pub fn encrypt(

    let mut blob = vec![0; data.as_ref().len() + EncAlg::block_size()];

    let encrypted_len = EncAlg::new_from_slices(key.as_ref(), iv.as_ref())

        .encrypt_padded_b2b_mut::<Pkcs7>(data.as_ref(), &mut blob)?

    blob.truncate(encrypted_len);

    Ok(blob)

pub fn decrypt(

    let mut data = blob.as_ref().to_vec();

    Ok(DecAlg::new_from_slices(key.as_ref(), iv.as_ref())

        .expect("Invalid key length")

        .decrypt_padded_mut::<Pkcs7>(&mut data)?

        .to_vec()

        .into())

pub(crate) fn decrypt_no_padding(

    let mut data = blob.as_ref().to_vec();

    Ok(DecAlg::new_from_slices(key.as_ref(), iv.as_ref())

        .expect("Invalid key length")

        .decrypt_padded_mut::<NoPadding>(&mut data)?

        .to_vec()

        .into())

pub(crate) fn iv_len() -> usize {

    DecAlg::iv_size()

pub(crate) fn generate_private_key() -> Result<Zeroizing<Vec<u8>>, super::Error> {

    let mut key = vec![0u8; EncAlg::key_size()];

    getrandom::fill(&mut key)?;

    Ok(Zeroizing::new(key))

pub(crate) fn generate_public_key(private_key: impl AsRef<[u8]>) -> Result<Vec<u8>, super::Error> {

    let private_key_uint = BigUint::from_bytes_be(private_key.as_ref());

    static DH_GENERATOR: LazyLock<BigUint> = LazyLock::new(|| BigUint::from_u64(0x2).unwrap());

    let public_key_uint = powm(&DH_GENERATOR, private_key_uint);

    Ok(public_key_uint.to_bytes_be())

pub(crate) fn generate_aes_key(

    let server_public_key_uint = BigUint::from_bytes_be(server_public_key.as_ref());

    let private_key_uint = BigUint::from_bytes_be(private_key.as_ref());

    let common_secret = powm(&server_public_key_uint, private_key_uint);

    let mut common_secret_bytes = common_secret.to_bytes_be();

    let mut common_secret_padded = vec![0; 128 - common_secret_bytes.len()];

    common_secret_padded.append(&mut common_secret_bytes);

    let ikm = common_secret_padded;

    let salt = None;

    let mut okm = Zeroizing::new(vec![0; 16]);

    let (_, hk) = Hkdf::<Sha256>::extract(salt, &ikm);

    hk.expand(&info, okm.as_mut())

    Ok(okm)

pub fn generate_iv() -> Result<Vec<u8>, super::Error> {

    let mut iv = vec![0u8; EncAlg::iv_size()];

    getrandom::fill(&mut iv)?;

    Ok(iv)

pub(crate) fn mac_len() -> usize {

    MacAlg::output_size()

pub(crate) fn compute_mac(data: impl AsRef<[u8]>, key: &Key) -> Result<crate::Mac, super::Error> {

    let mut mac = MacAlg::new_from_slice(key.as_ref()).unwrap();

    mac.update(data.as_ref());

    Ok(crate::Mac::new(mac.finalize().into_bytes().to_vec()))

pub(crate) fn verify_mac(

    let mut mac = MacAlg::new_from_slice(key.as_ref()).unwrap();

    mac.update(data.as_ref());

    Ok(mac.verify_slice(expected_mac.as_ref()).is_ok())

pub(crate) fn verify_checksum_md5(digest: impl AsRef<[u8]>, content: impl AsRef<[u8]>) -> bool {

    let mut hasher = Md5::new();

    hasher.update(content.as_ref());

    hasher.finalize_fixed().ct_eq(digest.as_ref()).into()

pub(crate) fn derive_key(

    let mut key = Key::new_with_strength(vec![0; EncAlg::block_size()], key_strength);

        secret.as_ref(),

        salt.as_ref(),

        iteration_count.try_into().unwrap(),

        key.as_mut(),

    Ok(key)

pub(crate) fn legacy_derive_key_and_iv(

    let mut buffer = vec![0; EncAlg::key_size() + EncAlg::iv_size()];

    let mut hasher = Sha256::new();

    let mut digest_buffer = vec![0; <Sha256 as Digest>::output_size()];

    let digest = Output::<Sha256>::from_mut_slice(digest_buffer.as_mut_slice());

    let mut pos = 0usize;

        hasher.update(secret.as_ref());

        hasher.update(salt.as_ref());

        hasher.finalize_into_reset(digest);

        for _ in 1..iteration_count {

            hasher.update(&digest);

            hasher.finalize_into_reset(digest);

        let to_read = usize::min(digest.len(), buffer.len() - pos);

        buffer[pos..].copy_from_slice(&digest[..to_read]);

        pos += to_read;

        if pos == buffer.len() {

    let iv = buffer.split_off(EncAlg::key_size());

    Ok((Key::new_with_strength(buffer, key_strength), iv))

fn powm(base: &BigUint, mut exp: BigUint) -> BigUint {

    static DH_PRIME: LazyLock<BigUint> = LazyLock::new(|| {

        BigUint::from_bytes_be(&[

    let mut base = base.clone();

    let mut result: BigUint = One::one();

    while !exp.is_zero() {

        if exp.is_odd() {

            result = result.mul(&base).rem(&*DH_PRIME);

        exp = exp.shr(1);

        base = (&base).mul(&base).rem(&*DH_PRIME);

    exp.zeroize();

    result