o c#@sddlZddlmZddlmZmZmZmZddlm Z m Z m Z m Z m Z ddlmZGdddejZGdd d ejZGd d d ZGd d d eZGdddeZdS)N)utils)AlreadyFinalized InvalidKeyUnsupportedAlgorithm_Reasons)cipherscmac constant_timehasheshmac)KeyDerivationFunctionc@seZdZdZdS)ModectrN)__name__ __module__ __qualname__ CounterModerrU/opt/certbot/lib/python3.10/site-packages/cryptography/hazmat/primitives/kdf/kbkdf.pyr sr c@seZdZdZdZdZdS)CounterLocation before_fixed after_fixed middle_fixedN)rrr BeforeFixed AfterFixed MiddleFixedrrrrrsrc@seZdZdejdedededejededejedeje d eje d eje fd d Z e d ede fddZ de dede fddZde fddZdS) _KBKDFDeriverprfmodelengthrlenllenlocationbreak_locationlabelcontextfixedc Cslt|sJt|tstdt|tstd|dur%|tjur%td|dur2|tjkr2td|dur?t|ts?td|durK|dkrKtd|sO| rU| rUtd|dus^||sbtd |durn| durntd |dur{t|ts{td |durd }| durd } t d |t d| ||_ ||_ ||_ ||_||_||_||_||_| |_d|_| |_dS)Nzmode must be of type Modez(location must be of type CounterLocationzPlease specify a break_locationzJbreak_location is ignored when location is not CounterLocation.MiddleFixedz!break_location must be an integerrz)break_location must be a positive integerz9When supplying fixed data, label and context are ignored.zrlen must be between 1 and 4zPlease specify an llenzllen must be an integerr$r%F)callable isinstancer TypeErrorrr ValueErrorint_valid_byte_lengthr _check_bytes_prf_mode_length_rlen_llen _location_break_location_label_context_used _fixed_data) selfrrrr r!r"r#r$r%r&rrr__init__#sZ      z_KBKDFDeriver.__init__valuereturncCsBt|ts tdtd|}dt|krdksdSdSdS)Nzvalue must be of type intFT)r)r,r*r int_to_byteslen)r< value_binrrrr-ls  z _KBKDFDeriver._valid_byte_length key_materialprf_output_sizec Cs6|jrttd|d|_|j | }dg}td|j}|tdt|ddkr0t d| }|j t j kr?d}|}n*|j t jkrJ|}d}nt|jtr[|jt|kr[t d|d|j}||jd}td|dD] } ||} t| |j} || |} | | || qpd|d|jS) NrCTr'r>zThere are too many iterations.z"break_location offset > len(fixed))r8rr_check_bytesliker1r@r2powrAr+_generate_fixed_inputr4rrrr)r5r,ranger/updateappendfinalizejoin) r:rCrDroundsoutputr_binr&data_before_ctrdata_after_ctrihcounter input_datarrrderivevs>       z_KBKDFDeriver.derivecCsB|jr t|jtr |jSt|jd|j}d|jd|j |gS)NrFr') r9r)bytesrr@r1r3rNr6r7)r:l_valrrrrIsz#_KBKDFDeriver._generate_fixed_inputN)rrrtypingCallabler r,OptionalrrZr; staticmethodboolr-rXrIrrrrr"s4   I 0rc@seZdZ ddddejdedededejede d eje d eje d eje d ej d ejefddZ de de jfddZde de fddZde de ddfddZdS) KBKDFHMACNr# algorithmrrr r!r"r$r%r&backendr#c  Csbt|tjs tdtjddlm} | |stdtj||_ t |j |||||| ||| |_ dS)Nz5Algorithm supplied is not a supported hash algorithm.rrdz5Algorithm supplied is not a supported hmac algorithm.) r)r HashAlgorithmrrUNSUPPORTED_HASH,cryptography.hazmat.backends.openssl.backendrdhmac_supported _algorithmrr/_deriver) r:rcrrr r!r"r$r%r&rdr#osslrrrr;s0    zKBKDFHMAC.__init__rCr=cCst||jSN)r HMACrjr:rCrrrr/szKBKDFHMAC._prfcCs|j||jjSrm)rkrXrj digest_sizerorrrrXszKBKDFHMAC.derive expected_keycCt|||s tdSrmr bytes_eqrXrr:rCrqrrrverifyzKBKDFHMAC.verifyrm)rrrr rfr r,r\r^rrZAnyr;r rnr/rXrvrrrrras<      .rac@seZdZ ddddedededejededejed ejed ejed ej d ejefd dZ dede j fddZ dedefddZdededdfddZdS) KBKDFCMACNrbrrr r!r"r$r%r&rdr#c  CsRt|tjr t|tjstdtj||_d|_t |j |||||| ||| |_ dS)N7Algorithm supplied is not a supported cipher algorithm.) issubclassrBlockCipherAlgorithmCipherAlgorithmrrUNSUPPORTED_CIPHERrj_cipherrr/rk) r:rcrrr r!r"r$r%r&rdr#rrrr;s.  zKBKDFCMAC.__init___r=cCs|jdusJt|jSrm)rrCMAC)r:rrrrr/s zKBKDFCMAC._prfrCcCsT|||_|jdus Jddlm}||jstdtj|j ||jj dS)NrrerzrF) rjrrhrdcmac_algorithm_supportedrrr~rkrX block_size)r:rCrlrrrrXs   zKBKDFCMAC.deriverqcCrrrmrsrurrrrv'rwzKBKDFCMAC.verifyrm)rrrr r,r\r^rrZrxr;rrr/rXrvrrrrrys8      'ry)r\ cryptographyrcryptography.exceptionsrrrrcryptography.hazmat.primitivesrrr r r "cryptography.hazmat.primitives.kdfr Enumr rrraryrrrrs  :