o cN @s:ddlZddlZddlmZmZmZddlmZddlm Z ej r'ddl m Z GdddejdZGd d d eejdZGd d d eejdZGd ddeejdZejdeje jddZGdddejeZeeje je jde je jfZGdddeZ GdddeZGdddeeZGdddeeZ dS)N)AlreadyFinalizedAlreadyUpdatedNotYetFinalized)CipherAlgorithm)modes)_CipherContextc@sTeZdZejdedefddZejdededefddZejdefdd Z d S) CipherContextdatareturncCdS)zk Processes the provided bytes through the cipher and returns the results as bytes. Nselfr r r X/opt/certbot/lib/python3.10/site-packages/cryptography/hazmat/primitives/ciphers/base.pyupdatezCipherContext.updatebufcCr )z Processes the provided bytes and writes the resulting data into the provided buffer. Returns the number of bytes written. Nr rr rr r r update_intorzCipherContext.update_intocCr )zM Returns the results of processing the final block as bytes. Nr rr r rfinalize&rzCipherContext.finalizeN) __name__ __module__ __qualname__abcabstractmethodbytesrintrrr r r rrsr) metaclassc@s$eZdZejdeddfddZdS)AEADCipherContextr r NcCr )z3 Authenticates the provided bytes. Nr r r r rauthenticate_additional_data.rz.AEADCipherContext.authenticate_additional_data)rrrrrrr r r r rr-rc@s$eZdZejdedefddZdS)AEADDecryptionContexttagr cCr )z Returns the results of processing the final block as bytes and allows delayed passing of the authentication tag. Nr )rr#r r rfinalize_with_tag6rz'AEADDecryptionContext.finalize_with_tagN)rrrrrrr$r r r rr"5r!r"c@s$eZdZeejdefddZdS)AEADEncryptionContextr cCr )zb Returns tag bytes. This is only available after encryption is finalized. Nr rr r rr#?rzAEADEncryptionContext.tagN)rrrpropertyrrrr#r r r rr%>sr%ModeT)bound covariantc @seZdZ ddededejddfddZejdd de fd d Z ejdd de fd d Z dd Z ejdd de fddZ ejdd de fddZ ddZ dddedeje e e ffddZdS)CipherN algorithmmodebackendr cCsDt|ts td|durt|tjsJ||||_||_dS)Nz&Expected interface of CipherAlgorithm.) isinstancer TypeErrorrr'validate_for_algorithmr+r,)rr+r,r-r r r__init__Ns   zCipher.__init__rz'Cipher[modes.ModeWithAuthenticationTag]cCdSNr rr r r encryptorazCipher.encryptor _CIPHER_TYPEcCr2r3r rr r rr4gr5cCsLt|jtjr|jjdurtdddlm}||j |j}|j |ddS)Nz0Authentication tag must be None when encrypting.rr-Tencrypt) r.r,rModeWithAuthenticationTagr# ValueError,cryptography.hazmat.backends.openssl.backendr-create_symmetric_encryption_ctxr+ _wrap_ctxrr-ctxr r rr4ms  cCr2r3r rr r r decryptorzr5zCipher.decryptorcCr2r3r rr r rrAr5cCs*ddlm}||j|j}|j|ddS)Nrr7Fr8)r<r-create_symmetric_decryption_ctxr+r,r>r?r r rrAs r@_BackendCipherContextr9cCs*t|jtjr|r t|St|St|Sr3)r.r,rr:_AEADEncryptionContext_AEADDecryptionContextr)rr@r9r r rr>s zCipher._wrap_ctxr3)rrrrr'typingAnyr1overloadr%r4rr"rAboolUnionr>r r r rr*Ms\      r*c@s\eZdZUejded<dddZdedefd d Zded ede fd d Z defddZ dS)rrC_ctxr@r NcCs ||_dSr3)rKrr@r r rr1s z_CipherContext.__init__r cCs|jdur td|j|SNContext was already finalized.)rKrrr r r rrs  z_CipherContext.updatercCs |jdur td|j||SrM)rKrrrr r rrs z_CipherContext.update_intocCs&|jdur td|j}d|_|SrM)rKrrr r r rrs  z_CipherContext.finalizer@rCr N) rrrrFOptional__annotations__r1rrrrrr r r rrs  rc@seZdZUejded<ejeed<dddZd eddfd d Z d edefd dZ d ededefddZ defddZ d eddfddZ dS)_AEADCipherContextrCrK_tagr@r NcCs"||_d|_d|_d|_d|_dS)NrF)rK_bytes_processed_aad_bytes_processedrS_updatedrLr r rr1s  z_AEADCipherContext.__init__ data_sizecCsV|jdur tdd|_|j|7_|j|jjjkr)td|jjj|jjjdS)NrNTz+{} has a maximum encrypted byte limit of {}) rKrrVrT_mode_MAX_ENCRYPTED_BYTESr;formatname)rrWr r r _check_limits z_AEADCipherContext._check_limitr cCs(|t||jdusJ|j|Sr3)r\lenrKrr r r rrs z_AEADCipherContext.updatercCs*|t||jdusJ|j||Sr3)r\r]rKrrr r rrsz_AEADCipherContext.update_intocCs0|jdur td|j}|jj|_d|_|SrM)rKrrr#rSr r r rrs   z_AEADCipherContext.finalizecCsn|jdur td|jrtd|jt|7_|j|jjjkr/td |jjj |jjj|j |dS)NrNz'Update has been called on this context.z%{} has a maximum AAD byte limit of {}) rKrrVrrUr]rX_MAX_AAD_BYTESr;rZr[r r r r rr s z/_AEADCipherContext.authenticate_additional_datarO)rrrrFrPrQrr1rr\rrrr r r r rrRs   rRc@seZdZdedefddZdS)rEr#r cCs2|jdur td|j|}|jj|_d|_|SrM)rKrr$r#rS)rr#r r r rr$s   z(_AEADDecryptionContext.finalize_with_tagN)rrrrr$r r r rrEsrEc@seZdZedefddZdS)rDr cCs&|jdur td|jdusJ|jS)Nz4You must finalize encryption before getting the tag.)rKrrSrr r rr#s z_AEADEncryptionContext.tagN)rrrr&rr#r r r rrDsrD)!rrFcryptography.exceptionsrrr/cryptography.hazmat.primitives._cipheralgorithmr&cryptography.hazmat.primitives.ciphersr TYPE_CHECKING,cryptography.hazmat.backends.openssl.ciphersrrCABCMetarrr"r%TypeVarrPr'Genericr*rJ ModeWithNonce ModeWithTweakECBModeWithInitializationVectorr6rRrErDr r r rs:     O <