o c @sddlZddlZddlmZddlmZmZddlmZm Z ddl m Z Gdddej dZ Gd d d e ej dZGd d d e ej dZGd dde ej dZGddde ej dZde de ddfddZdededdfddZdedede ddfddZdede ddfddZGdddeZGd d!d!eZGd"d#d#e ZGd$d%d%eZGd&d'd'eZGd(d)d)eZGd*d+d+eZGd,d-d-eeZdS).N)utils)UnsupportedAlgorithm_Reasons)BlockCipherAlgorithmCipherAlgorithm) algorithmsc@s<eZdZeejdefddZejdeddfddZ dS)ModereturncCdS)z@ A string naming this mode (e.g. "ECB", "CBC"). Nselfr r Y/opt/certbot/lib/python3.10/site-packages/cryptography/hazmat/primitives/ciphers/modes.pynamez Mode.name algorithmNcCr )zq Checks that all the necessary invariants of this (mode, algorithm) combination are met. Nr r rr r rvalidate_for_algorithmrzMode.validate_for_algorithm) __name__ __module__ __qualname__propertyabcabstractmethodstrrrrr r r rrs r) metaclassc@$eZdZeejdefddZdS)ModeWithInitializationVectorr cCr )zP The value of the initialization vector for this mode as bytes. Nr r r r rinitialization_vector#rz2ModeWithInitializationVector.initialization_vectorN)rrrrrrbytesrr r r rr"rc@r) ModeWithTweakr cCr )z@ The value of the tweak for this mode as bytes. Nr r r r rtweak,rzModeWithTweak.tweakN)rrrrrrrr"r r r rr!+r r!c@r) ModeWithNoncer cCr )z@ The value of the nonce for this mode as bytes. Nr r r r rnonce5rzModeWithNonce.nonceN)rrrrrrrr$r r r rr#4r r#c@s*eZdZeejdejefddZ dS)ModeWithAuthenticationTagr cCr )zP The value of the tag supplied to the constructor of this mode. Nr r r r rtag>rzModeWithAuthenticationTag.tagN) rrrrrrtypingOptionalrr&r r r rr%=sr%r rr cCs$|jdkr|jdkrtddSdS)NAESz=Only 128, 192, and 256 bit keys are allowed for this AES mode)key_sizer ValueErrorrr r r_check_aes_key_lengthFs r-cCs0t|jd|jkrtdt|j|jdS)NzInvalid IV size ({}) for {}.)lenr block_sizer,formatrrr r r_check_iv_lengthMs r2r$rcCsFt|tst|dtjt|d|jkr!tdt||dS)N" requires a block cipher algorithmr.zInvalid nonce size ({}) for {}.) isinstancerrrUNSUPPORTED_CIPHERr/r0r,r1)r$rrr r r_check_nonce_lengthXs r6cCs4t|tst|dtjt||t||dS)Nr3)r4rrrr5r-r2rr r r_check_iv_and_key_lengthfs  r7c@4eZdZdZdefddZedefddZeZ dS)CBCrcCtd|||_dSNrr_check_byteslike_initialization_vectorr rr r r__init__u  z CBC.__init__r cC|jSNr>r r r rryzCBC.initialization_vectorN rrrrrr@rrr7rr r r rr9r r9c@BeZdZdZdefddZedefddZdeddfd d Z dS) XTSr"cCs*td|t|dkrtd||_dS)Nr"z!tweak must be 128-bits (16 bytes))rr=r/r,_tweak)r r"r r rr@s   z XTS.__init__r cCrBrC)rKr r r rr"rEz XTS.tweakrNcCs0t|tjtjfr td|jdvrtddS)Nz\The AES128 and AES256 classes do not support XTS, please use the standard AES class instead.)r)iz\The XTS specification requires a 256-bit key for AES-128-XTS and 512-bit key for AES-256-XTS)r4rAES128AES256 TypeErrorr+r,rr r rrs zXTS.validate_for_algorithm) rrrrrr@rr"rrr r r rrIs rIc@seZdZdZeZdS)ECBN)rrrrr-rr r r rrOsrOc@r8)OFBrcCr:r;r<r?r r rr@rAz OFB.__init__r cCrBrCrDr r r rrrEzOFB.initialization_vectorNrFr r r rrPrGrPc@r8)CFBrcCr:r;r<r?r r rr@rAz CFB.__init__r cCrBrCrDr r r rrrEzCFB.initialization_vectorNrFr r r rrQrGrQc@r8)CFB8rcCr:r;r<r?r r rr@rAz CFB8.__init__r cCrBrCrDr r r rrrEzCFB8.initialization_vectorNrFr r r rrRrGrRc@rH) CTRr$cCr:)Nr$)rr=_nonce)r r$r r rr@rAz CTR.__init__r cCrBrC)rTr r r rr$rEz CTR.noncerNcCst||t|j|j|dSrC)r-r6r$rrr r rrs zCTR.validate_for_algorithm) rrrrrr@rr$rrr r r rrSs rSc@sveZdZdZdZdZ  ddedejede fdd Z e d ejefd d Z e d efd dZ ded dfddZdS)GCMl?lNrJrr&min_tag_lengthcCstd|t|dkst|dkrtd||_|dur8td||dkr+tdt||kr8td|||_||_dS) Nrr.zIinitialization_vector must be between 8 and 128 bytes (64 and 1024 bits).r&zmin_tag_length must be >= 4z.Authentication tag must be {} bytes or longer.) rr=r/r,r> _check_bytesr1_tag_min_tag_length)r rr&rVr r rr@s$    z GCM.__init__r cCrBrC)rZr r r rr&rEzGCM.tagcCrBrCrDr r r rrrEzGCM.initialization_vectorrcCsXt||t|tstdtj|jd}|jdur(t|j|kr*t d |dSdS)Nz%GCM requires a block cipher algorithmr.z0Authentication tag cannot be more than {} bytes.) r-r4rrrr5r0rZr/r,r1)r rblock_size_bytesr r rrs   zGCM.validate_for_algorithm)NrJ)rrrr_MAX_ENCRYPTED_BYTES_MAX_AAD_BYTESrr'r(intr@rr&rrrr r r rrUs$ rU) rr' cryptographyrcryptography.exceptionsrr/cryptography.hazmat.primitives._cipheralgorithmrr&cryptography.hazmat.primitives.ciphersrABCMetarrr!r#r%r-r2rrr6r7r9rIrOrPrQrRrSrUr r r rsV