a  `yL@sDddlmZmZmZddlmZddlmZmZm Z ddl m Z m Z m Z ddlmZddlmZmZmZddlmZmZmZmZmZmZddlmZmZd d Zd d Zd dZ ddZ!ddZ"ddZ#ddZ$ddZ%e&eGddde'Z(e&eGddde'Z)e&eGddde'Z*e&eGdd d e'Z+d!S)")absolute_importdivisionprint_function)utils)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_check_not_prehashed_warn_sign_verify_deprecated)hashes)AsymmetricSignatureContextAsymmetricVerificationContextrsa)AsymmetricPaddingMGF1OAEPPKCS1v15PSScalculate_max_pss_salt_length)RSAPrivateKeyWithSerializationRSAPublicKeyWithSerializationcCs,|j}|tjus|tjur$t||S|SdSN)Z _salt_lengthrZ MAX_LENGTHrr)ZpsskeyZhash_algorithmZsaltrJ/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/rsa.py_get_rsa_pss_salt_length&s rcCst|tstdt|tr&|jj}nVt|trh|jj}t|jt sPt dt j | |s|t dt jnt d|jt jt|||||S)Nz1Padding must be an instance of AsymmetricPadding.'Only MGF1 is supported by this backend.zPThis combination of padding and hash algorithm is not supported by this backend.${} is not supported by this backend.) isinstancer TypeErrorr_libRSA_PKCS1_PADDINGrZRSA_PKCS1_OAEP_PADDING_mgfrrrUNSUPPORTED_MGFZrsa_padding_supportedUNSUPPORTED_PADDINGformatname_enc_dec_rsa_pkey_ctx)backendrdatapadding padding_enumrrr _enc_dec_rsa/s*       r-cCs t|tr|jj}|jj}n|jj}|jj}|j|j|j j }| ||j j k|j ||jj }||}| |dk|j||}| |dk|j|j} | | dkt|tr|jjr||jj} |j|| }| |dk||j} |j|| }| |dkt|tr|jdurt|jdkr|jt|j} | | |j j k|j | |jt|j|j|| t|j}| |dk|j d| } |j d| }|||| |t|}|j |d| d}|j|dkrtd|S)Nrsize_t *unsigned char[]zEncryption/decryption failed.) r _RSAPublicKeyr!ZEVP_PKEY_encrypt_initZEVP_PKEY_encryptZEVP_PKEY_decrypt_initZEVP_PKEY_decryptEVP_PKEY_CTX_new _evp_pkey_ffiNULLopenssl_assertgcEVP_PKEY_CTX_freeEVP_PKEY_CTX_set_rsa_padding EVP_PKEY_sizerZCryptography_HAS_RSA_OAEP_MD_evp_md_non_null_from_algorithmr# _algorithmEVP_PKEY_CTX_set_rsa_mgf1_mdZEVP_PKEY_CTX_set_rsa_oaep_mdZ_labellenZOPENSSL_mallocZmemmoveZ EVP_PKEY_CTX_set0_rsa_oaep_labelnewbufferERR_clear_error ValueError)r)rr*r,r+ZinitZcryptpkey_ctxresZbuf_sizemgf1_mdZoaep_mdZlabelptrZoutlenbufresbufrrrr(NsX       r(cCst|tstd|j|j}||dkt|trB|jj}nnt|t rt|j t sdt dt jt|tjsxtd||jddkrtd|jj}nt d|jt j|S)Nz'Expected provider of AsymmetricPadding.rrz*Expected instance of hashes.HashAlgorithm.zDDigest too large for key size. Use a larger key or different digest.r)rrr r!r:r3r6rr"rr#rrrr$r Z HashAlgorithmZ digest_sizerBZRSA_PKCS1_PSS_PADDINGr&r'r%)r)rr+ algorithmZ pkey_sizer,rrr_rsa_sig_determine_paddings0        rJc Cs0t||||}|j|j|jj}|||jjk|j||jj}||}||dk|dur| |}|j ||}|dkr| t d |jtj|j||}|dkr| t d |jtjt|tr,|j|t|||}||dk| |jj} |j|| }||dk|S)Nr.rz4{} is not supported by this backend for RSA signing.z4{} is not supported for the RSA signature operation.)rJr!r2r3r4r5r6r7r8r;ZEVP_PKEY_CTX_set_signature_md_consume_errorsrr&r'rZUNSUPPORTED_HASHr9r%rrZ EVP_PKEY_CTX_set_rsa_pss_saltlenrr#r<r=) r)r+rIrZ init_funcr,rCrDZevp_mdrErrr_rsa_sig_setupsJ   rLc Cst|||||jj}|jd}|j||jj||t|}||dk|jd|d}|j||||t|}|dkr| } t d| |j |ddS)Nr/r.r0rzuDigest or salt length too long for key size. Use a larger key or shorter salt length if you are specifying a PSS salt) rLr!ZEVP_PKEY_sign_initr4r?Z EVP_PKEY_signr5r>r6_consume_errors_with_textrBr@) r)r+rI private_keyr*rCbuflenrDrFerrorsrrr _rsa_sig_signs* rQcCsVt|||||jj}|j||t||t|}||dk|dkrR|tdS)Nr)rLr!ZEVP_PKEY_verify_initZEVP_PKEY_verifyr>r6rKr)r)r+rI public_key signaturer*rCrDrrr_rsa_sig_verifysrTc Cst|||||jj}|j|j}||dk|jd|}|jd|}|j||||t |} |j |d|d} |j | dkrt | S)Nrr0r/r.) rLr!ZEVP_PKEY_verify_recover_initr:r3r6r4r?ZEVP_PKEY_verify_recoverr>r@rAr) r)r+rIrRrSrCmaxlenrFrOrDrGrrr_rsa_sig_recover s&  rVc@s$eZdZddZddZddZdS)_RSASignatureContextcCs<||_||_t||||||_||_t|j|j|_dSr)_backend _private_keyrJ_paddingr<r Hash _hash_ctx)selfr)rNr+rIrrr__init__,s z_RSASignatureContext.__init__cCs|j|dSrr\updater]r*rrrr`8sz_RSASignatureContext.updatecCst|j|j|j|j|jSr)rQrXrZr<rYr\finalizer]rrrrb;sz_RSASignatureContext.finalizeN)__name__ __module__ __qualname__r^r`rbrrrrrW*s rWc@s$eZdZddZddZddZdS)_RSAVerificationContextcCsF||_||_||_||_t|||||}||_t|j|j|_dSr) rX _public_key _signaturerZrJr<r r[r\)r]r)rRrSr+rIrrrr^Gsz _RSAVerificationContext.__init__cCs|j|dSrr_rarrrr`Usz_RSAVerificationContext.updatecCs"t|j|j|j|j|j|jSr)rTrXrZr<rhrir\rbrcrrrverifyXsz_RSAVerificationContext.verifyN)rdrerfr^r`rjrrrrrgEsrgc@sNeZdZddZedZddZddZdd Z d d Z d d Z ddZ dS)_RSAPrivateKeycCs|j|}|dkr&|}td||j||jj}||dk||_||_ ||_ |jj d}|jj |j ||jjj|jjj|j|d|jjjk|jj |d|_dS)Nr.zInvalid private key BIGNUM **r)r!Z RSA_check_keyrMrBZRSA_blinding_onr4r5r6rX _rsa_cdatar3r? RSA_get0_key BN_num_bits _key_size)r]r) rsa_cdataevp_pkeyrDrPnrrrr^es$  z_RSAPrivateKey.__init__rpcCstt|t|j|||Sr)r r rWrX)r]r+rIrrrsignersz_RSAPrivateKey.signercCs2|jdd}|t|kr"tdt|j|||S)Nz,Ciphertext length must be equal to key size.)key_sizer>rBr-rX)r]Z ciphertextr+Zkey_size_bytesrrrdecrypts z_RSAPrivateKey.decryptcCsV|jj|j}|j||jjjk|jj||jjj}|j |}t |j||Sr) rXr!ZRSAPublicKey_duprmr6r4r5r7ZRSA_freeZ_rsa_cdata_to_evp_pkeyr1)r]ctxrrrrrrRs  z_RSAPrivateKey.public_keyc Cs|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jj|j||||j|d|jjjk|j|d|jjjk|j|d|jjjk|jj|j|||j|d|jjjk|j|d|jjjk|jj |j||||j|d|jjjk|j|d|jjjk|j|d|jjjkt j |j |d|j |d|j |d|j |d|j |d|j |dt j |j |d|j |dddS)Nrlrers)pqddmp1dmq1iqmppublic_numbers)rXr4r?r!rnrmr6r5ZRSA_get0_factorsZRSA_get0_crt_paramsrZRSAPrivateNumbers _bn_to_intRSAPublicNumbers) r]rsr{r~r|r}rrrrrrprivate_numberssB z_RSAPrivateKey.private_numberscCs|j|||||j|jSr)rXZ_private_key_bytesr3rm)r]encodingr&Zencryption_algorithmrrr private_bytessz_RSAPrivateKey.private_bytescCs$t|j||\}}t|j||||Sr)r rXrQ)r]r*r+rIrrrsignsz_RSAPrivateKey.signN) rdrerfr^rread_only_propertyrwrtrxrRrrrrrrrrkcs # rkc@sNeZdZddZedZddZddZdd Z d d Z d d Z ddZ dS)r1cCst||_||_||_|jjd}|jj|j||jjj|jjj|j|d|jjjk|jj |d|_ dS)Nrlr) rXrmr3r4r?r!rnr5r6rorp)r]r)rqrrrsrrrr^sz_RSAPublicKey.__init__rpcCs,ttd|t|t|j||||S)NrS)r r _check_bytesr rgrXr]rSr+rIrrrverifiers   z_RSAPublicKey.verifiercCst|j|||Sr)r-rX)r]Z plaintextr+rrrencryptsz_RSAPublicKey.encryptcCs|jjd}|jjd}|jj|j|||jjj|j|d|jjjk|j|d|jjjktj |j |d|j |ddS)Nrlrrz) rXr4r?r!rnrmr5r6rrr)r]rsr{rrrrsz_RSAPublicKey.public_numberscCs|j||||j|jSr)rXZ_public_key_bytesr3rm)r]rr&rrr public_bytessz_RSAPublicKey.public_bytescCs&t|j||\}}t|j|||||Sr)r rXrT)r]rSr*r+rIrrrrjs z_RSAPublicKey.verifycCst|t|j||||Sr)r rVrXrrrrrecover_data_from_signatures z)_RSAPublicKey.recover_data_from_signatureN) rdrerfr^rrrwrrrrrjrrrrrr1s   r1N),Z __future__rrrZ cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsr r r Zcryptography.hazmat.primitivesr Z)cryptography.hazmat.primitives.asymmetricr rrZ1cryptography.hazmat.primitives.asymmetric.paddingrrrrrrZ-cryptography.hazmat.primitives.asymmetric.rsarrrr-r(rJrLrQrTrVZregister_interfaceobjectrWrgrkr1rrrrs.    ;+*c