o c|(@s\ddlZddlmZmZmZddlmZddlmZm Z ej r%ddl m Z GdddZ dS)N) InvalidTagUnsupportedAlgorithm_Reasons)ciphers) algorithmsmodes)Backendc@seZdZdZdZdZdddeddfd d Zd edefd d Z d ededefddZ defddZ dedefddZ d eddfddZ edejefddZdS)_CipherContextri?backendr operationreturnNcCs8||_||_||_||_d|_t|jtjr|jjd|_ nd|_ |jj }|jj ||jj j}|jj}z |t|t|f}WntyYtd|j|rS|jn|tjw||j||}||jj jkrd|} |durx| d|7} | d|j7} t| tjt|tjr|jj |j} n2t|tjr|jj |j} n#t|tjr|jj |j } nt|t!j"r|jj |j } n|jj j} |jj #|||jj j|jj j|jj j|} |j$| dk|jj %|t&|j'} |j$| dkt|tj(r=|jj )||jj j*t&| |jj j} |j$| dk|j+dur=|jj )||jj j,t&|j+|j+} |j$| dk|j+|_|jj #||jj j|jj j|jj |j'| |} |j-} |jj } | dkr| j.rr| d/| j0| j1s| j2r| d/| j3| j4rt5d|jj$| dk| d |jj 6|d||_7dS) Nr z6cipher {} in {} mode is not supported by this backend.zcipher {0.name} zin {0.name} mode z_is not supported by this backend (Your version of OpenSSL may be too old. Current version: {}.)rz+In XTS mode duplicated keys are not allowederrors)8_backend_cipher_mode _operation_tag isinstancerBlockCipherAlgorithm block_size_block_size_bytes_libEVP_CIPHER_CTX_new_ffigcEVP_CIPHER_CTX_free_cipher_registrytypeKeyErrorrformatnamerUNSUPPORTED_CIPHERNULLopenssl_version_textrModeWithInitializationVector from_bufferinitialization_vector ModeWithTweaktweak ModeWithNoncenoncerChaCha20EVP_CipherInit_exopenssl_assertEVP_CIPHER_CTX_set_key_lengthlenkeyGCMEVP_CIPHER_CTX_ctrlEVP_CTRL_AEAD_SET_IVLENtagEVP_CTRL_AEAD_SET_TAG_consume_errors$CRYPTOGRAPHY_OPENSSL_111D_OR_GREATER_lib_reason_match ERR_LIB_EVPEVP_R_XTS_DUPLICATED_KEYSCryptography_HAS_PROVIDERS ERR_LIB_PROVPROV_R_XTS_DUPLICATED_KEYS ValueErrorEVP_CIPHER_CTX_set_padding_ctx)selfr ciphermoder ctxregistryadapter evp_ciphermsgiv_nonceresrlibrOY/opt/certbot/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ciphers.py__init__s                  z_CipherContext.__init__datacCs2tt||jd}|||}t|d|S)Nr ) bytearrayr2r update_intobytes)rDrRbufnrOrOrPupdates z_CipherContext.updaterVc Cst|}t|||jdkrtdt||jdd}d}|jjd}|jjj|dd}|jj|}||kr||} ||} t|j ||} |jj |j | || | } | dkrlt |jtjrl|jtd|j| dk|| 7}||d7}||ks<|S)Nr z1buffer must be at least {} bytes for this payloadrint *T)require_writablezeIn XTS mode you must supply at least a full block in the first update call. For AES this is 16 bytes.)r2rrAr"rrnewr(min_MAX_CHUNK_SIZErEVP_CipherUpdaterCrrrXTSr9r0) rDrRrVtotal_data_lendata_processed total_outoutlen baseoutbuf baseinbufoutbufinbufinlenrMrOrOrPrTs8   z_CipherContext.update_intocCs|j|jkrt|jtjr|jdurtd|jj d|j }|jj d}|jj |j||}|dkrt|j}|sDt|jtjrDt|jj }|jj|d|j|jpl|joa|d|j|jpl|jol|dj|jk|dtdt|jtjr|j|jkr|jj d|j }|jj |j|jj j|j |}|j|dk|jj |dd|_ |jj !|j}|j|dk|jj |d|dS)Nz4Authentication tag must be provided when decrypting.zunsigned char[]rYrrzFThe length of the provided data is not a multiple of the block length.r )"r_DECRYPTrrrModeWithAuthenticationTagr7rArrr[rrEVP_CipherFinal_exrCr9r4rr0r;r<'EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTHr>r?PROV_R_WRONG_FINAL_BLOCK_LENGTHCRYPTOGRAPHY_IS_BORINGSSLreason*CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH_ENCRYPTr5EVP_CTRL_AEAD_GET_TAGbufferrEVP_CIPHER_CTX_reset)rDrVrcrMrrNtag_bufrOrOrPfinalizesn      z_CipherContext.finalizer7cCs~t|}||jjkrtd|jj||jkr td|j|jj|j |jjj t||}|j |dk||_ | S)Nz.Authentication tag must be {} bytes or longer.z0Authentication tag cannot be more than {} bytes.r)r2r_min_tag_lengthrAr"rrrr5rCr8r0rrv)rDr7tag_lenrMrOrOrPfinalize_with_tags&  z _CipherContext.finalize_with_tagcCsN|jjd}|jj|j|jjj||jj|t|}|j |dkdS)NrYr) rrr[rr^rCr%r(r2r0)rDrRrcrMrOrOrPauthenticate_additional_data s z+_CipherContext.authenticate_additional_datacCs|jS)N)r)rDrOrOrPr7sz_CipherContext.tag)__name__ __module__ __qualname__rqrir]intrQrUrXrTrvryrzpropertytypingOptionalr7rOrOrOrPr s$ {#@ r )rcryptography.exceptionsrrrcryptography.hazmat.primitivesr&cryptography.hazmat.primitives.ciphersrr TYPE_CHECKING,cryptography.hazmat.backends.openssl.backendrr rOrOrOrPs