package__
+"""
+
+__revision__ = "$Id$"
+
+from Crypto.Cipher import blockalgo
+from Crypto.Cipher import _DES3
+
+class DES3Cipher(blockalgo.BlockAlgo):
+    """TDES cipher object"""
+
+    def __init__(self, key, *args, **kwargs):
+        """Initialize a TDES cipher object
+        
+        See also `new()` at the module level."""
+        blockalgo.BlockAlgo.__init__(self, _DES3, key, *args, **kwargs)
+
+def new(key, *args, **kwargs):
+    """Create a new TDES cipher
+
+    :Parameters:
+      key : byte string
+        The secret key to use in the symmetric cipher.
+        It must be 16 or 24 bytes long. The parity bits will be ignored.
+    :Keywords:
+      mode : a *MODE_** constant
+        The chaining mode to use for encryption or decryption.
+        Default is `MODE_ECB`.
+      IV : byte string
+        The initialization vector to use for encryption or decryption.
+        
+        It is ignored for `MODE_ECB` and `MODE_CTR`.
+
+        For `MODE_OPENPGP`, IV must be `block_size` bytes long for encryption
+        and `block_size` +2 bytes for decryption (in the latter case, it is
+        actually the *encrypted* IV which was prefixed to the ciphertext).
+        It is mandatory.
+       
+        For all other modes, it must be `block_size` bytes longs. It is optional and
+        when not present it will be given a default value of all zeroes.
+      counter : callable
+        (*Only* `MODE_CTR`). A stateful function that returns the next
+        *counter block*, which is a byte string of `block_size` bytes.
+        For better performance, use `Crypto.Util.Counter`.
+      segment_size : integer
+        (*Only* `MODE_CFB`).The number of bits the plaintext and ciphertext
+        are segmented in.
+        It must be a multiple of 8. If 0 or not specified, it will be assumed to be 8.
+
+    :Attention: it is important that all 8 byte subkeys are different,
+      otherwise TDES would degrade to single `DES`.
+    :Return: an `DES3Cipher` object
+    """
+    return DES3Cipher(key, *args, **kwargs)
+
+#: Electronic Code Book (ECB). See `blockalgo.MODE_ECB`.
+MODE_ECB = 1
+#: Cipher-Block Chaining (CBC). See `blockalgo.MODE_CBC`.
+MODE_CBC = 2
+#: Cipher FeedBack (CFB). See `blockalgo.MODE_CFB`.
+MODE_CFB = 3
+#: This mode should not be used.
+MODE_PGP = 4
+#: Output FeedBack (OFB). See `blockalgo.MODE_OFB`.
+MODE_OFB = 5
+#: CounTer Mode (CTR). See `blockalgo.MODE_CTR`.
+MODE_CTR = 6
+#: OpenPGP Mode. See `blockalgo.MODE_OPENPGP`.
+MODE_OPENPGP = 7
+#: Size of a data block (in bytes)
+block_size = 8
+#: Size of a key (in bytes)
+key_size = ( 16, 24 )
diff --git a/lib/Python/Lib/Crypto/Cipher/PKCS1_OAEP.py b/lib/Python/Lib/Crypto/Cipher/PKCS1_OAEP.py
new file mode 100644
index 000000000..9afe176f1
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Cipher/PKCS1_OAEP.py
@@ -0,0 +1,255 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/PKCS1_OAEP.py : PKCS#1 OAEP
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""RSA encryption protocol according to PKCS#1 OAEP
+
+See RFC3447__ or the `original RSA Labs specification`__ .
+
+This scheme is more properly called ``RSAES-OAEP``.
+
+As an example, a sender may encrypt a message in this way:
+
+        >>> from Crypto.Cipher import PKCS1_OAEP
+        >>> from Crypto.PublicKey import RSA
+        >>>
+        >>> message = 'To be encrypted'
+        >>> key = RSA.importKey(open('pubkey.der').read())
+        >>> cipher = PKCS1_OAEP.new(key)
+        >>> ciphertext = cipher.encrypt(message)
+
+At the receiver side, decryption can be done using the private part of
+the RSA key:
+
+        >>> key = RSA.importKey(open('privkey.der').read())
+        >>> cipher = PKCS1_OAP.new(key)
+        >>> message = cipher.decrypt(ciphertext)
+
+:undocumented: __revision__, __package__
+
+.. __: http://www.ietf.org/rfc/rfc3447.txt
+.. __: http://www.rsa.com/rsalabs/node.asp?id=2125.
+"""
+
+from __future__ import nested_scopes
+
+__revision__ = "$Id$"
+__all__ = [ 'new', 'PKCS1OAEP_Cipher' ]
+
+import Crypto.Signature.PKCS1_PSS
+import Crypto.Hash.SHA
+
+from Crypto.Util.py3compat import *
+import Crypto.Util.number
+from   Crypto.Util.number import ceil_div
+from   Crypto.Util.strxor import strxor
+
+class PKCS1OAEP_Cipher:
+    """This cipher can perform PKCS#1 v1.5 OAEP encryption or decryption."""
+
+    def __init__(self, key, hashAlgo, mgfunc, label):
+        """Initialize this PKCS#1 OAEP cipher object.
+        
+        :Parameters:
+         key : an RSA key object
+          If a private half is given, both encryption and decryption are possible.
+          If a public half is given, only encryption is possible.
+         hashAlgo : hash object
+                The hash function to use. This can be a module under `Crypto.Hash`
+                or an existing hash object created from any of such modules. If not specified,
+                `Crypto.Hash.SHA` (that is, SHA-1) is used.
+         mgfunc : callable
+                A mask generation function that accepts two parameters: a string to
+                use as seed, and the lenth of the mask to generate, in bytes.
+                If not specified, the standard MGF1 is used (a safe choice).
+         label : string
+                A label to apply to this particular encryption. If not specified,
+                an empty string is used. Specifying a label does not improve
+                security.
+ 
+        :attention: Modify the mask generation function only if you know what you are doing.
+                    Sender and receiver must use the same one.
+        """
+        self._key = key
+
+        if hashAlgo:
+            self._hashObj = hashAlgo
+        else:
+            self._hashObj = Crypto.Hash.SHA
+
+        if mgfunc:
+            self._mgf = mgfunc
+        else:
+            self._mgf = lambda x,y: Crypto.Signature.PKCS1_PSS.MGF1(x,y,self._hashObj)
+
+        self._label = label
+
+    def can_encrypt(self):
+        """Return True/1 if this cipher object can be used for encryption."""
+        return self._key.can_encrypt()
+
+    def can_decrypt(self):
+        """Return True/1 if this cipher object can be used for decryption."""
+        return self._key.can_decrypt()
+
+    def encrypt(self, message):
+        """Produce the PKCS#1 OAEP encryption of a message.
+    
+        This function is named ``RSAES-OAEP-ENCRYPT``, and is specified in
+        section 7.1.1 of RFC3447.
+    
+        :Parameters:
+         message : string
+                The message to encrypt, also known as plaintext. It can be of
+                variable length, but not longer than the RSA modulus (in bytes)
+                minus 2, minus twice the hash output size.
+   
+        :Return: A string, the ciphertext in which the message is encrypted.
+            It is as long as the RSA modulus (in bytes).
+        :Raise ValueError:
+            If the RSA key length is not sufficiently long to deal with the given
+            message.
+        """
+        # TODO: Verify the key is RSA
+    
+        randFunc = self._key._randfunc
+    
+        # See 7.1.1 in RFC3447
+        modBits = Crypto.Util.number.size(self._key.n)
+        k = ceil_div(modBits,8) # Convert from bits to bytes
+        hLen = self._hashObj.digest_size
+        mLen = len(message)
+    
+        # Step 1b
+        ps_len = k-mLen-2*hLen-2
+        if ps_len<0:
+            raise ValueError("Plaintext is too long.")
+        # Step 2a
+        lHash = self._hashObj.new(self._label).digest()
+        # Step 2b
+        ps = bchr(0x00)*ps_len
+        # Step 2c
+        db = lHash + ps + bchr(0x01) + message
+        # Step 2d
+        ros = randFunc(hLen)
+        # Step 2e
+        dbMask = self._mgf(ros, k-hLen-1)
+        # Step 2f
+        maskedDB = strxor(db, dbMask)
+        # Step 2g
+        seedMask = self._mgf(maskedDB, hLen)
+        # Step 2h
+        maskedSeed = strxor(ros, seedMask)
+        # Step 2i
+        em = bchr(0x00) + maskedSeed + maskedDB
+        # Step 3a (OS2IP), step 3b (RSAEP), part of step 3c (I2OSP)
+        m = self._key.encrypt(em, 0)[0]
+        # Complete step 3c (I2OSP)
+        c = bchr(0x00)*(k-len(m)) + m
+        return c
+    
+    def decrypt(self, ct):
+        """Decrypt a PKCS#1 OAEP ciphertext.
+    
+        This function is named ``RSAES-OAEP-DECRYPT``, and is specified in
+        section 7.1.2 of RFC3447.
+    
+        :Parameters:
+         ct : string
+                The ciphertext that contains the message to recover.
+   
+        :Return: A string, the original message.
+        :Raise ValueError:
+            If the ciphertext length is incorrect, or if the decryption does not
+            succeed.
+        :Raise TypeError:
+            If the RSA key has no private half.
+        """
+        # TODO: Verify the key is RSA
+    
+        # See 7.1.2 in RFC3447
+        modBits = Crypto.Util.number.size(self._key.n)
+        k = ceil_div(modBits,8) # Convert from bits to bytes
+        hLen = self._hashObj.digest_size
+    
+        # Step 1b and 1c
+        if len(ct) != k or k<hLen+2:
+            raise ValueError("Ciphertext with incorrect length.")
+        # Step 2a (O2SIP), 2b (RSADP), and part of 2c (I2OSP)
+        m = self._key.decrypt(ct)
+        # Complete step 2c (I2OSP)
+        em = bchr(0x00)*(k-len(m)) + m
+        # Step 3a
+        lHash = self._hashObj.new(self._label).digest()
+        # Step 3b
+        y = em[0]
+        # y must be 0, but we MUST NOT check it here in order not to
+        # allow attacks like Manger's (http://dl.acm.org/citation.cfm?id=704143)
+        maskedSeed = em[1:hLen+1]
+        maskedDB = em[hLen+1:]
+        # Step 3c
+        seedMask = self._mgf(maskedDB, hLen)
+        # Step 3d
+        seed = strxor(maskedSeed, seedMask)
+        # Step 3e
+        dbMask = self._mgf(seed, k-hLen-1)
+        # Step 3f
+        db = strxor(maskedDB, dbMask)
+        # Step 3g
+        valid = 1
+        one = db[hLen:].find(bchr(0x01))
+        lHash1 = db[:hLen]
+        if lHash1!=lHash:
+            valid = 0
+        if one<0:
+            valid = 0
+        if bord(y)!=0:
+            valid = 0
+        if not valid:
+            raise ValueError("Incorrect decryption.")
+        # Step 4
+        return db[hLen+one+1:]
+
+def new(key, hashAlgo=None, mgfunc=None, label=b('')):
+    """Return a cipher object `PKCS1OAEP_Cipher` that can be used to perform PKCS#1 OAEP encryption or decryption.
+
+    :Parameters:
+     key : RSA key object
+      The key to use to encrypt or decrypt the message. This is a `Crypto.PublicKey.RSA` object.
+      Decryption is only possible if *key* is a private RSA key.
+     hashAlgo : hash object
+      The hash function to use. This can be a module under `Crypto.Hash`
+      or an existing hash object created from any of such modules. If not specified,
+      `Crypto.Hash.SHA` (that is, SHA-1) is used.
+     mgfunc : callable
+      A mask generation function that accepts two parameters: a string to
+      use as seed, and the lenth of the mask to generate, in bytes.
+      If not specified, the standard MGF1 is used (a safe choice).
+     label : string
+      A label to apply to this particular encryption. If not specified,
+      an empty string is used. Specifying a label does not improve
+      security.
+ 
+    :attention: Modify the mask generation function only if you know what you are doing.
+      Sender and receiver must use the same one.
+    """
+    return PKCS1OAEP_Cipher(key, hashAlgo, mgfunc, label)
+
diff --git a/lib/Python/Lib/Crypto/Cipher/PKCS1_v1_5.py b/lib/Python/Lib/Crypto/Cipher/PKCS1_v1_5.py
new file mode 100644
index 000000000..c89035d79
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Cipher/PKCS1_v1_5.py
@@ -0,0 +1,226 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/PKCS1-v1_5.py : PKCS#1 v1.5
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""RSA encryption protocol according to PKCS#1 v1.5
+
+See RFC3447__ or the `original RSA Labs specification`__ .
+
+This scheme is more properly called ``RSAES-PKCS1-v1_5``.
+
+**If you are designing a new protocol, consider using the more robust PKCS#1 OAEP.**
+
+As an example, a sender may encrypt a message in this way:
+
+        >>> from Crypto.Cipher import PKCS1_v1_5
+        >>> from Crypto.PublicKey import RSA
+        >>> from Crypto.Hash import SHA
+        >>>
+        >>> message = 'To be encrypted'
+        >>> h = SHA.new(message)
+        >>>
+        >>> key = RSA.importKey(open('pubkey.der').read())
+        >>> cipher = PKCS1_v1_5.new(key)
+        >>> ciphertext = cipher.encrypt(message+h.digest())
+
+At the receiver side, decryption can be done using the private part of
+the RSA key:
+
+        >>> From Crypto.Hash import SHA
+        >>> from Crypto import Random
+        >>>
+        >>> key = RSA.importKey(open('privkey.der').read())
+        >>>
+        >>> dsize = SHA.digest_size
+        >>> sentinel = Random.new().read(15+dsize)      # Let's assume that average data length is 15
+        >>>
+        >>> cipher = PKCS1_v1_5.new(key)
+        >>> message = cipher.decrypt(ciphertext, sentinel)
+        >>>
+        >>> digest = SHA.new(message[:-dsize]).digest()
+        >>> if digest==message[-dsize:]:                # Note how we DO NOT look for the sentinel
+        >>>     print "Encryption was correct."
+        >>> else:
+        >>>     print "Encryption was not correct."
+
+:undocumented: __revision__, __package__
+
+.. __: http://www.ietf.org/rfc/rfc3447.txt
+.. __: http://www.rsa.com/rsalabs/node.asp?id=2125.
+"""
+
+__revision__ = "$Id$"
+__all__ = [ 'new', 'PKCS115_Cipher' ]
+
+from Crypto.Util.number import ceil_div
+from Crypto.Util.py3compat import *
+import Crypto.Util.number
+
+class PKCS115_Cipher:
+    """This cipher can perform PKCS#1 v1.5 RSA encryption or decryption."""
+
+    def __init__(self, key):
+        """Initialize this PKCS#1 v1.5 cipher object.
+        
+        :Parameters:
+         key : an RSA key object
+          If a private half is given, both encryption and decryption are possible.
+          If a public half is given, only encryption is possible.
+        """
+        self._key = key
+
+    def can_encrypt(self):
+        """Return True if this cipher object can be used for encryption."""
+        return self._key.can_encrypt()
+
+    def can_decrypt(self):
+        """Return True if this cipher object can be used for decryption."""
+        return self._key.can_decrypt()
+
+    def encrypt(self, message):
+        """Produce the PKCS#1 v1.5 encryption of a message.
+    
+        This function is named ``RSAES-PKCS1-V1_5-ENCRYPT``, and is specified in
+        section 7.2.1 of RFC3447.
+        For a complete example see `Crypto.Cipher.PKCS1_v1_5`.
+    
+        :Parameters:
+         message : byte string
+                The message to encrypt, also known as plaintext. It can be of
+                variable length, but not longer than the RSA modulus (in bytes) minus 11.
+    
+        :Return: A byte string, the ciphertext in which the message is encrypted.
+            It is as long as the RSA modulus (in bytes).
+        :Raise ValueError:
+            If the RSA key length is not sufficiently long to deal with the given
+            message.
+
+        """
+        # TODO: Verify the key is RSA
+    
+        randFunc = self._key._randfunc
+    
+        # See 7.2.1 in RFC3447
+        modBits = Crypto.Util.number.size(self._key.n)
+        k = ceil_div(modBits,8) # Convert from bits to bytes
+        mLen = len(message)
+    
+        # Step 1
+        if mLen > k-11:
+            raise ValueError("Plaintext is too long.")
+        # Step 2a
+        class nonZeroRandByte:
+            def __init__(self, rf): self.rf=rf
+            def __call__(self, c):
+                while bord(c)==0x00: c=self.rf(1)[0]
+                return c
+        ps = tobytes(map(nonZeroRandByte(randFunc), randFunc(k-mLen-3)))
+        # Step 2b
+        em = b('\x00\x02') + ps + bchr(0x00) + message
+        # Step 3a (OS2IP), step 3b (RSAEP), part of step 3c (I2OSP)
+        m = self._key.encrypt(em, 0)[0]
+        # Complete step 3c (I2OSP)
+        c = bchr(0x00)*(k-len(m)) + m
+        return c
+    
+    def decrypt(self, ct, sentinel):
+        """Decrypt a PKCS#1 v1.5 ciphertext.
+    
+        This function is named ``RSAES-PKCS1-V1_5-DECRYPT``, and is specified in
+        section 7.2.2 of RFC3447.
+        For a complete example see `Crypto.Cipher.PKCS1_v1_5`.
+    
+        :Parameters:
+         ct : byte string
+                The ciphertext that contains the message to recover.
+         sentinel : any type
+                The object to return to indicate that an error was detected during decryption.
+    
+        :Return: A byte string. It is either the original message or the ``sentinel`` (in case of an error).
+        :Raise ValueError:
+            If the ciphertext length is incorrect
+        :Raise TypeError:
+            If the RSA key has no private half.
+    
+        :attention:
+            You should **never** let the party who submitted the ciphertext know that
+            this function returned the ``sentinel`` value.
+            Armed with such knowledge (for a fair amount of carefully crafted but invalid ciphertexts),
+            an attacker is able to recontruct the plaintext of any other encryption that were carried out
+            with the same RSA public key (see `Bleichenbacher's`__ attack).
+            
+            In general, it should not be possible for the other party to distinguish
+            whether processing at the server side failed because the value returned
+            was a ``sentinel`` as opposed to a random, invalid message.
+            
+            In fact, the second option is not that unlikely: encryption done according to PKCS#1 v1.5
+            embeds no good integrity check. There is roughly one chance
+            in 2^16 for a random ciphertext to be returned as a valid message
+            (although random looking).
+    
+            It is therefore advisabled to:
+    
+            1. Select as ``sentinel`` a value that resembles a plausable random, invalid message.
+            2. Not report back an error as soon as you detect a ``sentinel`` value.
+               Put differently, you should not explicitly check if the returned value is the ``sentinel`` or not.
+            3. Cover all possible errors with a single, generic error indicator.
+            4. Embed into the definition of ``message`` (at the protocol level) a digest (e.g. ``SHA-1``).
+               It is recommended for it to be the rightmost part ``message``.
+            5. Where possible, monitor the number of errors due to ciphertexts originating from the same party,
+               and slow down the rate of the requests from such party (or even blacklist it altogether).
+     
+            **If you are designing a new protocol, consider using the more robust PKCS#1 OAEP.**
+    
+            .. __: http://www.bell-labs.com/user/bleichen/papers/pkcs.ps
+    
+        """
+    
+        # TODO: Verify the key is RSA
+    
+        # See 7.2.1 in RFC3447
+        modBits = Crypto.Util.number.size(self._key.n)
+        k = ceil_div(modBits,8) # Convert from bits to bytes
+    
+        # Step 1
+        if len(ct) != k:
+            raise ValueError("Ciphertext with incorrect length.")
+        # Step 2a (O2SIP), 2b (RSADP), and part of 2c (I2OSP)
+        m = self._key.decrypt(ct)
+        # Complete step 2c (I2OSP)
+        em = bchr(0x00)*(k-len(m)) + m
+        # Step 3
+        sep = em.find(bchr(0x00),2)
+        if  not em.startswith(b('\x00\x02')) or sep<10:
+            return sentinel
+        # Step 4
+        return em[sep+1:]
+
+def new(key):
+    """Return a cipher object `PKCS115_Cipher` that can be used to perform PKCS#1 v1.5 encryption or decryption.
+
+    :Parameters:
+     key : RSA key object
+      The key to use to encrypt or decrypt the message. This is a `Crypto.PublicKey.RSA` object.
+      Decryption is only possible if *key* is a private RSA key.
+
+    """
+    return PKCS115_Cipher(key)
+
diff --git a/lib/Python/Lib/Crypto/Cipher/XOR.py b/lib/Python/Lib/Crypto/Cipher/XOR.py
new file mode 100644
index 000000000..26ec1b108
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Cipher/XOR.py
@@ -0,0 +1,86 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/XOR.py : XOR
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+"""XOR toy cipher
+
+XOR is one the simplest stream ciphers. Encryption and decryption are
+performed by XOR-ing data with a keystream made by contatenating
+the key.
+
+Do not use it for real applications!
+
+:undocumented: __revision__, __package__
+"""
+
+__revision__ = "$Id$"
+
+from Crypto.Cipher import _XOR
+
+class XORCipher:
+    """XOR cipher object"""
+
+    def __init__(self, key, *args, **kwargs):
+        """Initialize a XOR cipher object
+        
+        See also `new()` at the module level."""
+        self._cipher = _XOR.new(key, *args, **kwargs)
+        self.block_size = self._cipher.block_size
+        self.key_size = self._cipher.key_size
+
+    def encrypt(self, plaintext):
+        """Encrypt a piece of data.
+
+        :Parameters:
+          plaintext : byte string
+            The piece of data to encrypt. It can be of any size.
+        :Return: the encrypted data (byte string, as long as the
+          plaintext).
+        """
+        return self._cipher.encrypt(plaintext)
+
+    def decrypt(self, ciphertext):
+        """Decrypt a piece of data.
+
+        :Parameters:
+          ciphertext : byte string
+            The piece of data to decrypt. It can be of any size.
+        :Return: the decrypted data (byte string, as long as the
+          ciphertext).
+        """
+        return self._cipher.decrypt(ciphertext)
+
+def new(key, *args, **kwargs):
+    """Create a new XOR cipher
+
+    :Parameters:
+      key : byte string
+        The secret key to use in the symmetric cipher.
+        Its length may vary from 1 to 32 bytes.
+
+    :Return: an `XORCipher` object
+    """
+    return XORCipher(key, *args, **kwargs)
+
+#: Size of a data block (in bytes)
+block_size = 1
+#: Size of a key (in bytes)
+key_size = xrange(1,32+1)
+
diff --git a/lib/Python/Lib/Crypto/Cipher/__init__.py b/lib/Python/Lib/Crypto/Cipher/__init__.py
new file mode 100644
index 000000000..7afed2d4b
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Cipher/__init__.py
@@ -0,0 +1,83 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Symmetric- and asymmetric-key encryption algorithms.
+
+Encryption algorithms transform plaintext in some way that
+is dependent on a key or key pair, producing ciphertext.
+
+Symmetric algorithms
+--------------------
+
+Encryption can easily be reversed, if (and, hopefully, only if)
+one knows the same key.
+In other words, sender and receiver share the same key.
+
+The symmetric encryption modules here all support the interface described in PEP
+272, "API for Block Encryption Algorithms".
+
+If you don't know which algorithm to choose, use AES because it's
+standard and has undergone a fair bit of examination.
+
+========================    =======   ========================
+Module name                 Type      Description
+========================    =======   ========================
+`Crypto.Cipher.AES`         Block     Advanced Encryption Standard
+`Crypto.Cipher.ARC2`        Block     Alleged RC2
+`Crypto.Cipher.ARC4`        Stream    Alleged RC4
+`Crypto.Cipher.Blowfish`    Block     Blowfish
+`Crypto.Cipher.CAST`        Block     CAST
+`Crypto.Cipher.DES`         Block     The Data Encryption Standard.
+                                      Very commonly used in the past,
+                                      but today its 56-bit keys are too small.
+`Crypto.Cipher.DES3`        Block     Triple DES.
+`Crypto.Cipher.XOR`         Stream    The simple XOR cipher.
+========================    =======   ========================
+
+
+Asymmetric algorithms
+---------------------
+
+For asymmetric algorithms, the key to be used for decryption is totally
+different and cannot be derived in a feasible way from the key used
+for encryption. Put differently, sender and receiver each own one half
+of a key pair. The encryption key is often called ``public`` whereas
+the decryption key is called ``private``.
+
+==========================    =======================
+Module name                   Description
+==========================    =======================
+`Crypto.Cipher.PKCS1_v1_5`    PKCS#1 v1.5 encryption, based on RSA key pairs
+`Crypto.Cipher.PKCS1_OAEP`    PKCS#1 OAEP encryption, based on RSA key pairs
+==========================    =======================
+
+:undocumented: __revision__, __package__, _AES, _ARC2, _ARC4, _Blowfish
+               _CAST, _DES, _DES3, _XOR
+"""
+
+__all__ = ['AES', 'ARC2', 'ARC4',
+           'Blowfish', 'CAST', 'DES', 'DES3',
+           'XOR',
+           'PKCS1_v1_5', 'PKCS1_OAEP'
+           ]
+
+__revision__ = "$Id$"
+
+
diff --git a/lib/Python/Lib/Crypto/Cipher/blockalgo.py b/lib/Python/Lib/Crypto/Cipher/blockalgo.py
new file mode 100644
index 000000000..dd183dcb5
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Cipher/blockalgo.py
@@ -0,0 +1,296 @@
+# -*- coding: utf-8 -*-
+#
+#  Cipher/blockalgo.py 
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+"""Module with definitions common to all block ciphers."""
+
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+from Crypto.Util.py3compat import *
+
+#: *Electronic Code Book (ECB)*.
+#: This is the simplest encryption mode. Each of the plaintext blocks
+#: is directly encrypted into a ciphertext block, independently of
+#: any other block. This mode exposes frequency of symbols
+#: in your plaintext. Other modes (e.g. *CBC*) should be used instead.
+#:
+#: See `NIST SP800-38A`_ , Section 6.1 .
+#:
+#: .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+MODE_ECB = 1
+
+#: *Cipher-Block Chaining (CBC)*. Each of the ciphertext blocks depends
+#: on the current and all previous plaintext blocks. An Initialization Vector
+#: (*IV*) is required.
+#:
+#: The *IV* is a data block to be transmitted to the receiver.
+#: The *IV* can be made public, but it must be authenticated by the receiver and
+#: it should be picked randomly.
+#:
+#: See `NIST SP800-38A`_ , Section 6.2 .
+#:
+#: .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+MODE_CBC = 2
+
+#: *Cipher FeedBack (CFB)*. This mode is similar to CBC, but it transforms
+#: the underlying block cipher into a stream cipher. Plaintext and ciphertext
+#: are processed in *segments* of **s** bits. The mode is therefore sometimes
+#: labelled **s**-bit CFB. An Initialization Vector (*IV*) is required.
+#:
+#: When encrypting, each ciphertext segment contributes to the encryption of
+#: the next plaintext segment.
+#:
+#: This *IV* is a data block to be transmitted to the receiver.
+#: The *IV* can be made public, but it should be picked randomly.
+#: Reusing the same *IV* for encryptions done with the same key lead to
+#: catastrophic cryptographic failures.
+#:
+#: See `NIST SP800-38A`_ , Section 6.3 .
+#:
+#: .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+MODE_CFB = 3
+
+#: This mode should not be used.
+MODE_PGP = 4
+
+#: *Output FeedBack (OFB)*. This mode is very similar to CBC, but it
+#: transforms the underlying block cipher into a stream cipher.
+#: The keystream is the iterated block encryption of an Initialization Vector (*IV*).
+#:
+#: The *IV* is a data block to be transmitted to the receiver.
+#: The *IV* can be made public, but it should be picked randomly.
+#:
+#: Reusing the same *IV* for encryptions done with the same key lead to
+#: catastrophic cryptograhic failures.
+#:
+#: See `NIST SP800-38A`_ , Section 6.4 .
+#:
+#: .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+MODE_OFB = 5
+
+#: *CounTeR (CTR)*. This mode is very similar to ECB, in that
+#: encryption of one block is done independently of all other blocks.
+#: Unlike ECB, the block *position* contributes to the encryption and no
+#: information leaks about symbol frequency.
+#:
+#: Each message block is associated to a *counter* which must be unique
+#: across all messages that get encrypted with the same key (not just within
+#: the same message). The counter is as big as the block size.
+#:
+#: Counters can be generated in several ways. The most straightword one is
+#: to choose an *initial counter block* (which can be made public, similarly
+#: to the *IV* for the other modes) and increment its lowest **m** bits by
+#: one (modulo *2^m*) for each block. In most cases, **m** is chosen to be half
+#: the block size.
+#: 
+#: Reusing the same *initial counter block* for encryptions done with the same
+#: key lead to catastrophic cryptograhic failures.
+#:
+#: See `NIST SP800-38A`_ , Section 6.5 (for the mode) and Appendix B (for how
+#: to manage the *initial counter block*).
+#:
+#: .. _`NIST SP800-38A` : http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+MODE_CTR = 6
+
+#: OpenPGP. This mode is a variant of CFB, and it is only used in PGP and OpenPGP_ applications.
+#: An Initialization Vector (*IV*) is required.
+#: 
+#: Unlike CFB, the IV is not transmitted to the receiver. Instead, the *encrypted* IV is.
+#: The IV is a random data block. Two of its bytes are duplicated to act as a checksum
+#: for the correctness of the key. The encrypted IV is therefore 2 bytes longer than
+#: the clean IV.
+#:
+#: .. _OpenPGP: http://tools.ietf.org/html/rfc4880
+MODE_OPENPGP = 7
+
+def _getParameter(name, index, args, kwargs, default=None):
+    """Find a parameter in tuple and dictionary arguments a function receives"""
+    param = kwargs.get(name)
+    if len(args)>index:
+        if param:
+            raise ValueError("Parameter '%s' is specified twice" % name)
+        param = args[index]
+    return param or default
+    
+class BlockAlgo:
+    """Class modelling an abstract block cipher."""
+
+    def __init__(self, factory, key, *args, **kwargs):
+        self.mode = _getParameter('mode', 0, args, kwargs, default=MODE_ECB)
+        self.block_size = factory.block_size
+        
+        if self.mode != MODE_OPENPGP:
+            self._cipher = factory.new(key, *args, **kwargs)
+            self.IV = self._cipher.IV
+        else:
+            # OPENPGP mode. For details, see 13.9 in RCC4880.
+            #
+            # A few members are specifically created for this mode:
+            #  - _encrypted_iv, set in this constructor
+            #  - _done_first_block, set to True after the first encryption
+            #  - _done_last_block, set to True after a partial block is processed
+            
+            self._done_first_block = False
+            self._done_last_block = False
+            self.IV = _getParameter('iv', 1, args, kwargs)
+            if not self.IV:
+                raise ValueError("MODE_OPENPGP requires an IV")
+            
+            # Instantiate a temporary cipher to process the IV
+            IV_cipher = factory.new(key, MODE_CFB,
+                    b('\x00')*self.block_size,      # IV for CFB
+                    segment_size=self.block_size*8)
+           
+            # The cipher will be used for...
+            if len(self.IV) == self.block_size:
+                # ... encryption
+                self._encrypted_IV = IV_cipher.encrypt(
+                    self.IV + self.IV[-2:] +        # Plaintext
+                    b('\x00')*(self.block_size-2)   # Padding
+                    )[:self.block_size+2]
+            elif len(self.IV) == self.block_size+2:
+                # ... decryption
+                self._encrypted_IV = self.IV
+                self.IV = IV_cipher.decrypt(self.IV +   # Ciphertext
+                    b('\x00')*(self.block_size-2)       # Padding
+                    )[:self.block_size+2]
+                if self.IV[-2:] != self.IV[-4:-2]:
+                    raise ValueError("Failed integrity check for OPENPGP IV")
+                self.IV = self.IV[:-2]
+            else:
+                raise ValueError("Length of IV must be %d or %d bytes for MODE_OPENPGP"
+                    % (self.block_size, self.block_size+2))
+
+            # Instantiate the cipher for the real PGP data
+            self._cipher = factory.new(key, MODE_CFB,
+                self._encrypted_IV[-self.block_size:],
+                segment_size=self.block_size*8)
+
+    def encrypt(self, plaintext):
+        """Encrypt data with the key and the parameters set at initialization.
+        
+        The cipher object is stateful; encryption of a long block
+        of data can be broken up in two or more calls to `encrypt()`.
+        That is, the statement:
+            
+            >>> c.encrypt(a) + c.encrypt(b)
+
+        is always equivalent to:
+
+             >>> c.encrypt(a+b)
+
+        That also means that you cannot reuse an object for encrypting
+        or decrypting other data with the same key.
+
+        This function does not perform any padding.
+       
+         - For `MODE_ECB`, `MODE_CBC`, and `MODE_OFB`, *plaintext* length
+           (in bytes) must be a multiple of *block_size*.
+
+         - For `MODE_CFB`, *plaintext* length (in bytes) must be a multiple
+           of *segment_size*/8.
+
+         - For `MODE_CTR`, *plaintext* can be of any length.
+
+         - For `MODE_OPENPGP`, *plaintext* must be a multiple of *block_size*,
+           unless it is the last chunk of the message.
+
+        :Parameters:
+          plaintext : byte string
+            The piece of data to encrypt.
+        :Return:
+            the encrypted data, as a byte string. It is as long as
+            *plaintext* with one exception: when encrypting the first message
+            chunk with `MODE_OPENPGP`, the encypted IV is prepended to the
+            returned ciphertext.
+        """
+
+        if self.mode == MODE_OPENPGP:
+            padding_length = (self.block_size - len(plaintext) % self.block_size) % self.block_size
+            if padding_length>0:
+                # CFB mode requires ciphertext to have length multiple of block size,
+                # but PGP mode allows the last block to be shorter
+                if self._done_last_block:
+                    raise ValueError("Only the last chunk is allowed to have length not multiple of %d bytes",
+                        self.block_size)
+                self._done_last_block = True
+                padded = plaintext + b('\x00')*padding_length
+                res = self._cipher.encrypt(padded)[:len(plaintext)]
+            else:
+                res = self._cipher.encrypt(plaintext)
+            if not self._done_first_block:
+                res = self._encrypted_IV + res
+                self._done_first_block = True
+            return res
+
+        return self._cipher.encrypt(plaintext)
+
+    def decrypt(self, ciphertext):
+        """Decrypt data with the key and the parameters set at initialization.
+        
+        The cipher object is stateful; decryption of a long block
+        of data can be broken up in two or more calls to `decrypt()`.
+        That is, the statement:
+            
+            >>> c.decrypt(a) + c.decrypt(b)
+
+        is always equivalent to:
+
+             >>> c.decrypt(a+b)
+
+        That also means that you cannot reuse an object for encrypting
+        or decrypting other data with the same key.
+
+        This function does not perform any padding.
+       
+         - For `MODE_ECB`, `MODE_CBC`, and `MODE_OFB`, *ciphertext* length
+           (in bytes) must be a multiple of *block_size*.
+
+         - For `MODE_CFB`, *ciphertext* length (in bytes) must be a multiple
+           of *segment_size*/8.
+
+         - For `MODE_CTR`, *ciphertext* can be of any length.
+
+         - For `MODE_OPENPGP`, *plaintext* must be a multiple of *block_size*,
+           unless it is the last chunk of the message.
+
+        :Parameters:
+          ciphertext : byte string
+            The piece of data to decrypt.
+        :Return: the decrypted data (byte string, as long as *ciphertext*).
+        """
+        if self.mode == MODE_OPENPGP:
+            padding_length = (self.block_size - len(ciphertext) % self.block_size) % self.block_size
+            if padding_length>0:
+                # CFB mode requires ciphertext to have length multiple of block size,
+                # but PGP mode allows the last block to be shorter
+                if self._done_last_block:
+                    raise ValueError("Only the last chunk is allowed to have length not multiple of %d bytes",
+                        self.block_size)
+                self._done_last_block = True
+                padded = ciphertext + b('\x00')*padding_length
+                res = self._cipher.decrypt(padded)[:len(ciphertext)]
+            else:
+                res = self._cipher.decrypt(ciphertext)
+            return res
+
+        return self._cipher.decrypt(ciphertext)
+
diff --git a/lib/Python/Lib/Crypto/Hash/HMAC.py b/lib/Python/Lib/Crypto/Hash/HMAC.py
new file mode 100644
index 000000000..6244db46f
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Hash/HMAC.py
@@ -0,0 +1,212 @@
+# HMAC.py - Implements the HMAC algorithm as described by RFC 2104.
+#
+# ===================================================================
+# Portions Copyright (c) 2001, 2002, 2003 Python Software Foundation;
+# All Rights Reserved
+#
+# This file contains code from the Python 2.2 hmac.py module (the
+# "Original Code"), with modifications made after it was incorporated
+# into PyCrypto (the "Modifications").
+#
+# To the best of our knowledge, the Python Software Foundation is the
+# copyright holder of the Original Code, and has licensed it under the
+# Python 2.2 license.  See the file LEGAL/copy/LICENSE.python-2.2 for
+# details.
+#
+# The Modifications to this file are dedicated to the public domain.
+# To the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.  No rights are
+# reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+
+"""HMAC (Hash-based Message Authentication Code) algorithm
+
+HMAC is a MAC defined in RFC2104_ and FIPS-198_ and constructed using
+a cryptograpic hash algorithm.
+It is usually named *HMAC-X*, where *X* is the hash algorithm; for
+instance *HMAC-SHA1* or *HMAC-MD5*.
+
+The strength of an HMAC depends on:
+
+ - the strength of the hash algorithm
+ - the length and entropy of the secret key
+
+An example of possible usage is the following:
+
+    >>> from Crypto.Hash import HMAC
+    >>>
+    >>> secret = b'Swordfish'
+    >>> h = HMAC.new(secret)
+    >>> h.update(b'Hello')
+    >>> print h.hexdigest()
+
+.. _RFC2104: http://www.ietf.org/rfc/rfc2104.txt
+.. _FIPS-198: http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf
+"""
+
+# This is just a copy of the Python 2.2 HMAC module, modified to work when
+# used on versions of Python before 2.2.
+
+__revision__ = "$Id$"
+
+__all__ = ['new', 'digest_size', 'HMAC' ]
+
+from Crypto.Util.strxor import strxor_c
+from Crypto.Util.py3compat import *
+
+#: The size of the authentication tag produced by the MAC.
+#: It matches the digest size on the underlying
+#: hashing module used.
+digest_size = None
+
+class HMAC:
+    """Class that implements HMAC"""
+
+    #: The size of the authentication tag produced by the MAC.
+    #: It matches the digest size on the underlying
+    #: hashing module used.
+    digest_size = None
+    
+    def __init__(self, key, msg = None, digestmod = None):
+        """Create a new HMAC object.
+
+        :Parameters:
+          key : byte string
+            secret key for the MAC object.
+            It must be long enough to match the expected security level of the
+            MAC. However, there is no benefit in using keys longer than the
+            `digest_size` of the underlying hash algorithm.
+          msg : byte string
+            The very first chunk of the message to authenticate.
+            It is equivalent to an early call to `update()`. Optional.
+        :Parameter digestmod:
+            The hash algorithm the HMAC is based on.
+            Default is `Crypto.Hash.MD5`.
+        :Type digestmod:
+            A hash module or object instantiated from `Crypto.Hash`
+        """
+        if digestmod is None:
+            import MD5
+            digestmod = MD5
+
+        self.digestmod = digestmod
+        self.outer = digestmod.new()
+        self.inner = digestmod.new()
+        try:
+            self.digest_size = digestmod.digest_size
+        except AttributeError:
+            self.digest_size = len(self.outer.digest())
+
+        try:
+            # The block size is 128 bytes for SHA384 and SHA512 and 64 bytes
+            # for the others hash function
+            blocksize = digestmod.block_size
+        except AttributeError:
+            blocksize = 64
+
+        ipad = 0x36
+        opad = 0x5C
+
+        if len(key) > blocksize:
+            key = digestmod.new(key).digest()
+
+        key = key + bchr(0) * (blocksize - len(key))
+        self.outer.update(strxor_c(key, opad))
+        self.inner.update(strxor_c(key, ipad))
+        if (msg):
+            self.update(msg)
+
+    def update(self, msg):
+        """Continue authentication of a message by consuming the next chunk of data.
+        
+        Repeated calls are equivalent to a single call with the concatenation
+        of all the arguments. In other words:
+
+           >>> m.update(a); m.update(b)
+           
+        is equivalent to:
+        
+           >>> m.update(a+b)
+
+        :Parameters:
+          msg : byte string
+            The next chunk of the message being authenticated
+        """
+ 
+        self.inner.update(msg)
+
+    def copy(self):
+        """Return a copy ("clone") of the MAC object.
+
+        The copy will have the same internal state as the original MAC
+        object.
+        This can be used to efficiently compute the MAC of strings that
+        share a common initial substring.
+
+        :Returns: An `HMAC` object
+        """
+        other = HMAC(b(""))
+        other.digestmod = self.digestmod
+        other.inner = self.inner.copy()
+        other.outer = self.outer.copy()
+        return other
+
+    def digest(self):
+        """Return the **binary** (non-printable) MAC of the message that has
+        been authenticated so far.
+
+        This method does not change the state of the MAC object.
+        You can continue updating the object after calling this function.
+        
+        :Return: A byte string of `digest_size` bytes. It may contain non-ASCII
+         characters, including null bytes.
+        """
+        h = self.outer.copy()
+        h.update(self.inner.digest())
+        return h.digest()
+
+    def hexdigest(self):
+        """Return the **printable** MAC of the message that has been
+        authenticated so far.
+
+        This method does not change the state of the MAC object.
+        
+        :Return: A string of 2* `digest_size` bytes. It contains only
+         hexadecimal ASCII digits.
+        """
+        return "".join(["%02x" % bord(x)
+                  for x in tuple(self.digest())])
+
+def new(key, msg = None, digestmod = None):
+    """Create a new HMAC object.
+
+    :Parameters:
+      key : byte string
+        key for the MAC object.
+        It must be long enough to match the expected security level of the
+        MAC. However, there is no benefit in using keys longer than the
+        `digest_size` of the underlying hash algorithm.
+      msg : byte string
+        The very first chunk of the message to authenticate.
+        It is equivalent to an early call to `HMAC.update()`.
+        Optional.
+    :Parameter digestmod:
+        The hash to use to implement the HMAC. Default is `Crypto.Hash.MD5`.
+    :Type digestmod:
+        A hash module or instantiated object from `Crypto.Hash`
+    :Returns: An `HMAC` object
+    """
+    return HMAC(key, msg, digestmod)
+
diff --git a/lib/Python/Lib/Crypto/Hash/MD2.py b/lib/Python/Lib/Crypto/Hash/MD2.py
new file mode 100644
index 000000000..dac959e44
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Hash/MD2.py
@@ -0,0 +1,91 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""MD2 cryptographic hash algorithm.
+
+MD2 is specified in RFC1319_ and it produces the 128 bit digest of a message.
+
+    >>> from Crypto.Hash import MD2
+    >>>
+    >>> h = MD2.new()
+    >>> h.update(b'Hello')
+    >>> print h.hexdigest()
+
+MD2 stand for Message Digest version 2, and it was invented by Rivest in 1989.
+
+This algorithm is both slow and insecure. Do not use it for new designs.
+
+.. _RFC1319: http://tools.ietf.org/html/rfc1319
+"""
+
+_revision__ = "$Id$"
+
+__all__ = ['new', 'digest_size', 'MD2Hash' ]
+
+from Crypto.Util.py3compat import *
+from Crypto.Hash.hashalgo import HashAlgo
+
+import Crypto.Hash._MD2 as _MD2
+hashFactory = _MD2
+
+class MD2Hash(HashAlgo):
+    """Class that implements an MD2 hash
+    
+    :undocumented: block_size
+    """
+
+    #: ASN.1 Object identifier (OID)::
+    #:
+    #:  id-md2 OBJECT IDENTIFIER ::= {
+    #:      iso(1) member-body(2) us(840) rsadsi(113549)
+    #:       digestAlgorithm(2) 2
+    #:  }
+    #:
+    #: This value uniquely identifies the MD2 algorithm.
+    oid = b('\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x02')
+
+    digest_size = 16
+    block_size = 16
+
+    def __init__(self, data=None):
+        HashAlgo.__init__(self, hashFactory, data)
+
+    def new(self, data=None):
+        return MD2Hash(data)
+
+def new(data=None):
+    """Return a fresh instance of the hash object.
+
+    :Parameters:
+       data : byte string
+        The very first chunk of the message to hash.
+        It is equivalent to an early call to `MD2Hash.update()`.
+        Optional.
+
+    :Return: An `MD2Hash` object
+    """
+    return MD2Hash().new(data)
+
+#: The size of the resulting hash in bytes.
+digest_size = MD2Hash.digest_size
+
+#: The internal block size of the hash algorithm in bytes.
+block_size = MD2Hash.block_size
+
diff --git a/lib/Python/Lib/Crypto/Hash/MD4.py b/lib/Python/Lib/Crypto/Hash/MD4.py
new file mode 100644
index 000000000..e28a2011d
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Hash/MD4.py
@@ -0,0 +1,91 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""MD4 cryptographic hash algorithm.
+
+MD4 is specified in RFC1320_ and produces the 128 bit digest of a message.
+
+    >>> from Crypto.Hash import MD4
+    >>>
+    >>> h = MD4.new()
+    >>> h.update(b'Hello')
+    >>> print h.hexdigest()
+
+MD4 stand for Message Digest version 4, and it was invented by Rivest in 1990.
+
+This algorithm is insecure. Do not use it for new designs.
+
+.. _RFC1320: http://tools.ietf.org/html/rfc1320
+"""
+
+_revision__ = "$Id$"
+
+__all__ = ['new', 'digest_size', 'MD4Hash' ]
+
+from Crypto.Util.py3compat import *
+from Crypto.Hash.hashalgo import HashAlgo
+
+import Crypto.Hash._MD4 as _MD4
+hashFactory = _MD4
+
+class MD4Hash(HashAlgo):
+    """Class that implements an MD4 hash
+    
+    :undocumented: block_size
+    """
+
+    #: ASN.1 Object identifier (OID)::
+    #:
+    #:  id-md2 OBJECT IDENTIFIER ::= {
+    #:      iso(1) member-body(2) us(840) rsadsi(113549)
+    #:       digestAlgorithm(2) 4
+    #:  }
+    #:
+    #: This value uniquely identifies the MD4 algorithm.
+    oid = b('\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x04')
+
+    digest_size = 16
+    block_size = 64
+
+    def __init__(self, data=None):
+        HashAlgo.__init__(self, hashFactory, data)
+
+    def new(self, data=None):
+        return MD4Hash(data)
+
+def new(data=None):
+    """Return a fresh instance of the hash object.
+
+    :Parameters:
+       data : byte string
+        The very first chunk of the message to hash.
+        It is equivalent to an early call to `MD4Hash.update()`.
+        Optional.
+
+    :Return: A `MD4Hash` object
+    """
+    return MD4Hash().new(data)
+
+#: The size of the resulting hash in bytes.
+digest_size = MD4Hash.digest_size
+
+#: The internal block size of the hash algorithm in bytes.
+block_size = MD4Hash.block_size
+
diff --git a/lib/Python/Lib/Crypto/Hash/MD5.py b/lib/Python/Lib/Crypto/Hash/MD5.py
new file mode 100644
index 000000000..18e9e7bf6
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Hash/MD5.py
@@ -0,0 +1,97 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""MD5 cryptographic hash algorithm.
+
+MD5 is specified in RFC1321_ and produces the 128 bit digest of a message.
+
+    >>> from Crypto.Hash import MD5
+    >>>
+    >>> h = MD5.new()
+    >>> h.update(b'Hello')
+    >>> print h.hexdigest()
+
+MD5 stand for Message Digest version 5, and it was invented by Rivest in 1991.
+
+This algorithm is insecure. Do not use it for new designs.
+
+.. _RFC1321: http://tools.ietf.org/html/rfc1321 
+"""
+
+_revision__ = "$Id$"
+
+__all__ = ['new', 'digest_size', 'MD5Hash' ]
+
+from Crypto.Util.py3compat import *
+from Crypto.Hash.hashalgo import HashAlgo
+
+try:
+    # The md5 module is deprecated in Python 2.6, so use hashlib when possible.
+    import hashlib
+    hashFactory = hashlib.md5
+
+except ImportError:
+    import md5
+    hashFactory = md5
+
+class MD5Hash(HashAlgo):
+    """Class that implements an MD5 hash
+    
+    :undocumented: block_size
+    """
+
+    #: ASN.1 Object identifier (OID)::
+    #:
+    #:  id-md5      OBJECT IDENTIFIER ::= {
+    #:      iso(1) member-body(2) us(840) rsadsi(113549)
+    #:       digestAlgorithm(2) 5
+    #:  }
+    #:
+    #: This value uniquely identifies the MD5 algorithm.
+    oid = b('\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05')
+
+    digest_size = 16
+    block_size = 64
+
+    def __init__(self, data=None):
+        HashAlgo.__init__(self, hashFactory, data)
+
+    def new(self, data=None):
+        return MD5Hash(data)
+
+def new(data=None):
+    """Return a fresh instance of the hash object.
+
+    :Parameters:
+       data : byte string
+        The very first chunk of the message to hash.
+        It is equivalent to an early call to `MD5Hash.update()`.
+        Optional.
+
+    :Return: A `MD5Hash` object
+    """
+    return MD5Hash().new(data)
+
+#: The size of the resulting hash in bytes.
+digest_size = MD5Hash.digest_size
+
+#: The internal block size of the hash algorithm in bytes.
+block_size = MD5Hash.block_size
+
diff --git a/lib/Python/Lib/Crypto/Hash/RIPEMD.py b/lib/Python/Lib/Crypto/Hash/RIPEMD.py
new file mode 100644
index 000000000..33099cb8c
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Hash/RIPEMD.py
@@ -0,0 +1,94 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""RIPEMD-160 cryptographic hash algorithm.
+
+RIPEMD-160_ produces the 160 bit digest of a message.
+
+    >>> from Crypto.Hash import RIPEMD
+    >>>
+    >>> h = RIPEMD.new()
+    >>> h.update(b'Hello')
+    >>> print h.hexdigest()
+
+RIPEMD-160 stands for RACE Integrity Primitives Evaluation Message Digest
+with a 160 bit digest. It was invented by Dobbertin, Bosselaers, and Preneel.
+
+This algorithm is considered secure, although it has not been scrutinized as
+extensively as SHA-1. Moreover, it provides an informal security level of just
+80bits.
+
+.. _RIPEMD-160: http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
+"""
+
+_revision__ = "$Id$"
+
+__all__ = ['new', 'digest_size', 'RIPEMD160Hash' ]
+
+from Crypto.Util.py3compat import *
+from Crypto.Hash.hashalgo import HashAlgo
+
+import Crypto.Hash._RIPEMD160 as _RIPEMD160
+hashFactory = _RIPEMD160
+
+class RIPEMD160Hash(HashAlgo):
+    """Class that implements a RIPMD-160 hash
+    
+    :undocumented: block_size
+    """
+
+    #: ASN.1 Object identifier (OID)::
+    #:
+    #:  id-ripemd160 OBJECT IDENTIFIER ::= {
+    #:      iso(1) identified-organization(3) teletrust(36)
+    #:       algorithm(3) hashAlgorithm(2) ripemd160(1)
+    #:  }
+    #:
+    #: This value uniquely identifies the RIPMD-160 algorithm.
+    oid = b("\x06\x05\x2b\x24\x03\x02\x01")
+
+    digest_size = 20
+    block_size = 64
+
+    def __init__(self, data=None):
+        HashAlgo.__init__(self, hashFactory, data)
+
+    def new(self, data=None):
+        return RIPEMD160Hash(data)
+
+def new(data=None):
+    """Return a fresh instance of the hash object.
+
+    :Parameters:
+       data : byte string
+        The very first chunk of the message to hash.
+        It is equivalent to an early call to `RIPEMD160Hash.update()`.
+        Optional.
+
+    :Return: A `RIPEMD160Hash` object
+    """
+    return RIPEMD160Hash().new(data)
+
+#: The size of the resulting hash in bytes.
+digest_size = RIPEMD160Hash.digest_size
+
+#: The internal block size of the hash algorithm in bytes.
+block_size = RIPEMD160Hash.block_size
+
diff --git a/lib/Python/Lib/Crypto/Hash/SHA.py b/lib/Python/Lib/Crypto/Hash/SHA.py
new file mode 100644
index 000000000..0bc591705
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Hash/SHA.py
@@ -0,0 +1,98 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""SHA-1 cryptographic hash algorithm.
+
+SHA-1_ produces the 160 bit digest of a message.
+
+    >>> from Crypto.Hash import SHA
+    >>>
+    >>> h = SHA.new()
+    >>> h.update(b'Hello')
+    >>> print h.hexdigest()
+
+*SHA* stands for Secure Hash Algorithm.
+
+This algorithm is not considered secure. Do not use it for new designs.
+
+.. _SHA-1: http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
+"""
+
+_revision__ = "$Id$"
+
+__all__ = ['new', 'digest_size', 'SHA1Hash' ]
+
+from Crypto.Util.py3compat import *
+from Crypto.Hash.hashalgo import HashAlgo
+
+try:
+    # The sha module is deprecated in Python 2.6, so use hashlib when possible.
+    import hashlib
+    hashFactory = hashlib.sha1
+
+except ImportError:
+    import sha
+    hashFactory = sha
+
+class SHA1Hash(HashAlgo):
+    """Class that implements a SHA-1 hash
+    
+    :undocumented: block_size
+    """
+
+    #: ASN.1 Object identifier (OID)::
+    #:
+    #:  id-sha1    OBJECT IDENTIFIER ::= {
+    #:      iso(1) identified-organization(3) oiw(14) secsig(3)
+    #:       algorithms(2) 26
+    #:  }
+    #:
+    #: This value uniquely identifies the SHA-1 algorithm.
+    oid = b('\x06\x05\x2b\x0e\x03\x02\x1a')
+
+    digest_size = 20
+    block_size = 64
+
+    def __init__(self, data=None):
+        HashAlgo.__init__(self, hashFactory, data)
+
+    def new(self, data=None):
+        return SHA1Hash(data)
+
+def new(data=None):
+    """Return a fresh instance of the hash object.
+
+    :Parameters:
+       data : byte string
+        The very first chunk of the message to hash.
+        It is equivalent to an early call to `SHA1Hash.update()`.
+        Optional.
+
+    :Return: A `SHA1Hash` object
+    """
+    return SHA1Hash().new(data)
+
+#: The size of the resulting hash in bytes.
+digest_size = SHA1Hash.digest_size
+
+#: The internal block size of the hash algorithm in bytes.
+block_size = SHA1Hash.block_size
+
+
diff --git a/lib/Python/Lib/Crypto/Hash/SHA224.py b/lib/Python/Lib/Crypto/Hash/SHA224.py
new file mode 100644
index 000000000..959b56daf
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Hash/SHA224.py
@@ -0,0 +1,95 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""SHA-224 cryptographic hash algorithm.
+
+SHA-224 belongs to the SHA-2_ family of cryptographic hashes.
+It produces the 224 bit digest of a message.
+
+    >>> from Crypto.Hash import SHA224
+    >>>
+    >>> h = SHA224.new()
+    >>> h.update(b'Hello')
+    >>> print h.hexdigest()
+
+*SHA* stands for Secure Hash Algorithm.
+
+.. _SHA-2: http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
+"""
+
+_revision__ = "$Id$"
+
+__all__ = ['new', 'digest_size', 'SHA224Hash' ]
+
+from Crypto.Util.py3compat import *
+from Crypto.Hash.hashalgo import HashAlgo
+
+try:
+    import hashlib
+    hashFactory = hashlib.sha224
+
+except ImportError:
+    from Crypto.Hash import _SHA224
+    hashFactory = _SHA224
+
+class SHA224Hash(HashAlgo):
+    """Class that implements a SHA-224 hash
+    
+    :undocumented: block_size
+    """
+
+    #: ASN.1 Object identifier (OID)::
+    #:
+    #:  id-sha224    OBJECT IDENTIFIER ::= {
+    #:      joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3)
+    #:      nistalgorithm(4) hashalgs(2) 4
+    #:  }
+    #:
+    #: This value uniquely identifies the SHA-224 algorithm.
+    oid = b('\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x04')
+
+    digest_size = 28
+    block_size = 64
+
+    def __init__(self, data=None):
+        HashAlgo.__init__(self, hashFactory, data)
+
+    def new(self, data=None):
+        return SHA224Hash(data)
+
+def new(data=None):
+    """Return a fresh instance of the hash object.
+
+    :Parameters:
+       data : byte string
+        The very first chunk of the message to hash.
+        It is equivalent to an early call to `SHA224Hash.update()`.
+        Optional.
+
+    :Return: A `SHA224Hash` object
+    """
+    return SHA224Hash().new(data)
+
+#: The size of the resulting hash in bytes.
+digest_size = SHA224Hash.digest_size
+
+#: The internal block size of the hash algorithm in bytes.
+block_size = SHA224Hash.block_size
+
diff --git a/lib/Python/Lib/Crypto/Hash/SHA256.py b/lib/Python/Lib/Crypto/Hash/SHA256.py
new file mode 100644
index 000000000..b0a99b31a
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Hash/SHA256.py
@@ -0,0 +1,95 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""SHA-256 cryptographic hash algorithm.
+
+SHA-256 belongs to the SHA-2_ family of cryptographic hashes.
+It produces the 256 bit digest of a message.
+
+    >>> from Crypto.Hash import SHA256
+    >>>
+    >>> h = SHA256.new()
+    >>> h.update(b'Hello')
+    >>> print h.hexdigest()
+
+*SHA* stands for Secure Hash Algorithm.
+
+.. _SHA-2: http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
+"""
+
+_revision__ = "$Id$"
+
+__all__ = ['new', 'digest_size', 'SHA256Hash' ]
+
+from Crypto.Util.py3compat import *
+from Crypto.Hash.hashalgo import HashAlgo
+
+try:
+    import hashlib
+    hashFactory = hashlib.sha256
+
+except ImportError:
+    from Crypto.Hash import _SHA256
+    hashFactory = _SHA256
+
+class SHA256Hash(HashAlgo):
+    """Class that implements a SHA-256 hash
+    
+    :undocumented: block_size
+    """
+
+    #: ASN.1 Object identifier (OID)::
+    #:
+    #:  id-sha256    OBJECT IDENTIFIER ::= {
+    #: 	    joint-iso-itu-t(2) country(16) us(840) organization(1)
+    #: 	     gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1
+    #:  }
+    #:
+    #: This value uniquely identifies the SHA-256 algorithm.
+    oid = b('\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01')
+
+    digest_size = 32
+    block_size = 64
+
+    def __init__(self, data=None):
+        HashAlgo.__init__(self, hashFactory, data)
+
+    def new(self, data=None):
+        return SHA256Hash(data)
+
+def new(data=None):
+    """Return a fresh instance of the hash object.
+
+    :Parameters:
+       data : byte string
+        The very first chunk of the message to hash.
+        It is equivalent to an early call to `SHA256Hash.update()`.
+        Optional.
+
+    :Return: A `SHA256Hash` object
+    """
+    return SHA256Hash().new(data)
+
+#: The size of the resulting hash in bytes.
+digest_size = SHA256Hash.digest_size
+
+#: The internal block size of the hash algorithm in bytes.
+block_size = SHA256Hash.block_size
+
diff --git a/lib/Python/Lib/Crypto/Hash/SHA384.py b/lib/Python/Lib/Crypto/Hash/SHA384.py
new file mode 100644
index 000000000..3490b021e
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Hash/SHA384.py
@@ -0,0 +1,96 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""SHA-384 cryptographic hash algorithm.
+
+SHA-384 belongs to the SHA-2_ family of cryptographic hashes.
+It produces the 384 bit digest of a message.
+
+    >>> from Crypto.Hash import SHA384
+    >>>
+    >>> h = SHA384.new()
+    >>> h.update(b'Hello')
+    >>> print h.hexdigest()
+
+*SHA* stands for Secure Hash Algorithm.
+
+.. _SHA-2: http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
+"""
+
+_revision__ = "$Id$"
+
+__all__ = ['new', 'digest_size', 'SHA384Hash' ]
+
+from Crypto.Util.py3compat import *
+from Crypto.Hash.hashalgo import HashAlgo
+
+try:
+    import hashlib
+    hashFactory = hashlib.sha384
+
+except ImportError:
+    from Crypto.Hash import _SHA384
+    hashFactory = _SHA384
+
+class SHA384Hash(HashAlgo):
+    """Class that implements a SHA-384 hash
+    
+    :undocumented: block_size
+    """
+
+    #: ASN.1 Object identifier (OID)::
+    #:
+    #:  id-sha384    OBJECT IDENTIFIER ::= {
+    #:      joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3)
+    #:	     nistalgorithm(4) hashalgs(2) 2
+    #:  }
+    #:
+    #: This value uniquely identifies the SHA-384 algorithm.
+    oid = b('\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02')
+
+    digest_size = 48
+    block_size = 128
+
+    def __init__(self, data=None):
+        HashAlgo.__init__(self, hashFactory, data)
+
+    def new(self, data=None):
+        return SHA384Hash(data)
+
+def new(data=None):
+    """Return a fresh instance of the hash object.
+
+    :Parameters:
+       data : byte string
+        The very first chunk of the message to hash.
+        It is equivalent to an early call to `SHA384Hash.update()`.
+        Optional.
+
+    :Return: A `SHA384Hash` object
+    """
+    return SHA384Hash().new(data)
+
+#: The size of the resulting hash in bytes.
+digest_size = SHA384Hash.digest_size
+
+#: The internal block size of the hash algorithm in bytes.
+block_size = SHA384Hash.block_size
+
+
diff --git a/lib/Python/Lib/Crypto/Hash/SHA512.py b/lib/Python/Lib/Crypto/Hash/SHA512.py
new file mode 100644
index 000000000..d57548d35
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Hash/SHA512.py
@@ -0,0 +1,95 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""SHA-512 cryptographic hash algorithm.
+
+SHA-512 belongs to the SHA-2_ family of cryptographic hashes.
+It produces the 512 bit digest of a message.
+
+    >>> from Crypto.Hash import SHA512
+    >>>
+    >>> h = SHA512.new()
+    >>> h.update(b'Hello')
+    >>> print h.hexdigest()
+
+*SHA* stands for Secure Hash Algorithm.
+
+.. _SHA-2: http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
+"""
+
+_revision__ = "$Id$"
+
+__all__ = ['new', 'digest_size', 'SHA512Hash' ]
+
+from Crypto.Util.py3compat import *
+from Crypto.Hash.hashalgo import HashAlgo
+
+try:
+    import hashlib
+    hashFactory = hashlib.sha512
+
+except ImportError:
+    from Crypto.Hash import _SHA512
+    hashFactory = _SHA512
+
+class SHA512Hash(HashAlgo):
+    """Class that implements a SHA-512 hash
+    
+    :undocumented: block_size
+    """
+
+    #: ASN.1 Object identifier (OID)::
+    #:
+    #:  id-sha512    OBJECT IDENTIFIER ::= {
+    #:	    joint-iso-itu-t(2)
+    #:	    country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3
+    #:  }
+    #:
+    #: This value uniquely identifies the SHA-512 algorithm.
+    oid = b('\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03')
+
+    digest_size = 64
+    block_size = 128
+
+    def __init__(self, data=None):
+        HashAlgo.__init__(self, hashFactory, data)
+
+    def new(self, data=None):
+        return SHA512Hash(data)
+
+def new(data=None):
+    """Return a fresh instance of the hash object.
+
+    :Parameters:
+       data : byte string
+        The very first chunk of the message to hash.
+        It is equivalent to an early call to `SHA512Hash.update()`.
+        Optional.
+
+    :Return: A `SHA512Hash` object
+    """
+    return SHA512Hash().new(data)
+
+#: The size of the resulting hash in bytes.
+digest_size = SHA512Hash.digest_size
+
+#: The internal block size of the hash algorithm in bytes.
+block_size = SHA512Hash.block_size
+
diff --git a/lib/Python/Lib/Crypto/Hash/__init__.py b/lib/Python/Lib/Crypto/Hash/__init__.py
new file mode 100644
index 000000000..4582c663d
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Hash/__init__.py
@@ -0,0 +1,56 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Hashing algorithms
+
+Hash functions take arbitrary binary strings as input, and produce a random-like output
+of fixed size that is dependent on the input; it should be practically infeasible 
+to derive the original input data given only the hash function's
+output. In other words, the hash function is *one-way*.
+
+It should also not be practically feasible to find a second piece of data
+(a *second pre-image*) whose hash is the same as the original message
+(*weak collision resistance*).
+
+Finally, it should not be feasible to find two arbitrary messages with the
+same hash (*strong collision resistance*).
+
+The output of the hash function is called the *digest* of the input message.
+In general, the security of a hash function is related to the length of the
+digest. If the digest is *n* bits long, its security level is roughly comparable
+to the the one offered by an *n/2* bit encryption algorithm.
+
+Hash functions can be used simply as a integrity check, or, in
+association with a public-key algorithm, can be used to implement
+digital signatures.
+
+The hashing modules here all support the interface described in `PEP
+247`_ , "API for Cryptographic Hash Functions". 
+
+.. _`PEP 247` : http://www.python.org/dev/peps/pep-0247/
+
+:undocumented: _MD2, _MD4, _RIPEMD160, _SHA224, _SHA256, _SHA384, _SHA512
+"""
+
+__all__ = ['HMAC', 'MD2', 'MD4', 'MD5', 'RIPEMD', 'SHA',
+           'SHA224', 'SHA256', 'SHA384', 'SHA512']
+__revision__ = "$Id$"
+
+
diff --git a/lib/Python/Lib/Crypto/Hash/hashalgo.py b/lib/Python/Lib/Crypto/Hash/hashalgo.py
new file mode 100644
index 000000000..b38b3a6c1
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Hash/hashalgo.py
@@ -0,0 +1,116 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+from binascii import hexlify
+
+class HashAlgo:
+    """A generic class for an abstract cryptographic hash algorithm.
+    
+    :undocumented: block_size
+    """
+
+    #: The size of the resulting hash in bytes.
+    digest_size = None
+    #: The internal block size of the hash algorithm in bytes.
+    block_size = None
+
+    def __init__(self, hashFactory, data=None):
+        """Initialize the hash object.
+
+        :Parameters:
+         hashFactory : callable
+            An object that will generate the actual hash implementation.
+            *hashFactory* must have a *new()* method, or must be directly
+            callable.
+         data : byte string
+            The very first chunk of the message to hash.
+            It is equivalent to an early call to `update()`.
+        """
+        if hasattr(hashFactory, 'new'):
+            self._hash = hashFactory.new()
+        else:
+            self._hash = hashFactory()
+        if data:
+            self.update(data)
+
+    def update(self, data):
+        """Continue hashing of a message by consuming the next chunk of data.
+        
+        Repeated calls are equivalent to a single call with the concatenation
+        of all the arguments. In other words:
+
+           >>> m.update(a); m.update(b)
+           
+        is equivalent to:
+        
+           >>> m.update(a+b)
+
+        :Parameters:
+          data : byte string
+            The next chunk of the message being hashed.
+        """
+        return self._hash.update(data)
+
+    def digest(self):
+        """Return the **binary** (non-printable) digest of the message that has been hashed so far.
+
+        This method does not change the state of the hash object.
+        You can continue updating the object after calling this function.
+        
+        :Return: A byte string of `digest_size` bytes. It may contain non-ASCII
+         characters, including null bytes.
+        """
+        return self._hash.digest()
+
+    def hexdigest(self):
+        """Return the **printable** digest of the message that has been hashed so far.
+
+        This method does not change the state of the hash object.
+        
+        :Return: A string of 2* `digest_size` characters. It contains only
+         hexadecimal ASCII digits.
+        """
+        return self._hash.hexdigest()
+
+    def copy(self):
+        """Return a copy ("clone") of the hash object.
+
+        The copy will have the same internal state as the original hash
+        object.
+        This can be used to efficiently compute the digests of strings that
+        share a common initial substring.
+
+        :Return: A hash object of the same type
+        """
+        return self._hash.copy()
+
+    def new(self, data=None):
+        """Return a fresh instance of the hash object.
+
+        Unlike the `copy` method, the internal state of the object is empty.
+
+        :Parameters:
+          data : byte string
+            The next chunk of the message being hashed.
+
+        :Return: A hash object of the same type
+        """
+        pass
+
diff --git a/lib/Python/Lib/Crypto/Protocol/AllOrNothing.py b/lib/Python/Lib/Crypto/Protocol/AllOrNothing.py
new file mode 100644
index 000000000..acc92d5cd
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Protocol/AllOrNothing.py
@@ -0,0 +1,319 @@
+#
+#  AllOrNothing.py : all-or-nothing package transformations
+#
+# Part of the Python Cryptography Toolkit
+#
+# Written by Andrew M. Kuchling and others
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""This file implements all-or-nothing package transformations.
+
+An all-or-nothing package transformation is one in which some text is
+transformed into message blocks, such that all blocks must be obtained before
+the reverse transformation can be applied.  Thus, if any blocks are corrupted
+or lost, the original message cannot be reproduced.
+
+An all-or-nothing package transformation is not encryption, although a block
+cipher algorithm is used.  The encryption key is randomly generated and is
+extractable from the message blocks.
+
+This class implements the All-Or-Nothing package transformation algorithm
+described in:
+
+Ronald L. Rivest.  "All-Or-Nothing Encryption and The Package Transform"
+http://theory.lcs.mit.edu/~rivest/fusion.pdf
+
+"""
+
+__revision__ = "$Id$"
+
+import operator
+import sys
+from Crypto.Util.number import bytes_to_long, long_to_bytes
+from Crypto.Util.py3compat import *
+
+def isInt(x):
+    test = 0
+    try:
+        test += x
+    except TypeError:
+        return 0
+    return 1
+
+class AllOrNothing:
+    """Class implementing the All-or-Nothing package transform.
+
+    Methods for subclassing:
+
+        _inventkey(key_size):
+            Returns a randomly generated key.  Subclasses can use this to
+            implement better random key generating algorithms.  The default
+            algorithm is probably not very cryptographically secure.
+
+    """
+
+    def __init__(self, ciphermodule, mode=None, IV=None):
+        """AllOrNothing(ciphermodule, mode=None, IV=None)
+
+        ciphermodule is a module implementing the cipher algorithm to
+        use.  It must provide the PEP272 interface.
+
+        Note that the encryption key is randomly generated
+        automatically when needed.  Optional arguments mode and IV are
+        passed directly through to the ciphermodule.new() method; they
+        are the feedback mode and initialization vector to use.  All
+        three arguments must be the same for the object used to create
+        the digest, and to undigest'ify the message blocks.
+        """
+
+        self.__ciphermodule = ciphermodule
+        self.__mode = mode
+        self.__IV = IV
+        self.__key_size = ciphermodule.key_size
+        if not isInt(self.__key_size) or self.__key_size==0:
+            self.__key_size = 16
+
+    __K0digit = bchr(0x69)
+
+    def digest(self, text):
+        """digest(text:string) : [string]
+
+        Perform the All-or-Nothing package transform on the given
+        string.  Output is a list of message blocks describing the
+        transformed text, where each block is a string of bit length equal
+        to the ciphermodule's block_size.
+        """
+
+        # generate a random session key and K0, the key used to encrypt the
+        # hash blocks.  Rivest calls this a fixed, publically-known encryption
+        # key, but says nothing about the security implications of this key or
+        # how to choose it.
+        key = self._inventkey(self.__key_size)
+        K0 = self.__K0digit * self.__key_size
+
+        # we need two cipher objects here, one that is used to encrypt the
+        # message blocks and one that is used to encrypt the hashes.  The
+        # former uses the randomly generated key, while the latter uses the
+        # well-known key.
+        mcipher = self.__newcipher(key)
+        hcipher = self.__newcipher(K0)
+
+        # Pad the text so that its length is a multiple of the cipher's
+        # block_size.  Pad with trailing spaces, which will be eliminated in
+        # the undigest() step.
+        block_size = self.__ciphermodule.block_size
+        padbytes = block_size - (len(text) % block_size)
+        text = text + b(' ') * padbytes
+
+        # Run through the algorithm:
+        # s: number of message blocks (size of text / block_size)
+        # input sequence: m1, m2, ... ms
+        # random key K' (`key' in the code)
+        # Compute output sequence: m'1, m'2, ... m's' for s' = s + 1
+        # Let m'i = mi ^ E(K', i) for i = 1, 2, 3, ..., s
+        # Let m's' = K' ^ h1 ^ h2 ^ ... hs
+        # where hi = E(K0, m'i ^ i) for i = 1, 2, ... s
+        #
+        # The one complication I add is that the last message block is hard
+        # coded to the number of padbytes added, so that these can be stripped
+        # during the undigest() step
+        s = divmod(len(text), block_size)[0]
+        blocks = []
+        hashes = []
+        for i in range(1, s+1):
+            start = (i-1) * block_size
+            end = start + block_size
+            mi = text[start:end]
+            assert len(mi) == block_size
+            cipherblock = mcipher.encrypt(long_to_bytes(i, block_size))
+            mticki = bytes_to_long(mi) ^ bytes_to_long(cipherblock)
+            blocks.append(mticki)
+            # calculate the hash block for this block
+            hi = hcipher.encrypt(long_to_bytes(mticki ^ i, block_size))
+            hashes.append(bytes_to_long(hi))
+
+        # Add the padbytes length as a message block
+        i = i + 1
+        cipherblock = mcipher.encrypt(long_to_bytes(i, block_size))
+        mticki = padbytes ^ bytes_to_long(cipherblock)
+        blocks.append(mticki)
+
+        # calculate this block's hash
+        hi = hcipher.encrypt(long_to_bytes(mticki ^ i, block_size))
+        hashes.append(bytes_to_long(hi))
+
+        # Now calculate the last message block of the sequence 1..s'.  This
+        # will contain the random session key XOR'd with all the hash blocks,
+        # so that for undigest(), once all the hash blocks are calculated, the
+        # session key can be trivially extracted.  Calculating all the hash
+        # blocks requires that all the message blocks be received, thus the
+        # All-or-Nothing algorithm succeeds.
+        mtick_stick = bytes_to_long(key) ^ reduce(operator.xor, hashes)
+        blocks.append(mtick_stick)
+
+        # we convert the blocks to strings since in Python, byte sequences are
+        # always represented as strings.  This is more consistent with the
+        # model that encryption and hash algorithms always operate on strings.
+        return [long_to_bytes(i,self.__ciphermodule.block_size) for i in blocks]
+
+
+    def undigest(self, blocks):
+        """undigest(blocks : [string]) : string
+
+        Perform the reverse package transformation on a list of message
+        blocks.  Note that the ciphermodule used for both transformations
+        must be the same.  blocks is a list of strings of bit length
+        equal to the ciphermodule's block_size.
+        """
+
+        # better have at least 2 blocks, for the padbytes package and the hash
+        # block accumulator
+        if len(blocks) < 2:
+            raise ValueError, "List must be at least length 2."
+
+        # blocks is a list of strings.  We need to deal with them as long
+        # integers
+        blocks = map(bytes_to_long, blocks)
+
+        # Calculate the well-known key, to which the hash blocks are
+        # encrypted, and create the hash cipher.
+        K0 = self.__K0digit * self.__key_size
+        hcipher = self.__newcipher(K0)
+        block_size = self.__ciphermodule.block_size
+
+        # Since we have all the blocks (or this method would have been called
+        # prematurely), we can calculate all the hash blocks.
+        hashes = []
+        for i in range(1, len(blocks)):
+            mticki = blocks[i-1] ^ i
+            hi = hcipher.encrypt(long_to_bytes(mticki, block_size))
+            hashes.append(bytes_to_long(hi))
+
+        # now we can calculate K' (key).  remember the last block contains
+        # m's' which we don't include here
+        key = blocks[-1] ^ reduce(operator.xor, hashes)
+
+        # and now we can create the cipher object
+        mcipher = self.__newcipher(long_to_bytes(key, self.__key_size))
+
+        # And we can now decode the original message blocks
+        parts = []
+        for i in range(1, len(blocks)):
+            cipherblock = mcipher.encrypt(long_to_bytes(i, block_size))
+            mi = blocks[i-1] ^ bytes_to_long(cipherblock)
+            parts.append(mi)
+
+        # The last message block contains the number of pad bytes appended to
+        # the original text string, such that its length was an even multiple
+        # of the cipher's block_size.  This number should be small enough that
+        # the conversion from long integer to integer should never overflow
+        padbytes = int(parts[-1])
+        text = b('').join(map(long_to_bytes, parts[:-1]))
+        return text[:-padbytes]
+
+    def _inventkey(self, key_size):
+        # Return key_size random bytes
+        from Crypto import Random
+        return Random.new().read(key_size)
+
+    def __newcipher(self, key):
+        if self.__mode is None and self.__IV is None:
+            return self.__ciphermodule.new(key)
+        elif self.__IV is None:
+            return self.__ciphermodule.new(key, self.__mode)
+        else:
+            return self.__ciphermodule.new(key, self.__mode, self.__IV)
+
+
+
+if __name__ == '__main__':
+    import sys
+    import getopt
+    import base64
+
+    usagemsg = '''\
+Test module usage: %(program)s [-c cipher] [-l] [-h]
+
+Where:
+    --cipher module
+    -c module
+        Cipher module to use.  Default: %(ciphermodule)s
+
+    --aslong
+    -l
+        Print the encoded message blocks as long integers instead of base64
+        encoded strings
+
+    --help
+    -h
+        Print this help message
+'''
+
+    ciphermodule = 'AES'
+    aslong = 0
+
+    def usage(code, msg=None):
+        if msg:
+            print msg
+        print usagemsg % {'program': sys.argv[0],
+                          'ciphermodule': ciphermodule}
+        sys.exit(code)
+
+    try:
+        opts, args = getopt.getopt(sys.argv[1:],
+                                   'c:l', ['cipher=', 'aslong'])
+    except getopt.error, msg:
+        usage(1, msg)
+
+    if args:
+        usage(1, 'Too many arguments')
+
+    for opt, arg in opts:
+        if opt in ('-h', '--help'):
+            usage(0)
+        elif opt in ('-c', '--cipher'):
+            ciphermodule = arg
+        elif opt in ('-l', '--aslong'):
+            aslong = 1
+
+    # ugly hack to force __import__ to give us the end-path module
+    module = __import__('Crypto.Cipher.'+ciphermodule, None, None, ['new'])
+
+    x = AllOrNothing(module)
+    print 'Original text:\n=========='
+    print __doc__
+    print '=========='
+    msgblocks = x.digest(b(__doc__))
+    print 'message blocks:'
+    for i, blk in zip(range(len(msgblocks)), msgblocks):
+        # base64 adds a trailing newline
+        print '    %3d' % i,
+        if aslong:
+            print bytes_to_long(blk)
+        else:
+            print base64.encodestring(blk)[:-1]
+    #
+    # get a new undigest-only object so there's no leakage
+    y = AllOrNothing(module)
+    text = y.undigest(msgblocks)
+    if text == b(__doc__):
+        print 'They match!'
+    else:
+        print 'They differ!'
diff --git a/lib/Python/Lib/Crypto/Protocol/Chaffing.py b/lib/Python/Lib/Crypto/Protocol/Chaffing.py
new file mode 100644
index 000000000..c19e03759
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Protocol/Chaffing.py
@@ -0,0 +1,245 @@
+#
+#  Chaffing.py : chaffing & winnowing support
+#
+# Part of the Python Cryptography Toolkit
+#
+# Written by Andrew M. Kuchling, Barry A. Warsaw, and others
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+#
+"""This file implements the chaffing algorithm.
+
+Winnowing and chaffing is a technique for enhancing privacy without requiring
+strong encryption.  In short, the technique takes a set of authenticated
+message blocks (the wheat) and adds a number of chaff blocks which have
+randomly chosen data and MAC fields.  This means that to an adversary, the
+chaff blocks look as valid as the wheat blocks, and so the authentication
+would have to be performed on every block.  By tailoring the number of chaff
+blocks added to the message, the sender can make breaking the message
+computationally infeasible.  There are many other interesting properties of
+the winnow/chaff technique.
+
+For example, say Alice is sending a message to Bob.  She packetizes the
+message and performs an all-or-nothing transformation on the packets.  Then
+she authenticates each packet with a message authentication code (MAC).  The
+MAC is a hash of the data packet, and there is a secret key which she must
+share with Bob (key distribution is an exercise left to the reader).  She then
+adds a serial number to each packet, and sends the packets to Bob.
+
+Bob receives the packets, and using the shared secret authentication key,
+authenticates the MACs for each packet.  Those packets that have bad MACs are
+simply discarded.  The remainder are sorted by serial number, and passed
+through the reverse all-or-nothing transform.  The transform means that an
+eavesdropper (say Eve) must acquire all the packets before any of the data can
+be read.  If even one packet is missing, the data is useless.
+
+There's one twist: by adding chaff packets, Alice and Bob can make Eve's job
+much harder, since Eve now has to break the shared secret key, or try every
+combination of wheat and chaff packet to read any of the message.  The cool
+thing is that Bob doesn't need to add any additional code; the chaff packets
+are already filtered out because their MACs don't match (in all likelihood --
+since the data and MACs for the chaff packets are randomly chosen it is
+possible, but very unlikely that a chaff MAC will match the chaff data).  And
+Alice need not even be the party adding the chaff!  She could be completely
+unaware that a third party, say Charles, is adding chaff packets to her
+messages as they are transmitted.
+
+For more information on winnowing and chaffing see this paper:
+
+Ronald L. Rivest, "Chaffing and Winnowing: Confidentiality without Encryption"
+http://theory.lcs.mit.edu/~rivest/chaffing.txt
+
+"""
+
+__revision__ = "$Id$"
+
+from Crypto.Util.number import bytes_to_long
+
+class Chaff:
+    """Class implementing the chaff adding algorithm.
+
+    Methods for subclasses:
+
+            _randnum(size):
+                Returns a randomly generated number with a byte-length equal
+                to size.  Subclasses can use this to implement better random
+                data and MAC generating algorithms.  The default algorithm is
+                probably not very cryptographically secure.  It is most
+                important that the chaff data does not contain any patterns
+                that can be used to discern it from wheat data without running
+                the MAC.
+
+    """
+
+    def __init__(self, factor=1.0, blocksper=1):
+        """Chaff(factor:float, blocksper:int)
+
+        factor is the number of message blocks to add chaff to,
+        expressed as a percentage between 0.0 and 1.0.  blocksper is
+        the number of chaff blocks to include for each block being
+        chaffed.  Thus the defaults add one chaff block to every
+        message block.  By changing the defaults, you can adjust how
+        computationally difficult it could be for an adversary to
+        brute-force crack the message.  The difficulty is expressed
+        as:
+
+            pow(blocksper, int(factor * number-of-blocks))
+
+        For ease of implementation, when factor < 1.0, only the first
+        int(factor*number-of-blocks) message blocks are chaffed.
+        """
+
+        if not (0.0<=factor<=1.0):
+            raise ValueError, "'factor' must be between 0.0 and 1.0"
+        if blocksper < 0:
+            raise ValueError, "'blocksper' must be zero or more"
+
+        self.__factor = factor
+        self.__blocksper = blocksper
+
+
+    def chaff(self, blocks):
+        """chaff( [(serial-number:int, data:string, MAC:string)] )
+        : [(int, string, string)]
+
+        Add chaff to message blocks.  blocks is a list of 3-tuples of the
+        form (serial-number, data, MAC).
+
+        Chaff is created by choosing a random number of the same
+        byte-length as data, and another random number of the same
+        byte-length as MAC.  The message block's serial number is
+        placed on the chaff block and all the packet's chaff blocks
+        are randomly interspersed with the single wheat block.  This
+        method then returns a list of 3-tuples of the same form.
+        Chaffed blocks will contain multiple instances of 3-tuples
+        with the same serial number, but the only way to figure out
+        which blocks are wheat and which are chaff is to perform the
+        MAC hash and compare values.
+        """
+
+        chaffedblocks = []
+
+        # count is the number of blocks to add chaff to.  blocksper is the
+        # number of chaff blocks to add per message block that is being
+        # chaffed.
+        count = len(blocks) * self.__factor
+        blocksper = range(self.__blocksper)
+        for i, wheat in zip(range(len(blocks)), blocks):
+            # it shouldn't matter which of the n blocks we add chaff to, so for
+            # ease of implementation, we'll just add them to the first count
+            # blocks
+            if i < count:
+                serial, data, mac = wheat
+                datasize = len(data)
+                macsize = len(mac)
+                addwheat = 1
+                # add chaff to this block
+                for j in blocksper:
+                    import sys
+                    chaffdata = self._randnum(datasize)
+                    chaffmac = self._randnum(macsize)
+                    chaff = (serial, chaffdata, chaffmac)
+                    # mix up the order, if the 5th bit is on then put the
+                    # wheat on the list
+                    if addwheat and bytes_to_long(self._randnum(16)) & 0x40:
+                        chaffedblocks.append(wheat)
+                        addwheat = 0
+                    chaffedblocks.append(chaff)
+                if addwheat:
+                    chaffedblocks.append(wheat)
+            else:
+                # just add the wheat
+                chaffedblocks.append(wheat)
+        return chaffedblocks
+
+    def _randnum(self, size):
+        from Crypto import Random
+        return Random.new().read(size)
+
+
+if __name__ == '__main__':
+    text = """\
+We hold these truths to be self-evident, that all men are created equal, that
+they are endowed by their Creator with certain unalienable Rights, that among
+these are Life, Liberty, and the pursuit of Happiness. That to secure these
+rights, Governments are instituted among Men, deriving their just powers from
+the consent of the governed. That whenever any Form of Government becomes
+destructive of these ends, it is the Right of the People to alter or to
+abolish it, and to institute new Government, laying its foundation on such
+principles and organizing its powers in such form, as to them shall seem most
+likely to effect their Safety and Happiness.
+"""
+    print 'Original text:\n=========='
+    print text
+    print '=========='
+
+    # first transform the text into packets
+    blocks = [] ; size = 40
+    for i in range(0, len(text), size):
+        blocks.append( text[i:i+size] )
+
+    # now get MACs for all the text blocks.  The key is obvious...
+    print 'Calculating MACs...'
+    from Crypto.Hash import HMAC, SHA
+    key = 'Jefferson'
+    macs = [HMAC.new(key, block, digestmod=SHA).digest()
+            for block in blocks]
+
+    assert len(blocks) == len(macs)
+
+    # put these into a form acceptable as input to the chaffing procedure
+    source = []
+    m = zip(range(len(blocks)), blocks, macs)
+    print m
+    for i, data, mac in m:
+        source.append((i, data, mac))
+
+    # now chaff these
+    print 'Adding chaff...'
+    c = Chaff(factor=0.5, blocksper=2)
+    chaffed = c.chaff(source)
+
+    from base64 import encodestring
+
+    # print the chaffed message blocks.  meanwhile, separate the wheat from
+    # the chaff
+
+    wheat = []
+    print 'chaffed message blocks:'
+    for i, data, mac in chaffed:
+        # do the authentication
+        h = HMAC.new(key, data, digestmod=SHA)
+        pmac = h.digest()
+        if pmac == mac:
+            tag = '-->'
+            wheat.append(data)
+        else:
+            tag = '   '
+        # base64 adds a trailing newline
+        print tag, '%3d' % i, \
+              repr(data), encodestring(mac)[:-1]
+
+    # now decode the message packets and check it against the original text
+    print 'Undigesting wheat...'
+    # PY3K: This is meant to be text, do not change to bytes (data)
+    newtext = "".join(wheat)
+    if newtext == text:
+        print 'They match!'
+    else:
+        print 'They differ!'
diff --git a/lib/Python/Lib/Crypto/Protocol/KDF.py b/lib/Python/Lib/Crypto/Protocol/KDF.py
new file mode 100644
index 000000000..973b7aff7
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Protocol/KDF.py
@@ -0,0 +1,123 @@
+#
+#  KDF.py : a collection of Key Derivation Functions
+#
+# Part of the Python Cryptography Toolkit
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""This file contains a collection of standard key derivation functions.
+
+A key derivation function derives one or more secondary secret keys from
+one primary secret (a master key or a pass phrase).
+
+This is typically done to insulate the secondary keys from each other,
+to avoid that leakage of a secondary key compromises the security of the
+master key, or to thwart attacks on pass phrases (e.g. via rainbow tables).
+
+:undocumented: __revision__
+"""
+
+__revision__ = "$Id$"
+
+import math
+import struct
+
+from Crypto.Util.py3compat import *
+from Crypto.Hash import SHA as SHA1, HMAC
+from Crypto.Util.strxor import strxor
+
+def PBKDF1(password, salt, dkLen, count=1000, hashAlgo=None):
+    """Derive one key from a password (or passphrase).
+
+    This function performs key derivation according an old version of
+    the PKCS#5 standard (v1.5).
+    
+    This algorithm is called ``PBKDF1``. Even though it is still described
+    in the latest version of the PKCS#5 standard (version 2, or RFC2898),
+    newer applications should use the more secure and versatile `PBKDF2` instead.
+
+    :Parameters:
+     password : string
+        The secret password or pass phrase to generate the key from.
+     salt : byte string
+        An 8 byte string to use for better protection from dictionary attacks.
+        This value does not need to be kept secret, but it should be randomly
+        chosen for each derivation.
+     dkLen : integer
+        The length of the desired key. Default is 16 bytes, suitable for instance for `Crypto.Cipher.AES`.
+     count : integer
+        The number of iterations to carry out. It's recommended to use at least 1000.
+     hashAlgo : module
+        The hash algorithm to use, as a module or an object from the `Crypto.Hash` package.
+        The digest length must be no shorter than ``dkLen``.
+        The default algorithm is `SHA1`.
+
+    :Return: A byte string of length `dkLen` that can be used as key.
+    """
+    if not hashAlgo:
+        hashAlgo = SHA1
+    password = tobytes(password)
+    pHash = hashAlgo.new(password+salt)
+    digest = pHash.digest_size
+    if dkLen>digest:
+        raise ValueError("Selected hash algorithm has a too short digest (%d bytes)." % digest)
+    if len(salt)!=8:
+        raise ValueError("Salt is not 8 bytes long.")
+    for i in xrange(count-1):
+        pHash = pHash.new(pHash.digest())
+    return pHash.digest()[:dkLen]
+
+def PBKDF2(password, salt, dkLen=16, count=1000, prf=None):
+    """Derive one or more keys from a password (or passphrase).
+
+    This performs key derivation according to the PKCS#5 standard (v2.0),
+    by means of the ``PBKDF2`` algorithm.
+
+    :Parameters:
+     password : string
+        The secret password or pass phrase to generate the key from.
+     salt : string
+        A string to use for better protection from dictionary attacks.
+        This value does not need to be kept secret, but it should be randomly
+        chosen for each derivation. It is recommended to be at least 8 bytes long.
+     dkLen : integer
+        The cumulative length of the desired keys. Default is 16 bytes, suitable for instance for `Crypto.Cipher.AES`.
+     count : integer
+        The number of iterations to carry out. It's recommended to use at least 1000.
+     prf : callable
+        A pseudorandom function. It must be a function that returns a pseudorandom string
+        from two parameters: a secret and a salt. If not specified, HMAC-SHA1 is used.
+
+    :Return: A byte string of length `dkLen` that can be used as key material.
+        If you wanted multiple keys, just break up this string into segments of the desired length.
+"""
+    password = tobytes(password)
+    if prf is None:
+        prf = lambda p,s: HMAC.new(p,s,SHA1).digest()
+    key = b('')
+    i = 1
+    while len(key)<dkLen:
+        U = previousU = prf(password,salt+struct.pack(">I", i))
+        for j in xrange(count-1):
+            previousU = t = prf(password,previousU)
+            U = strxor(U,t)
+        key += U
+        i = i + 1
+    return key[:dkLen]
+
diff --git a/lib/Python/Lib/Crypto/Protocol/__init__.py b/lib/Python/Lib/Crypto/Protocol/__init__.py
new file mode 100644
index 000000000..cacc685a0
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Protocol/__init__.py
@@ -0,0 +1,41 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Cryptographic protocols
+
+Implements various cryptographic protocols.  (Don't expect to find
+network protocols here.)
+
+Crypto.Protocol.AllOrNothing
+ Transforms a message into a set of message blocks, such that the blocks
+ can be recombined to get the message back.
+
+Crypto.Protocol.Chaffing
+ Takes a set of authenticated message blocks (the wheat) and adds a number
+ of randomly generated blocks (the chaff).
+
+Crypto.Protocol.KDF
+ A collection of standard key derivation functions.
+
+:undocumented: __revision__
+"""
+
+__all__ = ['AllOrNothing', 'Chaffing', 'KDF']
+__revision__ = "$Id$"
diff --git a/lib/Python/Lib/Crypto/PublicKey/DSA.py b/lib/Python/Lib/Crypto/PublicKey/DSA.py
new file mode 100644
index 000000000..d6bffd673
--- /dev/null
+++ b/lib/Python/Lib/Crypto/PublicKey/DSA.py
@@ -0,0 +1,379 @@
+# -*- coding: utf-8 -*-
+#
+#  PublicKey/DSA.py : DSA signature primitive
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""DSA public-key signature algorithm.
+
+DSA_ is a widespread public-key signature algorithm. Its security is
+based on the discrete logarithm problem (DLP_). Given a cyclic
+group, a generator *g*, and an element *h*, it is hard
+to find an integer *x* such that *g^x = h*. The problem is believed
+to be difficult, and it has been proved such (and therefore secure) for
+more than 30 years.
+
+The group is actually a sub-group over the integers modulo *p*, with *p* prime.
+The sub-group order is *q*, which is prime too; it always holds that *(p-1)* is a multiple of *q*.
+The cryptographic strength is linked to the magnitude of *p* and *q*.
+The signer holds a value *x* (*0<x<q-1*) as private key, and its public
+key (*y* where *y=g^x mod p*) is distributed.
+
+In 2012, a sufficient size is deemed to be 2048 bits for *p* and 256 bits for *q*.
+For more information, see the most recent ECRYPT_ report.
+
+DSA is reasonably secure for new designs.
+
+The algorithm can only be used for authentication (digital signature).
+DSA cannot be used for confidentiality (encryption).
+
+The values *(p,q,g)* are called *domain parameters*;
+they are not sensitive but must be shared by both parties (the signer and the verifier).
+Different signers can share the same domain parameters with no security
+concerns.
+
+The DSA signature is twice as big as the size of *q* (64 bytes if *q* is 256 bit
+long).
+
+This module provides facilities for generating new DSA keys and for constructing
+them from known components. DSA keys allows you to perform basic signing and
+verification.
+
+    >>> from Crypto.Random import random
+    >>> from Crypto.PublicKey import DSA
+    >>> from Crypto.Hash import SHA
+    >>>
+    >>> message = "Hello"
+    >>> key = DSA.generate(1024)
+    >>> h = SHA.new(message).digest()
+    >>> k = random.StrongRandom().randint(1,key.q-1)
+    >>> sig = key.sign(h,k)
+    >>> ...
+    >>> if key.verify(h,sig):
+    >>>     print "OK"
+    >>> else:
+    >>>     print "Incorrect signature"
+
+.. _DSA: http://en.wikipedia.org/wiki/Digital_Signature_Algorithm
+.. _DLP: http://www.cosic.esat.kuleuven.be/publications/talk-78.pdf
+.. _ECRYPT: http://www.ecrypt.eu.org/documents/D.SPA.17.pdf
+"""
+
+__revision__ = "$Id$"
+
+__all__ = ['generate', 'construct', 'error', 'DSAImplementation', '_DSAobj']
+
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+
+from Crypto.PublicKey import _DSA, _slowmath, pubkey
+from Crypto import Random
+
+try:
+    from Crypto.PublicKey import _fastmath
+except ImportError:
+    _fastmath = None
+
+class _DSAobj(pubkey.pubkey):
+    """Class defining an actual DSA key.
+
+    :undocumented: __getstate__, __setstate__, __repr__, __getattr__
+    """
+    #: Dictionary of DSA parameters.
+    #:
+    #: A public key will only have the following entries:
+    #:
+    #:  - **y**, the public key.
+    #:  - **g**, the generator.
+    #:  - **p**, the modulus.
+    #:  - **q**, the order of the sub-group.
+    #:
+    #: A private key will also have:
+    #:
+    #:  - **x**, the private key.
+    keydata = ['y', 'g', 'p', 'q', 'x']
+
+    def __init__(self, implementation, key):
+        self.implementation = implementation
+        self.key = key
+
+    def __getattr__(self, attrname):
+        if attrname in self.keydata:
+            # For backward compatibility, allow the user to get (not set) the
+            # DSA key parameters directly from this object.
+            return getattr(self.key, attrname)
+        else:
+            raise AttributeError("%s object has no %r attribute" % (self.__class__.__name__, attrname,))
+
+    def sign(self, M, K):
+        """Sign a piece of data with DSA.
+
+        :Parameter M: The piece of data to sign with DSA. It may
+         not be longer in bit size than the sub-group order (*q*).
+        :Type M: byte string or long
+
+        :Parameter K: A secret number, chosen randomly in the closed
+         range *[1,q-1]*.
+        :Type K: long (recommended) or byte string (not recommended)
+
+        :attention: selection of *K* is crucial for security. Generating a
+         random number larger than *q* and taking the modulus by *q* is
+         **not** secure, since smaller values will occur more frequently.
+         Generating a random number systematically smaller than *q-1*
+         (e.g. *floor((q-1)/8)* random bytes) is also **not** secure. In general,
+         it shall not be possible for an attacker to know the value of `any
+         bit of K`__.
+
+        :attention: The number *K* shall not be reused for any other
+         operation and shall be discarded immediately.
+
+        :attention: M must be a digest cryptographic hash, otherwise
+         an attacker may mount an existential forgery attack.
+
+        :Return: A tuple with 2 longs.
+
+        .. __: http://www.di.ens.fr/~pnguyen/pub_NgSh00.htm
+        """
+        return pubkey.pubkey.sign(self, M, K)
+
+    def verify(self, M, signature):
+        """Verify the validity of a DSA signature.
+
+        :Parameter M: The expected message.
+        :Type M: byte string or long
+
+        :Parameter signature: The DSA signature to verify.
+        :Type signature: A tuple with 2 longs as return by `sign`
+
+        :Return: True if the signature is correct, False otherwise.
+        """
+        return pubkey.pubkey.verify(self, M, signature)
+
+    def _encrypt(self, c, K):
+        raise TypeError("DSA cannot encrypt")
+
+    def _decrypt(self, c):
+        raise TypeError("DSA cannot decrypt")
+
+    def _blind(self, m, r):
+        raise TypeError("DSA cannot blind")
+
+    def _unblind(self, m, r):
+        raise TypeError("DSA cannot unblind")
+
+    def _sign(self, m, k):
+        return self.key._sign(m, k)
+
+    def _verify(self, m, sig):
+        (r, s) = sig
+        return self.key._verify(m, r, s)
+
+    def has_private(self):
+        return self.key.has_private()
+
+    def size(self):
+        return self.key.size()
+
+    def can_blind(self):
+        return False
+
+    def can_encrypt(self):
+        return False
+
+    def can_sign(self):
+        return True
+
+    def publickey(self):
+        return self.implementation.construct((self.key.y, self.key.g, self.key.p, self.key.q))
+
+    def __getstate__(self):
+        d = {}
+        for k in self.keydata:
+            try:
+                d[k] = getattr(self.key, k)
+            except AttributeError:
+                pass
+        return d
+
+    def __setstate__(self, d):
+        if not hasattr(self, 'implementation'):
+            self.implementation = DSAImplementation()
+        t = []
+        for k in self.keydata:
+            if not d.has_key(k):
+                break
+            t.append(d[k])
+        self.key = self.implementation._math.dsa_construct(*tuple(t))
+
+    def __repr__(self):
+        attrs = []
+        for k in self.keydata:
+            if k == 'p':
+                attrs.append("p(%d)" % (self.size()+1,))
+            elif hasattr(self.key, k):
+                attrs.append(k)
+        if self.has_private():
+            attrs.append("private")
+        # PY3K: This is meant to be text, do not change to bytes (data)
+        return "<%s @0x%x %s>" % (self.__class__.__name__, id(self), ",".join(attrs))
+
+class DSAImplementation(object):
+    """
+    A DSA key factory.
+
+    This class is only internally used to implement the methods of the
+    `Crypto.PublicKey.DSA` module.
+    """
+ 
+    def __init__(self, **kwargs):
+        """Create a new DSA key factory.
+
+        :Keywords:
+         use_fast_math : bool
+                                Specify which mathematic library to use:
+
+                                - *None* (default). Use fastest math available.
+                                - *True* . Use fast math.
+                                - *False* . Use slow math.
+         default_randfunc : callable
+                                Specify how to collect random data:
+
+                                - *None* (default). Use Random.new().read().
+                                - not *None* . Use the specified function directly.
+        :Raise RuntimeError:
+            When **use_fast_math** =True but fast math is not available.
+        """
+        use_fast_math = kwargs.get('use_fast_math', None)
+        if use_fast_math is None:   # Automatic
+            if _fastmath is not None:
+                self._math = _fastmath
+            else:
+                self._math = _slowmath
+
+        elif use_fast_math:     # Explicitly select fast math
+            if _fastmath is not None:
+                self._math = _fastmath
+            else:
+                raise RuntimeError("fast math module not available")
+
+        else:   # Explicitly select slow math
+            self._math = _slowmath
+
+        self.error = self._math.error
+
+        # 'default_randfunc' parameter:
+        #   None (default) - use Random.new().read
+        #   not None       - use the specified function
+        self._default_randfunc = kwargs.get('default_randfunc', None)
+        self._current_randfunc = None
+
+    def _get_randfunc(self, randfunc):
+        if randfunc is not None:
+            return randfunc
+        elif self._current_randfunc is None:
+            self._current_randfunc = Random.new().read
+        return self._current_randfunc
+
+    def generate(self, bits, randfunc=None, progress_func=None):
+        """Randomly generate a fresh, new DSA key.
+
+        :Parameters:
+         bits : int
+                            Key length, or size (in bits) of the DSA modulus
+                            *p*.
+                            It must be a multiple of 64, in the closed
+                            interval [512,1024].
+         randfunc : callable
+                            Random number generation function; it should accept
+                            a single integer N and return a string of random data
+                            N bytes long.
+                            If not specified, a new one will be instantiated
+                            from ``Crypto.Random``.
+         progress_func : callable
+                            Optional function that will be called with a short string
+                            containing the key parameter currently being generated;
+                            it's useful for interactive applications where a user is
+                            waiting for a key to be generated.
+
+        :attention: You should always use a cryptographically secure random number generator,
+            such as the one defined in the ``Crypto.Random`` module; **don't** just use the
+            current time and the ``random`` module.
+
+        :Return: A DSA key object (`_DSAobj`).
+
+        :Raise ValueError:
+            When **bits** is too little, too big, or not a multiple of 64.
+        """
+ 
+        # Check against FIPS 186-2, which says that the size of the prime p
+        # must be a multiple of 64 bits between 512 and 1024
+        for i in (0, 1, 2, 3, 4, 5, 6, 7, 8):
+            if bits == 512 + 64*i:
+                return self._generate(bits, randfunc, progress_func)
+
+        # The March 2006 draft of FIPS 186-3 also allows 2048 and 3072-bit
+        # primes, but only with longer q values.  Since the current DSA
+        # implementation only supports a 160-bit q, we don't support larger
+        # values.
+        raise ValueError("Number of bits in p must be a multiple of 64 between 512 and 1024, not %d bits" % (bits,))
+
+    def _generate(self, bits, randfunc=None, progress_func=None):
+        rf = self._get_randfunc(randfunc)
+        obj = _DSA.generate_py(bits, rf, progress_func)    # TODO: Don't use legacy _DSA module
+        key = self._math.dsa_construct(obj.y, obj.g, obj.p, obj.q, obj.x)
+        return _DSAobj(self, key)
+
+    def construct(self, tup):
+        """Construct a DSA key from a tuple of valid DSA components.
+
+        The modulus *p* must be a prime.
+
+        The following equations must apply:
+
+        - p-1 = 0 mod q
+        - g^x = y mod p
+        - 0 < x < q
+        - 1 < g < p
+
+        :Parameters:
+         tup : tuple
+                    A tuple of long integers, with 4 or 5 items
+                    in the following order:
+
+                    1. Public key (*y*).
+                    2. Sub-group generator (*g*).
+                    3. Modulus, finite field order (*p*).
+                    4. Sub-group order (*q*).
+                    5. Private key (*x*). Optional.
+
+        :Return: A DSA key object (`_DSAobj`).
+        """
+        key = self._math.dsa_construct(*tup)
+        return _DSAobj(self, key)
+
+_impl = DSAImplementation()
+generate = _impl.generate
+construct = _impl.construct
+error = _impl.error
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
+
diff --git a/lib/Python/Lib/Crypto/PublicKey/ElGamal.py b/lib/Python/Lib/Crypto/PublicKey/ElGamal.py
new file mode 100644
index 000000000..99af71c44
--- /dev/null
+++ b/lib/Python/Lib/Crypto/PublicKey/ElGamal.py
@@ -0,0 +1,373 @@
+#
+#   ElGamal.py : ElGamal encryption/decryption and signatures
+#
+#  Part of the Python Cryptography Toolkit
+#
+#  Originally written by: A.M. Kuchling
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""ElGamal public-key algorithm (randomized encryption and signature).
+
+Signature algorithm
+-------------------
+The security of the ElGamal signature scheme is based (like DSA) on the discrete
+logarithm problem (DLP_). Given a cyclic group, a generator *g*,
+and an element *h*, it is hard to find an integer *x* such that *g^x = h*.
+
+The group is the largest multiplicative sub-group of the integers modulo *p*,
+with *p* prime.
+The signer holds a value *x* (*0<x<p-1*) as private key, and its public
+key (*y* where *y=g^x mod p*) is distributed.
+
+The ElGamal signature is twice as big as *p*.
+
+Encryption algorithm
+--------------------
+The security of the ElGamal encryption scheme is based on the computational
+Diffie-Hellman problem (CDH_). Given a cyclic group, a generator *g*,
+and two integers *a* and *b*, it is difficult to find
+the element *g^{ab}* when only *g^a* and *g^b* are known, and not *a* and *b*. 
+
+As before, the group is the largest multiplicative sub-group of the integers
+modulo *p*, with *p* prime.
+The receiver holds a value *a* (*0<a<p-1*) as private key, and its public key
+(*b* where *b*=g^a*) is given to the sender.
+
+The ElGamal ciphertext is twice as big as *p*.
+
+Domain parameters
+-----------------
+For both signature and encryption schemes, the values *(p,g)* are called
+*domain parameters*.
+They are not sensitive but must be distributed to all parties (senders and
+receivers).
+Different signers can share the same domain parameters, as can
+different recipients of encrypted messages.
+
+Security
+--------
+Both DLP and CDH problem are believed to be difficult, and they have been proved
+such (and therefore secure) for more than 30 years.
+
+The cryptographic strength is linked to the magnitude of *p*.
+In 2012, a sufficient size for *p* is deemed to be 2048 bits.
+For more information, see the most recent ECRYPT_ report.
+
+Even though ElGamal algorithms are in theory reasonably secure for new designs,
+in practice there are no real good reasons for using them.
+The signature is four times larger than the equivalent DSA, and the ciphertext
+is two times larger than the equivalent RSA.
+
+Functionality
+-------------
+This module provides facilities for generating new ElGamal keys and for constructing
+them from known components. ElGamal keys allows you to perform basic signing,
+verification, encryption, and decryption.
+
+    >>> from Crypto import Random
+    >>> from Crypto.Random import random
+    >>> from Crypto.PublicKey import ElGamal
+    >>> from Crypto.Util.number import GCD
+    >>> from Crypto.Hash import SHA
+    >>>
+    >>> message = "Hello"
+    >>> key = ElGamal.generate(1024, Random.new().read)
+    >>> h = SHA.new(message).digest()
+    >>> while 1:
+    >>>     k = random.StrongRandom().randint(1,key.p-1)
+    >>>     if GCD(k,key.p-1)==1: break
+    >>> sig = key.sign(h,k)
+    >>> ...
+    >>> if key.verify(h,sig):
+    >>>     print "OK"
+    >>> else:
+    >>>     print "Incorrect signature"
+
+.. _DLP: http://www.cosic.esat.kuleuven.be/publications/talk-78.pdf
+.. _CDH: http://en.wikipedia.org/wiki/Computational_Diffie%E2%80%93Hellman_assumption
+.. _ECRYPT: http://www.ecrypt.eu.org/documents/D.SPA.17.pdf
+"""
+
+__revision__ = "$Id$"
+
+__all__ = ['generate', 'construct', 'error', 'ElGamalobj']
+
+from Crypto.PublicKey.pubkey import *
+from Crypto.Util import number
+
+class error (Exception):
+    pass
+
+# Generate an ElGamal key with N bits
+def generate(bits, randfunc, progress_func=None):
+    """Randomly generate a fresh, new ElGamal key.
+
+    The key will be safe for use for both encryption and signature
+    (although it should be used for **only one** purpose).
+
+    :Parameters:
+        bits : int
+            Key length, or size (in bits) of the modulus *p*.
+            Recommended value is 2048.
+        randfunc : callable
+            Random number generation function; it should accept
+            a single integer N and return a string of random data
+            N bytes long.
+        progress_func : callable
+            Optional function that will be called with a short string
+            containing the key parameter currently being generated;
+            it's useful for interactive applications where a user is
+            waiting for a key to be generated.
+
+    :attention: You should always use a cryptographically secure random number generator,
+        such as the one defined in the ``Crypto.Random`` module; **don't** just use the
+        current time and the ``random`` module.
+
+    :Return: An ElGamal key object (`ElGamalobj`).
+    """
+    obj=ElGamalobj()
+    # Generate a safe prime p
+    # See Algorithm 4.86 in Handbook of Applied Cryptography
+    if progress_func:
+        progress_func('p\n')
+    while 1:
+        q = bignum(getPrime(bits-1, randfunc))
+        obj.p = 2*q+1
+        if number.isPrime(obj.p, randfunc=randfunc):
+            break
+    # Generate generator g
+    # See Algorithm 4.80 in Handbook of Applied Cryptography
+    # Note that the order of the group is n=p-1=2q, where q is prime
+    if progress_func:
+        progress_func('g\n')
+    while 1:
+        # We must avoid g=2 because of Bleichenbacher's attack described
+        # in "Generating ElGamal signatures without knowning the secret key",
+        # 1996
+        #
+        obj.g = number.getRandomRange(3, obj.p, randfunc)
+        safe = 1
+        if pow(obj.g, 2, obj.p)==1:
+            safe=0
+        if safe and pow(obj.g, q, obj.p)==1:
+            safe=0
+        # Discard g if it divides p-1 because of the attack described
+        # in Note 11.67 (iii) in HAC
+        if safe and divmod(obj.p-1, obj.g)[1]==0:
+            safe=0
+        # g^{-1} must not divide p-1 because of Khadir's attack
+        # described in "Conditions of the generator for forging ElGamal
+        # signature", 2011
+        ginv = number.inverse(obj.g, obj.p)
+        if safe and divmod(obj.p-1, ginv)[1]==0:
+            safe=0
+        if safe:
+            break
+    # Generate private key x
+    if progress_func:
+        progress_func('x\n')
+    obj.x=number.getRandomRange(2, obj.p-1, randfunc)
+    # Generate public key y
+    if progress_func:
+        progress_func('y\n')
+    obj.y = pow(obj.g, obj.x, obj.p)
+    return obj
+
+def construct(tup):
+    """Construct an ElGamal key from a tuple of valid ElGamal components.
+
+    The modulus *p* must be a prime.
+
+    The following conditions must apply:
+
+    - 1 < g < p-1
+    - g^{p-1} = 1 mod p
+    - 1 < x < p-1
+    - g^x = y mod p
+
+    :Parameters:
+        tup : tuple
+            A tuple of long integers, with 3 or 4 items
+            in the following order:
+
+            1. Modulus (*p*).
+            2. Generator (*g*).
+            3. Public key (*y*).
+            4. Private key (*x*). Optional.
+
+    :Return: An ElGamal key object (`ElGamalobj`).
+    """
+
+    obj=ElGamalobj()
+    if len(tup) not in [3,4]:
+        raise ValueError('argument for construct() wrong length')
+    for i in range(len(tup)):
+        field = obj.keydata[i]
+        setattr(obj, field, tup[i])
+    return obj
+
+class ElGamalobj(pubkey):
+    """Class defining an ElGamal key.
+
+    :undocumented: __getstate__, __setstate__, __repr__, __getattr__
+    """
+
+    #: Dictionary of ElGamal parameters.
+    #:
+    #: A public key will only have the following entries:
+    #:
+    #:  - **y**, the public key.
+    #:  - **g**, the generator.
+    #:  - **p**, the modulus.
+    #:
+    #: A private key will also have:
+    #:
+    #:  - **x**, the private key.
+    keydata=['p', 'g', 'y', 'x']
+
+    def encrypt(self, plaintext, K):
+        """Encrypt a piece of data with ElGamal.
+
+        :Parameter plaintext: The piece of data to encrypt with ElGamal.
+         It must be numerically smaller than the module (*p*).
+        :Type plaintext: byte string or long
+
+        :Parameter K: A secret number, chosen randomly in the closed
+         range *[1,p-2]*.
+        :Type K: long (recommended) or byte string (not recommended)
+
+        :Return: A tuple with two items. Each item is of the same type as the
+         plaintext (string or long).
+
+        :attention: selection of *K* is crucial for security. Generating a
+         random number larger than *p-1* and taking the modulus by *p-1* is
+         **not** secure, since smaller values will occur more frequently.
+         Generating a random number systematically smaller than *p-1*
+         (e.g. *floor((p-1)/8)* random bytes) is also **not** secure.
+         In general, it shall not be possible for an attacker to know
+         the value of any bit of K.
+
+        :attention: The number *K* shall not be reused for any other
+         operation and shall be discarded immediately.
+        """
+        return pubkey.encrypt(self, plaintext, K)
+ 
+    def decrypt(self, ciphertext):
+        """Decrypt a piece of data with ElGamal.
+
+        :Parameter ciphertext: The piece of data to decrypt with ElGamal.
+        :Type ciphertext: byte string, long or a 2-item tuple as returned
+         by `encrypt`
+
+        :Return: A byte string if ciphertext was a byte string or a tuple
+         of byte strings. A long otherwise.
+        """
+        return pubkey.decrypt(self, ciphertext)
+
+    def sign(self, M, K):
+        """Sign a piece of data with ElGamal.
+
+        :Parameter M: The piece of data to sign with ElGamal. It may
+         not be longer in bit size than *p-1*.
+        :Type M: byte string or long
+
+        :Parameter K: A secret number, chosen randomly in the closed
+         range *[1,p-2]* and such that *gcd(k,p-1)=1*.
+        :Type K: long (recommended) or byte string (not recommended)
+
+        :attention: selection of *K* is crucial for security. Generating a
+         random number larger than *p-1* and taking the modulus by *p-1* is
+         **not** secure, since smaller values will occur more frequently.
+         Generating a random number systematically smaller than *p-1*
+         (e.g. *floor((p-1)/8)* random bytes) is also **not** secure.
+         In general, it shall not be possible for an attacker to know
+         the value of any bit of K.
+
+        :attention: The number *K* shall not be reused for any other
+         operation and shall be discarded immediately.
+
+        :attention: M must be be a cryptographic hash, otherwise an
+         attacker may mount an existential forgery attack.
+
+        :Return: A tuple with 2 longs.
+        """
+        return pubkey.sign(self, M, K)
+
+    def verify(self, M, signature):
+        """Verify the validity of an ElGamal signature.
+
+        :Parameter M: The expected message.
+        :Type M: byte string or long
+
+        :Parameter signature: The ElGamal signature to verify.
+        :Type signature: A tuple with 2 longs as return by `sign`
+
+        :Return: True if the signature is correct, False otherwise.
+        """
+        return pubkey.verify(self, M, signature)
+
+    def _encrypt(self, M, K):
+        a=pow(self.g, K, self.p)
+        b=( M*pow(self.y, K, self.p) ) % self.p
+        return ( a,b )
+
+    def _decrypt(self, M):
+        if (not hasattr(self, 'x')):
+            raise TypeError('Private key not available in this object')
+        ax=pow(M[0], self.x, self.p)
+        plaintext=(M[1] * inverse(ax, self.p ) ) % self.p
+        return plaintext
+
+    def _sign(self, M, K):
+        if (not hasattr(self, 'x')):
+            raise TypeError('Private key not available in this object')
+        p1=self.p-1
+        if (GCD(K, p1)!=1):
+            raise ValueError('Bad K value: GCD(K,p-1)!=1')
+        a=pow(self.g, K, self.p)
+        t=(M-self.x*a) % p1
+        while t<0: t=t+p1
+        b=(t*inverse(K, p1)) % p1
+        return (a, b)
+
+    def _verify(self, M, sig):
+        if sig[0]<1 or sig[0]>self.p-1:
+            return 0
+        v1=pow(self.y, sig[0], self.p)
+        v1=(v1*pow(sig[0], sig[1], self.p)) % self.p
+        v2=pow(self.g, M, self.p)
+        if v1==v2:
+            return 1
+        return 0
+
+    def size(self):
+        return number.size(self.p) - 1
+
+    def has_private(self):
+        if hasattr(self, 'x'):
+            return 1
+        else:
+            return 0
+
+    def publickey(self):
+        return construct((self.p, self.g, self.y))
+
+
+object=ElGamalobj
diff --git a/lib/Python/Lib/Crypto/PublicKey/RSA.py b/lib/Python/Lib/Crypto/PublicKey/RSA.py
new file mode 100644
index 000000000..99d851ddb
--- /dev/null
+++ b/lib/Python/Lib/Crypto/PublicKey/RSA.py
@@ -0,0 +1,719 @@
+# -*- coding: utf-8 -*-
+#
+#  PublicKey/RSA.py : RSA public key primitive
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""RSA public-key cryptography algorithm (signature and encryption).
+
+RSA_ is the most widespread and used public key algorithm. Its security is
+based on the difficulty of factoring large integers. The algorithm has
+withstood attacks for 30 years, and it is therefore considered reasonably
+secure for new designs.
+
+The algorithm can be used for both confidentiality (encryption) and
+authentication (digital signature). It is worth noting that signing and
+decryption are significantly slower than verification and encryption.
+The cryptograhic strength is primarily linked to the length of the modulus *n*.
+In 2012, a sufficient length is deemed to be 2048 bits. For more information,
+see the most recent ECRYPT_ report.
+
+Both RSA ciphertext and RSA signature are as big as the modulus *n* (256
+bytes if *n* is 2048 bit long).
+
+This module provides facilities for generating fresh, new RSA keys, constructing
+them from known components, exporting them, and importing them.
+
+    >>> from Crypto.PublicKey import RSA
+    >>>
+    >>> key = RSA.generate(2048)
+    >>> f = open('mykey.pem','w')
+    >>> f.write(RSA.exportKey('PEM'))
+    >>> f.close()
+    ...
+    >>> f = open('mykey.pem','r')
+    >>> key = RSA.importKey(f.read())
+
+Even though you may choose to  directly use the methods of an RSA key object
+to perform the primitive cryptographic operations (e.g. `_RSAobj.encrypt`),
+it is recommended to use one of the standardized schemes instead (like
+`Crypto.Cipher.PKCS1_v1_5` or `Crypto.Signature.PKCS1_v1_5`).
+
+.. _RSA: http://en.wikipedia.org/wiki/RSA_%28algorithm%29
+.. _ECRYPT: http://www.ecrypt.eu.org/documents/D.SPA.17.pdf
+
+:sort: generate,construct,importKey,error
+"""
+
+__revision__ = "$Id$"
+
+__all__ = ['generate', 'construct', 'error', 'importKey', 'RSAImplementation', '_RSAobj']
+
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+from Crypto.Util.py3compat import *
+#from Crypto.Util.python_compat import *
+from Crypto.Util.number import getRandomRange, bytes_to_long, long_to_bytes
+
+from Crypto.PublicKey import _RSA, _slowmath, pubkey
+from Crypto import Random
+
+from Crypto.Util.asn1 import DerObject, DerSequence, DerNull
+import binascii
+import struct
+
+from Crypto.Util.number import inverse
+
+from Crypto.Util.number import inverse
+
+try:
+    from Crypto.PublicKey import _fastmath
+except ImportError:
+    _fastmath = None
+
+class _RSAobj(pubkey.pubkey):
+    """Class defining an actual RSA key.
+
+    :undocumented: __getstate__, __setstate__, __repr__, __getattr__
+    """
+    #: Dictionary of RSA parameters.
+    #:
+    #: A public key will only have the following entries:
+    #:
+    #:  - **n**, the modulus.
+    #:  - **e**, the public exponent.
+    #:
+    #: A private key will also have:
+    #:
+    #:  - **d**, the private exponent.
+    #:  - **p**, the first factor of n.
+    #:  - **q**, the second factor of n.
+    #:  - **u**, the CRT coefficient (1/p) mod q.
+    keydata = ['n', 'e', 'd', 'p', 'q', 'u']
+
+    def __init__(self, implementation, key, randfunc=None):
+        self.implementation = implementation
+        self.key = key
+        if randfunc is None:
+            randfunc = Random.new().read
+        self._randfunc = randfunc
+
+    def __getattr__(self, attrname):
+        if attrname in self.keydata:
+            # For backward compatibility, allow the user to get (not set) the
+            # RSA key parameters directly from this object.
+            return getattr(self.key, attrname)
+        else:
+            raise AttributeError("%s object has no %r attribute" % (self.__class__.__name__, attrname,))
+
+    def encrypt(self, plaintext, K):
+        """Encrypt a piece of data with RSA.
+
+        :Parameter plaintext: The piece of data to encrypt with RSA. It may not
+         be numerically larger than the RSA module (**n**).
+        :Type plaintext: byte string or long
+
+        :Parameter K: A random parameter (*for compatibility only. This
+         value will be ignored*)
+        :Type K: byte string or long
+
+        :attention: this function performs the plain, primitive RSA encryption
+         (*textbook*). In real applications, you always need to use proper
+         cryptographic padding, and you should not directly encrypt data with
+         this method. Failure to do so may lead to security vulnerabilities.
+         It is recommended to use modules
+         `Crypto.Cipher.PKCS1_OAEP` or `Crypto.Cipher.PKCS1_v1_5` instead.
+
+        :Return: A tuple with two items. The first item is the ciphertext
+         of the same type as the plaintext (string or long). The second item
+         is always None.
+        """
+        return pubkey.pubkey.encrypt(self, plaintext, K)
+ 
+    def decrypt(self, ciphertext):
+        """Decrypt a piece of data with RSA.
+
+        Decryption always takes place with blinding.
+
+        :attention: this function performs the plain, primitive RSA decryption
+         (*textbook*). In real applications, you always need to use proper
+         cryptographic padding, and you should not directly decrypt data with
+         this method. Failure to do so may lead to security vulnerabilities.
+         It is recommended to use modules
+         `Crypto.Cipher.PKCS1_OAEP` or `Crypto.Cipher.PKCS1_v1_5` instead.
+
+        :Parameter ciphertext: The piece of data to decrypt with RSA. It may
+         not be numerically larger than the RSA module (**n**). If a tuple,
+         the first item is the actual ciphertext; the second item is ignored.
+
+        :Type ciphertext: byte string, long or a 2-item tuple as returned by
+         `encrypt`
+
+        :Return: A byte string if ciphertext was a byte string or a tuple
+         of byte strings. A long otherwise.
+        """
+        return pubkey.pubkey.decrypt(self, ciphertext)
+
+    def sign(self, M, K):
+        """Sign a piece of data with RSA.
+
+        Signing always takes place with blinding.
+
+        :attention: this function performs the plain, primitive RSA decryption
+         (*textbook*). In real applications, you always need to use proper
+         cryptographic padding, and you should not directly sign data with
+         this method. Failure to do so may lead to security vulnerabilities.
+         It is recommended to use modules
+         `Crypto.Signature.PKCS1_PSS` or `Crypto.Signature.PKCS1_v1_5` instead.
+
+        :Parameter M: The piece of data to sign with RSA. It may
+         not be numerically larger than the RSA module (**n**).
+        :Type M: byte string or long
+
+        :Parameter K: A random parameter (*for compatibility only. This
+         value will be ignored*)
+        :Type K: byte string or long
+
+        :Return: A 2-item tuple. The first item is the actual signature (a
+         long). The second item is always None.
+        """
+        return pubkey.pubkey.sign(self, M, K)
+
+    def verify(self, M, signature):
+        """Verify the validity of an RSA signature.
+
+        :attention: this function performs the plain, primitive RSA encryption
+         (*textbook*). In real applications, you always need to use proper
+         cryptographic padding, and you should not directly verify data with
+         this method. Failure to do so may lead to security vulnerabilities.
+         It is recommended to use modules
+         `Crypto.Signature.PKCS1_PSS` or `Crypto.Signature.PKCS1_v1_5` instead.
+ 
+        :Parameter M: The expected message.
+        :Type M: byte string or long
+
+        :Parameter signature: The RSA signature to verify. The first item of
+         the tuple is the actual signature (a long not larger than the modulus
+         **n**), whereas the second item is always ignored.
+        :Type signature: A 2-item tuple as return by `sign`
+
+        :Return: True if the signature is correct, False otherwise.
+        """
+        return pubkey.pubkey.verify(self, M, signature)
+
+    def _encrypt(self, c, K):
+        return (self.key._encrypt(c),)
+
+    def _decrypt(self, c):
+        #(ciphertext,) = c
+        (ciphertext,) = c[:1]  # HACK - We should use the previous line
+                               # instead, but this is more compatible and we're
+                               # going to replace the Crypto.PublicKey API soon
+                               # anyway.
+
+        # Blinded RSA decryption (to prevent timing attacks):
+        # Step 1: Generate random secret blinding factor r, such that 0 < r < n-1
+        r = getRandomRange(1, self.key.n-1, randfunc=self._randfunc)
+        # Step 2: Compute c' = c * r**e mod n
+        cp = self.key._blind(ciphertext, r)
+        # Step 3: Compute m' = c'**d mod n       (ordinary RSA decryption)
+        mp = self.key._decrypt(cp)
+        # Step 4: Compute m = m**(r-1) mod n
+        return self.key._unblind(mp, r)
+
+    def _blind(self, m, r):
+        return self.key._blind(m, r)
+
+    def _unblind(self, m, r):
+        return self.key._unblind(m, r)
+
+    def _sign(self, m, K=None):
+        return (self.key._sign(m),)
+
+    def _verify(self, m, sig):
+        #(s,) = sig
+        (s,) = sig[:1]  # HACK - We should use the previous line instead, but
+                        # this is more compatible and we're going to replace
+                        # the Crypto.PublicKey API soon anyway.
+        return self.key._verify(m, s)
+
+    def has_private(self):
+        return self.key.has_private()
+
+    def size(self):
+        return self.key.size()
+
+    def can_blind(self):
+        return True
+
+    def can_encrypt(self):
+        return True
+
+    def can_sign(self):
+        return True
+
+    def publickey(self):
+        return self.implementation.construct((self.key.n, self.key.e))
+
+    def __getstate__(self):
+        d = {}
+        for k in self.keydata:
+            try:
+                d[k] = getattr(self.key, k)
+            except AttributeError:
+                pass
+        return d
+
+    def __setstate__(self, d):
+        if not hasattr(self, 'implementation'):
+            self.implementation = RSAImplementation()
+        t = []
+        for k in self.keydata:
+            if not d.has_key(k):
+                break
+            t.append(d[k])
+        self.key = self.implementation._math.rsa_construct(*tuple(t))
+
+    def __repr__(self):
+        attrs = []
+        for k in self.keydata:
+            if k == 'n':
+                attrs.append("n(%d)" % (self.size()+1,))
+            elif hasattr(self.key, k):
+                attrs.append(k)
+        if self.has_private():
+            attrs.append("private")
+        # PY3K: This is meant to be text, do not change to bytes (data)
+        return "<%s @0x%x %s>" % (self.__class__.__name__, id(self), ",".join(attrs))
+
+    def exportKey(self, format='PEM', passphrase=None, pkcs=1):
+        """Export this RSA key.
+
+        :Parameter format: The format to use for wrapping the key.
+
+            - *'DER'*. Binary encoding, always unencrypted.
+            - *'PEM'*. Textual encoding, done according to `RFC1421`_/`RFC1423`_.
+              Unencrypted (default) or encrypted.
+            - *'OpenSSH'*. Textual encoding, done according to OpenSSH specification.
+              Only suitable for public keys (not private keys).
+        :Type format: string
+
+        :Parameter passphrase: In case of PEM, the pass phrase to derive the encryption key from.
+        :Type passphrase: string 
+
+        :Parameter pkcs: The PKCS standard to follow for assembling the key.
+         You have two choices:
+
+          - with **1**, the public key is embedded into an X.509 `SubjectPublicKeyInfo` DER SEQUENCE.
+            The private key is embedded into a `PKCS#1`_ `RSAPrivateKey` DER SEQUENCE.
+            This mode is the default.
+          - with **8**, the private key is embedded into a `PKCS#8`_ `PrivateKeyInfo` DER SEQUENCE.
+            This mode is not available for public keys.
+
+         PKCS standards are not relevant for the *OpenSSH* format.
+        :Type pkcs: integer
+
+        :Return: A byte string with the encoded public or private half.
+        :Raise ValueError:
+            When the format is unknown.
+
+        .. _RFC1421:    http://www.ietf.org/rfc/rfc1421.txt
+        .. _RFC1423:    http://www.ietf.org/rfc/rfc1423.txt
+        .. _`PKCS#1`:   http://www.ietf.org/rfc/rfc3447.txt
+        .. _`PKCS#8`:   http://www.ietf.org/rfc/rfc5208.txt
+        """
+        if passphrase is not None:
+            passphrase = tobytes(passphrase)
+        if format=='OpenSSH':
+               eb = long_to_bytes(self.e)
+               nb = long_to_bytes(self.n)
+               if bord(eb[0]) & 0x80: eb=bchr(0x00)+eb
+               if bord(nb[0]) & 0x80: nb=bchr(0x00)+nb
+               keyparts = [ 'ssh-rsa', eb, nb ]
+               keystring = ''.join([ struct.pack(">I",len(kp))+kp for kp in keyparts]) 
+               return 'ssh-rsa '+binascii.b2a_base64(keystring)[:-1]
+
+        # DER format is always used, even in case of PEM, which simply
+        # encodes it into BASE64.
+        der = DerSequence()
+        if self.has_private():
+                keyType= { 1: 'RSA PRIVATE', 8: 'PRIVATE' }[pkcs]
+                der[:] = [ 0, self.n, self.e, self.d, self.p, self.q,
+                           self.d % (self.p-1), self.d % (self.q-1),
+                           inverse(self.q, self.p) ]
+                if pkcs==8:
+                    derkey = der.encode()
+                    der = DerSequence([0])
+                    der.append(algorithmIdentifier)
+                    der.append(DerObject('OCTET STRING', derkey).encode())
+        else:
+                keyType = "PUBLIC"
+                der.append(algorithmIdentifier)
+                bitmap = DerObject('BIT STRING')
+                derPK = DerSequence( [ self.n, self.e ] )
+                bitmap.payload = bchr(0x00) + derPK.encode()
+                der.append(bitmap.encode())
+        if format=='DER':
+                return der.encode()
+        if format=='PEM':
+                pem = b("-----BEGIN " + keyType + " KEY-----\n")
+                objenc = None
+                if passphrase and keyType.endswith('PRIVATE'):
+                    # We only support 3DES for encryption
+                    import Crypto.Hash.MD5
+                    from Crypto.Cipher import DES3
+                    from Crypto.Protocol.KDF import PBKDF1
+                    salt = self._randfunc(8)
+                    key =  PBKDF1(passphrase, salt, 16, 1, Crypto.Hash.MD5)
+                    key += PBKDF1(key+passphrase, salt, 8, 1, Crypto.Hash.MD5)
+                    objenc = DES3.new(key, Crypto.Cipher.DES3.MODE_CBC, salt)
+                    pem += b('Proc-Type: 4,ENCRYPTED\n')
+                    pem += b('DEK-Info: DES-EDE3-CBC,') + binascii.b2a_hex(salt).upper() + b('\n\n')
+                
+                binaryKey = der.encode()
+                if objenc:
+                    # Add PKCS#7-like padding
+                    padding = objenc.block_size-len(binaryKey)%objenc.block_size
+                    binaryKey = objenc.encrypt(binaryKey+bchr(padding)*padding)
+
+                # Each BASE64 line can take up to 64 characters (=48 bytes of data)
+                chunks = [ binascii.b2a_base64(binaryKey[i:i+48]) for i in range(0, len(binaryKey), 48) ]
+                pem += b('').join(chunks)
+                pem += b("-----END " + keyType + " KEY-----")
+                return pem
+        return ValueError("Unknown key format '%s'. Cannot export the RSA key." % format)
+
+class RSAImplementation(object):
+    """
+    An RSA key factory.
+
+    This class is only internally used to implement the methods of the `Crypto.PublicKey.RSA` module.
+
+    :sort: __init__,generate,construct,importKey
+    :undocumented: _g*, _i*
+    """
+
+    def __init__(self, **kwargs):
+        """Create a new RSA key factory.
+
+        :Keywords:
+         use_fast_math : bool
+                                Specify which mathematic library to use:
+
+                                - *None* (default). Use fastest math available.
+                                - *True* . Use fast math.
+                                - *False* . Use slow math.
+         default_randfunc : callable
+                                Specify how to collect random data:
+
+                                - *None* (default). Use Random.new().read().
+                                - not *None* . Use the specified function directly.
+        :Raise RuntimeError:
+            When **use_fast_math** =True but fast math is not available.
+        """
+        use_fast_math = kwargs.get('use_fast_math', None)
+        if use_fast_math is None:   # Automatic
+            if _fastmath is not None:
+                self._math = _fastmath
+            else:
+                self._math = _slowmath
+
+        elif use_fast_math:     # Explicitly select fast math
+            if _fastmath is not None:
+                self._math = _fastmath
+            else:
+                raise RuntimeError("fast math module not available")
+
+        else:   # Explicitly select slow math
+            self._math = _slowmath
+
+        self.error = self._math.error
+
+        self._default_randfunc = kwargs.get('default_randfunc', None)
+        self._current_randfunc = None
+
+    def _get_randfunc(self, randfunc):
+        if randfunc is not None:
+            return randfunc
+        elif self._current_randfunc is None:
+            self._current_randfunc = Random.new().read
+        return self._current_randfunc
+
+    def generate(self, bits, randfunc=None, progress_func=None, e=65537):
+        """Randomly generate a fresh, new RSA key.
+
+        :Parameters:
+         bits : int
+                            Key length, or size (in bits) of the RSA modulus.
+                            It must be a multiple of 256, and no smaller than 1024.
+
+         randfunc : callable
+                            Random number generation function; it should accept
+                            a single integer N and return a string of random data
+                            N bytes long.
+                            If not specified, a new one will be instantiated
+                            from ``Crypto.Random``.
+
+         progress_func : callable
+                            Optional function that will be called with a short string
+                            containing the key parameter currently being generated;
+                            it's useful for interactive applications where a user is
+                            waiting for a key to be generated.
+
+         e : int
+                            Public RSA exponent. It must be an odd positive integer.
+                            It is typically a small number with very few ones in its
+                            binary representation.
+                            The default value 65537 (= ``0b10000000000000001`` ) is a safe
+                            choice: other common values are 5, 7, 17, and 257.
+
+        :attention: You should always use a cryptographically secure random number generator,
+            such as the one defined in the ``Crypto.Random`` module; **don't** just use the
+            current time and the ``random`` module.
+
+        :attention: Exponent 3 is also widely used, but it requires very special care when padding
+            the message.
+
+        :Return: An RSA key object (`_RSAobj`).
+
+        :Raise ValueError:
+            When **bits** is too little or not a multiple of 256, or when
+            **e** is not odd or smaller than 2.
+        """
+        if bits < 1024 or (bits & 0xff) != 0:
+            # pubkey.getStrongPrime doesn't like anything that's not a multiple of 256 and >= 1024
+            raise ValueError("RSA modulus length must be a multiple of 256 and >= 1024")
+        if e%2==0 or e<3:
+            raise ValueError("RSA public exponent must be a positive, odd integer larger than 2.")
+        rf = self._get_randfunc(randfunc)
+        obj = _RSA.generate_py(bits, rf, progress_func, e)    # TODO: Don't use legacy _RSA module
+        key = self._math.rsa_construct(obj.n, obj.e, obj.d, obj.p, obj.q, obj.u)
+        return _RSAobj(self, key)
+
+    def construct(self, tup):
+        """Construct an RSA key from a tuple of valid RSA components.
+
+        The modulus **n** must be the product of two primes.
+        The public exponent **e** must be odd and larger than 1.
+
+        In case of a private key, the following equations must apply:
+
+        - e != 1
+        - p*q = n
+        - e*d = 1 mod (p-1)(q-1)
+        - p*u = 1 mod q
+
+        :Parameters:
+         tup : tuple
+                    A tuple of long integers, with at least 2 and no
+                    more than 6 items. The items come in the following order:
+
+                    1. RSA modulus (n).
+                    2. Public exponent (e).
+                    3. Private exponent (d). Only required if the key is private.
+                    4. First factor of n (p). Optional.
+                    5. Second factor of n (q). Optional.
+                    6. CRT coefficient, (1/p) mod q (u). Optional.
+        
+        :Return: An RSA key object (`_RSAobj`).
+        """
+        key = self._math.rsa_construct(*tup)
+        return _RSAobj(self, key)
+
+    def _importKeyDER(self, externKey):
+        """Import an RSA key (public or private half), encoded in DER form."""
+
+        try:
+
+            der = DerSequence()
+            der.decode(externKey, True)
+
+            # Try PKCS#1 first, for a private key
+            if len(der)==9 and der.hasOnlyInts() and der[0]==0:
+                # ASN.1 RSAPrivateKey element
+                del der[6:]     # Remove d mod (p-1), d mod (q-1), and q^{-1} mod p
+                der.append(inverse(der[4],der[5])) # Add p^{-1} mod q
+                del der[0]      # Remove version
+                return self.construct(der[:])
+
+            # Keep on trying PKCS#1, but now for a public key
+            if len(der)==2:
+                # The DER object is an RSAPublicKey SEQUENCE with two elements
+                if der.hasOnlyInts():
+                    return self.construct(der[:])
+                # The DER object is a SubjectPublicKeyInfo SEQUENCE with two elements:
+                # an 'algorithm' (or 'algorithmIdentifier') SEQUENCE and a 'subjectPublicKey' BIT STRING.
+                # 'algorithm' takes the value given a few lines above.
+                # 'subjectPublicKey' encapsulates the actual ASN.1 RSAPublicKey element.
+                if der[0]==algorithmIdentifier:
+                        bitmap = DerObject()
+                        bitmap.decode(der[1], True)
+                        if bitmap.isType('BIT STRING') and bord(bitmap.payload[0])==0x00:
+                                der.decode(bitmap.payload[1:], True)
+                                if len(der)==2 and der.hasOnlyInts():
+                                        return self.construct(der[:])
+
+            # Try unencrypted PKCS#8
+            if der[0]==0:
+                # The second element in the SEQUENCE is algorithmIdentifier.
+                # It must say RSA (see above for description).
+                if der[1]==algorithmIdentifier:
+                    privateKey = DerObject()
+                    privateKey.decode(der[2], True)
+                    if privateKey.isType('OCTET STRING'):
+                        return self._importKeyDER(privateKey.payload)
+
+        except ValueError, IndexError:
+            pass
+
+        raise ValueError("RSA key format is not supported")
+
+    def importKey(self, externKey, passphrase=None):
+        """Import an RSA key (public or private half), encoded in standard form.
+
+        :Parameter externKey:
+            The RSA key to import, encoded as a string.
+
+            An RSA public key can be in any of the following formats:
+
+            - X.509 `subjectPublicKeyInfo` DER SEQUENCE (binary or PEM encoding)
+            - `PKCS#1`_ `RSAPublicKey` DER SEQUENCE (binary or PEM encoding)
+            - OpenSSH (textual public key only)
+
+            An RSA private key can be in any of the following formats:
+
+            - PKCS#1 `RSAPrivateKey` DER SEQUENCE (binary or PEM encoding)
+            - `PKCS#8`_ `PrivateKeyInfo` DER SEQUENCE (binary or PEM encoding)
+            - OpenSSH (textual public key only)
+
+            For details about the PEM encoding, see `RFC1421`_/`RFC1423`_.
+            
+            In case of PEM encoding, the private key can be encrypted with DES or 3TDES according to a certain ``pass phrase``.
+            Only OpenSSL-compatible pass phrases are supported.
+        :Type externKey: string
+
+        :Parameter passphrase:
+            In case of an encrypted PEM key, this is the pass phrase from which the encryption key is derived.
+        :Type passphrase: string
+        
+        :Return: An RSA key object (`_RSAobj`).
+
+        :Raise ValueError/IndexError/TypeError:
+            When the given key cannot be parsed (possibly because the pass phrase is wrong).
+
+        .. _RFC1421: http://www.ietf.org/rfc/rfc1421.txt
+        .. _RFC1423: http://www.ietf.org/rfc/rfc1423.txt
+        .. _`PKCS#1`: http://www.ietf.org/rfc/rfc3447.txt
+        .. _`PKCS#8`: http://www.ietf.org/rfc/rfc5208.txt
+        """
+        externKey = tobytes(externKey)
+        if passphrase is not None:
+            passphrase = tobytes(passphrase)
+
+        if externKey.startswith(b('-----')):
+                # This is probably a PEM encoded key
+                lines = externKey.replace(b(" "),b('')).split()
+                keyobj = None
+
+                # The encrypted PEM format
+                if lines[1].startswith(b('Proc-Type:4,ENCRYPTED')):
+                    DEK = lines[2].split(b(':'))
+                    if len(DEK)!=2 or DEK[0]!=b('DEK-Info') or not passphrase:
+                        raise ValueError("PEM encryption format not supported.")
+                    algo, salt = DEK[1].split(b(','))
+                    salt = binascii.a2b_hex(salt)
+                    import Crypto.Hash.MD5
+                    from Crypto.Cipher import DES, DES3
+                    from Crypto.Protocol.KDF import PBKDF1
+                    if algo==b("DES-CBC"):
+                        # This is EVP_BytesToKey in OpenSSL
+                        key = PBKDF1(passphrase, salt, 8, 1, Crypto.Hash.MD5)
+                        keyobj = DES.new(key, Crypto.Cipher.DES.MODE_CBC, salt)
+                    elif algo==b("DES-EDE3-CBC"):
+                        # Note that EVP_BytesToKey is note exactly the same as PBKDF1
+                        key =  PBKDF1(passphrase, salt, 16, 1, Crypto.Hash.MD5)
+                        key += PBKDF1(key+passphrase, salt, 8, 1, Crypto.Hash.MD5)
+                        keyobj = DES3.new(key, Crypto.Cipher.DES3.MODE_CBC, salt)
+                    else:
+                        raise ValueError("Unsupport PEM encryption algorithm.")
+                    lines = lines[2:]
+                
+                der = binascii.a2b_base64(b('').join(lines[1:-1]))
+                if keyobj:
+                    der = keyobj.decrypt(der)
+                    padding = bord(der[-1])
+                    der = der[:-padding]
+                return self._importKeyDER(der)
+
+        if externKey.startswith(b('ssh-rsa ')):
+                # This is probably an OpenSSH key
+                keystring = binascii.a2b_base64(externKey.split(b(' '))[1])
+                keyparts = []
+                while len(keystring)>4:
+                    l = struct.unpack(">I",keystring[:4])[0]
+                    keyparts.append(keystring[4:4+l])
+                    keystring = keystring[4+l:]
+                e = bytes_to_long(keyparts[1])
+                n = bytes_to_long(keyparts[2])
+                return self.construct([n, e])
+        if bord(externKey[0])==0x30:
+                # This is probably a DER encoded key
+                return self._importKeyDER(externKey)
+        
+        raise ValueError("RSA key format is not supported")
+
+#: This is the ASN.1 DER object that qualifies an algorithm as
+#: compliant to PKCS#1 (that is, the standard RSA).
+# It is found in all 'algorithm' fields (also called 'algorithmIdentifier').
+# It is a SEQUENCE with the oid assigned to RSA and with its parameters (none).
+#   0x06 0x09   OBJECT IDENTIFIER, 9 bytes of payload
+#     0x2A 0x86 0x48 0x86 0xF7 0x0D 0x01 0x01 0x01
+#               rsaEncryption (1 2 840 113549 1 1 1) (PKCS #1)
+#   0x05 0x00   NULL
+algorithmIdentifier = DerSequence(
+  [ b('\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01'),
+  DerNull().encode() ]
+  ).encode()
+ 
+_impl = RSAImplementation()
+#:
+#: Randomly generate a fresh, new RSA key object.
+#:
+#: See `RSAImplementation.generate`.
+#:
+generate = _impl.generate
+#:
+#: Construct an RSA key object from a tuple of valid RSA components.
+#:
+#: See `RSAImplementation.construct`.
+#:
+construct = _impl.construct
+#:
+#: Import an RSA key (public or private half), encoded in standard form.
+#:
+#: See `RSAImplementation.importKey`.
+#:
+importKey = _impl.importKey
+error = _impl.error
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
+
diff --git a/lib/Python/Lib/Crypto/PublicKey/_DSA.py b/lib/Python/Lib/Crypto/PublicKey/_DSA.py
new file mode 100644
index 000000000..6b7a96491
--- /dev/null
+++ b/lib/Python/Lib/Crypto/PublicKey/_DSA.py
@@ -0,0 +1,115 @@
+
+#
+#   DSA.py : Digital Signature Algorithm
+#
+#  Part of the Python Cryptography Toolkit
+#
+#  Written by Andrew Kuchling, Paul Swartz, and others
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+#
+
+__revision__ = "$Id$"
+
+from Crypto.PublicKey.pubkey import *
+from Crypto.Util import number
+from Crypto.Util.number import bytes_to_long, long_to_bytes
+from Crypto.Hash import SHA
+from Crypto.Util.py3compat import *
+
+class error (Exception):
+    pass
+
+def generateQ(randfunc):
+    S=randfunc(20)
+    hash1=SHA.new(S).digest()
+    hash2=SHA.new(long_to_bytes(bytes_to_long(S)+1)).digest()
+    q = bignum(0)
+    for i in range(0,20):
+        c=bord(hash1[i])^bord(hash2[i])
+        if i==0:
+            c=c | 128
+        if i==19:
+            c= c | 1
+        q=q*256+c
+    while (not isPrime(q)):
+        q=q+2
+    if pow(2,159L) < q < pow(2,160L):
+        return S, q
+    raise RuntimeError('Bad q value generated')
+
+def generate_py(bits, randfunc, progress_func=None):
+    """generate(bits:int, randfunc:callable, progress_func:callable)
+
+    Generate a DSA key of length 'bits', using 'randfunc' to get
+    random data and 'progress_func', if present, to display
+    the progress of the key generation.
+    """
+
+    if bits<160:
+        raise ValueError('Key length < 160 bits')
+    obj=DSAobj()
+    # Generate string S and prime q
+    if progress_func:
+        progress_func('p,q\n')
+    while (1):
+        S, obj.q = generateQ(randfunc)
+        n=divmod(bits-1, 160)[0]
+        C, N, V = 0, 2, {}
+        b=(obj.q >> 5) & 15
+        powb=pow(bignum(2), b)
+        powL1=pow(bignum(2), bits-1)
+        while C<4096:
+            for k in range(0, n+1):
+                V[k]=bytes_to_long(SHA.new(S+bstr(N)+bstr(k)).digest())
+            W=V[n] % powb
+            for k in range(n-1, -1, -1):
+                W=(W<<160L)+V[k]
+            X=W+powL1
+            p=X-(X%(2*obj.q)-1)
+            if powL1<=p and isPrime(p):
+                break
+            C, N = C+1, N+n+1
+        if C<4096:
+            break
+        if progress_func:
+            progress_func('4096 multiples failed\n')
+
+    obj.p = p
+    power=divmod(p-1, obj.q)[0]
+    if progress_func:
+        progress_func('h,g\n')
+    while (1):
+        h=bytes_to_long(randfunc(bits)) % (p-1)
+        g=pow(h, power, p)
+        if 1<h<p-1 and g>1:
+            break
+    obj.g=g
+    if progress_func:
+        progress_func('x,y\n')
+    while (1):
+        x=bytes_to_long(randfunc(20))
+        if 0 < x < obj.q:
+            break
+    obj.x, obj.y = x, pow(g, x, p)
+    return obj
+
+class DSAobj:
+    pass
+
diff --git a/lib/Python/Lib/Crypto/PublicKey/_RSA.py b/lib/Python/Lib/Crypto/PublicKey/_RSA.py
new file mode 100644
index 000000000..9366d19de
--- /dev/null
+++ b/lib/Python/Lib/Crypto/PublicKey/_RSA.py
@@ -0,0 +1,81 @@
+#
+#   RSA.py : RSA encryption/decryption
+#
+#  Part of the Python Cryptography Toolkit
+#
+#  Written by Andrew Kuchling, Paul Swartz, and others
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+#
+
+__revision__ = "$Id$"
+
+from Crypto.PublicKey import pubkey
+from Crypto.Util import number
+
+def generate_py(bits, randfunc, progress_func=None, e=65537):
+    """generate(bits:int, randfunc:callable, progress_func:callable, e:int)
+
+    Generate an RSA key of length 'bits', public exponent 'e'(which must be
+    odd), using 'randfunc' to get random data and 'progress_func',
+    if present, to display the progress of the key generation.
+    """
+    obj=RSAobj()
+    obj.e = long(e)
+
+    # Generate the prime factors of n
+    if progress_func:
+        progress_func('p,q\n')
+    p = q = 1L
+    while number.size(p*q) < bits:
+        # Note that q might be one bit longer than p if somebody specifies an odd
+        # number of bits for the key. (Why would anyone do that?  You don't get
+        # more security.)
+        p = pubkey.getStrongPrime(bits>>1, obj.e, 1e-12, randfunc)
+        q = pubkey.getStrongPrime(bits - (bits>>1), obj.e, 1e-12, randfunc)
+
+    # It's OK for p to be larger than q, but let's be
+    # kind to the function that will invert it for
+    # th calculation of u.
+    if p > q:
+        (p, q)=(q, p)
+    obj.p = p
+    obj.q = q
+
+    if progress_func:
+        progress_func('u\n')
+    obj.u = pubkey.inverse(obj.p, obj.q)
+    obj.n = obj.p*obj.q
+
+    if progress_func:
+        progress_func('d\n')
+    obj.d=pubkey.inverse(obj.e, (obj.p-1)*(obj.q-1))
+
+    assert bits <= 1+obj.size(), "Generated key is too small"
+
+    return obj
+
+class RSAobj(pubkey.pubkey):
+
+    def size(self):
+        """size() : int
+        Return the maximum number of bits that can be handled by this key.
+        """
+        return number.size(self.n) - 1
+
diff --git a/lib/Python/Lib/Crypto/PublicKey/__init__.py b/lib/Python/Lib/Crypto/PublicKey/__init__.py
new file mode 100644
index 000000000..503809fa7
--- /dev/null
+++ b/lib/Python/Lib/Crypto/PublicKey/__init__.py
@@ -0,0 +1,41 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Public-key encryption and signature algorithms.
+
+Public-key encryption uses two different keys, one for encryption and
+one for decryption.  The encryption key can be made public, and the
+decryption key is kept private.  Many public-key algorithms can also
+be used to sign messages, and some can *only* be used for signatures.
+
+========================  =============================================
+Module                    Description
+========================  =============================================
+Crypto.PublicKey.DSA      Digital Signature Algorithm (Signature only)
+Crypto.PublicKey.ElGamal  (Signing and encryption)
+Crypto.PublicKey.RSA      (Signing, encryption, and blinding)
+========================  =============================================
+
+:undocumented: _DSA, _RSA, _fastmath, _slowmath, pubkey
+"""
+
+__all__ = ['RSA', 'DSA', 'ElGamal']
+__revision__ = "$Id$"
+
diff --git a/lib/Python/Lib/Crypto/PublicKey/_slowmath.py b/lib/Python/Lib/Crypto/PublicKey/_slowmath.py
new file mode 100644
index 000000000..d926596e2
--- /dev/null
+++ b/lib/Python/Lib/Crypto/PublicKey/_slowmath.py
@@ -0,0 +1,187 @@
+# -*- coding: utf-8 -*-
+#
+#  PubKey/RSA/_slowmath.py : Pure Python implementation of the RSA portions of _fastmath
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Pure Python implementation of the RSA-related portions of Crypto.PublicKey._fastmath."""
+
+__revision__ = "$Id$"
+
+__all__ = ['rsa_construct']
+
+import sys
+
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+from Crypto.Util.number import size, inverse, GCD
+
+class error(Exception):
+    pass
+
+class _RSAKey(object):
+    def _blind(self, m, r):
+        # compute r**e * m (mod n)
+        return m * pow(r, self.e, self.n)
+
+    def _unblind(self, m, r):
+        # compute m / r (mod n)
+        return inverse(r, self.n) * m % self.n
+
+    def _decrypt(self, c):
+        # compute c**d (mod n)
+        if not self.has_private():
+            raise TypeError("No private key")
+        if (hasattr(self,'p') and hasattr(self,'q') and hasattr(self,'u')):
+            m1 = pow(c, self.d % (self.p-1), self.p)
+            m2 = pow(c, self.d % (self.q-1), self.q)
+            h = m2 - m1
+            if (h<0):
+                h = h + self.q
+            h = h*self.u % self.q
+            return h*self.p+m1
+        return pow(c, self.d, self.n)
+
+    def _encrypt(self, m):
+        # compute m**d (mod n)
+        return pow(m, self.e, self.n)
+
+    def _sign(self, m):   # alias for _decrypt
+        if not self.has_private():
+            raise TypeError("No private key")
+        return self._decrypt(m)
+
+    def _verify(self, m, sig):
+        return self._encrypt(sig) == m
+
+    def has_private(self):
+        return hasattr(self, 'd')
+
+    def size(self):
+        """Return the maximum number of bits that can be encrypted"""
+        return size(self.n) - 1
+
+def rsa_construct(n, e, d=None, p=None, q=None, u=None):
+    """Construct an RSAKey object"""
+    assert isinstance(n, long)
+    assert isinstance(e, long)
+    assert isinstance(d, (long, type(None)))
+    assert isinstance(p, (long, type(None)))
+    assert isinstance(q, (long, type(None)))
+    assert isinstance(u, (long, type(None)))
+    obj = _RSAKey()
+    obj.n = n
+    obj.e = e
+    if d is None:
+        return obj
+    obj.d = d
+    if p is not None and q is not None:
+        obj.p = p
+        obj.q = q
+    else:
+        # Compute factors p and q from the private exponent d.
+        # We assume that n has no more than two factors.
+        # See 8.2.2(i) in Handbook of Applied Cryptography.
+        ktot = d*e-1
+        # The quantity d*e-1 is a multiple of phi(n), even,
+        # and can be represented as t*2^s.
+        t = ktot
+        while t%2==0:
+            t=divmod(t,2)[0]
+        # Cycle through all multiplicative inverses in Zn.
+        # The algorithm is non-deterministic, but there is a 50% chance
+        # any candidate a leads to successful factoring.
+        # See "Digitalized Signatures and Public Key Functions as Intractable
+        # as Factorization", M. Rabin, 1979
+        spotted = 0
+        a = 2
+        while not spotted and a<100:
+            k = t
+            # Cycle through all values a^{t*2^i}=a^k
+            while k<ktot:
+                cand = pow(a,k,n)
+                # Check if a^k is a non-trivial root of unity (mod n)
+                if cand!=1 and cand!=(n-1) and pow(cand,2,n)==1:
+                    # We have found a number such that (cand-1)(cand+1)=0 (mod n).
+                    # Either of the terms divides n.
+                    obj.p = GCD(cand+1,n)
+                    spotted = 1
+                    break
+                k = k*2
+            # This value was not any good... let's try another!
+            a = a+2
+        if not spotted:
+            raise ValueError("Unable to compute factors p and q from exponent d.")
+        # Found !
+        assert ((n % obj.p)==0)
+        obj.q = divmod(n,obj.p)[0]
+    if u is not None:
+        obj.u = u
+    else:
+        obj.u = inverse(obj.p, obj.q)
+    return obj
+
+class _DSAKey(object):
+    def size(self):
+        """Return the maximum number of bits that can be encrypted"""
+        return size(self.p) - 1
+
+    def has_private(self):
+        return hasattr(self, 'x')
+
+    def _sign(self, m, k):   # alias for _decrypt
+        # SECURITY TODO - We _should_ be computing SHA1(m), but we don't because that's the API.
+        if not self.has_private():
+            raise TypeError("No private key")
+        if not (1L < k < self.q):
+            raise ValueError("k is not between 2 and q-1")
+        inv_k = inverse(k, self.q)   # Compute k**-1 mod q
+        r = pow(self.g, k, self.p) % self.q  # r = (g**k mod p) mod q
+        s = (inv_k * (m + self.x * r)) % self.q
+        return (r, s)
+
+    def _verify(self, m, r, s):
+        # SECURITY TODO - We _should_ be computing SHA1(m), but we don't because that's the API.
+        if not (0 < r < self.q) or not (0 < s < self.q):
+            return False
+        w = inverse(s, self.q)
+        u1 = (m*w) % self.q
+        u2 = (r*w) % self.q
+        v = (pow(self.g, u1, self.p) * pow(self.y, u2, self.p) % self.p) % self.q
+        return v == r
+
+def dsa_construct(y, g, p, q, x=None):
+    assert isinstance(y, long)
+    assert isinstance(g, long)
+    assert isinstance(p, long)
+    assert isinstance(q, long)
+    assert isinstance(x, (long, type(None)))
+    obj = _DSAKey()
+    obj.y = y
+    obj.g = g
+    obj.p = p
+    obj.q = q
+    if x is not None: obj.x = x
+    return obj
+
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
+
diff --git a/lib/Python/Lib/Crypto/PublicKey/pubkey.py b/lib/Python/Lib/Crypto/PublicKey/pubkey.py
new file mode 100644
index 000000000..e44de8fca
--- /dev/null
+++ b/lib/Python/Lib/Crypto/PublicKey/pubkey.py
@@ -0,0 +1,240 @@
+#
+#   pubkey.py : Internal functions for public key operations
+#
+#  Part of the Python Cryptography Toolkit
+#
+#  Written by Andrew Kuchling, Paul Swartz, and others
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+#
+
+__revision__ = "$Id$"
+
+import types, warnings
+from Crypto.Util.number import *
+
+# Basic public key class
+class pubkey:
+    """An abstract class for a public key object.
+
+    :undocumented: __getstate__, __setstate__, __eq__, __ne__, validate
+    """
+    def __init__(self):
+        pass
+
+    def __getstate__(self):
+        """To keep key objects platform-independent, the key data is
+        converted to standard Python long integers before being
+        written out.  It will then be reconverted as necessary on
+        restoration."""
+        d=self.__dict__
+        for key in self.keydata:
+            if d.has_key(key): d[key]=long(d[key])
+        return d
+
+    def __setstate__(self, d):
+        """On unpickling a key object, the key data is converted to the big
+number representation being used, whether that is Python long
+integers, MPZ objects, or whatever."""
+        for key in self.keydata:
+            if d.has_key(key): self.__dict__[key]=bignum(d[key])
+
+    def encrypt(self, plaintext, K):
+        """Encrypt a piece of data.
+
+        :Parameter plaintext: The piece of data to encrypt.
+        :Type plaintext: byte string or long
+
+        :Parameter K: A random parameter required by some algorithms
+        :Type K: byte string or long
+
+        :Return: A tuple with two items. Each item is of the same type as the
+         plaintext (string or long).
+        """
+        wasString=0
+        if isinstance(plaintext, types.StringType):
+            plaintext=bytes_to_long(plaintext) ; wasString=1
+        if isinstance(K, types.StringType):
+            K=bytes_to_long(K)
+        ciphertext=self._encrypt(plaintext, K)
+        if wasString: return tuple(map(long_to_bytes, ciphertext))
+        else: return ciphertext
+
+    def decrypt(self, ciphertext):
+        """Decrypt a piece of data. 
+
+        :Parameter ciphertext: The piece of data to decrypt.
+        :Type ciphertext: byte string, long or a 2-item tuple as returned by `encrypt`
+
+        :Return: A byte string if ciphertext was a byte string or a tuple
+         of byte strings. A long otherwise.
+        """
+        wasString=0
+        if not isinstance(ciphertext, types.TupleType):
+            ciphertext=(ciphertext,)
+        if isinstance(ciphertext[0], types.StringType):
+            ciphertext=tuple(map(bytes_to_long, ciphertext)) ; wasString=1
+        plaintext=self._decrypt(ciphertext)
+        if wasString: return long_to_bytes(plaintext)
+        else: return plaintext
+
+    def sign(self, M, K):
+        """Sign a piece of data.
+
+        :Parameter M: The piece of data to encrypt.
+        :Type M: byte string or long
+
+        :Parameter K: A random parameter required by some algorithms
+        :Type K: byte string or long
+
+        :Return: A tuple with two items.
+        """
+        if (not self.has_private()):
+            raise TypeError('Private key not available in this object')
+        if isinstance(M, types.StringType): M=bytes_to_long(M)
+        if isinstance(K, types.StringType): K=bytes_to_long(K)
+        return self._sign(M, K)
+
+    def verify (self, M, signature):
+        """Verify the validity of a signature.
+
+        :Parameter M: The expected message.
+        :Type M: byte string or long
+
+        :Parameter signature: The signature to verify.
+        :Type signature: tuple with two items, as return by `sign`
+
+        :Return: True if the signature is correct, False otherwise.
+        """
+        if isinstance(M, types.StringType): M=bytes_to_long(M)
+        return self._verify(M, signature)
+
+    # alias to compensate for the old validate() name
+    def validate (self, M, signature):
+        warnings.warn("validate() method name is obsolete; use verify()",
+                      DeprecationWarning)
+
+    def blind(self, M, B):
+        """Blind a message to prevent certain side-channel attacks.
+       
+        :Parameter M: The message to blind.
+        :Type M: byte string or long
+
+        :Parameter B: Blinding factor.
+        :Type B: byte string or long
+
+        :Return: A byte string if M was so. A long otherwise.
+        """
+        wasString=0
+        if isinstance(M, types.StringType):
+            M=bytes_to_long(M) ; wasString=1
+        if isinstance(B, types.StringType): B=bytes_to_long(B)
+        blindedmessage=self._blind(M, B)
+        if wasString: return long_to_bytes(blindedmessage)
+        else: return blindedmessage
+
+    def unblind(self, M, B):
+        """Unblind a message after cryptographic processing.
+        
+        :Parameter M: The encoded message to unblind.
+        :Type M: byte string or long
+
+        :Parameter B: Blinding factor.
+        :Type B: byte string or long
+        """
+        wasString=0
+        if isinstance(M, types.StringType):
+            M=bytes_to_long(M) ; wasString=1
+        if isinstance(B, types.StringType): B=bytes_to_long(B)
+        unblindedmessage=self._unblind(M, B)
+        if wasString: return long_to_bytes(unblindedmessage)
+        else: return unblindedmessage
+
+
+    # The following methods will usually be left alone, except for
+    # signature-only algorithms.  They both return Boolean values
+    # recording whether this key's algorithm can sign and encrypt.
+    def can_sign (self):
+        """Tell if the algorithm can deal with cryptographic signatures.
+
+        This property concerns the *algorithm*, not the key itself.
+        It may happen that this particular key object hasn't got
+        the private information required to generate a signature.
+
+        :Return: boolean
+        """
+        return 1
+
+    def can_encrypt (self):
+        """Tell if the algorithm can deal with data encryption.
+       
+        This property concerns the *algorithm*, not the key itself.
+        It may happen that this particular key object hasn't got
+        the private information required to decrypt data.
+
+        :Return: boolean
+        """
+        return 1
+
+    def can_blind (self):
+        """Tell if the algorithm can deal with data blinding.
+       
+        This property concerns the *algorithm*, not the key itself.
+        It may happen that this particular key object hasn't got
+        the private information required carry out blinding.
+
+        :Return: boolean
+        """
+        return 0
+
+    # The following methods will certainly be overridden by
+    # subclasses.
+
+    def size (self):
+        """Tell the maximum number of bits that can be handled by this key.
+
+        :Return: int
+        """
+        return 0
+
+    def has_private (self):
+        """Tell if the key object contains private components.
+
+        :Return: bool
+        """
+        return 0
+
+    def publickey (self):
+        """Construct a new key carrying only the public information.
+
+        :Return: A new `pubkey` object.
+        """
+        return self
+
+    def __eq__ (self, other):
+        """__eq__(other): 0, 1
+        Compare us to other for equality.
+        """
+        return self.__getstate__() == other.__getstate__()
+
+    def __ne__ (self, other):
+        """__ne__(other): 0, 1
+        Compare us to other for inequality.
+        """
+        return not self.__eq__(other)
diff --git a/lib/Python/Lib/Crypto/Random/Fortuna/FortunaAccumulator.py b/lib/Python/Lib/Crypto/Random/Fortuna/FortunaAccumulator.py
new file mode 100644
index 000000000..6ffbdc5a2
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Random/Fortuna/FortunaAccumulator.py
@@ -0,0 +1,171 @@
+# -*- coding: ascii -*-
+#
+#  FortunaAccumulator.py : Fortuna's internal accumulator
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+__revision__ = "$Id$"
+
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+from Crypto.Util.py3compat import *
+    
+from binascii import b2a_hex
+import time
+import warnings
+
+from Crypto.pct_warnings import ClockRewindWarning
+import SHAd256
+
+import FortunaGenerator
+
+class FortunaPool(object):
+    """Fortuna pool type
+
+    This object acts like a hash object, with the following differences:
+
+        - It keeps a count (the .length attribute) of the number of bytes that
+          have been added to the pool
+        - It supports a .reset() method for in-place reinitialization
+        - The method to add bytes to the pool is .append(), not .update().
+    """
+
+    digest_size = SHAd256.digest_size
+
+    def __init__(self):
+        self.reset()
+
+    def append(self, data):
+        self._h.update(data)
+        self.length += len(data)
+
+    def digest(self):
+        return self._h.digest()
+
+    def hexdigest(self):
+        if sys.version_info[0] == 2:
+            return b2a_hex(self.digest())
+        else:
+            return b2a_hex(self.digest()).decode()
+
+    def reset(self):
+        self._h = SHAd256.new()
+        self.length = 0
+
+def which_pools(r):
+    """Return a list of pools indexes (in range(32)) that are to be included during reseed number r.
+
+    According to _Practical Cryptography_, chapter 10.5.2 "Pools":
+
+        "Pool P_i is included if 2**i is a divisor of r.  Thus P_0 is used
+        every reseed, P_1 every other reseed, P_2 every fourth reseed, etc."
+    """
+    # This is a separate function so that it can be unit-tested.
+    assert r >= 1
+    retval = []
+    mask = 0
+    for i in range(32):
+        # "Pool P_i is included if 2**i is a divisor of [reseed_count]"
+        if (r & mask) == 0:
+            retval.append(i)
+        else:
+            break   # optimization.  once this fails, it always fails
+        mask = (mask << 1) | 1L
+    return retval
+
+class FortunaAccumulator(object):
+
+    # An estimate of how many bytes we must append to pool 0 before it will
+    # contain 128 bits of entropy (with respect to an attack).  We reseed the
+    # generator only after pool 0 contains `min_pool_size` bytes.  Note that
+    # unlike with some other PRNGs, Fortuna's security does not rely on the
+    # accuracy of this estimate---we can accord to be optimistic here.
+    min_pool_size = 64  # size in bytes
+
+    # If an attacker can predict some (but not all) of our entropy sources, the
+    # `min_pool_size` check may not be sufficient to prevent a successful state
+    # compromise extension attack.  To resist this attack, Fortuna spreads the
+    # input across 32 pools, which are then consumed (to reseed the output
+    # generator) with exponentially decreasing frequency.
+    #
+    # In order to prevent an attacker from gaining knowledge of all 32 pools
+    # before we have a chance to fill them with enough information that the
+    # attacker cannot predict, we impose a rate limit of 10 reseeds/second (one
+    # per 100 ms).  This ensures that a hypothetical 33rd pool would only be
+    # needed after a minimum of 13 years of sustained attack.
+    reseed_interval = 0.100     # time in seconds
+
+    def __init__(self):
+        self.reseed_count = 0
+        self.generator = FortunaGenerator.AESGenerator()
+        self.last_reseed = None
+
+        # Initialize 32 FortunaPool instances.
+        # NB: This is _not_ equivalent to [FortunaPool()]*32, which would give
+        # us 32 references to the _same_ FortunaPool instance (and cause the
+        # assertion below to fail).
+        self.pools = [FortunaPool() for i in range(32)]     # 32 pools
+        assert(self.pools[0] is not self.pools[1])
+
+    def _forget_last_reseed(self):
+        # This is not part of the standard Fortuna definition, and using this
+        # function frequently can weaken Fortuna's ability to resist a state
+        # compromise extension attack, but we need this in order to properly
+        # implement Crypto.Random.atfork().  Otherwise, forked child processes
+        # might continue to use their parent's PRNG state for up to 100ms in
+        # some cases. (e.g. CVE-2013-1445)
+        self.last_reseed = None
+
+    def random_data(self, bytes):
+        current_time = time.time()
+        if (self.last_reseed is not None and self.last_reseed > current_time): # Avoid float comparison to None to make Py3k happy
+            warnings.warn("Clock rewind detected. Resetting last_reseed.", ClockRewindWarning)
+            self.last_reseed = None
+        if (self.pools[0].length >= self.min_pool_size and
+            (self.last_reseed is None or
+             current_time > self.last_reseed + self.reseed_interval)):
+            self._reseed(current_time)
+        # The following should fail if we haven't seeded the pool yet.
+        return self.generator.pseudo_random_data(bytes)
+
+    def _reseed(self, current_time=None):
+        if current_time is None:
+            current_time = time.time()
+        seed = []
+        self.reseed_count += 1
+        self.last_reseed = current_time
+        for i in which_pools(self.reseed_count):
+            seed.append(self.pools[i].digest())
+            self.pools[i].reset()
+
+        seed = b("").join(seed)
+        self.generator.reseed(seed)
+
+    def add_random_event(self, source_number, pool_number, data):
+        assert 1 <= len(data) <= 32
+        assert 0 <= source_number <= 255
+        assert 0 <= pool_number <= 31
+        self.pools[pool_number].append(bchr(source_number))
+        self.pools[pool_number].append(bchr(len(data)))
+        self.pools[pool_number].append(data)
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/Random/Fortuna/FortunaGenerator.py b/lib/Python/Lib/Crypto/Random/Fortuna/FortunaGenerator.py
new file mode 100644
index 000000000..723fa6306
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Random/Fortuna/FortunaGenerator.py
@@ -0,0 +1,132 @@
+# -*- coding: ascii -*-
+#
+#  FortunaGenerator.py : Fortuna's internal PRNG
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+__revision__ = "$Id$"
+
+import sys
+if sys.version_info[0] is 2 and  sys.version_info[1] is 1:
+    from Crypto.Util.py21compat import *
+from Crypto.Util.py3compat import *
+
+import struct
+
+from Crypto.Util.number import ceil_shift, exact_log2, exact_div
+from Crypto.Util import Counter
+from Crypto.Cipher import AES
+
+import SHAd256
+
+class AESGenerator(object):
+    """The Fortuna "generator"
+
+    This is used internally by the Fortuna PRNG to generate arbitrary amounts
+    of pseudorandom data from a smaller amount of seed data.
+
+    The output is generated by running AES-256 in counter mode and re-keying
+    after every mebibyte (2**16 blocks) of output.
+    """
+
+    block_size = AES.block_size     # output block size in octets (128 bits)
+    key_size = 32                   # key size in octets (256 bits)
+
+    # Because of the birthday paradox, we expect to find approximately one
+    # collision for every 2**64 blocks of output from a real random source.
+    # However, this code generates pseudorandom data by running AES in
+    # counter mode, so there will be no collisions until the counter
+    # (theoretically) wraps around at 2**128 blocks.  Thus, in order to prevent
+    # Fortuna's pseudorandom output from deviating perceptibly from a true
+    # random source, Ferguson and Schneier specify a limit of 2**16 blocks
+    # without rekeying.
+    max_blocks_per_request = 2**16  # Allow no more than this number of blocks per _pseudo_random_data request
+
+    _four_kiblocks_of_zeros = b("\0") * block_size * 4096
+
+    def __init__(self):
+        self.counter = Counter.new(nbits=self.block_size*8, initial_value=0, little_endian=True)
+        self.key = None
+
+        # Set some helper constants
+        self.block_size_shift = exact_log2(self.block_size)
+        assert (1 << self.block_size_shift) == self.block_size
+
+        self.blocks_per_key = exact_div(self.key_size, self.block_size)
+        assert self.key_size == self.blocks_per_key * self.block_size
+
+        self.max_bytes_per_request = self.max_blocks_per_request * self.block_size
+
+    def reseed(self, seed):
+        if self.key is None:
+            self.key = b("\0") * self.key_size
+
+        self._set_key(SHAd256.new(self.key + seed).digest())
+        self.counter()  # increment counter
+        assert len(self.key) == self.key_size
+
+    def pseudo_random_data(self, bytes):
+        assert bytes >= 0
+
+        num_full_blocks = bytes >> 20
+        remainder = bytes & ((1<<20)-1)
+
+        retval = []
+        for i in xrange(num_full_blocks):
+            retval.append(self._pseudo_random_data(1<<20))
+        retval.append(self._pseudo_random_data(remainder))
+        
+        return b("").join(retval)  
+
+    def _set_key(self, key):
+        self.key = key
+        self._cipher = AES.new(key, AES.MODE_CTR, counter=self.counter)
+
+    def _pseudo_random_data(self, bytes):
+        if not (0 <= bytes <= self.max_bytes_per_request):
+            raise AssertionError("You cannot ask for more than 1 MiB of data per request")
+
+        num_blocks = ceil_shift(bytes, self.block_size_shift)   # num_blocks = ceil(bytes / self.block_size)
+
+        # Compute the output
+        retval = self._generate_blocks(num_blocks)[:bytes]
+
+        # Switch to a new key to avoid later compromises of this output (i.e.
+        # state compromise extension attacks)
+        self._set_key(self._generate_blocks(self.blocks_per_key))
+
+        assert len(retval) == bytes
+        assert len(self.key) == self.key_size
+
+        return retval
+
+    def _generate_blocks(self, num_blocks):
+        if self.key is None:
+            raise AssertionError("generator must be seeded before use")
+        assert 0 <= num_blocks <= self.max_blocks_per_request
+        retval = []
+        for i in xrange(num_blocks >> 12):      # xrange(num_blocks / 4096)
+            retval.append(self._cipher.encrypt(self._four_kiblocks_of_zeros))
+        remaining_bytes = (num_blocks & 4095) << self.block_size_shift  # (num_blocks % 4095) * self.block_size
+        retval.append(self._cipher.encrypt(self._four_kiblocks_of_zeros[:remaining_bytes]))
+        return b("").join(retval)
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/Random/Fortuna/SHAd256.py b/lib/Python/Lib/Crypto/Random/Fortuna/SHAd256.py
new file mode 100644
index 000000000..2e135c9a8
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Random/Fortuna/SHAd256.py
@@ -0,0 +1,98 @@
+# -*- coding: ascii -*-
+#
+#  Random/Fortuna/SHAd256.py : SHA_d-256 hash function implementation
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""\
+SHA_d-256 hash function implementation.
+
+This module should comply with PEP 247.
+"""
+
+__revision__ = "$Id$"
+__all__ = ['new', 'digest_size']
+
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+from Crypto.Util.py3compat import *
+
+from binascii import b2a_hex
+
+from Crypto.Hash import SHA256
+
+assert SHA256.digest_size == 32
+
+class _SHAd256(object):
+    """SHA-256, doubled.
+
+    Returns SHA-256(SHA-256(data)).
+    """
+
+    digest_size = SHA256.digest_size
+
+    _internal = object()
+
+    def __init__(self, internal_api_check, sha256_hash_obj):
+        if internal_api_check is not self._internal:
+            raise AssertionError("Do not instantiate this class directly.  Use %s.new()" % (__name__,))
+        self._h = sha256_hash_obj
+
+    # PEP 247 "copy" method
+    def copy(self):
+        """Return a copy of this hashing object"""
+        return _SHAd256(SHAd256._internal, self._h.copy())
+
+    # PEP 247 "digest" method
+    def digest(self):
+        """Return the hash value of this object as a binary string"""
+        retval = SHA256.new(self._h.digest()).digest()
+        assert len(retval) == 32
+        return retval
+
+    # PEP 247 "hexdigest" method
+    def hexdigest(self):
+        """Return the hash value of this object as a (lowercase) hexadecimal string"""
+        retval = b2a_hex(self.digest())
+        assert len(retval) == 64
+        if sys.version_info[0] == 2:
+            return retval
+        else:
+            return retval.decode()
+
+    # PEP 247 "update" method
+    def update(self, data):
+        self._h.update(data)
+
+# PEP 247 module-level "digest_size" variable
+digest_size = _SHAd256.digest_size
+
+# PEP 247 module-level "new" function
+def new(data=None):
+    """Return a new SHAd256 hashing object"""
+    if not data:
+        data=b("")
+    sha = _SHAd256(_SHAd256._internal, SHA256.new(data))
+    sha.new = globals()['new']
+    return sha
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/Random/Fortuna/__init__.py b/lib/Python/Lib/Crypto/Random/Fortuna/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Random/Fortuna/__init__.py
diff --git a/lib/Python/Lib/Crypto/Random/OSRNG/__init__.py b/lib/Python/Lib/Crypto/Random/OSRNG/__init__.py
new file mode 100644
index 000000000..2fbbecbfd
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Random/OSRNG/__init__.py
@@ -0,0 +1,40 @@
+#
+#  Random/OSRNG/__init__.py : Platform-independent OS RNG API
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Provides a platform-independent interface to the random number generators
+supplied by various operating systems."""
+
+__revision__ = "$Id$"
+
+import os
+
+if os.name == 'posix':
+    from Crypto.Random.OSRNG.posix import new
+elif os.name == 'nt':
+    from Crypto.Random.OSRNG.nt import new
+elif hasattr(os, 'urandom'):
+    from Crypto.Random.OSRNG.fallback import new
+else:
+    raise ImportError("Not implemented")
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/Random/OSRNG/fallback.py b/lib/Python/Lib/Crypto/Random/OSRNG/fallback.py
new file mode 100644
index 000000000..5bb612607
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Random/OSRNG/fallback.py
@@ -0,0 +1,46 @@
+#
+#  Random/OSRNG/fallback.py : Fallback entropy source for systems with os.urandom
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+
+__revision__ = "$Id$"
+__all__ = ['PythonOSURandomRNG']
+
+import os
+
+from rng_base import BaseRNG
+
+class PythonOSURandomRNG(BaseRNG):
+
+    name = "<os.urandom>"
+
+    def __init__(self):
+        self._read = os.urandom
+        BaseRNG.__init__(self)
+
+    def _close(self):
+        self._read = None
+
+def new(*args, **kwargs):
+    return PythonOSURandomRNG(*args, **kwargs)
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/Random/OSRNG/nt.py b/lib/Python/Lib/Crypto/Random/OSRNG/nt.py
new file mode 100644
index 000000000..c1c2f44e6
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Random/OSRNG/nt.py
@@ -0,0 +1,74 @@
+#
+#  Random/OSRNG/nt.py : OS entropy source for MS Windows
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+
+__revision__ = "$Id$"
+__all__ = ['WindowsRNG']
+
+import winrandom
+from rng_base import BaseRNG
+
+class WindowsRNG(BaseRNG):
+
+    name = "<CryptGenRandom>"
+
+    def __init__(self):
+        self.__winrand = winrandom.new()
+        BaseRNG.__init__(self)
+
+    def flush(self):
+        """Work around weakness in Windows RNG.
+
+        The CryptGenRandom mechanism in some versions of Windows allows an
+        attacker to learn 128 KiB of past and future output.  As a workaround,
+        this function reads 128 KiB of 'random' data from Windows and discards
+        it.
+
+        For more information about the weaknesses in CryptGenRandom, see
+        _Cryptanalysis of the Random Number Generator of the Windows Operating
+        System_, by Leo Dorrendorf and Zvi Gutterman and Benny Pinkas
+        http://eprint.iacr.org/2007/419
+        """
+        if self.closed:
+            raise ValueError("I/O operation on closed file")
+        data = self.__winrand.get_bytes(128*1024)
+        assert (len(data) == 128*1024)
+        BaseRNG.flush(self)
+
+    def _close(self):
+        self.__winrand = None
+
+    def _read(self, N):
+        # Unfortunately, research shows that CryptGenRandom doesn't provide
+        # forward secrecy and fails the next-bit test unless we apply a
+        # workaround, which we do here.  See http://eprint.iacr.org/2007/419
+        # for information on the vulnerability.
+        self.flush()
+        data = self.__winrand.get_bytes(N)
+        self.flush()
+        return data
+
+def new(*args, **kwargs):
+    return WindowsRNG(*args, **kwargs)
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/Random/OSRNG/posix.py b/lib/Python/Lib/Crypto/Random/OSRNG/posix.py
new file mode 100644
index 000000000..ca6ac0509
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Random/OSRNG/posix.py
@@ -0,0 +1,86 @@
+#
+#  Random/OSRNG/posix.py : OS entropy source for POSIX systems
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+
+__revision__ = "$Id$"
+__all__ = ['DevURandomRNG']
+
+import errno
+import os
+import stat
+
+from rng_base import BaseRNG
+from Crypto.Util.py3compat import b
+
+class DevURandomRNG(BaseRNG):
+
+    def __init__(self, devname=None):
+        if devname is None:
+            self.name = "/dev/urandom"
+        else:
+            self.name = devname
+
+        # Test that /dev/urandom is a character special device
+        f = open(self.name, "rb", 0)
+        fmode = os.fstat(f.fileno())[stat.ST_MODE]
+        if not stat.S_ISCHR(fmode):
+            f.close()
+            raise TypeError("%r is not a character special device" % (self.name,))
+
+        self.__file = f
+
+        BaseRNG.__init__(self)
+
+    def _close(self):
+        self.__file.close()
+
+    def _read(self, N):
+        # Starting with Python 3 open with buffering=0 returns a FileIO object.
+        # FileIO.read behaves like read(2) and not like fread(3) and thus we
+        # have to handle the case that read returns less data as requested here
+        # more carefully.
+        data = b("")
+        while len(data) < N:
+            try:
+                d = self.__file.read(N - len(data))
+            except IOError, e:
+                # read(2) has been interrupted by a signal; redo the read
+                if e.errno == errno.EINTR:
+                    continue
+                raise
+
+            if d is None:
+                # __file is in non-blocking mode and no data is available
+                return data
+            if len(d) == 0:
+                # __file is in blocking mode and arrived at EOF
+                return data
+
+            data += d
+        return data
+
+def new(*args, **kwargs):
+    return DevURandomRNG(*args, **kwargs)
+
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/Random/OSRNG/rng_base.py b/lib/Python/Lib/Crypto/Random/OSRNG/rng_base.py
new file mode 100644
index 000000000..54c3aa0d9
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Random/OSRNG/rng_base.py
@@ -0,0 +1,88 @@
+#
+#  Random/OSRNG/rng_base.py : Base class for OSRNG
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+__revision__ = "$Id$"
+
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+
+class BaseRNG(object):
+
+    def __init__(self):
+        self.closed = False
+        self._selftest()
+
+    def __del__(self):
+        self.close()
+
+    def _selftest(self):
+        # Test that urandom can return data
+        data = self.read(16)
+        if len(data) != 16:
+            raise AssertionError("read truncated")
+
+        # Test that we get different data every time (if we don't, the RNG is
+        # probably malfunctioning)
+        data2 = self.read(16)
+        if data == data2:
+            raise AssertionError("OS RNG returned duplicate data")
+
+    # PEP 343: Support for the "with" statement
+    def __enter__(self):
+        pass
+    def __exit__(self):
+        """PEP 343 support"""
+        self.close()
+
+    def close(self):
+        if not self.closed:
+            self._close()
+        self.closed = True
+
+    def flush(self):
+        pass
+
+    def read(self, N=-1):
+        """Return N bytes from the RNG."""
+        if self.closed:
+            raise ValueError("I/O operation on closed file")
+        if not isinstance(N, (long, int)):
+            raise TypeError("an integer is required")
+        if N < 0:
+            raise ValueError("cannot read to end of infinite stream")
+        elif N == 0:
+            return ""
+        data = self._read(N)
+        if len(data) != N:
+            raise AssertionError("%s produced truncated output (requested %d, got %d)" % (self.name, N, len(data)))
+        return data
+
+    def _close(self):
+        raise NotImplementedError("child class must implement this")
+
+    def _read(self, N):
+        raise NotImplementedError("child class must implement this")
+
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/Random/_UserFriendlyRNG.py b/lib/Python/Lib/Crypto/Random/_UserFriendlyRNG.py
new file mode 100644
index 000000000..957e006f4
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Random/_UserFriendlyRNG.py
@@ -0,0 +1,230 @@
+# -*- coding: utf-8 -*-
+#
+#  Random/_UserFriendlyRNG.py : A user-friendly random number generator
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+__revision__ = "$Id$"
+
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+
+import os
+import threading
+import struct
+import time
+from math import floor
+
+from Crypto.Random import OSRNG
+from Crypto.Random.Fortuna import FortunaAccumulator
+
+class _EntropySource(object):
+    def __init__(self, accumulator, src_num):
+        self._fortuna = accumulator
+        self._src_num = src_num
+        self._pool_num = 0
+
+    def feed(self, data):
+        self._fortuna.add_random_event(self._src_num, self._pool_num, data)
+        self._pool_num = (self._pool_num + 1) & 31
+
+class _EntropyCollector(object):
+
+    def __init__(self, accumulator):
+        self._osrng = OSRNG.new()
+        self._osrng_es = _EntropySource(accumulator, 255)
+        self._time_es = _EntropySource(accumulator, 254)
+        self._clock_es = _EntropySource(accumulator, 253)
+
+    def reinit(self):
+        # Add 256 bits to each of the 32 pools, twice.  (For a total of 16384
+        # bits collected from the operating system.)
+        for i in range(2):
+            block = self._osrng.read(32*32)
+            for p in range(32):
+                self._osrng_es.feed(block[p*32:(p+1)*32])
+            block = None
+        self._osrng.flush()
+
+    def collect(self):
+        # Collect 64 bits of entropy from the operating system and feed it to Fortuna.
+        self._osrng_es.feed(self._osrng.read(8))
+
+        # Add the fractional part of time.time()
+        t = time.time()
+        self._time_es.feed(struct.pack("@I", int(2**30 * (t - floor(t)))))
+
+        # Add the fractional part of time.clock()
+        t = time.clock()
+        self._clock_es.feed(struct.pack("@I", int(2**30 * (t - floor(t)))))
+
+
+class _UserFriendlyRNG(object):
+
+    def __init__(self):
+        self.closed = False
+        self._fa = FortunaAccumulator.FortunaAccumulator()
+        self._ec = _EntropyCollector(self._fa)
+        self.reinit()
+
+    def reinit(self):
+        """Initialize the random number generator and seed it with entropy from
+        the operating system.
+        """
+
+        # Save the pid (helps ensure that Crypto.Random.atfork() gets called)
+        self._pid = os.getpid()
+
+        # Collect entropy from the operating system and feed it to
+        # FortunaAccumulator
+        self._ec.reinit()
+
+        # Override FortunaAccumulator's 100ms minimum re-seed interval.  This
+        # is necessary to avoid a race condition between this function and
+        # self.read(), which that can otherwise cause forked child processes to
+        # produce identical output.  (e.g. CVE-2013-1445)
+        #
+        # Note that if this function can be called frequently by an attacker,
+        # (and if the bits from OSRNG are insufficiently random) it will weaken
+        # Fortuna's ability to resist a state compromise extension attack.
+        self._fa._forget_last_reseed()
+
+    def close(self):
+        self.closed = True
+        self._osrng = None
+        self._fa = None
+
+    def flush(self):
+        pass
+
+    def read(self, N):
+        """Return N bytes from the RNG."""
+        if self.closed:
+            raise ValueError("I/O operation on closed file")
+        if not isinstance(N, (long, int)):
+            raise TypeError("an integer is required")
+        if N < 0:
+            raise ValueError("cannot read to end of infinite stream")
+
+        # Collect some entropy and feed it to Fortuna
+        self._ec.collect()
+
+        # Ask Fortuna to generate some bytes
+        retval = self._fa.random_data(N)
+
+        # Check that we haven't forked in the meantime.  (If we have, we don't
+        # want to use the data, because it might have been duplicated in the
+        # parent process.
+        self._check_pid()
+
+        # Return the random data.
+        return retval
+
+    def _check_pid(self):
+        # Lame fork detection to remind developers to invoke Random.atfork()
+        # after every call to os.fork().  Note that this check is not reliable,
+        # since process IDs can be reused on most operating systems.
+        #
+        # You need to do Random.atfork() in the child process after every call
+        # to os.fork() to avoid reusing PRNG state.  If you want to avoid
+        # leaking PRNG state to child processes (for example, if you are using
+        # os.setuid()) then you should also invoke Random.atfork() in the
+        # *parent* process.
+        if os.getpid() != self._pid:
+            raise AssertionError("PID check failed. RNG must be re-initialized after fork(). Hint: Try Random.atfork()")
+
+
+class _LockingUserFriendlyRNG(_UserFriendlyRNG):
+    def __init__(self):
+        self._lock = threading.Lock()
+        _UserFriendlyRNG.__init__(self)
+
+    def close(self):
+        self._lock.acquire()
+        try:
+            return _UserFriendlyRNG.close(self)
+        finally:
+            self._lock.release()
+
+    def reinit(self):
+        self._lock.acquire()
+        try:
+            return _UserFriendlyRNG.reinit(self)
+        finally:
+            self._lock.release()
+
+    def read(self, bytes):
+        self._lock.acquire()
+        try:
+            return _UserFriendlyRNG.read(self, bytes)
+        finally:
+            self._lock.release()
+
+class RNGFile(object):
+    def __init__(self, singleton):
+        self.closed = False
+        self._singleton = singleton
+
+    # PEP 343: Support for the "with" statement
+    def __enter__(self):
+        """PEP 343 support"""
+    def __exit__(self):
+        """PEP 343 support"""
+        self.close()
+
+    def close(self):
+        # Don't actually close the singleton, just close this RNGFile instance.
+        self.closed = True
+        self._singleton = None
+
+    def read(self, bytes):
+        if self.closed:
+            raise ValueError("I/O operation on closed file")
+        return self._singleton.read(bytes)
+
+    def flush(self):
+        if self.closed:
+            raise ValueError("I/O operation on closed file")
+
+_singleton_lock = threading.Lock()
+_singleton = None
+def _get_singleton():
+    global _singleton
+    _singleton_lock.acquire()
+    try:
+        if _singleton is None:
+            _singleton = _LockingUserFriendlyRNG()
+        return _singleton
+    finally:
+        _singleton_lock.release()
+
+def new():
+    return RNGFile(_get_singleton())
+
+def reinit():
+    _get_singleton().reinit()
+
+def get_random_bytes(n):
+    """Return the specified number of cryptographically-strong random bytes."""
+    return _get_singleton().read(n)
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/Random/__init__.py b/lib/Python/Lib/Crypto/Random/__init__.py
new file mode 100644
index 000000000..659ffee48
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Random/__init__.py
@@ -0,0 +1,43 @@
+# -*- coding: utf-8 -*-
+#
+#  Random/__init__.py : PyCrypto random number generation
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+__revision__ = "$Id$"
+__all__ = ['new']
+
+from Crypto.Random import OSRNG
+from Crypto.Random import _UserFriendlyRNG
+
+def new(*args, **kwargs):
+    """Return a file-like object that outputs cryptographically random bytes."""
+    return _UserFriendlyRNG.new(*args, **kwargs)
+
+def atfork():
+    """Call this whenever you call os.fork()"""
+    _UserFriendlyRNG.reinit()
+
+def get_random_bytes(n):
+    """Return the specified number of cryptographically-strong random bytes."""
+    return _UserFriendlyRNG.get_random_bytes(n)
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/Random/random.py b/lib/Python/Lib/Crypto/Random/random.py
new file mode 100644
index 000000000..bef02e651
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Random/random.py
@@ -0,0 +1,142 @@
+# -*- coding: utf-8 -*-
+#
+#  Random/random.py : Strong alternative for the standard 'random' module
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""A cryptographically strong version of Python's standard "random" module."""
+
+__revision__ = "$Id$"
+__all__ = ['StrongRandom', 'getrandbits', 'randrange', 'randint', 'choice', 'shuffle', 'sample']
+
+from Crypto import Random
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+
+class StrongRandom(object):
+    def __init__(self, rng=None, randfunc=None):
+        if randfunc is None and rng is None:
+            self._randfunc = None
+        elif randfunc is not None and rng is None:
+            self._randfunc = randfunc
+        elif randfunc is None and rng is not None:
+            self._randfunc = rng.read
+        else:
+            raise ValueError("Cannot specify both 'rng' and 'randfunc'")
+
+    def getrandbits(self, k):
+        """Return a python long integer with k random bits."""
+        if self._randfunc is None:
+            self._randfunc = Random.new().read
+        mask = (1L << k) - 1
+        return mask & bytes_to_long(self._randfunc(ceil_div(k, 8)))
+
+    def randrange(self, *args):
+        """randrange([start,] stop[, step]):
+        Return a randomly-selected element from range(start, stop, step)."""
+        if len(args) == 3:
+            (start, stop, step) = args
+        elif len(args) == 2:
+            (start, stop) = args
+            step = 1
+        elif len(args) == 1:
+            (stop,) = args
+            start = 0
+            step = 1
+        else:
+            raise TypeError("randrange expected at most 3 arguments, got %d" % (len(args),))
+        if (not isinstance(start, (int, long))
+                or not isinstance(stop, (int, long))
+                or not isinstance(step, (int, long))):
+            raise TypeError("randrange requires integer arguments")
+        if step == 0:
+            raise ValueError("randrange step argument must not be zero")
+
+        num_choices = ceil_div(stop - start, step)
+        if num_choices < 0:
+            num_choices = 0
+        if num_choices < 1:
+            raise ValueError("empty range for randrange(%r, %r, %r)" % (start, stop, step))
+
+        # Pick a random number in the range of possible numbers
+        r = num_choices
+        while r >= num_choices:
+            r = self.getrandbits(size(num_choices))
+
+        return start + (step * r)
+
+    def randint(self, a, b):
+        """Return a random integer N such that a <= N <= b."""
+        if not isinstance(a, (int, long)) or not isinstance(b, (int, long)):
+            raise TypeError("randint requires integer arguments")
+        N = self.randrange(a, b+1)
+        assert a <= N <= b
+        return N
+
+    def choice(self, seq):
+        """Return a random element from a (non-empty) sequence.
+
+        If the seqence is empty, raises IndexError.
+        """
+        if len(seq) == 0:
+            raise IndexError("empty sequence")
+        return seq[self.randrange(len(seq))]
+
+    def shuffle(self, x):
+        """Shuffle the sequence in place."""
+        # Make a (copy) of the list of objects we want to shuffle
+        items = list(x)
+
+        # Choose a random item (without replacement) until all the items have been
+        # chosen.
+        for i in xrange(len(x)):
+            x[i] = items.pop(self.randrange(len(items)))
+
+    def sample(self, population, k):
+        """Return a k-length list of unique elements chosen from the population sequence."""
+
+        num_choices = len(population)
+        if k > num_choices:
+            raise ValueError("sample larger than population")
+
+        retval = []
+        selected = {}  # we emulate a set using a dict here
+        for i in xrange(k):
+            r = None
+            while r is None or selected.has_key(r):
+                r = self.randrange(num_choices)
+            retval.append(population[r])
+            selected[r] = 1
+        return retval
+
+_r = StrongRandom()
+getrandbits = _r.getrandbits
+randrange = _r.randrange
+randint = _r.randint
+choice = _r.choice
+shuffle = _r.shuffle
+sample = _r.sample
+
+# These are at the bottom to avoid problems with recursive imports
+from Crypto.Util.number import ceil_div, bytes_to_long, long_to_bytes, size
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Cipher/__init__.py b/lib/Python/Lib/Crypto/SelfTest/Cipher/__init__.py
new file mode 100644
index 000000000..63e9c5706
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Cipher/__init__.py
@@ -0,0 +1,48 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Cipher/__init__.py: Self-test for cipher modules
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test for cipher modules"""
+
+__revision__ = "$Id$"
+
+def get_tests(config={}):
+    tests = []
+    from Crypto.SelfTest.Cipher import test_AES;      tests += test_AES.get_tests(config=config)
+    from Crypto.SelfTest.Cipher import test_ARC2;     tests += test_ARC2.get_tests(config=config)
+    from Crypto.SelfTest.Cipher import test_ARC4;     tests += test_ARC4.get_tests(config=config)
+    from Crypto.SelfTest.Cipher import test_Blowfish; tests += test_Blowfish.get_tests(config=config)
+    from Crypto.SelfTest.Cipher import test_CAST;     tests += test_CAST.get_tests(config=config)
+    from Crypto.SelfTest.Cipher import test_DES3;     tests += test_DES3.get_tests(config=config)
+    from Crypto.SelfTest.Cipher import test_DES;      tests += test_DES.get_tests(config=config)
+    from Crypto.SelfTest.Cipher import test_XOR;      tests += test_XOR.get_tests(config=config)
+    from Crypto.SelfTest.Cipher import test_pkcs1_15; tests += test_pkcs1_15.get_tests(config=config)
+    from Crypto.SelfTest.Cipher import test_pkcs1_oaep; tests += test_pkcs1_oaep.get_tests(config=config)
+    return tests
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Cipher/common.py b/lib/Python/Lib/Crypto/SelfTest/Cipher/common.py
new file mode 100644
index 000000000..8bebed9cf
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Cipher/common.py
@@ -0,0 +1,399 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Hash/common.py: Common code for Crypto.SelfTest.Hash
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-testing for PyCrypto hash modules"""
+
+__revision__ = "$Id$"
+
+import sys
+import unittest
+from binascii import a2b_hex, b2a_hex
+from Crypto.Util.py3compat import *
+
+# For compatibility with Python 2.1 and Python 2.2
+if sys.hexversion < 0x02030000:
+    # Python 2.1 doesn't have a dict() function
+    # Python 2.2 dict() function raises TypeError if you do dict(MD5='blah')
+    def dict(**kwargs):
+        return kwargs.copy()
+else:
+    dict = dict
+
+class _NoDefault: pass        # sentinel object
+def _extract(d, k, default=_NoDefault):
+    """Get an item from a dictionary, and remove it from the dictionary."""
+    try:
+        retval = d[k]
+    except KeyError:
+        if default is _NoDefault:
+            raise
+        return default
+    del d[k]
+    return retval
+
+# Generic cipher test case
+class CipherSelfTest(unittest.TestCase):
+
+    def __init__(self, module, params):
+        unittest.TestCase.__init__(self)
+        self.module = module
+
+        # Extract the parameters
+        params = params.copy()
+        self.description = _extract(params, 'description')
+        self.key = b(_extract(params, 'key'))
+        self.plaintext = b(_extract(params, 'plaintext'))
+        self.ciphertext = b(_extract(params, 'ciphertext'))
+        self.module_name = _extract(params, 'module_name', None)
+
+        mode = _extract(params, 'mode', None)
+        self.mode_name = str(mode)
+        if mode is not None:
+            # Block cipher
+            self.mode = getattr(self.module, "MODE_" + mode)
+            self.iv = _extract(params, 'iv', None)
+            if self.iv is not None: self.iv = b(self.iv)
+
+            # Only relevant for OPENPGP mode
+            self.encrypted_iv = _extract(params, 'encrypted_iv', None)
+            if self.encrypted_iv is not None:
+                self.encrypted_iv = b(self.encrypted_iv)
+        else:
+            # Stream cipher
+            self.mode = None
+            self.iv = None
+
+        self.extra_params = params
+
+    def shortDescription(self):
+        return self.description
+
+    def _new(self, do_decryption=0):
+        params = self.extra_params.copy()
+
+        # Handle CTR mode parameters.  By default, we use Counter.new(self.module.block_size)
+        if hasattr(self.module, "MODE_CTR") and self.mode == self.module.MODE_CTR:
+            from Crypto.Util import Counter
+            ctr_class = _extract(params, 'ctr_class', Counter.new)
+            ctr_params = _extract(params, 'ctr_params', {}).copy()
+            if ctr_params.has_key('prefix'): ctr_params['prefix'] = a2b_hex(b(ctr_params['prefix']))
+            if ctr_params.has_key('suffix'): ctr_params['suffix'] = a2b_hex(b(ctr_params['suffix']))
+            if not ctr_params.has_key('nbits'):
+                ctr_params['nbits'] = 8*(self.module.block_size - len(ctr_params.get('prefix', '')) - len(ctr_params.get('suffix', '')))
+            params['counter'] = ctr_class(**ctr_params)
+
+        if self.mode is None:
+            # Stream cipher
+            return self.module.new(a2b_hex(self.key), **params)
+        elif self.iv is None:
+            # Block cipher without iv
+            return self.module.new(a2b_hex(self.key), self.mode, **params)
+        else:
+            # Block cipher with iv
+            if do_decryption and self.mode == self.module.MODE_OPENPGP:
+                # In PGP mode, the IV to feed for decryption is the *encrypted* one
+                return self.module.new(a2b_hex(self.key), self.mode, a2b_hex(self.encrypted_iv), **params)
+            else:
+                return self.module.new(a2b_hex(self.key), self.mode, a2b_hex(self.iv), **params)
+
+    def runTest(self):
+        plaintext = a2b_hex(self.plaintext)
+        ciphertext = a2b_hex(self.ciphertext)
+
+        ct1 = b2a_hex(self._new().encrypt(plaintext))
+        pt1 = b2a_hex(self._new(1).decrypt(ciphertext))
+        ct2 = b2a_hex(self._new().encrypt(plaintext))
+        pt2 = b2a_hex(self._new(1).decrypt(ciphertext))
+
+        if hasattr(self.module, "MODE_OPENPGP") and self.mode == self.module.MODE_OPENPGP:
+            # In PGP mode, data returned by the first encrypt()
+            # is prefixed with the encrypted IV.
+            # Here we check it and then remove it from the ciphertexts.
+            eilen = len(self.encrypted_iv)
+            self.assertEqual(self.encrypted_iv, ct1[:eilen])
+            self.assertEqual(self.encrypted_iv, ct2[:eilen])
+            ct1 = ct1[eilen:]
+            ct2 = ct2[eilen:]
+
+        self.assertEqual(self.ciphertext, ct1)  # encrypt
+        self.assertEqual(self.ciphertext, ct2)  # encrypt (second time)
+        self.assertEqual(self.plaintext, pt1)   # decrypt
+        self.assertEqual(self.plaintext, pt2)   # decrypt (second time)
+
+class CipherStreamingSelfTest(CipherSelfTest):
+
+    def shortDescription(self):
+        desc = self.module_name
+        if self.mode is not None:
+            desc += " in %s mode" % (self.mode_name,)
+        return "%s should behave like a stream cipher" % (desc,)
+
+    def runTest(self):
+        plaintext = a2b_hex(self.plaintext)
+        ciphertext = a2b_hex(self.ciphertext)
+
+        # The cipher should work like a stream cipher
+
+        # Test counter mode encryption, 3 bytes at a time
+        ct3 = []
+        cipher = self._new()
+        for i in range(0, len(plaintext), 3):
+            ct3.append(cipher.encrypt(plaintext[i:i+3]))
+        ct3 = b2a_hex(b("").join(ct3))
+        self.assertEqual(self.ciphertext, ct3)  # encryption (3 bytes at a time)
+
+        # Test counter mode decryption, 3 bytes at a time
+        pt3 = []
+        cipher = self._new()
+        for i in range(0, len(ciphertext), 3):
+            pt3.append(cipher.encrypt(ciphertext[i:i+3]))
+        # PY3K: This is meant to be text, do not change to bytes (data)
+        pt3 = b2a_hex(b("").join(pt3))
+        self.assertEqual(self.plaintext, pt3)  # decryption (3 bytes at a time)
+
+class CTRSegfaultTest(unittest.TestCase):
+
+    def __init__(self, module, params):
+        unittest.TestCase.__init__(self)
+        self.module = module
+        self.key = b(params['key'])
+        self.module_name = params.get('module_name', None)
+
+    def shortDescription(self):
+        return """Regression test: %s.new(key, %s.MODE_CTR) should raise TypeError, not segfault""" % (self.module_name, self.module_name)
+
+    def runTest(self):
+        self.assertRaises(TypeError, self.module.new, a2b_hex(self.key), self.module.MODE_CTR)
+
+class CTRWraparoundTest(unittest.TestCase):
+
+    def __init__(self, module, params):
+        unittest.TestCase.__init__(self)
+        self.module = module
+        self.key = b(params['key'])
+        self.module_name = params.get('module_name', None)
+
+    def shortDescription(self):
+        return """Regression test: %s with MODE_CTR should raise OverflowError on wraparound when shortcut used""" % (self.module_name,)
+
+    def runTest(self):
+        from Crypto.Util import Counter
+
+        for disable_shortcut in (0, 1): # (False, True) Test CTR-mode shortcut and PyObject_CallObject code paths
+            for little_endian in (0, 1): # (False, True) Test both endiannesses
+                ctr = Counter.new(8*self.module.block_size, initial_value=2L**(8*self.module.block_size)-1, little_endian=little_endian, disable_shortcut=disable_shortcut)
+                cipher = self.module.new(a2b_hex(self.key), self.module.MODE_CTR, counter=ctr)
+                block = b("\x00") * self.module.block_size
+                cipher.encrypt(block)
+                self.assertRaises(OverflowError, cipher.encrypt, block)
+
+class CFBSegmentSizeTest(unittest.TestCase):
+
+    def __init__(self, module, params):
+        unittest.TestCase.__init__(self)
+        self.module = module
+        self.key = b(params['key'])
+        self.description = params['description']
+
+    def shortDescription(self):
+        return self.description
+
+    def runTest(self):
+        """Regression test: m.new(key, m.MODE_CFB, segment_size=N) should require segment_size to be a multiple of 8 bits"""
+        for i in range(1, 8):
+            self.assertRaises(ValueError, self.module.new, a2b_hex(self.key), self.module.MODE_CFB, segment_size=i)
+        self.module.new(a2b_hex(self.key), self.module.MODE_CFB, "\0"*self.module.block_size, segment_size=8) # should succeed
+
+class RoundtripTest(unittest.TestCase):
+    def __init__(self, module, params):
+        from Crypto import Random
+        unittest.TestCase.__init__(self)
+        self.module = module
+        self.iv = Random.get_random_bytes(module.block_size)
+        self.key = b(params['key'])
+        self.plaintext = 100 * b(params['plaintext'])
+        self.module_name = params.get('module_name', None)
+
+    def shortDescription(self):
+        return """%s .decrypt() output of .encrypt() should not be garbled""" % (self.module_name,)
+
+    def runTest(self):
+        for mode in (self.module.MODE_ECB, self.module.MODE_CBC, self.module.MODE_CFB, self.module.MODE_OFB, self.module.MODE_OPENPGP):
+            encryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+            ciphertext = encryption_cipher.encrypt(self.plaintext)
+            
+            if mode != self.module.MODE_OPENPGP:
+                decryption_cipher = self.module.new(a2b_hex(self.key), mode, self.iv)
+            else:
+                eiv = ciphertext[:self.module.block_size+2]
+                ciphertext = ciphertext[self.module.block_size+2:]
+                decryption_cipher = self.module.new(a2b_hex(self.key), mode, eiv)
+            decrypted_plaintext = decryption_cipher.decrypt(ciphertext)
+            self.assertEqual(self.plaintext, decrypted_plaintext)
+
+class PGPTest(unittest.TestCase):
+    def __init__(self, module, params):
+        unittest.TestCase.__init__(self)
+        self.module = module
+        self.key = b(params['key'])
+
+    def shortDescription(self):
+        return "MODE_PGP was implemented incorrectly and insecurely. It's completely banished now."
+
+    def runTest(self):
+        self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
+                self.module.MODE_PGP)
+
+class IVLengthTest(unittest.TestCase):
+    def __init__(self, module, params):
+        unittest.TestCase.__init__(self)
+        self.module = module
+        self.key = b(params['key'])
+
+    def shortDescription(self):
+        return "Check that all modes except MODE_ECB and MODE_CTR require an IV of the proper length"
+
+    def runTest(self):
+        self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
+                self.module.MODE_CBC, "")
+        self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
+                self.module.MODE_CFB, "")
+        self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
+                self.module.MODE_OFB, "")
+        self.assertRaises(ValueError, self.module.new, a2b_hex(self.key),
+                self.module.MODE_OPENPGP, "")
+        self.module.new(a2b_hex(self.key), self.module.MODE_ECB, "")
+        self.module.new(a2b_hex(self.key), self.module.MODE_CTR, "", counter=self._dummy_counter)
+
+    def _dummy_counter(self):
+        return "\0" * self.module.block_size
+
+def make_block_tests(module, module_name, test_data):
+    tests = []
+    extra_tests_added = 0
+    for i in range(len(test_data)):
+        row = test_data[i]
+
+        # Build the "params" dictionary
+        params = {'mode': 'ECB'}
+        if len(row) == 3:
+            (params['plaintext'], params['ciphertext'], params['key']) = row
+        elif len(row) == 4:
+            (params['plaintext'], params['ciphertext'], params['key'], params['description']) = row
+        elif len(row) == 5:
+            (params['plaintext'], params['ciphertext'], params['key'], params['description'], extra_params) = row
+            params.update(extra_params)
+        else:
+            raise AssertionError("Unsupported tuple size %d" % (len(row),))
+
+        # Build the display-name for the test
+        p2 = params.copy()
+        p_key = _extract(p2, 'key')
+        p_plaintext = _extract(p2, 'plaintext')
+        p_ciphertext = _extract(p2, 'ciphertext')
+        p_description = _extract(p2, 'description', None)
+        p_mode = p2.get('mode', 'ECB')
+        if p_mode == 'ECB':
+            _extract(p2, 'mode', 'ECB')
+
+        if p_description is not None:
+            description = p_description
+        elif p_mode == 'ECB' and not p2:
+            description = "p=%s, k=%s" % (p_plaintext, p_key)
+        else:
+            description = "p=%s, k=%s, %r" % (p_plaintext, p_key, p2)
+        name = "%s #%d: %s" % (module_name, i+1, description)
+        params['description'] = name
+        params['module_name'] = module_name
+
+        # Add extra test(s) to the test suite before the current test
+        if not extra_tests_added:
+            tests += [
+                CTRSegfaultTest(module, params),
+                CTRWraparoundTest(module, params),
+                CFBSegmentSizeTest(module, params),
+                RoundtripTest(module, params),
+                PGPTest(module, params),
+                IVLengthTest(module, params),
+            ]
+            extra_tests_added = 1
+
+        # Add the current test to the test suite
+        tests.append(CipherSelfTest(module, params))
+
+        # When using CTR mode, test that the interface behaves like a stream cipher
+        if p_mode == 'CTR':
+            tests.append(CipherStreamingSelfTest(module, params))
+
+        # When using CTR mode, test the non-shortcut code path.
+        if p_mode == 'CTR' and not params.has_key('ctr_class'):
+            params2 = params.copy()
+            params2['description'] += " (shortcut disabled)"
+            ctr_params2 = params.get('ctr_params', {}).copy()
+            params2['ctr_params'] = ctr_params2
+            if not params2['ctr_params'].has_key('disable_shortcut'):
+                params2['ctr_params']['disable_shortcut'] = 1
+            tests.append(CipherSelfTest(module, params2))
+    return tests
+
+def make_stream_tests(module, module_name, test_data):
+    tests = []
+    for i in range(len(test_data)):
+        row = test_data[i]
+
+        # Build the "params" dictionary
+        params = {}
+        if len(row) == 3:
+            (params['plaintext'], params['ciphertext'], params['key']) = row
+        elif len(row) == 4:
+            (params['plaintext'], params['ciphertext'], params['key'], params['description']) = row
+        elif len(row) == 5:
+            (params['plaintext'], params['ciphertext'], params['key'], params['description'], extra_params) = row
+            params.update(extra_params)
+        else:
+            raise AssertionError("Unsupported tuple size %d" % (len(row),))
+
+        # Build the display-name for the test
+        p2 = params.copy()
+        p_key = _extract(p2, 'key')
+        p_plaintext = _extract(p2, 'plaintext')
+        p_ciphertext = _extract(p2, 'ciphertext')
+        p_description = _extract(p2, 'description', None)
+
+        if p_description is not None:
+            description = p_description
+        elif not p2:
+            description = "p=%s, k=%s" % (p_plaintext, p_key)
+        else:
+            description = "p=%s, k=%s, %r" % (p_plaintext, p_key, p2)
+        name = "%s #%d: %s" % (module_name, i+1, description)
+        params['description'] = name
+        params['module_name'] = module_name
+
+        # Add the test to the test suite
+        tests.append(CipherSelfTest(module, params))
+        tests.append(CipherStreamingSelfTest(module, params))
+    return tests
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Cipher/test_AES.py b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_AES.py
new file mode 100644
index 000000000..ea7c323a6
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_AES.py
@@ -0,0 +1,1433 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Cipher/AES.py: Self-test for the AES cipher
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Cipher.AES"""
+
+__revision__ = "$Id$"
+
+from common import dict     # For compatibility with Python 2.1 and 2.2
+from Crypto.Util.py3compat import *
+from binascii import hexlify
+
+# This is a list of (plaintext, ciphertext, key[, description[, params]]) tuples.
+test_data = [
+    # FIPS PUB 197 test vectors
+    # http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
+
+    ('00112233445566778899aabbccddeeff', '69c4e0d86a7b0430d8cdb78070b4c55a',
+        '000102030405060708090a0b0c0d0e0f', 'FIPS 197 C.1 (AES-128)'),
+
+    ('00112233445566778899aabbccddeeff', 'dda97ca4864cdfe06eaf70a0ec0d7191',
+        '000102030405060708090a0b0c0d0e0f1011121314151617',
+        'FIPS 197 C.2 (AES-192)'),
+
+    ('00112233445566778899aabbccddeeff', '8ea2b7ca516745bfeafc49904b496089',
+        '000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f',
+        'FIPS 197 C.3 (AES-256)'),
+
+    # Rijndael128 test vectors
+    # Downloaded 2008-09-13 from
+    # http://www.iaik.tugraz.at/Research/krypto/AES/old/~rijmen/rijndael/testvalues.tar.gz
+
+    # ecb_tbl.txt, KEYSIZE=128
+    ('506812a45f08c889b97f5980038b8359', 'd8f532538289ef7d06b506a4fd5be9c9',
+        '00010203050607080a0b0c0d0f101112',
+        'ecb-tbl-128: I=1'),
+    ('5c6d71ca30de8b8b00549984d2ec7d4b', '59ab30f4d4ee6e4ff9907ef65b1fb68c',
+        '14151617191a1b1c1e1f202123242526',
+        'ecb-tbl-128: I=2'),
+    ('53f3f4c64f8616e4e7c56199f48f21f6', 'bf1ed2fcb2af3fd41443b56d85025cb1',
+        '28292a2b2d2e2f30323334353738393a',
+        'ecb-tbl-128: I=3'),
+    ('a1eb65a3487165fb0f1c27ff9959f703', '7316632d5c32233edcb0780560eae8b2',
+        '3c3d3e3f41424344464748494b4c4d4e',
+        'ecb-tbl-128: I=4'),
+    ('3553ecf0b1739558b08e350a98a39bfa', '408c073e3e2538072b72625e68b8364b',
+        '50515253555657585a5b5c5d5f606162',
+        'ecb-tbl-128: I=5'),
+    ('67429969490b9711ae2b01dc497afde8', 'e1f94dfa776597beaca262f2f6366fea',
+        '64656667696a6b6c6e6f707173747576',
+        'ecb-tbl-128: I=6'),
+    ('93385c1f2aec8bed192f5a8e161dd508', 'f29e986c6a1c27d7b29ffd7ee92b75f1',
+        '78797a7b7d7e7f80828384858788898a',
+        'ecb-tbl-128: I=7'),
+    ('b5bf946be19beb8db3983b5f4c6e8ddb', '131c886a57f8c2e713aba6955e2b55b5',
+        '8c8d8e8f91929394969798999b9c9d9e',
+        'ecb-tbl-128: I=8'),
+    ('41321ee10e21bd907227c4450ff42324', 'd2ab7662df9b8c740210e5eeb61c199d',
+        'a0a1a2a3a5a6a7a8aaabacadafb0b1b2',
+        'ecb-tbl-128: I=9'),
+    ('00a82f59c91c8486d12c0a80124f6089', '14c10554b2859c484cab5869bbe7c470',
+        'b4b5b6b7b9babbbcbebfc0c1c3c4c5c6',
+        'ecb-tbl-128: I=10'),
+    ('7ce0fd076754691b4bbd9faf8a1372fe', 'db4d498f0a49cf55445d502c1f9ab3b5',
+        'c8c9cacbcdcecfd0d2d3d4d5d7d8d9da',
+        'ecb-tbl-128: I=11'),
+    ('23605a8243d07764541bc5ad355b3129', '6d96fef7d66590a77a77bb2056667f7f',
+        'dcdddedfe1e2e3e4e6e7e8e9ebecedee',
+        'ecb-tbl-128: I=12'),
+    ('12a8cfa23ea764fd876232b4e842bc44', '316fb68edba736c53e78477bf913725c',
+        'f0f1f2f3f5f6f7f8fafbfcfdfe010002',
+        'ecb-tbl-128: I=13'),
+    ('bcaf32415e8308b3723e5fdd853ccc80', '6936f2b93af8397fd3a771fc011c8c37',
+        '04050607090a0b0c0e0f101113141516',
+        'ecb-tbl-128: I=14'),
+    ('89afae685d801ad747ace91fc49adde0', 'f3f92f7a9c59179c1fcc2c2ba0b082cd',
+        '2c2d2e2f31323334363738393b3c3d3e',
+        'ecb-tbl-128: I=15'),
+    ('f521d07b484357c4a69e76124a634216', '6a95ea659ee3889158e7a9152ff04ebc',
+        '40414243454647484a4b4c4d4f505152',
+        'ecb-tbl-128: I=16'),
+    ('3e23b3bc065bcc152407e23896d77783', '1959338344e945670678a5d432c90b93',
+        '54555657595a5b5c5e5f606163646566',
+        'ecb-tbl-128: I=17'),
+    ('79f0fba002be1744670e7e99290d8f52', 'e49bddd2369b83ee66e6c75a1161b394',
+        '68696a6b6d6e6f70727374757778797a',
+        'ecb-tbl-128: I=18'),
+    ('da23fe9d5bd63e1d72e3dafbe21a6c2a', 'd3388f19057ff704b70784164a74867d',
+        '7c7d7e7f81828384868788898b8c8d8e',
+        'ecb-tbl-128: I=19'),
+    ('e3f5698ba90b6a022efd7db2c7e6c823', '23aa03e2d5e4cd24f3217e596480d1e1',
+        'a4a5a6a7a9aaabacaeafb0b1b3b4b5b6',
+        'ecb-tbl-128: I=20'),
+    ('bdc2691d4f1b73d2700679c3bcbf9c6e', 'c84113d68b666ab2a50a8bdb222e91b9',
+        'e0e1e2e3e5e6e7e8eaebecedeff0f1f2',
+        'ecb-tbl-128: I=21'),
+    ('ba74e02093217ee1ba1b42bd5624349a', 'ac02403981cd4340b507963db65cb7b6',
+        '08090a0b0d0e0f10121314151718191a',
+        'ecb-tbl-128: I=22'),
+    ('b5c593b5851c57fbf8b3f57715e8f680', '8d1299236223359474011f6bf5088414',
+        '6c6d6e6f71727374767778797b7c7d7e',
+        'ecb-tbl-128: I=23'),
+    ('3da9bd9cec072381788f9387c3bbf4ee', '5a1d6ab8605505f7977e55b9a54d9b90',
+        '80818283858687888a8b8c8d8f909192',
+        'ecb-tbl-128: I=24'),
+    ('4197f3051121702ab65d316b3c637374', '72e9c2d519cf555e4208805aabe3b258',
+        '94959697999a9b9c9e9fa0a1a3a4a5a6',
+        'ecb-tbl-128: I=25'),
+    ('9f46c62ec4f6ee3f6e8c62554bc48ab7', 'a8f3e81c4a23a39ef4d745dffe026e80',
+        'a8a9aaabadaeafb0b2b3b4b5b7b8b9ba',
+        'ecb-tbl-128: I=26'),
+    ('0220673fe9e699a4ebc8e0dbeb6979c8', '546f646449d31458f9eb4ef5483aee6c',
+        'bcbdbebfc1c2c3c4c6c7c8c9cbcccdce',
+        'ecb-tbl-128: I=27'),
+    ('b2b99171337ded9bc8c2c23ff6f18867', '4dbe4bc84ac797c0ee4efb7f1a07401c',
+        'd0d1d2d3d5d6d7d8dadbdcdddfe0e1e2',
+        'ecb-tbl-128: I=28'),
+    ('a7facf4e301e984e5efeefd645b23505', '25e10bfb411bbd4d625ac8795c8ca3b3',
+        'e4e5e6e7e9eaebeceeeff0f1f3f4f5f6',
+        'ecb-tbl-128: I=29'),
+    ('f7c762e4a9819160fd7acfb6c4eedcdd', '315637405054ec803614e43def177579',
+        'f8f9fafbfdfefe00020304050708090a',
+        'ecb-tbl-128: I=30'),
+    ('9b64fc21ea08709f4915436faa70f1be', '60c5bc8a1410247295c6386c59e572a8',
+        '0c0d0e0f11121314161718191b1c1d1e',
+        'ecb-tbl-128: I=31'),
+    ('52af2c3de07ee6777f55a4abfc100b3f', '01366fc8ca52dfe055d6a00a76471ba6',
+        '20212223252627282a2b2c2d2f303132',
+        'ecb-tbl-128: I=32'),
+    ('2fca001224386c57aa3f968cbe2c816f', 'ecc46595516ec612449c3f581e7d42ff',
+        '34353637393a3b3c3e3f404143444546',
+        'ecb-tbl-128: I=33'),
+    ('4149c73658a4a9c564342755ee2c132f', '6b7ffe4c602a154b06ee9c7dab5331c9',
+        '48494a4b4d4e4f50525354555758595a',
+        'ecb-tbl-128: I=34'),
+    ('af60005a00a1772f7c07a48a923c23d2', '7da234c14039a240dd02dd0fbf84eb67',
+        '5c5d5e5f61626364666768696b6c6d6e',
+        'ecb-tbl-128: I=35'),
+    ('6fccbc28363759914b6f0280afaf20c6', 'c7dc217d9e3604ffe7e91f080ecd5a3a',
+        '70717273757677787a7b7c7d7f808182',
+        'ecb-tbl-128: I=36'),
+    ('7d82a43ddf4fefa2fc5947499884d386', '37785901863f5c81260ea41e7580cda5',
+        '84858687898a8b8c8e8f909193949596',
+        'ecb-tbl-128: I=37'),
+    ('5d5a990eaab9093afe4ce254dfa49ef9', 'a07b9338e92ed105e6ad720fccce9fe4',
+        '98999a9b9d9e9fa0a2a3a4a5a7a8a9aa',
+        'ecb-tbl-128: I=38'),
+    ('4cd1e2fd3f4434b553aae453f0ed1a02', 'ae0fb9722418cc21a7da816bbc61322c',
+        'acadaeafb1b2b3b4b6b7b8b9bbbcbdbe',
+        'ecb-tbl-128: I=39'),
+    ('5a2c9a9641d4299125fa1b9363104b5e', 'c826a193080ff91ffb21f71d3373c877',
+        'c0c1c2c3c5c6c7c8cacbcccdcfd0d1d2',
+        'ecb-tbl-128: I=40'),
+    ('b517fe34c0fa217d341740bfd4fe8dd4', '1181b11b0e494e8d8b0aa6b1d5ac2c48',
+        'd4d5d6d7d9dadbdcdedfe0e1e3e4e5e6',
+        'ecb-tbl-128: I=41'),
+    ('014baf2278a69d331d5180103643e99a', '6743c3d1519ab4f2cd9a78ab09a511bd',
+        'e8e9eaebedeeeff0f2f3f4f5f7f8f9fa',
+        'ecb-tbl-128: I=42'),
+    ('b529bd8164f20d0aa443d4932116841c', 'dc55c076d52bacdf2eefd952946a439d',
+        'fcfdfeff01020304060708090b0c0d0e',
+        'ecb-tbl-128: I=43'),
+    ('2e596dcbb2f33d4216a1176d5bd1e456', '711b17b590ffc72b5c8e342b601e8003',
+        '10111213151617181a1b1c1d1f202122',
+        'ecb-tbl-128: I=44'),
+    ('7274a1ea2b7ee2424e9a0e4673689143', '19983bb0950783a537e1339f4aa21c75',
+        '24252627292a2b2c2e2f303133343536',
+        'ecb-tbl-128: I=45'),
+    ('ae20020bd4f13e9d90140bee3b5d26af', '3ba7762e15554169c0f4fa39164c410c',
+        '38393a3b3d3e3f40424344454748494a',
+        'ecb-tbl-128: I=46'),
+    ('baac065da7ac26e855e79c8849d75a02', 'a0564c41245afca7af8aa2e0e588ea89',
+        '4c4d4e4f51525354565758595b5c5d5e',
+        'ecb-tbl-128: I=47'),
+    ('7c917d8d1d45fab9e2540e28832540cc', '5e36a42a2e099f54ae85ecd92e2381ed',
+        '60616263656667686a6b6c6d6f707172',
+        'ecb-tbl-128: I=48'),
+    ('bde6f89e16daadb0e847a2a614566a91', '770036f878cd0f6ca2268172f106f2fe',
+        '74757677797a7b7c7e7f808183848586',
+        'ecb-tbl-128: I=49'),
+    ('c9de163725f1f5be44ebb1db51d07fbc', '7e4e03908b716116443ccf7c94e7c259',
+        '88898a8b8d8e8f90929394959798999a',
+        'ecb-tbl-128: I=50'),
+    ('3af57a58f0c07dffa669572b521e2b92', '482735a48c30613a242dd494c7f9185d',
+        '9c9d9e9fa1a2a3a4a6a7a8a9abacadae',
+        'ecb-tbl-128: I=51'),
+    ('3d5ebac306dde4604f1b4fbbbfcdae55', 'b4c0f6c9d4d7079addf9369fc081061d',
+        'b0b1b2b3b5b6b7b8babbbcbdbfc0c1c2',
+        'ecb-tbl-128: I=52'),
+    ('c2dfa91bceb76a1183c995020ac0b556', 'd5810fe0509ac53edcd74f89962e6270',
+        'c4c5c6c7c9cacbcccecfd0d1d3d4d5d6',
+        'ecb-tbl-128: I=53'),
+    ('c70f54305885e9a0746d01ec56c8596b', '03f17a16b3f91848269ecdd38ebb2165',
+        'd8d9dadbdddedfe0e2e3e4e5e7e8e9ea',
+        'ecb-tbl-128: I=54'),
+    ('c4f81b610e98012ce000182050c0c2b2', 'da1248c3180348bad4a93b4d9856c9df',
+        'ecedeeeff1f2f3f4f6f7f8f9fbfcfdfe',
+        'ecb-tbl-128: I=55'),
+    ('eaab86b1d02a95d7404eff67489f97d4', '3d10d7b63f3452c06cdf6cce18be0c2c',
+        '00010203050607080a0b0c0d0f101112',
+        'ecb-tbl-128: I=56'),
+    ('7c55bdb40b88870b52bec3738de82886', '4ab823e7477dfddc0e6789018fcb6258',
+        '14151617191a1b1c1e1f202123242526',
+        'ecb-tbl-128: I=57'),
+    ('ba6eaa88371ff0a3bd875e3f2a975ce0', 'e6478ba56a77e70cfdaa5c843abde30e',
+        '28292a2b2d2e2f30323334353738393a',
+        'ecb-tbl-128: I=58'),
+    ('08059130c4c24bd30cf0575e4e0373dc', '1673064895fbeaf7f09c5429ff75772d',
+        '3c3d3e3f41424344464748494b4c4d4e',
+        'ecb-tbl-128: I=59'),
+    ('9a8eab004ef53093dfcf96f57e7eda82', '4488033ae9f2efd0ca9383bfca1a94e9',
+        '50515253555657585a5b5c5d5f606162',
+        'ecb-tbl-128: I=60'),
+    ('0745b589e2400c25f117b1d796c28129', '978f3b8c8f9d6f46626cac3c0bcb9217',
+        '64656667696a6b6c6e6f707173747576',
+        'ecb-tbl-128: I=61'),
+    ('2f1777781216cec3f044f134b1b92bbe', 'e08c8a7e582e15e5527f1d9e2eecb236',
+        '78797a7b7d7e7f80828384858788898a',
+        'ecb-tbl-128: I=62'),
+    ('353a779ffc541b3a3805d90ce17580fc', 'cec155b76ac5ffda4cf4f9ca91e49a7a',
+        '8c8d8e8f91929394969798999b9c9d9e',
+        'ecb-tbl-128: I=63'),
+    ('1a1eae4415cefcf08c4ac1c8f68bea8f', 'd5ac7165763225dd2a38cdc6862c29ad',
+        'a0a1a2a3a5a6a7a8aaabacadafb0b1b2',
+        'ecb-tbl-128: I=64'),
+    ('e6e7e4e5b0b3b2b5d4d5aaab16111013', '03680fe19f7ce7275452020be70e8204',
+        'b4b5b6b7b9babbbcbebfc0c1c3c4c5c6',
+        'ecb-tbl-128: I=65'),
+    ('f8f9fafbfbf8f9e677767170efe0e1e2', '461df740c9781c388e94bb861ceb54f6',
+        'c8c9cacbcdcecfd0d2d3d4d5d7d8d9da',
+        'ecb-tbl-128: I=66'),
+    ('63626160a1a2a3a445444b4a75727370', '451bd60367f96483042742219786a074',
+        'dcdddedfe1e2e3e4e6e7e8e9ebecedee',
+        'ecb-tbl-128: I=67'),
+    ('717073720605040b2d2c2b2a05fafbf9', 'e4dfa42671a02e57ef173b85c0ea9f2b',
+        'f0f1f2f3f5f6f7f8fafbfcfdfe010002',
+        'ecb-tbl-128: I=68'),
+    ('78797a7beae9e8ef3736292891969794', 'ed11b89e76274282227d854700a78b9e',
+        '04050607090a0b0c0e0f101113141516',
+        'ecb-tbl-128: I=69'),
+    ('838281803231300fdddcdbdaa0afaead', '433946eaa51ea47af33895f2b90b3b75',
+        '18191a1b1d1e1f20222324252728292a',
+        'ecb-tbl-128: I=70'),
+    ('18191a1bbfbcbdba75747b7a7f78797a', '6bc6d616a5d7d0284a5910ab35022528',
+        '2c2d2e2f31323334363738393b3c3d3e',
+        'ecb-tbl-128: I=71'),
+    ('848586879b989996a3a2a5a4849b9a99', 'd2a920ecfe919d354b5f49eae9719c98',
+        '40414243454647484a4b4c4d4f505152',
+        'ecb-tbl-128: I=72'),
+    ('0001020322212027cacbf4f551565754', '3a061b17f6a92885efbd0676985b373d',
+        '54555657595a5b5c5e5f606163646566',
+        'ecb-tbl-128: I=73'),
+    ('cecfcccdafacadb2515057564a454447', 'fadeec16e33ea2f4688499d157e20d8f',
+        '68696a6b6d6e6f70727374757778797a',
+        'ecb-tbl-128: I=74'),
+    ('92939091cdcecfc813121d1c80878685', '5cdefede59601aa3c3cda36fa6b1fa13',
+        '7c7d7e7f81828384868788898b8c8d8e',
+        'ecb-tbl-128: I=75'),
+    ('d2d3d0d16f6c6d6259585f5ed1eeefec', '9574b00039844d92ebba7ee8719265f8',
+        '90919293959697989a9b9c9d9fa0a1a2',
+        'ecb-tbl-128: I=76'),
+    ('acadaeaf878485820f0e1110d5d2d3d0', '9a9cf33758671787e5006928188643fa',
+        'a4a5a6a7a9aaabacaeafb0b1b3b4b5b6',
+        'ecb-tbl-128: I=77'),
+    ('9091929364676619e6e7e0e1757a7b78', '2cddd634c846ba66bb46cbfea4a674f9',
+        'b8b9babbbdbebfc0c2c3c4c5c7c8c9ca',
+        'ecb-tbl-128: I=78'),
+    ('babbb8b98a89888f74757a7b92959497', 'd28bae029393c3e7e26e9fafbbb4b98f',
+        'cccdcecfd1d2d3d4d6d7d8d9dbdcddde',
+        'ecb-tbl-128: I=79'),
+    ('8d8c8f8e6e6d6c633b3a3d3ccad5d4d7', 'ec27529b1bee0a9ab6a0d73ebc82e9b7',
+        'e0e1e2e3e5e6e7e8eaebecedeff0f1f2',
+        'ecb-tbl-128: I=80'),
+    ('86878485010203040808f7f767606162', '3cb25c09472aff6ee7e2b47ccd7ccb17',
+        'f4f5f6f7f9fafbfcfefe010103040506',
+        'ecb-tbl-128: I=81'),
+    ('8e8f8c8d656667788a8b8c8d010e0f0c', 'dee33103a7283370d725e44ca38f8fe5',
+        '08090a0b0d0e0f10121314151718191a',
+        'ecb-tbl-128: I=82'),
+    ('c8c9cacb858687807a7b7475e7e0e1e2', '27f9bcd1aac64bffc11e7815702c1a69',
+        '1c1d1e1f21222324262728292b2c2d2e',
+        'ecb-tbl-128: I=83'),
+    ('6d6c6f6e5053525d8c8d8a8badd2d3d0', '5df534ffad4ed0749a9988e9849d0021',
+        '30313233353637383a3b3c3d3f404142',
+        'ecb-tbl-128: I=84'),
+    ('28292a2b393a3b3c0607181903040506', 'a48bee75db04fb60ca2b80f752a8421b',
+        '44454647494a4b4c4e4f505153545556',
+        'ecb-tbl-128: I=85'),
+    ('a5a4a7a6b0b3b28ddbdadddcbdb2b3b0', '024c8cf70bc86ee5ce03678cb7af45f9',
+        '58595a5b5d5e5f60626364656768696a',
+        'ecb-tbl-128: I=86'),
+    ('323330316467666130313e3f2c2b2a29', '3c19ac0f8a3a3862ce577831301e166b',
+        '6c6d6e6f71727374767778797b7c7d7e',
+        'ecb-tbl-128: I=87'),
+    ('27262524080b0a05171611100b141516', 'c5e355b796a57421d59ca6be82e73bca',
+        '80818283858687888a8b8c8d8f909192',
+        'ecb-tbl-128: I=88'),
+    ('040506074142434435340b0aa3a4a5a6', 'd94033276417abfb05a69d15b6e386e2',
+        '94959697999a9b9c9e9fa0a1a3a4a5a6',
+        'ecb-tbl-128: I=89'),
+    ('242526271112130c61606766bdb2b3b0', '24b36559ea3a9b9b958fe6da3e5b8d85',
+        'a8a9aaabadaeafb0b2b3b4b5b7b8b9ba',
+        'ecb-tbl-128: I=90'),
+    ('4b4a4948252627209e9f9091cec9c8cb', '20fd4feaa0e8bf0cce7861d74ef4cb72',
+        'bcbdbebfc1c2c3c4c6c7c8c9cbcccdce',
+        'ecb-tbl-128: I=91'),
+    ('68696a6b6665646b9f9e9998d9e6e7e4', '350e20d5174277b9ec314c501570a11d',
+        'd0d1d2d3d5d6d7d8dadbdcdddfe0e1e2',
+        'ecb-tbl-128: I=92'),
+    ('34353637c5c6c7c0f0f1eeef7c7b7a79', '87a29d61b7c604d238fe73045a7efd57',
+        'e4e5e6e7e9eaebeceeeff0f1f3f4f5f6',
+        'ecb-tbl-128: I=93'),
+    ('32333031c2c1c13f0d0c0b0a050a0b08', '2c3164c1cc7d0064816bdc0faa362c52',
+        'f8f9fafbfdfefe00020304050708090a',
+        'ecb-tbl-128: I=94'),
+    ('cdcccfcebebdbcbbabaaa5a4181f1e1d', '195fe5e8a05a2ed594f6e4400eee10b3',
+        '0c0d0e0f11121314161718191b1c1d1e',
+        'ecb-tbl-128: I=95'),
+    ('212023223635343ba0a1a6a7445b5a59', 'e4663df19b9a21a5a284c2bd7f905025',
+        '20212223252627282a2b2c2d2f303132',
+        'ecb-tbl-128: I=96'),
+    ('0e0f0c0da8abaaad2f2e515002050407', '21b88714cfb4e2a933bd281a2c4743fd',
+        '34353637393a3b3c3e3f404143444546',
+        'ecb-tbl-128: I=97'),
+    ('070605042a2928378e8f8889bdb2b3b0', 'cbfc3980d704fd0fc54378ab84e17870',
+        '48494a4b4d4e4f50525354555758595a',
+        'ecb-tbl-128: I=98'),
+    ('cbcac9c893909196a9a8a7a6a5a2a3a0', 'bc5144baa48bdeb8b63e22e03da418ef',
+        '5c5d5e5f61626364666768696b6c6d6e',
+        'ecb-tbl-128: I=99'),
+    ('80818283c1c2c3cc9c9d9a9b0cf3f2f1', '5a1dbaef1ee2984b8395da3bdffa3ccc',
+        '70717273757677787a7b7c7d7f808182',
+        'ecb-tbl-128: I=100'),
+    ('1213101125262720fafbe4e5b1b6b7b4', 'f0b11cd0729dfcc80cec903d97159574',
+        '84858687898a8b8c8e8f909193949596',
+        'ecb-tbl-128: I=101'),
+    ('7f7e7d7c3033320d97969190222d2c2f', '9f95314acfddc6d1914b7f19a9cc8209',
+        '98999a9b9d9e9fa0a2a3a4a5a7a8a9aa',
+        'ecb-tbl-128: I=102'),
+    ('4e4f4c4d484b4a4d81808f8e53545556', '595736f6f0f70914a94e9e007f022519',
+        'acadaeafb1b2b3b4b6b7b8b9bbbcbdbe',
+        'ecb-tbl-128: I=103'),
+    ('dcdddedfb0b3b2bd15141312a1bebfbc', '1f19f57892cae586fcdfb4c694deb183',
+        'c0c1c2c3c5c6c7c8cacbcccdcfd0d1d2',
+        'ecb-tbl-128: I=104'),
+    ('93929190282b2a2dc4c5fafb92959497', '540700ee1f6f3dab0b3eddf6caee1ef5',
+        'd4d5d6d7d9dadbdcdedfe0e1e3e4e5e6',
+        'ecb-tbl-128: I=105'),
+    ('f5f4f7f6c4c7c6d9373631307e717073', '14a342a91019a331687a2254e6626ca2',
+        'e8e9eaebedeeeff0f2f3f4f5f7f8f9fa',
+        'ecb-tbl-128: I=106'),
+    ('93929190b6b5b4b364656a6b05020300', '7b25f3c3b2eea18d743ef283140f29ff',
+        'fcfdfeff01020304060708090b0c0d0e',
+        'ecb-tbl-128: I=107'),
+    ('babbb8b90d0e0f00a4a5a2a3043b3a39', '46c2587d66e5e6fa7f7ca6411ad28047',
+        '10111213151617181a1b1c1d1f202122',
+        'ecb-tbl-128: I=108'),
+    ('d8d9dadb7f7c7d7a10110e0f787f7e7d', '09470e72229d954ed5ee73886dfeeba9',
+        '24252627292a2b2c2e2f303133343536',
+        'ecb-tbl-128: I=109'),
+    ('fefffcfdefeced923b3a3d3c6768696a', 'd77c03de92d4d0d79ef8d4824ef365eb',
+        '38393a3b3d3e3f40424344454748494a',
+        'ecb-tbl-128: I=110'),
+    ('d6d7d4d58a89888f96979899a5a2a3a0', '1d190219f290e0f1715d152d41a23593',
+        '4c4d4e4f51525354565758595b5c5d5e',
+        'ecb-tbl-128: I=111'),
+    ('18191a1ba8abaaa5303136379b848586', 'a2cd332ce3a0818769616292e87f757b',
+        '60616263656667686a6b6c6d6f707172',
+        'ecb-tbl-128: I=112'),
+    ('6b6a6968a4a7a6a1d6d72829b0b7b6b5', 'd54afa6ce60fbf9341a3690e21385102',
+        '74757677797a7b7c7e7f808183848586',
+        'ecb-tbl-128: I=113'),
+    ('000102038a89889755545352a6a9a8ab', '06e5c364ded628a3f5e05e613e356f46',
+        '88898a8b8d8e8f90929394959798999a',
+        'ecb-tbl-128: I=114'),
+    ('2d2c2f2eb3b0b1b6b6b7b8b9f2f5f4f7', 'eae63c0e62556dac85d221099896355a',
+        '9c9d9e9fa1a2a3a4a6a7a8a9abacadae',
+        'ecb-tbl-128: I=115'),
+    ('979695943536373856575051e09f9e9d', '1fed060e2c6fc93ee764403a889985a2',
+        'b0b1b2b3b5b6b7b8babbbcbdbfc0c1c2',
+        'ecb-tbl-128: I=116'),
+    ('a4a5a6a7989b9a9db1b0afae7a7d7c7f', 'c25235c1a30fdec1c7cb5c5737b2a588',
+        'c4c5c6c7c9cacbcccecfd0d1d3d4d5d6',
+        'ecb-tbl-128: I=117'),
+    ('c1c0c3c2686b6a55a8a9aeafeae5e4e7', '796dbef95147d4d30873ad8b7b92efc0',
+        'd8d9dadbdddedfe0e2e3e4e5e7e8e9ea',
+        'ecb-tbl-128: I=118'),
+    ('c1c0c3c2141716118c8d828364636261', 'cbcf0fb34d98d0bd5c22ce37211a46bf',
+        'ecedeeeff1f2f3f4f6f7f8f9fbfcfdfe',
+        'ecb-tbl-128: I=119'),
+    ('93929190cccfcec196979091e0fffefd', '94b44da6466126cafa7c7fd09063fc24',
+        '00010203050607080a0b0c0d0f101112',
+        'ecb-tbl-128: I=120'),
+    ('b4b5b6b7f9fafbfc25241b1a6e69686b', 'd78c5b5ebf9b4dbda6ae506c5074c8fe',
+        '14151617191a1b1c1e1f202123242526',
+        'ecb-tbl-128: I=121'),
+    ('868784850704051ac7c6c1c08788898a', '6c27444c27204b043812cf8cf95f9769',
+        '28292a2b2d2e2f30323334353738393a',
+        'ecb-tbl-128: I=122'),
+    ('f4f5f6f7aaa9a8affdfcf3f277707172', 'be94524ee5a2aa50bba8b75f4c0aebcf',
+        '3c3d3e3f41424344464748494b4c4d4e',
+        'ecb-tbl-128: I=123'),
+    ('d3d2d1d00605040bc3c2c5c43e010003', 'a0aeaae91ba9f31f51aeb3588cf3a39e',
+        '50515253555657585a5b5c5d5f606162',
+        'ecb-tbl-128: I=124'),
+    ('73727170424140476a6b74750d0a0b08', '275297779c28266ef9fe4c6a13c08488',
+        '64656667696a6b6c6e6f707173747576',
+        'ecb-tbl-128: I=125'),
+    ('c2c3c0c10a0908f754555253a1aeafac', '86523d92bb8672cb01cf4a77fd725882',
+        '78797a7b7d7e7f80828384858788898a',
+        'ecb-tbl-128: I=126'),
+    ('6d6c6f6ef8fbfafd82838c8df8fffefd', '4b8327640e9f33322a04dd96fcbf9a36',
+        '8c8d8e8f91929394969798999b9c9d9e',
+        'ecb-tbl-128: I=127'),
+    ('f5f4f7f684878689a6a7a0a1d2cdcccf', 'ce52af650d088ca559425223f4d32694',
+        'a0a1a2a3a5a6a7a8aaabacadafb0b1b2',
+        'ecb-tbl-128: I=128'),
+
+    # ecb_tbl.txt, KEYSIZE=192
+    ('2d33eef2c0430a8a9ebf45e809c40bb6', 'dff4945e0336df4c1c56bc700eff837f',
+        '00010203050607080a0b0c0d0f10111214151617191a1b1c',
+        'ecb-tbl-192: I=1'),
+    ('6aa375d1fa155a61fb72353e0a5a8756', 'b6fddef4752765e347d5d2dc196d1252',
+        '1e1f20212324252628292a2b2d2e2f30323334353738393a',
+        'ecb-tbl-192: I=2'),
+    ('bc3736518b9490dcb8ed60eb26758ed4', 'd23684e3d963b3afcf1a114aca90cbd6',
+        '3c3d3e3f41424344464748494b4c4d4e5051525355565758',
+        'ecb-tbl-192: I=3'),
+    ('aa214402b46cffb9f761ec11263a311e', '3a7ac027753e2a18c2ceab9e17c11fd0',
+        '5a5b5c5d5f60616264656667696a6b6c6e6f707173747576',
+        'ecb-tbl-192: I=4'),
+    ('02aea86e572eeab66b2c3af5e9a46fd6', '8f6786bd007528ba26603c1601cdd0d8',
+        '78797a7b7d7e7f80828384858788898a8c8d8e8f91929394',
+        'ecb-tbl-192: I=5'),
+    ('e2aef6acc33b965c4fa1f91c75ff6f36', 'd17d073b01e71502e28b47ab551168b3',
+        '969798999b9c9d9ea0a1a2a3a5a6a7a8aaabacadafb0b1b2',
+        'ecb-tbl-192: I=6'),
+    ('0659df46427162b9434865dd9499f91d', 'a469da517119fab95876f41d06d40ffa',
+        'b4b5b6b7b9babbbcbebfc0c1c3c4c5c6c8c9cacbcdcecfd0',
+        'ecb-tbl-192: I=7'),
+    ('49a44239c748feb456f59c276a5658df', '6091aa3b695c11f5c0b6ad26d3d862ff',
+        'd2d3d4d5d7d8d9dadcdddedfe1e2e3e4e6e7e8e9ebecedee',
+        'ecb-tbl-192: I=8'),
+    ('66208f6e9d04525bdedb2733b6a6be37', '70f9e67f9f8df1294131662dc6e69364',
+        'f0f1f2f3f5f6f7f8fafbfcfdfe01000204050607090a0b0c',
+        'ecb-tbl-192: I=9'),
+    ('3393f8dfc729c97f5480b950bc9666b0', 'd154dcafad8b207fa5cbc95e9996b559',
+        '0e0f10111314151618191a1b1d1e1f20222324252728292a',
+        'ecb-tbl-192: I=10'),
+    ('606834c8ce063f3234cf1145325dbd71', '4934d541e8b46fa339c805a7aeb9e5da',
+        '2c2d2e2f31323334363738393b3c3d3e4041424345464748',
+        'ecb-tbl-192: I=11'),
+    ('fec1c04f529bbd17d8cecfcc4718b17f', '62564c738f3efe186e1a127a0c4d3c61',
+        '4a4b4c4d4f50515254555657595a5b5c5e5f606163646566',
+        'ecb-tbl-192: I=12'),
+    ('32df99b431ed5dc5acf8caf6dc6ce475', '07805aa043986eb23693e23bef8f3438',
+        '68696a6b6d6e6f70727374757778797a7c7d7e7f81828384',
+        'ecb-tbl-192: I=13'),
+    ('7fdc2b746f3f665296943b83710d1f82', 'df0b4931038bade848dee3b4b85aa44b',
+        '868788898b8c8d8e90919293959697989a9b9c9d9fa0a1a2',
+        'ecb-tbl-192: I=14'),
+    ('8fba1510a3c5b87e2eaa3f7a91455ca2', '592d5fded76582e4143c65099309477c',
+        'a4a5a6a7a9aaabacaeafb0b1b3b4b5b6b8b9babbbdbebfc0',
+        'ecb-tbl-192: I=15'),
+    ('2c9b468b1c2eed92578d41b0716b223b', 'c9b8d6545580d3dfbcdd09b954ed4e92',
+        'c2c3c4c5c7c8c9cacccdcecfd1d2d3d4d6d7d8d9dbdcddde',
+        'ecb-tbl-192: I=16'),
+    ('0a2bbf0efc6bc0034f8a03433fca1b1a', '5dccd5d6eb7c1b42acb008201df707a0',
+        'e0e1e2e3e5e6e7e8eaebecedeff0f1f2f4f5f6f7f9fafbfc',
+        'ecb-tbl-192: I=17'),
+    ('25260e1f31f4104d387222e70632504b', 'a2a91682ffeb6ed1d34340946829e6f9',
+        'fefe01010304050608090a0b0d0e0f10121314151718191a',
+        'ecb-tbl-192: I=18'),
+    ('c527d25a49f08a5228d338642ae65137', 'e45d185b797000348d9267960a68435d',
+        '1c1d1e1f21222324262728292b2c2d2e3031323335363738',
+        'ecb-tbl-192: I=19'),
+    ('3b49fc081432f5890d0e3d87e884a69e', '45e060dae5901cda8089e10d4f4c246b',
+        '3a3b3c3d3f40414244454647494a4b4c4e4f505153545556',
+        'ecb-tbl-192: I=20'),
+    ('d173f9ed1e57597e166931df2754a083', 'f6951afacc0079a369c71fdcff45df50',
+        '58595a5b5d5e5f60626364656768696a6c6d6e6f71727374',
+        'ecb-tbl-192: I=21'),
+    ('8c2b7cafa5afe7f13562daeae1adede0', '9e95e00f351d5b3ac3d0e22e626ddad6',
+        '767778797b7c7d7e80818283858687888a8b8c8d8f909192',
+        'ecb-tbl-192: I=22'),
+    ('aaf4ec8c1a815aeb826cab741339532c', '9cb566ff26d92dad083b51fdc18c173c',
+        '94959697999a9b9c9e9fa0a1a3a4a5a6a8a9aaabadaeafb0',
+        'ecb-tbl-192: I=23'),
+    ('40be8c5d9108e663f38f1a2395279ecf', 'c9c82766176a9b228eb9a974a010b4fb',
+        'd0d1d2d3d5d6d7d8dadbdcdddfe0e1e2e4e5e6e7e9eaebec',
+        'ecb-tbl-192: I=24'),
+    ('0c8ad9bc32d43e04716753aa4cfbe351', 'd8e26aa02945881d5137f1c1e1386e88',
+        '2a2b2c2d2f30313234353637393a3b3c3e3f404143444546',
+        'ecb-tbl-192: I=25'),
+    ('1407b1d5f87d63357c8dc7ebbaebbfee', 'c0e024ccd68ff5ffa4d139c355a77c55',
+        '48494a4b4d4e4f50525354555758595a5c5d5e5f61626364',
+        'ecb-tbl-192: I=26'),
+    ('e62734d1ae3378c4549e939e6f123416', '0b18b3d16f491619da338640df391d43',
+        '84858687898a8b8c8e8f90919394959698999a9b9d9e9fa0',
+        'ecb-tbl-192: I=27'),
+    ('5a752cff2a176db1a1de77f2d2cdee41', 'dbe09ac8f66027bf20cb6e434f252efc',
+        'a2a3a4a5a7a8a9aaacadaeafb1b2b3b4b6b7b8b9bbbcbdbe',
+        'ecb-tbl-192: I=28'),
+    ('a9c8c3a4eabedc80c64730ddd018cd88', '6d04e5e43c5b9cbe05feb9606b6480fe',
+        'c0c1c2c3c5c6c7c8cacbcccdcfd0d1d2d4d5d6d7d9dadbdc',
+        'ecb-tbl-192: I=29'),
+    ('ee9b3dbbdb86180072130834d305999a', 'dd1d6553b96be526d9fee0fbd7176866',
+        '1a1b1c1d1f20212224252627292a2b2c2e2f303133343536',
+        'ecb-tbl-192: I=30'),
+    ('a7fa8c3586b8ebde7568ead6f634a879', '0260ca7e3f979fd015b0dd4690e16d2a',
+        '38393a3b3d3e3f40424344454748494a4c4d4e4f51525354',
+        'ecb-tbl-192: I=31'),
+    ('37e0f4a87f127d45ac936fe7ad88c10a', '9893734de10edcc8a67c3b110b8b8cc6',
+        '929394959798999a9c9d9e9fa1a2a3a4a6a7a8a9abacadae',
+        'ecb-tbl-192: I=32'),
+    ('3f77d8b5d92bac148e4e46f697a535c5', '93b30b750516b2d18808d710c2ee84ef',
+        '464748494b4c4d4e50515253555657585a5b5c5d5f606162',
+        'ecb-tbl-192: I=33'),
+    ('d25ebb686c40f7e2c4da1014936571ca', '16f65fa47be3cb5e6dfe7c6c37016c0e',
+        '828384858788898a8c8d8e8f91929394969798999b9c9d9e',
+        'ecb-tbl-192: I=34'),
+    ('4f1c769d1e5b0552c7eca84dea26a549', 'f3847210d5391e2360608e5acb560581',
+        'a0a1a2a3a5a6a7a8aaabacadafb0b1b2b4b5b6b7b9babbbc',
+        'ecb-tbl-192: I=35'),
+    ('8548e2f882d7584d0fafc54372b6633a', '8754462cd223366d0753913e6af2643d',
+        'bebfc0c1c3c4c5c6c8c9cacbcdcecfd0d2d3d4d5d7d8d9da',
+        'ecb-tbl-192: I=36'),
+    ('87d7a336cb476f177cd2a51af2a62cdf', '1ea20617468d1b806a1fd58145462017',
+        'dcdddedfe1e2e3e4e6e7e8e9ebecedeef0f1f2f3f5f6f7f8',
+        'ecb-tbl-192: I=37'),
+    ('03b1feac668c4e485c1065dfc22b44ee', '3b155d927355d737c6be9dda60136e2e',
+        'fafbfcfdfe01000204050607090a0b0c0e0f101113141516',
+        'ecb-tbl-192: I=38'),
+    ('bda15e66819fa72d653a6866aa287962', '26144f7b66daa91b6333dbd3850502b3',
+        '18191a1b1d1e1f20222324252728292a2c2d2e2f31323334',
+        'ecb-tbl-192: I=39'),
+    ('4d0c7a0d2505b80bf8b62ceb12467f0a', 'e4f9a4ab52ced8134c649bf319ebcc90',
+        '363738393b3c3d3e40414243454647484a4b4c4d4f505152',
+        'ecb-tbl-192: I=40'),
+    ('626d34c9429b37211330986466b94e5f', 'b9ddd29ac6128a6cab121e34a4c62b36',
+        '54555657595a5b5c5e5f60616364656668696a6b6d6e6f70',
+        'ecb-tbl-192: I=41'),
+    ('333c3e6bf00656b088a17e5ff0e7f60a', '6fcddad898f2ce4eff51294f5eaaf5c9',
+        '727374757778797a7c7d7e7f81828384868788898b8c8d8e',
+        'ecb-tbl-192: I=42'),
+    ('687ed0cdc0d2a2bc8c466d05ef9d2891', 'c9a6fe2bf4028080bea6f7fc417bd7e3',
+        '90919293959697989a9b9c9d9fa0a1a2a4a5a6a7a9aaabac',
+        'ecb-tbl-192: I=43'),
+    ('487830e78cc56c1693e64b2a6660c7b6', '6a2026846d8609d60f298a9c0673127f',
+        'aeafb0b1b3b4b5b6b8b9babbbdbebfc0c2c3c4c5c7c8c9ca',
+        'ecb-tbl-192: I=44'),
+    ('7a48d6b7b52b29392aa2072a32b66160', '2cb25c005e26efea44336c4c97a4240b',
+        'cccdcecfd1d2d3d4d6d7d8d9dbdcdddee0e1e2e3e5e6e7e8',
+        'ecb-tbl-192: I=45'),
+    ('907320e64c8c5314d10f8d7a11c8618d', '496967ab8680ddd73d09a0e4c7dcc8aa',
+        'eaebecedeff0f1f2f4f5f6f7f9fafbfcfefe010103040506',
+        'ecb-tbl-192: I=46'),
+    ('b561f2ca2d6e65a4a98341f3ed9ff533', 'd5af94de93487d1f3a8c577cb84a66a4',
+        '08090a0b0d0e0f10121314151718191a1c1d1e1f21222324',
+        'ecb-tbl-192: I=47'),
+    ('df769380d212792d026f049e2e3e48ef', '84bdac569cae2828705f267cc8376e90',
+        '262728292b2c2d2e30313233353637383a3b3c3d3f404142',
+        'ecb-tbl-192: I=48'),
+    ('79f374bc445bdabf8fccb8843d6054c6', 'f7401dda5ad5ab712b7eb5d10c6f99b6',
+        '44454647494a4b4c4e4f50515354555658595a5b5d5e5f60',
+        'ecb-tbl-192: I=49'),
+    ('4e02f1242fa56b05c68dbae8fe44c9d6', '1c9d54318539ebd4c3b5b7e37bf119f0',
+        '626364656768696a6c6d6e6f71727374767778797b7c7d7e',
+        'ecb-tbl-192: I=50'),
+    ('cf73c93cbff57ac635a6f4ad2a4a1545', 'aca572d65fb2764cffd4a6eca090ea0d',
+        '80818283858687888a8b8c8d8f90919294959697999a9b9c',
+        'ecb-tbl-192: I=51'),
+    ('9923548e2875750725b886566784c625', '36d9c627b8c2a886a10ccb36eae3dfbb',
+        '9e9fa0a1a3a4a5a6a8a9aaabadaeafb0b2b3b4b5b7b8b9ba',
+        'ecb-tbl-192: I=52'),
+    ('4888336b723a022c9545320f836a4207', '010edbf5981e143a81d646e597a4a568',
+        'bcbdbebfc1c2c3c4c6c7c8c9cbcccdced0d1d2d3d5d6d7d8',
+        'ecb-tbl-192: I=53'),
+    ('f84d9a5561b0608b1160dee000c41ba8', '8db44d538dc20cc2f40f3067fd298e60',
+        'dadbdcdddfe0e1e2e4e5e6e7e9eaebeceeeff0f1f3f4f5f6',
+        'ecb-tbl-192: I=54'),
+    ('c23192a0418e30a19b45ae3e3625bf22', '930eb53bc71e6ac4b82972bdcd5aafb3',
+        'f8f9fafbfdfefe00020304050708090a0c0d0e0f11121314',
+        'ecb-tbl-192: I=55'),
+    ('b84e0690b28b0025381ad82a15e501a7', '6c42a81edcbc9517ccd89c30c95597b4',
+        '161718191b1c1d1e20212223252627282a2b2c2d2f303132',
+        'ecb-tbl-192: I=56'),
+    ('acef5e5c108876c4f06269f865b8f0b0', 'da389847ad06df19d76ee119c71e1dd3',
+        '34353637393a3b3c3e3f40414344454648494a4b4d4e4f50',
+        'ecb-tbl-192: I=57'),
+    ('0f1b3603e0f5ddea4548246153a5e064', 'e018fdae13d3118f9a5d1a647a3f0462',
+        '525354555758595a5c5d5e5f61626364666768696b6c6d6e',
+        'ecb-tbl-192: I=58'),
+    ('fbb63893450d42b58c6d88cd3c1809e3', '2aa65db36264239d3846180fabdfad20',
+        '70717273757677787a7b7c7d7f80818284858687898a8b8c',
+        'ecb-tbl-192: I=59'),
+    ('4bef736df150259dae0c91354e8a5f92', '1472163e9a4f780f1ceb44b07ecf4fdb',
+        '8e8f90919394959698999a9b9d9e9fa0a2a3a4a5a7a8a9aa',
+        'ecb-tbl-192: I=60'),
+    ('7d2d46242056ef13d3c3fc93c128f4c7', 'c8273fdc8f3a9f72e91097614b62397c',
+        'acadaeafb1b2b3b4b6b7b8b9bbbcbdbec0c1c2c3c5c6c7c8',
+        'ecb-tbl-192: I=61'),
+    ('e9c1ba2df415657a256edb33934680fd', '66c8427dcd733aaf7b3470cb7d976e3f',
+        'cacbcccdcfd0d1d2d4d5d6d7d9dadbdcdedfe0e1e3e4e5e6',
+        'ecb-tbl-192: I=62'),
+    ('e23ee277b0aa0a1dfb81f7527c3514f1', '146131cb17f1424d4f8da91e6f80c1d0',
+        'e8e9eaebedeeeff0f2f3f4f5f7f8f9fafcfdfeff01020304',
+        'ecb-tbl-192: I=63'),
+    ('3e7445b0b63caaf75e4a911e12106b4c', '2610d0ad83659081ae085266a88770dc',
+        '060708090b0c0d0e10111213151617181a1b1c1d1f202122',
+        'ecb-tbl-192: I=64'),
+    ('767774752023222544455a5be6e1e0e3', '38a2b5a974b0575c5d733917fb0d4570',
+        '24252627292a2b2c2e2f30313334353638393a3b3d3e3f40',
+        'ecb-tbl-192: I=65'),
+    ('72737475717e7f7ce9e8ebea696a6b6c', 'e21d401ebc60de20d6c486e4f39a588b',
+        '424344454748494a4c4d4e4f51525354565758595b5c5d5e',
+        'ecb-tbl-192: I=66'),
+    ('dfdedddc25262728c9c8cfcef1eeefec', 'e51d5f88c670b079c0ca1f0c2c4405a2',
+        '60616263656667686a6b6c6d6f70717274757677797a7b7c',
+        'ecb-tbl-192: I=67'),
+    ('fffe0100707776755f5e5d5c7675746b', '246a94788a642fb3d1b823c8762380c8',
+        '7e7f80818384858688898a8b8d8e8f90929394959798999a',
+        'ecb-tbl-192: I=68'),
+    ('e0e1e2e3424140479f9e9190292e2f2c', 'b80c391c5c41a4c3b30c68e0e3d7550f',
+        '9c9d9e9fa1a2a3a4a6a7a8a9abacadaeb0b1b2b3b5b6b7b8',
+        'ecb-tbl-192: I=69'),
+    ('2120272690efeeed3b3a39384e4d4c4b', 'b77c4754fc64eb9a1154a9af0bb1f21c',
+        'babbbcbdbfc0c1c2c4c5c6c7c9cacbcccecfd0d1d3d4d5d6',
+        'ecb-tbl-192: I=70'),
+    ('ecedeeef5350516ea1a0a7a6a3acadae', 'fb554de520d159a06bf219fc7f34a02f',
+        'd8d9dadbdddedfe0e2e3e4e5e7e8e9eaecedeeeff1f2f3f4',
+        'ecb-tbl-192: I=71'),
+    ('32333c3d25222320e9e8ebeacecdccc3', 'a89fba152d76b4927beed160ddb76c57',
+        'f6f7f8f9fbfcfdfe00010203050607080a0b0c0d0f101112',
+        'ecb-tbl-192: I=72'),
+    ('40414243626160678a8bb4b511161714', '5676eab4a98d2e8473b3f3d46424247c',
+        '14151617191a1b1c1e1f20212324252628292a2b2d2e2f30',
+        'ecb-tbl-192: I=73'),
+    ('94959293f5fafbf81f1e1d1c7c7f7e79', '4e8f068bd7ede52a639036ec86c33568',
+        '323334353738393a3c3d3e3f41424344464748494b4c4d4e',
+        'ecb-tbl-192: I=74'),
+    ('bebfbcbd191a1b14cfcec9c8546b6a69', 'f0193c4d7aff1791ee4c07eb4a1824fc',
+        '50515253555657585a5b5c5d5f60616264656667696a6b6c',
+        'ecb-tbl-192: I=75'),
+    ('2c2d3233898e8f8cbbbab9b8333031ce', 'ac8686eeca9ba761afe82d67b928c33f',
+        '6e6f70717374757678797a7b7d7e7f80828384858788898a',
+        'ecb-tbl-192: I=76'),
+    ('84858687bfbcbdba37363938fdfafbf8', '5faf8573e33b145b6a369cd3606ab2c9',
+        '8c8d8e8f91929394969798999b9c9d9ea0a1a2a3a5a6a7a8',
+        'ecb-tbl-192: I=77'),
+    ('828384857669686b909192930b08090e', '31587e9944ab1c16b844ecad0df2e7da',
+        'aaabacadafb0b1b2b4b5b6b7b9babbbcbebfc0c1c3c4c5c6',
+        'ecb-tbl-192: I=78'),
+    ('bebfbcbd9695948b707176779e919093', 'd017fecd91148aba37f6f3068aa67d8a',
+        'c8c9cacbcdcecfd0d2d3d4d5d7d8d9dadcdddedfe1e2e3e4',
+        'ecb-tbl-192: I=79'),
+    ('8b8a85846067666521202322d0d3d2dd', '788ef2f021a73cba2794b616078a8500',
+        'e6e7e8e9ebecedeef0f1f2f3f5f6f7f8fafbfcfdfe010002',
+        'ecb-tbl-192: I=80'),
+    ('76777475f1f2f3f4f8f9e6e777707172', '5d1ef20dced6bcbc12131ac7c54788aa',
+        '04050607090a0b0c0e0f10111314151618191a1b1d1e1f20',
+        'ecb-tbl-192: I=81'),
+    ('a4a5a2a34f404142b4b5b6b727242522', 'b3c8cf961faf9ea05fdde6d1e4d8f663',
+        '222324252728292a2c2d2e2f31323334363738393b3c3d3e',
+        'ecb-tbl-192: I=82'),
+    ('94959697e1e2e3ec16171011839c9d9e', '143075c70605861c7fac6526199e459f',
+        '40414243454647484a4b4c4d4f50515254555657595a5b5c',
+        'ecb-tbl-192: I=83'),
+    ('03023d3c06010003dedfdcddfffcfde2', 'a5ae12eade9a87268d898bfc8fc0252a',
+        '5e5f60616364656668696a6b6d6e6f70727374757778797a',
+        'ecb-tbl-192: I=84'),
+    ('10111213f1f2f3f4cecfc0c1dbdcddde', '0924f7cf2e877a4819f5244a360dcea9',
+        '7c7d7e7f81828384868788898b8c8d8e9091929395969798',
+        'ecb-tbl-192: I=85'),
+    ('67666160724d4c4f1d1c1f1e73707176', '3d9e9635afcc3e291cc7ab3f27d1c99a',
+        '9a9b9c9d9fa0a1a2a4a5a6a7a9aaabacaeafb0b1b3b4b5b6',
+        'ecb-tbl-192: I=86'),
+    ('e6e7e4e5a8abaad584858283909f9e9d', '9d80feebf87510e2b8fb98bb54fd788c',
+        'b8b9babbbdbebfc0c2c3c4c5c7c8c9cacccdcecfd1d2d3d4',
+        'ecb-tbl-192: I=87'),
+    ('71707f7e565150537d7c7f7e6162636c', '5f9d1a082a1a37985f174002eca01309',
+        'd6d7d8d9dbdcdddee0e1e2e3e5e6e7e8eaebecedeff0f1f2',
+        'ecb-tbl-192: I=88'),
+    ('64656667212223245555aaaa03040506', 'a390ebb1d1403930184a44b4876646e4',
+        'f4f5f6f7f9fafbfcfefe01010304050608090a0b0d0e0f10',
+        'ecb-tbl-192: I=89'),
+    ('9e9f9899aba4a5a6cfcecdcc2b28292e', '700fe918981c3195bb6c4bcb46b74e29',
+        '121314151718191a1c1d1e1f21222324262728292b2c2d2e',
+        'ecb-tbl-192: I=90'),
+    ('c7c6c5c4d1d2d3dc626364653a454447', '907984406f7bf2d17fb1eb15b673d747',
+        '30313233353637383a3b3c3d3f40414244454647494a4b4c',
+        'ecb-tbl-192: I=91'),
+    ('f6f7e8e9e0e7e6e51d1c1f1e5b585966', 'c32a956dcfc875c2ac7c7cc8b8cc26e1',
+        '4e4f50515354555658595a5b5d5e5f60626364656768696a',
+        'ecb-tbl-192: I=92'),
+    ('bcbdbebf5d5e5f5868696667f4f3f2f1', '02646e2ebfa9b820cf8424e9b9b6eb51',
+        '6c6d6e6f71727374767778797b7c7d7e8081828385868788',
+        'ecb-tbl-192: I=93'),
+    ('40414647b0afaead9b9a99989b98999e', '621fda3a5bbd54c6d3c685816bd4ead8',
+        '8a8b8c8d8f90919294959697999a9b9c9e9fa0a1a3a4a5a6',
+        'ecb-tbl-192: I=94'),
+    ('69686b6a0201001f0f0e0908b4bbbab9', 'd4e216040426dfaf18b152469bc5ac2f',
+        'a8a9aaabadaeafb0b2b3b4b5b7b8b9babcbdbebfc1c2c3c4',
+        'ecb-tbl-192: I=95'),
+    ('c7c6c9c8d8dfdedd5a5b5859bebdbcb3', '9d0635b9d33b6cdbd71f5d246ea17cc8',
+        'c6c7c8c9cbcccdced0d1d2d3d5d6d7d8dadbdcdddfe0e1e2',
+        'ecb-tbl-192: I=96'),
+    ('dedfdcdd787b7a7dfffee1e0b2b5b4b7', '10abad1bd9bae5448808765583a2cc1a',
+        'e4e5e6e7e9eaebeceeeff0f1f3f4f5f6f8f9fafbfdfefe00',
+        'ecb-tbl-192: I=97'),
+    ('4d4c4b4a606f6e6dd0d1d2d3fbf8f9fe', '6891889e16544e355ff65a793c39c9a8',
+        '020304050708090a0c0d0e0f11121314161718191b1c1d1e',
+        'ecb-tbl-192: I=98'),
+    ('b7b6b5b4d7d4d5dae5e4e3e2e1fefffc', 'cc735582e68072c163cd9ddf46b91279',
+        '20212223252627282a2b2c2d2f30313234353637393a3b3c',
+        'ecb-tbl-192: I=99'),
+    ('cecfb0b1f7f0f1f2aeafacad3e3d3c23', 'c5c68b9aeeb7f878df578efa562f9574',
+        '3e3f40414344454648494a4b4d4e4f50525354555758595a',
+        'ecb-tbl-192: I=100'),
+    ('cacbc8c9cdcecfc812131c1d494e4f4c', '5f4764395a667a47d73452955d0d2ce8',
+        '5c5d5e5f61626364666768696b6c6d6e7071727375767778',
+        'ecb-tbl-192: I=101'),
+    ('9d9c9b9ad22d2c2fb1b0b3b20c0f0e09', '701448331f66106cefddf1eb8267c357',
+        '7a7b7c7d7f80818284858687898a8b8c8e8f909193949596',
+        'ecb-tbl-192: I=102'),
+    ('7a7b787964676659959493924f404142', 'cb3ee56d2e14b4e1941666f13379d657',
+        '98999a9b9d9e9fa0a2a3a4a5a7a8a9aaacadaeafb1b2b3b4',
+        'ecb-tbl-192: I=103'),
+    ('aaaba4a5cec9c8cb1f1e1d1caba8a9a6', '9fe16efd18ab6e1981191851fedb0764',
+        'b6b7b8b9bbbcbdbec0c1c2c3c5c6c7c8cacbcccdcfd0d1d2',
+        'ecb-tbl-192: I=104'),
+    ('93929190282b2a2dc4c5fafb92959497', '3dc9ba24e1b223589b147adceb4c8e48',
+        'd4d5d6d7d9dadbdcdedfe0e1e3e4e5e6e8e9eaebedeeeff0',
+        'ecb-tbl-192: I=105'),
+    ('efeee9e8ded1d0d339383b3a888b8a8d', '1c333032682e7d4de5e5afc05c3e483c',
+        'f2f3f4f5f7f8f9fafcfdfeff01020304060708090b0c0d0e',
+        'ecb-tbl-192: I=106'),
+    ('7f7e7d7ca2a1a0af78797e7f112e2f2c', 'd593cc99a95afef7e92038e05a59d00a',
+        '10111213151617181a1b1c1d1f20212224252627292a2b2c',
+        'ecb-tbl-192: I=107'),
+    ('84859a9b2b2c2d2e868784852625245b', '51e7f96f53b4353923452c222134e1ec',
+        '2e2f30313334353638393a3b3d3e3f40424344454748494a',
+        'ecb-tbl-192: I=108'),
+    ('b0b1b2b3070405026869666710171615', '4075b357a1a2b473400c3b25f32f81a4',
+        '4c4d4e4f51525354565758595b5c5d5e6061626365666768',
+        'ecb-tbl-192: I=109'),
+    ('acadaaabbda2a3a00d0c0f0e595a5b5c', '302e341a3ebcd74f0d55f61714570284',
+        '6a6b6c6d6f70717274757677797a7b7c7e7f808183848586',
+        'ecb-tbl-192: I=110'),
+    ('121310115655544b5253545569666764', '57abdd8231280da01c5042b78cf76522',
+        '88898a8b8d8e8f90929394959798999a9c9d9e9fa1a2a3a4',
+        'ecb-tbl-192: I=111'),
+    ('dedfd0d166616063eaebe8e94142434c', '17f9ea7eea17ac1adf0e190fef799e92',
+        'a6a7a8a9abacadaeb0b1b2b3b5b6b7b8babbbcbdbfc0c1c2',
+        'ecb-tbl-192: I=112'),
+    ('dbdad9d81417161166677879e0e7e6e5', '2e1bdd563dd87ee5c338dd6d098d0a7a',
+        'c4c5c6c7c9cacbcccecfd0d1d3d4d5d6d8d9dadbdddedfe0',
+        'ecb-tbl-192: I=113'),
+    ('6a6b6c6de0efeeed2b2a2928c0c3c2c5', 'eb869996e6f8bfb2bfdd9e0c4504dbb2',
+        'e2e3e4e5e7e8e9eaecedeeeff1f2f3f4f6f7f8f9fbfcfdfe',
+        'ecb-tbl-192: I=114'),
+    ('b1b0b3b21714151a1a1b1c1d5649484b', 'c2e01549e9decf317468b3e018c61ba8',
+        '00010203050607080a0b0c0d0f10111214151617191a1b1c',
+        'ecb-tbl-192: I=115'),
+    ('39380706a3a4a5a6c4c5c6c77271706f', '8da875d033c01dd463b244a1770f4a22',
+        '1e1f20212324252628292a2b2d2e2f30323334353738393a',
+        'ecb-tbl-192: I=116'),
+    ('5c5d5e5f1013121539383736e2e5e4e7', '8ba0dcf3a186844f026d022f8839d696',
+        '3c3d3e3f41424344464748494b4c4d4e5051525355565758',
+        'ecb-tbl-192: I=117'),
+    ('43424544ead5d4d72e2f2c2d64676661', 'e9691ff9a6cc6970e51670a0fd5b88c1',
+        '5a5b5c5d5f60616264656667696a6b6c6e6f707173747576',
+        'ecb-tbl-192: I=118'),
+    ('55545756989b9a65f8f9feff18171615', 'f2baec06faeed30f88ee63ba081a6e5b',
+        '78797a7b7d7e7f80828384858788898a8c8d8e8f91929394',
+        'ecb-tbl-192: I=119'),
+    ('05040b0a525554573c3d3e3f4a494847', '9c39d4c459ae5753394d6094adc21e78',
+        '969798999b9c9d9ea0a1a2a3a5a6a7a8aaabacadafb0b1b2',
+        'ecb-tbl-192: I=120'),
+    ('14151617595a5b5c8584fbfa8e89888b', '6345b532a11904502ea43ba99c6bd2b2',
+        'b4b5b6b7b9babbbcbebfc0c1c3c4c5c6c8c9cacbcdcecfd0',
+        'ecb-tbl-192: I=121'),
+    ('7c7d7a7bfdf2f3f029282b2a51525354', '5ffae3061a95172e4070cedce1e428c8',
+        'd2d3d4d5d7d8d9dadcdddedfe1e2e3e4e6e7e8e9ebecedee',
+        'ecb-tbl-192: I=122'),
+    ('38393a3b1e1d1c1341404746c23d3c3e', '0a4566be4cdf9adce5dec865b5ab34cd',
+        'f0f1f2f3f5f6f7f8fafbfcfdfe01000204050607090a0b0c',
+        'ecb-tbl-192: I=123'),
+    ('8d8c939240474645818083827c7f7e41', 'ca17fcce79b7404f2559b22928f126fb',
+        '0e0f10111314151618191a1b1d1e1f20222324252728292a',
+        'ecb-tbl-192: I=124'),
+    ('3b3a39381a19181f32333c3d45424340', '97ca39b849ed73a6470a97c821d82f58',
+        '2c2d2e2f31323334363738393b3c3d3e4041424345464748',
+        'ecb-tbl-192: I=125'),
+    ('f0f1f6f738272625828380817f7c7d7a', '8198cb06bc684c6d3e9b7989428dcf7a',
+        '4a4b4c4d4f50515254555657595a5b5c5e5f606163646566',
+        'ecb-tbl-192: I=126'),
+    ('89888b8a0407061966676061141b1a19', 'f53c464c705ee0f28d9a4c59374928bd',
+        '68696a6b6d6e6f70727374757778797a7c7d7e7f81828384',
+        'ecb-tbl-192: I=127'),
+    ('d3d2dddcaaadacaf9c9d9e9fe8ebeae5', '9adb3d4cca559bb98c3e2ed73dbf1154',
+        '868788898b8c8d8e90919293959697989a9b9c9d9fa0a1a2',
+        'ecb-tbl-192: I=128'),
+
+    # ecb_tbl.txt, KEYSIZE=256
+    ('834eadfccac7e1b30664b1aba44815ab', '1946dabf6a03a2a2c3d0b05080aed6fc',
+        '00010203050607080a0b0c0d0f10111214151617191a1b1c1e1f202123242526',
+        'ecb-tbl-256: I=1'),
+    ('d9dc4dba3021b05d67c0518f72b62bf1', '5ed301d747d3cc715445ebdec62f2fb4',
+        '28292a2b2d2e2f30323334353738393a3c3d3e3f41424344464748494b4c4d4e',
+        'ecb-tbl-256: I=2'),
+    ('a291d86301a4a739f7392173aa3c604c', '6585c8f43d13a6beab6419fc5935b9d0',
+        '50515253555657585a5b5c5d5f60616264656667696a6b6c6e6f707173747576',
+        'ecb-tbl-256: I=3'),
+    ('4264b2696498de4df79788a9f83e9390', '2a5b56a596680fcc0e05f5e0f151ecae',
+        '78797a7b7d7e7f80828384858788898a8c8d8e8f91929394969798999b9c9d9e',
+        'ecb-tbl-256: I=4'),
+    ('ee9932b3721804d5a83ef5949245b6f6', 'f5d6ff414fd2c6181494d20c37f2b8c4',
+        'a0a1a2a3a5a6a7a8aaabacadafb0b1b2b4b5b6b7b9babbbcbebfc0c1c3c4c5c6',
+        'ecb-tbl-256: I=5'),
+    ('e6248f55c5fdcbca9cbbb01c88a2ea77', '85399c01f59fffb5204f19f8482f00b8',
+        'c8c9cacbcdcecfd0d2d3d4d5d7d8d9dadcdddedfe1e2e3e4e6e7e8e9ebecedee',
+        'ecb-tbl-256: I=6'),
+    ('b8358e41b9dff65fd461d55a99266247', '92097b4c88a041ddf98144bc8d22e8e7',
+        'f0f1f2f3f5f6f7f8fafbfcfdfe01000204050607090a0b0c0e0f101113141516',
+        'ecb-tbl-256: I=7'),
+    ('f0e2d72260af58e21e015ab3a4c0d906', '89bd5b73b356ab412aef9f76cea2d65c',
+        '18191a1b1d1e1f20222324252728292a2c2d2e2f31323334363738393b3c3d3e',
+        'ecb-tbl-256: I=8'),
+    ('475b8b823ce8893db3c44a9f2a379ff7', '2536969093c55ff9454692f2fac2f530',
+        '40414243454647484a4b4c4d4f50515254555657595a5b5c5e5f606163646566',
+        'ecb-tbl-256: I=9'),
+    ('688f5281945812862f5f3076cf80412f', '07fc76a872843f3f6e0081ee9396d637',
+        '68696a6b6d6e6f70727374757778797a7c7d7e7f81828384868788898b8c8d8e',
+        'ecb-tbl-256: I=10'),
+    ('08d1d2bc750af553365d35e75afaceaa', 'e38ba8ec2aa741358dcc93e8f141c491',
+        '90919293959697989a9b9c9d9fa0a1a2a4a5a6a7a9aaabacaeafb0b1b3b4b5b6',
+        'ecb-tbl-256: I=11'),
+    ('8707121f47cc3efceca5f9a8474950a1', 'd028ee23e4a89075d0b03e868d7d3a42',
+        'b8b9babbbdbebfc0c2c3c4c5c7c8c9cacccdcecfd1d2d3d4d6d7d8d9dbdcddde',
+        'ecb-tbl-256: I=12'),
+    ('e51aa0b135dba566939c3b6359a980c5', '8cd9423dfc459e547155c5d1d522e540',
+        'e0e1e2e3e5e6e7e8eaebecedeff0f1f2f4f5f6f7f9fafbfcfefe010103040506',
+        'ecb-tbl-256: I=13'),
+    ('069a007fc76a459f98baf917fedf9521', '080e9517eb1677719acf728086040ae3',
+        '08090a0b0d0e0f10121314151718191a1c1d1e1f21222324262728292b2c2d2e',
+        'ecb-tbl-256: I=14'),
+    ('726165c1723fbcf6c026d7d00b091027', '7c1700211a3991fc0ecded0ab3e576b0',
+        '30313233353637383a3b3c3d3f40414244454647494a4b4c4e4f505153545556',
+        'ecb-tbl-256: I=15'),
+    ('d7c544de91d55cfcde1f84ca382200ce', 'dabcbcc855839251db51e224fbe87435',
+        '58595a5b5d5e5f60626364656768696a6c6d6e6f71727374767778797b7c7d7e',
+        'ecb-tbl-256: I=16'),
+    ('fed3c9a161b9b5b2bd611b41dc9da357', '68d56fad0406947a4dd27a7448c10f1d',
+        '80818283858687888a8b8c8d8f90919294959697999a9b9c9e9fa0a1a3a4a5a6',
+        'ecb-tbl-256: I=17'),
+    ('4f634cdc6551043409f30b635832cf82', 'da9a11479844d1ffee24bbf3719a9925',
+        'a8a9aaabadaeafb0b2b3b4b5b7b8b9babcbdbebfc1c2c3c4c6c7c8c9cbcccdce',
+        'ecb-tbl-256: I=18'),
+    ('109ce98db0dfb36734d9f3394711b4e6', '5e4ba572f8d23e738da9b05ba24b8d81',
+        'd0d1d2d3d5d6d7d8dadbdcdddfe0e1e2e4e5e6e7e9eaebeceeeff0f1f3f4f5f6',
+        'ecb-tbl-256: I=19'),
+    ('4ea6dfaba2d8a02ffdffa89835987242', 'a115a2065d667e3f0b883837a6e903f8',
+        '70717273757677787a7b7c7d7f80818284858687898a8b8c8e8f909193949596',
+        'ecb-tbl-256: I=20'),
+    ('5ae094f54af58e6e3cdbf976dac6d9ef', '3e9e90dc33eac2437d86ad30b137e66e',
+        '98999a9b9d9e9fa0a2a3a4a5a7a8a9aaacadaeafb1b2b3b4b6b7b8b9bbbcbdbe',
+        'ecb-tbl-256: I=21'),
+    ('764d8e8e0f29926dbe5122e66354fdbe', '01ce82d8fbcdae824cb3c48e495c3692',
+        'c0c1c2c3c5c6c7c8cacbcccdcfd0d1d2d4d5d6d7d9dadbdcdedfe0e1e3e4e5e6',
+        'ecb-tbl-256: I=22'),
+    ('3f0418f888cdf29a982bf6b75410d6a9', '0c9cff163ce936faaf083cfd3dea3117',
+        'e8e9eaebedeeeff0f2f3f4f5f7f8f9fafcfdfeff01020304060708090b0c0d0e',
+        'ecb-tbl-256: I=23'),
+    ('e4a3e7cb12cdd56aa4a75197a9530220', '5131ba9bd48f2bba85560680df504b52',
+        '10111213151617181a1b1c1d1f20212224252627292a2b2c2e2f303133343536',
+        'ecb-tbl-256: I=24'),
+    ('211677684aac1ec1a160f44c4ebf3f26', '9dc503bbf09823aec8a977a5ad26ccb2',
+        '38393a3b3d3e3f40424344454748494a4c4d4e4f51525354565758595b5c5d5e',
+        'ecb-tbl-256: I=25'),
+    ('d21e439ff749ac8f18d6d4b105e03895', '9a6db0c0862e506a9e397225884041d7',
+        '60616263656667686a6b6c6d6f70717274757677797a7b7c7e7f808183848586',
+        'ecb-tbl-256: I=26'),
+    ('d9f6ff44646c4725bd4c0103ff5552a7', '430bf9570804185e1ab6365fc6a6860c',
+        '88898a8b8d8e8f90929394959798999a9c9d9e9fa1a2a3a4a6a7a8a9abacadae',
+        'ecb-tbl-256: I=27'),
+    ('0b1256c2a00b976250cfc5b0c37ed382', '3525ebc02f4886e6a5a3762813e8ce8a',
+        'b0b1b2b3b5b6b7b8babbbcbdbfc0c1c2c4c5c6c7c9cacbcccecfd0d1d3d4d5d6',
+        'ecb-tbl-256: I=28'),
+    ('b056447ffc6dc4523a36cc2e972a3a79', '07fa265c763779cce224c7bad671027b',
+        'd8d9dadbdddedfe0e2e3e4e5e7e8e9eaecedeeeff1f2f3f4f6f7f8f9fbfcfdfe',
+        'ecb-tbl-256: I=29'),
+    ('5e25ca78f0de55802524d38da3fe4456', 'e8b72b4e8be243438c9fff1f0e205872',
+        '00010203050607080a0b0c0d0f10111214151617191a1b1c1e1f202123242526',
+        'ecb-tbl-256: I=30'),
+    ('a5bcf4728fa5eaad8567c0dc24675f83', '109d4f999a0e11ace1f05e6b22cbcb50',
+        '28292a2b2d2e2f30323334353738393a3c3d3e3f41424344464748494b4c4d4e',
+        'ecb-tbl-256: I=31'),
+    ('814e59f97ed84646b78b2ca022e9ca43', '45a5e8d4c3ed58403ff08d68a0cc4029',
+        '50515253555657585a5b5c5d5f60616264656667696a6b6c6e6f707173747576',
+        'ecb-tbl-256: I=32'),
+    ('15478beec58f4775c7a7f5d4395514d7', '196865964db3d417b6bd4d586bcb7634',
+        '78797a7b7d7e7f80828384858788898a8c8d8e8f91929394969798999b9c9d9e',
+        'ecb-tbl-256: I=33'),
+    ('253548ffca461c67c8cbc78cd59f4756', '60436ad45ac7d30d99195f815d98d2ae',
+        'a0a1a2a3a5a6a7a8aaabacadafb0b1b2b4b5b6b7b9babbbcbebfc0c1c3c4c5c6',
+        'ecb-tbl-256: I=34'),
+    ('fd7ad8d73b9b0f8cc41600640f503d65', 'bb07a23f0b61014b197620c185e2cd75',
+        'c8c9cacbcdcecfd0d2d3d4d5d7d8d9dadcdddedfe1e2e3e4e6e7e8e9ebecedee',
+        'ecb-tbl-256: I=35'),
+    ('06199de52c6cbf8af954cd65830bcd56', '5bc0b2850129c854423aff0751fe343b',
+        'f0f1f2f3f5f6f7f8fafbfcfdfe01000204050607090a0b0c0e0f101113141516',
+        'ecb-tbl-256: I=36'),
+    ('f17c4ffe48e44c61bd891e257e725794', '7541a78f96738e6417d2a24bd2beca40',
+        '18191a1b1d1e1f20222324252728292a2c2d2e2f31323334363738393b3c3d3e',
+        'ecb-tbl-256: I=37'),
+    ('9a5b4a402a3e8a59be6bf5cd8154f029', 'b0a303054412882e464591f1546c5b9e',
+        '40414243454647484a4b4c4d4f50515254555657595a5b5c5e5f606163646566',
+        'ecb-tbl-256: I=38'),
+    ('79bd40b91a7e07dc939d441782ae6b17', '778c06d8a355eeee214fcea14b4e0eef',
+        '68696a6b6d6e6f70727374757778797a7c7d7e7f81828384868788898b8c8d8e',
+        'ecb-tbl-256: I=39'),
+    ('d8ceaaf8976e5fbe1012d8c84f323799', '09614206d15cbace63227d06db6beebb',
+        '90919293959697989a9b9c9d9fa0a1a2a4a5a6a7a9aaabacaeafb0b1b3b4b5b6',
+        'ecb-tbl-256: I=40'),
+    ('3316e2751e2e388b083da23dd6ac3fbe', '41b97fb20e427a9fdbbb358d9262255d',
+        'b8b9babbbdbebfc0c2c3c4c5c7c8c9cacccdcecfd1d2d3d4d6d7d8d9dbdcddde',
+        'ecb-tbl-256: I=41'),
+    ('8b7cfbe37de7dca793521819242c5816', 'c1940f703d845f957652c2d64abd7adf',
+        'e0e1e2e3e5e6e7e8eaebecedeff0f1f2f4f5f6f7f9fafbfcfefe010103040506',
+        'ecb-tbl-256: I=42'),
+    ('f23f033c0eebf8ec55752662fd58ce68', 'd2d44fcdae5332343366db297efcf21b',
+        '08090a0b0d0e0f10121314151718191a1c1d1e1f21222324262728292b2c2d2e',
+        'ecb-tbl-256: I=43'),
+    ('59eb34f6c8bdbacc5fc6ad73a59a1301', 'ea8196b79dbe167b6aa9896e287eed2b',
+        '30313233353637383a3b3c3d3f40414244454647494a4b4c4e4f505153545556',
+        'ecb-tbl-256: I=44'),
+    ('dcde8b6bd5cf7cc22d9505e3ce81261a', 'd6b0b0c4ba6c7dbe5ed467a1e3f06c2d',
+        '58595a5b5d5e5f60626364656768696a6c6d6e6f71727374767778797b7c7d7e',
+        'ecb-tbl-256: I=45'),
+    ('e33cf7e524fed781e7042ff9f4b35dc7', 'ec51eb295250c22c2fb01816fb72bcae',
+        '80818283858687888a8b8c8d8f90919294959697999a9b9c9e9fa0a1a3a4a5a6',
+        'ecb-tbl-256: I=46'),
+    ('27963c8facdf73062867d164df6d064c', 'aded6630a07ce9c7408a155d3bd0d36f',
+        'a8a9aaabadaeafb0b2b3b4b5b7b8b9babcbdbebfc1c2c3c4c6c7c8c9cbcccdce',
+        'ecb-tbl-256: I=47'),
+    ('77b1ce386b551b995f2f2a1da994eef8', '697c9245b9937f32f5d1c82319f0363a',
+        'd0d1d2d3d5d6d7d8dadbdcdddfe0e1e2e4e5e6e7e9eaebeceeeff0f1f3f4f5f6',
+        'ecb-tbl-256: I=48'),
+    ('f083388b013679efcf0bb9b15d52ae5c', 'aad5ad50c6262aaec30541a1b7b5b19c',
+        'f8f9fafbfdfefe00020304050708090a0c0d0e0f11121314161718191b1c1d1e',
+        'ecb-tbl-256: I=49'),
+    ('c5009e0dab55db0abdb636f2600290c8', '7d34b893855341ec625bd6875ac18c0d',
+        '20212223252627282a2b2c2d2f30313234353637393a3b3c3e3f404143444546',
+        'ecb-tbl-256: I=50'),
+    ('7804881e26cd532d8514d3683f00f1b9', '7ef05105440f83862f5d780e88f02b41',
+        '48494a4b4d4e4f50525354555758595a5c5d5e5f61626364666768696b6c6d6e',
+        'ecb-tbl-256: I=51'),
+    ('46cddcd73d1eb53e675ca012870a92a3', 'c377c06403382061af2c9c93a8e70df6',
+        '70717273757677787a7b7c7d7f80818284858687898a8b8c8e8f909193949596',
+        'ecb-tbl-256: I=52'),
+    ('a9fb44062bb07fe130a8e8299eacb1ab', '1dbdb3ffdc052dacc83318853abc6de5',
+        '98999a9b9d9e9fa0a2a3a4a5a7a8a9aaacadaeafb1b2b3b4b6b7b8b9bbbcbdbe',
+        'ecb-tbl-256: I=53'),
+    ('2b6ff8d7a5cc3a28a22d5a6f221af26b', '69a6eab00432517d0bf483c91c0963c7',
+        'c0c1c2c3c5c6c7c8cacbcccdcfd0d1d2d4d5d6d7d9dadbdcdedfe0e1e3e4e5e6',
+        'ecb-tbl-256: I=54'),
+    ('1a9527c29b8add4b0e3e656dbb2af8b4', '0797f41dc217c80446e1d514bd6ab197',
+        'e8e9eaebedeeeff0f2f3f4f5f7f8f9fafcfdfeff01020304060708090b0c0d0e',
+        'ecb-tbl-256: I=55'),
+    ('7f99cf2c75244df015eb4b0c1050aeae', '9dfd76575902a637c01343c58e011a03',
+        '10111213151617181a1b1c1d1f20212224252627292a2b2c2e2f303133343536',
+        'ecb-tbl-256: I=56'),
+    ('e84ff85b0d9454071909c1381646c4ed', 'acf4328ae78f34b9fa9b459747cc2658',
+        '38393a3b3d3e3f40424344454748494a4c4d4e4f51525354565758595b5c5d5e',
+        'ecb-tbl-256: I=57'),
+    ('89afd40f99521280d5399b12404f6db4', 'b0479aea12bac4fe2384cf98995150c6',
+        '60616263656667686a6b6c6d6f70717274757677797a7b7c7e7f808183848586',
+        'ecb-tbl-256: I=58'),
+    ('a09ef32dbc5119a35ab7fa38656f0329', '9dd52789efe3ffb99f33b3da5030109a',
+        '88898a8b8d8e8f90929394959798999a9c9d9e9fa1a2a3a4a6a7a8a9abacadae',
+        'ecb-tbl-256: I=59'),
+    ('61773457f068c376c7829b93e696e716', 'abbb755e4621ef8f1214c19f649fb9fd',
+        'b0b1b2b3b5b6b7b8babbbcbdbfc0c1c2c4c5c6c7c9cacbcccecfd0d1d3d4d5d6',
+        'ecb-tbl-256: I=60'),
+    ('a34f0cae726cce41dd498747d891b967', 'da27fb8174357bce2bed0e7354f380f9',
+        'd8d9dadbdddedfe0e2e3e4e5e7e8e9eaecedeeeff1f2f3f4f6f7f8f9fbfcfdfe',
+        'ecb-tbl-256: I=61'),
+    ('856f59496c7388ee2d2b1a27b7697847', 'c59a0663f0993838f6e5856593bdc5ef',
+        '00010203050607080a0b0c0d0f10111214151617191a1b1c1e1f202123242526',
+        'ecb-tbl-256: I=62'),
+    ('cb090c593ef7720bd95908fb93b49df4', 'ed60b264b5213e831607a99c0ce5e57e',
+        '28292a2b2d2e2f30323334353738393a3c3d3e3f41424344464748494b4c4d4e',
+        'ecb-tbl-256: I=63'),
+    ('a0ac75cd2f1923d460fc4d457ad95baf', 'e50548746846f3eb77b8c520640884ed',
+        '50515253555657585a5b5c5d5f60616264656667696a6b6c6e6f707173747576',
+        'ecb-tbl-256: I=64'),
+    ('2a2b282974777689e8e9eeef525d5c5f', '28282cc7d21d6a2923641e52d188ef0c',
+        '78797a7b7d7e7f80828384858788898a8c8d8e8f91929394969798999b9c9d9e',
+        'ecb-tbl-256: I=65'),
+    ('909192939390919e0f0e09089788898a', '0dfa5b02abb18e5a815305216d6d4f8e',
+        'a0a1a2a3a5a6a7a8aaabacadafb0b1b2b4b5b6b7b9babbbcbebfc0c1c3c4c5c6',
+        'ecb-tbl-256: I=66'),
+    ('777675748d8e8f907170777649464744', '7359635c0eecefe31d673395fb46fb99',
+        'c8c9cacbcdcecfd0d2d3d4d5d7d8d9dadcdddedfe1e2e3e4e6e7e8e9ebecedee',
+        'ecb-tbl-256: I=67'),
+    ('717073720605040b2d2c2b2a05fafbf9', '73c679f7d5aef2745c9737bb4c47fb36',
+        'f0f1f2f3f5f6f7f8fafbfcfdfe01000204050607090a0b0c0e0f101113141516',
+        'ecb-tbl-256: I=68'),
+    ('64656667fefdfcc31b1a1d1ca5aaaba8', 'b192bd472a4d2eafb786e97458967626',
+        '18191a1b1d1e1f20222324252728292a2c2d2e2f31323334363738393b3c3d3e',
+        'ecb-tbl-256: I=69'),
+    ('dbdad9d86a696867b5b4b3b2c8d7d6d5', '0ec327f6c8a2b147598ca3fde61dc6a4',
+        '40414243454647484a4b4c4d4f50515254555657595a5b5c5e5f606163646566',
+        'ecb-tbl-256: I=70'),
+    ('5c5d5e5fe3e0e1fe31303736333c3d3e', 'fc418eb3c41b859b38d4b6f646629729',
+        '68696a6b6d6e6f70727374757778797a7c7d7e7f81828384868788898b8c8d8e',
+        'ecb-tbl-256: I=71'),
+    ('545556574b48494673727574546b6a69', '30249e5ac282b1c981ea64b609f3a154',
+        '90919293959697989a9b9c9d9fa0a1a2a4a5a6a7a9aaabacaeafb0b1b3b4b5b6',
+        'ecb-tbl-256: I=72'),
+    ('ecedeeefc6c5c4bb56575051f5fafbf8', '5e6e08646d12150776bb43c2d78a9703',
+        'b8b9babbbdbebfc0c2c3c4c5c7c8c9cacccdcecfd1d2d3d4d6d7d8d9dbdcddde',
+        'ecb-tbl-256: I=73'),
+    ('464744452724252ac9c8cfced2cdcccf', 'faeb3d5de652cd3447dceb343f30394a',
+        'e0e1e2e3e5e6e7e8eaebecedeff0f1f2f4f5f6f7f9fafbfcfefe010103040506',
+        'ecb-tbl-256: I=74'),
+    ('e6e7e4e54142435c878681801c131211', 'a8e88706823f6993ef80d05c1c7b2cf0',
+        '08090a0b0d0e0f10121314151718191a1c1d1e1f21222324262728292b2c2d2e',
+        'ecb-tbl-256: I=75'),
+    ('72737071cfcccdc2f9f8fffe710e0f0c', '8ced86677e6e00a1a1b15968f2d3cce6',
+        '30313233353637383a3b3c3d3f40414244454647494a4b4c4e4f505153545556',
+        'ecb-tbl-256: I=76'),
+    ('505152537370714ec3c2c5c4010e0f0c', '9fc7c23858be03bdebb84e90db6786a9',
+        '58595a5b5d5e5f60626364656768696a6c6d6e6f71727374767778797b7c7d7e',
+        'ecb-tbl-256: I=77'),
+    ('a8a9aaab5c5f5e51aeafa8a93d222320', 'b4fbd65b33f70d8cf7f1111ac4649c36',
+        '80818283858687888a8b8c8d8f90919294959697999a9b9c9e9fa0a1a3a4a5a6',
+        'ecb-tbl-256: I=78'),
+    ('dedfdcddf6f5f4eb10111617fef1f0f3', 'c5c32d5ed03c4b53cc8c1bd0ef0dbbf6',
+        'a8a9aaabadaeafb0b2b3b4b5b7b8b9babcbdbebfc1c2c3c4c6c7c8c9cbcccdce',
+        'ecb-tbl-256: I=79'),
+    ('bdbcbfbe5e5d5c530b0a0d0cfac5c4c7', 'd1a7f03b773e5c212464b63709c6a891',
+        'd0d1d2d3d5d6d7d8dadbdcdddfe0e1e2e4e5e6e7e9eaebeceeeff0f1f3f4f5f6',
+        'ecb-tbl-256: I=80'),
+    ('8a8b8889050606f8f4f5f2f3636c6d6e', '6b7161d8745947ac6950438ea138d028',
+        'f8f9fafbfdfefe00020304050708090a0c0d0e0f11121314161718191b1c1d1e',
+        'ecb-tbl-256: I=81'),
+    ('a6a7a4a54d4e4f40b2b3b4b539262724', 'fd47a9f7e366ee7a09bc508b00460661',
+        '20212223252627282a2b2c2d2f30313234353637393a3b3c3e3f404143444546',
+        'ecb-tbl-256: I=82'),
+    ('9c9d9e9fe9eaebf40e0f08099b949596', '00d40b003dc3a0d9310b659b98c7e416',
+        '48494a4b4d4e4f50525354555758595a5c5d5e5f61626364666768696b6c6d6e',
+        'ecb-tbl-256: I=83'),
+    ('2d2c2f2e1013121dcccdcacbed121310', 'eea4c79dcc8e2bda691f20ac48be0717',
+        '70717273757677787a7b7c7d7f80818284858687898a8b8c8e8f909193949596',
+        'ecb-tbl-256: I=84'),
+    ('f4f5f6f7edeeefd0eaebecedf7f8f9fa', 'e78f43b11c204403e5751f89d05a2509',
+        '98999a9b9d9e9fa0a2a3a4a5a7a8a9aaacadaeafb1b2b3b4b6b7b8b9bbbcbdbe',
+        'ecb-tbl-256: I=85'),
+    ('3d3c3f3e282b2a2573727574150a0b08', 'd0f0e3d1f1244bb979931e38dd1786ef',
+        'c0c1c2c3c5c6c7c8cacbcccdcfd0d1d2d4d5d6d7d9dadbdcdedfe0e1e3e4e5e6',
+        'ecb-tbl-256: I=86'),
+    ('b6b7b4b5f8fbfae5b4b5b2b3a0afaead', '042e639dc4e1e4dde7b75b749ea6f765',
+        'e8e9eaebedeeeff0f2f3f4f5f7f8f9fafcfdfeff01020304060708090b0c0d0e',
+        'ecb-tbl-256: I=87'),
+    ('b7b6b5b4989b9a95878681809ba4a5a6', 'bc032fdd0efe29503a980a7d07ab46a8',
+        '10111213151617181a1b1c1d1f20212224252627292a2b2c2e2f303133343536',
+        'ecb-tbl-256: I=88'),
+    ('a8a9aaabe5e6e798e9e8efee4748494a', '0c93ac949c0da6446effb86183b6c910',
+        '38393a3b3d3e3f40424344454748494a4c4d4e4f51525354565758595b5c5d5e',
+        'ecb-tbl-256: I=89'),
+    ('ecedeeefd9dadbd4b9b8bfbe657a7b78', 'e0d343e14da75c917b4a5cec4810d7c2',
+        '60616263656667686a6b6c6d6f70717274757677797a7b7c7e7f808183848586',
+        'ecb-tbl-256: I=90'),
+    ('7f7e7d7c696a6b74cacbcccd929d9c9f', '0eafb821748408279b937b626792e619',
+        '88898a8b8d8e8f90929394959798999a9c9d9e9fa1a2a3a4a6a7a8a9abacadae',
+        'ecb-tbl-256: I=91'),
+    ('08090a0b0605040bfffef9f8b9c6c7c4', 'fa1ac6e02d23b106a1fef18b274a553f',
+        'b0b1b2b3b5b6b7b8babbbcbdbfc0c1c2c4c5c6c7c9cacbcccecfd0d1d3d4d5d6',
+        'ecb-tbl-256: I=92'),
+    ('08090a0bf1f2f3ccfcfdfafb68676665', '0dadfe019cd12368075507df33c1a1e9',
+        'd8d9dadbdddedfe0e2e3e4e5e7e8e9eaecedeeeff1f2f3f4f6f7f8f9fbfcfdfe',
+        'ecb-tbl-256: I=93'),
+    ('cacbc8c93a393837050403020d121310', '3a0879b414465d9ffbaf86b33a63a1b9',
+        '00010203050607080a0b0c0d0f10111214151617191a1b1c1e1f202123242526',
+        'ecb-tbl-256: I=94'),
+    ('e9e8ebea8281809f8f8e8988343b3a39', '62199fadc76d0be1805d3ba0b7d914bf',
+        '28292a2b2d2e2f30323334353738393a3c3d3e3f41424344464748494b4c4d4e',
+        'ecb-tbl-256: I=95'),
+    ('515053524645444bd0d1d6d7340b0a09', '1b06d6c5d333e742730130cf78e719b4',
+        '50515253555657585a5b5c5d5f60616264656667696a6b6c6e6f707173747576',
+        'ecb-tbl-256: I=96'),
+    ('42434041ecefee1193929594c6c9c8cb', 'f1f848824c32e9dcdcbf21580f069329',
+        '78797a7b7d7e7f80828384858788898a8c8d8e8f91929394969798999b9c9d9e',
+        'ecb-tbl-256: I=97'),
+    ('efeeedecc2c1c0cf76777071455a5b58', '1a09050cbd684f784d8e965e0782f28a',
+        'a0a1a2a3a5a6a7a8aaabacadafb0b1b2b4b5b6b7b9babbbcbebfc0c1c3c4c5c6',
+        'ecb-tbl-256: I=98'),
+    ('5f5e5d5c3f3c3d221d1c1b1a19161714', '79c2969e7ded2ba7d088f3f320692360',
+        'c8c9cacbcdcecfd0d2d3d4d5d7d8d9dadcdddedfe1e2e3e4e6e7e8e9ebecedee',
+        'ecb-tbl-256: I=99'),
+    ('000102034142434c1c1d1a1b8d727371', '091a658a2f7444c16accb669450c7b63',
+        'f0f1f2f3f5f6f7f8fafbfcfdfe01000204050607090a0b0c0e0f101113141516',
+        'ecb-tbl-256: I=100'),
+    ('8e8f8c8db1b2b38c56575051050a0b08', '97c1e3a72cca65fa977d5ed0e8a7bbfc',
+        '18191a1b1d1e1f20222324252728292a2c2d2e2f31323334363738393b3c3d3e',
+        'ecb-tbl-256: I=101'),
+    ('a7a6a5a4e8ebeae57f7e7978cad5d4d7', '70c430c6db9a17828937305a2df91a2a',
+        '40414243454647484a4b4c4d4f50515254555657595a5b5c5e5f606163646566',
+        'ecb-tbl-256: I=102'),
+    ('8a8b888994979689454443429f909192', '629553457fbe2479098571c7c903fde8',
+        '68696a6b6d6e6f70727374757778797a7c7d7e7f81828384868788898b8c8d8e',
+        'ecb-tbl-256: I=103'),
+    ('8c8d8e8fe0e3e2ed45444342f1cecfcc', 'a25b25a61f612669e7d91265c7d476ba',
+        '90919293959697989a9b9c9d9fa0a1a2a4a5a6a7a9aaabacaeafb0b1b3b4b5b6',
+        'ecb-tbl-256: I=104'),
+    ('fffefdfc4c4f4e31d8d9dedfb6b9b8bb', 'eb7e4e49b8ae0f024570dda293254fed',
+        'b8b9babbbdbebfc0c2c3c4c5c7c8c9cacccdcecfd1d2d3d4d6d7d8d9dbdcddde',
+        'ecb-tbl-256: I=105'),
+    ('fdfcfffecccfcec12f2e29286679787b', '38fe15d61cca84516e924adce5014f67',
+        'e0e1e2e3e5e6e7e8eaebecedeff0f1f2f4f5f6f7f9fafbfcfefe010103040506',
+        'ecb-tbl-256: I=106'),
+    ('67666564bab9b8a77071767719161714', '3ad208492249108c9f3ebeb167ad0583',
+        '08090a0b0d0e0f10121314151718191a1c1d1e1f21222324262728292b2c2d2e',
+        'ecb-tbl-256: I=107'),
+    ('9a9b98992d2e2f2084858283245b5a59', '299ba9f9bf5ab05c3580fc26edd1ed12',
+        '30313233353637383a3b3c3d3f40414244454647494a4b4c4e4f505153545556',
+        'ecb-tbl-256: I=108'),
+    ('a4a5a6a70b0809365c5d5a5b2c232221', '19dc705b857a60fb07717b2ea5717781',
+        '58595a5b5d5e5f60626364656768696a6c6d6e6f71727374767778797b7c7d7e',
+        'ecb-tbl-256: I=109'),
+    ('464744455754555af3f2f5f4afb0b1b2', 'ffc8aeb885b5efcad06b6dbebf92e76b',
+        '80818283858687888a8b8c8d8f90919294959697999a9b9c9e9fa0a1a3a4a5a6',
+        'ecb-tbl-256: I=110'),
+    ('323330317675746b7273747549464744', 'f58900c5e0b385253ff2546250a0142b',
+        'a8a9aaabadaeafb0b2b3b4b5b7b8b9babcbdbebfc1c2c3c4c6c7c8c9cbcccdce',
+        'ecb-tbl-256: I=111'),
+    ('a8a9aaab181b1a15808186872b141516', '2ee67b56280bc462429cee6e3370cbc1',
+        'd0d1d2d3d5d6d7d8dadbdcdddfe0e1e2e4e5e6e7e9eaebeceeeff0f1f3f4f5f6',
+        'ecb-tbl-256: I=112'),
+    ('e7e6e5e4202323ddaaabacad343b3a39', '20db650a9c8e9a84ab4d25f7edc8f03f',
+        'f8f9fafbfdfefe00020304050708090a0c0d0e0f11121314161718191b1c1d1e',
+        'ecb-tbl-256: I=113'),
+    ('a8a9aaab2221202fedecebea1e010003', '3c36da169525cf818843805f25b78ae5',
+        '20212223252627282a2b2c2d2f30313234353637393a3b3c3e3f404143444546',
+        'ecb-tbl-256: I=114'),
+    ('f9f8fbfa5f5c5d42424344450e010003', '9a781d960db9e45e37779042fea51922',
+        '48494a4b4d4e4f50525354555758595a5c5d5e5f61626364666768696b6c6d6e',
+        'ecb-tbl-256: I=115'),
+    ('57565554f5f6f7f89697909120dfdedd', '6560395ec269c672a3c288226efdba77',
+        '70717273757677787a7b7c7d7f80818284858687898a8b8c8e8f909193949596',
+        'ecb-tbl-256: I=116'),
+    ('f8f9fafbcccfcef1dddcdbda0e010003', '8c772b7a189ac544453d5916ebb27b9a',
+        '98999a9b9d9e9fa0a2a3a4a5a7a8a9aaacadaeafb1b2b3b4b6b7b8b9bbbcbdbe',
+        'ecb-tbl-256: I=117'),
+    ('d9d8dbda7073727d80818687c2dddcdf', '77ca5468cc48e843d05f78eed9d6578f',
+        'c0c1c2c3c5c6c7c8cacbcccdcfd0d1d2d4d5d6d7d9dadbdcdedfe0e1e3e4e5e6',
+        'ecb-tbl-256: I=118'),
+    ('c5c4c7c6080b0a1588898e8f68676665', '72cdcc71dc82c60d4429c9e2d8195baa',
+        'e8e9eaebedeeeff0f2f3f4f5f7f8f9fafcfdfeff01020304060708090b0c0d0e',
+        'ecb-tbl-256: I=119'),
+    ('83828180dcdfded186878081f0cfcecd', '8080d68ce60e94b40b5b8b69eeb35afa',
+        '10111213151617181a1b1c1d1f20212224252627292a2b2c2e2f303133343536',
+        'ecb-tbl-256: I=120'),
+    ('98999a9bdddedfa079787f7e0a050407', '44222d3cde299c04369d58ac0eba1e8e',
+        '38393a3b3d3e3f40424344454748494a4c4d4e4f51525354565758595b5c5d5e',
+        'ecb-tbl-256: I=121'),
+    ('cecfcccd4f4c4d429f9e9998dfc0c1c2', '9b8721b0a8dfc691c5bc5885dbfcb27a',
+        '60616263656667686a6b6c6d6f70717274757677797a7b7c7e7f808183848586',
+        'ecb-tbl-256: I=122'),
+    ('404142436665647b29282f2eaba4a5a6', '0dc015ce9a3a3414b5e62ec643384183',
+        '88898a8b8d8e8f90929394959798999a9c9d9e9fa1a2a3a4a6a7a8a9abacadae',
+        'ecb-tbl-256: I=123'),
+    ('33323130e6e5e4eb23222524dea1a0a3', '705715448a8da412025ce38345c2a148',
+        'b0b1b2b3b5b6b7b8babbbcbdbfc0c1c2c4c5c6c7c9cacbcccecfd0d1d3d4d5d6',
+        'ecb-tbl-256: I=124'),
+    ('cfcecdccf6f5f4cbe6e7e0e199969794', 'c32b5b0b6fbae165266c569f4b6ecf0b',
+        'd8d9dadbdddedfe0e2e3e4e5e7e8e9eaecedeeeff1f2f3f4f6f7f8f9fbfcfdfe',
+        'ecb-tbl-256: I=125'),
+    ('babbb8b97271707fdcdddadb29363734', '4dca6c75192a01ddca9476af2a521e87',
+        '00010203050607080a0b0c0d0f10111214151617191a1b1c1e1f202123242526',
+        'ecb-tbl-256: I=126'),
+    ('c9c8cbca4447465926272021545b5a59', '058691e627ecbc36ac07b6db423bd698',
+        '28292a2b2d2e2f30323334353738393a3c3d3e3f41424344464748494b4c4d4e',
+        'ecb-tbl-256: I=127'),
+    ('050407067477767956575051221d1c1f', '7444527095838fe080fc2bcdd30847eb',
+        '50515253555657585a5b5c5d5f60616264656667696a6b6c6e6f707173747576',
+        'ecb-tbl-256: I=128'),
+
+    # FIPS PUB 800-38A test vectors, 2001 edition. Annex F.
+
+    ('6bc1bee22e409f96e93d7e117393172a'+'ae2d8a571e03ac9c9eb76fac45af8e51'+
+     '30c81c46a35ce411e5fbc1191a0a52ef'+'f69f2445df4f9b17ad2b417be66c3710',
+     '3ad77bb40d7a3660a89ecaf32466ef97'+'f5d3d58503b9699de785895a96fdbaaf'+
+     '43b1cd7f598ece23881b00e3ed030688'+'7b0c785e27e8ad3f8223207104725dd4',
+     '2b7e151628aed2a6abf7158809cf4f3c',
+     'NIST 800-38A, F.1.1, ECB and AES-128'),
+
+    ('6bc1bee22e409f96e93d7e117393172a'+'ae2d8a571e03ac9c9eb76fac45af8e51'+
+     '30c81c46a35ce411e5fbc1191a0a52ef'+'f69f2445df4f9b17ad2b417be66c3710',
+     'bd334f1d6e45f25ff712a214571fa5cc'+'974104846d0ad3ad7734ecb3ecee4eef'+
+     'ef7afd2270e2e60adce0ba2face6444e'+'9a4b41ba738d6c72fb16691603c18e0e',
+     '8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b',
+     'NIST 800-38A, F.1.3, ECB and AES-192'),
+
+    ('6bc1bee22e409f96e93d7e117393172a'+'ae2d8a571e03ac9c9eb76fac45af8e51'+
+     '30c81c46a35ce411e5fbc1191a0a52ef'+'f69f2445df4f9b17ad2b417be66c3710',
+     'f3eed1bdb5d2a03c064b5a7e3db181f8'+'591ccb10d410ed26dc5ba74a31362870'+
+     'b6ed21b99ca6f4f9f153e7b1beafed1d'+'23304b7a39f9f3ff067d8d8f9e24ecc7',
+     '603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4',
+     'NIST 800-38A, F.1.3, ECB and AES-256'),
+
+    ('6bc1bee22e409f96e93d7e117393172a'+'ae2d8a571e03ac9c9eb76fac45af8e51'+
+     '30c81c46a35ce411e5fbc1191a0a52ef'+'f69f2445df4f9b17ad2b417be66c3710',
+     '7649abac8119b246cee98e9b12e9197d'+'5086cb9b507219ee95db113a917678b2'+
+     '73bed6b8e3c1743b7116e69e22229516'+'3ff1caa1681fac09120eca307586e1a7',
+     '2b7e151628aed2a6abf7158809cf4f3c',
+     'NIST 800-38A, F.2.1, CBC and AES-128',
+     dict(mode='CBC', iv='000102030405060708090a0b0c0d0e0f')),
+
+    ('6bc1bee22e409f96e93d7e117393172a'+'ae2d8a571e03ac9c9eb76fac45af8e51'+
+     '30c81c46a35ce411e5fbc1191a0a52ef'+'f69f2445df4f9b17ad2b417be66c3710',
+     '4f021db243bc633d7178183a9fa071e8'+'b4d9ada9ad7dedf4e5e738763f69145a'+
+     '571b242012fb7ae07fa9baac3df102e0'+'08b0e27988598881d920a9e64f5615cd',
+     '8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b',
+     'NIST 800-38A, F.2.1, CBC and AES-192',
+     dict(mode='CBC', iv='000102030405060708090a0b0c0d0e0f')),
+
+    ('6bc1bee22e409f96e93d7e117393172a'+'ae2d8a571e03ac9c9eb76fac45af8e51'+
+     '30c81c46a35ce411e5fbc1191a0a52ef'+'f69f2445df4f9b17ad2b417be66c3710',
+     'f58c4c04d6e5f1ba779eabfb5f7bfbd6'+'9cfc4e967edb808d679f777bc6702c7d'+
+     '39f23369a9d9bacfa530e26304231461'+'b2eb05e2c39be9fcda6c19078c6a9d1b',
+     '603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4',
+     'NIST 800-38A, F.2.1, CBC and AES-256',
+     dict(mode='CBC', iv='000102030405060708090a0b0c0d0e0f')),
+
+    # Skip CFB-1 since it is not supported by PyCrypto
+
+    ('6bc1bee22e409f96e93d7e117393172aae2d','3b79424c9c0dd436bace9e0ed4586a4f32b9',
+     '2b7e151628aed2a6abf7158809cf4f3c',
+     'NIST 800-38A, F.3.7, CFB-8 and AES-128',
+     dict(mode='CFB', iv='000102030405060708090a0b0c0d0e0f', segment_size=8)),
+
+    ('6bc1bee22e409f96e93d7e117393172aae2d','cda2521ef0a905ca44cd057cbf0d47a0678a',
+     '8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b',
+     'NIST 800-38A, F.3.9, CFB-8 and AES-192',
+     dict(mode='CFB', iv='000102030405060708090a0b0c0d0e0f', segment_size=8)),
+
+    ('6bc1bee22e409f96e93d7e117393172aae2d','dc1f1a8520a64db55fcc8ac554844e889700',
+     '603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4',
+     'NIST 800-38A, F.3.11, CFB-8 and AES-256',
+     dict(mode='CFB', iv='000102030405060708090a0b0c0d0e0f', segment_size=8)),
+
+    ('6bc1bee22e409f96e93d7e117393172a'+'ae2d8a571e03ac9c9eb76fac45af8e51'+
+     '30c81c46a35ce411e5fbc1191a0a52ef'+'f69f2445df4f9b17ad2b417be66c3710',
+     '3b3fd92eb72dad20333449f8e83cfb4a'+'c8a64537a0b3a93fcde3cdad9f1ce58b'+
+     '26751f67a3cbb140b1808cf187a4f4df'+'c04b05357c5d1c0eeac4c66f9ff7f2e6',
+     '2b7e151628aed2a6abf7158809cf4f3c',
+     'NIST 800-38A, F.3.13, CFB-128 and AES-128',
+     dict(mode='CFB', iv='000102030405060708090a0b0c0d0e0f', segment_size=128)),
+
+    ('6bc1bee22e409f96e93d7e117393172a'+'ae2d8a571e03ac9c9eb76fac45af8e51'+
+     '30c81c46a35ce411e5fbc1191a0a52ef'+'f69f2445df4f9b17ad2b417be66c3710',
+     'cdc80d6fddf18cab34c25909c99a4174'+'67ce7f7f81173621961a2b70171d3d7a'+
+     '2e1e8a1dd59b88b1c8e60fed1efac4c9'+'c05f9f9ca9834fa042ae8fba584b09ff',
+     '8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b',
+     'NIST 800-38A, F.3.15, CFB-128 and AES-192',
+     dict(mode='CFB', iv='000102030405060708090a0b0c0d0e0f', segment_size=128)),
+
+    ('6bc1bee22e409f96e93d7e117393172a'+'ae2d8a571e03ac9c9eb76fac45af8e51'+
+     '30c81c46a35ce411e5fbc1191a0a52ef'+'f69f2445df4f9b17ad2b417be66c3710',
+     'dc7e84bfda79164b7ecd8486985d3860'+'39ffed143b28b1c832113c6331e5407b'+
+     'df10132415e54b92a13ed0a8267ae2f9'+'75a385741ab9cef82031623d55b1e471',
+     '603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4',
+     'NIST 800-38A, F.3.17, CFB-128 and AES-256',
+     dict(mode='CFB', iv='000102030405060708090a0b0c0d0e0f', segment_size=128)),
+
+    ('6bc1bee22e409f96e93d7e117393172a'+'ae2d8a571e03ac9c9eb76fac45af8e51'+
+     '30c81c46a35ce411e5fbc1191a0a52ef'+'f69f2445df4f9b17ad2b417be66c3710',
+     '3b3fd92eb72dad20333449f8e83cfb4a'+'7789508d16918f03f53c52dac54ed825'+
+     '9740051e9c5fecf64344f7a82260edcc'+'304c6528f659c77866a510d9c1d6ae5e',
+     '2b7e151628aed2a6abf7158809cf4f3c',
+     'NIST 800-38A, F.4.1, OFB and AES-128',
+     dict(mode='OFB', iv='000102030405060708090a0b0c0d0e0f')),
+
+    ('6bc1bee22e409f96e93d7e117393172a'+'ae2d8a571e03ac9c9eb76fac45af8e51'+
+     '30c81c46a35ce411e5fbc1191a0a52ef'+'f69f2445df4f9b17ad2b417be66c3710',
+     'cdc80d6fddf18cab34c25909c99a4174'+'fcc28b8d4c63837c09e81700c1100401'+
+     '8d9a9aeac0f6596f559c6d4daf59a5f2'+'6d9f200857ca6c3e9cac524bd9acc92a',
+     '8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b',
+     'NIST 800-38A, F.4.3, OFB and AES-192',
+     dict(mode='OFB', iv='000102030405060708090a0b0c0d0e0f')),
+
+    ('6bc1bee22e409f96e93d7e117393172a'+'ae2d8a571e03ac9c9eb76fac45af8e51'+
+     '30c81c46a35ce411e5fbc1191a0a52ef'+'f69f2445df4f9b17ad2b417be66c3710',
+     'dc7e84bfda79164b7ecd8486985d3860'+'4febdc6740d20b3ac88f6ad82a4fb08d'+
+     '71ab47a086e86eedf39d1c5bba97c408'+'0126141d67f37be8538f5a8be740e484',
+     '603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4',
+     'NIST 800-38A, F.4.5, OFB and AES-256',
+     dict(mode='OFB', iv='000102030405060708090a0b0c0d0e0f')),
+
+    ('6bc1bee22e409f96e93d7e117393172a'+'ae2d8a571e03ac9c9eb76fac45af8e51'+
+     '30c81c46a35ce411e5fbc1191a0a52ef'+'f69f2445df4f9b17ad2b417be66c3710',
+     '874d6191b620e3261bef6864990db6ce'+'9806f66b7970fdff8617187bb9fffdff'+
+     '5ae4df3edbd5d35e5b4f09020db03eab'+'1e031dda2fbe03d1792170a0f3009cee',
+     '2b7e151628aed2a6abf7158809cf4f3c',
+     'NIST 800-38A, F.5.1, CTR and AES-128',
+     dict(mode='CTR', ctr_params=dict(nbits=16, prefix='f0f1f2f3f4f5f6f7f8f9fafbfcfd', initial_value=0xfeff))),
+
+    ('6bc1bee22e409f96e93d7e117393172a'+'ae2d8a571e03ac9c9eb76fac45af8e51'+
+     '30c81c46a35ce411e5fbc1191a0a52ef'+'f69f2445df4f9b17ad2b417be66c3710',
+     '1abc932417521ca24f2b0459fe7e6e0b'+'090339ec0aa6faefd5ccc2c6f4ce8e94'+
+     '1e36b26bd1ebc670d1bd1d665620abf7'+'4f78a7f6d29809585a97daec58c6b050',
+     '8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b',
+     'NIST 800-38A, F.5.3, CTR and AES-192',
+     dict(mode='CTR', ctr_params=dict(nbits=16, prefix='f0f1f2f3f4f5f6f7f8f9fafbfcfd', initial_value=0xfeff))),
+
+    ('6bc1bee22e409f96e93d7e117393172a'+'ae2d8a571e03ac9c9eb76fac45af8e51'+
+     '30c81c46a35ce411e5fbc1191a0a52ef'+'f69f2445df4f9b17ad2b417be66c3710',
+     '601ec313775789a5b7a7f504bbf3d228'+'f443e3ca4d62b59aca84e990cacaf5c5'+
+     '2b0930daa23de94ce87017ba2d84988d'+'dfc9c58db67aada613c2dd08457941a6',
+     '603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4',
+     'NIST 800-38A, F.5.5, CTR and AES-256',
+     dict(mode='CTR', ctr_params=dict(nbits=16, prefix='f0f1f2f3f4f5f6f7f8f9fafbfcfd', initial_value=0xfeff))),
+
+    # RFC 3686 test vectors
+    # This is a list of (plaintext, ciphertext, key[, description[, params]]) tuples.
+    ('53696e676c6520626c6f636b206d7367', 'e4095d4fb7a7b3792d6175a3261311b8',
+        'ae6852f8121067cc4bf7a5765577f39e',
+        'RFC 3686 Test Vector #1: Encrypting 16 octets using AES-CTR with 128-bit key',
+        dict(mode='CTR', ctr_params=dict(nbits=32, prefix='00000030'+'0000000000000000'))),
+    ('000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f',
+        '5104a106168a72d9790d41ee8edad388eb2e1efc46da57c8fce630df9141be28',
+        '7e24067817fae0d743d6ce1f32539163',
+        'RFC 3686 Test Vector #2: Encrypting 32 octets using AES-CTR with 128-bit key',
+        dict(mode='CTR', ctr_params=dict(nbits=32, prefix='006cb6db'+'c0543b59da48d90b'))),
+    ('000102030405060708090a0b0c0d0e0f'+'101112131415161718191a1b1c1d1e1f'+'20212223',
+        'c1cf48a89f2ffdd9cf4652e9efdb72d7'+'4540a42bde6d7836d59a5ceaaef31053'+'25b2072f',
+        '7691be035e5020a8ac6e618529f9a0dc',
+        'RFC 3686 Test Vector #3: Encrypting 36 octets using AES-CTR with 128-bit key',
+        dict(mode='CTR', ctr_params=dict(nbits=32, prefix='00e0017b'+'27777f3f4a1786f0'))),
+    ('53696e676c6520626c6f636b206d7367',
+        '4b55384fe259c9c84e7935a003cbe928',
+        '16af5b145fc9f579c175f93e3bfb0eed'+'863d06ccfdb78515',
+        'RFC 3686 Test Vector #4: Encrypting 16 octets using AES-CTR with 192-bit key',
+        dict(mode='CTR', ctr_params=dict(nbits=32, prefix='00000048'+'36733c147d6d93cb'))),
+    ('000102030405060708090a0b0c0d0e0f'+'101112131415161718191a1b1c1d1e1f',
+        '453243fc609b23327edfaafa7131cd9f'+'8490701c5ad4a79cfc1fe0ff42f4fb00',
+        '7c5cb2401b3dc33c19e7340819e0f69c'+'678c3db8e6f6a91a',
+        'RFC 3686 Test Vector #5: Encrypting 32 octets using AES-CTR with 192-bit key',
+        dict(mode='CTR', ctr_params=dict(nbits=32, prefix='0096b03b'+'020c6eadc2cb500d'))),
+    ('000102030405060708090a0b0c0d0e0f'+'101112131415161718191a1b1c1d1e1f'+'20212223',
+        '96893fc55e5c722f540b7dd1ddf7e758'+'d288bc95c69165884536c811662f2188'+'abee0935',
+        '02bf391ee8ecb159b959617b0965279b'+'f59b60a786d3e0fe',
+        'RFC 3686 Test Vector #6: Encrypting 36 octets using AES-CTR with 192-bit key',
+        dict(mode='CTR', ctr_params=dict(nbits=32, prefix='0007bdfd'+'5cbd60278dcc0912'))),
+    ('53696e676c6520626c6f636b206d7367',
+        '145ad01dbf824ec7560863dc71e3e0c0',
+        '776beff2851db06f4c8a0542c8696f6c'+'6a81af1eec96b4d37fc1d689e6c1c104',
+        'RFC 3686 Test Vector #7: Encrypting 16 octets using AES-CTR with 256-bit key',
+        dict(mode='CTR', ctr_params=dict(nbits=32, prefix='00000060'+'db5672c97aa8f0b2'))),
+    ('000102030405060708090a0b0c0d0e0f'+'101112131415161718191a1b1c1d1e1f',
+        'f05e231b3894612c49ee000b804eb2a9'+'b8306b508f839d6a5530831d9344af1c',
+        'f6d66d6bd52d59bb0796365879eff886'+'c66dd51a5b6a99744b50590c87a23884',
+        'RFC 3686 Test Vector #8: Encrypting 32 octets using AES-CTR with 256-bit key',
+        dict(mode='CTR', ctr_params=dict(nbits=32, prefix='00faac24'+'c1585ef15a43d875'))),
+    ('000102030405060708090a0b0c0d0e0f'+'101112131415161718191a1b1c1d1e1f'+'20212223',
+        'eb6c52821d0bbbf7ce7594462aca4faa'+'b407df866569fd07f48cc0b583d6071f'+'1ec0e6b8',
+        'ff7a617ce69148e4f1726e2f43581de2'+'aa62d9f805532edff1eed687fb54153d',
+        'RFC 3686 Test Vector #9: Encrypting 36 octets using AES-CTR with 256-bit key',
+        dict(mode='CTR', ctr_params=dict(nbits=32, prefix='001cc5b7'+'51a51d70a1c11148'))),
+
+    # The following test vectors have been generated with gpg v1.4.0.
+    # The command line used was:
+    #
+    #    gpg -c -z 0 --cipher-algo AES --passphrase secret_passphrase \
+    #     --disable-mdc --s2k-mode 0 --output ct pt
+    #
+    # As result, the content of the file 'pt' is encrypted with a key derived
+    # from 'secret_passphrase' and written to file 'ct'.
+    # Test vectors must be extracted from 'ct', which is a collection of
+    # TLVs (see RFC4880 for all details):
+    # - the encrypted data (with the encrypted IV as prefix) is the payload
+    #   of the TLV with tag 9 (Symmetrical Encrypted Data Packet).
+    #   This is the ciphertext in the test vector.
+    # - inside the encrypted part, there is a further layer of TLVs. One must
+    #   look for tag 11 (Literal Data  Packet); in its payload, after a short
+    #   but time dependent header, there is the content of file 'pt'.
+    #   In the test vector, the plaintext is the complete set of TLVs that gets
+    #   encrypted. It is not just the content of 'pt'.
+    # - the key is the leftmost 16 bytes of the SHA1 digest of the password.
+    #   The test vector contains such shortened digest.
+    #
+    # Note that encryption uses a clear IV, and decryption an encrypted IV
+    ( 'ac18620270744fb4f647426c61636b4361745768697465436174',   # Plaintext, 'BlackCatWhiteCat'
+      'dc6b9e1f095de609765c59983db5956ae4f63aea7405389d2ebb',   # Ciphertext
+      '5baa61e4c9b93f3f0682250b6cf8331b', # Key (hash of 'password')
+      'GPG Test Vector #1',
+      dict(mode='OPENPGP', iv='3d7d3e62282add7eb203eeba5c800733', encrypted_iv='fd934601ef49cb58b6d9aebca6056bdb96ef' ) ),
+]
+
+def get_tests(config={}):
+    from Crypto.Cipher import AES
+    from common import make_block_tests
+    return make_block_tests(AES, "AES", test_data)
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Cipher/test_ARC2.py b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_ARC2.py
new file mode 100644
index 000000000..b6bc519cb
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_ARC2.py
@@ -0,0 +1,124 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Cipher/ARC2.py: Self-test for the Alleged-RC2 cipher
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Cipher.ARC2"""
+
+__revision__ = "$Id$"
+
+from common import dict     # For compatibility with Python 2.1 and 2.2
+
+import unittest
+from Crypto.Util.py3compat import *
+
+# This is a list of (plaintext, ciphertext, key[, description[, extra_params]]) tuples.
+test_data = [
+    # Test vectors from RFC 2268
+
+    # 63-bit effective key length
+    ('0000000000000000', 'ebb773f993278eff', '0000000000000000',
+        'RFC2268-1', dict(effective_keylen=63)),
+
+    # 64-bit effective key length
+    ('ffffffffffffffff', '278b27e42e2f0d49', 'ffffffffffffffff',
+        'RFC2268-2', dict(effective_keylen=64)),
+    ('1000000000000001', '30649edf9be7d2c2', '3000000000000000',
+        'RFC2268-3', dict(effective_keylen=64)),
+    ('0000000000000000', '61a8a244adacccf0', '88',
+        'RFC2268-4', dict(effective_keylen=64)),
+    ('0000000000000000', '6ccf4308974c267f', '88bca90e90875a',
+        'RFC2268-5', dict(effective_keylen=64)),
+    ('0000000000000000', '1a807d272bbe5db1', '88bca90e90875a7f0f79c384627bafb2',
+        'RFC2268-6', dict(effective_keylen=64)),
+
+    # 128-bit effective key length
+    ('0000000000000000', '2269552ab0f85ca6', '88bca90e90875a7f0f79c384627bafb2',
+        "RFC2268-7", dict(effective_keylen=128)),
+    ('0000000000000000', '5b78d3a43dfff1f1',
+        '88bca90e90875a7f0f79c384627bafb216f80a6f85920584c42fceb0be255daf1e',
+        "RFC2268-8", dict(effective_keylen=129)),
+
+    # Test vectors from PyCrypto 2.0.1's testdata.py
+    # 1024-bit effective key length
+    ('0000000000000000', '624fb3e887419e48', '5068696c6970476c617373',
+        'PCTv201-0'),
+    ('ffffffffffffffff', '79cadef44c4a5a85', '5068696c6970476c617373',
+        'PCTv201-1'),
+    ('0001020304050607', '90411525b34e4c2c', '5068696c6970476c617373',
+        'PCTv201-2'),
+    ('0011223344556677', '078656aaba61cbfb', '5068696c6970476c617373',
+        'PCTv201-3'),
+    ('0000000000000000', 'd7bcc5dbb4d6e56a', 'ffffffffffffffff',
+        'PCTv201-4'),
+    ('ffffffffffffffff', '7259018ec557b357', 'ffffffffffffffff',
+        'PCTv201-5'),
+    ('0001020304050607', '93d20a497f2ccb62', 'ffffffffffffffff',
+        'PCTv201-6'),
+    ('0011223344556677', 'cb15a7f819c0014d', 'ffffffffffffffff',
+        'PCTv201-7'),
+    ('0000000000000000', '63ac98cdf3843a7a', 'ffffffffffffffff5065746572477265656e6177617953e5ffe553',
+        'PCTv201-8'),
+    ('ffffffffffffffff', '3fb49e2fa12371dd', 'ffffffffffffffff5065746572477265656e6177617953e5ffe553',
+        'PCTv201-9'),
+    ('0001020304050607', '46414781ab387d5f', 'ffffffffffffffff5065746572477265656e6177617953e5ffe553',
+        'PCTv201-10'),
+    ('0011223344556677', 'be09dc81feaca271', 'ffffffffffffffff5065746572477265656e6177617953e5ffe553',
+        'PCTv201-11'),
+    ('0000000000000000', 'e64221e608be30ab', '53e5ffe553',
+        'PCTv201-12'),
+    ('ffffffffffffffff', '862bc60fdcd4d9a9', '53e5ffe553',
+        'PCTv201-13'),
+    ('0001020304050607', '6a34da50fa5e47de', '53e5ffe553',
+        'PCTv201-14'),
+    ('0011223344556677', '584644c34503122c', '53e5ffe553',
+        'PCTv201-15'),
+]
+
+class BufferOverflowTest(unittest.TestCase):
+    # Test a buffer overflow found in older versions of PyCrypto
+
+    def setUp(self):
+        global ARC2
+        from Crypto.Cipher import ARC2
+
+    def runTest(self):
+        """ARC2 with keylength > 128"""
+        key = "x" * 16384
+        mode = ARC2.MODE_ECB
+        self.assertRaises(ValueError, ARC2.new, key, mode)
+
+def get_tests(config={}):
+    from Crypto.Cipher import ARC2
+    from common import make_block_tests
+
+    tests = make_block_tests(ARC2, "ARC2", test_data)
+    tests.append(BufferOverflowTest())
+
+    return tests
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Cipher/test_ARC4.py b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_ARC4.py
new file mode 100644
index 000000000..4e039d1c0
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_ARC4.py
@@ -0,0 +1,81 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Cipher/ARC4.py: Self-test for the Alleged-RC4 cipher
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Cipher.ARC4"""
+
+__revision__ = "$Id$"
+
+from Crypto.Util.py3compat import *
+
+# This is a list of (plaintext, ciphertext, key[, description]) tuples.
+test_data = [
+    # Test vectors from Eric Rescorla's message with the subject
+    # "RC4 compatibility testing", sent to the cipherpunks mailing list on
+    # September 13, 1994.
+    # http://cypherpunks.venona.com/date/1994/09/msg00420.html
+
+    ('0123456789abcdef', '75b7878099e0c596', '0123456789abcdef',
+        'Test vector 0'),
+
+    ('0000000000000000', '7494c2e7104b0879', '0123456789abcdef',
+        'Test vector 1'),
+
+    ('0000000000000000', 'de188941a3375d3a', '0000000000000000',
+        'Test vector 2'),
+
+    ('00000000000000000000', 'd6a141a7ec3c38dfbd61', 'ef012345',
+        'Test vector 3'),
+
+    ('01' * 512,
+        '7595c3e6114a09780c4ad452338e1ffd9a1be9498f813d76533449b6778dcad8'
+        + 'c78a8d2ba9ac66085d0e53d59c26c2d1c490c1ebbe0ce66d1b6b1b13b6b919b8'
+        + '47c25a91447a95e75e4ef16779cde8bf0a95850e32af9689444fd377108f98fd'
+        + 'cbd4e726567500990bcc7e0ca3c4aaa304a387d20f3b8fbbcd42a1bd311d7a43'
+        + '03dda5ab078896ae80c18b0af66dff319616eb784e495ad2ce90d7f772a81747'
+        + 'b65f62093b1e0db9e5ba532fafec47508323e671327df9444432cb7367cec82f'
+        + '5d44c0d00b67d650a075cd4b70dedd77eb9b10231b6b5b741347396d62897421'
+        + 'd43df9b42e446e358e9c11a9b2184ecbef0cd8e7a877ef968f1390ec9b3d35a5'
+        + '585cb009290e2fcde7b5ec66d9084be44055a619d9dd7fc3166f9487f7cb2729'
+        + '12426445998514c15d53a18c864ce3a2b7555793988126520eacf2e3066e230c'
+        + '91bee4dd5304f5fd0405b35bd99c73135d3d9bc335ee049ef69b3867bf2d7bd1'
+        + 'eaa595d8bfc0066ff8d31509eb0c6caa006c807a623ef84c3d33c195d23ee320'
+        + 'c40de0558157c822d4b8c569d849aed59d4e0fd7f379586b4b7ff684ed6a189f'
+        + '7486d49b9c4bad9ba24b96abf924372c8a8fffb10d55354900a77a3db5f205e1'
+        + 'b99fcd8660863a159ad4abe40fa48934163ddde542a6585540fd683cbfd8c00f'
+        + '12129a284deacc4cdefe58be7137541c047126c8d49e2755ab181ab7e940b0c0',
+        '0123456789abcdef',
+        "Test vector 4"),
+]
+
+def get_tests(config={}):
+    from Crypto.Cipher import ARC4
+    from common import make_stream_tests
+    return make_stream_tests(ARC4, "ARC4", test_data)
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Cipher/test_Blowfish.py b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_Blowfish.py
new file mode 100644
index 000000000..e8f73a6ab
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_Blowfish.py
@@ -0,0 +1,113 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Cipher/test_Blowfish.py: Self-test for the Blowfish cipher
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Cipher.Blowfish"""
+
+__revision__ = "$Id$"
+
+from Crypto.Util.py3compat import *
+
+# This is a list of (plaintext, ciphertext, key) tuples.
+test_data = [
+    # Test vectors from http://www.schneier.com/code/vectors.txt
+    ('0000000000000000', '4ef997456198dd78', '0000000000000000'),
+    ('ffffffffffffffff', '51866fd5b85ecb8a', 'ffffffffffffffff'),
+    ('1000000000000001', '7d856f9a613063f2', '3000000000000000'),
+    ('1111111111111111', '2466dd878b963c9d', '1111111111111111'),
+    ('1111111111111111', '61f9c3802281b096', '0123456789abcdef'),
+    ('0123456789abcdef', '7d0cc630afda1ec7', '1111111111111111'),
+    ('0000000000000000', '4ef997456198dd78', '0000000000000000'),
+    ('0123456789abcdef', '0aceab0fc6a0a28d', 'fedcba9876543210'),
+    ('01a1d6d039776742', '59c68245eb05282b', '7ca110454a1a6e57'),
+    ('5cd54ca83def57da', 'b1b8cc0b250f09a0', '0131d9619dc1376e'),
+    ('0248d43806f67172', '1730e5778bea1da4', '07a1133e4a0b2686'),
+    ('51454b582ddf440a', 'a25e7856cf2651eb', '3849674c2602319e'),
+    ('42fd443059577fa2', '353882b109ce8f1a', '04b915ba43feb5b6'),
+    ('059b5e0851cf143a', '48f4d0884c379918', '0113b970fd34f2ce'),
+    ('0756d8e0774761d2', '432193b78951fc98', '0170f175468fb5e6'),
+    ('762514b829bf486a', '13f04154d69d1ae5', '43297fad38e373fe'),
+    ('3bdd119049372802', '2eedda93ffd39c79', '07a7137045da2a16'),
+    ('26955f6835af609a', 'd887e0393c2da6e3', '04689104c2fd3b2f'),
+    ('164d5e404f275232', '5f99d04f5b163969', '37d06bb516cb7546'),
+    ('6b056e18759f5cca', '4a057a3b24d3977b', '1f08260d1ac2465e'),
+    ('004bd6ef09176062', '452031c1e4fada8e', '584023641aba6176'),
+    ('480d39006ee762f2', '7555ae39f59b87bd', '025816164629b007'),
+    ('437540c8698f3cfa', '53c55f9cb49fc019', '49793ebc79b3258f'),
+    ('072d43a077075292', '7a8e7bfa937e89a3', '4fb05e1515ab73a7'),
+    ('02fe55778117f12a', 'cf9c5d7a4986adb5', '49e95d6d4ca229bf'),
+    ('1d9d5c5018f728c2', 'd1abb290658bc778', '018310dc409b26d6'),
+    ('305532286d6f295a', '55cb3774d13ef201', '1c587f1c13924fef'),
+    ('0123456789abcdef', 'fa34ec4847b268b2', '0101010101010101'),
+    ('0123456789abcdef', 'a790795108ea3cae', '1f1f1f1f0e0e0e0e'),
+    ('0123456789abcdef', 'c39e072d9fac631d', 'e0fee0fef1fef1fe'),
+    ('ffffffffffffffff', '014933e0cdaff6e4', '0000000000000000'),
+    ('0000000000000000', 'f21e9a77b71c49bc', 'ffffffffffffffff'),
+    ('0000000000000000', '245946885754369a', '0123456789abcdef'),
+    ('ffffffffffffffff', '6b5c5a9c5d9e0a5a', 'fedcba9876543210'),
+    ('fedcba9876543210', 'f9ad597c49db005e', 'f0'),
+    ('fedcba9876543210', 'e91d21c1d961a6d6', 'f0e1'),
+    ('fedcba9876543210', 'e9c2b70a1bc65cf3', 'f0e1d2'),
+    ('fedcba9876543210', 'be1e639408640f05', 'f0e1d2c3'),
+    ('fedcba9876543210', 'b39e44481bdb1e6e', 'f0e1d2c3b4'),
+    ('fedcba9876543210', '9457aa83b1928c0d', 'f0e1d2c3b4a5'),
+    ('fedcba9876543210', '8bb77032f960629d', 'f0e1d2c3b4a596'),
+    ('fedcba9876543210', 'e87a244e2cc85e82', 'f0e1d2c3b4a59687'),
+    ('fedcba9876543210', '15750e7a4f4ec577', 'f0e1d2c3b4a5968778'),
+    ('fedcba9876543210', '122ba70b3ab64ae0', 'f0e1d2c3b4a596877869'),
+    ('fedcba9876543210', '3a833c9affc537f6', 'f0e1d2c3b4a5968778695a'),
+    ('fedcba9876543210', '9409da87a90f6bf2', 'f0e1d2c3b4a5968778695a4b'),
+    ('fedcba9876543210', '884f80625060b8b4', 'f0e1d2c3b4a5968778695a4b3c'),
+    ('fedcba9876543210', '1f85031c19e11968', 'f0e1d2c3b4a5968778695a4b3c2d'),
+    ('fedcba9876543210', '79d9373a714ca34f', 'f0e1d2c3b4a5968778695a4b3c2d1e'),
+    ('fedcba9876543210', '93142887ee3be15c',
+        'f0e1d2c3b4a5968778695a4b3c2d1e0f'),
+    ('fedcba9876543210', '03429e838ce2d14b',
+        'f0e1d2c3b4a5968778695a4b3c2d1e0f00'),
+    ('fedcba9876543210', 'a4299e27469ff67b',
+        'f0e1d2c3b4a5968778695a4b3c2d1e0f0011'),
+    ('fedcba9876543210', 'afd5aed1c1bc96a8',
+        'f0e1d2c3b4a5968778695a4b3c2d1e0f001122'),
+    ('fedcba9876543210', '10851c0e3858da9f',
+        'f0e1d2c3b4a5968778695a4b3c2d1e0f00112233'),
+    ('fedcba9876543210', 'e6f51ed79b9db21f',
+        'f0e1d2c3b4a5968778695a4b3c2d1e0f0011223344'),
+    ('fedcba9876543210', '64a6e14afd36b46f',
+        'f0e1d2c3b4a5968778695a4b3c2d1e0f001122334455'),
+    ('fedcba9876543210', '80c7d7d45a5479ad',
+        'f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566'),
+    ('fedcba9876543210', '05044b62fa52d080',
+        'f0e1d2c3b4a5968778695a4b3c2d1e0f0011223344556677'),
+]
+
+def get_tests(config={}):
+    from Crypto.Cipher import Blowfish
+    from common import make_block_tests
+    return make_block_tests(Blowfish, "Blowfish", test_data)
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Cipher/test_CAST.py b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_CAST.py
new file mode 100644
index 000000000..1cfcec03c
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_CAST.py
@@ -0,0 +1,57 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Cipher/CAST.py: Self-test for the CAST-128 (CAST5) cipher
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Cipher.CAST"""
+
+__revision__ = "$Id$"
+
+from Crypto.Util.py3compat import *
+
+# This is a list of (plaintext, ciphertext, key) tuples.
+test_data = [
+    # Test vectors from RFC 2144, B.1
+    ('0123456789abcdef', '238b4fe5847e44b2',
+        '0123456712345678234567893456789a',
+        '128-bit key'),
+
+    ('0123456789abcdef', 'eb6a711a2c02271b',
+        '01234567123456782345',
+        '80-bit key'),
+
+    ('0123456789abcdef', '7ac816d16e9b302e',
+        '0123456712',
+        '40-bit key'),
+]
+
+def get_tests(config={}):
+    from Crypto.Cipher import CAST
+    from common import make_block_tests
+    return make_block_tests(CAST, "CAST", test_data)
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Cipher/test_DES.py b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_DES.py
new file mode 100644
index 000000000..c5d114b1e
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_DES.py
@@ -0,0 +1,339 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Cipher/DES.py: Self-test for the (Single) DES cipher
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Cipher.DES"""
+
+__revision__ = "$Id$"
+
+from common import dict     # For compatibility with Python 2.1 and 2.2
+from Crypto.Util.py3compat import *
+import unittest
+
+# This is a list of (plaintext, ciphertext, key, description) tuples.
+SP800_17_B1_KEY = '01' * 8
+SP800_17_B2_PT = '00' * 8
+test_data = [
+    # Test vectors from Appendix A of NIST SP 800-17
+    # "Modes of Operation Validation System (MOVS): Requirements and Procedures"
+    # http://csrc.nist.gov/publications/nistpubs/800-17/800-17.pdf
+
+    # Appendix A - "Sample Round Outputs for the DES"
+    ('0000000000000000', '82dcbafbdeab6602', '10316e028c8f3b4a',
+        "NIST SP800-17 A"),
+
+    # Table B.1 - Variable Plaintext Known Answer Test
+    ('8000000000000000', '95f8a5e5dd31d900', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #0'),
+    ('4000000000000000', 'dd7f121ca5015619', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #1'),
+    ('2000000000000000', '2e8653104f3834ea', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #2'),
+    ('1000000000000000', '4bd388ff6cd81d4f', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #3'),
+    ('0800000000000000', '20b9e767b2fb1456', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #4'),
+    ('0400000000000000', '55579380d77138ef', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #5'),
+    ('0200000000000000', '6cc5defaaf04512f', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #6'),
+    ('0100000000000000', '0d9f279ba5d87260', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #7'),
+    ('0080000000000000', 'd9031b0271bd5a0a', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #8'),
+    ('0040000000000000', '424250b37c3dd951', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #9'),
+    ('0020000000000000', 'b8061b7ecd9a21e5', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #10'),
+    ('0010000000000000', 'f15d0f286b65bd28', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #11'),
+    ('0008000000000000', 'add0cc8d6e5deba1', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #12'),
+    ('0004000000000000', 'e6d5f82752ad63d1', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #13'),
+    ('0002000000000000', 'ecbfe3bd3f591a5e', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #14'),
+    ('0001000000000000', 'f356834379d165cd', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #15'),
+    ('0000800000000000', '2b9f982f20037fa9', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #16'),
+    ('0000400000000000', '889de068a16f0be6', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #17'),
+    ('0000200000000000', 'e19e275d846a1298', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #18'),
+    ('0000100000000000', '329a8ed523d71aec', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #19'),
+    ('0000080000000000', 'e7fce22557d23c97', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #20'),
+    ('0000040000000000', '12a9f5817ff2d65d', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #21'),
+    ('0000020000000000', 'a484c3ad38dc9c19', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #22'),
+    ('0000010000000000', 'fbe00a8a1ef8ad72', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #23'),
+    ('0000008000000000', '750d079407521363', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #24'),
+    ('0000004000000000', '64feed9c724c2faf', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #25'),
+    ('0000002000000000', 'f02b263b328e2b60', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #26'),
+    ('0000001000000000', '9d64555a9a10b852', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #27'),
+    ('0000000800000000', 'd106ff0bed5255d7', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #28'),
+    ('0000000400000000', 'e1652c6b138c64a5', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #29'),
+    ('0000000200000000', 'e428581186ec8f46', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #30'),
+    ('0000000100000000', 'aeb5f5ede22d1a36', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #31'),
+    ('0000000080000000', 'e943d7568aec0c5c', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #32'),
+    ('0000000040000000', 'df98c8276f54b04b', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #33'),
+    ('0000000020000000', 'b160e4680f6c696f', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #34'),
+    ('0000000010000000', 'fa0752b07d9c4ab8', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #35'),
+    ('0000000008000000', 'ca3a2b036dbc8502', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #36'),
+    ('0000000004000000', '5e0905517bb59bcf', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #37'),
+    ('0000000002000000', '814eeb3b91d90726', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #38'),
+    ('0000000001000000', '4d49db1532919c9f', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #39'),
+    ('0000000000800000', '25eb5fc3f8cf0621', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #40'),
+    ('0000000000400000', 'ab6a20c0620d1c6f', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #41'),
+    ('0000000000200000', '79e90dbc98f92cca', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #42'),
+    ('0000000000100000', '866ecedd8072bb0e', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #43'),
+    ('0000000000080000', '8b54536f2f3e64a8', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #44'),
+    ('0000000000040000', 'ea51d3975595b86b', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #45'),
+    ('0000000000020000', 'caffc6ac4542de31', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #46'),
+    ('0000000000010000', '8dd45a2ddf90796c', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #47'),
+    ('0000000000008000', '1029d55e880ec2d0', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #48'),
+    ('0000000000004000', '5d86cb23639dbea9', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #49'),
+    ('0000000000002000', '1d1ca853ae7c0c5f', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #50'),
+    ('0000000000001000', 'ce332329248f3228', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #51'),
+    ('0000000000000800', '8405d1abe24fb942', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #52'),
+    ('0000000000000400', 'e643d78090ca4207', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #53'),
+    ('0000000000000200', '48221b9937748a23', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #54'),
+    ('0000000000000100', 'dd7c0bbd61fafd54', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #55'),
+    ('0000000000000080', '2fbc291a570db5c4', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #56'),
+    ('0000000000000040', 'e07c30d7e4e26e12', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #57'),
+    ('0000000000000020', '0953e2258e8e90a1', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #58'),
+    ('0000000000000010', '5b711bc4ceebf2ee', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #59'),
+    ('0000000000000008', 'cc083f1e6d9e85f6', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #60'),
+    ('0000000000000004', 'd2fd8867d50d2dfe', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #61'),
+    ('0000000000000002', '06e7ea22ce92708f', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #62'),
+    ('0000000000000001', '166b40b44aba4bd6', SP800_17_B1_KEY,
+        'NIST SP800-17 B.1 #63'),
+
+    # Table B.2 - Variable Key Known Answer Test
+    (SP800_17_B2_PT, '95a8d72813daa94d', '8001010101010101',
+        'NIST SP800-17 B.2 #0'),
+    (SP800_17_B2_PT, '0eec1487dd8c26d5', '4001010101010101',
+        'NIST SP800-17 B.2 #1'),
+    (SP800_17_B2_PT, '7ad16ffb79c45926', '2001010101010101',
+        'NIST SP800-17 B.2 #2'),
+    (SP800_17_B2_PT, 'd3746294ca6a6cf3', '1001010101010101',
+        'NIST SP800-17 B.2 #3'),
+    (SP800_17_B2_PT, '809f5f873c1fd761', '0801010101010101',
+        'NIST SP800-17 B.2 #4'),
+    (SP800_17_B2_PT, 'c02faffec989d1fc', '0401010101010101',
+        'NIST SP800-17 B.2 #5'),
+    (SP800_17_B2_PT, '4615aa1d33e72f10', '0201010101010101',
+        'NIST SP800-17 B.2 #6'),
+    (SP800_17_B2_PT, '2055123350c00858', '0180010101010101',
+        'NIST SP800-17 B.2 #7'),
+    (SP800_17_B2_PT, 'df3b99d6577397c8', '0140010101010101',
+        'NIST SP800-17 B.2 #8'),
+    (SP800_17_B2_PT, '31fe17369b5288c9', '0120010101010101',
+        'NIST SP800-17 B.2 #9'),
+    (SP800_17_B2_PT, 'dfdd3cc64dae1642', '0110010101010101',
+        'NIST SP800-17 B.2 #10'),
+    (SP800_17_B2_PT, '178c83ce2b399d94', '0108010101010101',
+        'NIST SP800-17 B.2 #11'),
+    (SP800_17_B2_PT, '50f636324a9b7f80', '0104010101010101',
+        'NIST SP800-17 B.2 #12'),
+    (SP800_17_B2_PT, 'a8468ee3bc18f06d', '0102010101010101',
+        'NIST SP800-17 B.2 #13'),
+    (SP800_17_B2_PT, 'a2dc9e92fd3cde92', '0101800101010101',
+        'NIST SP800-17 B.2 #14'),
+    (SP800_17_B2_PT, 'cac09f797d031287', '0101400101010101',
+        'NIST SP800-17 B.2 #15'),
+    (SP800_17_B2_PT, '90ba680b22aeb525', '0101200101010101',
+        'NIST SP800-17 B.2 #16'),
+    (SP800_17_B2_PT, 'ce7a24f350e280b6', '0101100101010101',
+        'NIST SP800-17 B.2 #17'),
+    (SP800_17_B2_PT, '882bff0aa01a0b87', '0101080101010101',
+        'NIST SP800-17 B.2 #18'),
+    (SP800_17_B2_PT, '25610288924511c2', '0101040101010101',
+        'NIST SP800-17 B.2 #19'),
+    (SP800_17_B2_PT, 'c71516c29c75d170', '0101020101010101',
+        'NIST SP800-17 B.2 #20'),
+    (SP800_17_B2_PT, '5199c29a52c9f059', '0101018001010101',
+        'NIST SP800-17 B.2 #21'),
+    (SP800_17_B2_PT, 'c22f0a294a71f29f', '0101014001010101',
+        'NIST SP800-17 B.2 #22'),
+    (SP800_17_B2_PT, 'ee371483714c02ea', '0101012001010101',
+        'NIST SP800-17 B.2 #23'),
+    (SP800_17_B2_PT, 'a81fbd448f9e522f', '0101011001010101',
+        'NIST SP800-17 B.2 #24'),
+    (SP800_17_B2_PT, '4f644c92e192dfed', '0101010801010101',
+        'NIST SP800-17 B.2 #25'),
+    (SP800_17_B2_PT, '1afa9a66a6df92ae', '0101010401010101',
+        'NIST SP800-17 B.2 #26'),
+    (SP800_17_B2_PT, 'b3c1cc715cb879d8', '0101010201010101',
+        'NIST SP800-17 B.2 #27'),
+    (SP800_17_B2_PT, '19d032e64ab0bd8b', '0101010180010101',
+        'NIST SP800-17 B.2 #28'),
+    (SP800_17_B2_PT, '3cfaa7a7dc8720dc', '0101010140010101',
+        'NIST SP800-17 B.2 #29'),
+    (SP800_17_B2_PT, 'b7265f7f447ac6f3', '0101010120010101',
+        'NIST SP800-17 B.2 #30'),
+    (SP800_17_B2_PT, '9db73b3c0d163f54', '0101010110010101',
+        'NIST SP800-17 B.2 #31'),
+    (SP800_17_B2_PT, '8181b65babf4a975', '0101010108010101',
+        'NIST SP800-17 B.2 #32'),
+    (SP800_17_B2_PT, '93c9b64042eaa240', '0101010104010101',
+        'NIST SP800-17 B.2 #33'),
+    (SP800_17_B2_PT, '5570530829705592', '0101010102010101',
+        'NIST SP800-17 B.2 #34'),
+    (SP800_17_B2_PT, '8638809e878787a0', '0101010101800101',
+        'NIST SP800-17 B.2 #35'),
+    (SP800_17_B2_PT, '41b9a79af79ac208', '0101010101400101',
+        'NIST SP800-17 B.2 #36'),
+    (SP800_17_B2_PT, '7a9be42f2009a892', '0101010101200101',
+        'NIST SP800-17 B.2 #37'),
+    (SP800_17_B2_PT, '29038d56ba6d2745', '0101010101100101',
+        'NIST SP800-17 B.2 #38'),
+    (SP800_17_B2_PT, '5495c6abf1e5df51', '0101010101080101',
+        'NIST SP800-17 B.2 #39'),
+    (SP800_17_B2_PT, 'ae13dbd561488933', '0101010101040101',
+        'NIST SP800-17 B.2 #40'),
+    (SP800_17_B2_PT, '024d1ffa8904e389', '0101010101020101',
+        'NIST SP800-17 B.2 #41'),
+    (SP800_17_B2_PT, 'd1399712f99bf02e', '0101010101018001',
+        'NIST SP800-17 B.2 #42'),
+    (SP800_17_B2_PT, '14c1d7c1cffec79e', '0101010101014001',
+        'NIST SP800-17 B.2 #43'),
+    (SP800_17_B2_PT, '1de5279dae3bed6f', '0101010101012001',
+        'NIST SP800-17 B.2 #44'),
+    (SP800_17_B2_PT, 'e941a33f85501303', '0101010101011001',
+        'NIST SP800-17 B.2 #45'),
+    (SP800_17_B2_PT, 'da99dbbc9a03f379', '0101010101010801',
+        'NIST SP800-17 B.2 #46'),
+    (SP800_17_B2_PT, 'b7fc92f91d8e92e9', '0101010101010401',
+        'NIST SP800-17 B.2 #47'),
+    (SP800_17_B2_PT, 'ae8e5caa3ca04e85', '0101010101010201',
+        'NIST SP800-17 B.2 #48'),
+    (SP800_17_B2_PT, '9cc62df43b6eed74', '0101010101010180',
+        'NIST SP800-17 B.2 #49'),
+    (SP800_17_B2_PT, 'd863dbb5c59a91a0', '0101010101010140',
+        'NIST SP800-17 B.2 #50'),
+    (SP800_17_B2_PT, 'a1ab2190545b91d7', '0101010101010120',
+        'NIST SP800-17 B.2 #51'),
+    (SP800_17_B2_PT, '0875041e64c570f7', '0101010101010110',
+        'NIST SP800-17 B.2 #52'),
+    (SP800_17_B2_PT, '5a594528bebef1cc', '0101010101010108',
+        'NIST SP800-17 B.2 #53'),
+    (SP800_17_B2_PT, 'fcdb3291de21f0c0', '0101010101010104',
+        'NIST SP800-17 B.2 #54'),
+    (SP800_17_B2_PT, '869efd7f9f265a09', '0101010101010102',
+        'NIST SP800-17 B.2 #55'),
+]
+
+class RonRivestTest(unittest.TestCase):
+    """ Ronald L. Rivest's DES test, see 
+        http://people.csail.mit.edu/rivest/Destest.txt
+    ABSTRACT
+    --------
+
+    We present a simple way to test the correctness of a DES implementation:
+    Use the recurrence relation:
+
+        X0      =       9474B8E8C73BCA7D (hexadecimal)
+
+        X(i+1)  =       IF  (i is even)  THEN  E(Xi,Xi)  ELSE  D(Xi,Xi)
+
+    to compute a sequence of 64-bit values:  X0, X1, X2, ..., X16.  Here
+    E(X,K)  denotes the DES encryption of  X  using key  K, and  D(X,K)  denotes
+    the DES decryption of  X  using key  K.  If you obtain
+
+        X16     =       1B1A2DDB4C642438
+
+    your implementation does not have any of the 36,568 possible single-fault 
+    errors described herein.
+    """
+    def runTest(self):
+        from Crypto.Cipher import DES
+        from binascii import b2a_hex
+
+        X = []
+        X[0:] = [b('\x94\x74\xB8\xE8\xC7\x3B\xCA\x7D')]
+        
+        for i in range(16):
+            c = DES.new(X[i],DES.MODE_ECB)
+            if not (i&1): # (num&1) returns 1 for odd numbers 
+                X[i+1:] = [c.encrypt(X[i])] # even
+            else:
+                X[i+1:] = [c.decrypt(X[i])] # odd
+
+        self.assertEqual(b2a_hex(X[16]),
+            b2a_hex(b('\x1B\x1A\x2D\xDB\x4C\x64\x24\x38')))
+
+def get_tests(config={}):
+    from Crypto.Cipher import DES
+    from common import make_block_tests
+    return make_block_tests(DES, "DES", test_data) + [RonRivestTest()]
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Cipher/test_DES3.py b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_DES3.py
new file mode 100644
index 000000000..50e969b9d
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_DES3.py
@@ -0,0 +1,333 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Cipher/DES3.py: Self-test for the Triple-DES cipher
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Cipher.DES3"""
+
+__revision__ = "$Id$"
+
+from common import dict     # For compatibility with Python 2.1 and 2.2
+from Crypto.Util.py3compat import *
+from binascii import hexlify
+
+# This is a list of (plaintext, ciphertext, key, description) tuples.
+SP800_20_A1_KEY = '01' * 24
+SP800_20_A2_PT = '00' * 8
+test_data = [
+    # Test vector from Appendix B of NIST SP 800-67
+    # "Recommendation for the Triple Data Encryption Algorithm (TDEA) Block
+    # Cipher"
+    # http://csrc.nist.gov/publications/nistpubs/800-67/SP800-67.pdf
+    ('54686520717566636b2062726f776e20666f78206a756d70',
+        'a826fd8ce53b855fcce21c8112256fe668d5c05dd9b6b900',
+        '0123456789abcdef23456789abcdef01456789abcdef0123',
+        'NIST SP800-67 B.1'),
+
+    # Test vectors "The Multi-block Message Test (MMT) for DES and TDES"
+    # http://csrc.nist.gov/groups/STM/cavp/documents/des/DESMMT.pdf
+    ('326a494cd33fe756', 'b22b8d66de970692',
+        '627f460e08104a1043cd265d5840eaf1313edf97df2a8a8c',
+        'DESMMT #1', dict(mode='CBC', iv='8e29f75ea77e5475')),
+
+    ('84401f78fe6c10876d8ea23094ea5309', '7b1f7c7e3b1c948ebd04a75ffba7d2f5',
+        '37ae5ebf46dff2dc0754b94f31cbb3855e7fd36dc870bfae',
+        'DESMMT #2', dict(mode='CBC', iv='3d1de3cc132e3b65')),
+
+    # Test vectors from Appendix A of NIST SP 800-20
+    # "Modes of Operation Validation System for the Triple Data Encryption
+    # Algorithm (TMOVS): Requirements and Procedures"
+    # http://csrc.nist.gov/publications/nistpubs/800-20/800-20.pdf
+
+    # Table A.1 - Variable Plaintext Known Answer Test
+    ('8000000000000000', '95f8a5e5dd31d900', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #0'),
+    ('4000000000000000', 'dd7f121ca5015619', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #1'),
+    ('2000000000000000', '2e8653104f3834ea', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #2'),
+    ('1000000000000000', '4bd388ff6cd81d4f', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #3'),
+    ('0800000000000000', '20b9e767b2fb1456', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #4'),
+    ('0400000000000000', '55579380d77138ef', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #5'),
+    ('0200000000000000', '6cc5defaaf04512f', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #6'),
+    ('0100000000000000', '0d9f279ba5d87260', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #7'),
+    ('0080000000000000', 'd9031b0271bd5a0a', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #8'),
+    ('0040000000000000', '424250b37c3dd951', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #9'),
+    ('0020000000000000', 'b8061b7ecd9a21e5', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #10'),
+    ('0010000000000000', 'f15d0f286b65bd28', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #11'),
+    ('0008000000000000', 'add0cc8d6e5deba1', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #12'),
+    ('0004000000000000', 'e6d5f82752ad63d1', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #13'),
+    ('0002000000000000', 'ecbfe3bd3f591a5e', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #14'),
+    ('0001000000000000', 'f356834379d165cd', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #15'),
+    ('0000800000000000', '2b9f982f20037fa9', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #16'),
+    ('0000400000000000', '889de068a16f0be6', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #17'),
+    ('0000200000000000', 'e19e275d846a1298', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #18'),
+    ('0000100000000000', '329a8ed523d71aec', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #19'),
+    ('0000080000000000', 'e7fce22557d23c97', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #20'),
+    ('0000040000000000', '12a9f5817ff2d65d', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #21'),
+    ('0000020000000000', 'a484c3ad38dc9c19', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #22'),
+    ('0000010000000000', 'fbe00a8a1ef8ad72', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #23'),
+    ('0000008000000000', '750d079407521363', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #24'),
+    ('0000004000000000', '64feed9c724c2faf', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #25'),
+    ('0000002000000000', 'f02b263b328e2b60', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #26'),
+    ('0000001000000000', '9d64555a9a10b852', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #27'),
+    ('0000000800000000', 'd106ff0bed5255d7', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #28'),
+    ('0000000400000000', 'e1652c6b138c64a5', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #29'),
+    ('0000000200000000', 'e428581186ec8f46', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #30'),
+    ('0000000100000000', 'aeb5f5ede22d1a36', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #31'),
+    ('0000000080000000', 'e943d7568aec0c5c', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #32'),
+    ('0000000040000000', 'df98c8276f54b04b', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #33'),
+    ('0000000020000000', 'b160e4680f6c696f', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #34'),
+    ('0000000010000000', 'fa0752b07d9c4ab8', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #35'),
+    ('0000000008000000', 'ca3a2b036dbc8502', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #36'),
+    ('0000000004000000', '5e0905517bb59bcf', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #37'),
+    ('0000000002000000', '814eeb3b91d90726', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #38'),
+    ('0000000001000000', '4d49db1532919c9f', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #39'),
+    ('0000000000800000', '25eb5fc3f8cf0621', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #40'),
+    ('0000000000400000', 'ab6a20c0620d1c6f', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #41'),
+    ('0000000000200000', '79e90dbc98f92cca', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #42'),
+    ('0000000000100000', '866ecedd8072bb0e', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #43'),
+    ('0000000000080000', '8b54536f2f3e64a8', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #44'),
+    ('0000000000040000', 'ea51d3975595b86b', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #45'),
+    ('0000000000020000', 'caffc6ac4542de31', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #46'),
+    ('0000000000010000', '8dd45a2ddf90796c', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #47'),
+    ('0000000000008000', '1029d55e880ec2d0', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #48'),
+    ('0000000000004000', '5d86cb23639dbea9', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #49'),
+    ('0000000000002000', '1d1ca853ae7c0c5f', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #50'),
+    ('0000000000001000', 'ce332329248f3228', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #51'),
+    ('0000000000000800', '8405d1abe24fb942', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #52'),
+    ('0000000000000400', 'e643d78090ca4207', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #53'),
+    ('0000000000000200', '48221b9937748a23', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #54'),
+    ('0000000000000100', 'dd7c0bbd61fafd54', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #55'),
+    ('0000000000000080', '2fbc291a570db5c4', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #56'),
+    ('0000000000000040', 'e07c30d7e4e26e12', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #57'),
+    ('0000000000000020', '0953e2258e8e90a1', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #58'),
+    ('0000000000000010', '5b711bc4ceebf2ee', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #59'),
+    ('0000000000000008', 'cc083f1e6d9e85f6', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #60'),
+    ('0000000000000004', 'd2fd8867d50d2dfe', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #61'),
+    ('0000000000000002', '06e7ea22ce92708f', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #62'),
+    ('0000000000000001', '166b40b44aba4bd6', SP800_20_A1_KEY,
+        'NIST SP800-20 A.1 #63'),
+
+    # Table A.2 - Variable Key Known Answer Test
+    (SP800_20_A2_PT, '95a8d72813daa94d', '8001010101010101'*3,
+        'NIST SP800-20 A.2 #0'),
+    (SP800_20_A2_PT, '0eec1487dd8c26d5', '4001010101010101'*3,
+        'NIST SP800-20 A.2 #1'),
+    (SP800_20_A2_PT, '7ad16ffb79c45926', '2001010101010101'*3,
+        'NIST SP800-20 A.2 #2'),
+    (SP800_20_A2_PT, 'd3746294ca6a6cf3', '1001010101010101'*3,
+        'NIST SP800-20 A.2 #3'),
+    (SP800_20_A2_PT, '809f5f873c1fd761', '0801010101010101'*3,
+        'NIST SP800-20 A.2 #4'),
+    (SP800_20_A2_PT, 'c02faffec989d1fc', '0401010101010101'*3,
+        'NIST SP800-20 A.2 #5'),
+    (SP800_20_A2_PT, '4615aa1d33e72f10', '0201010101010101'*3,
+        'NIST SP800-20 A.2 #6'),
+    (SP800_20_A2_PT, '2055123350c00858', '0180010101010101'*3,
+        'NIST SP800-20 A.2 #7'),
+    (SP800_20_A2_PT, 'df3b99d6577397c8', '0140010101010101'*3,
+        'NIST SP800-20 A.2 #8'),
+    (SP800_20_A2_PT, '31fe17369b5288c9', '0120010101010101'*3,
+        'NIST SP800-20 A.2 #9'),
+    (SP800_20_A2_PT, 'dfdd3cc64dae1642', '0110010101010101'*3,
+        'NIST SP800-20 A.2 #10'),
+    (SP800_20_A2_PT, '178c83ce2b399d94', '0108010101010101'*3,
+        'NIST SP800-20 A.2 #11'),
+    (SP800_20_A2_PT, '50f636324a9b7f80', '0104010101010101'*3,
+        'NIST SP800-20 A.2 #12'),
+    (SP800_20_A2_PT, 'a8468ee3bc18f06d', '0102010101010101'*3,
+        'NIST SP800-20 A.2 #13'),
+    (SP800_20_A2_PT, 'a2dc9e92fd3cde92', '0101800101010101'*3,
+        'NIST SP800-20 A.2 #14'),
+    (SP800_20_A2_PT, 'cac09f797d031287', '0101400101010101'*3,
+        'NIST SP800-20 A.2 #15'),
+    (SP800_20_A2_PT, '90ba680b22aeb525', '0101200101010101'*3,
+        'NIST SP800-20 A.2 #16'),
+    (SP800_20_A2_PT, 'ce7a24f350e280b6', '0101100101010101'*3,
+        'NIST SP800-20 A.2 #17'),
+    (SP800_20_A2_PT, '882bff0aa01a0b87', '0101080101010101'*3,
+        'NIST SP800-20 A.2 #18'),
+    (SP800_20_A2_PT, '25610288924511c2', '0101040101010101'*3,
+        'NIST SP800-20 A.2 #19'),
+    (SP800_20_A2_PT, 'c71516c29c75d170', '0101020101010101'*3,
+        'NIST SP800-20 A.2 #20'),
+    (SP800_20_A2_PT, '5199c29a52c9f059', '0101018001010101'*3,
+        'NIST SP800-20 A.2 #21'),
+    (SP800_20_A2_PT, 'c22f0a294a71f29f', '0101014001010101'*3,
+        'NIST SP800-20 A.2 #22'),
+    (SP800_20_A2_PT, 'ee371483714c02ea', '0101012001010101'*3,
+        'NIST SP800-20 A.2 #23'),
+    (SP800_20_A2_PT, 'a81fbd448f9e522f', '0101011001010101'*3,
+        'NIST SP800-20 A.2 #24'),
+    (SP800_20_A2_PT, '4f644c92e192dfed', '0101010801010101'*3,
+        'NIST SP800-20 A.2 #25'),
+    (SP800_20_A2_PT, '1afa9a66a6df92ae', '0101010401010101'*3,
+        'NIST SP800-20 A.2 #26'),
+    (SP800_20_A2_PT, 'b3c1cc715cb879d8', '0101010201010101'*3,
+        'NIST SP800-20 A.2 #27'),
+    (SP800_20_A2_PT, '19d032e64ab0bd8b', '0101010180010101'*3,
+        'NIST SP800-20 A.2 #28'),
+    (SP800_20_A2_PT, '3cfaa7a7dc8720dc', '0101010140010101'*3,
+        'NIST SP800-20 A.2 #29'),
+    (SP800_20_A2_PT, 'b7265f7f447ac6f3', '0101010120010101'*3,
+        'NIST SP800-20 A.2 #30'),
+    (SP800_20_A2_PT, '9db73b3c0d163f54', '0101010110010101'*3,
+        'NIST SP800-20 A.2 #31'),
+    (SP800_20_A2_PT, '8181b65babf4a975', '0101010108010101'*3,
+        'NIST SP800-20 A.2 #32'),
+    (SP800_20_A2_PT, '93c9b64042eaa240', '0101010104010101'*3,
+        'NIST SP800-20 A.2 #33'),
+    (SP800_20_A2_PT, '5570530829705592', '0101010102010101'*3,
+        'NIST SP800-20 A.2 #34'),
+    (SP800_20_A2_PT, '8638809e878787a0', '0101010101800101'*3,
+        'NIST SP800-20 A.2 #35'),
+    (SP800_20_A2_PT, '41b9a79af79ac208', '0101010101400101'*3,
+        'NIST SP800-20 A.2 #36'),
+    (SP800_20_A2_PT, '7a9be42f2009a892', '0101010101200101'*3,
+        'NIST SP800-20 A.2 #37'),
+    (SP800_20_A2_PT, '29038d56ba6d2745', '0101010101100101'*3,
+        'NIST SP800-20 A.2 #38'),
+    (SP800_20_A2_PT, '5495c6abf1e5df51', '0101010101080101'*3,
+        'NIST SP800-20 A.2 #39'),
+    (SP800_20_A2_PT, 'ae13dbd561488933', '0101010101040101'*3,
+        'NIST SP800-20 A.2 #40'),
+    (SP800_20_A2_PT, '024d1ffa8904e389', '0101010101020101'*3,
+        'NIST SP800-20 A.2 #41'),
+    (SP800_20_A2_PT, 'd1399712f99bf02e', '0101010101018001'*3,
+        'NIST SP800-20 A.2 #42'),
+    (SP800_20_A2_PT, '14c1d7c1cffec79e', '0101010101014001'*3,
+        'NIST SP800-20 A.2 #43'),
+    (SP800_20_A2_PT, '1de5279dae3bed6f', '0101010101012001'*3,
+        'NIST SP800-20 A.2 #44'),
+    (SP800_20_A2_PT, 'e941a33f85501303', '0101010101011001'*3,
+        'NIST SP800-20 A.2 #45'),
+    (SP800_20_A2_PT, 'da99dbbc9a03f379', '0101010101010801'*3,
+        'NIST SP800-20 A.2 #46'),
+    (SP800_20_A2_PT, 'b7fc92f91d8e92e9', '0101010101010401'*3,
+        'NIST SP800-20 A.2 #47'),
+    (SP800_20_A2_PT, 'ae8e5caa3ca04e85', '0101010101010201'*3,
+        'NIST SP800-20 A.2 #48'),
+    (SP800_20_A2_PT, '9cc62df43b6eed74', '0101010101010180'*3,
+        'NIST SP800-20 A.2 #49'),
+    (SP800_20_A2_PT, 'd863dbb5c59a91a0', '0101010101010140'*3,
+        'NIST SP800-20 A.2 #50'),
+    (SP800_20_A2_PT, 'a1ab2190545b91d7', '0101010101010120'*3,
+        'NIST SP800-20 A.2 #51'),
+    (SP800_20_A2_PT, '0875041e64c570f7', '0101010101010110'*3,
+        'NIST SP800-20 A.2 #52'),
+    (SP800_20_A2_PT, '5a594528bebef1cc', '0101010101010108'*3,
+        'NIST SP800-20 A.2 #53'),
+    (SP800_20_A2_PT, 'fcdb3291de21f0c0', '0101010101010104'*3,
+        'NIST SP800-20 A.2 #54'),
+    (SP800_20_A2_PT, '869efd7f9f265a09', '0101010101010102'*3,
+        'NIST SP800-20 A.2 #55'),
+
+    # "Two-key 3DES".  Test vector generated using PyCrypto 2.0.1.
+    # This test is designed to test the DES3 API, not the correctness of the
+    # output.
+    ('21e81b7ade88a259', '5c577d4d9b20c0f8',
+        '9b397ebf81b1181e282f4bb8adbadc6b', 'Two-key 3DES'),
+
+    # The following test vectors have been generated with gpg v1.4.0.
+    # The command line used was:
+    #    gpg -c -z 0 --cipher-algo 3DES --passphrase secret_passphrase \
+    #     --disable-mdc --s2k-mode 0 --output ct pt
+    # For an explanation, see test_AES.py .
+    ( 'ac1762037074324fb53ba3596f73656d69746556616c6c6579',     # Plaintext, 'YosemiteValley'
+      '9979238528357b90e2e0be549cb0b2d5999b9a4a447e5c5c7d',     # Ciphertext
+      '7ade65b460f5ea9be35f9e14aa883a2048e3824aa616c0b2',       # Key (hash of 'BearsAhead')
+      'GPG Test Vector #1',
+      dict(mode='OPENPGP', iv='cd47e2afb8b7e4b0', encrypted_iv='6a7eef0b58050e8b904a' ) ),
+]
+
+def get_tests(config={}):
+    from Crypto.Cipher import DES3
+    from common import make_block_tests
+    return make_block_tests(DES3, "DES3", test_data)
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Cipher/test_XOR.py b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_XOR.py
new file mode 100644
index 000000000..a4d542aca
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_XOR.py
@@ -0,0 +1,72 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Cipher/XOR.py: Self-test for the XOR "cipher"
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Cipher.XOR"""
+
+import unittest
+
+__revision__ = "$Id$"
+
+from Crypto.Util.py3compat import *
+
+# This is a list of (plaintext, ciphertext, key) tuples.
+test_data = [
+    # Test vectors written from scratch.  (Nobody posts XOR test vectors on the web?  How disappointing.)
+    ('01', '01',
+        '00',
+        'zero key'),
+
+    ('0102040810204080', '0003050911214181',
+        '01',
+        '1-byte key'),
+
+    ('0102040810204080', 'cda8c8a2dc8a8c2a',
+        'ccaa',
+        '2-byte key'),
+
+    ('ff'*64, 'fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0efeeedecebeae9e8e7e6e5e4e3e2e1e0'*2,
+        '000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f',
+        '32-byte key'),
+]
+
+class TruncationSelfTest(unittest.TestCase):
+
+    def runTest(self):
+        """33-byte key (should raise ValueError under current implementation)"""
+        # Crypto.Cipher.XOR previously truncated its inputs at 32 bytes.  Now
+        # it should raise a ValueError if the length is too long.
+        self.assertRaises(ValueError, XOR.new, "x"*33)
+
+def get_tests(config={}):
+    global XOR
+    from Crypto.Cipher import XOR
+    from common import make_stream_tests
+    return make_stream_tests(XOR, "XOR", test_data) + [TruncationSelfTest()]
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Cipher/test_pkcs1_15.py b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_pkcs1_15.py
new file mode 100644
index 000000000..7aa17033b
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_pkcs1_15.py
@@ -0,0 +1,174 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Cipher/test_pkcs1_15.py: Self-test for PKCS#1 v1.5 encryption
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+__revision__ = "$Id$"
+
+import unittest
+import sys
+
+from Crypto.PublicKey import RSA
+from Crypto.SelfTest.st_common import list_test_cases, a2b_hex, b2a_hex
+from Crypto import Random
+from Crypto.Cipher import PKCS1_v1_5 as PKCS
+from Crypto.Util.py3compat import *
+
+def rws(t):
+    """Remove white spaces, tabs, and new lines from a string"""
+    for c in ['\n', '\t', ' ']:
+        t = t.replace(c,'')
+    return t
+
+def t2b(t):
+    """Convert a text string with bytes in hex form to a byte string"""
+    clean = b(rws(t))
+    if len(clean)%2 == 1:
+        print clean
+        raise ValueError("Even number of characters expected")
+    return a2b_hex(clean)
+
+class PKCS1_15_Tests(unittest.TestCase):
+
+        def setUp(self):
+                self.rng = Random.new().read
+                self.key1024 = RSA.generate(1024, self.rng)
+
+        # List of tuples with test data for PKCS#1 v1.5.
+        # Each tuple is made up by:
+        #       Item #0: dictionary with RSA key component, or key to import
+        #       Item #1: plaintext
+        #       Item #2: ciphertext
+        #       Item #3: random data
+
+        _testData = (
+
+                #
+                # Generated with openssl 0.9.8o
+                #
+                (
+                # Private key
+                '''-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDAiAnvIAOvqVwJTaYzsKnefZftgtXGE2hPJppGsWl78yz9jeXY
+W/FxX/gTPURArNhdnhP6n3p2ZaDIBrO2zizbgIXs0IsljTTcr4vnI8fMXzyNUOjA
+zP3nzMqZDZK6757XQAobOssMkBFqRWwilT/3DsBhRpl3iMUhF+wvpTSHewIDAQAB
+AoGAC4HV/inOrpgTvSab8Wj0riyZgQOZ3U3ZpSlsfR8ra9Ib9Uee3jCYnKscu6Gk
+y6zI/cdt8EPJ4PuwAWSNJzbpbVaDvUq25OD+CX8/uRT08yBS4J8TzBitZJTD4lS7
+atdTnKT0Wmwk+u8tDbhvMKwnUHdJLcuIsycts9rwJVapUtkCQQDvDpx2JMun0YKG
+uUttjmL8oJ3U0m3ZvMdVwBecA0eebZb1l2J5PvI3EJD97eKe91Nsw8T3lwpoN40k
+IocSVDklAkEAzi1HLHE6EzVPOe5+Y0kGvrIYRRhncOb72vCvBZvD6wLZpQgqo6c4
+d3XHFBBQWA6xcvQb5w+VVEJZzw64y25sHwJBAMYReRl6SzL0qA0wIYrYWrOt8JeQ
+8mthulcWHXmqTgC6FEXP9Es5GD7/fuKl4wqLKZgIbH4nqvvGay7xXLCXD/ECQH9a
+1JYNMtRen5unSAbIOxRcKkWz92F0LKpm9ZW/S9vFHO+mBcClMGoKJHiuQxLBsLbT
+NtEZfSJZAeS2sUtn3/0CQDb2M2zNBTF8LlM0nxmh0k9VGm5TVIyBEMcipmvOgqIs
+HKukWBcq9f/UOmS0oEhai/6g+Uf7VHJdWaeO5LzuvwU=
+-----END RSA PRIVATE KEY-----''',
+                # Plaintext
+                '''THIS IS PLAINTEXT\x0A''',
+                # Ciphertext
+                '''3f dc fd 3c cd 5c 9b 12  af 65 32 e3 f7 d0 da 36
+                8f 8f d9 e3 13 1c 7f c8  b3 f9 c1 08 e4 eb 79 9c
+                91 89 1f 96 3b 94 77 61  99 a4 b1 ee 5d e6 17 c9
+                5d 0a b5 63 52 0a eb 00  45 38 2a fb b0 71 3d 11
+                f7 a1 9e a7 69 b3 af 61  c0 bb 04 5b 5d 4b 27 44
+                1f 5b 97 89 ba 6a 08 95  ee 4f a2 eb 56 64 e5 0f
+                da 7c f9 9a 61 61 06 62  ed a0 bc 5f aa 6c 31 78
+                70 28 1a bb 98 3c e3 6a  60 3c d1 0b 0f 5a f4 75''',
+                # Random data
+                '''eb d7 7d 86 a4 35 23 a3 54 7e 02 0b 42 1d
+                61 6c af 67 b8 4e 17 56 80 66 36 04 64 34 26 8a
+                47 dd 44 b3 1a b2 17 60 f4 91 2e e2 b5 95 64 cc
+                f9 da c8 70 94 54 86 4c ef 5b 08 7d 18 c4 ab 8d
+                04 06 33 8f ca 15 5f 52 60 8a a1 0c f5 08 b5 4c
+                bb 99 b8 94 25 04 9c e6 01 75 e6 f9 63 7a 65 61
+                13 8a a7 47 77 81 ae 0d b8 2c 4d 50 a5'''
+                ),
+        )
+
+        def testEncrypt1(self):
+                for test in self._testData:
+                        # Build the key
+                        key = RSA.importKey(test[0])
+                        # RNG that takes its random numbers from a pool given
+                        # at initialization
+                        class randGen:
+                            def __init__(self, data):
+                                self.data = data
+                                self.idx = 0
+                            def __call__(self, N):
+                                r = self.data[self.idx:N]
+                                self.idx += N
+                                return r
+                        # The real test
+                        key._randfunc = randGen(t2b(test[3]))
+                        cipher = PKCS.new(key)
+                        ct = cipher.encrypt(b(test[1]))
+                        self.assertEqual(ct, t2b(test[2]))
+
+        def testEncrypt2(self):
+                # Verify that encryption fail if plaintext is too long
+                pt = '\x00'*(128-11+1)
+                cipher = PKCS.new(self.key1024)
+                self.assertRaises(ValueError, cipher.encrypt, pt)
+
+        def testVerify1(self):
+                for test in self._testData:
+                        # Build the key
+                        key = RSA.importKey(test[0])
+                        # The real test
+                        cipher = PKCS.new(key)
+                        pt = cipher.decrypt(t2b(test[2]), "---")
+                        self.assertEqual(pt, b(test[1]))
+
+        def testVerify2(self):
+                # Verify that decryption fails if ciphertext is not as long as
+                # RSA modulus
+                cipher = PKCS.new(self.key1024)
+                self.assertRaises(ValueError, cipher.decrypt, '\x00'*127, "---")
+                self.assertRaises(ValueError, cipher.decrypt, '\x00'*129, "---")
+
+                # Verify that decryption fails if there are less then 8 non-zero padding
+                # bytes
+                pt = b('\x00\x02' + '\xFF'*7 + '\x00' + '\x45'*118)
+                ct = self.key1024.encrypt(pt, 0)[0]
+                ct = b('\x00'*(128-len(ct))) + ct
+                self.assertEqual("---", cipher.decrypt(ct, "---"))
+
+        def testEncryptVerify1(self):
+                # Encrypt/Verify messages of length [0..RSAlen-11]
+                # and therefore padding [8..117]
+                for pt_len in xrange(0,128-11+1):
+                    pt = self.rng(pt_len)
+                    cipher = PKCS.new(self.key1024)
+                    ct = cipher.encrypt(pt)
+                    pt2 = cipher.decrypt(ct, "---")
+                    self.assertEqual(pt,pt2)
+
+
+def get_tests(config={}):
+    tests = []
+    tests += list_test_cases(PKCS1_15_Tests)
+    return tests
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Cipher/test_pkcs1_oaep.py b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_pkcs1_oaep.py
new file mode 100644
index 000000000..accca6132
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Cipher/test_pkcs1_oaep.py
@@ -0,0 +1,372 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Cipher/test_pkcs1_oaep.py: Self-test for PKCS#1 OAEP encryption
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+from __future__ import nested_scopes
+
+__revision__ = "$Id$"
+
+import unittest
+
+from Crypto.SelfTest.st_common import list_test_cases, a2b_hex, b2a_hex
+
+from Crypto.Util.py3compat import *
+from Crypto.PublicKey import RSA
+from Crypto.Cipher import PKCS1_OAEP as PKCS
+from Crypto.Hash import MD2,MD5,SHA as SHA1,SHA256,RIPEMD
+from Crypto import Random
+
+def rws(t):
+    """Remove white spaces, tabs, and new lines from a string"""
+    for c in ['\n', '\t', ' ']:
+        t = t.replace(c,'')
+    return t
+
+def t2b(t):
+    """Convert a text string with bytes in hex form to a byte string"""
+    clean = rws(t)
+    if len(clean)%2 == 1:
+        raise ValueError("Even number of characters expected")
+    return a2b_hex(clean)
+
+class PKCS1_OAEP_Tests(unittest.TestCase):
+
+        def setUp(self):
+                self.rng = Random.new().read
+                self.key1024 = RSA.generate(1024, self.rng)
+
+        # List of tuples with test data for PKCS#1 OAEP
+        # Each tuple is made up by:
+        #       Item #0: dictionary with RSA key component
+        #       Item #1: plaintext
+        #       Item #2: ciphertext
+        #       Item #3: random data (=seed)
+        #       Item #4: hash object
+
+        _testData = (
+
+                #
+                # From in oaep-int.txt to be found in
+                # ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip
+                #
+                (
+                # Private key
+                {
+                'n':'''bb f8 2f 09 06 82 ce 9c 23 38 ac 2b 9d a8 71 f7
+                36 8d 07 ee d4 10 43 a4 40 d6 b6 f0 74 54 f5 1f
+                b8 df ba af 03 5c 02 ab 61 ea 48 ce eb 6f cd 48
+                76 ed 52 0d 60 e1 ec 46 19 71 9d 8a 5b 8b 80 7f
+                af b8 e0 a3 df c7 37 72 3e e6 b4 b7 d9 3a 25 84
+                ee 6a 64 9d 06 09 53 74 88 34 b2 45 45 98 39 4e
+                e0 aa b1 2d 7b 61 a5 1f 52 7a 9a 41 f6 c1 68 7f
+                e2 53 72 98 ca 2a 8f 59 46 f8 e5 fd 09 1d bd cb''',
+                # Public key
+                'e':'11',
+                # In the test vector, only p and q were given...
+                # d is computed offline as e^{-1} mod (p-1)(q-1)
+                'd':'''a5dafc5341faf289c4b988db30c1cdf83f31251e0
+                668b42784813801579641b29410b3c7998d6bc465745e5c3
+                92669d6870da2c082a939e37fdcb82ec93edac97ff3ad595
+                0accfbc111c76f1a9529444e56aaf68c56c092cd38dc3bef
+                5d20a939926ed4f74a13eddfbe1a1cecc4894af9428c2b7b
+                8883fe4463a4bc85b1cb3c1'''
+                }
+                ,
+                # Plaintext
+                '''d4 36 e9 95 69 fd 32 a7 c8 a0 5b bc 90 d3 2c 49''',
+                # Ciphertext
+                '''12 53 e0 4d c0 a5 39 7b b4 4a 7a b8 7e 9b f2 a0
+                39 a3 3d 1e 99 6f c8 2a 94 cc d3 00 74 c9 5d f7
+                63 72 20 17 06 9e 52 68 da 5d 1c 0b 4f 87 2c f6
+                53 c1 1d f8 23 14 a6 79 68 df ea e2 8d ef 04 bb
+                6d 84 b1 c3 1d 65 4a 19 70 e5 78 3b d6 eb 96 a0
+                24 c2 ca 2f 4a 90 fe 9f 2e f5 c9 c1 40 e5 bb 48
+                da 95 36 ad 87 00 c8 4f c9 13 0a de a7 4e 55 8d
+                51 a7 4d df 85 d8 b5 0d e9 68 38 d6 06 3e 09 55''',
+                # Random
+                '''aa fd 12 f6 59 ca e6 34 89 b4 79 e5 07 6d de c2
+                f0 6c b5 8f''',
+                # Hash
+                SHA1,
+               ),
+
+                #
+                # From in oaep-vect.txt to be found in Example 1.1
+                # ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip
+                #
+                (
+                # Private key
+                {
+                'n':'''a8 b3 b2 84 af 8e b5 0b 38 70 34 a8 60 f1 46 c4
+                91 9f 31 87 63 cd 6c 55 98 c8 ae 48 11 a1 e0 ab
+                c4 c7 e0 b0 82 d6 93 a5 e7 fc ed 67 5c f4 66 85
+                12 77 2c 0c bc 64 a7 42 c6 c6 30 f5 33 c8 cc 72
+                f6 2a e8 33 c4 0b f2 58 42 e9 84 bb 78 bd bf 97
+                c0 10 7d 55 bd b6 62 f5 c4 e0 fa b9 84 5c b5 14
+                8e f7 39 2d d3 aa ff 93 ae 1e 6b 66 7b b3 d4 24
+                76 16 d4 f5 ba 10 d4 cf d2 26 de 88 d3 9f 16 fb''',
+                'e':'''01 00 01''',
+                'd':'''53 33 9c fd b7 9f c8 46 6a 65 5c 73 16 ac a8 5c
+                55 fd 8f 6d d8 98 fd af 11 95 17 ef 4f 52 e8 fd
+                8e 25 8d f9 3f ee 18 0f a0 e4 ab 29 69 3c d8 3b
+                15 2a 55 3d 4a c4 d1 81 2b 8b 9f a5 af 0e 7f 55
+                fe 73 04 df 41 57 09 26 f3 31 1f 15 c4 d6 5a 73
+                2c 48 31 16 ee 3d 3d 2d 0a f3 54 9a d9 bf 7c bf
+                b7 8a d8 84 f8 4d 5b eb 04 72 4d c7 36 9b 31 de
+                f3 7d 0c f5 39 e9 cf cd d3 de 65 37 29 ea d5 d1 '''
+                }
+                ,
+                # Plaintext
+                '''66 28 19 4e 12 07 3d b0 3b a9 4c da 9e f9 53 23
+                97 d5 0d ba 79 b9 87 00 4a fe fe 34''',
+                # Ciphertext
+                '''35 4f e6 7b 4a 12 6d 5d 35 fe 36 c7 77 79 1a 3f
+                7b a1 3d ef 48 4e 2d 39 08 af f7 22 fa d4 68 fb
+                21 69 6d e9 5d 0b e9 11 c2 d3 17 4f 8a fc c2 01
+                03 5f 7b 6d 8e 69 40 2d e5 45 16 18 c2 1a 53 5f
+                a9 d7 bf c5 b8 dd 9f c2 43 f8 cf 92 7d b3 13 22
+                d6 e8 81 ea a9 1a 99 61 70 e6 57 a0 5a 26 64 26
+                d9 8c 88 00 3f 84 77 c1 22 70 94 a0 d9 fa 1e 8c
+                40 24 30 9c e1 ec cc b5 21 00 35 d4 7a c7 2e 8a''',
+                # Random
+                '''18 b7 76 ea 21 06 9d 69 77 6a 33 e9 6b ad 48 e1
+                dd a0 a5 ef''',
+                SHA1
+                ),
+
+                #
+                # From in oaep-vect.txt to be found in Example 2.1
+                # ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip
+                #
+                (
+                # Private key
+                {
+                'n':'''01 94 7c 7f ce 90 42 5f 47 27 9e 70 85 1f 25 d5
+                e6 23 16 fe 8a 1d f1 93 71 e3 e6 28 e2 60 54 3e
+                49 01 ef 60 81 f6 8c 0b 81 41 19 0d 2a e8 da ba
+                7d 12 50 ec 6d b6 36 e9 44 ec 37 22 87 7c 7c 1d
+                0a 67 f1 4b 16 94 c5 f0 37 94 51 a4 3e 49 a3 2d
+                de 83 67 0b 73 da 91 a1 c9 9b c2 3b 43 6a 60 05
+                5c 61 0f 0b af 99 c1 a0 79 56 5b 95 a3 f1 52 66
+                32 d1 d4 da 60 f2 0e da 25 e6 53 c4 f0 02 76 6f
+                45''',
+                'e':'''01 00 01''',
+                'd':'''08 23 f2 0f ad b5 da 89 08 8a 9d 00 89 3e 21 fa
+                4a 1b 11 fb c9 3c 64 a3 be 0b aa ea 97 fb 3b 93
+                c3 ff 71 37 04 c1 9c 96 3c 1d 10 7a ae 99 05 47
+                39 f7 9e 02 e1 86 de 86 f8 7a 6d de fe a6 d8 cc
+                d1 d3 c8 1a 47 bf a7 25 5b e2 06 01 a4 a4 b2 f0
+                8a 16 7b 5e 27 9d 71 5b 1b 45 5b dd 7e ab 24 59
+                41 d9 76 8b 9a ce fb 3c cd a5 95 2d a3 ce e7 25
+                25 b4 50 16 63 a8 ee 15 c9 e9 92 d9 24 62 fe 39'''
+                },
+                # Plaintext
+                '''8f f0 0c aa 60 5c 70 28 30 63 4d 9a 6c 3d 42 c6
+                52 b5 8c f1 d9 2f ec 57 0b ee e7''',
+                # Ciphertext
+                '''01 81 af 89 22 b9 fc b4 d7 9d 92 eb e1 98 15 99
+                2f c0 c1 43 9d 8b cd 49 13 98 a0 f4 ad 3a 32 9a
+                5b d9 38 55 60 db 53 26 83 c8 b7 da 04 e4 b1 2a
+                ed 6a ac df 47 1c 34 c9 cd a8 91 ad dc c2 df 34
+                56 65 3a a6 38 2e 9a e5 9b 54 45 52 57 eb 09 9d
+                56 2b be 10 45 3f 2b 6d 13 c5 9c 02 e1 0f 1f 8a
+                bb 5d a0 d0 57 09 32 da cf 2d 09 01 db 72 9d 0f
+                ef cc 05 4e 70 96 8e a5 40 c8 1b 04 bc ae fe 72
+                0e''',
+                # Random
+                '''8c 40 7b 5e c2 89 9e 50 99 c5 3e 8c e7 93 bf 94
+                e7 1b 17 82''',
+                SHA1
+                ),
+
+                #
+                # From in oaep-vect.txt to be found in Example 10.1
+                # ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip
+                #
+                (
+                # Private key
+                {
+                'n':'''ae 45 ed 56 01 ce c6 b8 cc 05 f8 03 93 5c 67 4d
+                db e0 d7 5c 4c 09 fd 79 51 fc 6b 0c ae c3 13 a8
+                df 39 97 0c 51 8b ff ba 5e d6 8f 3f 0d 7f 22 a4
+                02 9d 41 3f 1a e0 7e 4e be 9e 41 77 ce 23 e7 f5
+                40 4b 56 9e 4e e1 bd cf 3c 1f b0 3e f1 13 80 2d
+                4f 85 5e b9 b5 13 4b 5a 7c 80 85 ad ca e6 fa 2f
+                a1 41 7e c3 76 3b e1 71 b0 c6 2b 76 0e de 23 c1
+                2a d9 2b 98 08 84 c6 41 f5 a8 fa c2 6b da d4 a0
+                33 81 a2 2f e1 b7 54 88 50 94 c8 25 06 d4 01 9a
+                53 5a 28 6a fe b2 71 bb 9b a5 92 de 18 dc f6 00
+                c2 ae ea e5 6e 02 f7 cf 79 fc 14 cf 3b dc 7c d8
+                4f eb bb f9 50 ca 90 30 4b 22 19 a7 aa 06 3a ef
+                a2 c3 c1 98 0e 56 0c d6 4a fe 77 95 85 b6 10 76
+                57 b9 57 85 7e fd e6 01 09 88 ab 7d e4 17 fc 88
+                d8 f3 84 c4 e6 e7 2c 3f 94 3e 0c 31 c0 c4 a5 cc
+                36 f8 79 d8 a3 ac 9d 7d 59 86 0e aa da 6b 83 bb''',
+                'e':'''01 00 01''',
+                'd':'''05 6b 04 21 6f e5 f3 54 ac 77 25 0a 4b 6b 0c 85
+                25 a8 5c 59 b0 bd 80 c5 64 50 a2 2d 5f 43 8e 59
+                6a 33 3a a8 75 e2 91 dd 43 f4 8c b8 8b 9d 5f c0
+                d4 99 f9 fc d1 c3 97 f9 af c0 70 cd 9e 39 8c 8d
+                19 e6 1d b7 c7 41 0a 6b 26 75 df bf 5d 34 5b 80
+                4d 20 1a dd 50 2d 5c e2 df cb 09 1c e9 99 7b be
+                be 57 30 6f 38 3e 4d 58 81 03 f0 36 f7 e8 5d 19
+                34 d1 52 a3 23 e4 a8 db 45 1d 6f 4a 5b 1b 0f 10
+                2c c1 50 e0 2f ee e2 b8 8d ea 4a d4 c1 ba cc b2
+                4d 84 07 2d 14 e1 d2 4a 67 71 f7 40 8e e3 05 64
+                fb 86 d4 39 3a 34 bc f0 b7 88 50 1d 19 33 03 f1
+                3a 22 84 b0 01 f0 f6 49 ea f7 93 28 d4 ac 5c 43
+                0a b4 41 49 20 a9 46 0e d1 b7 bc 40 ec 65 3e 87
+                6d 09 ab c5 09 ae 45 b5 25 19 01 16 a0 c2 61 01
+                84 82 98 50 9c 1c 3b f3 a4 83 e7 27 40 54 e1 5e
+                97 07 50 36 e9 89 f6 09 32 80 7b 52 57 75 1e 79'''
+                },
+                # Plaintext
+                '''8b ba 6b f8 2a 6c 0f 86 d5 f1 75 6e 97 95 68 70
+                b0 89 53 b0 6b 4e b2 05 bc 16 94 ee''',
+                # Ciphertext
+                '''53 ea 5d c0 8c d2 60 fb 3b 85 85 67 28 7f a9 15
+                52 c3 0b 2f eb fb a2 13 f0 ae 87 70 2d 06 8d 19
+                ba b0 7f e5 74 52 3d fb 42 13 9d 68 c3 c5 af ee
+                e0 bf e4 cb 79 69 cb f3 82 b8 04 d6 e6 13 96 14
+                4e 2d 0e 60 74 1f 89 93 c3 01 4b 58 b9 b1 95 7a
+                8b ab cd 23 af 85 4f 4c 35 6f b1 66 2a a7 2b fc
+                c7 e5 86 55 9d c4 28 0d 16 0c 12 67 85 a7 23 eb
+                ee be ff 71 f1 15 94 44 0a ae f8 7d 10 79 3a 87
+                74 a2 39 d4 a0 4c 87 fe 14 67 b9 da f8 52 08 ec
+                6c 72 55 79 4a 96 cc 29 14 2f 9a 8b d4 18 e3 c1
+                fd 67 34 4b 0c d0 82 9d f3 b2 be c6 02 53 19 62
+                93 c6 b3 4d 3f 75 d3 2f 21 3d d4 5c 62 73 d5 05
+                ad f4 cc ed 10 57 cb 75 8f c2 6a ee fa 44 12 55
+                ed 4e 64 c1 99 ee 07 5e 7f 16 64 61 82 fd b4 64
+                73 9b 68 ab 5d af f0 e6 3e 95 52 01 68 24 f0 54
+                bf 4d 3c 8c 90 a9 7b b6 b6 55 32 84 eb 42 9f cc''',
+                # Random
+                '''47 e1 ab 71 19 fe e5 6c 95 ee 5e aa d8 6f 40 d0
+                aa 63 bd 33''',
+                SHA1
+               ),
+        )
+
+        def testEncrypt1(self):
+                # Verify encryption using all test vectors
+                for test in self._testData:
+                        # Build the key
+                        comps = [ long(rws(test[0][x]),16) for x in ('n','e') ]
+                        key = RSA.construct(comps)
+                        # RNG that takes its random numbers from a pool given
+                        # at initialization
+                        class randGen:
+                            def __init__(self, data):
+                                self.data = data
+                                self.idx = 0
+                            def __call__(self, N):
+                                r = self.data[self.idx:N]
+                                self.idx += N
+                                return r
+                        # The real test
+                        key._randfunc = randGen(t2b(test[3]))
+                        cipher = PKCS.new(key, test[4])
+                        ct = cipher.encrypt(t2b(test[1]))
+                        self.assertEqual(ct, t2b(test[2]))
+
+        def testEncrypt2(self):
+                # Verify that encryption fails if plaintext is too long
+                pt = '\x00'*(128-2*20-2+1)
+                cipher = PKCS.new(self.key1024)
+                self.assertRaises(ValueError, cipher.encrypt, pt)
+
+        def testDecrypt1(self):
+                # Verify decryption using all test vectors
+                for test in self._testData:
+                        # Build the key
+                        comps = [ long(rws(test[0][x]),16) for x in ('n','e','d') ]
+                        key = RSA.construct(comps)
+                        # The real test
+                        cipher = PKCS.new(key, test[4])
+                        pt = cipher.decrypt(t2b(test[2]))
+                        self.assertEqual(pt, t2b(test[1]))
+
+        def testDecrypt2(self):
+                # Simplest possible negative tests
+                for ct_size in (127,128,129):
+                    cipher = PKCS.new(self.key1024)
+                    self.assertRaises(ValueError, cipher.decrypt, bchr(0x00)*ct_size)
+
+        def testEncryptDecrypt1(self):
+                # Encrypt/Decrypt messages of length [0..128-2*20-2]
+                for pt_len in xrange(0,128-2*20-2):
+                    pt = self.rng(pt_len)
+                    ct = PKCS.encrypt(pt, self.key1024)
+                    pt2 = PKCS.decrypt(ct, self.key1024)
+                    self.assertEqual(pt,pt2)
+
+        def testEncryptDecrypt1(self):
+                # Helper function to monitor what's requested from RNG
+                global asked
+                def localRng(N):
+                    global asked
+                    asked += N
+                    return self.rng(N)
+                # Verify that OAEP is friendly to all hashes
+                for hashmod in (MD2,MD5,SHA1,SHA256,RIPEMD):
+                    # Verify that encrypt() asks for as many random bytes
+                    # as the hash output size
+                    asked = 0
+                    pt = self.rng(40)
+                    self.key1024._randfunc = localRng
+                    cipher = PKCS.new(self.key1024, hashmod)
+                    ct = cipher.encrypt(pt)
+                    self.assertEqual(cipher.decrypt(ct), pt)
+                    self.failUnless(asked > hashmod.digest_size)
+
+        def testEncryptDecrypt2(self):
+                # Verify that OAEP supports labels
+                pt = self.rng(35)
+                xlabel = self.rng(22)
+                cipher = PKCS.new(self.key1024, label=xlabel)
+                ct = cipher.encrypt(pt)
+                self.assertEqual(cipher.decrypt(ct), pt)
+
+        def testEncryptDecrypt3(self):
+                # Verify that encrypt() uses the custom MGF
+                global mgfcalls
+                # Helper function to monitor what's requested from MGF
+                def newMGF(seed,maskLen):
+                    global mgfcalls
+                    mgfcalls += 1
+                    return bchr(0x00)*maskLen
+                mgfcalls = 0
+                pt = self.rng(32)
+                cipher = PKCS.new(self.key1024, mgfunc=newMGF)
+                ct = cipher.encrypt(pt)
+                self.assertEqual(mgfcalls, 2)
+                self.assertEqual(cipher.decrypt(ct), pt)
+
+def get_tests(config={}):
+    tests = []
+    tests += list_test_cases(PKCS1_OAEP_Tests)
+    return tests
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Hash/__init__.py b/lib/Python/Lib/Crypto/SelfTest/Hash/__init__.py
new file mode 100644
index 000000000..bb19f9b3f
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Hash/__init__.py
@@ -0,0 +1,52 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Hash/__init__.py: Self-test for hash modules
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test for hash modules"""
+
+__revision__ = "$Id$"
+
+def get_tests(config={}):
+    tests = []
+    from Crypto.SelfTest.Hash import test_HMAC;   tests += test_HMAC.get_tests(config=config)
+    from Crypto.SelfTest.Hash import test_MD2;    tests += test_MD2.get_tests(config=config)
+    from Crypto.SelfTest.Hash import test_MD4;    tests += test_MD4.get_tests(config=config)
+    from Crypto.SelfTest.Hash import test_MD5;    tests += test_MD5.get_tests(config=config)
+    from Crypto.SelfTest.Hash import test_RIPEMD; tests += test_RIPEMD.get_tests(config=config)
+    from Crypto.SelfTest.Hash import test_SHA;    tests += test_SHA.get_tests(config=config)
+    from Crypto.SelfTest.Hash import test_SHA256; tests += test_SHA256.get_tests(config=config)
+    try:
+        from Crypto.SelfTest.Hash import test_SHA224; tests += test_SHA224.get_tests(config=config)
+        from Crypto.SelfTest.Hash import test_SHA384; tests += test_SHA384.get_tests(config=config)
+        from Crypto.SelfTest.Hash import test_SHA512; tests += test_SHA512.get_tests(config=config)
+    except ImportError:
+        import sys
+        sys.stderr.write("SelfTest: warning: not testing SHA224/SHA384/SHA512 modules (not available)\n")
+    return tests
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Hash/common.py b/lib/Python/Lib/Crypto/SelfTest/Hash/common.py
new file mode 100644
index 000000000..f77fb0f1d
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Hash/common.py
@@ -0,0 +1,197 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Hash/common.py: Common code for Crypto.SelfTest.Hash
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-testing for PyCrypto hash modules"""
+
+__revision__ = "$Id$"
+
+import sys
+import unittest
+import binascii
+from Crypto.Util.py3compat import *
+
+# For compatibility with Python 2.1 and Python 2.2
+if sys.hexversion < 0x02030000:
+    # Python 2.1 doesn't have a dict() function
+    # Python 2.2 dict() function raises TypeError if you do dict(MD5='blah')
+    def dict(**kwargs):
+        return kwargs.copy()
+else:
+    dict = dict
+
+
+class HashDigestSizeSelfTest(unittest.TestCase):
+    
+    def __init__(self, hashmod, description, expected):
+        unittest.TestCase.__init__(self)
+        self.hashmod = hashmod
+        self.expected = expected
+        self.description = description
+        
+    def shortDescription(self):
+        return self.description
+
+    def runTest(self):
+        self.failUnless(hasattr(self.hashmod, "digest_size"))
+        self.assertEquals(self.hashmod.digest_size, self.expected)
+        h = self.hashmod.new()
+        self.failUnless(hasattr(h, "digest_size"))
+        self.assertEquals(h.digest_size, self.expected)
+
+
+class HashSelfTest(unittest.TestCase):
+
+    def __init__(self, hashmod, description, expected, input):
+        unittest.TestCase.__init__(self)
+        self.hashmod = hashmod
+        self.expected = expected
+        self.input = input
+        self.description = description
+
+    def shortDescription(self):
+        return self.description
+
+    def runTest(self):
+        h = self.hashmod.new()
+        h.update(self.input)
+
+        out1 = binascii.b2a_hex(h.digest())
+        out2 = h.hexdigest()
+
+        h = self.hashmod.new(self.input)
+
+        out3 = h.hexdigest()
+        out4 = binascii.b2a_hex(h.digest())
+
+        # PY3K: hexdigest() should return str(), and digest() bytes 
+        self.assertEqual(self.expected, out1)   # h = .new(); h.update(data); h.digest()
+        if sys.version_info[0] == 2:
+            self.assertEqual(self.expected, out2)   # h = .new(); h.update(data); h.hexdigest()
+            self.assertEqual(self.expected, out3)   # h = .new(data); h.hexdigest()
+        else:
+            self.assertEqual(self.expected.decode(), out2)   # h = .new(); h.update(data); h.hexdigest()
+            self.assertEqual(self.expected.decode(), out3)   # h = .new(data); h.hexdigest()
+        self.assertEqual(self.expected, out4)   # h = .new(data); h.digest()
+
+        # Verify that new() object method produces a fresh hash object
+        h2 = h.new()
+        h2.update(self.input)
+        out5 = binascii.b2a_hex(h2.digest())
+        self.assertEqual(self.expected, out5)
+
+class HashTestOID(unittest.TestCase):
+    def __init__(self, hashmod, oid):
+        unittest.TestCase.__init__(self)
+        self.hashmod = hashmod
+        self.oid = oid
+
+    def runTest(self):
+        h = self.hashmod.new()
+        if self.oid==None:
+            try:
+                raised = 0
+                a = h.oid
+            except AttributeError:
+                raised = 1
+            self.assertEqual(raised,1)
+        else:
+            self.assertEqual(h.oid, self.oid)
+
+class MACSelfTest(unittest.TestCase):
+
+    def __init__(self, hashmod, description, expected_dict, input, key, hashmods):
+        unittest.TestCase.__init__(self)
+        self.hashmod = hashmod
+        self.expected_dict = expected_dict
+        self.input = input
+        self.key = key
+        self.hashmods = hashmods
+        self.description = description
+
+    def shortDescription(self):
+        return self.description
+
+    def runTest(self):
+        for hashname in self.expected_dict.keys():
+            hashmod = self.hashmods[hashname]
+            key = binascii.a2b_hex(b(self.key))
+            data = binascii.a2b_hex(b(self.input))
+
+            # Strip whitespace from the expected string (which should be in lowercase-hex)
+            expected = b("".join(self.expected_dict[hashname].split()))
+
+            h = self.hashmod.new(key, digestmod=hashmod)
+            h.update(data)
+            out1 = binascii.b2a_hex(h.digest())
+            out2 = h.hexdigest()
+
+            h = self.hashmod.new(key, data, hashmod)
+
+            out3 = h.hexdigest()
+            out4 = binascii.b2a_hex(h.digest())
+
+            # Test .copy()
+            h2 = h.copy()
+            h.update(b("blah blah blah"))  # Corrupt the original hash object
+            out5 = binascii.b2a_hex(h2.digest())    # The copied hash object should return the correct result
+
+            # PY3K: hexdigest() should return str(), and digest() bytes 
+            self.assertEqual(expected, out1)
+            if sys.version_info[0] == 2:
+                self.assertEqual(expected, out2)
+                self.assertEqual(expected, out3)
+            else:
+                self.assertEqual(expected.decode(), out2)
+                self.assertEqual(expected.decode(), out3)                
+            self.assertEqual(expected, out4)
+            self.assertEqual(expected, out5)
+
+def make_hash_tests(module, module_name, test_data, digest_size, oid=None):
+    tests = []
+    for i in range(len(test_data)):
+        row = test_data[i]
+        (expected, input) = map(b,row[0:2])
+        if len(row) < 3:
+            description = repr(input)
+        else:
+            description = row[2].encode('latin-1')
+        name = "%s #%d: %s" % (module_name, i+1, description)
+        tests.append(HashSelfTest(module, name, expected, input))
+    if oid is not None:
+        oid = b(oid)
+    name = "%s #%d: digest_size" % (module_name, i+1)
+    tests.append(HashDigestSizeSelfTest(module, name, digest_size))
+    tests.append(HashTestOID(module, oid))
+    return tests
+
+def make_mac_tests(module, module_name, test_data, hashmods):
+    tests = []
+    for i in range(len(test_data)):
+        row = test_data[i]
+        (key, data, results, description) = row
+        name = "%s #%d: %s" % (module_name, i+1, description)
+        tests.append(MACSelfTest(module, name, results, data, key, hashmods))
+    return tests
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Hash/test_HMAC.py b/lib/Python/Lib/Crypto/SelfTest/Hash/test_HMAC.py
new file mode 100644
index 000000000..c01c97b69
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Hash/test_HMAC.py
@@ -0,0 +1,223 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Hash/HMAC.py: Self-test for the HMAC module
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Hash.HMAC"""
+
+__revision__ = "$Id$"
+
+from common import dict     # For compatibility with Python 2.1 and 2.2
+from Crypto.Util.py3compat import *
+
+# This is a list of (key, data, results, description) tuples.
+test_data = [
+    ## Test vectors from RFC 2202 ##
+    # Test that the default hashmod is MD5
+    ('0b' * 16,
+        '4869205468657265',
+        dict(default='9294727a3638bb1c13f48ef8158bfc9d'),
+        'default-is-MD5'),
+
+    # Test case 1 (MD5)
+    ('0b' * 16,
+        '4869205468657265',
+        dict(MD5='9294727a3638bb1c13f48ef8158bfc9d'),
+        'RFC 2202 #1-MD5 (HMAC-MD5)'),
+
+    # Test case 1 (SHA1)
+    ('0b' * 20,
+        '4869205468657265',
+        dict(SHA1='b617318655057264e28bc0b6fb378c8ef146be00'),
+        'RFC 2202 #1-SHA1 (HMAC-SHA1)'),
+
+    # Test case 2
+    ('4a656665',
+        '7768617420646f2079612077616e7420666f72206e6f7468696e673f',
+        dict(MD5='750c783e6ab0b503eaa86e310a5db738',
+            SHA1='effcdf6ae5eb2fa2d27416d5f184df9c259a7c79'),
+        'RFC 2202 #2 (HMAC-MD5/SHA1)'),
+
+    # Test case 3 (MD5)
+    ('aa' * 16,
+        'dd' * 50,
+        dict(MD5='56be34521d144c88dbb8c733f0e8b3f6'),
+        'RFC 2202 #3-MD5 (HMAC-MD5)'),
+
+    # Test case 3 (SHA1)
+    ('aa' * 20,
+        'dd' * 50,
+        dict(SHA1='125d7342b9ac11cd91a39af48aa17b4f63f175d3'),
+        'RFC 2202 #3-SHA1 (HMAC-SHA1)'),
+
+    # Test case 4
+    ('0102030405060708090a0b0c0d0e0f10111213141516171819',
+        'cd' * 50,
+        dict(MD5='697eaf0aca3a3aea3a75164746ffaa79',
+            SHA1='4c9007f4026250c6bc8414f9bf50c86c2d7235da'),
+        'RFC 2202 #4 (HMAC-MD5/SHA1)'),
+
+    # Test case 5 (MD5)
+    ('0c' * 16,
+        '546573742057697468205472756e636174696f6e',
+        dict(MD5='56461ef2342edc00f9bab995690efd4c'),
+        'RFC 2202 #5-MD5 (HMAC-MD5)'),
+
+    # Test case 5 (SHA1)
+    # NB: We do not implement hash truncation, so we only test the full hash here.
+    ('0c' * 20,
+        '546573742057697468205472756e636174696f6e',
+        dict(SHA1='4c1a03424b55e07fe7f27be1d58bb9324a9a5a04'),
+        'RFC 2202 #5-SHA1 (HMAC-SHA1)'),
+
+    # Test case 6
+    ('aa' * 80,
+        '54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a'
+        + '65204b6579202d2048617368204b6579204669727374',
+        dict(MD5='6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd',
+            SHA1='aa4ae5e15272d00e95705637ce8a3b55ed402112'),
+        'RFC 2202 #6 (HMAC-MD5/SHA1)'),
+
+    # Test case 7
+    ('aa' * 80,
+        '54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a'
+        + '65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d'
+        + '53697a652044617461',
+        dict(MD5='6f630fad67cda0ee1fb1f562db3aa53e',
+            SHA1='e8e99d0f45237d786d6bbaa7965c7808bbff1a91'),
+        'RFC 2202 #7 (HMAC-MD5/SHA1)'),
+
+    ## Test vectors from RFC 4231 ##
+    # 4.2. Test Case 1
+    ('0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b',
+        '4869205468657265',
+        dict(SHA256='''
+            b0344c61d8db38535ca8afceaf0bf12b
+            881dc200c9833da726e9376c2e32cff7
+        '''),
+        'RFC 4231 #1 (HMAC-SHA256)'),
+
+    # 4.3. Test Case 2 - Test with a key shorter than the length of the HMAC
+    # output.
+    ('4a656665',
+        '7768617420646f2079612077616e7420666f72206e6f7468696e673f',
+        dict(SHA256='''
+            5bdcc146bf60754e6a042426089575c7
+            5a003f089d2739839dec58b964ec3843
+        '''),
+        'RFC 4231 #2 (HMAC-SHA256)'),
+
+    # 4.4. Test Case 3 - Test with a combined length of key and data that is
+    # larger than 64 bytes (= block-size of SHA-224 and SHA-256).
+    ('aa' * 20,
+        'dd' * 50,
+        dict(SHA256='''
+            773ea91e36800e46854db8ebd09181a7
+            2959098b3ef8c122d9635514ced565fe
+        '''),
+        'RFC 4231 #3 (HMAC-SHA256)'),
+
+    # 4.5. Test Case 4 - Test with a combined length of key and data that is
+    # larger than 64 bytes (= block-size of SHA-224 and SHA-256).
+    ('0102030405060708090a0b0c0d0e0f10111213141516171819',
+        'cd' * 50,
+        dict(SHA256='''
+            82558a389a443c0ea4cc819899f2083a
+            85f0faa3e578f8077a2e3ff46729665b
+        '''),
+        'RFC 4231 #4 (HMAC-SHA256)'),
+
+    # 4.6. Test Case 5 - Test with a truncation of output to 128 bits.
+    #
+    # Not included because we do not implement hash truncation.
+    #
+
+    # 4.7. Test Case 6 - Test with a key larger than 128 bytes (= block-size of
+    # SHA-384 and SHA-512).
+    ('aa' * 131,
+        '54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a'
+        + '65204b6579202d2048617368204b6579204669727374',
+        dict(SHA256='''
+            60e431591ee0b67f0d8a26aacbf5b77f
+            8e0bc6213728c5140546040f0ee37f54
+        '''),
+        'RFC 4231 #6 (HMAC-SHA256)'),
+
+    # 4.8. Test Case 7 - Test with a key and data that is larger than 128 bytes
+    # (= block-size of SHA-384 and SHA-512).
+    ('aa' * 131,
+        '5468697320697320612074657374207573696e672061206c6172676572207468'
+        + '616e20626c6f636b2d73697a65206b657920616e642061206c61726765722074'
+        + '68616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565'
+        + '647320746f20626520686173686564206265666f7265206265696e6720757365'
+        + '642062792074686520484d414320616c676f726974686d2e',
+        dict(SHA256='''
+            9b09ffa71b942fcb27635fbcd5b0e944
+            bfdc63644f0713938a7f51535c3a35e2
+        '''),
+        'RFC 4231 #7 (HMAC-SHA256)'),
+]
+
+hashlib_test_data = [
+    # Test case 8 (SHA224)
+    ('4a656665',
+        '7768617420646f2079612077616e74'
+        + '20666f72206e6f7468696e673f',
+        dict(SHA224='a30e01098bc6dbbf45690f3a7e9e6d0f8bbea2a39e6148008fd05e44'),
+        'RFC 4634 8.4 SHA224 (HMAC-SHA224)'),
+
+    # Test case 9 (SHA384)
+    ('4a656665',
+        '7768617420646f2079612077616e74'
+        + '20666f72206e6f7468696e673f',
+        dict(SHA384='af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649'),
+        'RFC 4634 8.4 SHA384 (HMAC-SHA384)'),
+
+   # Test case 10 (SHA512)
+    ('4a656665',
+        '7768617420646f2079612077616e74'
+        + '20666f72206e6f7468696e673f',
+        dict(SHA512='164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737'),
+        'RFC 4634 8.4 SHA512 (HMAC-SHA512)'),
+
+]
+
+def get_tests(config={}):
+    global test_data
+    from Crypto.Hash import HMAC, MD5, SHA as SHA1, SHA256
+    from common import make_mac_tests
+    hashmods = dict(MD5=MD5, SHA1=SHA1, SHA256=SHA256, default=None)
+    try:
+        from Crypto.Hash import SHA224, SHA384, SHA512
+        hashmods.update(dict(SHA224=SHA224, SHA384=SHA384, SHA512=SHA512))
+        test_data += hashlib_test_data
+    except ImportError:
+        import sys
+        sys.stderr.write("SelfTest: warning: not testing HMAC-SHA224/384/512 (not available)\n")
+    return make_mac_tests(HMAC, "HMAC", test_data, hashmods)
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Hash/test_MD2.py b/lib/Python/Lib/Crypto/SelfTest/Hash/test_MD2.py
new file mode 100644
index 000000000..db636d4c5
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Hash/test_MD2.py
@@ -0,0 +1,64 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Hash/MD2.py: Self-test for the MD2 hash function
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Hash.MD2"""
+
+__revision__ = "$Id$"
+
+from Crypto.Util.py3compat import *
+
+# This is a list of (expected_result, input[, description]) tuples.
+test_data = [
+    # Test vectors from RFC 1319
+    ('8350e5a3e24c153df2275c9f80692773', '', "'' (empty string)"),
+    ('32ec01ec4a6dac72c0ab96fb34c0b5d1', 'a'),
+    ('da853b0d3f88d99b30283a69e6ded6bb', 'abc'),
+    ('ab4f496bfb2a530b219ff33031fe06b0', 'message digest'),
+
+    ('4e8ddff3650292ab5a4108c3aa47940b', 'abcdefghijklmnopqrstuvwxyz',
+        'a-z'),
+
+    ('da33def2a42df13975352846c30338cd',
+        'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',
+        'A-Z, a-z, 0-9'),
+
+    ('d5976f79d83d3a0dc9806c3c66f3efd8',
+        '1234567890123456789012345678901234567890123456'
+        + '7890123456789012345678901234567890',
+        "'1234567890' * 8"),
+]
+
+def get_tests(config={}):
+    from Crypto.Hash import MD2
+    from common import make_hash_tests
+    return make_hash_tests(MD2, "MD2", test_data,
+        digest_size=16,
+        oid="\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x02")
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Hash/test_MD4.py b/lib/Python/Lib/Crypto/SelfTest/Hash/test_MD4.py
new file mode 100644
index 000000000..1727bb65b
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Hash/test_MD4.py
@@ -0,0 +1,64 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Hash/MD4.py: Self-test for the MD4 hash function
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Hash.MD4"""
+
+__revision__ = "$Id$"
+
+from Crypto.Util.py3compat import *
+
+# This is a list of (expected_result, input[, description]) tuples.
+test_data = [
+    # Test vectors from RFC 1320
+    ('31d6cfe0d16ae931b73c59d7e0c089c0', '', "'' (empty string)"),
+    ('bde52cb31de33e46245e05fbdbd6fb24', 'a'),
+    ('a448017aaf21d8525fc10ae87aa6729d', 'abc'),
+    ('d9130a8164549fe818874806e1c7014b', 'message digest'),
+
+    ('d79e1c308aa5bbcdeea8ed63df412da9', 'abcdefghijklmnopqrstuvwxyz',
+        'a-z'),
+
+    ('043f8582f241db351ce627e153e7f0e4',
+        'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',
+        'A-Z, a-z, 0-9'),
+
+    ('e33b4ddc9c38f2199c3e7b164fcc0536',
+        '1234567890123456789012345678901234567890123456'
+        + '7890123456789012345678901234567890',
+        "'1234567890' * 8"),
+]
+
+def get_tests(config={}):
+    from Crypto.Hash import MD4
+    from common import make_hash_tests
+    return make_hash_tests(MD4, "MD4", test_data,
+        digest_size=16,
+        oid="\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x04")
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Hash/test_MD5.py b/lib/Python/Lib/Crypto/SelfTest/Hash/test_MD5.py
new file mode 100644
index 000000000..2e293fc83
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Hash/test_MD5.py
@@ -0,0 +1,64 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Hash/MD5.py: Self-test for the MD5 hash function
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Hash.MD5"""
+
+__revision__ = "$Id$"
+
+from Crypto.Util.py3compat import *
+
+# This is a list of (expected_result, input[, description]) tuples.
+test_data = [
+    # Test vectors from RFC 1321
+    ('d41d8cd98f00b204e9800998ecf8427e', '', "'' (empty string)"),
+    ('0cc175b9c0f1b6a831c399e269772661', 'a'),
+    ('900150983cd24fb0d6963f7d28e17f72', 'abc'),
+    ('f96b697d7cb7938d525a2f31aaf161d0', 'message digest'),
+
+    ('c3fcd3d76192e4007dfb496cca67e13b', 'abcdefghijklmnopqrstuvwxyz',
+        'a-z'),
+
+    ('d174ab98d277d9f5a5611c2c9f419d9f',
+        'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',
+        'A-Z, a-z, 0-9'),
+
+    ('57edf4a22be3c955ac49da2e2107b67a',
+        '1234567890123456789012345678901234567890123456'
+        + '7890123456789012345678901234567890',
+        "'1234567890' * 8"),
+]
+
+def get_tests(config={}):
+    from Crypto.Hash import MD5
+    from common import make_hash_tests
+    return make_hash_tests(MD5, "MD5", test_data,
+        digest_size=16,
+        oid="\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05")
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Hash/test_RIPEMD.py b/lib/Python/Lib/Crypto/SelfTest/Hash/test_RIPEMD.py
new file mode 100644
index 000000000..6673a9343
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Hash/test_RIPEMD.py
@@ -0,0 +1,73 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Hash/test_RIPEMD.py: Self-test for the RIPEMD-160 hash function
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+#"""Self-test suite for Crypto.Hash.RIPEMD"""
+
+__revision__ = "$Id$"
+
+from Crypto.Util.py3compat import *
+
+# This is a list of (expected_result, input[, description]) tuples.
+test_data = [
+    # Test vectors downloaded 2008-09-12 from
+    #   http://homes.esat.kuleuven.be/~bosselae/ripemd160.html
+    ('9c1185a5c5e9fc54612808977ee8f548b2258d31', '', "'' (empty string)"),
+    ('0bdc9d2d256b3ee9daae347be6f4dc835a467ffe', 'a'),
+    ('8eb208f7e05d987a9b044a8e98c6b087f15a0bfc', 'abc'),
+    ('5d0689ef49d2fae572b881b123a85ffa21595f36', 'message digest'),
+
+    ('f71c27109c692c1b56bbdceb5b9d2865b3708dbc',
+        'abcdefghijklmnopqrstuvwxyz',
+        'a-z'),
+
+    ('12a053384a9c0c88e405a06c27dcf49ada62eb2b',
+        'abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq',
+        'abcdbcd...pnopq'),
+
+    ('b0e20b6e3116640286ed3a87a5713079b21f5189',
+        'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',
+        'A-Z, a-z, 0-9'),
+
+    ('9b752e45573d4b39f4dbd3323cab82bf63326bfb',
+        '1234567890' * 8,
+        "'1234567890' * 8"),
+
+    ('52783243c1697bdbe16d37f97f68f08325dc1528',
+        'a' * 10**6,
+        '"a" * 10**6'),
+]
+
+def get_tests(config={}):
+    from Crypto.Hash import RIPEMD
+    from common import make_hash_tests
+    return make_hash_tests(RIPEMD, "RIPEMD", test_data,
+        digest_size=20,
+        oid="\x06\x05\x2b\x24\x03\02\x01")
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Hash/test_SHA.py b/lib/Python/Lib/Crypto/SelfTest/Hash/test_SHA.py
new file mode 100644
index 000000000..7d72e7724
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Hash/test_SHA.py
@@ -0,0 +1,64 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Hash/SHA.py: Self-test for the SHA-1 hash function
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Hash.SHA"""
+
+__revision__ = "$Id$"
+
+from Crypto.Util.py3compat import *
+
+# Test vectors from various sources
+# This is a list of (expected_result, input[, description]) tuples.
+test_data = [
+    # FIPS PUB 180-2, A.1 - "One-Block Message"
+    ('a9993e364706816aba3e25717850c26c9cd0d89d', 'abc'),
+
+    # FIPS PUB 180-2, A.2 - "Multi-Block Message"
+    ('84983e441c3bd26ebaae4aa1f95129e5e54670f1',
+        'abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq'),
+
+    # FIPS PUB 180-2, A.3 - "Long Message"
+#    ('34aa973cd4c4daa4f61eeb2bdbad27316534016f',
+#        'a' * 10**6,
+#         '"a" * 10**6'),
+
+    # RFC 3174: Section 7.3, "TEST4" (multiple of 512 bits)
+    ('dea356a2cddd90c7a7ecedc5ebb563934f460452',
+        '01234567' * 80,
+        '"01234567" * 80'),
+]
+
+def get_tests(config={}):
+    from Crypto.Hash import SHA
+    from common import make_hash_tests
+    return make_hash_tests(SHA, "SHA", test_data,
+        digest_size=20,
+        oid="\x06\x05\x2B\x0E\x03\x02\x1A")
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Hash/test_SHA224.py b/lib/Python/Lib/Crypto/SelfTest/Hash/test_SHA224.py
new file mode 100644
index 000000000..a60f35a9d
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Hash/test_SHA224.py
@@ -0,0 +1,65 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Hash/test_SHA224.py: Self-test for the SHA-224 hash function
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Hash.SHA224"""
+
+__revision__ = "$Id$"
+
+# Test vectors from various sources
+# This is a list of (expected_result, input[, description]) tuples.
+test_data = [
+
+    # RFC 3874: Section 3.1, "Test Vector #1
+    ('23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7', 'abc'),
+
+    # RFC 3874: Section 3.2, "Test Vector #2
+    ('75388b16512776cc5dba5da1fd890150b0c6455cb4f58b1952522525', 'abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq'),
+
+    # RFC 3874: Section 3.3, "Test Vector #3
+    ('20794655980c91d8bbb4c1ea97618a4bf03f42581948b2ee4ee7ad67', 'a' * 10**6, "'a' * 10**6"),
+
+    # Examples from http://de.wikipedia.org/wiki/Secure_Hash_Algorithm
+    ('d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f', ''),
+
+    ('49b08defa65e644cbf8a2dd9270bdededabc741997d1dadd42026d7b',
+     'Franz jagt im komplett verwahrlosten Taxi quer durch Bayern'),
+    
+    ('58911e7fccf2971a7d07f93162d8bd13568e71aa8fc86fc1fe9043d1',
+     'Frank jagt im komplett verwahrlosten Taxi quer durch Bayern'),
+
+]
+
+def get_tests(config={}):
+    from Crypto.Hash import SHA224
+    from common import make_hash_tests
+    return make_hash_tests(SHA224, "SHA224", test_data,
+        digest_size=28,
+        oid='\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x04')
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Hash/test_SHA256.py b/lib/Python/Lib/Crypto/SelfTest/Hash/test_SHA256.py
new file mode 100644
index 000000000..4b451100d
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Hash/test_SHA256.py
@@ -0,0 +1,96 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Hash/test_SHA256.py: Self-test for the SHA-256 hash function
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Hash.SHA256"""
+
+__revision__ = "$Id$"
+
+import unittest
+from Crypto.Util.py3compat import *
+
+class LargeSHA256Test(unittest.TestCase):
+    def runTest(self):
+        """SHA256: 512/520 MiB test"""
+        from Crypto.Hash import SHA256
+        zeros = bchr(0x00) * (1024*1024)
+
+        h = SHA256.new(zeros)
+        for i in xrange(511):
+            h.update(zeros)
+
+        # This test vector is from PyCrypto's old testdata.py file.
+        self.assertEqual('9acca8e8c22201155389f65abbf6bc9723edc7384ead80503839f49dcc56d767', h.hexdigest()) # 512 MiB
+
+        for i in xrange(8):
+            h.update(zeros)
+
+        # This test vector is from PyCrypto's old testdata.py file.
+        self.assertEqual('abf51ad954b246009dfe5a50ecd582fd5b8f1b8b27f30393853c3ef721e7fa6e', h.hexdigest()) # 520 MiB
+
+def get_tests(config={}):
+    # Test vectors from FIPS PUB 180-2
+    # This is a list of (expected_result, input[, description]) tuples.
+    test_data = [
+        # FIPS PUB 180-2, B.1 - "One-Block Message"
+        ('ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad',
+            'abc'),
+
+        # FIPS PUB 180-2, B.2 - "Multi-Block Message"
+        ('248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1',
+            'abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq'),
+
+        # FIPS PUB 180-2, B.3 - "Long Message"
+        ('cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0',
+            'a' * 10**6,
+             '"a" * 10**6'),
+
+        # Test for an old PyCrypto bug.
+        ('f7fd017a3c721ce7ff03f3552c0813adcc48b7f33f07e5e2ba71e23ea393d103',
+            'This message is precisely 55 bytes long, to test a bug.',
+            'Length = 55 (mod 64)'),
+
+        # Example from http://de.wikipedia.org/wiki/Secure_Hash_Algorithm
+        ('e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', ''),
+
+        ('d32b568cd1b96d459e7291ebf4b25d007f275c9f13149beeb782fac0716613f8',
+         'Franz jagt im komplett verwahrlosten Taxi quer durch Bayern'),
+    ]
+
+    from Crypto.Hash import SHA256
+    from common import make_hash_tests
+    tests = make_hash_tests(SHA256, "SHA256", test_data,
+        digest_size=32,
+        oid="\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01")
+
+    if config.get('slow_tests'):
+        tests += [LargeSHA256Test()]
+
+    return tests
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Hash/test_SHA384.py b/lib/Python/Lib/Crypto/SelfTest/Hash/test_SHA384.py
new file mode 100644
index 000000000..b7a72c057
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Hash/test_SHA384.py
@@ -0,0 +1,63 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Hash/test_SHA.py: Self-test for the SHA-384 hash function
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Hash.SHA384"""
+
+__revision__ = "$Id$"
+
+# Test vectors from various sources
+# This is a list of (expected_result, input[, description]) tuples.
+test_data = [
+
+    # RFC 4634: Section Page 8.4, "Test 1"
+    ('cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7', 'abc'),
+
+    # RFC 4634: Section Page 8.4, "Test 2.2"
+    ('09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039', 'abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu'),
+
+    # RFC 4634: Section Page 8.4, "Test 3"
+    ('9d0e1809716474cb086e834e310a4a1ced149e9c00f248527972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985', 'a' * 10**6, "'a' * 10**6"),
+
+    # Taken from http://de.wikipedia.org/wiki/Secure_Hash_Algorithm
+    ('38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b', ''),
+    
+    # Example from http://de.wikipedia.org/wiki/Secure_Hash_Algorithm
+    ('71e8383a4cea32d6fd6877495db2ee353542f46fa44bc23100bca48f3366b84e809f0708e81041f427c6d5219a286677',
+     'Franz jagt im komplett verwahrlosten Taxi quer durch Bayern'),
+
+]
+
+def get_tests(config={}):
+    from Crypto.Hash import SHA384
+    from common import make_hash_tests
+    return make_hash_tests(SHA384, "SHA384", test_data,
+        digest_size=48,
+        oid='\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02')
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Hash/test_SHA512.py b/lib/Python/Lib/Crypto/SelfTest/Hash/test_SHA512.py
new file mode 100644
index 000000000..cb86177ee
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Hash/test_SHA512.py
@@ -0,0 +1,60 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Hash/test_SHA512.py: Self-test for the SHA-512 hash function
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Hash.SHA512"""
+
+__revision__ = "$Id$"
+
+# Test vectors from various sources
+# This is a list of (expected_result, input[, description]) tuples.
+test_data = [
+
+    # RFC 4634: Section Page 8.4, "Test 1"
+    ('ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f', 'abc'),
+
+    # RFC 4634: Section Page 8.4, "Test 2.1"
+    ('8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909', 'abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu'),
+
+    # RFC 4634: Section Page 8.4, "Test 3"
+    ('e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973ebde0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b', 'a' * 10**6, "'a' * 10**6"),
+
+    # Taken from http://de.wikipedia.org/wiki/Secure_Hash_Algorithm
+    ('cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e', ''),
+    
+    ('af9ed2de700433b803240a552b41b5a472a6ef3fe1431a722b2063c75e9f07451f67a28e37d09cde769424c96aea6f8971389db9e1993d6c565c3c71b855723c', 'Franz jagt im komplett verwahrlosten Taxi quer durch Bayern'),
+]
+
+def get_tests(config={}):
+    from Crypto.Hash import SHA512
+    from common import make_hash_tests
+    return make_hash_tests(SHA512, "SHA512", test_data,
+        digest_size=64,
+        oid="\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03")
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Protocol/__init__.py b/lib/Python/Lib/Crypto/SelfTest/Protocol/__init__.py
new file mode 100644
index 000000000..a62c670f3
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Protocol/__init__.py
@@ -0,0 +1,41 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Protocol/__init__.py: Self-tests for Crypto.Protocol
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test for Crypto.Protocol"""
+
+__revision__ = "$Id$"
+
+def get_tests(config={}):
+    tests = []
+    from Crypto.SelfTest.Protocol import test_chaffing;       tests += test_chaffing.get_tests(config=config)
+    from Crypto.SelfTest.Protocol import test_rfc1751;        tests += test_rfc1751.get_tests(config=config)
+    from Crypto.SelfTest.Protocol import test_AllOrNothing;        tests += test_AllOrNothing.get_tests(config=config)
+    return tests
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Protocol/test_AllOrNothing.py b/lib/Python/Lib/Crypto/SelfTest/Protocol/test_AllOrNothing.py
new file mode 100644
index 000000000..a211eab7e
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Protocol/test_AllOrNothing.py
@@ -0,0 +1,76 @@
+#
+# Test script for Crypto.Protocol.AllOrNothing
+#
+# Part of the Python Cryptography Toolkit
+#
+# Written by Andrew Kuchling and others
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+__revision__ = "$Id$"
+
+import unittest
+from Crypto.Protocol import AllOrNothing
+from Crypto.Util.py3compat import *
+
+text = b("""\
+When in the Course of human events, it becomes necessary for one people to
+dissolve the political bands which have connected them with another, and to
+assume among the powers of the earth, the separate and equal station to which
+the Laws of Nature and of Nature's God entitle them, a decent respect to the
+opinions of mankind requires that they should declare the causes which impel
+them to the separation.
+
+We hold these truths to be self-evident, that all men are created equal, that
+they are endowed by their Creator with certain unalienable Rights, that among
+these are Life, Liberty, and the pursuit of Happiness. That to secure these
+rights, Governments are instituted among Men, deriving their just powers from
+the consent of the governed. That whenever any Form of Government becomes
+destructive of these ends, it is the Right of the People to alter or to
+abolish it, and to institute new Government, laying its foundation on such
+principles and organizing its powers in such form, as to them shall seem most
+likely to effect their Safety and Happiness.
+""")
+
+class AllOrNothingTest (unittest.TestCase):
+
+    def runTest(self):
+        "Simple test of AllOrNothing"
+
+        from Crypto.Cipher import AES
+        import base64
+
+        # The current AllOrNothing will fail
+        # every so often. Repeat the test
+        # several times to force this.
+        for i in range(50):
+            x = AllOrNothing.AllOrNothing(AES)
+
+            msgblocks = x.digest(text)
+            
+            # get a new undigest-only object so there's no leakage
+            y = AllOrNothing.AllOrNothing(AES)
+            text2 = y.undigest(msgblocks)
+            self.assertEqual(text, text2)
+
+def get_tests(config={}):
+    return [AllOrNothingTest()]
+
+if __name__ == "__main__":
+    unittest.main()
diff --git a/lib/Python/Lib/Crypto/SelfTest/Protocol/test_KDF.py b/lib/Python/Lib/Crypto/SelfTest/Protocol/test_KDF.py
new file mode 100644
index 000000000..119836bb7
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Protocol/test_KDF.py
@@ -0,0 +1,98 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Protocol/test_KDF.py: Self-test for key derivation functions
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+__revision__ = "$Id$"
+
+import unittest
+from binascii import unhexlify
+
+from Crypto.SelfTest.st_common import list_test_cases
+from Crypto.Hash import SHA as SHA1,HMAC
+
+from Crypto.Protocol.KDF import *
+
+def t2b(t): return unhexlify(b(t))
+
+class PBKDF1_Tests(unittest.TestCase):
+
+    # List of tuples with test data.
+    # Each tuple is made up by:
+    #       Item #0: a pass phrase
+    #       Item #1: salt (8 bytes encoded in hex)
+    #       Item #2: output key length
+    #       Item #3: iterations to use
+    #       Item #4: expected result (encoded in hex)
+    _testData = (
+            # From http://www.di-mgt.com.au/cryptoKDFs.html#examplespbkdf
+            ("password","78578E5A5D63CB06",16,1000,"DC19847E05C64D2FAF10EBFB4A3D2A20"),
+    )
+    
+    def test1(self):
+        v = self._testData[0]
+        res = PBKDF1(v[0], t2b(v[1]), v[2], v[3], SHA1)
+        self.assertEqual(res, t2b(v[4]))
+
+class PBKDF2_Tests(unittest.TestCase):
+
+    # List of tuples with test data.
+    # Each tuple is made up by:
+    #       Item #0: a pass phrase
+    #       Item #1: salt (encoded in hex)
+    #       Item #2: output key length
+    #       Item #3: iterations to use
+    #       Item #4: expected result (encoded in hex)
+    _testData = (
+            # From http://www.di-mgt.com.au/cryptoKDFs.html#examplespbkdf
+            ("password","78578E5A5D63CB06",24,2048,"BFDE6BE94DF7E11DD409BCE20A0255EC327CB936FFE93643"),
+            # From RFC 6050
+            ("password","73616c74", 20, 1,          "0c60c80f961f0e71f3a9b524af6012062fe037a6"),
+            ("password","73616c74", 20, 2,          "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"),
+            ("password","73616c74", 20, 4096,       "4b007901b765489abead49d926f721d065a429c1"),
+            ("passwordPASSWORDpassword","73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74",
+                                    25, 4096,       "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038"),
+            ( 'pass\x00word',"7361006c74",16,4096,  "56fa6aa75548099dcc37d7f03425e0c3"),
+    )
+    
+    def test1(self):
+        # Test only for HMAC-SHA1 as PRF
+
+        def prf(p,s):
+            return HMAC.new(p,s,SHA1).digest()
+
+        for i in xrange(len(self._testData)):
+            v = self._testData[i]
+            res  = PBKDF2(v[0], t2b(v[1]), v[2], v[3])
+            res2 = PBKDF2(v[0], t2b(v[1]), v[2], v[3], prf)
+            self.assertEqual(res, t2b(v[4]))
+            self.assertEqual(res, res2)
+
+def get_tests(config={}):
+    tests = []
+    tests += list_test_cases(PBKDF1_Tests)
+    tests += list_test_cases(PBKDF2_Tests)
+    return tests
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4
diff --git a/lib/Python/Lib/Crypto/SelfTest/Protocol/test_chaffing.py b/lib/Python/Lib/Crypto/SelfTest/Protocol/test_chaffing.py
new file mode 100644
index 000000000..5fa012099
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Protocol/test_chaffing.py
@@ -0,0 +1,74 @@
+#
+# Test script for Crypto.Protocol.Chaffing
+#
+# Part of the Python Cryptography Toolkit
+#
+# Written by Andrew Kuchling and others
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+__revision__ = "$Id$"
+
+import unittest
+from Crypto.Protocol import Chaffing
+
+text = """\
+When in the Course of human events, it becomes necessary for one people to
+dissolve the political bands which have connected them with another, and to
+assume among the powers of the earth, the separate and equal station to which
+the Laws of Nature and of Nature's God entitle them, a decent respect to the
+opinions of mankind requires that they should declare the causes which impel
+them to the separation.
+
+We hold these truths to be self-evident, that all men are created equal, that
+they are endowed by their Creator with certain unalienable Rights, that among
+these are Life, Liberty, and the pursuit of Happiness. That to secure these
+rights, Governments are instituted among Men, deriving their just powers from
+the consent of the governed. That whenever any Form of Government becomes
+destructive of these ends, it is the Right of the People to alter or to
+abolish it, and to institute new Government, laying its foundation on such
+principles and organizing its powers in such form, as to them shall seem most
+likely to effect their Safety and Happiness.
+"""
+
+class ChaffingTest (unittest.TestCase):
+
+    def runTest(self):
+        "Simple tests of chaffing and winnowing"
+	# Test constructors
+        Chaffing.Chaff()
+        Chaffing.Chaff(0.5, 1)
+        self.assertRaises(ValueError, Chaffing.Chaff, factor=-1)
+        self.assertRaises(ValueError, Chaffing.Chaff, blocksper=-1)
+
+        data = [(1, 'data1', 'data1'), (2, 'data2', 'data2')]
+        c = Chaffing.Chaff(1.0, 1)
+        c.chaff(data)
+        chaff = c.chaff(data)
+        self.assertEqual(len(chaff), 4)
+
+        c = Chaffing.Chaff(0.0, 1)
+        chaff = c.chaff(data)
+        self.assertEqual(len(chaff), 2)
+
+def get_tests(config={}):
+    return [ChaffingTest()]
+
+if __name__ == "__main__":
+    unittest.main()
diff --git a/lib/Python/Lib/Crypto/SelfTest/Protocol/test_rfc1751.py b/lib/Python/Lib/Crypto/SelfTest/Protocol/test_rfc1751.py
new file mode 100644
index 000000000..0878cc510
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Protocol/test_rfc1751.py
@@ -0,0 +1,62 @@
+#
+# Test script for Crypto.Util.RFC1751.
+#
+# Part of the Python Cryptography Toolkit
+#
+# Written by Andrew Kuchling and others
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+__revision__ = "$Id$"
+
+import binascii
+import unittest
+from Crypto.Util import RFC1751
+from Crypto.Util.py3compat import *
+
+test_data = [('EB33F77EE73D4053', 'TIDE ITCH SLOW REIN RULE MOT'),
+             ('CCAC2AED591056BE4F90FD441C534766',
+              'RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE'),
+             ('EFF81F9BFBC65350920CDD7416DE8009',
+              'TROD MUTE TAIL WARM CHAR KONG HAAG CITY BORE O TEAL AWL')
+             ]
+
+class RFC1751Test_k2e (unittest.TestCase):
+
+    def runTest (self):
+        "Check converting keys to English"
+        for key, words in test_data:
+            key=binascii.a2b_hex(b(key))
+            self.assertEqual(RFC1751.key_to_english(key), words)
+
+class RFC1751Test_e2k (unittest.TestCase):
+
+    def runTest (self):
+        "Check converting English strings to keys"
+        for key, words in test_data:
+            key=binascii.a2b_hex(b(key))
+            self.assertEqual(RFC1751.english_to_key(words), key)
+
+# class RFC1751Test
+
+def get_tests(config={}):
+    return [RFC1751Test_k2e(), RFC1751Test_e2k()]
+
+if __name__ == "__main__":
+    unittest.main()
diff --git a/lib/Python/Lib/Crypto/SelfTest/PublicKey/__init__.py b/lib/Python/Lib/Crypto/SelfTest/PublicKey/__init__.py
new file mode 100644
index 000000000..61ba53f29
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/PublicKey/__init__.py
@@ -0,0 +1,44 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/PublicKey/__init__.py: Self-test for public key crypto
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test for public-key crypto"""
+
+__revision__ = "$Id$"
+
+import os
+
+def get_tests(config={}):
+    tests = []
+    from Crypto.SelfTest.PublicKey import test_DSA;       tests += test_DSA.get_tests(config=config)
+    from Crypto.SelfTest.PublicKey import test_RSA;       tests += test_RSA.get_tests(config=config)
+    from Crypto.SelfTest.PublicKey import test_importKey; tests += test_importKey.get_tests(config=config)
+    from Crypto.SelfTest.PublicKey import test_ElGamal;   tests += test_ElGamal.get_tests(config=config)
+    return tests
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/PublicKey/test_DSA.py b/lib/Python/Lib/Crypto/SelfTest/PublicKey/test_DSA.py
new file mode 100644
index 000000000..b05f69acc
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/PublicKey/test_DSA.py
@@ -0,0 +1,244 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/PublicKey/test_DSA.py: Self-test for the DSA primitive
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.PublicKey.DSA"""
+
+__revision__ = "$Id$"
+
+import sys
+import os
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+from Crypto.Util.py3compat import *
+
+import unittest
+from Crypto.SelfTest.st_common import list_test_cases, a2b_hex, b2a_hex
+
+def _sws(s):
+    """Remove whitespace from a text or byte string"""
+    if isinstance(s,str):
+        return "".join(s.split())
+    else:
+        return b("").join(s.split())
+
+class DSATest(unittest.TestCase):
+    # Test vector from "Appendix 5. Example of the DSA" of
+    # "Digital Signature Standard (DSS)",
+    # U.S. Department of Commerce/National Institute of Standards and Technology
+    # FIPS 186-2 (+Change Notice), 2000 January 27.
+    # http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf
+
+    y = _sws("""19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85
+                9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74
+                858fba33 f44c0669 9630a76b 030ee333""")
+
+    g = _sws("""626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb
+                3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c
+                c42e9f6f 464b088c c572af53 e6d78802""")
+
+    p = _sws("""8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7
+                cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac
+                49693dfb f83724c2 ec0736ee 31c80291""")
+
+    q = _sws("""c773218c 737ec8ee 993b4f2d ed30f48e dace915f""")
+
+    x = _sws("""2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614""")
+
+    k = _sws("""358dad57 1462710f 50e254cf 1a376b2b deaadfbf""")
+    k_inverse = _sws("""0d516729 8202e49b 4116ac10 4fc3f415 ae52f917""")
+    m = b2a_hex(b("abc"))
+    m_hash = _sws("""a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d""")
+    r = _sws("""8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0""")
+    s = _sws("""41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8""")
+
+    def setUp(self):
+        global DSA, Random, bytes_to_long, size
+        from Crypto.PublicKey import DSA
+        from Crypto import Random
+        from Crypto.Util.number import bytes_to_long, inverse, size
+
+        self.dsa = DSA
+
+    def test_generate_1arg(self):
+        """DSA (default implementation) generated key (1 argument)"""
+        dsaObj = self.dsa.generate(1024)
+        self._check_private_key(dsaObj)
+        pub = dsaObj.publickey()
+        self._check_public_key(pub)
+
+    def test_generate_2arg(self):
+        """DSA (default implementation) generated key (2 arguments)"""
+        dsaObj = self.dsa.generate(1024, Random.new().read)
+        self._check_private_key(dsaObj)
+        pub = dsaObj.publickey()
+        self._check_public_key(pub)
+
+    def test_construct_4tuple(self):
+        """DSA (default implementation) constructed key (4-tuple)"""
+        (y, g, p, q) = [bytes_to_long(a2b_hex(param)) for param in (self.y, self.g, self.p, self.q)]
+        dsaObj = self.dsa.construct((y, g, p, q))
+        self._test_verification(dsaObj)
+
+    def test_construct_5tuple(self):
+        """DSA (default implementation) constructed key (5-tuple)"""
+        (y, g, p, q, x) = [bytes_to_long(a2b_hex(param)) for param in (self.y, self.g, self.p, self.q, self.x)]
+        dsaObj = self.dsa.construct((y, g, p, q, x))
+        self._test_signing(dsaObj)
+        self._test_verification(dsaObj)
+
+    def _check_private_key(self, dsaObj):
+        # Check capabilities
+        self.assertEqual(1, dsaObj.has_private())
+        self.assertEqual(1, dsaObj.can_sign())
+        self.assertEqual(0, dsaObj.can_encrypt())
+        self.assertEqual(0, dsaObj.can_blind())
+
+        # Check dsaObj.[ygpqx] -> dsaObj.key.[ygpqx] mapping
+        self.assertEqual(dsaObj.y, dsaObj.key.y)
+        self.assertEqual(dsaObj.g, dsaObj.key.g)
+        self.assertEqual(dsaObj.p, dsaObj.key.p)
+        self.assertEqual(dsaObj.q, dsaObj.key.q)
+        self.assertEqual(dsaObj.x, dsaObj.key.x)
+
+        # Sanity check key data
+        self.assertEqual(1, dsaObj.p > dsaObj.q)            # p > q
+        self.assertEqual(160, size(dsaObj.q))               # size(q) == 160 bits
+        self.assertEqual(0, (dsaObj.p - 1) % dsaObj.q)      # q is a divisor of p-1
+        self.assertEqual(dsaObj.y, pow(dsaObj.g, dsaObj.x, dsaObj.p))     # y == g**x mod p
+        self.assertEqual(1, 0 < dsaObj.x < dsaObj.q)       # 0 < x < q
+
+    def _check_public_key(self, dsaObj):
+        k = a2b_hex(self.k)
+        m_hash = a2b_hex(self.m_hash)
+
+        # Check capabilities
+        self.assertEqual(0, dsaObj.has_private())
+        self.assertEqual(1, dsaObj.can_sign())
+        self.assertEqual(0, dsaObj.can_encrypt())
+        self.assertEqual(0, dsaObj.can_blind())
+
+        # Check dsaObj.[ygpq] -> dsaObj.key.[ygpq] mapping
+        self.assertEqual(dsaObj.y, dsaObj.key.y)
+        self.assertEqual(dsaObj.g, dsaObj.key.g)
+        self.assertEqual(dsaObj.p, dsaObj.key.p)
+        self.assertEqual(dsaObj.q, dsaObj.key.q)
+
+        # Check that private parameters are all missing
+        self.assertEqual(0, hasattr(dsaObj, 'x'))
+        self.assertEqual(0, hasattr(dsaObj.key, 'x'))
+
+        # Sanity check key data
+        self.assertEqual(1, dsaObj.p > dsaObj.q)            # p > q
+        self.assertEqual(160, size(dsaObj.q))               # size(q) == 160 bits
+        self.assertEqual(0, (dsaObj.p - 1) % dsaObj.q)      # q is a divisor of p-1
+
+        # Public-only key objects should raise an error when .sign() is called
+        self.assertRaises(TypeError, dsaObj.sign, m_hash, k)
+
+        # Check __eq__ and __ne__
+        self.assertEqual(dsaObj.publickey() == dsaObj.publickey(),True) # assert_
+        self.assertEqual(dsaObj.publickey() != dsaObj.publickey(),False) # failIf
+
+    def _test_signing(self, dsaObj):
+        k = a2b_hex(self.k)
+        m_hash = a2b_hex(self.m_hash)
+        r = bytes_to_long(a2b_hex(self.r))
+        s = bytes_to_long(a2b_hex(self.s))
+        (r_out, s_out) = dsaObj.sign(m_hash, k)
+        self.assertEqual((r, s), (r_out, s_out))
+
+    def _test_verification(self, dsaObj):
+        m_hash = a2b_hex(self.m_hash)
+        r = bytes_to_long(a2b_hex(self.r))
+        s = bytes_to_long(a2b_hex(self.s))
+        self.assertEqual(1, dsaObj.verify(m_hash, (r, s)))
+        self.assertEqual(0, dsaObj.verify(m_hash + b("\0"), (r, s)))
+
+class DSAFastMathTest(DSATest):
+    def setUp(self):
+        DSATest.setUp(self)
+        self.dsa = DSA.DSAImplementation(use_fast_math=True)
+
+    def test_generate_1arg(self):
+        """DSA (_fastmath implementation) generated key (1 argument)"""
+        DSATest.test_generate_1arg(self)
+
+    def test_generate_2arg(self):
+        """DSA (_fastmath implementation) generated key (2 arguments)"""
+        DSATest.test_generate_2arg(self)
+
+    def test_construct_4tuple(self):
+        """DSA (_fastmath implementation) constructed key (4-tuple)"""
+        DSATest.test_construct_4tuple(self)
+
+    def test_construct_5tuple(self):
+        """DSA (_fastmath implementation) constructed key (5-tuple)"""
+        DSATest.test_construct_5tuple(self)
+
+class DSASlowMathTest(DSATest):
+    def setUp(self):
+        DSATest.setUp(self)
+        self.dsa = DSA.DSAImplementation(use_fast_math=False)
+
+    def test_generate_1arg(self):
+        """DSA (_slowmath implementation) generated key (1 argument)"""
+        DSATest.test_generate_1arg(self)
+
+    def test_generate_2arg(self):
+        """DSA (_slowmath implementation) generated key (2 arguments)"""
+        DSATest.test_generate_2arg(self)
+
+    def test_construct_4tuple(self):
+        """DSA (_slowmath implementation) constructed key (4-tuple)"""
+        DSATest.test_construct_4tuple(self)
+
+    def test_construct_5tuple(self):
+        """DSA (_slowmath implementation) constructed key (5-tuple)"""
+        DSATest.test_construct_5tuple(self)
+
+
+def get_tests(config={}):
+    tests = []
+    tests += list_test_cases(DSATest)
+    try:
+        from Crypto.PublicKey import _fastmath
+        tests += list_test_cases(DSAFastMathTest)
+    except ImportError:
+        from distutils.sysconfig import get_config_var
+        import inspect
+        _fm_path = os.path.normpath(os.path.dirname(os.path.abspath(
+            inspect.getfile(inspect.currentframe())))
+            +"/../../PublicKey/_fastmath"+get_config_var("SO"))
+        if os.path.exists(_fm_path):
+            raise ImportError("While the _fastmath module exists, importing "+
+                "it failed. This may point to the gmp or mpir shared library "+
+                "not being in the path. _fastmath was found at "+_fm_path)
+    tests += list_test_cases(DSASlowMathTest)
+    return tests
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/PublicKey/test_ElGamal.py b/lib/Python/Lib/Crypto/SelfTest/PublicKey/test_ElGamal.py
new file mode 100644
index 000000000..cdee8cf67
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/PublicKey/test_ElGamal.py
@@ -0,0 +1,210 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/PublicKey/test_ElGamal.py: Self-test for the ElGamal primitive
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.PublicKey.ElGamal"""
+
+__revision__ = "$Id$"
+
+import unittest
+from Crypto.SelfTest.st_common import list_test_cases, a2b_hex, b2a_hex
+from Crypto import Random
+from Crypto.PublicKey import ElGamal
+from Crypto.Util.number import *
+from Crypto.Util.py3compat import *
+
+class ElGamalTest(unittest.TestCase):
+
+    #
+    # Test vectors
+    #
+    # There seem to be no real ElGamal test vectors available in the
+    # public domain. The following test vectors have been generated
+    # with libgcrypt 1.5.0.
+    #
+    # Encryption
+    tve=[
+        {
+        # 256 bits
+        'p'  :'BA4CAEAAED8CBE952AFD2126C63EB3B345D65C2A0A73D2A3AD4138B6D09BD933',
+        'g'  :'05',
+        'y'  :'60D063600ECED7C7C55146020E7A31C4476E9793BEAED420FEC9E77604CAE4EF',
+        'x'  :'1D391BA2EE3C37FE1BA175A69B2C73A11238AD77675932',
+        'k'  :'F5893C5BAB4131264066F57AB3D8AD89E391A0B68A68A1',
+        'pt' :'48656C6C6F207468657265',
+        'ct1':'32BFD5F487966CEA9E9356715788C491EC515E4ED48B58F0F00971E93AAA5EC7',
+        'ct2':'7BE8FBFF317C93E82FCEF9BD515284BA506603FEA25D01C0CB874A31F315EE68'
+        },
+
+        {
+        # 512 bits
+        'p'  :'F1B18AE9F7B4E08FDA9A04832F4E919D89462FD31BF12F92791A93519F75076D6CE3942689CDFF2F344CAFF0F82D01864F69F3AECF566C774CBACF728B81A227',
+        'g'  :'07',
+        'y'  :'688628C676E4F05D630E1BE39D0066178CA7AA83836B645DE5ADD359B4825A12B02EF4252E4E6FA9BEC1DB0BE90F6D7C8629CABB6E531F472B2664868156E20C',
+        'x'  :'14E60B1BDFD33436C0DA8A22FDC14A2CCDBBED0627CE68',
+        'k'  :'38DBF14E1F319BDA9BAB33EEEADCAF6B2EA5250577ACE7',
+        'pt' :'48656C6C6F207468657265',
+        'ct1':'290F8530C2CC312EC46178724F196F308AD4C523CEABB001FACB0506BFED676083FE0F27AC688B5C749AB3CB8A80CD6F7094DBA421FB19442F5A413E06A9772B',
+        'ct2':'1D69AAAD1DC50493FB1B8E8721D621D683F3BF1321BE21BC4A43E11B40C9D4D9C80DE3AAC2AB60D31782B16B61112E68220889D53C4C3136EE6F6CE61F8A23A0'
+        }
+    ]
+
+    # Signature
+    tvs=[
+        {
+        # 256 bits
+        'p'  :'D2F3C41EA66530838A704A48FFAC9334F4701ECE3A97CEE4C69DD01AE7129DD7',
+        'g'  :'05',
+        'y'  :'C3F9417DC0DAFEA6A05C1D2333B7A95E63B3F4F28CC962254B3256984D1012E7',
+        'x'  :'165E4A39BE44D5A2D8B1332D416BC559616F536BC735BB',
+        'k'  :'C7F0C794A7EAD726E25A47FF8928013680E73C51DD3D7D99BFDA8F492585928F',
+        'h'  :'48656C6C6F207468657265',
+        'sig1':'35CA98133779E2073EF31165AFCDEB764DD54E96ADE851715495F9C635E1E7C2',
+        'sig2':'0135B88B1151279FE5D8078D4FC685EE81177EE9802AB123A73925FC1CB059A7',
+        },
+        {
+        # 512 bits
+        'p'  :'E24CF3A4B8A6AF749DCA6D714282FE4AABEEE44A53BB6ED15FBE32B5D3C3EF9CC4124A2ECA331F3C1C1B667ACA3766825217E7B5F9856648D95F05330C6A19CF',
+        'g'  :'0B',
+        'y'  :'2AD3A1049CA5D4ED207B2431C79A8719BB4073D4A94E450EA6CEE8A760EB07ADB67C0D52C275EE85D7B52789061EE45F2F37D9B2AE522A51C28329766BFE68AC',
+        'x'  :'16CBB4F46D9ECCF24FF9F7E63CAA3BD8936341555062AB',
+        'k'  :'8A3D89A4E429FD2476D7D717251FB79BF900FFE77444E6BB8299DC3F84D0DD57ABAB50732AE158EA52F5B9E7D8813E81FD9F79470AE22F8F1CF9AEC820A78C69',
+        'h'  :'48656C6C6F207468657265',
+        'sig1':'BE001AABAFFF976EC9016198FBFEA14CBEF96B000CCC0063D3324016F9E91FE80D8F9325812ED24DDB2B4D4CF4430B169880B3CE88313B53255BD4EC0378586F',
+        'sig2':'5E266F3F837BA204E3BBB6DBECC0611429D96F8C7CE8F4EFDF9D4CB681C2A954468A357BF4242CEC7418B51DFC081BCD21299EF5B5A0DDEF3A139A1817503DDE',
+        }
+    ]
+
+    def test_generate_128(self):
+        self._test_random_key(128)
+
+    def test_generate_512(self):
+        self._test_random_key(512)
+
+    def test_encryption(self):
+        for tv in self.tve:
+            for as_longs in (0,1):
+                d = self.convert_tv(tv, as_longs)
+                key = ElGamal.construct(d['key'])
+                ct = key.encrypt(d['pt'], d['k'])
+                self.assertEquals(ct[0], d['ct1'])
+                self.assertEquals(ct[1], d['ct2'])
+
+    def test_decryption(self):
+        for tv in self.tve:
+            for as_longs in (0,1):
+                d = self.convert_tv(tv, as_longs)
+                key = ElGamal.construct(d['key'])
+                pt = key.decrypt((d['ct1'], d['ct2']))
+                self.assertEquals(pt, d['pt'])
+
+    def test_signing(self):
+        for tv in self.tvs:
+            for as_longs in (0,1):
+                d = self.convert_tv(tv, as_longs)
+                key = ElGamal.construct(d['key'])
+                sig1, sig2 = key.sign(d['h'], d['k'])
+                self.assertEquals(sig1, d['sig1'])
+                self.assertEquals(sig2, d['sig2'])
+
+    def test_verification(self):
+        for tv in self.tvs:
+            for as_longs in (0,1):
+                d = self.convert_tv(tv, as_longs)
+                key = ElGamal.construct(d['key'])
+                # Positive test
+                res = key.verify( d['h'], (d['sig1'],d['sig2']) )
+                self.failUnless(res)
+                # Negative test
+                res = key.verify( d['h'], (d['sig1']+1,d['sig2']) )
+                self.failIf(res)
+
+    def convert_tv(self, tv, as_longs=0):
+        """Convert a test vector from textual form (hexadecimal ascii
+        to either integers or byte strings."""
+        key_comps = 'p','g','y','x'
+        tv2 = {}
+        for c in tv.keys():
+            tv2[c] = a2b_hex(tv[c])
+            if as_longs or c in key_comps or c in ('sig1','sig2'):
+                tv2[c] = bytes_to_long(tv2[c])
+        tv2['key']=[]
+        for c in key_comps:
+            tv2['key'] += [tv2[c]]
+            del tv2[c]
+        return tv2
+ 
+    def _test_random_key(self, bits):
+        elgObj = ElGamal.generate(bits, Random.new().read)
+        self._check_private_key(elgObj)
+        self._exercise_primitive(elgObj)
+        pub = elgObj.publickey()
+        self._check_public_key(pub)
+        self._exercise_public_primitive(elgObj)
+
+    def _check_private_key(self, elgObj):
+
+        # Check capabilities
+        self.failUnless(elgObj.has_private())
+        self.failUnless(elgObj.can_sign())
+        self.failUnless(elgObj.can_encrypt())
+
+        # Sanity check key data
+        self.failUnless(1<elgObj.g<(elgObj.p-1))
+        self.assertEquals(pow(elgObj.g, elgObj.p-1, elgObj.p), 1)
+        self.failUnless(1<elgObj.x<(elgObj.p-1))
+        self.assertEquals(pow(elgObj.g, elgObj.x, elgObj.p), elgObj.y)
+
+    def _check_public_key(self, elgObj):
+
+        # Check capabilities
+        self.failIf(elgObj.has_private())
+        self.failUnless(elgObj.can_sign())
+        self.failUnless(elgObj.can_encrypt())
+
+        # Sanity check key data
+        self.failUnless(1<elgObj.g<(elgObj.p-1))
+        self.assertEquals(pow(elgObj.g, elgObj.p-1, elgObj.p), 1)
+
+    def _exercise_primitive(self, elgObj):
+        # Test encryption/decryption
+        plaintext = b("Test")
+        ciphertext = elgObj.encrypt(plaintext, 123456789L)
+        plaintextP = elgObj.decrypt(ciphertext)
+        self.assertEquals(plaintext, plaintextP)
+
+        # Test signature/verification
+        signature = elgObj.sign(plaintext, 987654321L)
+        elgObj.verify(plaintext, signature)
+
+    def _exercise_public_primitive(self, elgObj):
+        plaintext = b("Test")
+        ciphertext = elgObj.encrypt(plaintext, 123456789L)
+
+def get_tests(config={}):
+    tests = []
+    tests += list_test_cases(ElGamalTest)
+    return tests
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
diff --git a/lib/Python/Lib/Crypto/SelfTest/PublicKey/test_RSA.py b/lib/Python/Lib/Crypto/SelfTest/PublicKey/test_RSA.py
new file mode 100644
index 000000000..c971042b2
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/PublicKey/test_RSA.py
@@ -0,0 +1,415 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/PublicKey/test_RSA.py: Self-test for the RSA primitive
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.PublicKey.RSA"""
+
+__revision__ = "$Id$"
+
+import sys
+import os
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+from Crypto.Util.py3compat import *
+
+import unittest
+from Crypto.SelfTest.st_common import list_test_cases, a2b_hex, b2a_hex
+
+class RSATest(unittest.TestCase):
+    # Test vectors from "RSA-OAEP and RSA-PSS test vectors (.zip file)"
+    #   ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip
+    # See RSADSI's PKCS#1 page at
+    #   http://www.rsa.com/rsalabs/node.asp?id=2125
+
+    # from oaep-int.txt
+
+    # TODO: PyCrypto treats the message as starting *after* the leading "00"
+    # TODO: That behaviour should probably be changed in the future.
+    plaintext = """
+           eb 7a 19 ac e9 e3 00 63 50 e3 29 50 4b 45 e2
+        ca 82 31 0b 26 dc d8 7d 5c 68 f1 ee a8 f5 52 67
+        c3 1b 2e 8b b4 25 1f 84 d7 e0 b2 c0 46 26 f5 af
+        f9 3e dc fb 25 c9 c2 b3 ff 8a e1 0e 83 9a 2d db
+        4c dc fe 4f f4 77 28 b4 a1 b7 c1 36 2b aa d2 9a
+        b4 8d 28 69 d5 02 41 21 43 58 11 59 1b e3 92 f9
+        82 fb 3e 87 d0 95 ae b4 04 48 db 97 2f 3a c1 4f
+        7b c2 75 19 52 81 ce 32 d2 f1 b7 6d 4d 35 3e 2d
+    """
+
+    ciphertext = """
+        12 53 e0 4d c0 a5 39 7b b4 4a 7a b8 7e 9b f2 a0
+        39 a3 3d 1e 99 6f c8 2a 94 cc d3 00 74 c9 5d f7
+        63 72 20 17 06 9e 52 68 da 5d 1c 0b 4f 87 2c f6
+        53 c1 1d f8 23 14 a6 79 68 df ea e2 8d ef 04 bb
+        6d 84 b1 c3 1d 65 4a 19 70 e5 78 3b d6 eb 96 a0
+        24 c2 ca 2f 4a 90 fe 9f 2e f5 c9 c1 40 e5 bb 48
+        da 95 36 ad 87 00 c8 4f c9 13 0a de a7 4e 55 8d
+        51 a7 4d df 85 d8 b5 0d e9 68 38 d6 06 3e 09 55
+    """
+
+    modulus = """
+        bb f8 2f 09 06 82 ce 9c 23 38 ac 2b 9d a8 71 f7
+        36 8d 07 ee d4 10 43 a4 40 d6 b6 f0 74 54 f5 1f
+        b8 df ba af 03 5c 02 ab 61 ea 48 ce eb 6f cd 48
+        76 ed 52 0d 60 e1 ec 46 19 71 9d 8a 5b 8b 80 7f
+        af b8 e0 a3 df c7 37 72 3e e6 b4 b7 d9 3a 25 84
+        ee 6a 64 9d 06 09 53 74 88 34 b2 45 45 98 39 4e
+        e0 aa b1 2d 7b 61 a5 1f 52 7a 9a 41 f6 c1 68 7f
+        e2 53 72 98 ca 2a 8f 59 46 f8 e5 fd 09 1d bd cb
+    """
+
+    e = 0x11L    # public exponent
+
+    prime_factor = """
+        c9 7f b1 f0 27 f4 53 f6 34 12 33 ea aa d1 d9 35
+        3f 6c 42 d0 88 66 b1 d0 5a 0f 20 35 02 8b 9d 86
+        98 40 b4 16 66 b4 2e 92 ea 0d a3 b4 32 04 b5 cf
+        ce 33 52 52 4d 04 16 a5 a4 41 e7 00 af 46 15 03
+    """
+
+    def setUp(self):
+        global RSA, Random, bytes_to_long
+        from Crypto.PublicKey import RSA
+        from Crypto import Random
+        from Crypto.Util.number import bytes_to_long, inverse
+        self.n = bytes_to_long(a2b_hex(self.modulus))
+        self.p = bytes_to_long(a2b_hex(self.prime_factor))
+
+        # Compute q, d, and u from n, e, and p
+        self.q = divmod(self.n, self.p)[0]
+        self.d = inverse(self.e, (self.p-1)*(self.q-1))
+        self.u = inverse(self.p, self.q)    # u = e**-1 (mod q)
+
+        self.rsa = RSA
+
+    def test_generate_1arg(self):
+        """RSA (default implementation) generated key (1 argument)"""
+        rsaObj = self.rsa.generate(1024)
+        self._check_private_key(rsaObj)
+        self._exercise_primitive(rsaObj)
+        pub = rsaObj.publickey()
+        self._check_public_key(pub)
+        self._exercise_public_primitive(rsaObj)
+
+    def test_generate_2arg(self):
+        """RSA (default implementation) generated key (2 arguments)"""
+        rsaObj = self.rsa.generate(1024, Random.new().read)
+        self._check_private_key(rsaObj)
+        self._exercise_primitive(rsaObj)
+        pub = rsaObj.publickey()
+        self._check_public_key(pub)
+        self._exercise_public_primitive(rsaObj)
+
+    def test_generate_3args(self):
+        rsaObj = self.rsa.generate(1024, Random.new().read,e=65537)
+        self._check_private_key(rsaObj)
+        self._exercise_primitive(rsaObj)
+        pub = rsaObj.publickey()
+        self._check_public_key(pub)
+        self._exercise_public_primitive(rsaObj)
+        self.assertEqual(65537,rsaObj.e)
+
+    def test_construct_2tuple(self):
+        """RSA (default implementation) constructed key (2-tuple)"""
+        pub = self.rsa.construct((self.n, self.e))
+        self._check_public_key(pub)
+        self._check_encryption(pub)
+        self._check_verification(pub)
+
+    def test_construct_3tuple(self):
+        """RSA (default implementation) constructed key (3-tuple)"""
+        rsaObj = self.rsa.construct((self.n, self.e, self.d))
+        self._check_encryption(rsaObj)
+        self._check_decryption(rsaObj)
+        self._check_signing(rsaObj)
+        self._check_verification(rsaObj)
+
+    def test_construct_4tuple(self):
+        """RSA (default implementation) constructed key (4-tuple)"""
+        rsaObj = self.rsa.construct((self.n, self.e, self.d, self.p))
+        self._check_encryption(rsaObj)
+        self._check_decryption(rsaObj)
+        self._check_signing(rsaObj)
+        self._check_verification(rsaObj)
+
+    def test_construct_5tuple(self):
+        """RSA (default implementation) constructed key (5-tuple)"""
+        rsaObj = self.rsa.construct((self.n, self.e, self.d, self.p, self.q))
+        self._check_private_key(rsaObj)
+        self._check_encryption(rsaObj)
+        self._check_decryption(rsaObj)
+        self._check_signing(rsaObj)
+        self._check_verification(rsaObj)
+
+    def test_construct_6tuple(self):
+        """RSA (default implementation) constructed key (6-tuple)"""
+        rsaObj = self.rsa.construct((self.n, self.e, self.d, self.p, self.q, self.u))
+        self._check_private_key(rsaObj)
+        self._check_encryption(rsaObj)
+        self._check_decryption(rsaObj)
+        self._check_signing(rsaObj)
+        self._check_verification(rsaObj)
+
+    def test_factoring(self):
+        rsaObj = self.rsa.construct([self.n, self.e, self.d])
+        self.failUnless(rsaObj.p==self.p or rsaObj.p==self.q)
+        self.failUnless(rsaObj.q==self.p or rsaObj.q==self.q)
+        self.failUnless(rsaObj.q*rsaObj.p == self.n)
+
+        self.assertRaises(ValueError, self.rsa.construct, [self.n, self.e, self.n-1])
+
+    def _check_private_key(self, rsaObj):
+        # Check capabilities
+        self.assertEqual(1, rsaObj.has_private())
+        self.assertEqual(1, rsaObj.can_sign())
+        self.assertEqual(1, rsaObj.can_encrypt())
+        self.assertEqual(1, rsaObj.can_blind())
+
+        # Check rsaObj.[nedpqu] -> rsaObj.key.[nedpqu] mapping
+        self.assertEqual(rsaObj.n, rsaObj.key.n)
+        self.assertEqual(rsaObj.e, rsaObj.key.e)
+        self.assertEqual(rsaObj.d, rsaObj.key.d)
+        self.assertEqual(rsaObj.p, rsaObj.key.p)
+        self.assertEqual(rsaObj.q, rsaObj.key.q)
+        self.assertEqual(rsaObj.u, rsaObj.key.u)
+
+        # Sanity check key data
+        self.assertEqual(rsaObj.n, rsaObj.p * rsaObj.q)     # n = pq
+        self.assertEqual(1, rsaObj.d * rsaObj.e % ((rsaObj.p-1) * (rsaObj.q-1))) # ed = 1 (mod (p-1)(q-1))
+        self.assertEqual(1, rsaObj.p * rsaObj.u % rsaObj.q) # pu = 1 (mod q)
+        self.assertEqual(1, rsaObj.p > 1)   # p > 1
+        self.assertEqual(1, rsaObj.q > 1)   # q > 1
+        self.assertEqual(1, rsaObj.e > 1)   # e > 1
+        self.assertEqual(1, rsaObj.d > 1)   # d > 1
+
+    def _check_public_key(self, rsaObj):
+        ciphertext = a2b_hex(self.ciphertext)
+
+        # Check capabilities
+        self.assertEqual(0, rsaObj.has_private())
+        self.assertEqual(1, rsaObj.can_sign())
+        self.assertEqual(1, rsaObj.can_encrypt())
+        self.assertEqual(1, rsaObj.can_blind())
+
+        # Check rsaObj.[ne] -> rsaObj.key.[ne] mapping
+        self.assertEqual(rsaObj.n, rsaObj.key.n)
+        self.assertEqual(rsaObj.e, rsaObj.key.e)
+
+        # Check that private parameters are all missing
+        self.assertEqual(0, hasattr(rsaObj, 'd'))
+        self.assertEqual(0, hasattr(rsaObj, 'p'))
+        self.assertEqual(0, hasattr(rsaObj, 'q'))
+        self.assertEqual(0, hasattr(rsaObj, 'u'))
+        self.assertEqual(0, hasattr(rsaObj.key, 'd'))
+        self.assertEqual(0, hasattr(rsaObj.key, 'p'))
+        self.assertEqual(0, hasattr(rsaObj.key, 'q'))
+        self.assertEqual(0, hasattr(rsaObj.key, 'u'))
+
+        # Sanity check key data
+        self.assertEqual(1, rsaObj.e > 1)   # e > 1
+
+        # Public keys should not be able to sign or decrypt
+        self.assertRaises(TypeError, rsaObj.sign, ciphertext, b(""))
+        self.assertRaises(TypeError, rsaObj.decrypt, ciphertext)
+
+        # Check __eq__ and __ne__
+        self.assertEqual(rsaObj.publickey() == rsaObj.publickey(),True) # assert_
+        self.assertEqual(rsaObj.publickey() != rsaObj.publickey(),False) # failIf
+
+    def _exercise_primitive(self, rsaObj):
+        # Since we're using a randomly-generated key, we can't check the test
+        # vector, but we can make sure encryption and decryption are inverse
+        # operations.
+        ciphertext = a2b_hex(self.ciphertext)
+
+        # Test decryption
+        plaintext = rsaObj.decrypt((ciphertext,))
+
+        # Test encryption (2 arguments)
+        (new_ciphertext2,) = rsaObj.encrypt(plaintext, b(""))
+        self.assertEqual(b2a_hex(ciphertext), b2a_hex(new_ciphertext2))
+
+        # Test blinded decryption
+        blinding_factor = Random.new().read(len(ciphertext)-1)
+        blinded_ctext = rsaObj.blind(ciphertext, blinding_factor)
+        blinded_ptext = rsaObj.decrypt((blinded_ctext,))
+        unblinded_plaintext = rsaObj.unblind(blinded_ptext, blinding_factor)
+        self.assertEqual(b2a_hex(plaintext), b2a_hex(unblinded_plaintext))
+
+        # Test signing (2 arguments)
+        signature2 = rsaObj.sign(ciphertext, b(""))
+        self.assertEqual((bytes_to_long(plaintext),), signature2)
+
+        # Test verification
+        self.assertEqual(1, rsaObj.verify(ciphertext, (bytes_to_long(plaintext),)))
+
+    def _exercise_public_primitive(self, rsaObj):
+        plaintext = a2b_hex(self.plaintext)
+
+        # Test encryption (2 arguments)
+        (new_ciphertext2,) = rsaObj.encrypt(plaintext, b(""))
+
+        # Exercise verification
+        rsaObj.verify(new_ciphertext2, (bytes_to_long(plaintext),))
+
+    def _check_encryption(self, rsaObj):
+        plaintext = a2b_hex(self.plaintext)
+        ciphertext = a2b_hex(self.ciphertext)
+
+        # Test encryption (2 arguments)
+        (new_ciphertext2,) = rsaObj.encrypt(plaintext, b(""))
+        self.assertEqual(b2a_hex(ciphertext), b2a_hex(new_ciphertext2))
+
+    def _check_decryption(self, rsaObj):
+        plaintext = a2b_hex(self.plaintext)
+        ciphertext = a2b_hex(self.ciphertext)
+
+        # Test plain decryption
+        new_plaintext = rsaObj.decrypt((ciphertext,))
+        self.assertEqual(b2a_hex(plaintext), b2a_hex(new_plaintext))
+
+        # Test blinded decryption
+        blinding_factor = Random.new().read(len(ciphertext)-1)
+        blinded_ctext = rsaObj.blind(ciphertext, blinding_factor)
+        blinded_ptext = rsaObj.decrypt((blinded_ctext,))
+        unblinded_plaintext = rsaObj.unblind(blinded_ptext, blinding_factor)
+        self.assertEqual(b2a_hex(plaintext), b2a_hex(unblinded_plaintext))
+
+    def _check_verification(self, rsaObj):
+        signature = bytes_to_long(a2b_hex(self.plaintext))
+        message = a2b_hex(self.ciphertext)
+
+        # Test verification
+        t = (signature,)     # rsaObj.verify expects a tuple
+        self.assertEqual(1, rsaObj.verify(message, t))
+
+        # Test verification with overlong tuple (this is a
+        # backward-compatibility hack to support some harmless misuse of the
+        # API)
+        t2 = (signature, '')
+        self.assertEqual(1, rsaObj.verify(message, t2)) # extra garbage at end of tuple
+
+    def _check_signing(self, rsaObj):
+        signature = bytes_to_long(a2b_hex(self.plaintext))
+        message = a2b_hex(self.ciphertext)
+
+        # Test signing (2 argument)
+        self.assertEqual((signature,), rsaObj.sign(message, b("")))
+
+class RSAFastMathTest(RSATest):
+    def setUp(self):
+        RSATest.setUp(self)
+        self.rsa = RSA.RSAImplementation(use_fast_math=True)
+
+    def test_generate_1arg(self):
+        """RSA (_fastmath implementation) generated key (1 argument)"""
+        RSATest.test_generate_1arg(self)
+
+    def test_generate_2arg(self):
+        """RSA (_fastmath implementation) generated key (2 arguments)"""
+        RSATest.test_generate_2arg(self)
+
+    def test_construct_2tuple(self):
+        """RSA (_fastmath implementation) constructed key (2-tuple)"""
+        RSATest.test_construct_2tuple(self)
+
+    def test_construct_3tuple(self):
+        """RSA (_fastmath implementation) constructed key (3-tuple)"""
+        RSATest.test_construct_3tuple(self)
+
+    def test_construct_4tuple(self):
+        """RSA (_fastmath implementation) constructed key (4-tuple)"""
+        RSATest.test_construct_4tuple(self)
+
+    def test_construct_5tuple(self):
+        """RSA (_fastmath implementation) constructed key (5-tuple)"""
+        RSATest.test_construct_5tuple(self)
+
+    def test_construct_6tuple(self):
+        """RSA (_fastmath implementation) constructed key (6-tuple)"""
+        RSATest.test_construct_6tuple(self)
+
+    def test_factoring(self):
+        RSATest.test_factoring(self)
+
+class RSASlowMathTest(RSATest):
+    def setUp(self):
+        RSATest.setUp(self)
+        self.rsa = RSA.RSAImplementation(use_fast_math=False)
+
+    def test_generate_1arg(self):
+        """RSA (_slowmath implementation) generated key (1 argument)"""
+        RSATest.test_generate_1arg(self)
+
+    def test_generate_2arg(self):
+        """RSA (_slowmath implementation) generated key (2 arguments)"""
+        RSATest.test_generate_2arg(self)
+
+    def test_construct_2tuple(self):
+        """RSA (_slowmath implementation) constructed key (2-tuple)"""
+        RSATest.test_construct_2tuple(self)
+
+    def test_construct_3tuple(self):
+        """RSA (_slowmath implementation) constructed key (3-tuple)"""
+        RSATest.test_construct_3tuple(self)
+
+    def test_construct_4tuple(self):
+        """RSA (_slowmath implementation) constructed key (4-tuple)"""
+        RSATest.test_construct_4tuple(self)
+
+    def test_construct_5tuple(self):
+        """RSA (_slowmath implementation) constructed key (5-tuple)"""
+        RSATest.test_construct_5tuple(self)
+
+    def test_construct_6tuple(self):
+        """RSA (_slowmath implementation) constructed key (6-tuple)"""
+        RSATest.test_construct_6tuple(self)
+
+    def test_factoring(self):
+        RSATest.test_factoring(self)
+
+def get_tests(config={}):
+    tests = []
+    tests += list_test_cases(RSATest)
+    try:
+        from Crypto.PublicKey import _fastmath
+        tests += list_test_cases(RSAFastMathTest)
+    except ImportError:
+        from distutils.sysconfig import get_config_var
+        import inspect
+        _fm_path = os.path.normpath(os.path.dirname(os.path.abspath(
+            inspect.getfile(inspect.currentframe())))
+            +"/../../PublicKey/_fastmath"+get_config_var("SO"))
+        if os.path.exists(_fm_path):
+            raise ImportError("While the _fastmath module exists, importing "+
+                "it failed. This may point to the gmp or mpir shared library "+
+                "not being in the path. _fastmath was found at "+_fm_path)
+    if config.get('slow_tests',1):
+        tests += list_test_cases(RSASlowMathTest)
+    return tests
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/PublicKey/test_importKey.py b/lib/Python/Lib/Crypto/SelfTest/PublicKey/test_importKey.py
new file mode 100644
index 000000000..28a7eee88
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/PublicKey/test_importKey.py
@@ -0,0 +1,345 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/PublicKey/test_importKey.py: Self-test for importing RSA keys
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+from __future__ import nested_scopes
+
+__revision__ = "$Id$"
+
+import unittest
+
+from Crypto.PublicKey import RSA
+from Crypto.SelfTest.st_common import *
+from Crypto.Util.py3compat import *
+from Crypto.Util.number import inverse
+from Crypto.Util import asn1
+
+def der2pem(der, text='PUBLIC'):
+    import binascii
+    chunks = [ binascii.b2a_base64(der[i:i+48]) for i in range(0, len(der), 48) ]
+    pem  = b('-----BEGIN %s KEY-----\n' % text)
+    pem += b('').join(chunks)
+    pem += b('-----END %s KEY-----' % text)
+    return pem
+
+class ImportKeyTests(unittest.TestCase):
+    # 512-bit RSA key generated with openssl
+    rsaKeyPEM = u'''-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBAL8eJ5AKoIsjURpcEoGubZMxLD7+kT+TLr7UkvEtFrRhDDKMtuII
+q19FrL4pUIMymPMSLBn3hJLe30Dw48GQM4UCAwEAAQJACUSDEp8RTe32ftq8IwG8
+Wojl5mAd1wFiIOrZ/Uv8b963WJOJiuQcVN29vxU5+My9GPZ7RA3hrDBEAoHUDPrI
+OQIhAPIPLz4dphiD9imAkivY31Rc5AfHJiQRA7XixTcjEkojAiEAyh/pJHks/Mlr
++rdPNEpotBjfV4M4BkgGAA/ipcmaAjcCIQCHvhwwKVBLzzTscT2HeUdEeBMoiXXK
+JACAr3sJQJGxIQIgarRp+m1WSKV1MciwMaTOnbU7wxFs9DP1pva76lYBzgUCIQC9
+n0CnZCJ6IZYqSt0H5N7+Q+2Ro64nuwV/OSQfM6sBwQ==
+-----END RSA PRIVATE KEY-----'''
+
+    # As above, but this is actually an unencrypted PKCS#8 key
+    rsaKeyPEM8 = u'''-----BEGIN PRIVATE KEY-----
+MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAvx4nkAqgiyNRGlwS
+ga5tkzEsPv6RP5MuvtSS8S0WtGEMMoy24girX0WsvilQgzKY8xIsGfeEkt7fQPDj
+wZAzhQIDAQABAkAJRIMSnxFN7fZ+2rwjAbxaiOXmYB3XAWIg6tn9S/xv3rdYk4mK
+5BxU3b2/FTn4zL0Y9ntEDeGsMEQCgdQM+sg5AiEA8g8vPh2mGIP2KYCSK9jfVFzk
+B8cmJBEDteLFNyMSSiMCIQDKH+kkeSz8yWv6t080Smi0GN9XgzgGSAYAD+KlyZoC
+NwIhAIe+HDApUEvPNOxxPYd5R0R4EyiJdcokAICvewlAkbEhAiBqtGn6bVZIpXUx
+yLAxpM6dtTvDEWz0M/Wm9rvqVgHOBQIhAL2fQKdkInohlipK3Qfk3v5D7ZGjrie7
+BX85JB8zqwHB
+-----END PRIVATE KEY-----'''
+
+    # The same RSA private key as in rsaKeyPEM, but now encrypted
+    rsaKeyEncryptedPEM=(
+            
+        # With DES and passphrase 'test'
+        ('test', u'''-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,AF8F9A40BD2FA2FC
+
+Ckl9ex1kaVEWhYC2QBmfaF+YPiR4NFkRXA7nj3dcnuFEzBnY5XULupqQpQI3qbfA
+u8GYS7+b3toWWiHZivHbAAUBPDIZG9hKDyB9Sq2VMARGsX1yW1zhNvZLIiVJzUHs
+C6NxQ1IJWOXzTew/xM2I26kPwHIvadq+/VaT8gLQdjdH0jOiVNaevjWnLgrn1mLP
+BCNRMdcexozWtAFNNqSzfW58MJL2OdMi21ED184EFytIc1BlB+FZiGZduwKGuaKy
+9bMbdb/1PSvsSzPsqW7KSSrTw6MgJAFJg6lzIYvR5F4poTVBxwBX3+EyEmShiaNY
+IRX3TgQI0IjrVuLmvlZKbGWP18FXj7I7k9tSsNOOzllTTdq3ny5vgM3A+ynfAaxp
+dysKznQ6P+IoqML1WxAID4aGRMWka+uArOJ148Rbj9s=
+-----END RSA PRIVATE KEY-----''',
+        "\xAF\x8F\x9A\x40\xBD\x2F\xA2\xFC"),
+
+        # With Triple-DES and passphrase 'rocking'
+        ('rocking', u'''-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C05D6C07F7FC02F6
+
+w4lwQrXaVoTTJ0GgwY566htTA2/t1YlimhxkxYt9AEeCcidS5M0Wq9ClPiPz9O7F
+m6K5QpM1rxo1RUE/ZyI85gglRNPdNwkeTOqit+kum7nN73AToX17+irVmOA4Z9E+
+4O07t91GxGMcjUSIFk0ucwEU4jgxRvYscbvOMvNbuZszGdVNzBTVddnShKCsy9i7
+nJbPlXeEKYi/OkRgO4PtfqqWQu5GIEFVUf9ev1QV7AvC+kyWTR1wWYnHX265jU5c
+sopxQQtP8XEHIJEdd5/p1oieRcWTCNyY8EkslxDSsrf0OtZp6mZH9N+KU47cgQtt
+9qGORmlWnsIoFFKcDohbtOaWBTKhkj5h6OkLjFjfU/sBeV1c+7wDT3dAy5tawXjG
+YSxC7qDQIT/RECvV3+oQKEcmpEujn45wAnkTi12BH30=
+-----END RSA PRIVATE KEY-----''',
+        "\xC0\x5D\x6C\x07\xF7\xFC\x02\xF6"),
+    )
+
+    rsaPublicKeyPEM = u'''-----BEGIN PUBLIC KEY-----
+MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL8eJ5AKoIsjURpcEoGubZMxLD7+kT+T
+Lr7UkvEtFrRhDDKMtuIIq19FrL4pUIMymPMSLBn3hJLe30Dw48GQM4UCAwEAAQ==
+-----END PUBLIC KEY-----'''
+
+    # Obtained using 'ssh-keygen -i -m PKCS8 -f rsaPublicKeyPEM'
+    rsaPublicKeyOpenSSH = '''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/HieQCqCLI1EaXBKBrm2TMSw+/pE/ky6+1JLxLRa0YQwyjLbiCKtfRay+KVCDMpjzEiwZ94SS3t9A8OPBkDOF comment\n'''
+
+    # The private key, in PKCS#1 format encoded with DER
+    rsaKeyDER = a2b_hex(
+    '''3082013b020100024100bf1e27900aa08b23511a5c1281ae6d93312c3efe
+    913f932ebed492f12d16b4610c328cb6e208ab5f45acbe2950833298f312
+    2c19f78492dedf40f0e3c190338502030100010240094483129f114dedf6
+    7edabc2301bc5a88e5e6601dd7016220ead9fd4bfc6fdeb75893898ae41c
+    54ddbdbf1539f8ccbd18f67b440de1ac30440281d40cfac839022100f20f
+    2f3e1da61883f62980922bd8df545ce407c726241103b5e2c53723124a23
+    022100ca1fe924792cfcc96bfab74f344a68b418df578338064806000fe2
+    a5c99a023702210087be1c3029504bcf34ec713d877947447813288975ca
+    240080af7b094091b12102206ab469fa6d5648a57531c8b031a4ce9db53b
+    c3116cf433f5a6f6bbea5601ce05022100bd9f40a764227a21962a4add07
+    e4defe43ed91a3ae27bb057f39241f33ab01c1
+    '''.replace(" ",""))
+
+    # The private key, in unencrypted PKCS#8 format encoded with DER
+    rsaKeyDER8 = a2b_hex(
+    '''30820155020100300d06092a864886f70d01010105000482013f3082013
+    b020100024100bf1e27900aa08b23511a5c1281ae6d93312c3efe913f932
+    ebed492f12d16b4610c328cb6e208ab5f45acbe2950833298f3122c19f78
+    492dedf40f0e3c190338502030100010240094483129f114dedf67edabc2
+    301bc5a88e5e6601dd7016220ead9fd4bfc6fdeb75893898ae41c54ddbdb
+    f1539f8ccbd18f67b440de1ac30440281d40cfac839022100f20f2f3e1da
+    61883f62980922bd8df545ce407c726241103b5e2c53723124a23022100c
+    a1fe924792cfcc96bfab74f344a68b418df578338064806000fe2a5c99a0
+    23702210087be1c3029504bcf34ec713d877947447813288975ca240080a
+    f7b094091b12102206ab469fa6d5648a57531c8b031a4ce9db53bc3116cf
+    433f5a6f6bbea5601ce05022100bd9f40a764227a21962a4add07e4defe4
+    3ed91a3ae27bb057f39241f33ab01c1
+    '''.replace(" ",""))
+
+    rsaPublicKeyDER = a2b_hex(
+    '''305c300d06092a864886f70d0101010500034b003048024100bf1e27900a
+    a08b23511a5c1281ae6d93312c3efe913f932ebed492f12d16b4610c328c
+    b6e208ab5f45acbe2950833298f3122c19f78492dedf40f0e3c190338502
+    03010001
+    '''.replace(" ",""))
+
+    n = long('BF 1E 27 90 0A A0 8B 23 51 1A 5C 12 81 AE 6D 93 31 2C 3E FE 91 3F 93 2E BE D4 92 F1 2D 16 B4 61 0C 32 8C B6 E2 08 AB 5F 45 AC BE 29 50 83 32 98 F3 12 2C 19 F7 84 92 DE DF 40 F0 E3 C1 90 33 85'.replace(" ",""),16)
+    e = 65537L
+    d = long('09 44 83 12 9F 11 4D ED F6 7E DA BC 23 01 BC 5A 88 E5 E6 60 1D D7 01 62 20 EA D9 FD 4B FC 6F DE B7 58 93 89 8A E4 1C 54 DD BD BF 15 39 F8 CC BD 18 F6 7B 44 0D E1 AC 30 44 02 81 D4 0C FA C8 39'.replace(" ",""),16)
+    p = long('00 F2 0F 2F 3E 1D A6 18 83 F6 29 80 92 2B D8 DF 54 5C E4 07 C7 26 24 11 03 B5 E2 C5 37 23 12 4A 23'.replace(" ",""),16)
+    q = long('00 CA 1F E9 24 79 2C FC C9 6B FA B7 4F 34 4A 68 B4 18 DF 57 83 38 06 48 06 00 0F E2 A5 C9 9A 02 37'.replace(" ",""),16)
+
+    # This is q^{-1} mod p). fastmath and slowmath use pInv (p^{-1}
+    # mod q) instead!
+    qInv = long('00 BD 9F 40 A7 64 22 7A 21 96 2A 4A DD 07 E4 DE FE 43 ED 91 A3 AE 27 BB 05 7F 39 24 1F 33 AB 01 C1'.replace(" ",""),16)
+    pInv = inverse(p,q)
+
+    def testImportKey1(self):
+        """Verify import of RSAPrivateKey DER SEQUENCE"""
+        key = self.rsa.importKey(self.rsaKeyDER)
+        self.failUnless(key.has_private())
+        self.assertEqual(key.n, self.n)
+        self.assertEqual(key.e, self.e)
+        self.assertEqual(key.d, self.d)
+        self.assertEqual(key.p, self.p)
+        self.assertEqual(key.q, self.q)
+
+    def testImportKey2(self):
+        """Verify import of SubjectPublicKeyInfo DER SEQUENCE"""
+        key = self.rsa.importKey(self.rsaPublicKeyDER)
+        self.failIf(key.has_private())
+        self.assertEqual(key.n, self.n)
+        self.assertEqual(key.e, self.e)
+
+    def testImportKey3unicode(self):
+        """Verify import of RSAPrivateKey DER SEQUENCE, encoded with PEM as unicode"""
+        key = RSA.importKey(self.rsaKeyPEM)
+        self.assertEqual(key.has_private(),True) # assert_
+        self.assertEqual(key.n, self.n)
+        self.assertEqual(key.e, self.e)
+        self.assertEqual(key.d, self.d)
+        self.assertEqual(key.p, self.p)
+        self.assertEqual(key.q, self.q)
+
+    def testImportKey3bytes(self):
+        """Verify import of RSAPrivateKey DER SEQUENCE, encoded with PEM as byte string"""
+        key = RSA.importKey(b(self.rsaKeyPEM))
+        self.assertEqual(key.has_private(),True) # assert_
+        self.assertEqual(key.n, self.n)
+        self.assertEqual(key.e, self.e)
+        self.assertEqual(key.d, self.d)
+        self.assertEqual(key.p, self.p)
+        self.assertEqual(key.q, self.q)
+
+    def testImportKey4unicode(self):
+        """Verify import of RSAPrivateKey DER SEQUENCE, encoded with PEM as unicode"""
+        key = RSA.importKey(self.rsaPublicKeyPEM)
+        self.assertEqual(key.has_private(),False) # failIf
+        self.assertEqual(key.n, self.n)
+        self.assertEqual(key.e, self.e)
+
+    def testImportKey4bytes(self):
+        """Verify import of SubjectPublicKeyInfo DER SEQUENCE, encoded with PEM as byte string"""
+        key = RSA.importKey(b(self.rsaPublicKeyPEM))
+        self.assertEqual(key.has_private(),False) # failIf
+        self.assertEqual(key.n, self.n)
+        self.assertEqual(key.e, self.e)
+
+    def testImportKey5(self):
+        """Verifies that the imported key is still a valid RSA pair"""
+        key = RSA.importKey(self.rsaKeyPEM)
+        idem = key.encrypt(key.decrypt(b("Test")),0)
+        self.assertEqual(idem[0],b("Test"))
+
+    def testImportKey6(self):
+        """Verifies that the imported key is still a valid RSA pair"""
+        key = RSA.importKey(self.rsaKeyDER)
+        idem = key.encrypt(key.decrypt(b("Test")),0)
+        self.assertEqual(idem[0],b("Test"))
+
+    def testImportKey7(self):
+        """Verify import of OpenSSH public key"""
+        key = self.rsa.importKey(self.rsaPublicKeyOpenSSH)
+        self.assertEqual(key.n, self.n)
+        self.assertEqual(key.e, self.e)
+
+    def testImportKey8(self):
+        """Verify import of encrypted PrivateKeyInfo DER SEQUENCE"""
+        for t in self.rsaKeyEncryptedPEM:
+            key = self.rsa.importKey(t[1], t[0])
+            self.failUnless(key.has_private())
+            self.assertEqual(key.n, self.n)
+            self.assertEqual(key.e, self.e)
+            self.assertEqual(key.d, self.d)
+            self.assertEqual(key.p, self.p)
+            self.assertEqual(key.q, self.q)
+
+    def testImportKey9(self):
+        """Verify import of unencrypted PrivateKeyInfo DER SEQUENCE"""
+        key = self.rsa.importKey(self.rsaKeyDER8)
+        self.failUnless(key.has_private())
+        self.assertEqual(key.n, self.n)
+        self.assertEqual(key.e, self.e)
+        self.assertEqual(key.d, self.d)
+        self.assertEqual(key.p, self.p)
+        self.assertEqual(key.q, self.q)
+
+    def testImportKey10(self):
+        """Verify import of unencrypted PrivateKeyInfo DER SEQUENCE, encoded with PEM"""
+        key = self.rsa.importKey(self.rsaKeyPEM8)
+        self.failUnless(key.has_private())
+        self.assertEqual(key.n, self.n)
+        self.assertEqual(key.e, self.e)
+        self.assertEqual(key.d, self.d)
+        self.assertEqual(key.p, self.p)
+        self.assertEqual(key.q, self.q)
+
+    def testImportKey11(self):
+        """Verify import of RSAPublicKey DER SEQUENCE"""
+        der = asn1.DerSequence([17, 3]).encode()
+        key = self.rsa.importKey(der)
+        self.assertEqual(key.n, 17)
+        self.assertEqual(key.e, 3)
+
+    def testImportKey12(self):
+        """Verify import of RSAPublicKey DER SEQUENCE, encoded with PEM"""
+        der = asn1.DerSequence([17, 3]).encode()
+        pem = der2pem(der)
+        key = self.rsa.importKey(pem)
+        self.assertEqual(key.n, 17)
+        self.assertEqual(key.e, 3)
+
+    ###
+    def testExportKey1(self):
+        key = self.rsa.construct([self.n, self.e, self.d, self.p, self.q, self.pInv])
+        derKey = key.exportKey("DER")
+        self.assertEqual(derKey, self.rsaKeyDER)
+
+    def testExportKey2(self):
+        key = self.rsa.construct([self.n, self.e])
+        derKey = key.exportKey("DER")
+        self.assertEqual(derKey, self.rsaPublicKeyDER)
+
+    def testExportKey3(self):
+        key = self.rsa.construct([self.n, self.e, self.d, self.p, self.q, self.pInv])
+        pemKey = key.exportKey("PEM")
+        self.assertEqual(pemKey, b(self.rsaKeyPEM))
+
+    def testExportKey4(self):
+        key = self.rsa.construct([self.n, self.e])
+        pemKey = key.exportKey("PEM")
+        self.assertEqual(pemKey, b(self.rsaPublicKeyPEM))
+
+    def testExportKey5(self):
+        key = self.rsa.construct([self.n, self.e])
+        openssh_1 = key.exportKey("OpenSSH").split()
+        openssh_2 = self.rsaPublicKeyOpenSSH.split()
+        self.assertEqual(openssh_1[0], openssh_2[0])
+        self.assertEqual(openssh_1[1], openssh_2[1])
+
+    def testExportKey4(self):
+        key = self.rsa.construct([self.n, self.e, self.d, self.p, self.q, self.pInv])
+        # Tuple with index #1 is encrypted with 3DES
+        t = map(b,self.rsaKeyEncryptedPEM[1])
+        # Force the salt being used when exporting
+        key._randfunc = lambda N: (t[2]*divmod(N+len(t[2]),len(t[2]))[0])[:N]
+        pemKey = key.exportKey("PEM", t[0])
+        self.assertEqual(pemKey, t[1])
+
+    def testExportKey5(self):
+        key = self.rsa.construct([self.n, self.e, self.d, self.p, self.q, self.pInv])
+        derKey = key.exportKey("DER", pkcs=8)
+        self.assertEqual(derKey, self.rsaKeyDER8)
+
+    def testExportKey6(self):
+        key = self.rsa.construct([self.n, self.e, self.d, self.p, self.q, self.pInv])
+        pemKey = key.exportKey("PEM", pkcs=8)
+        self.assertEqual(pemKey, b(self.rsaKeyPEM8))
+
+class ImportKeyTestsSlow(ImportKeyTests):
+    def setUp(self):
+        self.rsa = RSA.RSAImplementation(use_fast_math=0)
+
+class ImportKeyTestsFast(ImportKeyTests):
+    def setUp(self):
+        self.rsa = RSA.RSAImplementation(use_fast_math=1)
+
+if __name__ == '__main__':
+    unittest.main()
+
+def get_tests(config={}):
+    tests = []
+    try:
+        from Crypto.PublicKey import _fastmath
+        tests += list_test_cases(ImportKeyTestsFast)
+    except ImportError:
+        pass
+    tests += list_test_cases(ImportKeyTestsSlow)
+    return tests
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Random/Fortuna/__init__.py b/lib/Python/Lib/Crypto/SelfTest/Random/Fortuna/__init__.py
new file mode 100644
index 000000000..81a0e13c1
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Random/Fortuna/__init__.py
@@ -0,0 +1,44 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Random/Fortuna/__init__.py: Self-test for Fortuna modules
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test for the Crypto.Random.Fortuna package"""
+
+__revision__ = "$Id$"
+
+import os
+
+def get_tests(config={}):
+    tests = []
+    from Crypto.SelfTest.Random.Fortuna import test_FortunaAccumulator; tests += test_FortunaAccumulator.get_tests(config=config)
+    from Crypto.SelfTest.Random.Fortuna import test_FortunaGenerator;   tests += test_FortunaGenerator.get_tests(config=config)
+    from Crypto.SelfTest.Random.Fortuna import test_SHAd256;            tests += test_SHAd256.get_tests(config=config)
+    return tests
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Random/Fortuna/test_FortunaAccumulator.py b/lib/Python/Lib/Crypto/SelfTest/Random/Fortuna/test_FortunaAccumulator.py
new file mode 100644
index 000000000..c4e6ccf2b
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Random/Fortuna/test_FortunaAccumulator.py
@@ -0,0 +1,189 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Random/Fortuna/test_FortunaAccumulator.py: Self-test for the FortunaAccumulator module
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-tests for Crypto.Random.Fortuna.FortunaAccumulator"""
+
+__revision__ = "$Id$"
+
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+from Crypto.Util.py3compat import *
+
+import unittest
+from binascii import b2a_hex
+
+class FortunaAccumulatorTests(unittest.TestCase):
+    def setUp(self):
+        global FortunaAccumulator
+        from Crypto.Random.Fortuna import FortunaAccumulator
+
+    def test_FortunaPool(self):
+        """FortunaAccumulator.FortunaPool"""
+        pool = FortunaAccumulator.FortunaPool()
+        self.assertEqual(0, pool.length)
+        self.assertEqual("5df6e0e2761359d30a8275058e299fcc0381534545f55cf43e41983f5d4c9456", pool.hexdigest())
+
+        pool.append(b('abc'))
+
+        self.assertEqual(3, pool.length)
+        self.assertEqual("4f8b42c22dd3729b519ba6f68d2da7cc5b2d606d05daed5ad5128cc03e6c6358", pool.hexdigest())
+
+        pool.append(b("dbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"))
+
+        self.assertEqual(56, pool.length)
+        self.assertEqual(b('0cffe17f68954dac3a84fb1458bd5ec99209449749b2b308b7cb55812f9563af'), b2a_hex(pool.digest()))
+
+        pool.reset()
+
+        self.assertEqual(0, pool.length)
+
+        pool.append(b('a') * 10**6)
+
+        self.assertEqual(10**6, pool.length)
+        self.assertEqual(b('80d1189477563e1b5206b2749f1afe4807e5705e8bd77887a60187a712156688'), b2a_hex(pool.digest()))
+
+    def test_which_pools(self):
+        """FortunaAccumulator.which_pools"""
+
+        # which_pools(0) should fail
+        self.assertRaises(AssertionError, FortunaAccumulator.which_pools, 0)
+
+        self.assertEqual(FortunaAccumulator.which_pools(1), [0])
+        self.assertEqual(FortunaAccumulator.which_pools(2), [0, 1])
+        self.assertEqual(FortunaAccumulator.which_pools(3), [0])
+        self.assertEqual(FortunaAccumulator.which_pools(4), [0, 1, 2])
+        self.assertEqual(FortunaAccumulator.which_pools(5), [0])
+        self.assertEqual(FortunaAccumulator.which_pools(6), [0, 1])
+        self.assertEqual(FortunaAccumulator.which_pools(7), [0])
+        self.assertEqual(FortunaAccumulator.which_pools(8), [0, 1, 2, 3])
+        for i in range(1, 32):
+            self.assertEqual(FortunaAccumulator.which_pools(2L**i-1), [0])
+            self.assertEqual(FortunaAccumulator.which_pools(2L**i), range(i+1))
+            self.assertEqual(FortunaAccumulator.which_pools(2L**i+1), [0])
+        self.assertEqual(FortunaAccumulator.which_pools(2L**31), range(32))
+        self.assertEqual(FortunaAccumulator.which_pools(2L**32), range(32))
+        self.assertEqual(FortunaAccumulator.which_pools(2L**33), range(32))
+        self.assertEqual(FortunaAccumulator.which_pools(2L**34), range(32))
+        self.assertEqual(FortunaAccumulator.which_pools(2L**35), range(32))
+        self.assertEqual(FortunaAccumulator.which_pools(2L**36), range(32))
+        self.assertEqual(FortunaAccumulator.which_pools(2L**64), range(32))
+        self.assertEqual(FortunaAccumulator.which_pools(2L**128), range(32))
+
+    def test_accumulator(self):
+        """FortunaAccumulator.FortunaAccumulator"""
+        fa = FortunaAccumulator.FortunaAccumulator()
+
+        # This should fail, because we haven't seeded the PRNG yet
+        self.assertRaises(AssertionError, fa.random_data, 1)
+
+        # Spread some test data across the pools (source number 42)
+        # This would be horribly insecure in a real system.
+        for p in range(32):
+            fa.add_random_event(42, p, b("X") * 32)
+            self.assertEqual(32+2, fa.pools[p].length)
+
+        # This should still fail, because we haven't seeded the PRNG with 64 bytes yet
+        self.assertRaises(AssertionError, fa.random_data, 1)
+
+        # Add more data
+        for p in range(32):
+            fa.add_random_event(42, p, b("X") * 32)
+            self.assertEqual((32+2)*2, fa.pools[p].length)
+
+        # The underlying RandomGenerator should get seeded with Pool 0
+        #   s = SHAd256(chr(42) + chr(32) + "X"*32 + chr(42) + chr(32) + "X"*32)
+        #     = SHA256(h'edd546f057b389155a31c32e3975e736c1dec030ddebb137014ecbfb32ed8c6f')
+        #     = h'aef42a5dcbddab67e8efa118e1b47fde5d697f89beb971b99e6e8e5e89fbf064'
+        # The counter and the key before reseeding is:
+        #   C_0 = 0
+        #   K_0 = "\x00" * 32
+        # The counter after reseeding is 1, and the new key after reseeding is
+        #   C_1 = 1
+        #   K_1 = SHAd256(K_0 || s)
+        #       = SHA256(h'0eae3e401389fab86640327ac919ecfcb067359d95469e18995ca889abc119a6')
+        #       = h'aafe9d0409fbaaafeb0a1f2ef2014a20953349d3c1c6e6e3b962953bea6184dd'
+        # The first block of random data, therefore, is
+        #   r_1 = AES-256(K_1, 1)
+        #       = AES-256(K_1, h'01000000000000000000000000000000')
+        #       = h'b7b86bd9a27d96d7bb4add1b6b10d157'
+        # The second block of random data is
+        #   r_2 = AES-256(K_1, 2)
+        #       = AES-256(K_1, h'02000000000000000000000000000000')
+        #       = h'2350b1c61253db2f8da233be726dc15f'
+        # The third and fourth blocks of random data (which become the new key) are
+        #   r_3 = AES-256(K_1, 3)
+        #       = AES-256(K_1, h'03000000000000000000000000000000')
+        #       = h'f23ad749f33066ff53d307914fbf5b21'
+        #   r_4 = AES-256(K_1, 4)
+        #       = AES-256(K_1, h'04000000000000000000000000000000')
+        #       = h'da9667c7e86ba247655c9490e9d94a7c'
+        #   K_2 = r_3 || r_4
+        #       = h'f23ad749f33066ff53d307914fbf5b21da9667c7e86ba247655c9490e9d94a7c'
+        # The final counter value is 5.
+        self.assertEqual("aef42a5dcbddab67e8efa118e1b47fde5d697f89beb971b99e6e8e5e89fbf064",
+            fa.pools[0].hexdigest())
+        self.assertEqual(None, fa.generator.key)
+        self.assertEqual(0, fa.generator.counter.next_value())
+
+        result = fa.random_data(32)
+
+        self.assertEqual(b("b7b86bd9a27d96d7bb4add1b6b10d157" "2350b1c61253db2f8da233be726dc15f"), b2a_hex(result))
+        self.assertEqual(b("f23ad749f33066ff53d307914fbf5b21da9667c7e86ba247655c9490e9d94a7c"), b2a_hex(fa.generator.key))
+        self.assertEqual(5, fa.generator.counter.next_value())
+
+    def test_accumulator_pool_length(self):
+        """FortunaAccumulator.FortunaAccumulator minimum pool length"""
+        fa = FortunaAccumulator.FortunaAccumulator()
+
+        # This test case is hard-coded to assume that FortunaAccumulator.min_pool_size is 64.
+        self.assertEqual(fa.min_pool_size, 64)
+
+        # The PRNG should not allow us to get random data from it yet
+        self.assertRaises(AssertionError, fa.random_data, 1)
+
+        # Add 60 bytes, 4 at a time (2 header + 2 payload) to each of the 32 pools
+        for i in range(15):
+            for p in range(32):
+                # Add the bytes to the pool
+                fa.add_random_event(2, p, b("XX"))
+
+                # The PRNG should not allow us to get random data from it yet
+                self.assertRaises(AssertionError, fa.random_data, 1)
+
+        # Add 4 more bytes to pool 0
+        fa.add_random_event(2, 0, b("XX"))
+
+        # We should now be able to get data from the accumulator
+        fa.random_data(1)
+
+def get_tests(config={}):
+    from Crypto.SelfTest.st_common import list_test_cases
+    return list_test_cases(FortunaAccumulatorTests)
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Random/Fortuna/test_FortunaGenerator.py b/lib/Python/Lib/Crypto/SelfTest/Random/Fortuna/test_FortunaGenerator.py
new file mode 100644
index 000000000..d41bb022a
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Random/Fortuna/test_FortunaGenerator.py
@@ -0,0 +1,83 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Random/Fortuna/test_FortunaGenerator.py: Self-test for the FortunaGenerator module
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-tests for Crypto.Random.Fortuna.FortunaGenerator"""
+
+__revision__ = "$Id$"
+
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+from Crypto.Util.py3compat import *
+
+import unittest
+from binascii import b2a_hex
+
+class FortunaGeneratorTests(unittest.TestCase):
+    def setUp(self):
+        global FortunaGenerator
+        from Crypto.Random.Fortuna import FortunaGenerator
+
+    def test_generator(self):
+        """FortunaGenerator.AESGenerator"""
+        fg = FortunaGenerator.AESGenerator()
+
+        # We shouldn't be able to read data until we've seeded the generator
+        self.assertRaises(Exception, fg.pseudo_random_data, 1)
+        self.assertEqual(0, fg.counter.next_value())
+
+        # Seed the generator, which should set the key and increment the counter.
+        fg.reseed(b("Hello"))
+        self.assertEqual(b("0ea6919d4361551364242a4ba890f8f073676e82cf1a52bb880f7e496648b565"), b2a_hex(fg.key))
+        self.assertEqual(1, fg.counter.next_value())
+
+        # Read 2 full blocks from the generator
+        self.assertEqual(b("7cbe2c17684ac223d08969ee8b565616") +       # counter=1
+                         b("717661c0d2f4758bd6ba140bf3791abd"),        # counter=2
+            b2a_hex(fg.pseudo_random_data(32)))
+
+        # Meanwhile, the generator will have re-keyed itself and incremented its counter
+        self.assertEqual(b("33a1bb21987859caf2bbfc5615bef56d") +       # counter=3
+                         b("e6b71ff9f37112d0c193a135160862b7"),        # counter=4
+            b2a_hex(fg.key))
+        self.assertEqual(5, fg.counter.next_value())
+
+        # Read another 2 blocks from the generator
+        self.assertEqual(b("fd6648ba3086e919cee34904ef09a7ff") +       # counter=5
+                         b("021f77580558b8c3e9248275f23042bf"),        # counter=6
+            b2a_hex(fg.pseudo_random_data(32)))
+
+
+        # Try to read more than 2**20 bytes using the internal function.  This should fail.
+        self.assertRaises(AssertionError, fg._pseudo_random_data, 2**20+1)
+
+def get_tests(config={}):
+    from Crypto.SelfTest.st_common import list_test_cases
+    return list_test_cases(FortunaGeneratorTests)
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Random/Fortuna/test_SHAd256.py b/lib/Python/Lib/Crypto/SelfTest/Random/Fortuna/test_SHAd256.py
new file mode 100644
index 000000000..f94db8a9b
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Random/Fortuna/test_SHAd256.py
@@ -0,0 +1,55 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Random/Fortuna/test_SHAd256.py: Self-test for the SHAd256 hash function
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Random.Fortuna.SHAd256"""
+
+__revision__ = "$Id$"
+from Crypto.Util.py3compat import *
+
+# This is a list of (expected_result, input[, description]) tuples.
+test_data = [
+    # I could not find any test vectors for SHAd256, so I made these vectors by
+    # feeding some sample data into several plain SHA256 implementations
+    # (including OpenSSL, the "sha256sum" tool, and this implementation).
+    # This is a subset of the resulting test vectors.  The complete list can be
+    # found at: http://www.dlitz.net/crypto/shad256-test-vectors/
+    ('5df6e0e2761359d30a8275058e299fcc0381534545f55cf43e41983f5d4c9456',
+        '', "'' (empty string)"),
+    ('4f8b42c22dd3729b519ba6f68d2da7cc5b2d606d05daed5ad5128cc03e6c6358',
+        'abc'),
+    ('0cffe17f68954dac3a84fb1458bd5ec99209449749b2b308b7cb55812f9563af',
+        'abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq')
+]
+
+def get_tests(config={}):
+    from Crypto.Random.Fortuna import SHAd256
+    from Crypto.SelfTest.Hash.common import make_hash_tests
+    return make_hash_tests(SHAd256, "SHAd256", test_data, 32)
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/__init__.py b/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/__init__.py
new file mode 100644
index 000000000..44b3fa157
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/__init__.py
@@ -0,0 +1,49 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Random/OSRNG/__init__.py: Self-test for OSRNG modules
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test for Crypto.Random.OSRNG package"""
+
+__revision__ = "$Id$"
+
+import os
+
+def get_tests(config={}):
+    tests = []
+    if os.name == 'nt':
+        from Crypto.SelfTest.Random.OSRNG import test_nt;        tests += test_nt.get_tests(config=config)
+        from Crypto.SelfTest.Random.OSRNG import test_winrandom; tests += test_winrandom.get_tests(config=config)
+    elif os.name == 'posix':
+        from Crypto.SelfTest.Random.OSRNG import test_posix;     tests += test_posix.get_tests(config=config)
+    if hasattr(os, 'urandom'):
+        from Crypto.SelfTest.Random.OSRNG import test_fallback;      tests += test_fallback.get_tests(config=config)
+    from Crypto.SelfTest.Random.OSRNG import test_generic;       tests += test_generic.get_tests(config=config)
+    return tests
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/test_fallback.py b/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/test_fallback.py
new file mode 100644
index 000000000..41909b0a4
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/test_fallback.py
@@ -0,0 +1,48 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Util/test_fallback.py: Self-test for the OSRNG.fallback.new() function
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Random.OSRNG.fallback"""
+
+__revision__ = "$Id$"
+
+import unittest
+
+class SimpleTest(unittest.TestCase):
+    def runTest(self):
+        """Crypto.Random.OSRNG.fallback.new()"""
+        # Import the OSRNG.nt module and try to use it
+        import Crypto.Random.OSRNG.fallback
+        randobj = Crypto.Random.OSRNG.fallback.new()
+        x = randobj.read(16)
+        y = randobj.read(16)
+        self.assertNotEqual(x, y)
+
+def get_tests(config={}):
+    return [SimpleTest()]
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/test_generic.py b/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/test_generic.py
new file mode 100644
index 000000000..2a409741e
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/test_generic.py
@@ -0,0 +1,48 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Util/test_generic.py: Self-test for the OSRNG.new() function
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Random.OSRNG"""
+
+__revision__ = "$Id$"
+
+import unittest
+
+class SimpleTest(unittest.TestCase):
+    def runTest(self):
+        """Crypto.Random.OSRNG.new()"""
+        # Import the OSRNG module and try to use it
+        import Crypto.Random.OSRNG
+        randobj = Crypto.Random.OSRNG.new()
+        x = randobj.read(16)
+        y = randobj.read(16)
+        self.assertNotEqual(x, y)
+
+def get_tests(config={}):
+    return [SimpleTest()]
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/test_nt.py b/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/test_nt.py
new file mode 100644
index 000000000..a7a833859
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/test_nt.py
@@ -0,0 +1,48 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Util/test_generic.py: Self-test for the OSRNG.nt.new() function
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Random.OSRNG.nt"""
+
+__revision__ = "$Id$"
+
+import unittest
+
+class SimpleTest(unittest.TestCase):
+    def runTest(self):
+        """Crypto.Random.OSRNG.nt.new()"""
+        # Import the OSRNG.nt module and try to use it
+        import Crypto.Random.OSRNG.nt
+        randobj = Crypto.Random.OSRNG.nt.new()
+        x = randobj.read(16)
+        y = randobj.read(16)
+        self.assertNotEqual(x, y)
+
+def get_tests(config={}):
+    return [SimpleTest()]
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/test_posix.py b/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/test_posix.py
new file mode 100644
index 000000000..2224afe61
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/test_posix.py
@@ -0,0 +1,48 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Util/test_posix.py: Self-test for the OSRNG.posix.new() function
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Random.OSRNG.posix"""
+
+__revision__ = "$Id$"
+
+import unittest
+
+class SimpleTest(unittest.TestCase):
+    def runTest(self):
+        """Crypto.Random.OSRNG.posix.new()"""
+        # Import the OSRNG.nt module and try to use it
+        import Crypto.Random.OSRNG.posix
+        randobj = Crypto.Random.OSRNG.posix.new()
+        x = randobj.read(16)
+        y = randobj.read(16)
+        self.assertNotEqual(x, y)
+
+def get_tests(config={}):
+    return [SimpleTest()]
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/test_winrandom.py b/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/test_winrandom.py
new file mode 100644
index 000000000..3010eb725
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Random/OSRNG/test_winrandom.py
@@ -0,0 +1,48 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Util/test_winrandom.py: Self-test for the winrandom module
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Random.OSRNG.winrandom"""
+
+__revision__ = "$Id$"
+
+import unittest
+
+class SimpleTest(unittest.TestCase):
+    def runTest(self):
+        """Crypto.Random.OSRNG.winrandom"""
+        # Import the winrandom module and try to use it
+        from Crypto.Random.OSRNG import winrandom
+        randobj = winrandom.new()
+        x = randobj.get_bytes(16)
+        y = randobj.get_bytes(16)
+        self.assertNotEqual(x, y)
+
+def get_tests(config={}):
+    return [SimpleTest()]
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Random/__init__.py b/lib/Python/Lib/Crypto/SelfTest/Random/__init__.py
new file mode 100644
index 000000000..f972bf0bf
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Random/__init__.py
@@ -0,0 +1,43 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Random/__init__.py: Self-test for random number generation modules
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test for random number generators"""
+
+__revision__ = "$Id$"
+
+def get_tests(config={}):
+    tests = []
+    from Crypto.SelfTest.Random import Fortuna;             tests += Fortuna.get_tests(config=config)
+    from Crypto.SelfTest.Random import OSRNG;               tests += OSRNG.get_tests(config=config)
+    from Crypto.SelfTest.Random import test_random;         tests += test_random.get_tests(config=config)
+    from Crypto.SelfTest.Random import test_rpoolcompat;    tests += test_rpoolcompat.get_tests(config=config)
+    from Crypto.SelfTest.Random import test__UserFriendlyRNG; tests += test__UserFriendlyRNG.get_tests(config=config)
+    return tests
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Random/test__UserFriendlyRNG.py b/lib/Python/Lib/Crypto/SelfTest/Random/test__UserFriendlyRNG.py
new file mode 100644
index 000000000..771a6635d
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Random/test__UserFriendlyRNG.py
@@ -0,0 +1,171 @@
+# -*- coding: utf-8 -*-
+# Self-tests for the user-friendly Crypto.Random interface
+#
+# Written in 2013 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for generic Crypto.Random stuff """
+
+from __future__ import nested_scopes
+
+__revision__ = "$Id$"
+
+import binascii
+import pprint
+import unittest
+import os
+import time
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+from Crypto.Util.py3compat import *
+
+try:
+    import multiprocessing
+except ImportError:
+    multiprocessing = None
+
+import Crypto.Random._UserFriendlyRNG
+import Crypto.Random.random
+
+class RNGForkTest(unittest.TestCase):
+
+    def _get_reseed_count(self):
+        """
+        Get `FortunaAccumulator.reseed_count`, the global count of the
+        number of times that the PRNG has been reseeded.
+        """
+        rng_singleton = Crypto.Random._UserFriendlyRNG._get_singleton()
+        rng_singleton._lock.acquire()
+        try:
+            return rng_singleton._fa.reseed_count
+        finally:
+            rng_singleton._lock.release()
+
+    def runTest(self):
+        # Regression test for CVE-2013-1445.  We had a bug where, under the
+        # right conditions, two processes might see the same random sequence.
+
+        if sys.platform.startswith('win'):  # windows can't fork
+            assert not hasattr(os, 'fork')    # ... right?
+            return
+
+        # Wait 150 ms so that we don't trigger the rate-limit prematurely.
+        time.sleep(0.15)
+
+        reseed_count_before = self._get_reseed_count()
+
+        # One or both of these calls together should trigger a reseed right here.
+        Crypto.Random._UserFriendlyRNG._get_singleton().reinit()
+        Crypto.Random.get_random_bytes(1)
+
+        reseed_count_after = self._get_reseed_count()
+        self.assertNotEqual(reseed_count_before, reseed_count_after)  # sanity check: test should reseed parent before forking
+
+        rfiles = []
+        for i in range(10):
+            rfd, wfd = os.pipe()
+            if os.fork() == 0:
+                # child
+                os.close(rfd)
+                f = os.fdopen(wfd, "wb")
+
+                Crypto.Random.atfork()
+
+                data = Crypto.Random.get_random_bytes(16)
+
+                f.write(data)
+                f.close()
+                os._exit(0)
+            # parent
+            os.close(wfd)
+            rfiles.append(os.fdopen(rfd, "rb"))
+
+        results = []
+        results_dict = {}
+        for f in rfiles:
+            data = binascii.hexlify(f.read())
+            results.append(data)
+            results_dict[data] = 1
+            f.close()
+
+        if len(results) != len(results_dict.keys()):
+            raise AssertionError("RNG output duplicated across fork():\n%s" %
+                                 (pprint.pformat(results)))
+
+
+# For RNGMultiprocessingForkTest
+def _task_main(q):
+    a = Crypto.Random.get_random_bytes(16)
+    time.sleep(0.1)     # wait 100 ms
+    b = Crypto.Random.get_random_bytes(16)
+    q.put(binascii.b2a_hex(a))
+    q.put(binascii.b2a_hex(b))
+    q.put(None)      # Wait for acknowledgment
+
+
+class RNGMultiprocessingForkTest(unittest.TestCase):
+
+    def runTest(self):
+        # Another regression test for CVE-2013-1445.  This is basically the
+        # same as RNGForkTest, but less compatible with old versions of Python,
+        # and a little easier to read.
+
+        n_procs = 5
+        manager = multiprocessing.Manager()
+        queues = [manager.Queue(1) for i in range(n_procs)]
+
+        # Reseed the pool
+        time.sleep(0.15)
+        Crypto.Random._UserFriendlyRNG._get_singleton().reinit()
+        Crypto.Random.get_random_bytes(1)
+
+        # Start the child processes
+        pool = multiprocessing.Pool(processes=n_procs, initializer=Crypto.Random.atfork)
+        map_result = pool.map_async(_task_main, queues)
+
+        # Get the results, ensuring that no pool processes are reused.
+        aa = [queues[i].get(30) for i in range(n_procs)]
+        bb = [queues[i].get(30) for i in range(n_procs)]
+        res = list(zip(aa, bb))
+
+        # Shut down the pool
+        map_result.get(30)
+        pool.close()
+        pool.join()
+
+        # Check that the results are unique
+        if len(set(aa)) != len(aa) or len(set(res)) != len(res):
+            raise AssertionError("RNG output duplicated across fork():\n%s" %
+                                 (pprint.pformat(res),))
+
+
+def get_tests(config={}):
+    tests = []
+    tests += [RNGForkTest()]
+    if multiprocessing is not None:
+        tests += [RNGMultiprocessingForkTest()]
+    return tests
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Random/test_random.py b/lib/Python/Lib/Crypto/SelfTest/Random/test_random.py
new file mode 100644
index 000000000..f9ffc663a
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Random/test_random.py
@@ -0,0 +1,171 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Util/test_generic.py: Self-test for the Crypto.Random.new() function
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Random.new()"""
+
+__revision__ = "$Id$"
+
+import unittest
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+from Crypto.Util.py3compat import *
+
+class SimpleTest(unittest.TestCase):
+    def runTest(self):
+        """Crypto.Random.new()"""
+        # Import the Random module and try to use it
+        from Crypto import Random
+        randobj = Random.new()
+        x = randobj.read(16)
+        y = randobj.read(16)
+        self.assertNotEqual(x, y)
+        z = Random.get_random_bytes(16)
+        self.assertNotEqual(x, z)
+        self.assertNotEqual(y, z)
+        # Test the Random.random module, which
+        # implements a subset of Python's random API
+        # Not implemented:
+        # seed(), getstate(), setstate(), jumpahead()
+        # random(), uniform(), triangular(), betavariate()
+        # expovariate(), gammavariate(), gauss(),
+        # longnormvariate(), normalvariate(),
+        # vonmisesvariate(), paretovariate()
+        # weibullvariate()
+        # WichmannHill(), whseed(), SystemRandom()
+        from Crypto.Random import random
+        x = random.getrandbits(16*8)
+        y = random.getrandbits(16*8)
+        self.assertNotEqual(x, y)
+        # Test randrange
+        if x>y:
+            start = y
+            stop = x
+        else:
+            start = x
+            stop = y
+        for step in range(1,10):
+            x = random.randrange(start,stop,step)
+            y = random.randrange(start,stop,step)
+            self.assertNotEqual(x, y)
+            self.assertEqual(start <= x < stop, True)
+            self.assertEqual(start <= y < stop, True)
+            self.assertEqual((x - start) % step, 0)
+            self.assertEqual((y - start) % step, 0)
+        for i in range(10):
+            self.assertEqual(random.randrange(1,2), 1)
+        self.assertRaises(ValueError, random.randrange, start, start)
+        self.assertRaises(ValueError, random.randrange, stop, start, step)
+        self.assertRaises(TypeError, random.randrange, start, stop, step, step)
+        self.assertRaises(TypeError, random.randrange, start, stop, "1")
+        self.assertRaises(TypeError, random.randrange, "1", stop, step)
+        self.assertRaises(TypeError, random.randrange, 1, "2", step)
+        self.assertRaises(ValueError, random.randrange, start, stop, 0)
+        # Test randint
+        x = random.randint(start,stop)
+        y = random.randint(start,stop)
+        self.assertNotEqual(x, y)
+        self.assertEqual(start <= x <= stop, True)
+        self.assertEqual(start <= y <= stop, True)
+        for i in range(10):
+            self.assertEqual(random.randint(1,1), 1)
+        self.assertRaises(ValueError, random.randint, stop, start)
+        self.assertRaises(TypeError, random.randint, start, stop, step)
+        self.assertRaises(TypeError, random.randint, "1", stop)
+        self.assertRaises(TypeError, random.randint, 1, "2")
+        # Test choice
+        seq = range(10000)
+        x = random.choice(seq)
+        y = random.choice(seq)
+        self.assertNotEqual(x, y)
+        self.assertEqual(x in seq, True)
+        self.assertEqual(y in seq, True)
+        for i in range(10):
+            self.assertEqual(random.choice((1,2,3)) in (1,2,3), True)
+        self.assertEqual(random.choice([1,2,3]) in [1,2,3], True)
+        if sys.version_info[0] is 3:
+            self.assertEqual(random.choice(bytearray(b('123'))) in bytearray(b('123')), True)
+        self.assertEqual(1, random.choice([1]))
+        self.assertRaises(IndexError, random.choice, [])
+        self.assertRaises(TypeError, random.choice, 1)
+        # Test shuffle. Lacks random parameter to specify function.
+        # Make copies of seq
+        seq = range(500)
+        x = list(seq)
+        y = list(seq)
+        random.shuffle(x)
+        random.shuffle(y)
+        self.assertNotEqual(x, y)
+        self.assertEqual(len(seq), len(x))
+        self.assertEqual(len(seq), len(y))
+        for i in range(len(seq)):
+           self.assertEqual(x[i] in seq, True)
+           self.assertEqual(y[i] in seq, True)
+           self.assertEqual(seq[i] in x, True)
+           self.assertEqual(seq[i] in y, True)
+        z = [1]
+        random.shuffle(z)
+        self.assertEqual(z, [1])
+        if sys.version_info[0] == 3:
+            z = bytearray(b('12'))
+            random.shuffle(z)
+            self.assertEqual(b('1') in z, True)
+            self.assertRaises(TypeError, random.shuffle, b('12'))
+        self.assertRaises(TypeError, random.shuffle, 1)
+        self.assertRaises(TypeError, random.shuffle, "1")
+        self.assertRaises(TypeError, random.shuffle, (1,2))
+        # 2to3 wraps a list() around it, alas - but I want to shoot
+        # myself in the foot here! :D
+        # if sys.version_info[0] == 3:
+            # self.assertRaises(TypeError, random.shuffle, range(3))
+        # Test sample
+        x = random.sample(seq, 20)
+        y = random.sample(seq, 20)
+        self.assertNotEqual(x, y)
+        for i in range(20):
+           self.assertEqual(x[i] in seq, True)
+           self.assertEqual(y[i] in seq, True)
+        z = random.sample([1], 1)
+        self.assertEqual(z, [1])
+        z = random.sample((1,2,3), 1)
+        self.assertEqual(z[0] in (1,2,3), True)
+        z = random.sample("123", 1)
+        self.assertEqual(z[0] in "123", True)
+        z = random.sample(range(3), 1)
+        self.assertEqual(z[0] in range(3), True)
+        if sys.version_info[0] == 3:
+                z = random.sample(b("123"), 1)
+                self.assertEqual(z[0] in b("123"), True)
+                z = random.sample(bytearray(b("123")), 1)
+                self.assertEqual(z[0] in bytearray(b("123")), True)
+        self.assertRaises(TypeError, random.sample, 1)
+
+def get_tests(config={}):
+    return [SimpleTest()]
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Random/test_rpoolcompat.py b/lib/Python/Lib/Crypto/SelfTest/Random/test_rpoolcompat.py
new file mode 100644
index 000000000..be538da49
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Random/test_rpoolcompat.py
@@ -0,0 +1,55 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Util/test_winrandom.py: Self-test for the winrandom module
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test for the Crypto.Util.randpool.RandomPool wrapper class"""
+
+__revision__ = "$Id$"
+
+import sys
+import unittest
+
+class SimpleTest(unittest.TestCase):
+    def runTest(self):
+        """Crypto.Util.randpool.RandomPool"""
+        # Import the winrandom module and try to use it
+        from Crypto.Util.randpool import RandomPool
+        sys.stderr.write("SelfTest: You can ignore the RandomPool_DeprecationWarning that follows.\n")
+        rpool = RandomPool()
+        x = rpool.get_bytes(16)
+        y = rpool.get_bytes(16)
+        self.assertNotEqual(x, y)
+        self.assertNotEqual(rpool.entropy, 0)
+
+        rpool.randomize()
+        rpool.stir('foo')
+        rpool.add_event('foo')
+
+def get_tests(config={}):
+    return [SimpleTest()]
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Signature/__init__.py b/lib/Python/Lib/Crypto/SelfTest/Signature/__init__.py
new file mode 100644
index 000000000..653b66ca2
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Signature/__init__.py
@@ -0,0 +1,40 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Signature/__init__.py: Self-test for signature modules
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test for signature modules"""
+
+__revision__ = "$Id$"
+
+import os
+
+def get_tests(config={}):
+    tests = []
+    import test_pkcs1_15; tests += test_pkcs1_15.get_tests(config=config)
+    import test_pkcs1_pss; tests += test_pkcs1_pss.get_tests(config=config)
+    return tests
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Signature/test_pkcs1_15.py b/lib/Python/Lib/Crypto/SelfTest/Signature/test_pkcs1_15.py
new file mode 100644
index 000000000..bc3669626
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Signature/test_pkcs1_15.py
@@ -0,0 +1,219 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Signature/test_pkcs1_15.py: Self-test for PKCS#1 v1.5 signatures
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+__revision__ = "$Id$"
+
+import unittest
+
+from Crypto.PublicKey import RSA
+from Crypto.SelfTest.st_common import list_test_cases, a2b_hex, b2a_hex
+from Crypto.Hash import *
+from Crypto import Random
+from Crypto.Signature import PKCS1_v1_5 as PKCS
+from Crypto.Util.py3compat import *
+
+def isStr(s):
+        t = ''
+        try:
+                t += s
+        except TypeError:
+                return 0
+        return 1
+
+def rws(t):
+    """Remove white spaces, tabs, and new lines from a string"""
+    for c in ['\n', '\t', ' ']:
+        t = t.replace(c,'')
+    return t
+
+def t2b(t):
+    """Convert a text string with bytes in hex form to a byte string"""
+    clean = b(rws(t))
+    if len(clean)%2 == 1:
+        raise ValueError("Even number of characters expected")
+    return a2b_hex(clean)
+
+class PKCS1_15_Tests(unittest.TestCase):
+
+        # List of tuples with test data for PKCS#1 v1.5.
+        # Each tuple is made up by:
+        #       Item #0: dictionary with RSA key component, or key to import
+        #       Item #1: data to hash and sign
+        #       Item #2: signature of the data #1, done with the key #0, after
+        #                hashing it with #3
+        #       Item #3: hash object generator
+
+        _testData = (
+
+                #
+                # Taken from ftp://ftp.rsa.com/pub/pkcs/ascii/examples.asc
+                # "Some Examples of the PKCS Standards", 1999
+                #
+                (
+
+                # Private key, from 2.1
+                {
+                'n':'''0a 66 79 1d c6 98 81 68 de 7a b7 74 19 bb 7f b0 c0 01 c6
+                    27 10 27 00 75 14 29 42 e1 9a 8d 8c 51 d0 53 b3 e3 78 2a 1d
+                    e5 dc 5a f4 eb e9 94 68 17 01 14 a1 df e6 7c dc 9a 9a f5 5d
+                    65 56 20 bb ab''',
+                'e':'''01 00
+                    01''',
+                'd':'''01 23 c5 b6 1b a3 6e db 1d 36 79 90 41 99 a8 9e a8 0c 09
+                    b9 12 2e 14 00 c0 9a dc f7 78 46 76 d0 1d 23 35 6a 7d 44 d6
+                    bd 8b d5 0e 94 bf c7 23 fa 87 d8 86 2b 75 17 76 91 c1 1d 75
+                    76 92 df 88 81'''
+                },
+                # Data to sign, from 3.1
+                '''30 81 a4 02 01 00 30 42 31 0b 30 09 06
+                03 55 04 06 13 02 55 53 31 1d 30 1b 06 03 55 04 0a 13 14
+                45 78 61 6d 70 6c 65 20 4f 72 67 61 6e 69 7a 61 74 69 6f
+                6e 31 14 30 12 06 03 55 04 03 13 0b 54 65 73 74 20 55 73
+                65 72 20 31 30 5b 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01
+                05 00 03 4a 00 30 47 02 40
+                0a 66 79 1d c6 98 81 68 de 7a b7 74 19 bb 7f b0
+                c0 01 c6 27 10 27 00 75 14 29 42 e1 9a 8d 8c 51
+                d0 53 b3 e3 78 2a 1d e5 dc 5a f4 eb e9 94 68 17
+                01 14 a1 df e6 7c dc 9a 9a f5 5d 65 56 20 bb ab
+                02 03 01 00 01''',
+                # Signature, from 3.2 (at the very end)
+                '''06 db 36 cb 18 d3 47 5b 9c 01 db 3c 78 95 28 08
+                02 79 bb ae ff 2b 7d 55 8e d6 61 59 87 c8 51 86
+                3f 8a 6c 2c ff bc 89 c3 f7 5a 18 d9 6b 12 7c 71
+                7d 54 d0 d8 04 8d a8 a0 54 46 26 d1 7a 2a 8f be''',
+                MD2
+                ),
+
+                #
+                # RSA keypair generated with openssl
+                #
+                (
+                """-----BEGIN RSA PRIVATE KEY-----
+                MIIBOwIBAAJBAL8eJ5AKoIsjURpcEoGubZMxLD7+kT+TLr7UkvEtFrRhDDKMtuII
+                q19FrL4pUIMymPMSLBn3hJLe30Dw48GQM4UCAwEAAQJACUSDEp8RTe32ftq8IwG8
+                Wojl5mAd1wFiIOrZ/Uv8b963WJOJiuQcVN29vxU5+My9GPZ7RA3hrDBEAoHUDPrI
+                OQIhAPIPLz4dphiD9imAkivY31Rc5AfHJiQRA7XixTcjEkojAiEAyh/pJHks/Mlr
+                +rdPNEpotBjfV4M4BkgGAA/ipcmaAjcCIQCHvhwwKVBLzzTscT2HeUdEeBMoiXXK
+                JACAr3sJQJGxIQIgarRp+m1WSKV1MciwMaTOnbU7wxFs9DP1pva76lYBzgUCIQC9
+                n0CnZCJ6IZYqSt0H5N7+Q+2Ro64nuwV/OSQfM6sBwQ==
+                -----END RSA PRIVATE KEY-----""",
+                "This is a test\x0a",
+                #
+                # PKCS#1 signature computed with openssl
+                #
+                '''4a700a16432a291a3194646952687d5316458b8b86fb0a25aa30e0dcecdb
+                442676759ac63d56ec1499c3ae4c0013c2053cabd5b5804848994541ac16
+                fa243a4d''',
+                SHA
+                ),
+
+                #
+                # Test vector from http://www.di-mgt.com.au/rsa_alg.html#signpkcs1
+                #
+                (
+                {
+                    'n':'''E08973398DD8F5F5E88776397F4EB005BB5383DE0FB7ABDC7DC775290D052E6D
+                    12DFA68626D4D26FAA5829FC97ECFA82510F3080BEB1509E4644F12CBBD832CF
+                    C6686F07D9B060ACBEEE34096A13F5F7050593DF5EBA3556D961FF197FC981E6
+                    F86CEA874070EFAC6D2C749F2DFA553AB9997702A648528C4EF357385774575F''',
+                    'e':'''010001''',
+                    'd':'''00A403C327477634346CA686B57949014B2E8AD2C862B2C7D748096A8B91F736
+                    F275D6E8CD15906027314735644D95CD6763CEB49F56AC2F376E1CEE0EBF282D
+                    F439906F34D86E085BD5656AD841F313D72D395EFE33CBFF29E4030B3D05A28F
+                    B7F18EA27637B07957D32F2BDE8706227D04665EC91BAF8B1AC3EC9144AB7F21'''
+                },
+                "abc",
+                '''60AD5A78FB4A4030EC542C8974CD15F55384E836554CEDD9A322D5F4135C6267
+                A9D20970C54E6651070B0144D43844C899320DD8FA7819F7EBC6A7715287332E
+                C8675C136183B3F8A1F81EF969418267130A756FDBB2C71D9A667446E34E0EAD
+                9CF31BFB66F816F319D0B7E430A5F2891553986E003720261C7E9022C0D9F11F''',
+                SHA
+                )
+
+        )
+
+        def testSign1(self):
+                for i in range(len(self._testData)):
+                        row = self._testData[i]
+                        # Build the key
+                        if isStr(row[0]):
+                                key = RSA.importKey(row[0])
+                        else:
+                                comps = [ long(rws(row[0][x]),16) for x in ('n','e','d') ]
+                                key = RSA.construct(comps)
+                        h = row[3].new()
+                        # Data to sign can either be in hex form or not
+                        try:
+                            h.update(t2b(row[1]))
+                        except:
+                            h.update(b(row[1]))
+                        # The real test
+                        signer = PKCS.new(key)
+                        self.failUnless(signer.can_sign())
+                        s = signer.sign(h)
+                        self.assertEqual(s, t2b(row[2]))
+
+        def testVerify1(self):
+                for i in range(len(self._testData)):
+                        row = self._testData[i]
+                        # Build the key
+                        if isStr(row[0]):
+                                key = RSA.importKey(row[0]).publickey()
+                        else:
+                                comps = [ long(rws(row[0][x]),16) for x in ('n','e') ]
+                                key = RSA.construct(comps)
+                        h = row[3].new()
+                        # Data to sign can either be in hex form or not
+                        try:
+                            h.update(t2b(row[1]))
+                        except:
+                            h.update(b(row[1]))
+                        # The real test
+                        verifier = PKCS.new(key)
+                        self.failIf(verifier.can_sign())
+                        result = verifier.verify(h, t2b(row[2]))
+                        self.failUnless(result)
+
+        def testSignVerify(self):
+                        rng = Random.new().read
+                        key = RSA.generate(1024, rng)
+
+                        for hashmod in (MD2,MD5,SHA,SHA224,SHA256,SHA384,SHA512,RIPEMD):
+                            h = hashmod.new()
+                            h.update(b('blah blah blah'))
+
+                            signer = PKCS.new(key)
+                            s = signer.sign(h)
+                            result = signer.verify(h, s)
+                            self.failUnless(result)
+
+
+def get_tests(config={}):
+    tests = []
+    tests += list_test_cases(PKCS1_15_Tests)
+    return tests
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Signature/test_pkcs1_pss.py b/lib/Python/Lib/Crypto/SelfTest/Signature/test_pkcs1_pss.py
new file mode 100644
index 000000000..f5256a512
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Signature/test_pkcs1_pss.py
@@ -0,0 +1,446 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Signature/test_pkcs1_pss.py: Self-test for PKCS#1 PSS signatures
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+from __future__ import nested_scopes
+
+__revision__ = "$Id$"
+
+import unittest
+
+from Crypto.PublicKey import RSA
+from Crypto import Random
+from Crypto.SelfTest.st_common import list_test_cases, a2b_hex, b2a_hex
+from Crypto.Hash import *
+from Crypto.Signature import PKCS1_PSS as PKCS
+from Crypto.Util.py3compat import *
+
+def isStr(s):
+        t = ''
+        try:
+                t += s
+        except TypeError:
+                return 0
+        return 1
+
+def rws(t):
+    """Remove white spaces, tabs, and new lines from a string"""
+    for c in ['\t', '\n', ' ']:
+        t = t.replace(c,'')
+    return t
+
+def t2b(t):
+    """Convert a text string with bytes in hex form to a byte string"""
+    clean = b(rws(t))
+    if len(clean)%2 == 1:
+        raise ValueError("Even number of characters expected")
+    return a2b_hex(clean)
+
+# Helper class to count how many bytes have been requested
+# from the key's private RNG, w/o counting those used for blinding
+class MyKey:
+    def __init__(self, key):
+        self._key = key
+        self.n = key.n
+        self.asked = 0
+    def _randfunc(self, N):
+        self.asked += N
+        return self._key._randfunc(N)
+    def sign(self, m):
+        return self._key.sign(m)
+    def has_private(self):
+        return self._key.has_private()
+    def decrypt(self, m):
+        return self._key.decrypt(m)
+    def verify(self, m, p):
+        return self._key.verify(m, p)
+    def encrypt(self, m, p):
+        return self._key.encrypt(m, p)
+
+class PKCS1_PSS_Tests(unittest.TestCase):
+
+        # List of tuples with test data for PKCS#1 PSS
+        # Each tuple is made up by:
+        #       Item #0: dictionary with RSA key component, or key to import
+        #       Item #1: data to hash and sign
+        #       Item #2: signature of the data #1, done with the key #0,
+        #                and salt #3 after hashing it with #4
+        #       Item #3: salt
+        #       Item #4: hash object generator
+
+        _testData = (
+
+                #
+                # From in pss-vect.txt to be found in
+                # ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip
+                #
+                (
+                # Private key
+                {
+                'n':'''a2 ba 40 ee 07 e3 b2 bd 2f 02 ce 22 7f 36 a1 95
+                02 44 86 e4 9c 19 cb 41 bb bd fb ba 98 b2 2b 0e
+                57 7c 2e ea ff a2 0d 88 3a 76 e6 5e 39 4c 69 d4
+                b3 c0 5a 1e 8f ad da 27 ed b2 a4 2b c0 00 fe 88
+                8b 9b 32 c2 2d 15 ad d0 cd 76 b3 e7 93 6e 19 95
+                5b 22 0d d1 7d 4e a9 04 b1 ec 10 2b 2e 4d e7 75
+                12 22 aa 99 15 10 24 c7 cb 41 cc 5e a2 1d 00 ee
+                b4 1f 7c 80 08 34 d2 c6 e0 6b ce 3b ce 7e a9 a5''',
+                'e':'''01 00 01''',
+                # In the test vector, only p and q were given...
+                # d is computed offline as e^{-1} mod (p-1)(q-1)
+                'd':'''50e2c3e38d886110288dfc68a9533e7e12e27d2aa56
+                d2cdb3fb6efa990bcff29e1d2987fb711962860e7391b1ce01
+                ebadb9e812d2fbdfaf25df4ae26110a6d7a26f0b810f54875e
+                17dd5c9fb6d641761245b81e79f8c88f0e55a6dcd5f133abd3
+                5f8f4ec80adf1bf86277a582894cb6ebcd2162f1c7534f1f49
+                47b129151b71'''
+                },
+
+                # Data to sign
+                '''85 9e ef 2f d7 8a ca 00 30 8b dc 47 11 93 bf 55
+                bf 9d 78 db 8f 8a 67 2b 48 46 34 f3 c9 c2 6e 64
+                78 ae 10 26 0f e0 dd 8c 08 2e 53 a5 29 3a f2 17
+                3c d5 0c 6d 5d 35 4f eb f7 8b 26 02 1c 25 c0 27
+                12 e7 8c d4 69 4c 9f 46 97 77 e4 51 e7 f8 e9 e0
+                4c d3 73 9c 6b bf ed ae 48 7f b5 56 44 e9 ca 74
+                ff 77 a5 3c b7 29 80 2f 6e d4 a5 ff a8 ba 15 98
+                90 fc''',
+                # Signature
+                '''8d aa 62 7d 3d e7 59 5d 63 05 6c 7e c6 59 e5 44
+                06 f1 06 10 12 8b aa e8 21 c8 b2 a0 f3 93 6d 54
+                dc 3b dc e4 66 89 f6 b7 95 1b b1 8e 84 05 42 76
+                97 18 d5 71 5d 21 0d 85 ef bb 59 61 92 03 2c 42
+                be 4c 29 97 2c 85 62 75 eb 6d 5a 45 f0 5f 51 87
+                6f c6 74 3d ed dd 28 ca ec 9b b3 0e a9 9e 02 c3
+                48 82 69 60 4f e4 97 f7 4c cd 7c 7f ca 16 71 89
+                71 23 cb d3 0d ef 5d 54 a2 b5 53 6a d9 0a 74 7e''',
+                # Salt
+                '''e3 b5 d5 d0 02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8
+                3b ce 7e 61''',
+                # Hash algorithm
+                SHA
+                ),
+
+                #
+                # Example 1.1 to be found in
+                # ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip
+                #
+                (
+                # Private key
+                {
+                'n':'''a5 6e 4a 0e 70 10 17 58 9a 51 87 dc 7e a8 41 d1
+                56 f2 ec 0e 36 ad 52 a4 4d fe b1 e6 1f 7a d9 91
+                d8 c5 10 56 ff ed b1 62 b4 c0 f2 83 a1 2a 88 a3
+                94 df f5 26 ab 72 91 cb b3 07 ce ab fc e0 b1 df
+                d5 cd 95 08 09 6d 5b 2b 8b 6d f5 d6 71 ef 63 77
+                c0 92 1c b2 3c 27 0a 70 e2 59 8e 6f f8 9d 19 f1
+                05 ac c2 d3 f0 cb 35 f2 92 80 e1 38 6b 6f 64 c4
+                ef 22 e1 e1 f2 0d 0c e8 cf fb 22 49 bd 9a 21 37''',
+                'e':'''01 00 01''',
+                'd':'''33 a5 04 2a 90 b2 7d 4f 54 51 ca 9b bb d0 b4 47
+                71 a1 01 af 88 43 40 ae f9 88 5f 2a 4b be 92 e8
+                94 a7 24 ac 3c 56 8c 8f 97 85 3a d0 7c 02 66 c8
+                c6 a3 ca 09 29 f1 e8 f1 12 31 88 44 29 fc 4d 9a
+                e5 5f ee 89 6a 10 ce 70 7c 3e d7 e7 34 e4 47 27
+                a3 95 74 50 1a 53 26 83 10 9c 2a ba ca ba 28 3c
+                31 b4 bd 2f 53 c3 ee 37 e3 52 ce e3 4f 9e 50 3b
+                d8 0c 06 22 ad 79 c6 dc ee 88 35 47 c6 a3 b3 25'''
+                },
+                # Message
+                '''cd c8 7d a2 23 d7 86 df 3b 45 e0 bb bc 72 13 26
+                d1 ee 2a f8 06 cc 31 54 75 cc 6f 0d 9c 66 e1 b6
+                23 71 d4 5c e2 39 2e 1a c9 28 44 c3 10 10 2f 15
+                6a 0d 8d 52 c1 f4 c4 0b a3 aa 65 09 57 86 cb 76
+                97 57 a6 56 3b a9 58 fe d0 bc c9 84 e8 b5 17 a3
+                d5 f5 15 b2 3b 8a 41 e7 4a a8 67 69 3f 90 df b0
+                61 a6 e8 6d fa ae e6 44 72 c0 0e 5f 20 94 57 29
+                cb eb e7 7f 06 ce 78 e0 8f 40 98 fb a4 1f 9d 61
+                93 c0 31 7e 8b 60 d4 b6 08 4a cb 42 d2 9e 38 08
+                a3 bc 37 2d 85 e3 31 17 0f cb f7 cc 72 d0 b7 1c
+                29 66 48 b3 a4 d1 0f 41 62 95 d0 80 7a a6 25 ca
+                b2 74 4f d9 ea 8f d2 23 c4 25 37 02 98 28 bd 16
+                be 02 54 6f 13 0f d2 e3 3b 93 6d 26 76 e0 8a ed
+                1b 73 31 8b 75 0a 01 67 d0''',
+                # Signature
+                '''90 74 30 8f b5 98 e9 70 1b 22 94 38 8e 52 f9 71
+                fa ac 2b 60 a5 14 5a f1 85 df 52 87 b5 ed 28 87
+                e5 7c e7 fd 44 dc 86 34 e4 07 c8 e0 e4 36 0b c2
+                26 f3 ec 22 7f 9d 9e 54 63 8e 8d 31 f5 05 12 15
+                df 6e bb 9c 2f 95 79 aa 77 59 8a 38 f9 14 b5 b9
+                c1 bd 83 c4 e2 f9 f3 82 a0 d0 aa 35 42 ff ee 65
+                98 4a 60 1b c6 9e b2 8d eb 27 dc a1 2c 82 c2 d4
+                c3 f6 6c d5 00 f1 ff 2b 99 4d 8a 4e 30 cb b3 3c''',
+                # Salt
+                '''de e9 59 c7 e0 64 11 36 14 20 ff 80 18 5e d5 7f
+                3e 67 76 af''',
+                # Hash
+                SHA
+                ),
+
+                #
+                # Example 1.2 to be found in
+                # ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip
+                #
+                (
+                # Private key
+                {
+                'n':'''a5 6e 4a 0e 70 10 17 58 9a 51 87 dc 7e a8 41 d1
+                56 f2 ec 0e 36 ad 52 a4 4d fe b1 e6 1f 7a d9 91
+                d8 c5 10 56 ff ed b1 62 b4 c0 f2 83 a1 2a 88 a3
+                94 df f5 26 ab 72 91 cb b3 07 ce ab fc e0 b1 df
+                d5 cd 95 08 09 6d 5b 2b 8b 6d f5 d6 71 ef 63 77
+                c0 92 1c b2 3c 27 0a 70 e2 59 8e 6f f8 9d 19 f1
+                05 ac c2 d3 f0 cb 35 f2 92 80 e1 38 6b 6f 64 c4
+                ef 22 e1 e1 f2 0d 0c e8 cf fb 22 49 bd 9a 21 37''',
+                'e':'''01 00 01''',
+                'd':'''33 a5 04 2a 90 b2 7d 4f 54 51 ca 9b bb d0 b4 47
+                71 a1 01 af 88 43 40 ae f9 88 5f 2a 4b be 92 e8
+                94 a7 24 ac 3c 56 8c 8f 97 85 3a d0 7c 02 66 c8
+                c6 a3 ca 09 29 f1 e8 f1 12 31 88 44 29 fc 4d 9a
+                e5 5f ee 89 6a 10 ce 70 7c 3e d7 e7 34 e4 47 27
+                a3 95 74 50 1a 53 26 83 10 9c 2a ba ca ba 28 3c
+                31 b4 bd 2f 53 c3 ee 37 e3 52 ce e3 4f 9e 50 3b
+                d8 0c 06 22 ad 79 c6 dc ee 88 35 47 c6 a3 b3 25'''
+                },
+                # Message
+                '''85 13 84 cd fe 81 9c 22 ed 6c 4c cb 30 da eb 5c
+                f0 59 bc 8e 11 66 b7 e3 53 0c 4c 23 3e 2b 5f 8f
+                71 a1 cc a5 82 d4 3e cc 72 b1 bc a1 6d fc 70 13
+                22 6b 9e''',
+                # Signature
+                '''3e f7 f4 6e 83 1b f9 2b 32 27 41 42 a5 85 ff ce
+                fb dc a7 b3 2a e9 0d 10 fb 0f 0c 72 99 84 f0 4e
+                f2 9a 9d f0 78 07 75 ce 43 73 9b 97 83 83 90 db
+                0a 55 05 e6 3d e9 27 02 8d 9d 29 b2 19 ca 2c 45
+                17 83 25 58 a5 5d 69 4a 6d 25 b9 da b6 60 03 c4
+                cc cd 90 78 02 19 3b e5 17 0d 26 14 7d 37 b9 35
+                90 24 1b e5 1c 25 05 5f 47 ef 62 75 2c fb e2 14
+                18 fa fe 98 c2 2c 4d 4d 47 72 4f db 56 69 e8 43''',
+                # Salt
+                '''ef 28 69 fa 40 c3 46 cb 18 3d ab 3d 7b ff c9 8f
+                d5 6d f4 2d''',
+                # Hash
+                SHA
+                ),
+
+                #
+                # Example 2.1 to be found in
+                # ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip
+                #
+                (
+                # Private key
+                {
+                'n':'''01 d4 0c 1b cf 97 a6 8a e7 cd bd 8a 7b f3 e3 4f
+                a1 9d cc a4 ef 75 a4 74 54 37 5f 94 51 4d 88 fe
+                d0 06 fb 82 9f 84 19 ff 87 d6 31 5d a6 8a 1f f3
+                a0 93 8e 9a bb 34 64 01 1c 30 3a d9 91 99 cf 0c
+                7c 7a 8b 47 7d ce 82 9e 88 44 f6 25 b1 15 e5 e9
+                c4 a5 9c f8 f8 11 3b 68 34 33 6a 2f d2 68 9b 47
+                2c bb 5e 5c ab e6 74 35 0c 59 b6 c1 7e 17 68 74
+                fb 42 f8 fc 3d 17 6a 01 7e dc 61 fd 32 6c 4b 33
+                c9''',
+                'e':'''01 00 01''',
+                'd':'''02 7d 14 7e 46 73 05 73 77 fd 1e a2 01 56 57 72
+                17 6a 7d c3 83 58 d3 76 04 56 85 a2 e7 87 c2 3c
+                15 57 6b c1 6b 9f 44 44 02 d6 bf c5 d9 8a 3e 88
+                ea 13 ef 67 c3 53 ec a0 c0 dd ba 92 55 bd 7b 8b
+                b5 0a 64 4a fd fd 1d d5 16 95 b2 52 d2 2e 73 18
+                d1 b6 68 7a 1c 10 ff 75 54 5f 3d b0 fe 60 2d 5f
+                2b 7f 29 4e 36 01 ea b7 b9 d1 ce cd 76 7f 64 69
+                2e 3e 53 6c a2 84 6c b0 c2 dd 48 6a 39 fa 75 b1'''
+                },
+                # Message
+                '''da ba 03 20 66 26 3f ae db 65 98 48 11 52 78 a5
+                2c 44 fa a3 a7 6f 37 51 5e d3 36 32 10 72 c4 0a
+                9d 9b 53 bc 05 01 40 78 ad f5 20 87 51 46 aa e7
+                0f f0 60 22 6d cb 7b 1f 1f c2 7e 93 60''',
+                # Signature
+                '''01 4c 5b a5 33 83 28 cc c6 e7 a9 0b f1 c0 ab 3f
+                d6 06 ff 47 96 d3 c1 2e 4b 63 9e d9 13 6a 5f ec
+                6c 16 d8 88 4b dd 99 cf dc 52 14 56 b0 74 2b 73
+                68 68 cf 90 de 09 9a db 8d 5f fd 1d ef f3 9b a4
+                00 7a b7 46 ce fd b2 2d 7d f0 e2 25 f5 46 27 dc
+                65 46 61 31 72 1b 90 af 44 53 63 a8 35 8b 9f 60
+                76 42 f7 8f ab 0a b0 f4 3b 71 68 d6 4b ae 70 d8
+                82 78 48 d8 ef 1e 42 1c 57 54 dd f4 2c 25 89 b5
+                b3''',
+                # Salt
+                '''57 bf 16 0b cb 02 bb 1d c7 28 0c f0 45 85 30 b7
+                d2 83 2f f7''',
+                SHA
+                ),
+
+                #
+                # Example 8.1 to be found in
+                # ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip
+                #
+                (
+                # Private key
+                {
+                'n':'''49 53 70 a1 fb 18 54 3c 16 d3 63 1e 31 63 25 5d
+                f6 2b e6 ee e8 90 d5 f2 55 09 e4 f7 78 a8 ea 6f
+                bb bc df 85 df f6 4e 0d 97 20 03 ab 36 81 fb ba
+                6d d4 1f d5 41 82 9b 2e 58 2d e9 f2 a4 a4 e0 a2
+                d0 90 0b ef 47 53 db 3c ee 0e e0 6c 7d fa e8 b1
+                d5 3b 59 53 21 8f 9c ce ea 69 5b 08 66 8e de aa
+                dc ed 94 63 b1 d7 90 d5 eb f2 7e 91 15 b4 6c ad
+                4d 9a 2b 8e fa b0 56 1b 08 10 34 47 39 ad a0 73
+                3f''',
+                'e':'''01 00 01''',
+                'd':'''6c 66 ff e9 89 80 c3 8f cd ea b5 15 98 98 83 61
+                65 f4 b4 b8 17 c4 f6 a8 d4 86 ee 4e a9 13 0f e9
+                b9 09 2b d1 36 d1 84 f9 5f 50 4a 60 7e ac 56 58
+                46 d2 fd d6 59 7a 89 67 c7 39 6e f9 5a 6e ee bb
+                45 78 a6 43 96 6d ca 4d 8e e3 de 84 2d e6 32 79
+                c6 18 15 9c 1a b5 4a 89 43 7b 6a 61 20 e4 93 0a
+                fb 52 a4 ba 6c ed 8a 49 47 ac 64 b3 0a 34 97 cb
+                e7 01 c2 d6 26 6d 51 72 19 ad 0e c6 d3 47 db e9'''
+                },
+                # Message
+                '''81 33 2f 4b e6 29 48 41 5e a1 d8 99 79 2e ea cf
+                6c 6e 1d b1 da 8b e1 3b 5c ea 41 db 2f ed 46 70
+                92 e1 ff 39 89 14 c7 14 25 97 75 f5 95 f8 54 7f
+                73 56 92 a5 75 e6 92 3a f7 8f 22 c6 99 7d db 90
+                fb 6f 72 d7 bb 0d d5 74 4a 31 de cd 3d c3 68 58
+                49 83 6e d3 4a ec 59 63 04 ad 11 84 3c 4f 88 48
+                9f 20 97 35 f5 fb 7f da f7 ce c8 ad dc 58 18 16
+                8f 88 0a cb f4 90 d5 10 05 b7 a8 e8 4e 43 e5 42
+                87 97 75 71 dd 99 ee a4 b1 61 eb 2d f1 f5 10 8f
+                12 a4 14 2a 83 32 2e db 05 a7 54 87 a3 43 5c 9a
+                78 ce 53 ed 93 bc 55 08 57 d7 a9 fb''',
+                # Signature
+                '''02 62 ac 25 4b fa 77 f3 c1 ac a2 2c 51 79 f8 f0
+                40 42 2b 3c 5b af d4 0a 8f 21 cf 0f a5 a6 67 cc
+                d5 99 3d 42 db af b4 09 c5 20 e2 5f ce 2b 1e e1
+                e7 16 57 7f 1e fa 17 f3 da 28 05 2f 40 f0 41 9b
+                23 10 6d 78 45 aa f0 11 25 b6 98 e7 a4 df e9 2d
+                39 67 bb 00 c4 d0 d3 5b a3 55 2a b9 a8 b3 ee f0
+                7c 7f ec db c5 42 4a c4 db 1e 20 cb 37 d0 b2 74
+                47 69 94 0e a9 07 e1 7f bb ca 67 3b 20 52 23 80
+                c5''',
+                # Salt
+                '''1d 65 49 1d 79 c8 64 b3 73 00 9b e6 f6 f2 46 7b
+                ac 4c 78 fa''',
+                SHA
+                )
+        )
+
+        def testSign1(self):
+                for i in range(len(self._testData)):
+                        # Build the key
+                        comps = [ long(rws(self._testData[i][0][x]),16) for x in ('n','e','d') ]
+                        key = MyKey(RSA.construct(comps))
+                        # Hash function
+                        h = self._testData[i][4].new()
+                        # Data to sign
+                        h.update(t2b(self._testData[i][1]))
+                        # Salt
+                        test_salt = t2b(self._testData[i][3])
+                        key._randfunc = lambda N: test_salt
+                        # The real test
+                        signer = PKCS.new(key)
+                        self.failUnless(signer.can_sign())
+                        s = signer.sign(h)
+                        self.assertEqual(s, t2b(self._testData[i][2]))
+
+        def testVerify1(self):
+               for i in range(len(self._testData)):
+                        # Build the key
+                        comps = [ long(rws(self._testData[i][0][x]),16) for x in ('n','e') ]
+                        key = MyKey(RSA.construct(comps))
+                        # Hash function
+                        h = self._testData[i][4].new()
+                        # Data to sign
+                        h.update(t2b(self._testData[i][1]))
+                        # Salt
+                        test_salt = t2b(self._testData[i][3])
+                        # The real test
+                        key._randfunc = lambda N: test_salt
+                        verifier = PKCS.new(key)
+                        self.failIf(verifier.can_sign())
+                        result = verifier.verify(h, t2b(self._testData[i][2]))
+                        self.failUnless(result)
+
+        def testSignVerify(self):
+                        h = SHA.new()
+                        h.update(b('blah blah blah'))
+
+                        rng = Random.new().read
+                        key = MyKey(RSA.generate(1024,rng))
+                         
+                        # Helper function to monitor what's request from MGF
+                        global mgfcalls
+                        def newMGF(seed,maskLen):
+                            global mgfcalls
+                            mgfcalls += 1
+                            return bchr(0x00)*maskLen
+
+                        # Verify that PSS is friendly to all ciphers
+                        for hashmod in (MD2,MD5,SHA,SHA224,SHA256,SHA384,RIPEMD):
+                            h = hashmod.new()
+                            h.update(b('blah blah blah'))
+
+                            # Verify that sign() asks for as many random bytes
+                            # as the hash output size
+                            key.asked = 0
+                            signer = PKCS.new(key)
+                            s = signer.sign(h)
+                            self.failUnless(signer.verify(h, s))
+                            self.assertEqual(key.asked, h.digest_size)
+
+                        h = SHA.new()
+                        h.update(b('blah blah blah'))
+
+                        # Verify that sign() uses a different salt length
+                        for sLen in (0,3,21):
+                            key.asked = 0
+                            signer = PKCS.new(key, saltLen=sLen)
+                            s = signer.sign(h)
+                            self.assertEqual(key.asked, sLen)
+                            self.failUnless(signer.verify(h, s))
+
+                        # Verify that sign() uses the custom MGF
+                        mgfcalls = 0
+                        signer = PKCS.new(key, newMGF)
+                        s = signer.sign(h)
+                        self.assertEqual(mgfcalls, 1)
+                        self.failUnless(signer.verify(h, s))
+
+                        # Verify that sign() does not call the RNG
+                        # when salt length is 0, even when a new MGF is provided
+                        key.asked = 0
+                        mgfcalls = 0
+                        signer = PKCS.new(key, newMGF, 0)
+                        s = signer.sign(h)
+                        self.assertEqual(key.asked,0)
+                        self.assertEqual(mgfcalls, 1)
+                        self.failUnless(signer.verify(h, s))
+
+def get_tests(config={}):
+    tests = []
+    tests += list_test_cases(PKCS1_PSS_Tests)
+    return tests
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4
diff --git a/lib/Python/Lib/Crypto/SelfTest/Util/__init__.py b/lib/Python/Lib/Crypto/SelfTest/Util/__init__.py
new file mode 100644
index 000000000..abd640adf
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Util/__init__.py
@@ -0,0 +1,44 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Util/__init__.py: Self-test for utility modules
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test for utility modules"""
+
+__revision__ = "$Id$"
+
+import os
+
+def get_tests(config={}):
+    tests = []
+    if os.name == 'nt':
+        from Crypto.SelfTest.Util import test_winrandom; tests += test_winrandom.get_tests(config=config)
+    from Crypto.SelfTest.Util import test_number; tests += test_number.get_tests(config=config)
+    from Crypto.SelfTest.Util import test_Counter; tests += test_Counter.get_tests(config=config)
+    return tests
+
+if __name__ == '__main__':
+    import unittest
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Util/test_Counter.py b/lib/Python/Lib/Crypto/SelfTest/Util/test_Counter.py
new file mode 100644
index 000000000..33c9bd7d5
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Util/test_Counter.py
@@ -0,0 +1,165 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Util/test_Counter: Self-test for the Crypto.Util.Counter module
+#
+# Written in 2009 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-tests for Crypto.Util.Counter"""
+
+__revision__ = "$Id$"
+
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+from Crypto.Util.py3compat import *
+
+import unittest
+
+class CounterTests(unittest.TestCase):
+    def setUp(self):
+        global Counter
+        from Crypto.Util import Counter
+
+    def test_BE_shortcut(self):
+        """Big endian, shortcut enabled"""
+        c = Counter.new(128)
+        self.assertEqual(c.__PCT_CTR_SHORTCUT__,True) # assert_
+        c = Counter.new(128, little_endian=False)
+        self.assertEqual(c.__PCT_CTR_SHORTCUT__,True) # assert_
+        c = Counter.new(128, disable_shortcut=False)
+        self.assertEqual(c.__PCT_CTR_SHORTCUT__,True) # assert_
+        c = Counter.new(128, little_endian=False, disable_shortcut=False)
+        self.assertEqual(c.__PCT_CTR_SHORTCUT__,True) # assert_
+
+    def test_LE_shortcut(self):
+        """Little endian, shortcut enabled"""
+        c = Counter.new(128, little_endian=True)
+        self.assertEqual(c.__PCT_CTR_SHORTCUT__,True) # assert_
+        c = Counter.new(128, little_endian=True, disable_shortcut=False)
+        self.assertEqual(c.__PCT_CTR_SHORTCUT__,True) # assert_
+
+    def test_BE_no_shortcut(self):
+        """Big endian, shortcut disabled"""
+        c = Counter.new(128, disable_shortcut=True)
+        self.assertRaises(AttributeError, getattr, c, '__PCT_CTR_SHORTCUT__')
+        c = Counter.new(128, little_endian=False, disable_shortcut=True)
+        self.assertRaises(AttributeError, getattr, c, '__PCT_CTR_SHORTCUT__')
+
+    def test_LE_no_shortcut(self):
+        """Little endian, shortcut disabled"""
+        c = Counter.new(128, little_endian=True, disable_shortcut=True)
+        self.assertRaises(AttributeError, getattr, c, '__PCT_CTR_SHORTCUT__')
+
+    def test_BE_defaults(self):
+        """128-bit, Big endian, defaults"""
+        c = Counter.new(128)
+        self.assertEqual(1, c.next_value())
+        self.assertEqual(b("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01"), c())
+        self.assertEqual(2, c.next_value())
+        self.assertEqual(b("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02"), c())
+        for i in xrange(3, 256):
+            self.assertEqual(i, c.next_value())
+            self.assertEqual(b("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")+bchr(i), c())
+        self.assertEqual(256, c.next_value())
+        self.assertEqual(b("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00"), c())
+
+    def test_LE_defaults(self):
+        """128-bit, Little endian, defaults"""
+        c = Counter.new(128, little_endian=True)
+        self.assertEqual(1, c.next_value())
+        self.assertEqual(b("\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), c())
+        self.assertEqual(2, c.next_value())
+        self.assertEqual(b("\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), c())
+        for i in xrange(3, 256):
+            self.assertEqual(i, c.next_value())
+            self.assertEqual(bchr(i)+b("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), c())
+        self.assertEqual(256, c.next_value())
+        self.assertEqual(b("\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), c())
+
+    def test_BE8_wraparound(self):
+        """8-bit, Big endian, wraparound"""
+        c = Counter.new(8)
+        for i in xrange(1, 256):
+            self.assertEqual(i, c.next_value())
+            self.assertEqual(bchr(i), c())
+        self.assertRaises(OverflowError, c.next_value)
+        self.assertRaises(OverflowError, c)
+        self.assertRaises(OverflowError, c.next_value)
+        self.assertRaises(OverflowError, c)
+
+    def test_LE8_wraparound(self):
+        """8-bit, Little endian, wraparound"""
+        c = Counter.new(8, little_endian=True)
+        for i in xrange(1, 256):
+            self.assertEqual(i, c.next_value())
+            self.assertEqual(bchr(i), c())
+        self.assertRaises(OverflowError, c.next_value)
+        self.assertRaises(OverflowError, c)
+        self.assertRaises(OverflowError, c.next_value)
+        self.assertRaises(OverflowError, c)
+
+    def test_BE8_wraparound_allowed(self):
+        """8-bit, Big endian, wraparound with allow_wraparound=True"""
+        c = Counter.new(8, allow_wraparound=True)
+        for i in xrange(1, 256):
+            self.assertEqual(i, c.next_value())
+            self.assertEqual(bchr(i), c())
+        self.assertEqual(0, c.next_value())
+        self.assertEqual(b("\x00"), c())
+        self.assertEqual(1, c.next_value())
+
+    def test_LE8_wraparound_allowed(self):
+        """8-bit, Little endian, wraparound with allow_wraparound=True"""
+        c = Counter.new(8, little_endian=True, allow_wraparound=True)
+        for i in xrange(1, 256):
+            self.assertEqual(i, c.next_value())
+            self.assertEqual(bchr(i), c())
+        self.assertEqual(0, c.next_value())
+        self.assertEqual(b("\x00"), c())
+        self.assertEqual(1, c.next_value())
+
+    def test_BE8_carry(self):
+        """8-bit, Big endian, carry attribute"""
+        c = Counter.new(8)
+        for i in xrange(1, 256):
+            self.assertEqual(0, c.carry)
+            self.assertEqual(i, c.next_value())
+            self.assertEqual(bchr(i), c())
+        self.assertEqual(1, c.carry)
+
+    def test_LE8_carry(self):
+        """8-bit, Little endian, carry attribute"""
+        c = Counter.new(8, little_endian=True)
+        for i in xrange(1, 256):
+            self.assertEqual(0, c.carry)
+            self.assertEqual(i, c.next_value())
+            self.assertEqual(bchr(i), c())
+        self.assertEqual(1, c.carry)
+
+def get_tests(config={}):
+    from Crypto.SelfTest.st_common import list_test_cases
+    return list_test_cases(CounterTests)
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Util/test_asn1.py b/lib/Python/Lib/Crypto/SelfTest/Util/test_asn1.py
new file mode 100644
index 000000000..578dabef8
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Util/test_asn1.py
@@ -0,0 +1,293 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Util/test_asn.py: Self-test for the Crypto.Util.asn1 module
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-tests for Crypto.Util.asn1"""
+
+__revision__ = "$Id$"
+
+import unittest
+import sys
+
+from Crypto.Util.py3compat import *
+from Crypto.Util.asn1 import DerSequence, DerObject
+
+class DerObjectTests(unittest.TestCase):
+
+	def testObjEncode1(self):
+		# No payload
+		der = DerObject(b('\x33'))
+		self.assertEquals(der.encode(), b('\x33\x00'))
+		# Small payload
+		der.payload = b('\x45')
+		self.assertEquals(der.encode(), b('\x33\x01\x45'))
+		# Invariant
+		self.assertEquals(der.encode(), b('\x33\x01\x45'))
+		# Initialize with numerical tag
+		der = DerObject(b(0x33))
+		der.payload = b('\x45')
+		self.assertEquals(der.encode(), b('\x33\x01\x45'))
+
+	def testObjEncode2(self):
+		# Known types
+		der = DerObject('SEQUENCE')
+		self.assertEquals(der.encode(), b('\x30\x00'))
+		der = DerObject('BIT STRING')
+		self.assertEquals(der.encode(), b('\x03\x00'))
+		
+	def testObjEncode3(self):
+		# Long payload
+		der = DerObject(b('\x34'))
+		der.payload = b("0")*128
+		self.assertEquals(der.encode(), b('\x34\x81\x80' + "0"*128))		
+
+	def testObjDecode1(self):
+		# Decode short payload
+		der = DerObject()
+		der.decode(b('\x20\x02\x01\x02'))
+		self.assertEquals(der.payload, b("\x01\x02"))
+		self.assertEquals(der.typeTag, 0x20)
+
+	def testObjDecode2(self):
+		# Decode short payload
+		der = DerObject()
+		der.decode(b('\x22\x81\x80' + "1"*128))
+		self.assertEquals(der.payload, b("1")*128)
+		self.assertEquals(der.typeTag, 0x22)
+
+class DerSequenceTests(unittest.TestCase):
+
+	def testEncode1(self):
+		# Empty sequence
+		der = DerSequence()
+		self.assertEquals(der.encode(), b('0\x00'))
+		self.failIf(der.hasOnlyInts())
+		# One single-byte integer (zero)
+		der.append(0)
+		self.assertEquals(der.encode(), b('0\x03\x02\x01\x00'))
+		self.failUnless(der.hasOnlyInts())
+		# Invariant
+		self.assertEquals(der.encode(), b('0\x03\x02\x01\x00'))
+
+	def testEncode2(self):
+		# One single-byte integer (non-zero)
+		der = DerSequence()
+		der.append(127)
+		self.assertEquals(der.encode(), b('0\x03\x02\x01\x7f'))
+		# Indexing
+		der[0] = 1
+		self.assertEquals(len(der),1)
+		self.assertEquals(der[0],1)
+		self.assertEquals(der[-1],1)
+		self.assertEquals(der.encode(), b('0\x03\x02\x01\x01'))
+		#
+		der[:] = [1]
+		self.assertEquals(len(der),1)
+		self.assertEquals(der[0],1)
+		self.assertEquals(der.encode(), b('0\x03\x02\x01\x01'))
+	
+	def testEncode3(self):
+		# One multi-byte integer (non-zero)
+		der = DerSequence()
+		der.append(0x180L)
+		self.assertEquals(der.encode(), b('0\x04\x02\x02\x01\x80'))
+	
+	def testEncode4(self):
+		# One very long integer
+		der = DerSequence()
+		der.append(2**2048)
+		self.assertEquals(der.encode(), b('0\x82\x01\x05')+
+		b('\x02\x82\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+        b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00'))
+
+	def testEncode5(self):
+		# One single-byte integer (looks negative)
+		der = DerSequence()
+		der.append(0xFFL)
+		self.assertEquals(der.encode(), b('0\x04\x02\x02\x00\xff'))
+	
+	def testEncode6(self):
+		# Two integers
+		der = DerSequence()
+		der.append(0x180L)
+		der.append(0xFFL)
+		self.assertEquals(der.encode(), b('0\x08\x02\x02\x01\x80\x02\x02\x00\xff'))
+		self.failUnless(der.hasOnlyInts())
+		#
+		der.append(0x01)
+		der[1:] = [9,8]
+		self.assertEquals(len(der),3)
+		self.assertEqual(der[1:],[9,8])
+		self.assertEqual(der[1:-1],[9])
+		self.assertEquals(der.encode(), b('0\x0A\x02\x02\x01\x80\x02\x01\x09\x02\x01\x08'))
+
+	def testEncode6(self):
+		# One integer and another type (no matter what it is)
+		der = DerSequence()
+		der.append(0x180L)
+		der.append(b('\x00\x02\x00\x00'))
+		self.assertEquals(der.encode(), b('0\x08\x02\x02\x01\x80\x00\x02\x00\x00'))
+		self.failIf(der.hasOnlyInts())
+
+	####
+
+	def testDecode1(self):
+		# Empty sequence
+		der = DerSequence()
+		der.decode(b('0\x00'))
+		self.assertEquals(len(der),0)
+		# One single-byte integer (zero)
+		der.decode(b('0\x03\x02\x01\x00'))
+		self.assertEquals(len(der),1)
+		self.assertEquals(der[0],0)
+		# Invariant
+		der.decode(b('0\x03\x02\x01\x00'))
+		self.assertEquals(len(der),1)
+		self.assertEquals(der[0],0)
+
+	def testDecode2(self):
+		# One single-byte integer (non-zero)
+		der = DerSequence()
+		der.decode(b('0\x03\x02\x01\x7f'))
+		self.assertEquals(len(der),1)
+		self.assertEquals(der[0],127)
+	
+	def testDecode3(self):
+		# One multi-byte integer (non-zero)
+		der = DerSequence()
+		der.decode(b('0\x04\x02\x02\x01\x80'))
+		self.assertEquals(len(der),1)
+		self.assertEquals(der[0],0x180L)
+
+	def testDecode4(self):
+		# One very long integer
+		der = DerSequence()
+		der.decode(b('0\x82\x01\x05')+
+		b('\x02\x82\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+        b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00')+
+		b('\x00\x00\x00\x00\x00\x00\x00\x00\x00'))
+		self.assertEquals(len(der),1)
+		self.assertEquals(der[0],2**2048)
+
+	def testDecode5(self):
+		# One single-byte integer (looks negative)
+		der = DerSequence()
+		der.decode(b('0\x04\x02\x02\x00\xff'))
+		self.assertEquals(len(der),1)
+		self.assertEquals(der[0],0xFFL)
+
+	def testDecode6(self):
+		# Two integers
+		der = DerSequence()
+		der.decode(b('0\x08\x02\x02\x01\x80\x02\x02\x00\xff'))
+		self.assertEquals(len(der),2)
+		self.assertEquals(der[0],0x180L)
+		self.assertEquals(der[1],0xFFL)
+
+	def testDecode7(self):
+		# One integer and 2 other types
+		der = DerSequence()
+		der.decode(b('0\x0A\x02\x02\x01\x80\x24\x02\xb6\x63\x12\x00'))
+		self.assertEquals(len(der),3)
+		self.assertEquals(der[0],0x180L)
+		self.assertEquals(der[1],b('\x24\x02\xb6\x63'))
+		self.assertEquals(der[2],b('\x12\x00'))
+
+	def testDecode8(self):
+		# Only 2 other types
+		der = DerSequence()
+		der.decode(b('0\x06\x24\x02\xb6\x63\x12\x00'))
+		self.assertEquals(len(der),2)
+		self.assertEquals(der[0],b('\x24\x02\xb6\x63'))
+		self.assertEquals(der[1],b('\x12\x00'))
+
+	def testErrDecode1(self):
+		# Not a sequence
+		der = DerSequence()
+		self.assertRaises(ValueError, der.decode, b(''))
+		self.assertRaises(ValueError, der.decode, b('\x00'))
+		self.assertRaises(ValueError, der.decode, b('\x30'))
+
+	def testErrDecode2(self):
+		# Wrong payload type
+		der = DerSequence()
+		self.assertRaises(ValueError, der.decode, b('\x30\x00\x00'), True)
+
+	def testErrDecode3(self):
+		# Wrong length format
+		der = DerSequence()
+		self.assertRaises(ValueError, der.decode, b('\x30\x04\x02\x01\x01\x00'))
+		self.assertRaises(ValueError, der.decode, b('\x30\x81\x03\x02\x01\x01'))
+		self.assertRaises(ValueError, der.decode, b('\x30\x04\x02\x81\x01\x01'))
+
+	def testErrDecode4(self):
+		# Wrong integer format
+		der = DerSequence()
+		# Multi-byte encoding for zero
+		#self.assertRaises(ValueError, der.decode, '\x30\x04\x02\x02\x00\x00')
+		# Negative integer
+		self.assertRaises(ValueError, der.decode, b('\x30\x04\x02\x01\xFF'))
+
+def get_tests(config={}):
+    from Crypto.SelfTest.st_common import list_test_cases
+    listTests = []
+    listTests += list_test_cases(DerObjectTests)
+    listTests += list_test_cases(DerSequenceTests)
+    return listTests
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Util/test_number.py b/lib/Python/Lib/Crypto/SelfTest/Util/test_number.py
new file mode 100644
index 000000000..0502e9e18
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Util/test_number.py
@@ -0,0 +1,295 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Util/test_number.py: Self-test for parts of the Crypto.Util.number module
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-tests for (some of) Crypto.Util.number"""
+
+__revision__ = "$Id$"
+
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+
+import unittest
+
+# NB: In some places, we compare tuples instead of just output values so that
+# if any inputs cause a test failure, we'll be able to tell which ones.
+
+class MiscTests(unittest.TestCase):
+    def setUp(self):
+        global number, math
+        from Crypto.Util import number
+        import math
+
+    def test_ceil_shift(self):
+        """Util.number.ceil_shift"""
+        self.assertRaises(AssertionError, number.ceil_shift, -1, 1)
+        self.assertRaises(AssertionError, number.ceil_shift, 1, -1)
+
+        # b = 0
+        self.assertEqual(0, number.ceil_shift(0, 0))
+        self.assertEqual(1, number.ceil_shift(1, 0))
+        self.assertEqual(2, number.ceil_shift(2, 0))
+        self.assertEqual(3, number.ceil_shift(3, 0))
+
+        # b = 1
+        self.assertEqual(0, number.ceil_shift(0, 1))
+        self.assertEqual(1, number.ceil_shift(1, 1))
+        self.assertEqual(1, number.ceil_shift(2, 1))
+        self.assertEqual(2, number.ceil_shift(3, 1))
+
+        # b = 2
+        self.assertEqual(0, number.ceil_shift(0, 2))
+        self.assertEqual(1, number.ceil_shift(1, 2))
+        self.assertEqual(1, number.ceil_shift(2, 2))
+        self.assertEqual(1, number.ceil_shift(3, 2))
+        self.assertEqual(1, number.ceil_shift(4, 2))
+        self.assertEqual(2, number.ceil_shift(5, 2))
+        self.assertEqual(2, number.ceil_shift(6, 2))
+        self.assertEqual(2, number.ceil_shift(7, 2))
+        self.assertEqual(2, number.ceil_shift(8, 2))
+        self.assertEqual(3, number.ceil_shift(9, 2))
+
+        for b in range(3, 1+129, 3):    # 3, 6, ... , 129
+            self.assertEqual(0, number.ceil_shift(0, b))
+
+            n = 1L
+            while n <= 2L**(b+2):
+                (q, r) = divmod(n-1, 2L**b)
+                expected = q + int(not not r)
+                self.assertEqual((n-1, b, expected),
+                                 (n-1, b, number.ceil_shift(n-1, b)))
+
+                (q, r) = divmod(n, 2L**b)
+                expected = q + int(not not r)
+                self.assertEqual((n, b, expected),
+                                 (n, b, number.ceil_shift(n, b)))
+
+                (q, r) = divmod(n+1, 2L**b)
+                expected = q + int(not not r)
+                self.assertEqual((n+1, b, expected),
+                                 (n+1, b, number.ceil_shift(n+1, b)))
+
+                n *= 2
+
+    def test_ceil_div(self):
+        """Util.number.ceil_div"""
+        self.assertRaises(TypeError, number.ceil_div, "1", 1)
+        self.assertRaises(ZeroDivisionError, number.ceil_div, 1, 0)
+        self.assertRaises(ZeroDivisionError, number.ceil_div, -1, 0)
+
+        # b = -1
+        self.assertEqual(0, number.ceil_div(0, -1))
+        self.assertEqual(-1, number.ceil_div(1, -1))
+        self.assertEqual(-2, number.ceil_div(2, -1))
+        self.assertEqual(-3, number.ceil_div(3, -1))
+
+        # b = 1
+        self.assertEqual(0, number.ceil_div(0, 1))
+        self.assertEqual(1, number.ceil_div(1, 1))
+        self.assertEqual(2, number.ceil_div(2, 1))
+        self.assertEqual(3, number.ceil_div(3, 1))
+
+        # b = 2
+        self.assertEqual(0, number.ceil_div(0, 2))
+        self.assertEqual(1, number.ceil_div(1, 2))
+        self.assertEqual(1, number.ceil_div(2, 2))
+        self.assertEqual(2, number.ceil_div(3, 2))
+        self.assertEqual(2, number.ceil_div(4, 2))
+        self.assertEqual(3, number.ceil_div(5, 2))
+
+        # b = 3
+        self.assertEqual(0, number.ceil_div(0, 3))
+        self.assertEqual(1, number.ceil_div(1, 3))
+        self.assertEqual(1, number.ceil_div(2, 3))
+        self.assertEqual(1, number.ceil_div(3, 3))
+        self.assertEqual(2, number.ceil_div(4, 3))
+        self.assertEqual(2, number.ceil_div(5, 3))
+        self.assertEqual(2, number.ceil_div(6, 3))
+        self.assertEqual(3, number.ceil_div(7, 3))
+
+        # b = 4
+        self.assertEqual(0, number.ceil_div(0, 4))
+        self.assertEqual(1, number.ceil_div(1, 4))
+        self.assertEqual(1, number.ceil_div(2, 4))
+        self.assertEqual(1, number.ceil_div(3, 4))
+        self.assertEqual(1, number.ceil_div(4, 4))
+        self.assertEqual(2, number.ceil_div(5, 4))
+        self.assertEqual(2, number.ceil_div(6, 4))
+        self.assertEqual(2, number.ceil_div(7, 4))
+        self.assertEqual(2, number.ceil_div(8, 4))
+        self.assertEqual(3, number.ceil_div(9, 4))
+
+        # b = -4
+        self.assertEqual(3, number.ceil_div(-9, -4))
+        self.assertEqual(2, number.ceil_div(-8, -4))
+        self.assertEqual(2, number.ceil_div(-7, -4))
+        self.assertEqual(2, number.ceil_div(-6, -4))
+        self.assertEqual(2, number.ceil_div(-5, -4))
+        self.assertEqual(1, number.ceil_div(-4, -4))
+        self.assertEqual(1, number.ceil_div(-3, -4))
+        self.assertEqual(1, number.ceil_div(-2, -4))
+        self.assertEqual(1, number.ceil_div(-1, -4))
+        self.assertEqual(0, number.ceil_div(0, -4))
+        self.assertEqual(0, number.ceil_div(1, -4))
+        self.assertEqual(0, number.ceil_div(2, -4))
+        self.assertEqual(0, number.ceil_div(3, -4))
+        self.assertEqual(-1, number.ceil_div(4, -4))
+        self.assertEqual(-1, number.ceil_div(5, -4))
+        self.assertEqual(-1, number.ceil_div(6, -4))
+        self.assertEqual(-1, number.ceil_div(7, -4))
+        self.assertEqual(-2, number.ceil_div(8, -4))
+        self.assertEqual(-2, number.ceil_div(9, -4))
+
+    def test_exact_log2(self):
+        """Util.number.exact_log2"""
+        self.assertRaises(TypeError, number.exact_log2, "0")
+        self.assertRaises(ValueError, number.exact_log2, -1)
+        self.assertRaises(ValueError, number.exact_log2, 0)
+        self.assertEqual(0, number.exact_log2(1))
+        self.assertEqual(1, number.exact_log2(2))
+        self.assertRaises(ValueError, number.exact_log2, 3)
+        self.assertEqual(2, number.exact_log2(4))
+        self.assertRaises(ValueError, number.exact_log2, 5)
+        self.assertRaises(ValueError, number.exact_log2, 6)
+        self.assertRaises(ValueError, number.exact_log2, 7)
+        e = 3
+        n = 8
+        while e < 16:
+            if n == 2**e:
+                self.assertEqual(e, number.exact_log2(n), "expected=2**%d, n=%d" % (e, n))
+                e += 1
+            else:
+                self.assertRaises(ValueError, number.exact_log2, n)
+            n += 1
+
+        for e in range(16, 1+64, 2):
+            self.assertRaises(ValueError, number.exact_log2, 2L**e-1)
+            self.assertEqual(e, number.exact_log2(2L**e))
+            self.assertRaises(ValueError, number.exact_log2, 2L**e+1)
+
+    def test_exact_div(self):
+        """Util.number.exact_div"""
+
+        # Positive numbers
+        self.assertEqual(1, number.exact_div(1, 1))
+        self.assertRaises(ValueError, number.exact_div, 1, 2)
+        self.assertEqual(1, number.exact_div(2, 2))
+        self.assertRaises(ValueError, number.exact_div, 3, 2)
+        self.assertEqual(2, number.exact_div(4, 2))
+
+        # Negative numbers
+        self.assertEqual(-1, number.exact_div(-1, 1))
+        self.assertEqual(-1, number.exact_div(1, -1))
+        self.assertRaises(ValueError, number.exact_div, -1, 2)
+        self.assertEqual(1, number.exact_div(-2, -2))
+        self.assertEqual(-2, number.exact_div(-4, 2))
+
+        # Zero dividend
+        self.assertEqual(0, number.exact_div(0, 1))
+        self.assertEqual(0, number.exact_div(0, 2))
+
+        # Zero divisor (allow_divzero == False)
+        self.assertRaises(ZeroDivisionError, number.exact_div, 0, 0)
+        self.assertRaises(ZeroDivisionError, number.exact_div, 1, 0)
+
+        # Zero divisor (allow_divzero == True)
+        self.assertEqual(0, number.exact_div(0, 0, allow_divzero=True))
+        self.assertRaises(ValueError, number.exact_div, 1, 0, allow_divzero=True)
+
+    def test_floor_div(self):
+        """Util.number.floor_div"""
+        self.assertRaises(TypeError, number.floor_div, "1", 1)
+        for a in range(-10, 10):
+            for b in range(-10, 10):
+                if b == 0:
+                    self.assertRaises(ZeroDivisionError, number.floor_div, a, b)
+                else:
+                    self.assertEqual((a, b, int(math.floor(float(a) / b))),
+                                     (a, b, number.floor_div(a, b)))
+
+    def test_getStrongPrime(self):
+        """Util.number.getStrongPrime"""
+        self.assertRaises(ValueError, number.getStrongPrime, 256)
+        self.assertRaises(ValueError, number.getStrongPrime, 513)
+        bits = 512
+        x = number.getStrongPrime(bits)
+        self.assertNotEqual(x % 2, 0)
+        self.assertEqual(x > (1L << bits-1)-1, 1)
+        self.assertEqual(x < (1L << bits), 1)
+        e = 2**16+1
+        x = number.getStrongPrime(bits, e)
+        self.assertEqual(number.GCD(x-1, e), 1)
+        self.assertNotEqual(x % 2, 0)
+        self.assertEqual(x > (1L << bits-1)-1, 1)
+        self.assertEqual(x < (1L << bits), 1)
+        e = 2**16+2
+        x = number.getStrongPrime(bits, e)
+        self.assertEqual(number.GCD((x-1)>>1, e), 1)
+        self.assertNotEqual(x % 2, 0)
+        self.assertEqual(x > (1L << bits-1)-1, 1)
+        self.assertEqual(x < (1L << bits), 1)
+
+    def test_isPrime(self):
+        """Util.number.isPrime"""
+        self.assertEqual(number.isPrime(-3), False)     # Regression test: negative numbers should not be prime
+        self.assertEqual(number.isPrime(-2), False)     # Regression test: negative numbers should not be prime
+        self.assertEqual(number.isPrime(1), False)      # Regression test: isPrime(1) caused some versions of PyCrypto to crash.
+        self.assertEqual(number.isPrime(2), True)
+        self.assertEqual(number.isPrime(3), True)
+        self.assertEqual(number.isPrime(4), False)
+        self.assertEqual(number.isPrime(2L**1279-1), True)
+        self.assertEqual(number.isPrime(-(2L**1279-1)), False)     # Regression test: negative numbers should not be prime
+        # test some known gmp pseudo-primes taken from
+        # http://www.trnicely.net/misc/mpzspsp.html
+        for composite in (43 * 127 * 211, 61 * 151 * 211, 15259 * 30517,
+                          346141L * 692281L, 1007119L * 2014237L, 3589477L * 7178953L,
+                          4859419L * 9718837L, 2730439L * 5460877L,
+                          245127919L * 490255837L, 963939391L * 1927878781L,
+                          4186358431L * 8372716861L, 1576820467L * 3153640933L):
+            self.assertEqual(number.isPrime(long(composite)), False)
+
+    def test_size(self):
+        self.assertEqual(number.size(2),2)
+        self.assertEqual(number.size(3),2)
+        self.assertEqual(number.size(0xa2),8)
+        self.assertEqual(number.size(0xa2ba40),8*3)
+        self.assertEqual(number.size(0xa2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5L), 1024)
+
+    def test_negative_number_roundtrip_mpzToLongObj_longObjToMPZ(self):
+        """Test that mpzToLongObj and longObjToMPZ (internal functions) roundtrip negative numbers correctly."""
+        n = -100000000000000000000000000000000000L
+        e = 2L
+        k = number._fastmath.rsa_construct(n, e)
+        self.assertEqual(n, k.n)
+        self.assertEqual(e, k.e)
+
+def get_tests(config={}):
+    from Crypto.SelfTest.st_common import list_test_cases
+    return list_test_cases(MiscTests)
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/Util/test_winrandom.py b/lib/Python/Lib/Crypto/SelfTest/Util/test_winrandom.py
new file mode 100644
index 000000000..3fc5145ac
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/Util/test_winrandom.py
@@ -0,0 +1,48 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/Util/test_winrandom.py: Self-test for the winrandom module
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self-test suite for Crypto.Util.winrandom"""
+
+__revision__ = "$Id$"
+
+import unittest
+
+class WinRandomImportTest(unittest.TestCase):
+    def runTest(self):
+        """winrandom: simple test"""
+        # Import the winrandom module and try to use it
+        from Crypto.Util import winrandom
+        randobj = winrandom.new()
+        x = randobj.get_bytes(16)
+        y = randobj.get_bytes(16)
+        self.assertNotEqual(x, y)
+
+def get_tests(config={}):
+    return [WinRandomImportTest()]
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/__init__.py b/lib/Python/Lib/Crypto/SelfTest/__init__.py
new file mode 100644
index 000000000..40b39693a
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/__init__.py
@@ -0,0 +1,92 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/__init__.py: Self-test for PyCrypto
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Self tests
+
+These tests should perform quickly and can ideally be used every time an
+application runs.
+"""
+
+__revision__ = "$Id$"
+
+import sys
+import unittest
+from StringIO import StringIO
+
+class SelfTestError(Exception):
+    def __init__(self, message, result):
+        Exception.__init__(self, message, result)
+        self.message = message
+        self.result = result
+
+def run(module=None, verbosity=0, stream=None, tests=None, config=None, **kwargs):
+    """Execute self-tests.
+
+    This raises SelfTestError if any test is unsuccessful.
+
+    You may optionally pass in a sub-module of SelfTest if you only want to
+    perform some of the tests.  For example, the following would test only the
+    hash modules:
+
+        Crypto.SelfTest.run(Crypto.SelfTest.Hash)
+
+    """
+    if config is None:
+        config = {}
+    suite = unittest.TestSuite()
+    if module is None:
+        if tests is None:
+            tests = get_tests(config=config)
+        suite.addTests(tests)
+    else:
+        if tests is None:
+            suite.addTests(module.get_tests(config=config))
+        else:
+            raise ValueError("'module' and 'tests' arguments are mutually exclusive")
+    if stream is None:
+        kwargs['stream'] = StringIO()
+    runner = unittest.TextTestRunner(verbosity=verbosity, **kwargs)
+    result = runner.run(suite)
+    if not result.wasSuccessful():
+        if stream is None:
+            sys.stderr.write(stream.getvalue())
+        raise SelfTestError("Self-test failed", result)
+    return result
+
+def get_tests(config={}):
+    tests = []
+    from Crypto.SelfTest import Cipher; tests += Cipher.get_tests(config=config)
+    from Crypto.SelfTest import Hash;   tests += Hash.get_tests(config=config)
+    from Crypto.SelfTest import Protocol; tests += Protocol.get_tests(config=config)
+    from Crypto.SelfTest import PublicKey; tests += PublicKey.get_tests(config=config)
+    from Crypto.SelfTest import Random; tests += Random.get_tests(config=config)
+    from Crypto.SelfTest import Util;   tests += Util.get_tests(config=config)
+    from Crypto.SelfTest import Signature;   tests += Signature.get_tests(config=config)
+    return tests
+
+if __name__ == '__main__':
+    suite = lambda: unittest.TestSuite(get_tests())
+    unittest.main(defaultTest='suite')
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/SelfTest/st_common.py b/lib/Python/Lib/Crypto/SelfTest/st_common.py
new file mode 100644
index 000000000..c56eac5f1
--- /dev/null
+++ b/lib/Python/Lib/Crypto/SelfTest/st_common.py
@@ -0,0 +1,62 @@
+# -*- coding: utf-8 -*-
+#
+#  SelfTest/st_common.py: Common functions for SelfTest modules
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Common functions for SelfTest modules"""
+
+__revision__ = "$Id$"
+
+import unittest
+import binascii
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+from Crypto.Util.py3compat import *
+
+class _list_testloader(unittest.TestLoader):
+    suiteClass = list
+
+def list_test_cases(class_):
+    """Return a list of TestCase instances given a TestCase class
+
+    This is useful when you have defined test* methods on your TestCase class.
+    """
+    return _list_testloader().loadTestsFromTestCase(class_)
+
+def strip_whitespace(s):
+    """Remove whitespace from a text or byte string"""
+    if isinstance(s,str):
+        return b("".join(s.split()))
+    else:
+        return b("").join(s.split())
+
+def a2b_hex(s):
+    """Convert hexadecimal to binary, ignoring whitespace"""
+    return binascii.a2b_hex(strip_whitespace(s))
+
+def b2a_hex(s):
+    """Convert binary to hexadecimal"""
+    # For completeness
+    return binascii.b2a_hex(s)
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/Signature/PKCS1_PSS.py b/lib/Python/Lib/Crypto/Signature/PKCS1_PSS.py
new file mode 100644
index 000000000..4f50eb854
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Signature/PKCS1_PSS.py
@@ -0,0 +1,355 @@
+# -*- coding: utf-8 -*-
+#
+#  Signature/PKCS1_PSS.py : PKCS#1 PPS
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""RSA digital signature protocol with appendix according to PKCS#1 PSS.
+
+See RFC3447__ or the `original RSA Labs specification`__.
+
+This scheme is more properly called ``RSASSA-PSS``.
+
+For example, a sender may authenticate a message using SHA-1 and PSS like
+this:
+
+    >>> from Crypto.Signature import PKCS1_PSS
+    >>> from Crypto.Hash import SHA
+    >>> from Crypto.PublicKey import RSA
+    >>> from Crypto import Random
+    >>>
+    >>> message = 'To be signed'
+    >>> key = RSA.importKey(open('privkey.der').read())
+    >>> h = SHA.new()
+    >>> h.update(message)
+    >>> signer = PKCS1_PSS.new(key)
+    >>> signature = PKCS1_PSS.sign(key)
+
+At the receiver side, verification can be done like using the public part of
+the RSA key:
+
+    >>> key = RSA.importKey(open('pubkey.der').read())
+    >>> h = SHA.new()
+    >>> h.update(message)
+    >>> verifier = PKCS1_PSS.new(key)
+    >>> if verifier.verify(h, signature):
+    >>>     print "The signature is authentic."
+    >>> else:
+    >>>     print "The signature is not authentic."
+
+:undocumented: __revision__, __package__
+
+.. __: http://www.ietf.org/rfc/rfc3447.txt
+.. __: http://www.rsa.com/rsalabs/node.asp?id=2125
+"""
+
+# Allow nested scopes in Python 2.1
+# See http://oreilly.com/pub/a/python/2001/04/19/pythonnews.html
+from __future__ import nested_scopes
+
+__revision__ = "$Id$"
+__all__ = [ 'new', 'PSS_SigScheme' ]
+
+from Crypto.Util.py3compat import *
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+import Crypto.Util.number
+from Crypto.Util.number import ceil_shift, ceil_div, long_to_bytes
+from Crypto.Util.strxor import strxor
+
+class PSS_SigScheme:
+    """This signature scheme can perform PKCS#1 PSS RSA signature or verification."""
+
+    def __init__(self, key, mgfunc, saltLen):
+        """Initialize this PKCS#1 PSS signature scheme object.
+        
+        :Parameters:
+         key : an RSA key object
+                If a private half is given, both signature and verification are possible.
+                If a public half is given, only verification is possible.
+         mgfunc : callable
+                A mask generation function that accepts two parameters: a string to
+                use as seed, and the lenth of the mask to generate, in bytes.
+         saltLen : int
+                Length of the salt, in bytes.
+        """
+        self._key = key
+        self._saltLen = saltLen
+        self._mgfunc = mgfunc
+
+    def can_sign(self):
+        """Return True if this cipher object can be used for signing messages."""
+        return self._key.has_private()
+ 
+    def sign(self, mhash):
+        """Produce the PKCS#1 PSS signature of a message.
+    
+        This function is named ``RSASSA-PSS-SIGN``, and is specified in
+        section 8.1.1 of RFC3447.
+    
+        :Parameters:
+         mhash : hash object
+                The hash that was carried out over the message. This is an object
+                belonging to the `Crypto.Hash` module.
+   
+        :Return: The PSS signature encoded as a string.
+        :Raise ValueError:
+            If the RSA key length is not sufficiently long to deal with the given
+            hash algorithm.
+        :Raise TypeError:
+            If the RSA key has no private half.
+    
+        :attention: Modify the salt length and the mask generation function only
+                    if you know what you are doing.
+                    The receiver must use the same parameters too.
+        """
+        # TODO: Verify the key is RSA
+    
+        randfunc = self._key._randfunc
+        
+        # Set defaults for salt length and mask generation function
+        if self._saltLen == None:
+            sLen = mhash.digest_size
+        else:
+            sLen = self._saltLen
+        if self._mgfunc:
+            mgf = self._mgfunc
+        else:
+             mgf  = lambda x,y: MGF1(x,y,mhash)
+ 
+        modBits = Crypto.Util.number.size(self._key.n)
+    
+        # See 8.1.1 in RFC3447
+        k = ceil_div(modBits,8) # Convert from bits to bytes
+        # Step 1
+        em = EMSA_PSS_ENCODE(mhash, modBits-1, randfunc, mgf, sLen)
+        # Step 2a (OS2IP) and 2b (RSASP1)
+        m = self._key.decrypt(em)
+        # Step 2c (I2OSP)
+        S = bchr(0x00)*(k-len(m)) + m
+        return S
+    
+    def verify(self, mhash, S):
+        """Verify that a certain PKCS#1 PSS signature is authentic.
+    
+        This function checks if the party holding the private half of the given
+        RSA key has really signed the message.
+    
+        This function is called ``RSASSA-PSS-VERIFY``, and is specified in section
+        8.1.2 of RFC3447.
+    
+        :Parameters:
+         mhash : hash object
+                The hash that was carried out over the message. This is an object
+                belonging to the `Crypto.Hash` module.
+         S : string
+                The signature that needs to be validated.
+    
+        :Return: True if verification is correct. False otherwise.
+        """
+        # TODO: Verify the key is RSA
+    
+        # Set defaults for salt length and mask generation function
+        if self._saltLen == None:
+            sLen = mhash.digest_size
+        else:
+            sLen = self._saltLen
+        if self._mgfunc:
+            mgf = self._mgfunc
+        else:
+            mgf  = lambda x,y: MGF1(x,y,mhash)
+
+        modBits = Crypto.Util.number.size(self._key.n)
+    
+        # See 8.1.2 in RFC3447
+        k = ceil_div(modBits,8) # Convert from bits to bytes
+        # Step 1
+        if len(S) != k:
+            return False
+        # Step 2a (O2SIP), 2b (RSAVP1), and partially 2c (I2OSP)
+        # Note that signature must be smaller than the module
+        # but RSA.py won't complain about it.
+        # TODO: Fix RSA object; don't do it here.
+        em = self._key.encrypt(S, 0)[0]
+        # Step 2c
+        emLen = ceil_div(modBits-1,8)
+        em = bchr(0x00)*(emLen-len(em)) + em
+        # Step 3
+        try:
+            result = EMSA_PSS_VERIFY(mhash, em, modBits-1, mgf, sLen)
+        except ValueError:
+            return False
+        # Step 4
+        return result
+    
+def MGF1(mgfSeed, maskLen, hash):
+    """Mask Generation Function, described in B.2.1"""
+    T = b("")
+    for counter in xrange(ceil_div(maskLen, hash.digest_size)):
+        c = long_to_bytes(counter, 4)
+        T = T + hash.new(mgfSeed + c).digest()
+    assert(len(T)>=maskLen)
+    return T[:maskLen]
+
+def EMSA_PSS_ENCODE(mhash, emBits, randFunc, mgf, sLen):
+    """
+    Implement the ``EMSA-PSS-ENCODE`` function, as defined
+    in PKCS#1 v2.1 (RFC3447, 9.1.1).
+
+    The original ``EMSA-PSS-ENCODE`` actually accepts the message ``M`` as input,
+    and hash it internally. Here, we expect that the message has already
+    been hashed instead.
+
+    :Parameters:
+     mhash : hash object
+            The hash object that holds the digest of the message being signed.
+     emBits : int
+            Maximum length of the final encoding, in bits.
+     randFunc : callable
+            An RNG function that accepts as only parameter an int, and returns
+            a string of random bytes, to be used as salt.
+     mgf : callable
+            A mask generation function that accepts two parameters: a string to
+            use as seed, and the lenth of the mask to generate, in bytes.
+     sLen : int
+            Length of the salt, in bytes.
+
+    :Return: An ``emLen`` byte long string that encodes the hash
+            (with ``emLen = \ceil(emBits/8)``).
+
+    :Raise ValueError:
+        When digest or salt length are too big.
+    """
+
+    emLen = ceil_div(emBits,8)
+
+    # Bitmask of digits that fill up
+    lmask = 0
+    for i in xrange(8*emLen-emBits):
+        lmask = lmask>>1 | 0x80
+
+    # Step 1 and 2 have been already done
+    # Step 3
+    if emLen < mhash.digest_size+sLen+2:
+        raise ValueError("Digest or salt length are too long for given key size.")
+    # Step 4
+    salt = b("")
+    if randFunc and sLen>0:
+        salt = randFunc(sLen)
+    # Step 5 and 6
+    h = mhash.new(bchr(0x00)*8 + mhash.digest() + salt)
+    # Step 7 and 8
+    db = bchr(0x00)*(emLen-sLen-mhash.digest_size-2) + bchr(0x01) + salt
+    # Step 9
+    dbMask = mgf(h.digest(), emLen-mhash.digest_size-1)
+    # Step 10
+    maskedDB = strxor(db,dbMask)
+    # Step 11
+    maskedDB = bchr(bord(maskedDB[0]) & ~lmask) + maskedDB[1:]
+    # Step 12
+    em = maskedDB + h.digest() + bchr(0xBC)
+    return em
+
+def EMSA_PSS_VERIFY(mhash, em, emBits, mgf, sLen):
+    """
+    Implement the ``EMSA-PSS-VERIFY`` function, as defined
+    in PKCS#1 v2.1 (RFC3447, 9.1.2).
+
+    ``EMSA-PSS-VERIFY`` actually accepts the message ``M`` as input,
+    and hash it internally. Here, we expect that the message has already
+    been hashed instead.
+
+    :Parameters:
+     mhash : hash object
+            The hash object that holds the digest of the message to be verified.
+     em : string
+            The signature to verify, therefore proving that the sender really signed
+            the message that was received.
+     emBits : int
+            Length of the final encoding (em), in bits.
+     mgf : callable
+            A mask generation function that accepts two parameters: a string to
+            use as seed, and the lenth of the mask to generate, in bytes.
+     sLen : int
+            Length of the salt, in bytes.
+
+    :Return: 0 if the encoding is consistent, 1 if it is inconsistent.
+
+    :Raise ValueError:
+        When digest or salt length are too big.
+    """
+
+    emLen = ceil_div(emBits,8)
+
+    # Bitmask of digits that fill up
+    lmask = 0
+    for i in xrange(8*emLen-emBits):
+        lmask = lmask>>1 | 0x80
+
+    # Step 1 and 2 have been already done
+    # Step 3
+    if emLen < mhash.digest_size+sLen+2:
+        return False
+    # Step 4
+    if ord(em[-1:])!=0xBC:
+        return False
+    # Step 5
+    maskedDB = em[:emLen-mhash.digest_size-1]
+    h = em[emLen-mhash.digest_size-1:-1]
+    # Step 6
+    if lmask & bord(em[0]):
+        return False
+    # Step 7
+    dbMask = mgf(h, emLen-mhash.digest_size-1)
+    # Step 8
+    db = strxor(maskedDB, dbMask)
+    # Step 9
+    db = bchr(bord(db[0]) & ~lmask) + db[1:]
+    # Step 10
+    if not db.startswith(bchr(0x00)*(emLen-mhash.digest_size-sLen-2) + bchr(0x01)):
+        return False
+    # Step 11
+    salt = b("")
+    if sLen: salt = db[-sLen:]
+    # Step 12 and 13
+    hp = mhash.new(bchr(0x00)*8 + mhash.digest() + salt).digest()
+    # Step 14
+    if h!=hp:
+        return False
+    return True
+
+def new(key, mgfunc=None, saltLen=None):
+    """Return a signature scheme object `PSS_SigScheme` that
+    can be used to perform PKCS#1 PSS signature or verification.
+
+    :Parameters:
+     key : RSA key object
+        The key to use to sign or verify the message. This is a `Crypto.PublicKey.RSA` object.
+        Signing is only possible if *key* is a private RSA key.
+     mgfunc : callable
+        A mask generation function that accepts two parameters: a string to
+        use as seed, and the lenth of the mask to generate, in bytes.
+        If not specified, the standard MGF1 is used.
+     saltLen : int
+        Length of the salt, in bytes. If not specified, it matches the output
+        size of the hash function.
+ 
+    """
+    return PSS_SigScheme(key, mgfunc, saltLen)
+
diff --git a/lib/Python/Lib/Crypto/Signature/PKCS1_v1_5.py b/lib/Python/Lib/Crypto/Signature/PKCS1_v1_5.py
new file mode 100644
index 000000000..73ac251c2
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Signature/PKCS1_v1_5.py
@@ -0,0 +1,236 @@
+# -*- coding: utf-8 -*-
+#
+#  Signature/PKCS1-v1_5.py : PKCS#1 v1.5
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""
+RSA digital signature protocol according to PKCS#1 v1.5
+
+See RFC3447__ or the `original RSA Labs specification`__.
+
+This scheme is more properly called ``RSASSA-PKCS1-v1_5``.
+
+For example, a sender may authenticate a message using SHA-1 like
+this:
+
+        >>> from Crypto.Signature import PKCS1_v1_5
+        >>> from Crypto.Hash import SHA
+        >>> from Crypto.PublicKey import RSA
+        >>>
+        >>> message = 'To be signed'
+        >>> key = RSA.importKey(open('privkey.der').read())
+        >>> h = SHA.new(message)
+        >>> signer = PKCS1_v1_5.new(key)
+        >>> signature = signer.sign(h)
+
+At the receiver side, verification can be done using the public part of
+the RSA key:
+
+        >>> key = RSA.importKey(open('pubkey.der').read())
+        >>> h = SHA.new(message)
+        >>> verifier = PKCS1_v1_5.new(key)
+        >>> if verifier.verify(h, signature):
+        >>>    print "The signature is authentic."
+        >>> else:
+        >>>    print "The signature is not authentic."
+
+:undocumented: __revision__, __package__
+
+.. __: http://www.ietf.org/rfc/rfc3447.txt
+.. __: http://www.rsa.com/rsalabs/node.asp?id=2125
+"""
+
+__revision__ = "$Id$"
+__all__ = [ 'new', 'PKCS115_SigScheme' ]
+
+import Crypto.Util.number
+from Crypto.Util.number import ceil_div
+from Crypto.Util.asn1 import DerSequence, DerNull, DerOctetString
+from Crypto.Util.py3compat import *
+
+class PKCS115_SigScheme:
+    """This signature scheme can perform PKCS#1 v1.5 RSA signature or verification."""
+
+    def __init__(self, key):
+        """Initialize this PKCS#1 v1.5 signature scheme object.
+        
+        :Parameters:
+         key : an RSA key object
+          If a private half is given, both signature and verification are possible.
+          If a public half is given, only verification is possible.
+        """
+        self._key = key
+
+    def can_sign(self):
+        """Return True if this cipher object can be used for signing messages."""
+        return self._key.has_private()
+
+    def sign(self, mhash):
+        """Produce the PKCS#1 v1.5 signature of a message.
+    
+        This function is named ``RSASSA-PKCS1-V1_5-SIGN``, and is specified in
+        section 8.2.1 of RFC3447.
+    
+        :Parameters:
+         mhash : hash object
+                The hash that was carried out over the message. This is an object
+                belonging to the `Crypto.Hash` module.
+    
+        :Return: The signature encoded as a string.
+        :Raise ValueError:
+            If the RSA key length is not sufficiently long to deal with the given
+            hash algorithm.
+        :Raise TypeError:
+            If the RSA key has no private half.
+        """
+        # TODO: Verify the key is RSA
+    
+        # See 8.2.1 in RFC3447
+        modBits = Crypto.Util.number.size(self._key.n)
+        k = ceil_div(modBits,8) # Convert from bits to bytes
+    
+        # Step 1
+        em = EMSA_PKCS1_V1_5_ENCODE(mhash, k)
+        # Step 2a (OS2IP) and 2b (RSASP1)
+        m = self._key.decrypt(em)
+        # Step 2c (I2OSP)
+        S = bchr(0x00)*(k-len(m)) + m
+        return S
+    
+    def verify(self, mhash, S):
+        """Verify that a certain PKCS#1 v1.5 signature is authentic.
+    
+        This function checks if the party holding the private half of the key
+        really signed the message.
+    
+        This function is named ``RSASSA-PKCS1-V1_5-VERIFY``, and is specified in
+        section 8.2.2 of RFC3447.
+    
+        :Parameters:
+         mhash : hash object
+                The hash that was carried out over the message. This is an object
+                belonging to the `Crypto.Hash` module.
+         S : string
+                The signature that needs to be validated.
+    
+        :Return: True if verification is correct. False otherwise.
+        """
+        # TODO: Verify the key is RSA
+    
+        # See 8.2.2 in RFC3447
+        modBits = Crypto.Util.number.size(self._key.n)
+        k = ceil_div(modBits,8) # Convert from bits to bytes
+    
+        # Step 1
+        if len(S) != k:
+            return 0
+        # Step 2a (O2SIP) and 2b (RSAVP1)
+        # Note that signature must be smaller than the module
+        # but RSA.py won't complain about it.
+        # TODO: Fix RSA object; don't do it here.
+        m = self._key.encrypt(S, 0)[0]
+        # Step 2c (I2OSP)
+        em1 = bchr(0x00)*(k-len(m)) + m
+        # Step 3
+        try:
+            em2 = EMSA_PKCS1_V1_5_ENCODE(mhash, k)
+        except ValueError:
+            return 0
+        # Step 4
+        # By comparing the full encodings (as opposed to checking each
+        # of its components one at a time) we avoid attacks to the padding
+        # scheme like Bleichenbacher's (see http://www.mail-archive.com/cryptography@metzdowd.com/msg06537).
+        # 
+        return em1==em2
+    
+def EMSA_PKCS1_V1_5_ENCODE(hash, emLen):
+    """
+    Implement the ``EMSA-PKCS1-V1_5-ENCODE`` function, as defined
+    in PKCS#1 v2.1 (RFC3447, 9.2).
+
+    ``EMSA-PKCS1-V1_5-ENCODE`` actually accepts the message ``M`` as input,
+    and hash it internally. Here, we expect that the message has already
+    been hashed instead.
+
+    :Parameters:
+     hash : hash object
+            The hash object that holds the digest of the message being signed.
+     emLen : int
+            The length the final encoding must have, in bytes.
+
+    :attention: the early standard (RFC2313) stated that ``DigestInfo``
+        had to be BER-encoded. This means that old signatures
+        might have length tags in indefinite form, which
+        is not supported in DER. Such encoding cannot be
+        reproduced by this function.
+
+    :attention: the same standard defined ``DigestAlgorithm`` to be
+        of ``AlgorithmIdentifier`` type, where the PARAMETERS
+        item is optional. Encodings for ``MD2/4/5`` without
+        ``PARAMETERS`` cannot be reproduced by this function.
+
+    :Return: An ``emLen`` byte long string that encodes the hash.
+    """
+
+    # First, build the ASN.1 DER object DigestInfo:
+    #
+    #   DigestInfo ::= SEQUENCE {
+    #       digestAlgorithm AlgorithmIdentifier,
+    #       digest OCTET STRING
+    #   }
+    #
+    # where digestAlgorithm identifies the hash function and shall be an
+    # algorithm ID with an OID in the set PKCS1-v1-5DigestAlgorithms.
+    #
+    #   PKCS1-v1-5DigestAlgorithms    ALGORITHM-IDENTIFIER ::= {
+    #       { OID id-md2 PARAMETERS NULL    }|
+    #       { OID id-md5 PARAMETERS NULL    }|
+    #       { OID id-sha1 PARAMETERS NULL   }|
+    #       { OID id-sha256 PARAMETERS NULL }|
+    #       { OID id-sha384 PARAMETERS NULL }|
+    #       { OID id-sha512 PARAMETERS NULL }
+    #   }
+    #
+    digestAlgo  = DerSequence([hash.oid, DerNull().encode()])
+    digest      = DerOctetString(hash.digest())
+    digestInfo  = DerSequence([
+                    digestAlgo.encode(),
+                    digest.encode()
+                    ]).encode()
+
+    # We need at least 11 bytes for the remaining data: 3 fixed bytes and
+    # at least 8 bytes of padding).
+    if emLen<len(digestInfo)+11:
+        raise ValueError("Selected hash algorith has a too long digest (%d bytes)." % len(digest))
+    PS = bchr(0xFF) * (emLen - len(digestInfo) - 3)
+    return b("\x00\x01") + PS + bchr(0x00) + digestInfo
+
+def new(key):
+    """Return a signature scheme object `PKCS115_SigScheme` that
+    can be used to perform PKCS#1 v1.5 signature or verification.
+
+    :Parameters:
+     key : RSA key object
+      The key to use to sign or verify the message. This is a `Crypto.PublicKey.RSA` object.
+      Signing is only possible if *key* is a private RSA key.
+
+    """
+    return PKCS115_SigScheme(key)
+
diff --git a/lib/Python/Lib/Crypto/Signature/__init__.py b/lib/Python/Lib/Crypto/Signature/__init__.py
new file mode 100644
index 000000000..ed523b42c
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Signature/__init__.py
@@ -0,0 +1,31 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Digital signature protocols
+
+A collection of standardized protocols to carry out digital signatures.
+
+:undocumented: __revision__, __package__
+"""
+
+__all__ = [ 'PKCS1_v1_5', 'PKCS1_PSS' ]
+__revision__ = "$Id$"
+
+
diff --git a/lib/Python/Lib/Crypto/Util/Counter.py b/lib/Python/Lib/Crypto/Util/Counter.py
new file mode 100644
index 000000000..01b804a69
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Util/Counter.py
@@ -0,0 +1,127 @@
+# -*- coding: ascii -*-
+#
+#  Util/Counter.py : Fast counter for use with CTR-mode ciphers
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+"""Fast counter functions for CTR cipher modes.
+
+CTR is a chaining mode for symmetric block encryption or decryption.
+Messages are divideded into blocks, and the cipher operation takes
+place on each block using the secret key and a unique *counter block*.
+
+The most straightforward way to fulfil the uniqueness property is
+to start with an initial, random *counter block* value, and increment it as
+the next block is processed.
+
+The block ciphers from `Crypto.Cipher` (when configured in *MODE_CTR* mode)
+invoke a callable object (the *counter* parameter) to get the next *counter block*.
+Unfortunately, the Python calling protocol leads to major performance degradations.
+
+The counter functions instantiated by this module will be invoked directly
+by the ciphers in `Crypto.Cipher`. The fact that the Python layer is bypassed
+lead to more efficient (and faster) execution of CTR cipher modes.
+
+An example of usage is the following:
+
+    >>> from Crypto.Cipher import AES
+    >>> from Crypto.Util import Counter
+    >>>
+    >>> pt = b'\x00'*1000000
+    >>> ctr = Counter.new(128)
+    >>> cipher = AES.new(b'\x00'*16, AES.MODE_CTR, counter=ctr)
+    >>> ct = cipher.encrypt(pt)
+
+:undocumented: __package__
+"""
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+from Crypto.Util.py3compat import *
+
+from Crypto.Util import _counter
+import struct
+
+# Factory function
+def new(nbits, prefix=b(""), suffix=b(""), initial_value=1, overflow=0, little_endian=False, allow_wraparound=False, disable_shortcut=False):
+    """Create a stateful counter block function suitable for CTR encryption modes.
+
+    Each call to the function returns the next counter block.
+    Each counter block is made up by three parts::
+ 
+      prefix || counter value || postfix
+
+    The counter value is incremented by one at each call.
+
+    :Parameters:
+      nbits : integer
+        Length of the desired counter, in bits. It must be a multiple of 8.
+      prefix : byte string
+        The constant prefix of the counter block. By default, no prefix is
+        used.
+      suffix : byte string
+        The constant postfix of the counter block. By default, no suffix is
+        used.
+      initial_value : integer
+        The initial value of the counter. Default value is 1.
+      little_endian : boolean
+        If True, the counter number will be encoded in little endian format.
+        If False (default), in big endian format.
+      allow_wraparound : boolean
+        If True, the function will raise an *OverflowError* exception as soon
+        as the counter wraps around. If False (default), the counter will
+        simply restart from zero.
+      disable_shortcut : boolean
+        If True, do not make ciphers from `Crypto.Cipher` bypass the Python
+        layer when invoking the counter block function.
+        If False (default), bypass the Python layer.
+    :Returns:
+      The counter block function.
+    """
+
+    # Sanity-check the message size
+    (nbytes, remainder) = divmod(nbits, 8)
+    if remainder != 0:
+        # In the future, we might support arbitrary bit lengths, but for now we don't.
+        raise ValueError("nbits must be a multiple of 8; got %d" % (nbits,))
+    if nbytes < 1:
+        raise ValueError("nbits too small")
+    elif nbytes > 0xffff:
+        raise ValueError("nbits too large")
+
+    initval = _encode(initial_value, nbytes, little_endian)
+
+    if little_endian:
+        return _counter._newLE(bstr(prefix), bstr(suffix), initval, allow_wraparound=allow_wraparound, disable_shortcut=disable_shortcut)
+    else:
+        return _counter._newBE(bstr(prefix), bstr(suffix), initval, allow_wraparound=allow_wraparound, disable_shortcut=disable_shortcut)
+
+def _encode(n, nbytes, little_endian=False):
+    retval = []
+    n = long(n)
+    for i in range(nbytes):
+        if little_endian:
+            retval.append(bchr(n & 0xff))
+        else:
+            retval.insert(0, bchr(n & 0xff))
+        n >>= 8
+    return b("").join(retval)
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/Util/RFC1751.py b/lib/Python/Lib/Crypto/Util/RFC1751.py
new file mode 100644
index 000000000..9786e6f59
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Util/RFC1751.py
@@ -0,0 +1,364 @@
+# rfc1751.py : Converts between 128-bit strings and a human-readable
+# sequence of words, as defined in RFC1751: "A Convention for
+# Human-Readable 128-bit Keys", by Daniel L. McDonald.
+#
+# Part of the Python Cryptography Toolkit
+#
+# Written by Andrew M. Kuchling and others
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+__revision__ = "$Id$"
+
+
+import binascii
+from Crypto.Util.py3compat import *
+
+binary={0:'0000', 1:'0001', 2:'0010', 3:'0011', 4:'0100', 5:'0101',
+        6:'0110', 7:'0111', 8:'1000', 9:'1001', 10:'1010', 11:'1011',
+        12:'1100', 13:'1101', 14:'1110', 15:'1111'}
+
+def _key2bin(s):
+    "Convert a key into a string of binary digits"
+    kl=map(lambda x: bord(x), s)
+    kl=map(lambda x: binary[x>>4]+binary[x&15], kl)
+    return ''.join(kl)
+
+def _extract(key, start, length):
+    """Extract a bitstring(2.x)/bytestring(2.x) from a string of binary digits, and return its
+    numeric value."""
+    k=key[start:start+length]
+    return reduce(lambda x,y: x*2+ord(y)-48, k, 0)
+
+def key_to_english (key):
+    """key_to_english(key:string(2.x)/bytes(3.x)) : string
+    Transform an arbitrary key into a string containing English words.
+    The key length must be a multiple of 8.
+    """
+    english=''
+    for index in range(0, len(key), 8): # Loop over 8-byte subkeys
+        subkey=key[index:index+8]
+        # Compute the parity of the key
+        skbin=_key2bin(subkey) ; p=0
+        for i in range(0, 64, 2): p=p+_extract(skbin, i, 2)
+        # Append parity bits to the subkey
+        skbin=_key2bin(subkey+bchr((p<<6) & 255))
+        for i in range(0, 64, 11):
+            english=english+wordlist[_extract(skbin, i, 11)]+' '
+
+    return english[:-1]                 # Remove the trailing space
+
+def english_to_key (s):
+    """english_to_key(string):string(2.x)/bytes(2.x)
+    Transform a string into a corresponding key.
+    The string must contain words separated by whitespace; the number
+    of words must be a multiple of 6.
+    """
+
+    L=s.upper().split() ; key=b('')
+    for index in range(0, len(L), 6):
+        sublist=L[index:index+6] ; char=9*[0] ; bits=0
+        for i in sublist:
+            index = wordlist.index(i)
+            shift = (8-(bits+11)%8) %8
+            y = index << shift
+            cl, cc, cr = (y>>16), (y>>8)&0xff, y & 0xff
+            if (shift>5):
+                char[bits>>3] = char[bits>>3] | cl
+                char[(bits>>3)+1] = char[(bits>>3)+1] | cc
+                char[(bits>>3)+2] = char[(bits>>3)+2] | cr
+            elif shift>-3:
+                char[bits>>3] = char[bits>>3] | cc
+                char[(bits>>3)+1] = char[(bits>>3)+1] | cr
+            else: char[bits>>3] = char[bits>>3] | cr
+            bits=bits+11
+        subkey=reduce(lambda x,y:x+bchr(y), char, b(''))
+
+        # Check the parity of the resulting key
+        skbin=_key2bin(subkey)
+        p=0
+        for i in range(0, 64, 2): p=p+_extract(skbin, i, 2)
+        if (p&3) != _extract(skbin, 64, 2):
+            raise ValueError, "Parity error in resulting key"
+        key=key+subkey[0:8]
+    return key
+
+wordlist=[ "A", "ABE", "ACE", "ACT", "AD", "ADA", "ADD",
+   "AGO", "AID", "AIM", "AIR", "ALL", "ALP", "AM", "AMY", "AN", "ANA",
+   "AND", "ANN", "ANT", "ANY", "APE", "APS", "APT", "ARC", "ARE", "ARK",
+   "ARM", "ART", "AS", "ASH", "ASK", "AT", "ATE", "AUG", "AUK", "AVE",
+   "AWE", "AWK", "AWL", "AWN", "AX", "AYE", "BAD", "BAG", "BAH", "BAM",
+   "BAN", "BAR", "BAT", "BAY", "BE", "BED", "BEE", "BEG", "BEN", "BET",
+   "BEY", "BIB", "BID", "BIG", "BIN", "BIT", "BOB", "BOG", "BON", "BOO",
+   "BOP", "BOW", "BOY", "BUB", "BUD", "BUG", "BUM", "BUN", "BUS", "BUT",
+   "BUY", "BY", "BYE", "CAB", "CAL", "CAM", "CAN", "CAP", "CAR", "CAT",
+   "CAW", "COD", "COG", "COL", "CON", "COO", "COP", "COT", "COW", "COY",
+   "CRY", "CUB", "CUE", "CUP", "CUR", "CUT", "DAB", "DAD", "DAM", "DAN",
+   "DAR", "DAY", "DEE", "DEL", "DEN", "DES", "DEW", "DID", "DIE", "DIG",
+   "DIN", "DIP", "DO", "DOE", "DOG", "DON", "DOT", "DOW", "DRY", "DUB",
+   "DUD", "DUE", "DUG", "DUN", "EAR", "EAT", "ED", "EEL", "EGG", "EGO",
+   "ELI", "ELK", "ELM", "ELY", "EM", "END", "EST", "ETC", "EVA", "EVE",
+   "EWE", "EYE", "FAD", "FAN", "FAR", "FAT", "FAY", "FED", "FEE", "FEW",
+   "FIB", "FIG", "FIN", "FIR", "FIT", "FLO", "FLY", "FOE", "FOG", "FOR",
+   "FRY", "FUM", "FUN", "FUR", "GAB", "GAD", "GAG", "GAL", "GAM", "GAP",
+   "GAS", "GAY", "GEE", "GEL", "GEM", "GET", "GIG", "GIL", "GIN", "GO",
+   "GOT", "GUM", "GUN", "GUS", "GUT", "GUY", "GYM", "GYP", "HA", "HAD",
+   "HAL", "HAM", "HAN", "HAP", "HAS", "HAT", "HAW", "HAY", "HE", "HEM",
+   "HEN", "HER", "HEW", "HEY", "HI", "HID", "HIM", "HIP", "HIS", "HIT",
+   "HO", "HOB", "HOC", "HOE", "HOG", "HOP", "HOT", "HOW", "HUB", "HUE",
+   "HUG", "HUH", "HUM", "HUT", "I", "ICY", "IDA", "IF", "IKE", "ILL",
+   "INK", "INN", "IO", "ION", "IQ", "IRA", "IRE", "IRK", "IS", "IT",
+   "ITS", "IVY", "JAB", "JAG", "JAM", "JAN", "JAR", "JAW", "JAY", "JET",
+   "JIG", "JIM", "JO", "JOB", "JOE", "JOG", "JOT", "JOY", "JUG", "JUT",
+   "KAY", "KEG", "KEN", "KEY", "KID", "KIM", "KIN", "KIT", "LA", "LAB",
+   "LAC", "LAD", "LAG", "LAM", "LAP", "LAW", "LAY", "LEA", "LED", "LEE",
+   "LEG", "LEN", "LEO", "LET", "LEW", "LID", "LIE", "LIN", "LIP", "LIT",
+   "LO", "LOB", "LOG", "LOP", "LOS", "LOT", "LOU", "LOW", "LOY", "LUG",
+   "LYE", "MA", "MAC", "MAD", "MAE", "MAN", "MAO", "MAP", "MAT", "MAW",
+   "MAY", "ME", "MEG", "MEL", "MEN", "MET", "MEW", "MID", "MIN", "MIT",
+   "MOB", "MOD", "MOE", "MOO", "MOP", "MOS", "MOT", "MOW", "MUD", "MUG",
+   "MUM", "MY", "NAB", "NAG", "NAN", "NAP", "NAT", "NAY", "NE", "NED",
+   "NEE", "NET", "NEW", "NIB", "NIL", "NIP", "NIT", "NO", "NOB", "NOD",
+   "NON", "NOR", "NOT", "NOV", "NOW", "NU", "NUN", "NUT", "O", "OAF",
+   "OAK", "OAR", "OAT", "ODD", "ODE", "OF", "OFF", "OFT", "OH", "OIL",
+   "OK", "OLD", "ON", "ONE", "OR", "ORB", "ORE", "ORR", "OS", "OTT",
+   "OUR", "OUT", "OVA", "OW", "OWE", "OWL", "OWN", "OX", "PA", "PAD",
+   "PAL", "PAM", "PAN", "PAP", "PAR", "PAT", "PAW", "PAY", "PEA", "PEG",
+   "PEN", "PEP", "PER", "PET", "PEW", "PHI", "PI", "PIE", "PIN", "PIT",
+   "PLY", "PO", "POD", "POE", "POP", "POT", "POW", "PRO", "PRY", "PUB",
+   "PUG", "PUN", "PUP", "PUT", "QUO", "RAG", "RAM", "RAN", "RAP", "RAT",
+   "RAW", "RAY", "REB", "RED", "REP", "RET", "RIB", "RID", "RIG", "RIM",
+   "RIO", "RIP", "ROB", "ROD", "ROE", "RON", "ROT", "ROW", "ROY", "RUB",
+   "RUE", "RUG", "RUM", "RUN", "RYE", "SAC", "SAD", "SAG", "SAL", "SAM",
+   "SAN", "SAP", "SAT", "SAW", "SAY", "SEA", "SEC", "SEE", "SEN", "SET",
+   "SEW", "SHE", "SHY", "SIN", "SIP", "SIR", "SIS", "SIT", "SKI", "SKY",
+   "SLY", "SO", "SOB", "SOD", "SON", "SOP", "SOW", "SOY", "SPA", "SPY",
+   "SUB", "SUD", "SUE", "SUM", "SUN", "SUP", "TAB", "TAD", "TAG", "TAN",
+   "TAP", "TAR", "TEA", "TED", "TEE", "TEN", "THE", "THY", "TIC", "TIE",
+   "TIM", "TIN", "TIP", "TO", "TOE", "TOG", "TOM", "TON", "TOO", "TOP",
+   "TOW", "TOY", "TRY", "TUB", "TUG", "TUM", "TUN", "TWO", "UN", "UP",
+   "US", "USE", "VAN", "VAT", "VET", "VIE", "WAD", "WAG", "WAR", "WAS",
+   "WAY", "WE", "WEB", "WED", "WEE", "WET", "WHO", "WHY", "WIN", "WIT",
+   "WOK", "WON", "WOO", "WOW", "WRY", "WU", "YAM", "YAP", "YAW", "YE",
+   "YEA", "YES", "YET", "YOU", "ABED", "ABEL", "ABET", "ABLE", "ABUT",
+   "ACHE", "ACID", "ACME", "ACRE", "ACTA", "ACTS", "ADAM", "ADDS",
+   "ADEN", "AFAR", "AFRO", "AGEE", "AHEM", "AHOY", "AIDA", "AIDE",
+   "AIDS", "AIRY", "AJAR", "AKIN", "ALAN", "ALEC", "ALGA", "ALIA",
+   "ALLY", "ALMA", "ALOE", "ALSO", "ALTO", "ALUM", "ALVA", "AMEN",
+   "AMES", "AMID", "AMMO", "AMOK", "AMOS", "AMRA", "ANDY", "ANEW",
+   "ANNA", "ANNE", "ANTE", "ANTI", "AQUA", "ARAB", "ARCH", "AREA",
+   "ARGO", "ARID", "ARMY", "ARTS", "ARTY", "ASIA", "ASKS", "ATOM",
+   "AUNT", "AURA", "AUTO", "AVER", "AVID", "AVIS", "AVON", "AVOW",
+   "AWAY", "AWRY", "BABE", "BABY", "BACH", "BACK", "BADE", "BAIL",
+   "BAIT", "BAKE", "BALD", "BALE", "BALI", "BALK", "BALL", "BALM",
+   "BAND", "BANE", "BANG", "BANK", "BARB", "BARD", "BARE", "BARK",
+   "BARN", "BARR", "BASE", "BASH", "BASK", "BASS", "BATE", "BATH",
+   "BAWD", "BAWL", "BEAD", "BEAK", "BEAM", "BEAN", "BEAR", "BEAT",
+   "BEAU", "BECK", "BEEF", "BEEN", "BEER",
+   "BEET", "BELA", "BELL", "BELT", "BEND", "BENT", "BERG", "BERN",
+   "BERT", "BESS", "BEST", "BETA", "BETH", "BHOY", "BIAS", "BIDE",
+   "BIEN", "BILE", "BILK", "BILL", "BIND", "BING", "BIRD", "BITE",
+   "BITS", "BLAB", "BLAT", "BLED", "BLEW", "BLOB", "BLOC", "BLOT",
+   "BLOW", "BLUE", "BLUM", "BLUR", "BOAR", "BOAT", "BOCA", "BOCK",
+   "BODE", "BODY", "BOGY", "BOHR", "BOIL", "BOLD", "BOLO", "BOLT",
+   "BOMB", "BONA", "BOND", "BONE", "BONG", "BONN", "BONY", "BOOK",
+   "BOOM", "BOON", "BOOT", "BORE", "BORG", "BORN", "BOSE", "BOSS",
+   "BOTH", "BOUT", "BOWL", "BOYD", "BRAD", "BRAE", "BRAG", "BRAN",
+   "BRAY", "BRED", "BREW", "BRIG", "BRIM", "BROW", "BUCK", "BUDD",
+   "BUFF", "BULB", "BULK", "BULL", "BUNK", "BUNT", "BUOY", "BURG",
+   "BURL", "BURN", "BURR", "BURT", "BURY", "BUSH", "BUSS", "BUST",
+   "BUSY", "BYTE", "CADY", "CAFE", "CAGE", "CAIN", "CAKE", "CALF",
+   "CALL", "CALM", "CAME", "CANE", "CANT", "CARD", "CARE", "CARL",
+   "CARR", "CART", "CASE", "CASH", "CASK", "CAST", "CAVE", "CEIL",
+   "CELL", "CENT", "CERN", "CHAD", "CHAR", "CHAT", "CHAW", "CHEF",
+   "CHEN", "CHEW", "CHIC", "CHIN", "CHOU", "CHOW", "CHUB", "CHUG",
+   "CHUM", "CITE", "CITY", "CLAD", "CLAM", "CLAN", "CLAW", "CLAY",
+   "CLOD", "CLOG", "CLOT", "CLUB", "CLUE", "COAL", "COAT", "COCA",
+   "COCK", "COCO", "CODA", "CODE", "CODY", "COED", "COIL", "COIN",
+   "COKE", "COLA", "COLD", "COLT", "COMA", "COMB", "COME", "COOK",
+   "COOL", "COON", "COOT", "CORD", "CORE", "CORK", "CORN", "COST",
+   "COVE", "COWL", "CRAB", "CRAG", "CRAM", "CRAY", "CREW", "CRIB",
+   "CROW", "CRUD", "CUBA", "CUBE", "CUFF", "CULL", "CULT", "CUNY",
+   "CURB", "CURD", "CURE", "CURL", "CURT", "CUTS", "DADE", "DALE",
+   "DAME", "DANA", "DANE", "DANG", "DANK", "DARE", "DARK", "DARN",
+   "DART", "DASH", "DATA", "DATE", "DAVE", "DAVY", "DAWN", "DAYS",
+   "DEAD", "DEAF", "DEAL", "DEAN", "DEAR", "DEBT", "DECK", "DEED",
+   "DEEM", "DEER", "DEFT", "DEFY", "DELL", "DENT", "DENY", "DESK",
+   "DIAL", "DICE", "DIED", "DIET", "DIME", "DINE", "DING", "DINT",
+   "DIRE", "DIRT", "DISC", "DISH", "DISK", "DIVE", "DOCK", "DOES",
+   "DOLE", "DOLL", "DOLT", "DOME", "DONE", "DOOM", "DOOR", "DORA",
+   "DOSE", "DOTE", "DOUG", "DOUR", "DOVE", "DOWN", "DRAB", "DRAG",
+   "DRAM", "DRAW", "DREW", "DRUB", "DRUG", "DRUM", "DUAL", "DUCK",
+   "DUCT", "DUEL", "DUET", "DUKE", "DULL", "DUMB", "DUNE", "DUNK",
+   "DUSK", "DUST", "DUTY", "EACH", "EARL", "EARN", "EASE", "EAST",
+   "EASY", "EBEN", "ECHO", "EDDY", "EDEN", "EDGE", "EDGY", "EDIT",
+   "EDNA", "EGAN", "ELAN", "ELBA", "ELLA", "ELSE", "EMIL", "EMIT",
+   "EMMA", "ENDS", "ERIC", "EROS", "EVEN", "EVER", "EVIL", "EYED",
+   "FACE", "FACT", "FADE", "FAIL", "FAIN", "FAIR", "FAKE", "FALL",
+   "FAME", "FANG", "FARM", "FAST", "FATE", "FAWN", "FEAR", "FEAT",
+   "FEED", "FEEL", "FEET", "FELL", "FELT", "FEND", "FERN", "FEST",
+   "FEUD", "FIEF", "FIGS", "FILE", "FILL", "FILM", "FIND", "FINE",
+   "FINK", "FIRE", "FIRM", "FISH", "FISK", "FIST", "FITS", "FIVE",
+   "FLAG", "FLAK", "FLAM", "FLAT", "FLAW", "FLEA", "FLED", "FLEW",
+   "FLIT", "FLOC", "FLOG", "FLOW", "FLUB", "FLUE", "FOAL", "FOAM",
+   "FOGY", "FOIL", "FOLD", "FOLK", "FOND", "FONT", "FOOD", "FOOL",
+   "FOOT", "FORD", "FORE", "FORK", "FORM", "FORT", "FOSS", "FOUL",
+   "FOUR", "FOWL", "FRAU", "FRAY", "FRED", "FREE", "FRET", "FREY",
+   "FROG", "FROM", "FUEL", "FULL", "FUME", "FUND", "FUNK", "FURY",
+   "FUSE", "FUSS", "GAFF", "GAGE", "GAIL", "GAIN", "GAIT", "GALA",
+   "GALE", "GALL", "GALT", "GAME", "GANG", "GARB", "GARY", "GASH",
+   "GATE", "GAUL", "GAUR", "GAVE", "GAWK", "GEAR", "GELD", "GENE",
+   "GENT", "GERM", "GETS", "GIBE", "GIFT", "GILD", "GILL", "GILT",
+   "GINA", "GIRD", "GIRL", "GIST", "GIVE", "GLAD", "GLEE", "GLEN",
+   "GLIB", "GLOB", "GLOM", "GLOW", "GLUE", "GLUM", "GLUT", "GOAD",
+   "GOAL", "GOAT", "GOER", "GOES", "GOLD", "GOLF", "GONE", "GONG",
+   "GOOD", "GOOF", "GORE", "GORY", "GOSH", "GOUT", "GOWN", "GRAB",
+   "GRAD", "GRAY", "GREG", "GREW", "GREY", "GRID", "GRIM", "GRIN",
+   "GRIT", "GROW", "GRUB", "GULF", "GULL", "GUNK", "GURU", "GUSH",
+   "GUST", "GWEN", "GWYN", "HAAG", "HAAS", "HACK", "HAIL", "HAIR",
+   "HALE", "HALF", "HALL", "HALO", "HALT", "HAND", "HANG", "HANK",
+   "HANS", "HARD", "HARK", "HARM", "HART", "HASH", "HAST", "HATE",
+   "HATH", "HAUL", "HAVE", "HAWK", "HAYS", "HEAD", "HEAL", "HEAR",
+   "HEAT", "HEBE", "HECK", "HEED", "HEEL", "HEFT", "HELD", "HELL",
+   "HELM", "HERB", "HERD", "HERE", "HERO", "HERS", "HESS", "HEWN",
+   "HICK", "HIDE", "HIGH", "HIKE", "HILL", "HILT", "HIND", "HINT",
+   "HIRE", "HISS", "HIVE", "HOBO", "HOCK", "HOFF", "HOLD", "HOLE",
+   "HOLM", "HOLT", "HOME", "HONE", "HONK", "HOOD", "HOOF", "HOOK",
+   "HOOT", "HORN", "HOSE", "HOST", "HOUR", "HOVE", "HOWE", "HOWL",
+   "HOYT", "HUCK", "HUED", "HUFF", "HUGE", "HUGH", "HUGO", "HULK",
+   "HULL", "HUNK", "HUNT", "HURD", "HURL", "HURT", "HUSH", "HYDE",
+   "HYMN", "IBIS", "ICON", "IDEA", "IDLE", "IFFY", "INCA", "INCH",
+   "INTO", "IONS", "IOTA", "IOWA", "IRIS", "IRMA", "IRON", "ISLE",
+   "ITCH", "ITEM", "IVAN", "JACK", "JADE", "JAIL", "JAKE", "JANE",
+   "JAVA", "JEAN", "JEFF", "JERK", "JESS", "JEST", "JIBE", "JILL",
+   "JILT", "JIVE", "JOAN", "JOBS", "JOCK", "JOEL", "JOEY", "JOHN",
+   "JOIN", "JOKE", "JOLT", "JOVE", "JUDD", "JUDE", "JUDO", "JUDY",
+   "JUJU", "JUKE", "JULY", "JUNE", "JUNK", "JUNO", "JURY", "JUST",
+   "JUTE", "KAHN", "KALE", "KANE", "KANT", "KARL", "KATE", "KEEL",
+   "KEEN", "KENO", "KENT", "KERN", "KERR", "KEYS", "KICK", "KILL",
+   "KIND", "KING", "KIRK", "KISS", "KITE", "KLAN", "KNEE", "KNEW",
+   "KNIT", "KNOB", "KNOT", "KNOW", "KOCH", "KONG", "KUDO", "KURD",
+   "KURT", "KYLE", "LACE", "LACK", "LACY", "LADY", "LAID", "LAIN",
+   "LAIR", "LAKE", "LAMB", "LAME", "LAND", "LANE", "LANG", "LARD",
+   "LARK", "LASS", "LAST", "LATE", "LAUD", "LAVA", "LAWN", "LAWS",
+   "LAYS", "LEAD", "LEAF", "LEAK", "LEAN", "LEAR", "LEEK", "LEER",
+   "LEFT", "LEND", "LENS", "LENT", "LEON", "LESK", "LESS", "LEST",
+   "LETS", "LIAR", "LICE", "LICK", "LIED", "LIEN", "LIES", "LIEU",
+   "LIFE", "LIFT", "LIKE", "LILA", "LILT", "LILY", "LIMA", "LIMB",
+   "LIME", "LIND", "LINE", "LINK", "LINT", "LION", "LISA", "LIST",
+   "LIVE", "LOAD", "LOAF", "LOAM", "LOAN", "LOCK", "LOFT", "LOGE",
+   "LOIS", "LOLA", "LONE", "LONG", "LOOK", "LOON", "LOOT", "LORD",
+   "LORE", "LOSE", "LOSS", "LOST", "LOUD", "LOVE", "LOWE", "LUCK",
+   "LUCY", "LUGE", "LUKE", "LULU", "LUND", "LUNG", "LURA", "LURE",
+   "LURK", "LUSH", "LUST", "LYLE", "LYNN", "LYON", "LYRA", "MACE",
+   "MADE", "MAGI", "MAID", "MAIL", "MAIN", "MAKE", "MALE", "MALI",
+   "MALL", "MALT", "MANA", "MANN", "MANY", "MARC", "MARE", "MARK",
+   "MARS", "MART", "MARY", "MASH", "MASK", "MASS", "MAST", "MATE",
+   "MATH", "MAUL", "MAYO", "MEAD", "MEAL", "MEAN", "MEAT", "MEEK",
+   "MEET", "MELD", "MELT", "MEMO", "MEND", "MENU", "MERT", "MESH",
+   "MESS", "MICE", "MIKE", "MILD", "MILE", "MILK", "MILL", "MILT",
+   "MIMI", "MIND", "MINE", "MINI", "MINK", "MINT", "MIRE", "MISS",
+   "MIST", "MITE", "MITT", "MOAN", "MOAT", "MOCK", "MODE", "MOLD",
+   "MOLE", "MOLL", "MOLT", "MONA", "MONK", "MONT", "MOOD", "MOON",
+   "MOOR", "MOOT", "MORE", "MORN", "MORT", "MOSS", "MOST", "MOTH",
+   "MOVE", "MUCH", "MUCK", "MUDD", "MUFF", "MULE", "MULL", "MURK",
+   "MUSH", "MUST", "MUTE", "MUTT", "MYRA", "MYTH", "NAGY", "NAIL",
+   "NAIR", "NAME", "NARY", "NASH", "NAVE", "NAVY", "NEAL", "NEAR",
+   "NEAT", "NECK", "NEED", "NEIL", "NELL", "NEON", "NERO", "NESS",
+   "NEST", "NEWS", "NEWT", "NIBS", "NICE", "NICK", "NILE", "NINA",
+   "NINE", "NOAH", "NODE", "NOEL", "NOLL", "NONE", "NOOK", "NOON",
+   "NORM", "NOSE", "NOTE", "NOUN", "NOVA", "NUDE", "NULL", "NUMB",
+   "OATH", "OBEY", "OBOE", "ODIN", "OHIO", "OILY", "OINT", "OKAY",
+   "OLAF", "OLDY", "OLGA", "OLIN", "OMAN", "OMEN", "OMIT", "ONCE",
+   "ONES", "ONLY", "ONTO", "ONUS", "ORAL", "ORGY", "OSLO", "OTIS",
+   "OTTO", "OUCH", "OUST", "OUTS", "OVAL", "OVEN", "OVER", "OWLY",
+   "OWNS", "QUAD", "QUIT", "QUOD", "RACE", "RACK", "RACY", "RAFT",
+   "RAGE", "RAID", "RAIL", "RAIN", "RAKE", "RANK", "RANT", "RARE",
+   "RASH", "RATE", "RAVE", "RAYS", "READ", "REAL", "REAM", "REAR",
+   "RECK", "REED", "REEF", "REEK", "REEL", "REID", "REIN", "RENA",
+   "REND", "RENT", "REST", "RICE", "RICH", "RICK", "RIDE", "RIFT",
+   "RILL", "RIME", "RING", "RINK", "RISE", "RISK", "RITE", "ROAD",
+   "ROAM", "ROAR", "ROBE", "ROCK", "RODE", "ROIL", "ROLL", "ROME",
+   "ROOD", "ROOF", "ROOK", "ROOM", "ROOT", "ROSA", "ROSE", "ROSS",
+   "ROSY", "ROTH", "ROUT", "ROVE", "ROWE", "ROWS", "RUBE", "RUBY",
+   "RUDE", "RUDY", "RUIN", "RULE", "RUNG", "RUNS", "RUNT", "RUSE",
+   "RUSH", "RUSK", "RUSS", "RUST", "RUTH", "SACK", "SAFE", "SAGE",
+   "SAID", "SAIL", "SALE", "SALK", "SALT", "SAME", "SAND", "SANE",
+   "SANG", "SANK", "SARA", "SAUL", "SAVE", "SAYS", "SCAN", "SCAR",
+   "SCAT", "SCOT", "SEAL", "SEAM", "SEAR", "SEAT", "SEED", "SEEK",
+   "SEEM", "SEEN", "SEES", "SELF", "SELL", "SEND", "SENT", "SETS",
+   "SEWN", "SHAG", "SHAM", "SHAW", "SHAY", "SHED", "SHIM", "SHIN",
+   "SHOD", "SHOE", "SHOT", "SHOW", "SHUN", "SHUT", "SICK", "SIDE",
+   "SIFT", "SIGH", "SIGN", "SILK", "SILL", "SILO", "SILT", "SINE",
+   "SING", "SINK", "SIRE", "SITE", "SITS", "SITU", "SKAT", "SKEW",
+   "SKID", "SKIM", "SKIN", "SKIT", "SLAB", "SLAM", "SLAT", "SLAY",
+   "SLED", "SLEW", "SLID", "SLIM", "SLIT", "SLOB", "SLOG", "SLOT",
+   "SLOW", "SLUG", "SLUM", "SLUR", "SMOG", "SMUG", "SNAG", "SNOB",
+   "SNOW", "SNUB", "SNUG", "SOAK", "SOAR", "SOCK", "SODA", "SOFA",
+   "SOFT", "SOIL", "SOLD", "SOME", "SONG", "SOON", "SOOT", "SORE",
+   "SORT", "SOUL", "SOUR", "SOWN", "STAB", "STAG", "STAN", "STAR",
+   "STAY", "STEM", "STEW", "STIR", "STOW", "STUB", "STUN", "SUCH",
+   "SUDS", "SUIT", "SULK", "SUMS", "SUNG", "SUNK", "SURE", "SURF",
+   "SWAB", "SWAG", "SWAM", "SWAN", "SWAT", "SWAY", "SWIM", "SWUM",
+   "TACK", "TACT", "TAIL", "TAKE", "TALE", "TALK", "TALL", "TANK",
+   "TASK", "TATE", "TAUT", "TEAL", "TEAM", "TEAR", "TECH", "TEEM",
+   "TEEN", "TEET", "TELL", "TEND", "TENT", "TERM", "TERN", "TESS",
+   "TEST", "THAN", "THAT", "THEE", "THEM", "THEN", "THEY", "THIN",
+   "THIS", "THUD", "THUG", "TICK", "TIDE", "TIDY", "TIED", "TIER",
+   "TILE", "TILL", "TILT", "TIME", "TINA", "TINE", "TINT", "TINY",
+   "TIRE", "TOAD", "TOGO", "TOIL", "TOLD", "TOLL", "TONE", "TONG",
+   "TONY", "TOOK", "TOOL", "TOOT", "TORE", "TORN", "TOTE", "TOUR",
+   "TOUT", "TOWN", "TRAG", "TRAM", "TRAY", "TREE", "TREK", "TRIG",
+   "TRIM", "TRIO", "TROD", "TROT", "TROY", "TRUE", "TUBA", "TUBE",
+   "TUCK", "TUFT", "TUNA", "TUNE", "TUNG", "TURF", "TURN", "TUSK",
+   "TWIG", "TWIN", "TWIT", "ULAN", "UNIT", "URGE", "USED", "USER",
+   "USES", "UTAH", "VAIL", "VAIN", "VALE", "VARY", "VASE", "VAST",
+   "VEAL", "VEDA", "VEIL", "VEIN", "VEND", "VENT", "VERB", "VERY",
+   "VETO", "VICE", "VIEW", "VINE", "VISE", "VOID", "VOLT", "VOTE",
+   "WACK", "WADE", "WAGE", "WAIL", "WAIT", "WAKE", "WALE", "WALK",
+   "WALL", "WALT", "WAND", "WANE", "WANG", "WANT", "WARD", "WARM",
+   "WARN", "WART", "WASH", "WAST", "WATS", "WATT", "WAVE", "WAVY",
+   "WAYS", "WEAK", "WEAL", "WEAN", "WEAR", "WEED", "WEEK", "WEIR",
+   "WELD", "WELL", "WELT", "WENT", "WERE", "WERT", "WEST", "WHAM",
+   "WHAT", "WHEE", "WHEN", "WHET", "WHOA", "WHOM", "WICK", "WIFE",
+   "WILD", "WILL", "WIND", "WINE", "WING", "WINK", "WINO", "WIRE",
+   "WISE", "WISH", "WITH", "WOLF", "WONT", "WOOD", "WOOL", "WORD",
+   "WORE", "WORK", "WORM", "WORN", "WOVE", "WRIT", "WYNN", "YALE",
+   "YANG", "YANK", "YARD", "YARN", "YAWL", "YAWN", "YEAH", "YEAR",
+   "YELL", "YOGA", "YOKE" ]
+
+if __name__=='__main__':
+    data = [('EB33F77EE73D4053', 'TIDE ITCH SLOW REIN RULE MOT'),
+            ('CCAC2AED591056BE4F90FD441C534766',
+             'RASH BUSH MILK LOOK BAD BRIM AVID GAFF BAIT ROT POD LOVE'),
+            ('EFF81F9BFBC65350920CDD7416DE8009',
+             'TROD MUTE TAIL WARM CHAR KONG HAAG CITY BORE O TEAL AWL')
+           ]
+
+    for key, words in data:
+        print 'Trying key', key
+        key=binascii.a2b_hex(key)
+        w2=key_to_english(key)
+        if w2!=words:
+            print 'key_to_english fails on key', repr(key), ', producing', str(w2)
+        k2=english_to_key(words)
+        if k2!=key:
+            print 'english_to_key fails on key', repr(key), ', producing', repr(k2)
+
+
diff --git a/lib/Python/Lib/Crypto/Util/__init__.py b/lib/Python/Lib/Crypto/Util/__init__.py
new file mode 100644
index 000000000..a3bef8aea
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Util/__init__.py
@@ -0,0 +1,37 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Miscellaneous modules
+
+Contains useful modules that don't belong into any of the
+other Crypto.* subpackages.
+
+Crypto.Util.number        Number-theoretic functions (primality testing, etc.)
+Crypto.Util.randpool      Random number generation
+Crypto.Util.RFC1751       Converts between 128-bit keys and human-readable
+                          strings of words.
+Crypto.Util.asn1          Minimal support for ASN.1 DER encoding
+
+"""
+
+__all__ = ['randpool', 'RFC1751', 'number', 'strxor', 'asn1' ]
+
+__revision__ = "$Id$"
+
diff --git a/lib/Python/Lib/Crypto/Util/_number_new.py b/lib/Python/Lib/Crypto/Util/_number_new.py
new file mode 100644
index 000000000..b040025f3
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Util/_number_new.py
@@ -0,0 +1,119 @@
+# -*- coding: ascii -*-
+#
+#  Util/_number_new.py : utility functions
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+## NOTE: Do not import this module directly.  Import these functions from Crypto.Util.number.
+
+__revision__ = "$Id$"
+__all__ = ['ceil_shift', 'ceil_div', 'floor_div', 'exact_log2', 'exact_div']
+
+import sys
+if sys.version_info[0] == 2 and sys.version_info[1] == 1:
+    from Crypto.Util.py21compat import *
+
+def ceil_shift(n, b):
+    """Return ceil(n / 2**b) without performing any floating-point or division operations.
+
+    This is done by right-shifting n by b bits and incrementing the result by 1
+    if any '1' bits were shifted out.
+    """
+    if not isinstance(n, (int, long)) or not isinstance(b, (int, long)):
+        raise TypeError("unsupported operand type(s): %r and %r" % (type(n).__name__, type(b).__name__))
+
+    assert n >= 0 and b >= 0    # I haven't tested or even thought about negative values
+    mask = (1L << b) - 1
+    if n & mask:
+        return (n >> b) + 1
+    else:
+        return n >> b
+
+def ceil_div(a, b):
+    """Return ceil(a / b) without performing any floating-point operations."""
+
+    if not isinstance(a, (int, long)) or not isinstance(b, (int, long)):
+        raise TypeError("unsupported operand type(s): %r and %r" % (type(a).__name__, type(b).__name__))
+
+    (q, r) = divmod(a, b)
+    if r:
+        return q + 1
+    else:
+        return q
+
+def floor_div(a, b):
+    if not isinstance(a, (int, long)) or not isinstance(b, (int, long)):
+        raise TypeError("unsupported operand type(s): %r and %r" % (type(a).__name__, type(b).__name__))
+
+    (q, r) = divmod(a, b)
+    return q
+
+def exact_log2(num):
+    """Find and return an integer i >= 0 such that num == 2**i.
+
+    If no such integer exists, this function raises ValueError.
+    """
+
+    if not isinstance(num, (int, long)):
+        raise TypeError("unsupported operand type: %r" % (type(num).__name__,))
+
+    n = long(num)
+    if n <= 0:
+        raise ValueError("cannot compute logarithm of non-positive number")
+
+    i = 0
+    while n != 0:
+        if (n & 1) and n != 1:
+            raise ValueError("No solution could be found")
+        i += 1
+        n >>= 1
+    i -= 1
+
+    assert num == (1L << i)
+    return i
+
+def exact_div(p, d, allow_divzero=False):
+    """Find and return an integer n such that p == n * d
+
+    If no such integer exists, this function raises ValueError.
+
+    Both operands must be integers.
+
+    If the second operand is zero, this function will raise ZeroDivisionError
+    unless allow_divzero is true (default: False).
+    """
+
+    if not isinstance(p, (int, long)) or not isinstance(d, (int, long)):
+        raise TypeError("unsupported operand type(s): %r and %r" % (type(p).__name__, type(d).__name__))
+
+    if d == 0 and allow_divzero:
+        n = 0
+        if p != n * d:
+            raise ValueError("No solution could be found")
+    else:
+        (n, r) = divmod(p, d)
+        if r != 0:
+            raise ValueError("No solution could be found")
+
+    assert p == n * d
+    return n
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/Util/asn1.py b/lib/Python/Lib/Crypto/Util/asn1.py
new file mode 100644
index 000000000..dd5ec31d4
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Util/asn1.py
@@ -0,0 +1,286 @@
+# -*- coding: ascii -*-
+#
+#  Util/asn1.py : Minimal support for ASN.1 DER binary encoding.
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+from Crypto.Util.number import long_to_bytes, bytes_to_long
+import sys
+from Crypto.Util.py3compat import *
+
+__all__ = [ 'DerObject', 'DerInteger', 'DerOctetString', 'DerNull', 'DerSequence', 'DerObjectId' ]
+
+class DerObject:
+        """Base class for defining a single DER object.
+
+        Instantiate this class ONLY when you have to decode a DER element.
+        """
+
+        # Known TAG types
+        typeTags = { 'SEQUENCE': 0x30, 'BIT STRING': 0x03, 'INTEGER': 0x02,
+                'OCTET STRING': 0x04, 'NULL': 0x05, 'OBJECT IDENTIFIER': 0x06 }
+
+        def __init__(self, ASN1Type=None, payload=b('')):
+                """Initialize the DER object according to a specific type.
+
+                The ASN.1 type is either specified as the ASN.1 string (e.g.
+                'SEQUENCE'), directly with its numerical tag or with no tag
+                at all (None)."""
+                if isInt(ASN1Type) or ASN1Type is None:
+                    self.typeTag = ASN1Type
+                else:
+                    if len(ASN1Type)==1:
+                        self.typeTag = ord(ASN1Type)
+                    else:
+                        self.typeTag = self.typeTags.get(ASN1Type)
+                self.payload = payload
+
+        def isType(self, ASN1Type):
+                return self.typeTags[ASN1Type]==self.typeTag
+
+        def _lengthOctets(self, payloadLen):
+                """Return a byte string that encodes the given payload length (in
+                bytes) in a format suitable for a DER length tag (L).
+                """
+                if payloadLen>127:
+                        encoding = long_to_bytes(payloadLen)
+                        return bchr(len(encoding)+128) + encoding
+                return bchr(payloadLen)
+
+        def encode(self):
+                """Return a complete DER element, fully encoded as a TLV."""
+                return bchr(self.typeTag) + self._lengthOctets(len(self.payload)) + self.payload
+
+        def _decodeLen(self, idx, der):
+                """Given a (part of a) DER element, and an index to the first byte of
+                a DER length tag (L), return a tuple with the payload size,
+                and the index of the first byte of the such payload (V).
+
+                Raises a ValueError exception if the DER length is invalid.
+                Raises an IndexError exception if the DER element is too short.
+                """
+                length = bord(der[idx])
+                if length<=127:
+                        return (length,idx+1)
+                payloadLength = bytes_to_long(der[idx+1:idx+1+(length & 0x7F)])
+                if payloadLength<=127:
+                        raise ValueError("Not a DER length tag.")
+                return (payloadLength, idx+1+(length & 0x7F))
+
+        def decode(self, derEle, noLeftOvers=0):
+                """Decode a complete DER element, and re-initializes this
+                object with it.
+
+                @param derEle       A complete DER element. It must start with a DER T
+                                    tag.
+                @param noLeftOvers  Indicate whether it is acceptable to complete the
+                                    parsing of the DER element and find that not all
+                                    bytes in derEle have been used.
+                @return             Index of the first unused byte in the given DER element.
+
+                Raises a ValueError exception in case of parsing errors.
+                Raises an IndexError exception if the DER element is too short.
+                """
+                try:
+                        self.typeTag = bord(derEle[0])
+                        if (self.typeTag & 0x1F)==0x1F:
+                                raise ValueError("Unsupported DER tag")
+                        (length,idx) = self._decodeLen(1, derEle)
+                        if noLeftOvers and len(derEle) != (idx+length):
+                                raise ValueError("Not a DER structure")
+                        self.payload = derEle[idx:idx+length]
+                except IndexError:
+                        raise ValueError("Not a valid DER SEQUENCE.")
+                return idx+length
+
+class DerInteger(DerObject):
+        def __init__(self, value = 0):
+                """Class to model an INTEGER DER element.
+
+                Limitation: only non-negative values are supported.
+                """
+                DerObject.__init__(self, 'INTEGER')
+                self.value = value
+
+        def encode(self):
+                """Return a complete INTEGER DER element, fully encoded as a TLV."""
+                self.payload = long_to_bytes(self.value)
+                if bord(self.payload[0])>127:
+                        self.payload = bchr(0x00) + self.payload
+                return DerObject.encode(self)
+
+        def decode(self, derEle, noLeftOvers=0):
+                """Decode a complete INTEGER DER element, and re-initializes this
+                object with it.
+
+                @param derEle       A complete INTEGER DER element. It must start with a DER
+                                    INTEGER tag.
+                @param noLeftOvers  Indicate whether it is acceptable to complete the
+                                    parsing of the DER element and find that not all
+                                    bytes in derEle have been used.
+                @return             Index of the first unused byte in the given DER element.
+
+                Raises a ValueError exception if the DER element is not a
+                valid non-negative INTEGER.
+                Raises an IndexError exception if the DER element is too short.
+                """
+                tlvLength = DerObject.decode(self, derEle, noLeftOvers)
+                if self.typeTag!=self.typeTags['INTEGER']:
+                        raise ValueError ("Not a DER INTEGER.")
+                if bord(self.payload[0])>127:
+                        raise ValueError ("Negative INTEGER.")
+                self.value = bytes_to_long(self.payload)
+                return tlvLength
+
+class DerSequence(DerObject):
+        """Class to model a SEQUENCE DER element.
+
+        This object behave like a dynamic Python sequence.
+        Sub-elements that are INTEGERs, look like Python integers.
+        Any other sub-element is a binary string encoded as the complete DER
+        sub-element (TLV).
+        """
+
+        def __init__(self, startSeq=None):
+                """Initialize the SEQUENCE DER object. Always empty
+                initially."""
+                DerObject.__init__(self, 'SEQUENCE')
+                if startSeq==None:
+                    self._seq = []
+                else:
+                    self._seq = startSeq
+
+        ## A few methods to make it behave like a python sequence
+
+        def __delitem__(self, n):
+                del self._seq[n]
+        def __getitem__(self, n):
+                return self._seq[n]
+        def __setitem__(self, key, value):
+                self._seq[key] = value
+        def __setslice__(self,i,j,sequence):
+                self._seq[i:j] = sequence
+        def __delslice__(self,i,j):
+                del self._seq[i:j]
+        def __getslice__(self, i, j):
+                return self._seq[max(0, i):max(0, j)]
+        def __len__(self):
+                return len(self._seq)
+        def append(self, item):
+                return self._seq.append(item)
+
+        def hasInts(self):
+                """Return the number of items in this sequence that are numbers."""
+                return len(filter(isInt, self._seq))
+
+        def hasOnlyInts(self):
+                """Return True if all items in this sequence are numbers."""
+                return self._seq and self.hasInts()==len(self._seq)
+ 
+        def encode(self):
+                """Return the DER encoding for the ASN.1 SEQUENCE, containing
+                the non-negative integers and longs added to this object.
+
+                Limitation: Raises a ValueError exception if it some elements
+                in the sequence are neither Python integers nor complete DER INTEGERs.
+                """
+                self.payload = b('')
+                for item in self._seq:
+                        try:
+                                self.payload += item
+                        except:
+                                try:
+                                        self.payload += DerInteger(item).encode()
+                                except:
+                                        raise ValueError("Trying to DER encode an unknown object")
+                return DerObject.encode(self)
+
+        def decode(self, derEle, noLeftOvers=0):
+                """Decode a complete SEQUENCE DER element, and re-initializes this
+                object with it.
+
+                @param derEle       A complete SEQUENCE DER element. It must start with a DER
+                                    SEQUENCE tag.
+                @param noLeftOvers  Indicate whether it is acceptable to complete the
+                                    parsing of the DER element and find that not all
+                                    bytes in derEle have been used.
+                @return             Index of the first unused byte in the given DER element.
+
+                DER INTEGERs are decoded into Python integers. Any other DER
+                element is not decoded. Its validity is not checked.
+
+                Raises a ValueError exception if the DER element is not a
+                valid DER SEQUENCE.
+                Raises an IndexError exception if the DER element is too short.
+                """
+
+                self._seq = []
+                try:
+                        tlvLength = DerObject.decode(self, derEle, noLeftOvers)
+                        if self.typeTag!=self.typeTags['SEQUENCE']:
+                                raise ValueError("Not a DER SEQUENCE.")
+                        # Scan one TLV at once
+                        idx = 0
+                        while idx<len(self.payload):
+                                typeTag = bord(self.payload[idx])
+                                if typeTag==self.typeTags['INTEGER']:
+                                        newInteger = DerInteger()
+                                        idx += newInteger.decode(self.payload[idx:])
+                                        self._seq.append(newInteger.value)
+                                else:
+                                        itemLen,itemIdx = self._decodeLen(idx+1,self.payload)
+                                        self._seq.append(self.payload[idx:itemIdx+itemLen])
+                                        idx = itemIdx + itemLen
+                except IndexError:
+                        raise ValueError("Not a valid DER SEQUENCE.")
+                return tlvLength
+
+class DerOctetString(DerObject):
+    def __init__(self, value = b('')):
+        DerObject.__init__(self, 'OCTET STRING')
+        self.payload = value
+
+    def decode(self, derEle, noLeftOvers=0):
+        p = DerObject.decode(derEle, noLeftOvers)
+        if not self.isType("OCTET STRING"):
+            raise ValueError("Not a valid OCTET STRING.")
+        return p
+
+class DerNull(DerObject):
+    def __init__(self):
+        DerObject.__init__(self, 'NULL')
+
+class DerObjectId(DerObject):
+    def __init__(self):
+        DerObject.__init__(self, 'OBJECT IDENTIFIER')
+
+    def decode(self, derEle, noLeftOvers=0):
+        p = DerObject.decode(derEle, noLeftOvers)
+        if not self.isType("OBJECT IDENTIFIER"):
+            raise ValueError("Not a valid OBJECT IDENTIFIER.")
+        return p
+
+def isInt(x):
+    test = 0
+    try:
+        test += x
+    except TypeError:
+        return 0
+    return 1
+
diff --git a/lib/Python/Lib/Crypto/Util/number.py b/lib/Python/Lib/Crypto/Util/number.py
new file mode 100644
index 000000000..2b5beb64f
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Util/number.py
@@ -0,0 +1,1456 @@
+#
+#   number.py : Number-theoretic functions
+#
+#  Part of the Python Cryptography Toolkit
+#
+#  Written by Andrew M. Kuchling, Barry A. Warsaw, and others
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+#
+
+__revision__ = "$Id$"
+
+from Crypto.pct_warnings import GetRandomNumber_DeprecationWarning, PowmInsecureWarning
+from warnings import warn as _warn
+import math
+import sys
+from Crypto.Util.py3compat import *
+
+bignum = long
+try:
+    from Crypto.PublicKey import _fastmath
+except ImportError:
+    # For production, we are going to let import issues due to gmp/mpir shared
+    # libraries not loading slide silently and use slowmath. If you'd rather
+    # see an exception raised if _fastmath exists but cannot be imported,
+    # uncomment the below
+    #
+    # from distutils.sysconfig import get_config_var
+    # import inspect, os
+    # _fm_path = os.path.normpath(os.path.dirname(os.path.abspath(
+        # inspect.getfile(inspect.currentframe())))
+        # +"/../../PublicKey/_fastmath"+get_config_var("SO"))
+    # if os.path.exists(_fm_path):
+        # raise ImportError("While the _fastmath module exists, importing "+
+            # "it failed. This may point to the gmp or mpir shared library "+
+            # "not being in the path. _fastmath was found at "+_fm_path)
+    _fastmath = None
+
+# You need libgmp v5 or later to get mpz_powm_sec.  Warn if it's not available.
+if _fastmath is not None and not _fastmath.HAVE_DECL_MPZ_POWM_SEC:
+    _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+
+# New functions
+from _number_new import *
+
+# Commented out and replaced with faster versions below
+## def long2str(n):
+##     s=''
+##     while n>0:
+##         s=chr(n & 255)+s
+##         n=n>>8
+##     return s
+
+## import types
+## def str2long(s):
+##     if type(s)!=types.StringType: return s   # Integers will be left alone
+##     return reduce(lambda x,y : x*256+ord(y), s, 0L)
+
+def size (N):
+    """size(N:long) : int
+    Returns the size of the number N in bits.
+    """
+    bits = 0
+    while N >> bits:
+        bits += 1
+    return bits
+
+def getRandomNumber(N, randfunc=None):
+    """Deprecated.  Use getRandomInteger or getRandomNBitInteger instead."""
+    warnings.warn("Crypto.Util.number.getRandomNumber has confusing semantics"+
+    "and has been deprecated.  Use getRandomInteger or getRandomNBitInteger instead.",
+        GetRandomNumber_DeprecationWarning)
+    return getRandomNBitInteger(N, randfunc)
+
+def getRandomInteger(N, randfunc=None):
+    """getRandomInteger(N:int, randfunc:callable):long
+    Return a random number with at most N bits.
+
+    If randfunc is omitted, then Random.new().read is used.
+
+    This function is for internal use only and may be renamed or removed in
+    the future.
+    """
+    if randfunc is None:
+        _import_Random()
+        randfunc = Random.new().read
+
+    S = randfunc(N>>3)
+    odd_bits = N % 8
+    if odd_bits != 0:
+        char = ord(randfunc(1)) >> (8-odd_bits)
+        S = bchr(char) + S
+    value = bytes_to_long(S)
+    return value
+
+def getRandomRange(a, b, randfunc=None):
+    """getRandomRange(a:int, b:int, randfunc:callable):long
+    Return a random number n so that a <= n < b.
+
+    If randfunc is omitted, then Random.new().read is used.
+
+    This function is for internal use only and may be renamed or removed in
+    the future.
+    """
+    range_ = b - a - 1
+    bits = size(range_)
+    value = getRandomInteger(bits, randfunc)
+    while value > range_:
+        value = getRandomInteger(bits, randfunc)
+    return a + value
+
+def getRandomNBitInteger(N, randfunc=None):
+    """getRandomInteger(N:int, randfunc:callable):long
+    Return a random number with exactly N-bits, i.e. a random number
+    between 2**(N-1) and (2**N)-1.
+
+    If randfunc is omitted, then Random.new().read is used.
+
+    This function is for internal use only and may be renamed or removed in
+    the future.
+    """
+    value = getRandomInteger (N-1, randfunc)
+    value |= 2L ** (N-1)                # Ensure high bit is set
+    assert size(value) >= N
+    return value
+
+def GCD(x,y):
+    """GCD(x:long, y:long): long
+    Return the GCD of x and y.
+    """
+    x = abs(x) ; y = abs(y)
+    while x > 0:
+        x, y = y % x, x
+    return y
+
+def inverse(u, v):
+    """inverse(u:long, v:long):long
+    Return the inverse of u mod v.
+    """
+    u3, v3 = long(u), long(v)
+    u1, v1 = 1L, 0L
+    while v3 > 0:
+        q=divmod(u3, v3)[0]
+        u1, v1 = v1, u1 - v1*q
+        u3, v3 = v3, u3 - v3*q
+    while u1<0:
+        u1 = u1 + v
+    return u1
+
+# Given a number of bits to generate and a random generation function,
+# find a prime number of the appropriate size.
+
+def getPrime(N, randfunc=None):
+    """getPrime(N:int, randfunc:callable):long
+    Return a random N-bit prime number.
+
+    If randfunc is omitted, then Random.new().read is used.
+    """
+    if randfunc is None:
+        _import_Random()
+        randfunc = Random.new().read
+
+    number=getRandomNBitInteger(N, randfunc) | 1
+    while (not isPrime(number, randfunc=randfunc)):
+        number=number+2
+    return number
+
+
+def _rabinMillerTest(n, rounds, randfunc=None):
+    """_rabinMillerTest(n:long, rounds:int, randfunc:callable):int
+    Tests if n is prime.
+    Returns 0 when n is definitly composite.
+    Returns 1 when n is probably prime.
+    Returns 2 when n is definitly prime.
+
+    If randfunc is omitted, then Random.new().read is used.
+
+    This function is for internal use only and may be renamed or removed in
+    the future.
+    """
+    # check special cases (n==2, n even, n < 2)
+    if n < 3 or (n & 1) == 0:
+        return n == 2
+    # n might be very large so it might be beneficial to precalculate n-1
+    n_1 = n - 1
+    # determine m and b so that 2**b * m = n - 1 and b maximal
+    b = 0
+    m = n_1
+    while (m & 1) == 0:
+        b += 1
+        m >>= 1
+
+    tested = []
+    # we need to do at most n-2 rounds.
+    for i in xrange (min (rounds, n-2)):
+        # randomly choose a < n and make sure it hasn't been tested yet
+        a = getRandomRange (2, n, randfunc)
+        while a in tested:
+            a = getRandomRange (2, n, randfunc)
+        tested.append (a)
+        # do the rabin-miller test
+        z = pow (a, m, n) # (a**m) % n
+        if z == 1 or z == n_1:
+            continue
+        composite = 1
+        for r in xrange (b):
+            z = (z * z) % n
+            if z == 1:
+                return 0
+            elif z == n_1:
+                composite = 0
+                break
+        if composite:
+            return 0
+    return 1
+
+def getStrongPrime(N, e=0, false_positive_prob=1e-6, randfunc=None):
+    """getStrongPrime(N:int, e:int, false_positive_prob:float, randfunc:callable):long
+    Return a random strong N-bit prime number.
+    In this context p is a strong prime if p-1 and p+1 have at
+    least one large prime factor.
+    N should be a multiple of 128 and > 512.
+
+    If e is provided the returned prime p-1 will be coprime to e
+    and thus suitable for RSA where e is the public exponent.
+
+    The optional false_positive_prob is the statistical probability
+    that true is returned even though it is not (pseudo-prime).
+    It defaults to 1e-6 (less than 1:1000000).
+    Note that the real probability of a false-positive is far less. This is
+    just the mathematically provable limit.
+
+    randfunc should take a single int parameter and return that
+    many random bytes as a string.
+    If randfunc is omitted, then Random.new().read is used.
+    """
+    # This function was implemented following the
+    # instructions found in the paper:
+    #   "FAST GENERATION OF RANDOM, STRONG RSA PRIMES"
+    #   by Robert D. Silverman
+    #   RSA Laboratories
+    #   May 17, 1997
+    # which by the time of writing could be freely downloaded here:
+    # http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.17.2713&rep=rep1&type=pdf
+
+    # Use the accelerator if available
+    if _fastmath is not None:
+        return _fastmath.getStrongPrime(long(N), long(e), false_positive_prob,
+            randfunc)
+
+    if (N < 512) or ((N % 128) != 0):
+        raise ValueError ("bits must be multiple of 128 and > 512")
+
+    rabin_miller_rounds = int(math.ceil(-math.log(false_positive_prob)/math.log(4)))
+
+    # calculate range for X
+    #   lower_bound = sqrt(2) * 2^{511 + 128*x}
+    #   upper_bound = 2^{512 + 128*x} - 1
+    x = (N - 512) >> 7;
+    # We need to approximate the sqrt(2) in the lower_bound by an integer
+    # expression because floating point math overflows with these numbers
+    lower_bound = divmod(14142135623730950489L * (2L ** (511 + 128*x)),
+                         10000000000000000000L)[0]
+    upper_bound = (1L << (512 + 128*x)) - 1
+    # Randomly choose X in calculated range
+    X = getRandomRange (lower_bound, upper_bound, randfunc)
+
+    # generate p1 and p2
+    p = [0, 0]
+    for i in (0, 1):
+        # randomly choose 101-bit y
+        y = getRandomNBitInteger (101, randfunc)
+        # initialize the field for sieving
+        field = [0] * 5 * len (sieve_base)
+        # sieve the field
+        for prime in sieve_base:
+            offset = y % prime
+            for j in xrange ((prime - offset) % prime, len (field), prime):
+                field[j] = 1
+
+        # look for suitable p[i] starting at y
+        result = 0
+        for j in range(len(field)):
+            composite = field[j]
+            # look for next canidate
+            if composite:
+                continue
+            tmp = y + j
+            result = _rabinMillerTest (tmp, rabin_miller_rounds)
+            if result > 0:
+                p[i] = tmp
+                break
+        if result == 0:
+            raise RuntimeError ("Couln't find prime in field. "
+                                "Developer: Increase field_size")
+
+    # Calculate R
+    #     R = (p2^{-1} mod p1) * p2 - (p1^{-1} mod p2) * p1
+    tmp1 = inverse (p[1], p[0]) * p[1]  # (p2^-1 mod p1)*p2
+    tmp2 = inverse (p[0], p[1]) * p[0]  # (p1^-1 mod p2)*p1
+    R = tmp1 - tmp2 # (p2^-1 mod p1)*p2 - (p1^-1 mod p2)*p1
+
+    # search for final prime number starting by Y0
+    #    Y0 = X + (R - X mod p1p2)
+    increment = p[0] * p[1]
+    X = X + (R - (X % increment))
+    while 1:
+        is_possible_prime = 1
+        # first check candidate against sieve_base
+        for prime in sieve_base:
+            if (X % prime) == 0:
+                is_possible_prime = 0
+                break
+        # if e is given make sure that e and X-1 are coprime
+        # this is not necessarily a strong prime criterion but useful when
+        # creating them for RSA where the p-1 and q-1 should be coprime to
+        # the public exponent e
+        if e and is_possible_prime:
+            if e & 1:
+                if GCD (e, X-1) != 1:
+                    is_possible_prime = 0
+            else:
+                if GCD (e, divmod((X-1),2)[0]) != 1:
+                    is_possible_prime = 0
+
+        # do some Rabin-Miller-Tests
+        if is_possible_prime:
+            result = _rabinMillerTest (X, rabin_miller_rounds)
+            if result > 0:
+                break
+        X += increment
+		# abort when X has more bits than requested
+		# TODO: maybe we shouldn't abort but rather start over.
+        if X >= 1L << N:
+            raise RuntimeError ("Couln't find prime in field. "
+                                "Developer: Increase field_size")
+    return X
+
+def isPrime(N, false_positive_prob=1e-6, randfunc=None):
+    """isPrime(N:long, false_positive_prob:float, randfunc:callable):bool
+    Return true if N is prime.
+
+    The optional false_positive_prob is the statistical probability
+    that true is returned even though it is not (pseudo-prime).
+    It defaults to 1e-6 (less than 1:1000000).
+    Note that the real probability of a false-positive is far less. This is
+    just the mathematically provable limit.
+
+    If randfunc is omitted, then Random.new().read is used.
+    """
+    if _fastmath is not None:
+        return _fastmath.isPrime(long(N), false_positive_prob, randfunc)
+
+    if N < 3 or N & 1 == 0:
+        return N == 2
+    for p in sieve_base:
+        if N == p:
+            return 1
+        if N % p == 0:
+            return 0
+
+    rounds = int(math.ceil(-math.log(false_positive_prob)/math.log(4)))
+    return _rabinMillerTest(N, rounds, randfunc)
+
+
+# Improved conversion functions contributed by Barry Warsaw, after
+# careful benchmarking
+
+import struct
+
+def long_to_bytes(n, blocksize=0):
+    """long_to_bytes(n:long, blocksize:int) : string
+    Convert a long integer to a byte string.
+
+    If optional blocksize is given and greater than zero, pad the front of the
+    byte string with binary zeros so that the length is a multiple of
+    blocksize.
+    """
+    # after much testing, this algorithm was deemed to be the fastest
+    s = b('')
+    n = long(n)
+    pack = struct.pack
+    while n > 0:
+        s = pack('>I', n & 0xffffffffL) + s
+        n = n >> 32
+    # strip off leading zeros
+    for i in range(len(s)):
+        if s[i] != b('\000')[0]:
+            break
+    else:
+        # only happens when n == 0
+        s = b('\000')
+        i = 0
+    s = s[i:]
+    # add back some pad bytes.  this could be done more efficiently w.r.t. the
+    # de-padding being done above, but sigh...
+    if blocksize > 0 and len(s) % blocksize:
+        s = (blocksize - len(s) % blocksize) * b('\000') + s
+    return s
+
+def bytes_to_long(s):
+    """bytes_to_long(string) : long
+    Convert a byte string to a long integer.
+
+    This is (essentially) the inverse of long_to_bytes().
+    """
+    acc = 0L
+    unpack = struct.unpack
+    length = len(s)
+    if length % 4:
+        extra = (4 - length % 4)
+        s = b('\000') * extra + s
+        length = length + extra
+    for i in range(0, length, 4):
+        acc = (acc << 32) + unpack('>I', s[i:i+4])[0]
+    return acc
+
+# For backwards compatibility...
+import warnings
+def long2str(n, blocksize=0):
+    warnings.warn("long2str() has been replaced by long_to_bytes()")
+    return long_to_bytes(n, blocksize)
+def str2long(s):
+    warnings.warn("str2long() has been replaced by bytes_to_long()")
+    return bytes_to_long(s)
+
+def _import_Random():
+    # This is called in a function instead of at the module level in order to
+    # avoid problems with recursive imports
+    global Random, StrongRandom
+    from Crypto import Random
+    from Crypto.Random.random import StrongRandom
+
+
+
+# The first 10000 primes used for checking primality.
+# This should be enough to eliminate most of the odd
+# numbers before needing to do a Rabin-Miller test at all.
+sieve_base = (
+     2,      3,      5,      7,     11,     13,     17,     19,     23,     29,
+    31,     37,     41,     43,     47,     53,     59,     61,     67,     71,
+    73,     79,     83,     89,     97,    101,    103,    107,    109,    113,
+   127,    131,    137,    139,    149,    151,    157,    163,    167,    173,
+   179,    181,    191,    193,    197,    199,    211,    223,    227,    229,
+   233,    239,    241,    251,    257,    263,    269,    271,    277,    281,
+   283,    293,    307,    311,    313,    317,    331,    337,    347,    349,
+   353,    359,    367,    373,    379,    383,    389,    397,    401,    409,
+   419,    421,    431,    433,    439,    443,    449,    457,    461,    463,
+   467,    479,    487,    491,    499,    503,    509,    521,    523,    541,
+   547,    557,    563,    569,    571,    577,    587,    593,    599,    601,
+   607,    613,    617,    619,    631,    641,    643,    647,    653,    659,
+   661,    673,    677,    683,    691,    701,    709,    719,    727,    733,
+   739,    743,    751,    757,    761,    769,    773,    787,    797,    809,
+   811,    821,    823,    827,    829,    839,    853,    857,    859,    863,
+   877,    881,    883,    887,    907,    911,    919,    929,    937,    941,
+   947,    953,    967,    971,    977,    983,    991,    997,   1009,   1013,
+  1019,   1021,   1031,   1033,   1039,   1049,   1051,   1061,   1063,   1069,
+  1087,   1091,   1093,   1097,   1103,   1109,   1117,   1123,   1129,   1151,
+  1153,   1163,   1171,   1181,   1187,   1193,   1201,   1213,   1217,   1223,
+  1229,   1231,   1237,   1249,   1259,   1277,   1279,   1283,   1289,   1291,
+  1297,   1301,   1303,   1307,   1319,   1321,   1327,   1361,   1367,   1373,
+  1381,   1399,   1409,   1423,   1427,   1429,   1433,   1439,   1447,   1451,
+  1453,   1459,   1471,   1481,   1483,   1487,   1489,   1493,   1499,   1511,
+  1523,   1531,   1543,   1549,   1553,   1559,   1567,   1571,   1579,   1583,
+  1597,   1601,   1607,   1609,   1613,   1619,   1621,   1627,   1637,   1657,
+  1663,   1667,   1669,   1693,   1697,   1699,   1709,   1721,   1723,   1733,
+  1741,   1747,   1753,   1759,   1777,   1783,   1787,   1789,   1801,   1811,
+  1823,   1831,   1847,   1861,   1867,   1871,   1873,   1877,   1879,   1889,
+  1901,   1907,   1913,   1931,   1933,   1949,   1951,   1973,   1979,   1987,
+  1993,   1997,   1999,   2003,   2011,   2017,   2027,   2029,   2039,   2053,
+  2063,   2069,   2081,   2083,   2087,   2089,   2099,   2111,   2113,   2129,
+  2131,   2137,   2141,   2143,   2153,   2161,   2179,   2203,   2207,   2213,
+  2221,   2237,   2239,   2243,   2251,   2267,   2269,   2273,   2281,   2287,
+  2293,   2297,   2309,   2311,   2333,   2339,   2341,   2347,   2351,   2357,
+  2371,   2377,   2381,   2383,   2389,   2393,   2399,   2411,   2417,   2423,
+  2437,   2441,   2447,   2459,   2467,   2473,   2477,   2503,   2521,   2531,
+  2539,   2543,   2549,   2551,   2557,   2579,   2591,   2593,   2609,   2617,
+  2621,   2633,   2647,   2657,   2659,   2663,   2671,   2677,   2683,   2687,
+  2689,   2693,   2699,   2707,   2711,   2713,   2719,   2729,   2731,   2741,
+  2749,   2753,   2767,   2777,   2789,   2791,   2797,   2801,   2803,   2819,
+  2833,   2837,   2843,   2851,   2857,   2861,   2879,   2887,   2897,   2903,
+  2909,   2917,   2927,   2939,   2953,   2957,   2963,   2969,   2971,   2999,
+  3001,   3011,   3019,   3023,   3037,   3041,   3049,   3061,   3067,   3079,
+  3083,   3089,   3109,   3119,   3121,   3137,   3163,   3167,   3169,   3181,
+  3187,   3191,   3203,   3209,   3217,   3221,   3229,   3251,   3253,   3257,
+  3259,   3271,   3299,   3301,   3307,   3313,   3319,   3323,   3329,   3331,
+  3343,   3347,   3359,   3361,   3371,   3373,   3389,   3391,   3407,   3413,
+  3433,   3449,   3457,   3461,   3463,   3467,   3469,   3491,   3499,   3511,
+  3517,   3527,   3529,   3533,   3539,   3541,   3547,   3557,   3559,   3571,
+  3581,   3583,   3593,   3607,   3613,   3617,   3623,   3631,   3637,   3643,
+  3659,   3671,   3673,   3677,   3691,   3697,   3701,   3709,   3719,   3727,
+  3733,   3739,   3761,   3767,   3769,   3779,   3793,   3797,   3803,   3821,
+  3823,   3833,   3847,   3851,   3853,   3863,   3877,   3881,   3889,   3907,
+  3911,   3917,   3919,   3923,   3929,   3931,   3943,   3947,   3967,   3989,
+  4001,   4003,   4007,   4013,   4019,   4021,   4027,   4049,   4051,   4057,
+  4073,   4079,   4091,   4093,   4099,   4111,   4127,   4129,   4133,   4139,
+  4153,   4157,   4159,   4177,   4201,   4211,   4217,   4219,   4229,   4231,
+  4241,   4243,   4253,   4259,   4261,   4271,   4273,   4283,   4289,   4297,
+  4327,   4337,   4339,   4349,   4357,   4363,   4373,   4391,   4397,   4409,
+  4421,   4423,   4441,   4447,   4451,   4457,   4463,   4481,   4483,   4493,
+  4507,   4513,   4517,   4519,   4523,   4547,   4549,   4561,   4567,   4583,
+  4591,   4597,   4603,   4621,   4637,   4639,   4643,   4649,   4651,   4657,
+  4663,   4673,   4679,   4691,   4703,   4721,   4723,   4729,   4733,   4751,
+  4759,   4783,   4787,   4789,   4793,   4799,   4801,   4813,   4817,   4831,
+  4861,   4871,   4877,   4889,   4903,   4909,   4919,   4931,   4933,   4937,
+  4943,   4951,   4957,   4967,   4969,   4973,   4987,   4993,   4999,   5003,
+  5009,   5011,   5021,   5023,   5039,   5051,   5059,   5077,   5081,   5087,
+  5099,   5101,   5107,   5113,   5119,   5147,   5153,   5167,   5171,   5179,
+  5189,   5197,   5209,   5227,   5231,   5233,   5237,   5261,   5273,   5279,
+  5281,   5297,   5303,   5309,   5323,   5333,   5347,   5351,   5381,   5387,
+  5393,   5399,   5407,   5413,   5417,   5419,   5431,   5437,   5441,   5443,
+  5449,   5471,   5477,   5479,   5483,   5501,   5503,   5507,   5519,   5521,
+  5527,   5531,   5557,   5563,   5569,   5573,   5581,   5591,   5623,   5639,
+  5641,   5647,   5651,   5653,   5657,   5659,   5669,   5683,   5689,   5693,
+  5701,   5711,   5717,   5737,   5741,   5743,   5749,   5779,   5783,   5791,
+  5801,   5807,   5813,   5821,   5827,   5839,   5843,   5849,   5851,   5857,
+  5861,   5867,   5869,   5879,   5881,   5897,   5903,   5923,   5927,   5939,
+  5953,   5981,   5987,   6007,   6011,   6029,   6037,   6043,   6047,   6053,
+  6067,   6073,   6079,   6089,   6091,   6101,   6113,   6121,   6131,   6133,
+  6143,   6151,   6163,   6173,   6197,   6199,   6203,   6211,   6217,   6221,
+  6229,   6247,   6257,   6263,   6269,   6271,   6277,   6287,   6299,   6301,
+  6311,   6317,   6323,   6329,   6337,   6343,   6353,   6359,   6361,   6367,
+  6373,   6379,   6389,   6397,   6421,   6427,   6449,   6451,   6469,   6473,
+  6481,   6491,   6521,   6529,   6547,   6551,   6553,   6563,   6569,   6571,
+  6577,   6581,   6599,   6607,   6619,   6637,   6653,   6659,   6661,   6673,
+  6679,   6689,   6691,   6701,   6703,   6709,   6719,   6733,   6737,   6761,
+  6763,   6779,   6781,   6791,   6793,   6803,   6823,   6827,   6829,   6833,
+  6841,   6857,   6863,   6869,   6871,   6883,   6899,   6907,   6911,   6917,
+  6947,   6949,   6959,   6961,   6967,   6971,   6977,   6983,   6991,   6997,
+  7001,   7013,   7019,   7027,   7039,   7043,   7057,   7069,   7079,   7103,
+  7109,   7121,   7127,   7129,   7151,   7159,   7177,   7187,   7193,   7207,
+  7211,   7213,   7219,   7229,   7237,   7243,   7247,   7253,   7283,   7297,
+  7307,   7309,   7321,   7331,   7333,   7349,   7351,   7369,   7393,   7411,
+  7417,   7433,   7451,   7457,   7459,   7477,   7481,   7487,   7489,   7499,
+  7507,   7517,   7523,   7529,   7537,   7541,   7547,   7549,   7559,   7561,
+  7573,   7577,   7583,   7589,   7591,   7603,   7607,   7621,   7639,   7643,
+  7649,   7669,   7673,   7681,   7687,   7691,   7699,   7703,   7717,   7723,
+  7727,   7741,   7753,   7757,   7759,   7789,   7793,   7817,   7823,   7829,
+  7841,   7853,   7867,   7873,   7877,   7879,   7883,   7901,   7907,   7919,
+  7927,   7933,   7937,   7949,   7951,   7963,   7993,   8009,   8011,   8017,
+  8039,   8053,   8059,   8069,   8081,   8087,   8089,   8093,   8101,   8111,
+  8117,   8123,   8147,   8161,   8167,   8171,   8179,   8191,   8209,   8219,
+  8221,   8231,   8233,   8237,   8243,   8263,   8269,   8273,   8287,   8291,
+  8293,   8297,   8311,   8317,   8329,   8353,   8363,   8369,   8377,   8387,
+  8389,   8419,   8423,   8429,   8431,   8443,   8447,   8461,   8467,   8501,
+  8513,   8521,   8527,   8537,   8539,   8543,   8563,   8573,   8581,   8597,
+  8599,   8609,   8623,   8627,   8629,   8641,   8647,   8663,   8669,   8677,
+  8681,   8689,   8693,   8699,   8707,   8713,   8719,   8731,   8737,   8741,
+  8747,   8753,   8761,   8779,   8783,   8803,   8807,   8819,   8821,   8831,
+  8837,   8839,   8849,   8861,   8863,   8867,   8887,   8893,   8923,   8929,
+  8933,   8941,   8951,   8963,   8969,   8971,   8999,   9001,   9007,   9011,
+  9013,   9029,   9041,   9043,   9049,   9059,   9067,   9091,   9103,   9109,
+  9127,   9133,   9137,   9151,   9157,   9161,   9173,   9181,   9187,   9199,
+  9203,   9209,   9221,   9227,   9239,   9241,   9257,   9277,   9281,   9283,
+  9293,   9311,   9319,   9323,   9337,   9341,   9343,   9349,   9371,   9377,
+  9391,   9397,   9403,   9413,   9419,   9421,   9431,   9433,   9437,   9439,
+  9461,   9463,   9467,   9473,   9479,   9491,   9497,   9511,   9521,   9533,
+  9539,   9547,   9551,   9587,   9601,   9613,   9619,   9623,   9629,   9631,
+  9643,   9649,   9661,   9677,   9679,   9689,   9697,   9719,   9721,   9733,
+  9739,   9743,   9749,   9767,   9769,   9781,   9787,   9791,   9803,   9811,
+  9817,   9829,   9833,   9839,   9851,   9857,   9859,   9871,   9883,   9887,
+  9901,   9907,   9923,   9929,   9931,   9941,   9949,   9967,   9973,  10007,
+ 10009,  10037,  10039,  10061,  10067,  10069,  10079,  10091,  10093,  10099,
+ 10103,  10111,  10133,  10139,  10141,  10151,  10159,  10163,  10169,  10177,
+ 10181,  10193,  10211,  10223,  10243,  10247,  10253,  10259,  10267,  10271,
+ 10273,  10289,  10301,  10303,  10313,  10321,  10331,  10333,  10337,  10343,
+ 10357,  10369,  10391,  10399,  10427,  10429,  10433,  10453,  10457,  10459,
+ 10463,  10477,  10487,  10499,  10501,  10513,  10529,  10531,  10559,  10567,
+ 10589,  10597,  10601,  10607,  10613,  10627,  10631,  10639,  10651,  10657,
+ 10663,  10667,  10687,  10691,  10709,  10711,  10723,  10729,  10733,  10739,
+ 10753,  10771,  10781,  10789,  10799,  10831,  10837,  10847,  10853,  10859,
+ 10861,  10867,  10883,  10889,  10891,  10903,  10909,  10937,  10939,  10949,
+ 10957,  10973,  10979,  10987,  10993,  11003,  11027,  11047,  11057,  11059,
+ 11069,  11071,  11083,  11087,  11093,  11113,  11117,  11119,  11131,  11149,
+ 11159,  11161,  11171,  11173,  11177,  11197,  11213,  11239,  11243,  11251,
+ 11257,  11261,  11273,  11279,  11287,  11299,  11311,  11317,  11321,  11329,
+ 11351,  11353,  11369,  11383,  11393,  11399,  11411,  11423,  11437,  11443,
+ 11447,  11467,  11471,  11483,  11489,  11491,  11497,  11503,  11519,  11527,
+ 11549,  11551,  11579,  11587,  11593,  11597,  11617,  11621,  11633,  11657,
+ 11677,  11681,  11689,  11699,  11701,  11717,  11719,  11731,  11743,  11777,
+ 11779,  11783,  11789,  11801,  11807,  11813,  11821,  11827,  11831,  11833,
+ 11839,  11863,  11867,  11887,  11897,  11903,  11909,  11923,  11927,  11933,
+ 11939,  11941,  11953,  11959,  11969,  11971,  11981,  11987,  12007,  12011,
+ 12037,  12041,  12043,  12049,  12071,  12073,  12097,  12101,  12107,  12109,
+ 12113,  12119,  12143,  12149,  12157,  12161,  12163,  12197,  12203,  12211,
+ 12227,  12239,  12241,  12251,  12253,  12263,  12269,  12277,  12281,  12289,
+ 12301,  12323,  12329,  12343,  12347,  12373,  12377,  12379,  12391,  12401,
+ 12409,  12413,  12421,  12433,  12437,  12451,  12457,  12473,  12479,  12487,
+ 12491,  12497,  12503,  12511,  12517,  12527,  12539,  12541,  12547,  12553,
+ 12569,  12577,  12583,  12589,  12601,  12611,  12613,  12619,  12637,  12641,
+ 12647,  12653,  12659,  12671,  12689,  12697,  12703,  12713,  12721,  12739,
+ 12743,  12757,  12763,  12781,  12791,  12799,  12809,  12821,  12823,  12829,
+ 12841,  12853,  12889,  12893,  12899,  12907,  12911,  12917,  12919,  12923,
+ 12941,  12953,  12959,  12967,  12973,  12979,  12983,  13001,  13003,  13007,
+ 13009,  13033,  13037,  13043,  13049,  13063,  13093,  13099,  13103,  13109,
+ 13121,  13127,  13147,  13151,  13159,  13163,  13171,  13177,  13183,  13187,
+ 13217,  13219,  13229,  13241,  13249,  13259,  13267,  13291,  13297,  13309,
+ 13313,  13327,  13331,  13337,  13339,  13367,  13381,  13397,  13399,  13411,
+ 13417,  13421,  13441,  13451,  13457,  13463,  13469,  13477,  13487,  13499,
+ 13513,  13523,  13537,  13553,  13567,  13577,  13591,  13597,  13613,  13619,
+ 13627,  13633,  13649,  13669,  13679,  13681,  13687,  13691,  13693,  13697,
+ 13709,  13711,  13721,  13723,  13729,  13751,  13757,  13759,  13763,  13781,
+ 13789,  13799,  13807,  13829,  13831,  13841,  13859,  13873,  13877,  13879,
+ 13883,  13901,  13903,  13907,  13913,  13921,  13931,  13933,  13963,  13967,
+ 13997,  13999,  14009,  14011,  14029,  14033,  14051,  14057,  14071,  14081,
+ 14083,  14087,  14107,  14143,  14149,  14153,  14159,  14173,  14177,  14197,
+ 14207,  14221,  14243,  14249,  14251,  14281,  14293,  14303,  14321,  14323,
+ 14327,  14341,  14347,  14369,  14387,  14389,  14401,  14407,  14411,  14419,
+ 14423,  14431,  14437,  14447,  14449,  14461,  14479,  14489,  14503,  14519,
+ 14533,  14537,  14543,  14549,  14551,  14557,  14561,  14563,  14591,  14593,
+ 14621,  14627,  14629,  14633,  14639,  14653,  14657,  14669,  14683,  14699,
+ 14713,  14717,  14723,  14731,  14737,  14741,  14747,  14753,  14759,  14767,
+ 14771,  14779,  14783,  14797,  14813,  14821,  14827,  14831,  14843,  14851,
+ 14867,  14869,  14879,  14887,  14891,  14897,  14923,  14929,  14939,  14947,
+ 14951,  14957,  14969,  14983,  15013,  15017,  15031,  15053,  15061,  15073,
+ 15077,  15083,  15091,  15101,  15107,  15121,  15131,  15137,  15139,  15149,
+ 15161,  15173,  15187,  15193,  15199,  15217,  15227,  15233,  15241,  15259,
+ 15263,  15269,  15271,  15277,  15287,  15289,  15299,  15307,  15313,  15319,
+ 15329,  15331,  15349,  15359,  15361,  15373,  15377,  15383,  15391,  15401,
+ 15413,  15427,  15439,  15443,  15451,  15461,  15467,  15473,  15493,  15497,
+ 15511,  15527,  15541,  15551,  15559,  15569,  15581,  15583,  15601,  15607,
+ 15619,  15629,  15641,  15643,  15647,  15649,  15661,  15667,  15671,  15679,
+ 15683,  15727,  15731,  15733,  15737,  15739,  15749,  15761,  15767,  15773,
+ 15787,  15791,  15797,  15803,  15809,  15817,  15823,  15859,  15877,  15881,
+ 15887,  15889,  15901,  15907,  15913,  15919,  15923,  15937,  15959,  15971,
+ 15973,  15991,  16001,  16007,  16033,  16057,  16061,  16063,  16067,  16069,
+ 16073,  16087,  16091,  16097,  16103,  16111,  16127,  16139,  16141,  16183,
+ 16187,  16189,  16193,  16217,  16223,  16229,  16231,  16249,  16253,  16267,
+ 16273,  16301,  16319,  16333,  16339,  16349,  16361,  16363,  16369,  16381,
+ 16411,  16417,  16421,  16427,  16433,  16447,  16451,  16453,  16477,  16481,
+ 16487,  16493,  16519,  16529,  16547,  16553,  16561,  16567,  16573,  16603,
+ 16607,  16619,  16631,  16633,  16649,  16651,  16657,  16661,  16673,  16691,
+ 16693,  16699,  16703,  16729,  16741,  16747,  16759,  16763,  16787,  16811,
+ 16823,  16829,  16831,  16843,  16871,  16879,  16883,  16889,  16901,  16903,
+ 16921,  16927,  16931,  16937,  16943,  16963,  16979,  16981,  16987,  16993,
+ 17011,  17021,  17027,  17029,  17033,  17041,  17047,  17053,  17077,  17093,
+ 17099,  17107,  17117,  17123,  17137,  17159,  17167,  17183,  17189,  17191,
+ 17203,  17207,  17209,  17231,  17239,  17257,  17291,  17293,  17299,  17317,
+ 17321,  17327,  17333,  17341,  17351,  17359,  17377,  17383,  17387,  17389,
+ 17393,  17401,  17417,  17419,  17431,  17443,  17449,  17467,  17471,  17477,
+ 17483,  17489,  17491,  17497,  17509,  17519,  17539,  17551,  17569,  17573,
+ 17579,  17581,  17597,  17599,  17609,  17623,  17627,  17657,  17659,  17669,
+ 17681,  17683,  17707,  17713,  17729,  17737,  17747,  17749,  17761,  17783,
+ 17789,  17791,  17807,  17827,  17837,  17839,  17851,  17863,  17881,  17891,
+ 17903,  17909,  17911,  17921,  17923,  17929,  17939,  17957,  17959,  17971,
+ 17977,  17981,  17987,  17989,  18013,  18041,  18043,  18047,  18049,  18059,
+ 18061,  18077,  18089,  18097,  18119,  18121,  18127,  18131,  18133,  18143,
+ 18149,  18169,  18181,  18191,  18199,  18211,  18217,  18223,  18229,  18233,
+ 18251,  18253,  18257,  18269,  18287,  18289,  18301,  18307,  18311,  18313,
+ 18329,  18341,  18353,  18367,  18371,  18379,  18397,  18401,  18413,  18427,
+ 18433,  18439,  18443,  18451,  18457,  18461,  18481,  18493,  18503,  18517,
+ 18521,  18523,  18539,  18541,  18553,  18583,  18587,  18593,  18617,  18637,
+ 18661,  18671,  18679,  18691,  18701,  18713,  18719,  18731,  18743,  18749,
+ 18757,  18773,  18787,  18793,  18797,  18803,  18839,  18859,  18869,  18899,
+ 18911,  18913,  18917,  18919,  18947,  18959,  18973,  18979,  19001,  19009,
+ 19013,  19031,  19037,  19051,  19069,  19073,  19079,  19081,  19087,  19121,
+ 19139,  19141,  19157,  19163,  19181,  19183,  19207,  19211,  19213,  19219,
+ 19231,  19237,  19249,  19259,  19267,  19273,  19289,  19301,  19309,  19319,
+ 19333,  19373,  19379,  19381,  19387,  19391,  19403,  19417,  19421,  19423,
+ 19427,  19429,  19433,  19441,  19447,  19457,  19463,  19469,  19471,  19477,
+ 19483,  19489,  19501,  19507,  19531,  19541,  19543,  19553,  19559,  19571,
+ 19577,  19583,  19597,  19603,  19609,  19661,  19681,  19687,  19697,  19699,
+ 19709,  19717,  19727,  19739,  19751,  19753,  19759,  19763,  19777,  19793,
+ 19801,  19813,  19819,  19841,  19843,  19853,  19861,  19867,  19889,  19891,
+ 19913,  19919,  19927,  19937,  19949,  19961,  19963,  19973,  19979,  19991,
+ 19993,  19997,  20011,  20021,  20023,  20029,  20047,  20051,  20063,  20071,
+ 20089,  20101,  20107,  20113,  20117,  20123,  20129,  20143,  20147,  20149,
+ 20161,  20173,  20177,  20183,  20201,  20219,  20231,  20233,  20249,  20261,
+ 20269,  20287,  20297,  20323,  20327,  20333,  20341,  20347,  20353,  20357,
+ 20359,  20369,  20389,  20393,  20399,  20407,  20411,  20431,  20441,  20443,
+ 20477,  20479,  20483,  20507,  20509,  20521,  20533,  20543,  20549,  20551,
+ 20563,  20593,  20599,  20611,  20627,  20639,  20641,  20663,  20681,  20693,
+ 20707,  20717,  20719,  20731,  20743,  20747,  20749,  20753,  20759,  20771,
+ 20773,  20789,  20807,  20809,  20849,  20857,  20873,  20879,  20887,  20897,
+ 20899,  20903,  20921,  20929,  20939,  20947,  20959,  20963,  20981,  20983,
+ 21001,  21011,  21013,  21017,  21019,  21023,  21031,  21059,  21061,  21067,
+ 21089,  21101,  21107,  21121,  21139,  21143,  21149,  21157,  21163,  21169,
+ 21179,  21187,  21191,  21193,  21211,  21221,  21227,  21247,  21269,  21277,
+ 21283,  21313,  21317,  21319,  21323,  21341,  21347,  21377,  21379,  21383,
+ 21391,  21397,  21401,  21407,  21419,  21433,  21467,  21481,  21487,  21491,
+ 21493,  21499,  21503,  21517,  21521,  21523,  21529,  21557,  21559,  21563,
+ 21569,  21577,  21587,  21589,  21599,  21601,  21611,  21613,  21617,  21647,
+ 21649,  21661,  21673,  21683,  21701,  21713,  21727,  21737,  21739,  21751,
+ 21757,  21767,  21773,  21787,  21799,  21803,  21817,  21821,  21839,  21841,
+ 21851,  21859,  21863,  21871,  21881,  21893,  21911,  21929,  21937,  21943,
+ 21961,  21977,  21991,  21997,  22003,  22013,  22027,  22031,  22037,  22039,
+ 22051,  22063,  22067,  22073,  22079,  22091,  22093,  22109,  22111,  22123,
+ 22129,  22133,  22147,  22153,  22157,  22159,  22171,  22189,  22193,  22229,
+ 22247,  22259,  22271,  22273,  22277,  22279,  22283,  22291,  22303,  22307,
+ 22343,  22349,  22367,  22369,  22381,  22391,  22397,  22409,  22433,  22441,
+ 22447,  22453,  22469,  22481,  22483,  22501,  22511,  22531,  22541,  22543,
+ 22549,  22567,  22571,  22573,  22613,  22619,  22621,  22637,  22639,  22643,
+ 22651,  22669,  22679,  22691,  22697,  22699,  22709,  22717,  22721,  22727,
+ 22739,  22741,  22751,  22769,  22777,  22783,  22787,  22807,  22811,  22817,
+ 22853,  22859,  22861,  22871,  22877,  22901,  22907,  22921,  22937,  22943,
+ 22961,  22963,  22973,  22993,  23003,  23011,  23017,  23021,  23027,  23029,
+ 23039,  23041,  23053,  23057,  23059,  23063,  23071,  23081,  23087,  23099,
+ 23117,  23131,  23143,  23159,  23167,  23173,  23189,  23197,  23201,  23203,
+ 23209,  23227,  23251,  23269,  23279,  23291,  23293,  23297,  23311,  23321,
+ 23327,  23333,  23339,  23357,  23369,  23371,  23399,  23417,  23431,  23447,
+ 23459,  23473,  23497,  23509,  23531,  23537,  23539,  23549,  23557,  23561,
+ 23563,  23567,  23581,  23593,  23599,  23603,  23609,  23623,  23627,  23629,
+ 23633,  23663,  23669,  23671,  23677,  23687,  23689,  23719,  23741,  23743,
+ 23747,  23753,  23761,  23767,  23773,  23789,  23801,  23813,  23819,  23827,
+ 23831,  23833,  23857,  23869,  23873,  23879,  23887,  23893,  23899,  23909,
+ 23911,  23917,  23929,  23957,  23971,  23977,  23981,  23993,  24001,  24007,
+ 24019,  24023,  24029,  24043,  24049,  24061,  24071,  24077,  24083,  24091,
+ 24097,  24103,  24107,  24109,  24113,  24121,  24133,  24137,  24151,  24169,
+ 24179,  24181,  24197,  24203,  24223,  24229,  24239,  24247,  24251,  24281,
+ 24317,  24329,  24337,  24359,  24371,  24373,  24379,  24391,  24407,  24413,
+ 24419,  24421,  24439,  24443,  24469,  24473,  24481,  24499,  24509,  24517,
+ 24527,  24533,  24547,  24551,  24571,  24593,  24611,  24623,  24631,  24659,
+ 24671,  24677,  24683,  24691,  24697,  24709,  24733,  24749,  24763,  24767,
+ 24781,  24793,  24799,  24809,  24821,  24841,  24847,  24851,  24859,  24877,
+ 24889,  24907,  24917,  24919,  24923,  24943,  24953,  24967,  24971,  24977,
+ 24979,  24989,  25013,  25031,  25033,  25037,  25057,  25073,  25087,  25097,
+ 25111,  25117,  25121,  25127,  25147,  25153,  25163,  25169,  25171,  25183,
+ 25189,  25219,  25229,  25237,  25243,  25247,  25253,  25261,  25301,  25303,
+ 25307,  25309,  25321,  25339,  25343,  25349,  25357,  25367,  25373,  25391,
+ 25409,  25411,  25423,  25439,  25447,  25453,  25457,  25463,  25469,  25471,
+ 25523,  25537,  25541,  25561,  25577,  25579,  25583,  25589,  25601,  25603,
+ 25609,  25621,  25633,  25639,  25643,  25657,  25667,  25673,  25679,  25693,
+ 25703,  25717,  25733,  25741,  25747,  25759,  25763,  25771,  25793,  25799,
+ 25801,  25819,  25841,  25847,  25849,  25867,  25873,  25889,  25903,  25913,
+ 25919,  25931,  25933,  25939,  25943,  25951,  25969,  25981,  25997,  25999,
+ 26003,  26017,  26021,  26029,  26041,  26053,  26083,  26099,  26107,  26111,
+ 26113,  26119,  26141,  26153,  26161,  26171,  26177,  26183,  26189,  26203,
+ 26209,  26227,  26237,  26249,  26251,  26261,  26263,  26267,  26293,  26297,
+ 26309,  26317,  26321,  26339,  26347,  26357,  26371,  26387,  26393,  26399,
+ 26407,  26417,  26423,  26431,  26437,  26449,  26459,  26479,  26489,  26497,
+ 26501,  26513,  26539,  26557,  26561,  26573,  26591,  26597,  26627,  26633,
+ 26641,  26647,  26669,  26681,  26683,  26687,  26693,  26699,  26701,  26711,
+ 26713,  26717,  26723,  26729,  26731,  26737,  26759,  26777,  26783,  26801,
+ 26813,  26821,  26833,  26839,  26849,  26861,  26863,  26879,  26881,  26891,
+ 26893,  26903,  26921,  26927,  26947,  26951,  26953,  26959,  26981,  26987,
+ 26993,  27011,  27017,  27031,  27043,  27059,  27061,  27067,  27073,  27077,
+ 27091,  27103,  27107,  27109,  27127,  27143,  27179,  27191,  27197,  27211,
+ 27239,  27241,  27253,  27259,  27271,  27277,  27281,  27283,  27299,  27329,
+ 27337,  27361,  27367,  27397,  27407,  27409,  27427,  27431,  27437,  27449,
+ 27457,  27479,  27481,  27487,  27509,  27527,  27529,  27539,  27541,  27551,
+ 27581,  27583,  27611,  27617,  27631,  27647,  27653,  27673,  27689,  27691,
+ 27697,  27701,  27733,  27737,  27739,  27743,  27749,  27751,  27763,  27767,
+ 27773,  27779,  27791,  27793,  27799,  27803,  27809,  27817,  27823,  27827,
+ 27847,  27851,  27883,  27893,  27901,  27917,  27919,  27941,  27943,  27947,
+ 27953,  27961,  27967,  27983,  27997,  28001,  28019,  28027,  28031,  28051,
+ 28057,  28069,  28081,  28087,  28097,  28099,  28109,  28111,  28123,  28151,
+ 28163,  28181,  28183,  28201,  28211,  28219,  28229,  28277,  28279,  28283,
+ 28289,  28297,  28307,  28309,  28319,  28349,  28351,  28387,  28393,  28403,
+ 28409,  28411,  28429,  28433,  28439,  28447,  28463,  28477,  28493,  28499,
+ 28513,  28517,  28537,  28541,  28547,  28549,  28559,  28571,  28573,  28579,
+ 28591,  28597,  28603,  28607,  28619,  28621,  28627,  28631,  28643,  28649,
+ 28657,  28661,  28663,  28669,  28687,  28697,  28703,  28711,  28723,  28729,
+ 28751,  28753,  28759,  28771,  28789,  28793,  28807,  28813,  28817,  28837,
+ 28843,  28859,  28867,  28871,  28879,  28901,  28909,  28921,  28927,  28933,
+ 28949,  28961,  28979,  29009,  29017,  29021,  29023,  29027,  29033,  29059,
+ 29063,  29077,  29101,  29123,  29129,  29131,  29137,  29147,  29153,  29167,
+ 29173,  29179,  29191,  29201,  29207,  29209,  29221,  29231,  29243,  29251,
+ 29269,  29287,  29297,  29303,  29311,  29327,  29333,  29339,  29347,  29363,
+ 29383,  29387,  29389,  29399,  29401,  29411,  29423,  29429,  29437,  29443,
+ 29453,  29473,  29483,  29501,  29527,  29531,  29537,  29567,  29569,  29573,
+ 29581,  29587,  29599,  29611,  29629,  29633,  29641,  29663,  29669,  29671,
+ 29683,  29717,  29723,  29741,  29753,  29759,  29761,  29789,  29803,  29819,
+ 29833,  29837,  29851,  29863,  29867,  29873,  29879,  29881,  29917,  29921,
+ 29927,  29947,  29959,  29983,  29989,  30011,  30013,  30029,  30047,  30059,
+ 30071,  30089,  30091,  30097,  30103,  30109,  30113,  30119,  30133,  30137,
+ 30139,  30161,  30169,  30181,  30187,  30197,  30203,  30211,  30223,  30241,
+ 30253,  30259,  30269,  30271,  30293,  30307,  30313,  30319,  30323,  30341,
+ 30347,  30367,  30389,  30391,  30403,  30427,  30431,  30449,  30467,  30469,
+ 30491,  30493,  30497,  30509,  30517,  30529,  30539,  30553,  30557,  30559,
+ 30577,  30593,  30631,  30637,  30643,  30649,  30661,  30671,  30677,  30689,
+ 30697,  30703,  30707,  30713,  30727,  30757,  30763,  30773,  30781,  30803,
+ 30809,  30817,  30829,  30839,  30841,  30851,  30853,  30859,  30869,  30871,
+ 30881,  30893,  30911,  30931,  30937,  30941,  30949,  30971,  30977,  30983,
+ 31013,  31019,  31033,  31039,  31051,  31063,  31069,  31079,  31081,  31091,
+ 31121,  31123,  31139,  31147,  31151,  31153,  31159,  31177,  31181,  31183,
+ 31189,  31193,  31219,  31223,  31231,  31237,  31247,  31249,  31253,  31259,
+ 31267,  31271,  31277,  31307,  31319,  31321,  31327,  31333,  31337,  31357,
+ 31379,  31387,  31391,  31393,  31397,  31469,  31477,  31481,  31489,  31511,
+ 31513,  31517,  31531,  31541,  31543,  31547,  31567,  31573,  31583,  31601,
+ 31607,  31627,  31643,  31649,  31657,  31663,  31667,  31687,  31699,  31721,
+ 31723,  31727,  31729,  31741,  31751,  31769,  31771,  31793,  31799,  31817,
+ 31847,  31849,  31859,  31873,  31883,  31891,  31907,  31957,  31963,  31973,
+ 31981,  31991,  32003,  32009,  32027,  32029,  32051,  32057,  32059,  32063,
+ 32069,  32077,  32083,  32089,  32099,  32117,  32119,  32141,  32143,  32159,
+ 32173,  32183,  32189,  32191,  32203,  32213,  32233,  32237,  32251,  32257,
+ 32261,  32297,  32299,  32303,  32309,  32321,  32323,  32327,  32341,  32353,
+ 32359,  32363,  32369,  32371,  32377,  32381,  32401,  32411,  32413,  32423,
+ 32429,  32441,  32443,  32467,  32479,  32491,  32497,  32503,  32507,  32531,
+ 32533,  32537,  32561,  32563,  32569,  32573,  32579,  32587,  32603,  32609,
+ 32611,  32621,  32633,  32647,  32653,  32687,  32693,  32707,  32713,  32717,
+ 32719,  32749,  32771,  32779,  32783,  32789,  32797,  32801,  32803,  32831,
+ 32833,  32839,  32843,  32869,  32887,  32909,  32911,  32917,  32933,  32939,
+ 32941,  32957,  32969,  32971,  32983,  32987,  32993,  32999,  33013,  33023,
+ 33029,  33037,  33049,  33053,  33071,  33073,  33083,  33091,  33107,  33113,
+ 33119,  33149,  33151,  33161,  33179,  33181,  33191,  33199,  33203,  33211,
+ 33223,  33247,  33287,  33289,  33301,  33311,  33317,  33329,  33331,  33343,
+ 33347,  33349,  33353,  33359,  33377,  33391,  33403,  33409,  33413,  33427,
+ 33457,  33461,  33469,  33479,  33487,  33493,  33503,  33521,  33529,  33533,
+ 33547,  33563,  33569,  33577,  33581,  33587,  33589,  33599,  33601,  33613,
+ 33617,  33619,  33623,  33629,  33637,  33641,  33647,  33679,  33703,  33713,
+ 33721,  33739,  33749,  33751,  33757,  33767,  33769,  33773,  33791,  33797,
+ 33809,  33811,  33827,  33829,  33851,  33857,  33863,  33871,  33889,  33893,
+ 33911,  33923,  33931,  33937,  33941,  33961,  33967,  33997,  34019,  34031,
+ 34033,  34039,  34057,  34061,  34123,  34127,  34129,  34141,  34147,  34157,
+ 34159,  34171,  34183,  34211,  34213,  34217,  34231,  34253,  34259,  34261,
+ 34267,  34273,  34283,  34297,  34301,  34303,  34313,  34319,  34327,  34337,
+ 34351,  34361,  34367,  34369,  34381,  34403,  34421,  34429,  34439,  34457,
+ 34469,  34471,  34483,  34487,  34499,  34501,  34511,  34513,  34519,  34537,
+ 34543,  34549,  34583,  34589,  34591,  34603,  34607,  34613,  34631,  34649,
+ 34651,  34667,  34673,  34679,  34687,  34693,  34703,  34721,  34729,  34739,
+ 34747,  34757,  34759,  34763,  34781,  34807,  34819,  34841,  34843,  34847,
+ 34849,  34871,  34877,  34883,  34897,  34913,  34919,  34939,  34949,  34961,
+ 34963,  34981,  35023,  35027,  35051,  35053,  35059,  35069,  35081,  35083,
+ 35089,  35099,  35107,  35111,  35117,  35129,  35141,  35149,  35153,  35159,
+ 35171,  35201,  35221,  35227,  35251,  35257,  35267,  35279,  35281,  35291,
+ 35311,  35317,  35323,  35327,  35339,  35353,  35363,  35381,  35393,  35401,
+ 35407,  35419,  35423,  35437,  35447,  35449,  35461,  35491,  35507,  35509,
+ 35521,  35527,  35531,  35533,  35537,  35543,  35569,  35573,  35591,  35593,
+ 35597,  35603,  35617,  35671,  35677,  35729,  35731,  35747,  35753,  35759,
+ 35771,  35797,  35801,  35803,  35809,  35831,  35837,  35839,  35851,  35863,
+ 35869,  35879,  35897,  35899,  35911,  35923,  35933,  35951,  35963,  35969,
+ 35977,  35983,  35993,  35999,  36007,  36011,  36013,  36017,  36037,  36061,
+ 36067,  36073,  36083,  36097,  36107,  36109,  36131,  36137,  36151,  36161,
+ 36187,  36191,  36209,  36217,  36229,  36241,  36251,  36263,  36269,  36277,
+ 36293,  36299,  36307,  36313,  36319,  36341,  36343,  36353,  36373,  36383,
+ 36389,  36433,  36451,  36457,  36467,  36469,  36473,  36479,  36493,  36497,
+ 36523,  36527,  36529,  36541,  36551,  36559,  36563,  36571,  36583,  36587,
+ 36599,  36607,  36629,  36637,  36643,  36653,  36671,  36677,  36683,  36691,
+ 36697,  36709,  36713,  36721,  36739,  36749,  36761,  36767,  36779,  36781,
+ 36787,  36791,  36793,  36809,  36821,  36833,  36847,  36857,  36871,  36877,
+ 36887,  36899,  36901,  36913,  36919,  36923,  36929,  36931,  36943,  36947,
+ 36973,  36979,  36997,  37003,  37013,  37019,  37021,  37039,  37049,  37057,
+ 37061,  37087,  37097,  37117,  37123,  37139,  37159,  37171,  37181,  37189,
+ 37199,  37201,  37217,  37223,  37243,  37253,  37273,  37277,  37307,  37309,
+ 37313,  37321,  37337,  37339,  37357,  37361,  37363,  37369,  37379,  37397,
+ 37409,  37423,  37441,  37447,  37463,  37483,  37489,  37493,  37501,  37507,
+ 37511,  37517,  37529,  37537,  37547,  37549,  37561,  37567,  37571,  37573,
+ 37579,  37589,  37591,  37607,  37619,  37633,  37643,  37649,  37657,  37663,
+ 37691,  37693,  37699,  37717,  37747,  37781,  37783,  37799,  37811,  37813,
+ 37831,  37847,  37853,  37861,  37871,  37879,  37889,  37897,  37907,  37951,
+ 37957,  37963,  37967,  37987,  37991,  37993,  37997,  38011,  38039,  38047,
+ 38053,  38069,  38083,  38113,  38119,  38149,  38153,  38167,  38177,  38183,
+ 38189,  38197,  38201,  38219,  38231,  38237,  38239,  38261,  38273,  38281,
+ 38287,  38299,  38303,  38317,  38321,  38327,  38329,  38333,  38351,  38371,
+ 38377,  38393,  38431,  38447,  38449,  38453,  38459,  38461,  38501,  38543,
+ 38557,  38561,  38567,  38569,  38593,  38603,  38609,  38611,  38629,  38639,
+ 38651,  38653,  38669,  38671,  38677,  38693,  38699,  38707,  38711,  38713,
+ 38723,  38729,  38737,  38747,  38749,  38767,  38783,  38791,  38803,  38821,
+ 38833,  38839,  38851,  38861,  38867,  38873,  38891,  38903,  38917,  38921,
+ 38923,  38933,  38953,  38959,  38971,  38977,  38993,  39019,  39023,  39041,
+ 39043,  39047,  39079,  39089,  39097,  39103,  39107,  39113,  39119,  39133,
+ 39139,  39157,  39161,  39163,  39181,  39191,  39199,  39209,  39217,  39227,
+ 39229,  39233,  39239,  39241,  39251,  39293,  39301,  39313,  39317,  39323,
+ 39341,  39343,  39359,  39367,  39371,  39373,  39383,  39397,  39409,  39419,
+ 39439,  39443,  39451,  39461,  39499,  39503,  39509,  39511,  39521,  39541,
+ 39551,  39563,  39569,  39581,  39607,  39619,  39623,  39631,  39659,  39667,
+ 39671,  39679,  39703,  39709,  39719,  39727,  39733,  39749,  39761,  39769,
+ 39779,  39791,  39799,  39821,  39827,  39829,  39839,  39841,  39847,  39857,
+ 39863,  39869,  39877,  39883,  39887,  39901,  39929,  39937,  39953,  39971,
+ 39979,  39983,  39989,  40009,  40013,  40031,  40037,  40039,  40063,  40087,
+ 40093,  40099,  40111,  40123,  40127,  40129,  40151,  40153,  40163,  40169,
+ 40177,  40189,  40193,  40213,  40231,  40237,  40241,  40253,  40277,  40283,
+ 40289,  40343,  40351,  40357,  40361,  40387,  40423,  40427,  40429,  40433,
+ 40459,  40471,  40483,  40487,  40493,  40499,  40507,  40519,  40529,  40531,
+ 40543,  40559,  40577,  40583,  40591,  40597,  40609,  40627,  40637,  40639,
+ 40693,  40697,  40699,  40709,  40739,  40751,  40759,  40763,  40771,  40787,
+ 40801,  40813,  40819,  40823,  40829,  40841,  40847,  40849,  40853,  40867,
+ 40879,  40883,  40897,  40903,  40927,  40933,  40939,  40949,  40961,  40973,
+ 40993,  41011,  41017,  41023,  41039,  41047,  41051,  41057,  41077,  41081,
+ 41113,  41117,  41131,  41141,  41143,  41149,  41161,  41177,  41179,  41183,
+ 41189,  41201,  41203,  41213,  41221,  41227,  41231,  41233,  41243,  41257,
+ 41263,  41269,  41281,  41299,  41333,  41341,  41351,  41357,  41381,  41387,
+ 41389,  41399,  41411,  41413,  41443,  41453,  41467,  41479,  41491,  41507,
+ 41513,  41519,  41521,  41539,  41543,  41549,  41579,  41593,  41597,  41603,
+ 41609,  41611,  41617,  41621,  41627,  41641,  41647,  41651,  41659,  41669,
+ 41681,  41687,  41719,  41729,  41737,  41759,  41761,  41771,  41777,  41801,
+ 41809,  41813,  41843,  41849,  41851,  41863,  41879,  41887,  41893,  41897,
+ 41903,  41911,  41927,  41941,  41947,  41953,  41957,  41959,  41969,  41981,
+ 41983,  41999,  42013,  42017,  42019,  42023,  42043,  42061,  42071,  42073,
+ 42083,  42089,  42101,  42131,  42139,  42157,  42169,  42179,  42181,  42187,
+ 42193,  42197,  42209,  42221,  42223,  42227,  42239,  42257,  42281,  42283,
+ 42293,  42299,  42307,  42323,  42331,  42337,  42349,  42359,  42373,  42379,
+ 42391,  42397,  42403,  42407,  42409,  42433,  42437,  42443,  42451,  42457,
+ 42461,  42463,  42467,  42473,  42487,  42491,  42499,  42509,  42533,  42557,
+ 42569,  42571,  42577,  42589,  42611,  42641,  42643,  42649,  42667,  42677,
+ 42683,  42689,  42697,  42701,  42703,  42709,  42719,  42727,  42737,  42743,
+ 42751,  42767,  42773,  42787,  42793,  42797,  42821,  42829,  42839,  42841,
+ 42853,  42859,  42863,  42899,  42901,  42923,  42929,  42937,  42943,  42953,
+ 42961,  42967,  42979,  42989,  43003,  43013,  43019,  43037,  43049,  43051,
+ 43063,  43067,  43093,  43103,  43117,  43133,  43151,  43159,  43177,  43189,
+ 43201,  43207,  43223,  43237,  43261,  43271,  43283,  43291,  43313,  43319,
+ 43321,  43331,  43391,  43397,  43399,  43403,  43411,  43427,  43441,  43451,
+ 43457,  43481,  43487,  43499,  43517,  43541,  43543,  43573,  43577,  43579,
+ 43591,  43597,  43607,  43609,  43613,  43627,  43633,  43649,  43651,  43661,
+ 43669,  43691,  43711,  43717,  43721,  43753,  43759,  43777,  43781,  43783,
+ 43787,  43789,  43793,  43801,  43853,  43867,  43889,  43891,  43913,  43933,
+ 43943,  43951,  43961,  43963,  43969,  43973,  43987,  43991,  43997,  44017,
+ 44021,  44027,  44029,  44041,  44053,  44059,  44071,  44087,  44089,  44101,
+ 44111,  44119,  44123,  44129,  44131,  44159,  44171,  44179,  44189,  44201,
+ 44203,  44207,  44221,  44249,  44257,  44263,  44267,  44269,  44273,  44279,
+ 44281,  44293,  44351,  44357,  44371,  44381,  44383,  44389,  44417,  44449,
+ 44453,  44483,  44491,  44497,  44501,  44507,  44519,  44531,  44533,  44537,
+ 44543,  44549,  44563,  44579,  44587,  44617,  44621,  44623,  44633,  44641,
+ 44647,  44651,  44657,  44683,  44687,  44699,  44701,  44711,  44729,  44741,
+ 44753,  44771,  44773,  44777,  44789,  44797,  44809,  44819,  44839,  44843,
+ 44851,  44867,  44879,  44887,  44893,  44909,  44917,  44927,  44939,  44953,
+ 44959,  44963,  44971,  44983,  44987,  45007,  45013,  45053,  45061,  45077,
+ 45083,  45119,  45121,  45127,  45131,  45137,  45139,  45161,  45179,  45181,
+ 45191,  45197,  45233,  45247,  45259,  45263,  45281,  45289,  45293,  45307,
+ 45317,  45319,  45329,  45337,  45341,  45343,  45361,  45377,  45389,  45403,
+ 45413,  45427,  45433,  45439,  45481,  45491,  45497,  45503,  45523,  45533,
+ 45541,  45553,  45557,  45569,  45587,  45589,  45599,  45613,  45631,  45641,
+ 45659,  45667,  45673,  45677,  45691,  45697,  45707,  45737,  45751,  45757,
+ 45763,  45767,  45779,  45817,  45821,  45823,  45827,  45833,  45841,  45853,
+ 45863,  45869,  45887,  45893,  45943,  45949,  45953,  45959,  45971,  45979,
+ 45989,  46021,  46027,  46049,  46051,  46061,  46073,  46091,  46093,  46099,
+ 46103,  46133,  46141,  46147,  46153,  46171,  46181,  46183,  46187,  46199,
+ 46219,  46229,  46237,  46261,  46271,  46273,  46279,  46301,  46307,  46309,
+ 46327,  46337,  46349,  46351,  46381,  46399,  46411,  46439,  46441,  46447,
+ 46451,  46457,  46471,  46477,  46489,  46499,  46507,  46511,  46523,  46549,
+ 46559,  46567,  46573,  46589,  46591,  46601,  46619,  46633,  46639,  46643,
+ 46649,  46663,  46679,  46681,  46687,  46691,  46703,  46723,  46727,  46747,
+ 46751,  46757,  46769,  46771,  46807,  46811,  46817,  46819,  46829,  46831,
+ 46853,  46861,  46867,  46877,  46889,  46901,  46919,  46933,  46957,  46993,
+ 46997,  47017,  47041,  47051,  47057,  47059,  47087,  47093,  47111,  47119,
+ 47123,  47129,  47137,  47143,  47147,  47149,  47161,  47189,  47207,  47221,
+ 47237,  47251,  47269,  47279,  47287,  47293,  47297,  47303,  47309,  47317,
+ 47339,  47351,  47353,  47363,  47381,  47387,  47389,  47407,  47417,  47419,
+ 47431,  47441,  47459,  47491,  47497,  47501,  47507,  47513,  47521,  47527,
+ 47533,  47543,  47563,  47569,  47581,  47591,  47599,  47609,  47623,  47629,
+ 47639,  47653,  47657,  47659,  47681,  47699,  47701,  47711,  47713,  47717,
+ 47737,  47741,  47743,  47777,  47779,  47791,  47797,  47807,  47809,  47819,
+ 47837,  47843,  47857,  47869,  47881,  47903,  47911,  47917,  47933,  47939,
+ 47947,  47951,  47963,  47969,  47977,  47981,  48017,  48023,  48029,  48049,
+ 48073,  48079,  48091,  48109,  48119,  48121,  48131,  48157,  48163,  48179,
+ 48187,  48193,  48197,  48221,  48239,  48247,  48259,  48271,  48281,  48299,
+ 48311,  48313,  48337,  48341,  48353,  48371,  48383,  48397,  48407,  48409,
+ 48413,  48437,  48449,  48463,  48473,  48479,  48481,  48487,  48491,  48497,
+ 48523,  48527,  48533,  48539,  48541,  48563,  48571,  48589,  48593,  48611,
+ 48619,  48623,  48647,  48649,  48661,  48673,  48677,  48679,  48731,  48733,
+ 48751,  48757,  48761,  48767,  48779,  48781,  48787,  48799,  48809,  48817,
+ 48821,  48823,  48847,  48857,  48859,  48869,  48871,  48883,  48889,  48907,
+ 48947,  48953,  48973,  48989,  48991,  49003,  49009,  49019,  49031,  49033,
+ 49037,  49043,  49057,  49069,  49081,  49103,  49109,  49117,  49121,  49123,
+ 49139,  49157,  49169,  49171,  49177,  49193,  49199,  49201,  49207,  49211,
+ 49223,  49253,  49261,  49277,  49279,  49297,  49307,  49331,  49333,  49339,
+ 49363,  49367,  49369,  49391,  49393,  49409,  49411,  49417,  49429,  49433,
+ 49451,  49459,  49463,  49477,  49481,  49499,  49523,  49529,  49531,  49537,
+ 49547,  49549,  49559,  49597,  49603,  49613,  49627,  49633,  49639,  49663,
+ 49667,  49669,  49681,  49697,  49711,  49727,  49739,  49741,  49747,  49757,
+ 49783,  49787,  49789,  49801,  49807,  49811,  49823,  49831,  49843,  49853,
+ 49871,  49877,  49891,  49919,  49921,  49927,  49937,  49939,  49943,  49957,
+ 49991,  49993,  49999,  50021,  50023,  50033,  50047,  50051,  50053,  50069,
+ 50077,  50087,  50093,  50101,  50111,  50119,  50123,  50129,  50131,  50147,
+ 50153,  50159,  50177,  50207,  50221,  50227,  50231,  50261,  50263,  50273,
+ 50287,  50291,  50311,  50321,  50329,  50333,  50341,  50359,  50363,  50377,
+ 50383,  50387,  50411,  50417,  50423,  50441,  50459,  50461,  50497,  50503,
+ 50513,  50527,  50539,  50543,  50549,  50551,  50581,  50587,  50591,  50593,
+ 50599,  50627,  50647,  50651,  50671,  50683,  50707,  50723,  50741,  50753,
+ 50767,  50773,  50777,  50789,  50821,  50833,  50839,  50849,  50857,  50867,
+ 50873,  50891,  50893,  50909,  50923,  50929,  50951,  50957,  50969,  50971,
+ 50989,  50993,  51001,  51031,  51043,  51047,  51059,  51061,  51071,  51109,
+ 51131,  51133,  51137,  51151,  51157,  51169,  51193,  51197,  51199,  51203,
+ 51217,  51229,  51239,  51241,  51257,  51263,  51283,  51287,  51307,  51329,
+ 51341,  51343,  51347,  51349,  51361,  51383,  51407,  51413,  51419,  51421,
+ 51427,  51431,  51437,  51439,  51449,  51461,  51473,  51479,  51481,  51487,
+ 51503,  51511,  51517,  51521,  51539,  51551,  51563,  51577,  51581,  51593,
+ 51599,  51607,  51613,  51631,  51637,  51647,  51659,  51673,  51679,  51683,
+ 51691,  51713,  51719,  51721,  51749,  51767,  51769,  51787,  51797,  51803,
+ 51817,  51827,  51829,  51839,  51853,  51859,  51869,  51871,  51893,  51899,
+ 51907,  51913,  51929,  51941,  51949,  51971,  51973,  51977,  51991,  52009,
+ 52021,  52027,  52051,  52057,  52067,  52069,  52081,  52103,  52121,  52127,
+ 52147,  52153,  52163,  52177,  52181,  52183,  52189,  52201,  52223,  52237,
+ 52249,  52253,  52259,  52267,  52289,  52291,  52301,  52313,  52321,  52361,
+ 52363,  52369,  52379,  52387,  52391,  52433,  52453,  52457,  52489,  52501,
+ 52511,  52517,  52529,  52541,  52543,  52553,  52561,  52567,  52571,  52579,
+ 52583,  52609,  52627,  52631,  52639,  52667,  52673,  52691,  52697,  52709,
+ 52711,  52721,  52727,  52733,  52747,  52757,  52769,  52783,  52807,  52813,
+ 52817,  52837,  52859,  52861,  52879,  52883,  52889,  52901,  52903,  52919,
+ 52937,  52951,  52957,  52963,  52967,  52973,  52981,  52999,  53003,  53017,
+ 53047,  53051,  53069,  53077,  53087,  53089,  53093,  53101,  53113,  53117,
+ 53129,  53147,  53149,  53161,  53171,  53173,  53189,  53197,  53201,  53231,
+ 53233,  53239,  53267,  53269,  53279,  53281,  53299,  53309,  53323,  53327,
+ 53353,  53359,  53377,  53381,  53401,  53407,  53411,  53419,  53437,  53441,
+ 53453,  53479,  53503,  53507,  53527,  53549,  53551,  53569,  53591,  53593,
+ 53597,  53609,  53611,  53617,  53623,  53629,  53633,  53639,  53653,  53657,
+ 53681,  53693,  53699,  53717,  53719,  53731,  53759,  53773,  53777,  53783,
+ 53791,  53813,  53819,  53831,  53849,  53857,  53861,  53881,  53887,  53891,
+ 53897,  53899,  53917,  53923,  53927,  53939,  53951,  53959,  53987,  53993,
+ 54001,  54011,  54013,  54037,  54049,  54059,  54083,  54091,  54101,  54121,
+ 54133,  54139,  54151,  54163,  54167,  54181,  54193,  54217,  54251,  54269,
+ 54277,  54287,  54293,  54311,  54319,  54323,  54331,  54347,  54361,  54367,
+ 54371,  54377,  54401,  54403,  54409,  54413,  54419,  54421,  54437,  54443,
+ 54449,  54469,  54493,  54497,  54499,  54503,  54517,  54521,  54539,  54541,
+ 54547,  54559,  54563,  54577,  54581,  54583,  54601,  54617,  54623,  54629,
+ 54631,  54647,  54667,  54673,  54679,  54709,  54713,  54721,  54727,  54751,
+ 54767,  54773,  54779,  54787,  54799,  54829,  54833,  54851,  54869,  54877,
+ 54881,  54907,  54917,  54919,  54941,  54949,  54959,  54973,  54979,  54983,
+ 55001,  55009,  55021,  55049,  55051,  55057,  55061,  55073,  55079,  55103,
+ 55109,  55117,  55127,  55147,  55163,  55171,  55201,  55207,  55213,  55217,
+ 55219,  55229,  55243,  55249,  55259,  55291,  55313,  55331,  55333,  55337,
+ 55339,  55343,  55351,  55373,  55381,  55399,  55411,  55439,  55441,  55457,
+ 55469,  55487,  55501,  55511,  55529,  55541,  55547,  55579,  55589,  55603,
+ 55609,  55619,  55621,  55631,  55633,  55639,  55661,  55663,  55667,  55673,
+ 55681,  55691,  55697,  55711,  55717,  55721,  55733,  55763,  55787,  55793,
+ 55799,  55807,  55813,  55817,  55819,  55823,  55829,  55837,  55843,  55849,
+ 55871,  55889,  55897,  55901,  55903,  55921,  55927,  55931,  55933,  55949,
+ 55967,  55987,  55997,  56003,  56009,  56039,  56041,  56053,  56081,  56087,
+ 56093,  56099,  56101,  56113,  56123,  56131,  56149,  56167,  56171,  56179,
+ 56197,  56207,  56209,  56237,  56239,  56249,  56263,  56267,  56269,  56299,
+ 56311,  56333,  56359,  56369,  56377,  56383,  56393,  56401,  56417,  56431,
+ 56437,  56443,  56453,  56467,  56473,  56477,  56479,  56489,  56501,  56503,
+ 56509,  56519,  56527,  56531,  56533,  56543,  56569,  56591,  56597,  56599,
+ 56611,  56629,  56633,  56659,  56663,  56671,  56681,  56687,  56701,  56711,
+ 56713,  56731,  56737,  56747,  56767,  56773,  56779,  56783,  56807,  56809,
+ 56813,  56821,  56827,  56843,  56857,  56873,  56891,  56893,  56897,  56909,
+ 56911,  56921,  56923,  56929,  56941,  56951,  56957,  56963,  56983,  56989,
+ 56993,  56999,  57037,  57041,  57047,  57059,  57073,  57077,  57089,  57097,
+ 57107,  57119,  57131,  57139,  57143,  57149,  57163,  57173,  57179,  57191,
+ 57193,  57203,  57221,  57223,  57241,  57251,  57259,  57269,  57271,  57283,
+ 57287,  57301,  57329,  57331,  57347,  57349,  57367,  57373,  57383,  57389,
+ 57397,  57413,  57427,  57457,  57467,  57487,  57493,  57503,  57527,  57529,
+ 57557,  57559,  57571,  57587,  57593,  57601,  57637,  57641,  57649,  57653,
+ 57667,  57679,  57689,  57697,  57709,  57713,  57719,  57727,  57731,  57737,
+ 57751,  57773,  57781,  57787,  57791,  57793,  57803,  57809,  57829,  57839,
+ 57847,  57853,  57859,  57881,  57899,  57901,  57917,  57923,  57943,  57947,
+ 57973,  57977,  57991,  58013,  58027,  58031,  58043,  58049,  58057,  58061,
+ 58067,  58073,  58099,  58109,  58111,  58129,  58147,  58151,  58153,  58169,
+ 58171,  58189,  58193,  58199,  58207,  58211,  58217,  58229,  58231,  58237,
+ 58243,  58271,  58309,  58313,  58321,  58337,  58363,  58367,  58369,  58379,
+ 58391,  58393,  58403,  58411,  58417,  58427,  58439,  58441,  58451,  58453,
+ 58477,  58481,  58511,  58537,  58543,  58549,  58567,  58573,  58579,  58601,
+ 58603,  58613,  58631,  58657,  58661,  58679,  58687,  58693,  58699,  58711,
+ 58727,  58733,  58741,  58757,  58763,  58771,  58787,  58789,  58831,  58889,
+ 58897,  58901,  58907,  58909,  58913,  58921,  58937,  58943,  58963,  58967,
+ 58979,  58991,  58997,  59009,  59011,  59021,  59023,  59029,  59051,  59053,
+ 59063,  59069,  59077,  59083,  59093,  59107,  59113,  59119,  59123,  59141,
+ 59149,  59159,  59167,  59183,  59197,  59207,  59209,  59219,  59221,  59233,
+ 59239,  59243,  59263,  59273,  59281,  59333,  59341,  59351,  59357,  59359,
+ 59369,  59377,  59387,  59393,  59399,  59407,  59417,  59419,  59441,  59443,
+ 59447,  59453,  59467,  59471,  59473,  59497,  59509,  59513,  59539,  59557,
+ 59561,  59567,  59581,  59611,  59617,  59621,  59627,  59629,  59651,  59659,
+ 59663,  59669,  59671,  59693,  59699,  59707,  59723,  59729,  59743,  59747,
+ 59753,  59771,  59779,  59791,  59797,  59809,  59833,  59863,  59879,  59887,
+ 59921,  59929,  59951,  59957,  59971,  59981,  59999,  60013,  60017,  60029,
+ 60037,  60041,  60077,  60083,  60089,  60091,  60101,  60103,  60107,  60127,
+ 60133,  60139,  60149,  60161,  60167,  60169,  60209,  60217,  60223,  60251,
+ 60257,  60259,  60271,  60289,  60293,  60317,  60331,  60337,  60343,  60353,
+ 60373,  60383,  60397,  60413,  60427,  60443,  60449,  60457,  60493,  60497,
+ 60509,  60521,  60527,  60539,  60589,  60601,  60607,  60611,  60617,  60623,
+ 60631,  60637,  60647,  60649,  60659,  60661,  60679,  60689,  60703,  60719,
+ 60727,  60733,  60737,  60757,  60761,  60763,  60773,  60779,  60793,  60811,
+ 60821,  60859,  60869,  60887,  60889,  60899,  60901,  60913,  60917,  60919,
+ 60923,  60937,  60943,  60953,  60961,  61001,  61007,  61027,  61031,  61043,
+ 61051,  61057,  61091,  61099,  61121,  61129,  61141,  61151,  61153,  61169,
+ 61211,  61223,  61231,  61253,  61261,  61283,  61291,  61297,  61331,  61333,
+ 61339,  61343,  61357,  61363,  61379,  61381,  61403,  61409,  61417,  61441,
+ 61463,  61469,  61471,  61483,  61487,  61493,  61507,  61511,  61519,  61543,
+ 61547,  61553,  61559,  61561,  61583,  61603,  61609,  61613,  61627,  61631,
+ 61637,  61643,  61651,  61657,  61667,  61673,  61681,  61687,  61703,  61717,
+ 61723,  61729,  61751,  61757,  61781,  61813,  61819,  61837,  61843,  61861,
+ 61871,  61879,  61909,  61927,  61933,  61949,  61961,  61967,  61979,  61981,
+ 61987,  61991,  62003,  62011,  62017,  62039,  62047,  62053,  62057,  62071,
+ 62081,  62099,  62119,  62129,  62131,  62137,  62141,  62143,  62171,  62189,
+ 62191,  62201,  62207,  62213,  62219,  62233,  62273,  62297,  62299,  62303,
+ 62311,  62323,  62327,  62347,  62351,  62383,  62401,  62417,  62423,  62459,
+ 62467,  62473,  62477,  62483,  62497,  62501,  62507,  62533,  62539,  62549,
+ 62563,  62581,  62591,  62597,  62603,  62617,  62627,  62633,  62639,  62653,
+ 62659,  62683,  62687,  62701,  62723,  62731,  62743,  62753,  62761,  62773,
+ 62791,  62801,  62819,  62827,  62851,  62861,  62869,  62873,  62897,  62903,
+ 62921,  62927,  62929,  62939,  62969,  62971,  62981,  62983,  62987,  62989,
+ 63029,  63031,  63059,  63067,  63073,  63079,  63097,  63103,  63113,  63127,
+ 63131,  63149,  63179,  63197,  63199,  63211,  63241,  63247,  63277,  63281,
+ 63299,  63311,  63313,  63317,  63331,  63337,  63347,  63353,  63361,  63367,
+ 63377,  63389,  63391,  63397,  63409,  63419,  63421,  63439,  63443,  63463,
+ 63467,  63473,  63487,  63493,  63499,  63521,  63527,  63533,  63541,  63559,
+ 63577,  63587,  63589,  63599,  63601,  63607,  63611,  63617,  63629,  63647,
+ 63649,  63659,  63667,  63671,  63689,  63691,  63697,  63703,  63709,  63719,
+ 63727,  63737,  63743,  63761,  63773,  63781,  63793,  63799,  63803,  63809,
+ 63823,  63839,  63841,  63853,  63857,  63863,  63901,  63907,  63913,  63929,
+ 63949,  63977,  63997,  64007,  64013,  64019,  64033,  64037,  64063,  64067,
+ 64081,  64091,  64109,  64123,  64151,  64153,  64157,  64171,  64187,  64189,
+ 64217,  64223,  64231,  64237,  64271,  64279,  64283,  64301,  64303,  64319,
+ 64327,  64333,  64373,  64381,  64399,  64403,  64433,  64439,  64451,  64453,
+ 64483,  64489,  64499,  64513,  64553,  64567,  64577,  64579,  64591,  64601,
+ 64609,  64613,  64621,  64627,  64633,  64661,  64663,  64667,  64679,  64693,
+ 64709,  64717,  64747,  64763,  64781,  64783,  64793,  64811,  64817,  64849,
+ 64853,  64871,  64877,  64879,  64891,  64901,  64919,  64921,  64927,  64937,
+ 64951,  64969,  64997,  65003,  65011,  65027,  65029,  65033,  65053,  65063,
+ 65071,  65089,  65099,  65101,  65111,  65119,  65123,  65129,  65141,  65147,
+ 65167,  65171,  65173,  65179,  65183,  65203,  65213,  65239,  65257,  65267,
+ 65269,  65287,  65293,  65309,  65323,  65327,  65353,  65357,  65371,  65381,
+ 65393,  65407,  65413,  65419,  65423,  65437,  65447,  65449,  65479,  65497,
+ 65519,  65521,  65537,  65539,  65543,  65551,  65557,  65563,  65579,  65581,
+ 65587,  65599,  65609,  65617,  65629,  65633,  65647,  65651,  65657,  65677,
+ 65687,  65699,  65701,  65707,  65713,  65717,  65719,  65729,  65731,  65761,
+ 65777,  65789,  65809,  65827,  65831,  65837,  65839,  65843,  65851,  65867,
+ 65881,  65899,  65921,  65927,  65929,  65951,  65957,  65963,  65981,  65983,
+ 65993,  66029,  66037,  66041,  66047,  66067,  66071,  66083,  66089,  66103,
+ 66107,  66109,  66137,  66161,  66169,  66173,  66179,  66191,  66221,  66239,
+ 66271,  66293,  66301,  66337,  66343,  66347,  66359,  66361,  66373,  66377,
+ 66383,  66403,  66413,  66431,  66449,  66457,  66463,  66467,  66491,  66499,
+ 66509,  66523,  66529,  66533,  66541,  66553,  66569,  66571,  66587,  66593,
+ 66601,  66617,  66629,  66643,  66653,  66683,  66697,  66701,  66713,  66721,
+ 66733,  66739,  66749,  66751,  66763,  66791,  66797,  66809,  66821,  66841,
+ 66851,  66853,  66863,  66877,  66883,  66889,  66919,  66923,  66931,  66943,
+ 66947,  66949,  66959,  66973,  66977,  67003,  67021,  67033,  67043,  67049,
+ 67057,  67061,  67073,  67079,  67103,  67121,  67129,  67139,  67141,  67153,
+ 67157,  67169,  67181,  67187,  67189,  67211,  67213,  67217,  67219,  67231,
+ 67247,  67261,  67271,  67273,  67289,  67307,  67339,  67343,  67349,  67369,
+ 67391,  67399,  67409,  67411,  67421,  67427,  67429,  67433,  67447,  67453,
+ 67477,  67481,  67489,  67493,  67499,  67511,  67523,  67531,  67537,  67547,
+ 67559,  67567,  67577,  67579,  67589,  67601,  67607,  67619,  67631,  67651,
+ 67679,  67699,  67709,  67723,  67733,  67741,  67751,  67757,  67759,  67763,
+ 67777,  67783,  67789,  67801,  67807,  67819,  67829,  67843,  67853,  67867,
+ 67883,  67891,  67901,  67927,  67931,  67933,  67939,  67943,  67957,  67961,
+ 67967,  67979,  67987,  67993,  68023,  68041,  68053,  68059,  68071,  68087,
+ 68099,  68111,  68113,  68141,  68147,  68161,  68171,  68207,  68209,  68213,
+ 68219,  68227,  68239,  68261,  68279,  68281,  68311,  68329,  68351,  68371,
+ 68389,  68399,  68437,  68443,  68447,  68449,  68473,  68477,  68483,  68489,
+ 68491,  68501,  68507,  68521,  68531,  68539,  68543,  68567,  68581,  68597,
+ 68611,  68633,  68639,  68659,  68669,  68683,  68687,  68699,  68711,  68713,
+ 68729,  68737,  68743,  68749,  68767,  68771,  68777,  68791,  68813,  68819,
+ 68821,  68863,  68879,  68881,  68891,  68897,  68899,  68903,  68909,  68917,
+ 68927,  68947,  68963,  68993,  69001,  69011,  69019,  69029,  69031,  69061,
+ 69067,  69073,  69109,  69119,  69127,  69143,  69149,  69151,  69163,  69191,
+ 69193,  69197,  69203,  69221,  69233,  69239,  69247,  69257,  69259,  69263,
+ 69313,  69317,  69337,  69341,  69371,  69379,  69383,  69389,  69401,  69403,
+ 69427,  69431,  69439,  69457,  69463,  69467,  69473,  69481,  69491,  69493,
+ 69497,  69499,  69539,  69557,  69593,  69623,  69653,  69661,  69677,  69691,
+ 69697,  69709,  69737,  69739,  69761,  69763,  69767,  69779,  69809,  69821,
+ 69827,  69829,  69833,  69847,  69857,  69859,  69877,  69899,  69911,  69929,
+ 69931,  69941,  69959,  69991,  69997,  70001,  70003,  70009,  70019,  70039,
+ 70051,  70061,  70067,  70079,  70099,  70111,  70117,  70121,  70123,  70139,
+ 70141,  70157,  70163,  70177,  70181,  70183,  70199,  70201,  70207,  70223,
+ 70229,  70237,  70241,  70249,  70271,  70289,  70297,  70309,  70313,  70321,
+ 70327,  70351,  70373,  70379,  70381,  70393,  70423,  70429,  70439,  70451,
+ 70457,  70459,  70481,  70487,  70489,  70501,  70507,  70529,  70537,  70549,
+ 70571,  70573,  70583,  70589,  70607,  70619,  70621,  70627,  70639,  70657,
+ 70663,  70667,  70687,  70709,  70717,  70729,  70753,  70769,  70783,  70793,
+ 70823,  70841,  70843,  70849,  70853,  70867,  70877,  70879,  70891,  70901,
+ 70913,  70919,  70921,  70937,  70949,  70951,  70957,  70969,  70979,  70981,
+ 70991,  70997,  70999,  71011,  71023,  71039,  71059,  71069,  71081,  71089,
+ 71119,  71129,  71143,  71147,  71153,  71161,  71167,  71171,  71191,  71209,
+ 71233,  71237,  71249,  71257,  71261,  71263,  71287,  71293,  71317,  71327,
+ 71329,  71333,  71339,  71341,  71347,  71353,  71359,  71363,  71387,  71389,
+ 71399,  71411,  71413,  71419,  71429,  71437,  71443,  71453,  71471,  71473,
+ 71479,  71483,  71503,  71527,  71537,  71549,  71551,  71563,  71569,  71593,
+ 71597,  71633,  71647,  71663,  71671,  71693,  71699,  71707,  71711,  71713,
+ 71719,  71741,  71761,  71777,  71789,  71807,  71809,  71821,  71837,  71843,
+ 71849,  71861,  71867,  71879,  71881,  71887,  71899,  71909,  71917,  71933,
+ 71941,  71947,  71963,  71971,  71983,  71987,  71993,  71999,  72019,  72031,
+ 72043,  72047,  72053,  72073,  72077,  72089,  72091,  72101,  72103,  72109,
+ 72139,  72161,  72167,  72169,  72173,  72211,  72221,  72223,  72227,  72229,
+ 72251,  72253,  72269,  72271,  72277,  72287,  72307,  72313,  72337,  72341,
+ 72353,  72367,  72379,  72383,  72421,  72431,  72461,  72467,  72469,  72481,
+ 72493,  72497,  72503,  72533,  72547,  72551,  72559,  72577,  72613,  72617,
+ 72623,  72643,  72647,  72649,  72661,  72671,  72673,  72679,  72689,  72701,
+ 72707,  72719,  72727,  72733,  72739,  72763,  72767,  72797,  72817,  72823,
+ 72859,  72869,  72871,  72883,  72889,  72893,  72901,  72907,  72911,  72923,
+ 72931,  72937,  72949,  72953,  72959,  72973,  72977,  72997,  73009,  73013,
+ 73019,  73037,  73039,  73043,  73061,  73063,  73079,  73091,  73121,  73127,
+ 73133,  73141,  73181,  73189,  73237,  73243,  73259,  73277,  73291,  73303,
+ 73309,  73327,  73331,  73351,  73361,  73363,  73369,  73379,  73387,  73417,
+ 73421,  73433,  73453,  73459,  73471,  73477,  73483,  73517,  73523,  73529,
+ 73547,  73553,  73561,  73571,  73583,  73589,  73597,  73607,  73609,  73613,
+ 73637,  73643,  73651,  73673,  73679,  73681,  73693,  73699,  73709,  73721,
+ 73727,  73751,  73757,  73771,  73783,  73819,  73823,  73847,  73849,  73859,
+ 73867,  73877,  73883,  73897,  73907,  73939,  73943,  73951,  73961,  73973,
+ 73999,  74017,  74021,  74027,  74047,  74051,  74071,  74077,  74093,  74099,
+ 74101,  74131,  74143,  74149,  74159,  74161,  74167,  74177,  74189,  74197,
+ 74201,  74203,  74209,  74219,  74231,  74257,  74279,  74287,  74293,  74297,
+ 74311,  74317,  74323,  74353,  74357,  74363,  74377,  74381,  74383,  74411,
+ 74413,  74419,  74441,  74449,  74453,  74471,  74489,  74507,  74509,  74521,
+ 74527,  74531,  74551,  74561,  74567,  74573,  74587,  74597,  74609,  74611,
+ 74623,  74653,  74687,  74699,  74707,  74713,  74717,  74719,  74729,  74731,
+ 74747,  74759,  74761,  74771,  74779,  74797,  74821,  74827,  74831,  74843,
+ 74857,  74861,  74869,  74873,  74887,  74891,  74897,  74903,  74923,  74929,
+ 74933,  74941,  74959,  75011,  75013,  75017,  75029,  75037,  75041,  75079,
+ 75083,  75109,  75133,  75149,  75161,  75167,  75169,  75181,  75193,  75209,
+ 75211,  75217,  75223,  75227,  75239,  75253,  75269,  75277,  75289,  75307,
+ 75323,  75329,  75337,  75347,  75353,  75367,  75377,  75389,  75391,  75401,
+ 75403,  75407,  75431,  75437,  75479,  75503,  75511,  75521,  75527,  75533,
+ 75539,  75541,  75553,  75557,  75571,  75577,  75583,  75611,  75617,  75619,
+ 75629,  75641,  75653,  75659,  75679,  75683,  75689,  75703,  75707,  75709,
+ 75721,  75731,  75743,  75767,  75773,  75781,  75787,  75793,  75797,  75821,
+ 75833,  75853,  75869,  75883,  75913,  75931,  75937,  75941,  75967,  75979,
+ 75983,  75989,  75991,  75997,  76001,  76003,  76031,  76039,  76079,  76081,
+ 76091,  76099,  76103,  76123,  76129,  76147,  76157,  76159,  76163,  76207,
+ 76213,  76231,  76243,  76249,  76253,  76259,  76261,  76283,  76289,  76303,
+ 76333,  76343,  76367,  76369,  76379,  76387,  76403,  76421,  76423,  76441,
+ 76463,  76471,  76481,  76487,  76493,  76507,  76511,  76519,  76537,  76541,
+ 76543,  76561,  76579,  76597,  76603,  76607,  76631,  76649,  76651,  76667,
+ 76673,  76679,  76697,  76717,  76733,  76753,  76757,  76771,  76777,  76781,
+ 76801,  76819,  76829,  76831,  76837,  76847,  76871,  76873,  76883,  76907,
+ 76913,  76919,  76943,  76949,  76961,  76963,  76991,  77003,  77017,  77023,
+ 77029,  77041,  77047,  77069,  77081,  77093,  77101,  77137,  77141,  77153,
+ 77167,  77171,  77191,  77201,  77213,  77237,  77239,  77243,  77249,  77261,
+ 77263,  77267,  77269,  77279,  77291,  77317,  77323,  77339,  77347,  77351,
+ 77359,  77369,  77377,  77383,  77417,  77419,  77431,  77447,  77471,  77477,
+ 77479,  77489,  77491,  77509,  77513,  77521,  77527,  77543,  77549,  77551,
+ 77557,  77563,  77569,  77573,  77587,  77591,  77611,  77617,  77621,  77641,
+ 77647,  77659,  77681,  77687,  77689,  77699,  77711,  77713,  77719,  77723,
+ 77731,  77743,  77747,  77761,  77773,  77783,  77797,  77801,  77813,  77839,
+ 77849,  77863,  77867,  77893,  77899,  77929,  77933,  77951,  77969,  77977,
+ 77983,  77999,  78007,  78017,  78031,  78041,  78049,  78059,  78079,  78101,
+ 78121,  78137,  78139,  78157,  78163,  78167,  78173,  78179,  78191,  78193,
+ 78203,  78229,  78233,  78241,  78259,  78277,  78283,  78301,  78307,  78311,
+ 78317,  78341,  78347,  78367,  78401,  78427,  78437,  78439,  78467,  78479,
+ 78487,  78497,  78509,  78511,  78517,  78539,  78541,  78553,  78569,  78571,
+ 78577,  78583,  78593,  78607,  78623,  78643,  78649,  78653,  78691,  78697,
+ 78707,  78713,  78721,  78737,  78779,  78781,  78787,  78791,  78797,  78803,
+ 78809,  78823,  78839,  78853,  78857,  78877,  78887,  78889,  78893,  78901,
+ 78919,  78929,  78941,  78977,  78979,  78989,  79031,  79039,  79043,  79063,
+ 79087,  79103,  79111,  79133,  79139,  79147,  79151,  79153,  79159,  79181,
+ 79187,  79193,  79201,  79229,  79231,  79241,  79259,  79273,  79279,  79283,
+ 79301,  79309,  79319,  79333,  79337,  79349,  79357,  79367,  79379,  79393,
+ 79397,  79399,  79411,  79423,  79427,  79433,  79451,  79481,  79493,  79531,
+ 79537,  79549,  79559,  79561,  79579,  79589,  79601,  79609,  79613,  79621,
+ 79627,  79631,  79633,  79657,  79669,  79687,  79691,  79693,  79697,  79699,
+ 79757,  79769,  79777,  79801,  79811,  79813,  79817,  79823,  79829,  79841,
+ 79843,  79847,  79861,  79867,  79873,  79889,  79901,  79903,  79907,  79939,
+ 79943,  79967,  79973,  79979,  79987,  79997,  79999,  80021,  80039,  80051,
+ 80071,  80077,  80107,  80111,  80141,  80147,  80149,  80153,  80167,  80173,
+ 80177,  80191,  80207,  80209,  80221,  80231,  80233,  80239,  80251,  80263,
+ 80273,  80279,  80287,  80309,  80317,  80329,  80341,  80347,  80363,  80369,
+ 80387,  80407,  80429,  80447,  80449,  80471,  80473,  80489,  80491,  80513,
+ 80527,  80537,  80557,  80567,  80599,  80603,  80611,  80621,  80627,  80629,
+ 80651,  80657,  80669,  80671,  80677,  80681,  80683,  80687,  80701,  80713,
+ 80737,  80747,  80749,  80761,  80777,  80779,  80783,  80789,  80803,  80809,
+ 80819,  80831,  80833,  80849,  80863,  80897,  80909,  80911,  80917,  80923,
+ 80929,  80933,  80953,  80963,  80989,  81001,  81013,  81017,  81019,  81023,
+ 81031,  81041,  81043,  81047,  81049,  81071,  81077,  81083,  81097,  81101,
+ 81119,  81131,  81157,  81163,  81173,  81181,  81197,  81199,  81203,  81223,
+ 81233,  81239,  81281,  81283,  81293,  81299,  81307,  81331,  81343,  81349,
+ 81353,  81359,  81371,  81373,  81401,  81409,  81421,  81439,  81457,  81463,
+ 81509,  81517,  81527,  81533,  81547,  81551,  81553,  81559,  81563,  81569,
+ 81611,  81619,  81629,  81637,  81647,  81649,  81667,  81671,  81677,  81689,
+ 81701,  81703,  81707,  81727,  81737,  81749,  81761,  81769,  81773,  81799,
+ 81817,  81839,  81847,  81853,  81869,  81883,  81899,  81901,  81919,  81929,
+ 81931,  81937,  81943,  81953,  81967,  81971,  81973,  82003,  82007,  82009,
+ 82013,  82021,  82031,  82037,  82039,  82051,  82067,  82073,  82129,  82139,
+ 82141,  82153,  82163,  82171,  82183,  82189,  82193,  82207,  82217,  82219,
+ 82223,  82231,  82237,  82241,  82261,  82267,  82279,  82301,  82307,  82339,
+ 82349,  82351,  82361,  82373,  82387,  82393,  82421,  82457,  82463,  82469,
+ 82471,  82483,  82487,  82493,  82499,  82507,  82529,  82531,  82549,  82559,
+ 82561,  82567,  82571,  82591,  82601,  82609,  82613,  82619,  82633,  82651,
+ 82657,  82699,  82721,  82723,  82727,  82729,  82757,  82759,  82763,  82781,
+ 82787,  82793,  82799,  82811,  82813,  82837,  82847,  82883,  82889,  82891,
+ 82903,  82913,  82939,  82963,  82981,  82997,  83003,  83009,  83023,  83047,
+ 83059,  83063,  83071,  83077,  83089,  83093,  83101,  83117,  83137,  83177,
+ 83203,  83207,  83219,  83221,  83227,  83231,  83233,  83243,  83257,  83267,
+ 83269,  83273,  83299,  83311,  83339,  83341,  83357,  83383,  83389,  83399,
+ 83401,  83407,  83417,  83423,  83431,  83437,  83443,  83449,  83459,  83471,
+ 83477,  83497,  83537,  83557,  83561,  83563,  83579,  83591,  83597,  83609,
+ 83617,  83621,  83639,  83641,  83653,  83663,  83689,  83701,  83717,  83719,
+ 83737,  83761,  83773,  83777,  83791,  83813,  83833,  83843,  83857,  83869,
+ 83873,  83891,  83903,  83911,  83921,  83933,  83939,  83969,  83983,  83987,
+ 84011,  84017,  84047,  84053,  84059,  84061,  84067,  84089,  84121,  84127,
+ 84131,  84137,  84143,  84163,  84179,  84181,  84191,  84199,  84211,  84221,
+ 84223,  84229,  84239,  84247,  84263,  84299,  84307,  84313,  84317,  84319,
+ 84347,  84349,  84377,  84389,  84391,  84401,  84407,  84421,  84431,  84437,
+ 84443,  84449,  84457,  84463,  84467,  84481,  84499,  84503,  84509,  84521,
+ 84523,  84533,  84551,  84559,  84589,  84629,  84631,  84649,  84653,  84659,
+ 84673,  84691,  84697,  84701,  84713,  84719,  84731,  84737,  84751,  84761,
+ 84787,  84793,  84809,  84811,  84827,  84857,  84859,  84869,  84871,  84913,
+ 84919,  84947,  84961,  84967,  84977,  84979,  84991,  85009,  85021,  85027,
+ 85037,  85049,  85061,  85081,  85087,  85091,  85093,  85103,  85109,  85121,
+ 85133,  85147,  85159,  85193,  85199,  85201,  85213,  85223,  85229,  85237,
+ 85243,  85247,  85259,  85297,  85303,  85313,  85331,  85333,  85361,  85363,
+ 85369,  85381,  85411,  85427,  85429,  85439,  85447,  85451,  85453,  85469,
+ 85487,  85513,  85517,  85523,  85531,  85549,  85571,  85577,  85597,  85601,
+ 85607,  85619,  85621,  85627,  85639,  85643,  85661,  85667,  85669,  85691,
+ 85703,  85711,  85717,  85733,  85751,  85781,  85793,  85817,  85819,  85829,
+ 85831,  85837,  85843,  85847,  85853,  85889,  85903,  85909,  85931,  85933,
+ 85991,  85999,  86011,  86017,  86027,  86029,  86069,  86077,  86083,  86111,
+ 86113,  86117,  86131,  86137,  86143,  86161,  86171,  86179,  86183,  86197,
+ 86201,  86209,  86239,  86243,  86249,  86257,  86263,  86269,  86287,  86291,
+ 86293,  86297,  86311,  86323,  86341,  86351,  86353,  86357,  86369,  86371,
+ 86381,  86389,  86399,  86413,  86423,  86441,  86453,  86461,  86467,  86477,
+ 86491,  86501,  86509,  86531,  86533,  86539,  86561,  86573,  86579,  86587,
+ 86599,  86627,  86629,  86677,  86689,  86693,  86711,  86719,  86729,  86743,
+ 86753,  86767,  86771,  86783,  86813,  86837,  86843,  86851,  86857,  86861,
+ 86869,  86923,  86927,  86929,  86939,  86951,  86959,  86969,  86981,  86993,
+ 87011,  87013,  87037,  87041,  87049,  87071,  87083,  87103,  87107,  87119,
+ 87121,  87133,  87149,  87151,  87179,  87181,  87187,  87211,  87221,  87223,
+ 87251,  87253,  87257,  87277,  87281,  87293,  87299,  87313,  87317,  87323,
+ 87337,  87359,  87383,  87403,  87407,  87421,  87427,  87433,  87443,  87473,
+ 87481,  87491,  87509,  87511,  87517,  87523,  87539,  87541,  87547,  87553,
+ 87557,  87559,  87583,  87587,  87589,  87613,  87623,  87629,  87631,  87641,
+ 87643,  87649,  87671,  87679,  87683,  87691,  87697,  87701,  87719,  87721,
+ 87739,  87743,  87751,  87767,  87793,  87797,  87803,  87811,  87833,  87853,
+ 87869,  87877,  87881,  87887,  87911,  87917,  87931,  87943,  87959,  87961,
+ 87973,  87977,  87991,  88001,  88003,  88007,  88019,  88037,  88069,  88079,
+ 88093,  88117,  88129,  88169,  88177,  88211,  88223,  88237,  88241,  88259,
+ 88261,  88289,  88301,  88321,  88327,  88337,  88339,  88379,  88397,  88411,
+ 88423,  88427,  88463,  88469,  88471,  88493,  88499,  88513,  88523,  88547,
+ 88589,  88591,  88607,  88609,  88643,  88651,  88657,  88661,  88663,  88667,
+ 88681,  88721,  88729,  88741,  88747,  88771,  88789,  88793,  88799,  88801,
+ 88807,  88811,  88813,  88817,  88819,  88843,  88853,  88861,  88867,  88873,
+ 88883,  88897,  88903,  88919,  88937,  88951,  88969,  88993,  88997,  89003,
+ 89009,  89017,  89021,  89041,  89051,  89057,  89069,  89071,  89083,  89087,
+ 89101,  89107,  89113,  89119,  89123,  89137,  89153,  89189,  89203,  89209,
+ 89213,  89227,  89231,  89237,  89261,  89269,  89273,  89293,  89303,  89317,
+ 89329,  89363,  89371,  89381,  89387,  89393,  89399,  89413,  89417,  89431,
+ 89443,  89449,  89459,  89477,  89491,  89501,  89513,  89519,  89521,  89527,
+ 89533,  89561,  89563,  89567,  89591,  89597,  89599,  89603,  89611,  89627,
+ 89633,  89653,  89657,  89659,  89669,  89671,  89681,  89689,  89753,  89759,
+ 89767,  89779,  89783,  89797,  89809,  89819,  89821,  89833,  89839,  89849,
+ 89867,  89891,  89897,  89899,  89909,  89917,  89923,  89939,  89959,  89963,
+ 89977,  89983,  89989,  90001,  90007,  90011,  90017,  90019,  90023,  90031,
+ 90053,  90059,  90067,  90071,  90073,  90089,  90107,  90121,  90127,  90149,
+ 90163,  90173,  90187,  90191,  90197,  90199,  90203,  90217,  90227,  90239,
+ 90247,  90263,  90271,  90281,  90289,  90313,  90353,  90359,  90371,  90373,
+ 90379,  90397,  90401,  90403,  90407,  90437,  90439,  90469,  90473,  90481,
+ 90499,  90511,  90523,  90527,  90529,  90533,  90547,  90583,  90599,  90617,
+ 90619,  90631,  90641,  90647,  90659,  90677,  90679,  90697,  90703,  90709,
+ 90731,  90749,  90787,  90793,  90803,  90821,  90823,  90833,  90841,  90847,
+ 90863,  90887,  90901,  90907,  90911,  90917,  90931,  90947,  90971,  90977,
+ 90989,  90997,  91009,  91019,  91033,  91079,  91081,  91097,  91099,  91121,
+ 91127,  91129,  91139,  91141,  91151,  91153,  91159,  91163,  91183,  91193,
+ 91199,  91229,  91237,  91243,  91249,  91253,  91283,  91291,  91297,  91303,
+ 91309,  91331,  91367,  91369,  91373,  91381,  91387,  91393,  91397,  91411,
+ 91423,  91433,  91453,  91457,  91459,  91463,  91493,  91499,  91513,  91529,
+ 91541,  91571,  91573,  91577,  91583,  91591,  91621,  91631,  91639,  91673,
+ 91691,  91703,  91711,  91733,  91753,  91757,  91771,  91781,  91801,  91807,
+ 91811,  91813,  91823,  91837,  91841,  91867,  91873,  91909,  91921,  91939,
+ 91943,  91951,  91957,  91961,  91967,  91969,  91997,  92003,  92009,  92033,
+ 92041,  92051,  92077,  92083,  92107,  92111,  92119,  92143,  92153,  92173,
+ 92177,  92179,  92189,  92203,  92219,  92221,  92227,  92233,  92237,  92243,
+ 92251,  92269,  92297,  92311,  92317,  92333,  92347,  92353,  92357,  92363,
+ 92369,  92377,  92381,  92383,  92387,  92399,  92401,  92413,  92419,  92431,
+ 92459,  92461,  92467,  92479,  92489,  92503,  92507,  92551,  92557,  92567,
+ 92569,  92581,  92593,  92623,  92627,  92639,  92641,  92647,  92657,  92669,
+ 92671,  92681,  92683,  92693,  92699,  92707,  92717,  92723,  92737,  92753,
+ 92761,  92767,  92779,  92789,  92791,  92801,  92809,  92821,  92831,  92849,
+ 92857,  92861,  92863,  92867,  92893,  92899,  92921,  92927,  92941,  92951,
+ 92957,  92959,  92987,  92993,  93001,  93047,  93053,  93059,  93077,  93083,
+ 93089,  93097,  93103,  93113,  93131,  93133,  93139,  93151,  93169,  93179,
+ 93187,  93199,  93229,  93239,  93241,  93251,  93253,  93257,  93263,  93281,
+ 93283,  93287,  93307,  93319,  93323,  93329,  93337,  93371,  93377,  93383,
+ 93407,  93419,  93427,  93463,  93479,  93481,  93487,  93491,  93493,  93497,
+ 93503,  93523,  93529,  93553,  93557,  93559,  93563,  93581,  93601,  93607,
+ 93629,  93637,  93683,  93701,  93703,  93719,  93739,  93761,  93763,  93787,
+ 93809,  93811,  93827,  93851,  93871,  93887,  93889,  93893,  93901,  93911,
+ 93913,  93923,  93937,  93941,  93949,  93967,  93971,  93979,  93983,  93997,
+ 94007,  94009,  94033,  94049,  94057,  94063,  94079,  94099,  94109,  94111,
+ 94117,  94121,  94151,  94153,  94169,  94201,  94207,  94219,  94229,  94253,
+ 94261,  94273,  94291,  94307,  94309,  94321,  94327,  94331,  94343,  94349,
+ 94351,  94379,  94397,  94399,  94421,  94427,  94433,  94439,  94441,  94447,
+ 94463,  94477,  94483,  94513,  94529,  94531,  94541,  94543,  94547,  94559,
+ 94561,  94573,  94583,  94597,  94603,  94613,  94621,  94649,  94651,  94687,
+ 94693,  94709,  94723,  94727,  94747,  94771,  94777,  94781,  94789,  94793,
+ 94811,  94819,  94823,  94837,  94841,  94847,  94849,  94873,  94889,  94903,
+ 94907,  94933,  94949,  94951,  94961,  94993,  94999,  95003,  95009,  95021,
+ 95027,  95063,  95071,  95083,  95087,  95089,  95093,  95101,  95107,  95111,
+ 95131,  95143,  95153,  95177,  95189,  95191,  95203,  95213,  95219,  95231,
+ 95233,  95239,  95257,  95261,  95267,  95273,  95279,  95287,  95311,  95317,
+ 95327,  95339,  95369,  95383,  95393,  95401,  95413,  95419,  95429,  95441,
+ 95443,  95461,  95467,  95471,  95479,  95483,  95507,  95527,  95531,  95539,
+ 95549,  95561,  95569,  95581,  95597,  95603,  95617,  95621,  95629,  95633,
+ 95651,  95701,  95707,  95713,  95717,  95723,  95731,  95737,  95747,  95773,
+ 95783,  95789,  95791,  95801,  95803,  95813,  95819,  95857,  95869,  95873,
+ 95881,  95891,  95911,  95917,  95923,  95929,  95947,  95957,  95959,  95971,
+ 95987,  95989,  96001,  96013,  96017,  96043,  96053,  96059,  96079,  96097,
+ 96137,  96149,  96157,  96167,  96179,  96181,  96199,  96211,  96221,  96223,
+ 96233,  96259,  96263,  96269,  96281,  96289,  96293,  96323,  96329,  96331,
+ 96337,  96353,  96377,  96401,  96419,  96431,  96443,  96451,  96457,  96461,
+ 96469,  96479,  96487,  96493,  96497,  96517,  96527,  96553,  96557,  96581,
+ 96587,  96589,  96601,  96643,  96661,  96667,  96671,  96697,  96703,  96731,
+ 96737,  96739,  96749,  96757,  96763,  96769,  96779,  96787,  96797,  96799,
+ 96821,  96823,  96827,  96847,  96851,  96857,  96893,  96907,  96911,  96931,
+ 96953,  96959,  96973,  96979,  96989,  96997,  97001,  97003,  97007,  97021,
+ 97039,  97073,  97081,  97103,  97117,  97127,  97151,  97157,  97159,  97169,
+ 97171,  97177,  97187,  97213,  97231,  97241,  97259,  97283,  97301,  97303,
+ 97327,  97367,  97369,  97373,  97379,  97381,  97387,  97397,  97423,  97429,
+ 97441,  97453,  97459,  97463,  97499,  97501,  97511,  97523,  97547,  97549,
+ 97553,  97561,  97571,  97577,  97579,  97583,  97607,  97609,  97613,  97649,
+ 97651,  97673,  97687,  97711,  97729,  97771,  97777,  97787,  97789,  97813,
+ 97829,  97841,  97843,  97847,  97849,  97859,  97861,  97871,  97879,  97883,
+ 97919,  97927,  97931,  97943,  97961,  97967,  97973,  97987,  98009,  98011,
+ 98017,  98041,  98047,  98057,  98081,  98101,  98123,  98129,  98143,  98179,
+ 98207,  98213,  98221,  98227,  98251,  98257,  98269,  98297,  98299,  98317,
+ 98321,  98323,  98327,  98347,  98369,  98377,  98387,  98389,  98407,  98411,
+ 98419,  98429,  98443,  98453,  98459,  98467,  98473,  98479,  98491,  98507,
+ 98519,  98533,  98543,  98561,  98563,  98573,  98597,  98621,  98627,  98639,
+ 98641,  98663,  98669,  98689,  98711,  98713,  98717,  98729,  98731,  98737,
+ 98773,  98779,  98801,  98807,  98809,  98837,  98849,  98867,  98869,  98873,
+ 98887,  98893,  98897,  98899,  98909,  98911,  98927,  98929,  98939,  98947,
+ 98953,  98963,  98981,  98993,  98999,  99013,  99017,  99023,  99041,  99053,
+ 99079,  99083,  99089,  99103,  99109,  99119,  99131,  99133,  99137,  99139,
+ 99149,  99173,  99181,  99191,  99223,  99233,  99241,  99251,  99257,  99259,
+ 99277,  99289,  99317,  99347,  99349,  99367,  99371,  99377,  99391,  99397,
+ 99401,  99409,  99431,  99439,  99469,  99487,  99497,  99523,  99527,  99529,
+ 99551,  99559,  99563,  99571,  99577,  99581,  99607,  99611,  99623,  99643,
+ 99661,  99667,  99679,  99689,  99707,  99709,  99713,  99719,  99721,  99733,
+ 99761,  99767,  99787,  99793,  99809,  99817,  99823,  99829,  99833,  99839,
+ 99859,  99871,  99877,  99881,  99901,  99907,  99923,  99929,  99961,  99971,
+ 99989,  99991, 100003, 100019, 100043, 100049, 100057, 100069, 100103, 100109,
+100129, 100151, 100153, 100169, 100183, 100189, 100193, 100207, 100213, 100237,
+100267, 100271, 100279, 100291, 100297, 100313, 100333, 100343, 100357, 100361,
+100363, 100379, 100391, 100393, 100403, 100411, 100417, 100447, 100459, 100469,
+100483, 100493, 100501, 100511, 100517, 100519, 100523, 100537, 100547, 100549,
+100559, 100591, 100609, 100613, 100621, 100649, 100669, 100673, 100693, 100699,
+100703, 100733, 100741, 100747, 100769, 100787, 100799, 100801, 100811, 100823,
+100829, 100847, 100853, 100907, 100913, 100927, 100931, 100937, 100943, 100957,
+100981, 100987, 100999, 101009, 101021, 101027, 101051, 101063, 101081, 101089,
+101107, 101111, 101113, 101117, 101119, 101141, 101149, 101159, 101161, 101173,
+101183, 101197, 101203, 101207, 101209, 101221, 101267, 101273, 101279, 101281,
+101287, 101293, 101323, 101333, 101341, 101347, 101359, 101363, 101377, 101383,
+101399, 101411, 101419, 101429, 101449, 101467, 101477, 101483, 101489, 101501,
+101503, 101513, 101527, 101531, 101533, 101537, 101561, 101573, 101581, 101599,
+101603, 101611, 101627, 101641, 101653, 101663, 101681, 101693, 101701, 101719,
+101723, 101737, 101741, 101747, 101749, 101771, 101789, 101797, 101807, 101833,
+101837, 101839, 101863, 101869, 101873, 101879, 101891, 101917, 101921, 101929,
+101939, 101957, 101963, 101977, 101987, 101999, 102001, 102013, 102019, 102023,
+102031, 102043, 102059, 102061, 102071, 102077, 102079, 102101, 102103, 102107,
+102121, 102139, 102149, 102161, 102181, 102191, 102197, 102199, 102203, 102217,
+102229, 102233, 102241, 102251, 102253, 102259, 102293, 102299, 102301, 102317,
+102329, 102337, 102359, 102367, 102397, 102407, 102409, 102433, 102437, 102451,
+102461, 102481, 102497, 102499, 102503, 102523, 102533, 102539, 102547, 102551,
+102559, 102563, 102587, 102593, 102607, 102611, 102643, 102647, 102653, 102667,
+102673, 102677, 102679, 102701, 102761, 102763, 102769, 102793, 102797, 102811,
+102829, 102841, 102859, 102871, 102877, 102881, 102911, 102913, 102929, 102931,
+102953, 102967, 102983, 103001, 103007, 103043, 103049, 103067, 103069, 103079,
+103087, 103091, 103093, 103099, 103123, 103141, 103171, 103177, 103183, 103217,
+103231, 103237, 103289, 103291, 103307, 103319, 103333, 103349, 103357, 103387,
+103391, 103393, 103399, 103409, 103421, 103423, 103451, 103457, 103471, 103483,
+103511, 103529, 103549, 103553, 103561, 103567, 103573, 103577, 103583, 103591,
+103613, 103619, 103643, 103651, 103657, 103669, 103681, 103687, 103699, 103703,
+103723, 103769, 103787, 103801, 103811, 103813, 103837, 103841, 103843, 103867,
+103889, 103903, 103913, 103919, 103951, 103963, 103967, 103969, 103979, 103981,
+103991, 103993, 103997, 104003, 104009, 104021, 104033, 104047, 104053, 104059,
+104087, 104089, 104107, 104113, 104119, 104123, 104147, 104149, 104161, 104173,
+104179, 104183, 104207, 104231, 104233, 104239, 104243, 104281, 104287, 104297,
+104309, 104311, 104323, 104327, 104347, 104369, 104381, 104383, 104393, 104399,
+104417, 104459, 104471, 104473, 104479, 104491, 104513, 104527, 104537, 104543,
+104549, 104551, 104561, 104579, 104593, 104597, 104623, 104639, 104651, 104659,
+104677, 104681, 104683, 104693, 104701, 104707, 104711, 104717, 104723, 104729,
+)
diff --git a/lib/Python/Lib/Crypto/Util/py21compat.py b/lib/Python/Lib/Crypto/Util/py21compat.py
new file mode 100644
index 000000000..624408bd2
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Util/py21compat.py
@@ -0,0 +1,84 @@
+# -*- coding: utf-8 -*-
+#
+#  Util/py21compat.py : Compatibility code for Python 2.1
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Compatibility code for Python 2.1
+
+Currently, this just defines:
+    - True and False
+    - object
+    - isinstance
+"""
+
+__revision__ = "$Id$"
+__all__ = []
+
+import sys
+import __builtin__
+
+# 'True' and 'False' aren't defined in Python 2.1.  Define them.
+try:
+    True, False
+except NameError:
+    (True, False) = (1, 0)
+    __all__ += ['True', 'False']
+
+# New-style classes were introduced in Python 2.2.  Defining "object" in Python
+# 2.1 lets us use new-style classes in versions of Python that support them,
+# while still maintaining backward compatibility with old-style classes
+try:
+    object
+except NameError:
+    class object: pass
+    __all__ += ['object']
+
+# Starting with Python 2.2, isinstance allows a tuple for the second argument.
+# Also, builtins like "tuple", "list", "str", "unicode", "int", and "long"
+# became first-class types, rather than functions.  We want to support
+# constructs like:
+#   isinstance(x, (int, long))
+# So we hack it for Python 2.1.
+try:
+    isinstance(5, (int, long))
+except TypeError:
+    __all__ += ['isinstance']
+    _builtin_type_map = {
+        tuple: type(()),
+        list: type([]),
+        str: type(""),
+        unicode: type(u""),
+        int: type(0),
+        long: type(0L),
+    }
+    def isinstance(obj, t):
+        if not __builtin__.isinstance(t, type(())):
+            # t is not a tuple
+            return __builtin__.isinstance(obj, _builtin_type_map.get(t, t))
+        else:
+            # t is a tuple
+            for typ in t:
+                if __builtin__.isinstance(obj, _builtin_type_map.get(typ, typ)):
+                    return True
+            return False
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/Util/py3compat.py b/lib/Python/Lib/Crypto/Util/py3compat.py
new file mode 100644
index 000000000..34e5224f3
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Util/py3compat.py
@@ -0,0 +1,107 @@
+# -*- coding: utf-8 -*-
+#
+#  Util/py3compat.py : Compatibility code for handling Py3k / Python 2.x
+#
+# Written in 2010 by Thorsten Behrens
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Compatibility code for handling string/bytes changes from Python 2.x to Py3k
+
+In Python 2.x, strings (of type ''str'') contain binary data, including encoded
+Unicode text (e.g. UTF-8).  The separate type ''unicode'' holds Unicode text.
+Unicode literals are specified via the u'...' prefix.  Indexing or slicing
+either type always produces a string of the same type as the original.
+Data read from a file is always of '''str'' type.
+
+In Python 3.x, strings (type ''str'') may only contain Unicode text. The u'...'
+prefix and the ''unicode'' type are now redundant.  A new type (called
+''bytes'') has to be used for binary data (including any particular
+''encoding'' of a string).  The b'...' prefix allows one to specify a binary
+literal.  Indexing or slicing a string produces another string.  Slicing a byte
+string produces another byte string, but the indexing operation produces an
+integer.  Data read from a file is of '''str'' type if the file was opened in
+text mode, or of ''bytes'' type otherwise.
+
+Since PyCrypto aims at supporting both Python 2.x and 3.x, the following helper
+functions are used to keep the rest of the library as independent as possible
+from the actual Python version.
+
+In general, the code should always deal with binary strings, and use integers
+instead of 1-byte character strings.
+
+b(s)
+    Take a text string literal (with no prefix or with u'...' prefix) and
+    make a byte string.
+bchr(c)
+    Take an integer and make a 1-character byte string.
+bord(c)
+    Take the result of indexing on a byte string and make an integer.
+tobytes(s)
+    Take a text string, a byte string, or a sequence of character taken from
+    a byte string and make a byte string.
+"""
+
+__revision__ = "$Id$"
+
+import sys
+
+if sys.version_info[0] == 2:
+    def b(s):
+        return s
+    def bchr(s):
+        return chr(s)
+    def bstr(s):
+        return str(s)
+    def bord(s):
+        return ord(s)
+    if sys.version_info[1] == 1:
+        def tobytes(s):
+            try:
+                return s.encode('latin-1')
+            except:
+                return ''.join(s)
+    else:
+        def tobytes(s):
+            if isinstance(s, unicode):
+                return s.encode("latin-1")
+            else:
+                return ''.join(s)
+else:
+    def b(s):
+       return s.encode("latin-1") # utf-8 would cause some side-effects we don't want
+    def bchr(s):
+        return bytes([s])
+    def bstr(s):
+        if isinstance(s,str):
+            return bytes(s,"latin-1")
+        else:
+            return bytes(s)
+    def bord(s):
+        return s
+    def tobytes(s):
+        if isinstance(s,bytes):
+            return s
+        else:
+            if isinstance(s,str):
+                return s.encode("latin-1")
+            else:
+                return bytes(s)
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/Util/randpool.py b/lib/Python/Lib/Crypto/Util/randpool.py
new file mode 100644
index 000000000..8b5a0b75d
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Util/randpool.py
@@ -0,0 +1,82 @@
+#
+#  randpool.py : Cryptographically strong random number generation
+#
+# Part of the Python Cryptography Toolkit
+#
+# Written by Andrew M. Kuchling, Mark Moraes, and others
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+#
+
+__revision__ = "$Id$"
+
+from Crypto.pct_warnings import RandomPool_DeprecationWarning
+import Crypto.Random
+import warnings
+
+class RandomPool:
+    """Deprecated.  Use Random.new() instead.
+
+    See http://www.pycrypto.org/randpool-broken
+    """
+    def __init__(self, numbytes = 160, cipher=None, hash=None, file=None):
+        warnings.warn("This application uses RandomPool, which is BROKEN in older releases.  See http://www.pycrypto.org/randpool-broken",
+            RandomPool_DeprecationWarning)
+        self.__rng = Crypto.Random.new()
+        self.bytes = numbytes
+        self.bits = self.bytes * 8
+        self.entropy = self.bits
+
+    def get_bytes(self, N):
+        return self.__rng.read(N)
+
+    def _updateEntropyEstimate(self, nbits):
+        self.entropy += nbits
+        if self.entropy < 0:
+            self.entropy = 0
+        elif self.entropy > self.bits:
+            self.entropy = self.bits
+
+    def _randomize(self, N=0, devname="/dev/urandom"):
+        """Dummy _randomize() function"""
+        self.__rng.flush()
+
+    def randomize(self, N=0):
+        """Dummy randomize() function"""
+        self.__rng.flush()
+
+    def stir(self, s=''):
+        """Dummy stir() function"""
+        self.__rng.flush()
+
+    def stir_n(self, N=3):
+        """Dummy stir_n() function"""
+        self.__rng.flush()
+
+    def add_event(self, s=''):
+        """Dummy add_event() function"""
+        self.__rng.flush()
+
+    def getBytes(self, N):
+        """Dummy getBytes() function"""
+        return self.get_bytes(N)
+
+    def addEvent(self, event, s=""):
+        """Dummy addEvent() function"""
+        return self.add_event()
diff --git a/lib/Python/Lib/Crypto/Util/winrandom.py b/lib/Python/Lib/Crypto/Util/winrandom.py
new file mode 100644
index 000000000..0242815af
--- /dev/null
+++ b/lib/Python/Lib/Crypto/Util/winrandom.py
@@ -0,0 +1,28 @@
+#
+#  Util/winrandom.py : Stub for Crypto.Random.OSRNG.winrandom
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+__revision__ = "$Id$"
+
+from Crypto.Random.OSRNG.winrandom import *
+
+# vim:set ts=4 sw=4 sts=4 expandtab:
diff --git a/lib/Python/Lib/Crypto/__init__.py b/lib/Python/Lib/Crypto/__init__.py
new file mode 100644
index 000000000..c27402e3a
--- /dev/null
+++ b/lib/Python/Lib/Crypto/__init__.py
@@ -0,0 +1,51 @@
+# -*- coding: utf-8 -*-
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+"""Python Cryptography Toolkit
+
+A collection of cryptographic modules implementing various algorithms
+and protocols.
+
+Subpackages:
+
+Crypto.Cipher
+ Secret-key (AES, DES, ARC4) and public-key encryption (RSA PKCS#1) algorithms
+Crypto.Hash
+ Hashing algorithms (MD5, SHA, HMAC)
+Crypto.Protocol
+ Cryptographic protocols (Chaffing, all-or-nothing transform, key derivation
+ functions). This package does not contain any network protocols.
+Crypto.PublicKey
+ Public-key encryption and signature algorithms (RSA, DSA)
+Crypto.Signature
+ Public-key signature algorithms (RSA PKCS#1) 
+Crypto.Util
+ Various useful modules and functions (long-to-string conversion, random number
+ generation, number theoretic functions)
+"""
+
+__all__ = ['Cipher', 'Hash', 'Protocol', 'PublicKey', 'Util', 'Signature']
+
+__version__ = '2.6.1'     # See also below and setup.py
+__revision__ = "$Id$"
+
+# New software should look at this instead of at __version__ above.
+version_info = (2, 6, 1, 'final', 0)    # See also above and setup.py
+
diff --git a/lib/Python/Lib/Crypto/pct_warnings.py b/lib/Python/Lib/Crypto/pct_warnings.py
new file mode 100644
index 000000000..9b4361e4d
--- /dev/null
+++ b/lib/Python/Lib/Crypto/pct_warnings.py
@@ -0,0 +1,60 @@
+# -*- coding: ascii -*-
+#
+#  pct_warnings.py : PyCrypto warnings file
+#
+# Written in 2008 by Dwayne C. Litzenberger <dlitz@dlitz.net>
+#
+# ===================================================================
+# The contents of this file are dedicated to the public domain.  To
+# the extent that dedication to the public domain is not available,
+# everyone is granted a worldwide, perpetual, royalty-free,
+# non-exclusive license to exercise all rights associated with the
+# contents of this file for any purpose whatsoever.
+# No rights are reserved.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# ===================================================================
+
+#
+# Base classes.  All our warnings inherit from one of these in order to allow
+# the user to specifically filter them.
+#
+
+class CryptoWarning(Warning):
+    """Base class for PyCrypto warnings"""
+
+class CryptoDeprecationWarning(DeprecationWarning, CryptoWarning):
+    """Base PyCrypto DeprecationWarning class"""
+
+class CryptoRuntimeWarning(RuntimeWarning, CryptoWarning):
+    """Base PyCrypto RuntimeWarning class"""
+
+#
+# Warnings that we might actually use
+#
+
+class RandomPool_DeprecationWarning(CryptoDeprecationWarning):
+    """Issued when Crypto.Util.randpool.RandomPool is instantiated."""
+
+class ClockRewindWarning(CryptoRuntimeWarning):
+    """Warning for when the system clock moves backwards."""
+
+class GetRandomNumber_DeprecationWarning(CryptoDeprecationWarning):
+    """Issued when Crypto.Util.number.getRandomNumber is invoked."""
+
+class PowmInsecureWarning(CryptoRuntimeWarning):
+    """Warning for when _fastmath is built without mpz_powm_sec"""
+
+# By default, we want this warning to be shown every time we compensate for
+# clock rewinding.
+import warnings as _warnings
+_warnings.filterwarnings('always', category=ClockRewindWarning, append=1)
+
+# vim:set ts=4 sw=4 sts=4 expandtab: