o )%aQ @snddlZddlmZddlmZmZmZddlmZm Z m Z ddl m Z m Z ddlmZmZmZddlmZmZmZmZmZmZddlmZmZmZmZd ed ejeefd e jd e fd dZ!d ejdde"ded e"fddZ#d ejdde"de ded e"f ddZ$ddZ%ddZ&ddZ'ddZ(dd Z)Gd!d"d"eZ*Gd#d$d$eZ+Gd%d&d&eZ,Gd'd(d(eZ-dS))N)utils)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_check_not_prehashed_warn_sign_verify_deprecated)hashes serialization)AsymmetricSignatureContextAsymmetricVerificationContextr)AsymmetricPaddingMGF1OAEPPKCS1v15PSScalculate_max_pss_salt_length) RSAPrivateKeyRSAPrivateNumbers RSAPublicKeyRSAPublicNumberspsskeyhash_algorithmreturncCs(|j}|tjus |tjurt||S|SN) _salt_lengthr MAX_LENGTHrr)rrrsaltrJ/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/rsa.py_get_rsa_pss_salt_length)s r!)_RSAPrivateKey _RSAPublicKeydatapaddingcCst|ts tdt|tr|jj}n+t|tr4|jj}t|jt s(t dt j | |s3t dt jn t d|jt jt|||||S)Nz1Padding must be an instance of AsymmetricPadding.'Only MGF1 is supported by this backend.zPThis combination of padding and hash algorithm is not supported by this backend.${} is not supported by this backend.) isinstancer TypeErrorr_libRSA_PKCS1_PADDINGrRSA_PKCS1_OAEP_PADDING_mgfrrrUNSUPPORTED_MGFrsa_padding_supportedUNSUPPORTED_PADDINGformatname_enc_dec_rsa_pkey_ctx)backendrr$r% padding_enumrrr _enc_dec_rsa6s,       r6r5cCst|tr|jj}|jj}n|jj}|jj}|j|j|j j }| ||j j k|j ||jj }||}| |dk|j||}| |dk|j|j} | | dkt|tr|jjr||jj} |j|| }| |dk||j} |j|| }| |dkt|tr|jdurt|jdkr|jt|j} | | |j j k|j | |jt|j|j|| t|j}| |dk|j d| } |j d| }|||| |t|}|j |d| d}|j|dkrtd|S)Nrsize_t *unsigned char[]zEncryption/decryption failed.) r(r#r*EVP_PKEY_encrypt_initEVP_PKEY_encryptEVP_PKEY_decrypt_initEVP_PKEY_decryptEVP_PKEY_CTX_new _evp_pkey_ffiNULLopenssl_assertgcEVP_PKEY_CTX_freeEVP_PKEY_CTX_set_rsa_padding EVP_PKEY_sizerCryptography_HAS_RSA_OAEP_MD_evp_md_non_null_from_algorithmr- _algorithmEVP_PKEY_CTX_set_rsa_mgf1_mdEVP_PKEY_CTX_set_rsa_oaep_md_labellenOPENSSL_mallocmemmove EVP_PKEY_CTX_set0_rsa_oaep_labelnewbufferERR_clear_error ValueError)r4rr$r5r%initcryptpkey_ctxresbuf_sizemgf1_mdoaep_mdlabelptroutlenbufresbufrrr r3ZsT      r3cCst|ts td|j|j}||dkt|tr"|jj}|St|t rPt|j t s3t dt jt|tjs=td||jddkrJtd|jj}|St d|jt j)Nz'Expected provider of AsymmetricPadding.rr&z*Expected instance of hashes.HashAlgorithm.zDDigest too large for key size. Use a larger key or different digest.r')r(r r)r*rFr?rBrr+rr-rrrr.r HashAlgorithm digest_sizerTRSA_PKCS1_PSS_PADDINGr1r2r0)r4rr% algorithm pkey_sizer5rrr _rsa_sig_determine_paddings2     rfc Cs.t||||}|j|j|jj}|||jjk|j||jj}||}||dk|durP| |}|j ||}|dkrP| t d |jtj|j||}|dkri| t d |jtjt|tr|j|t|||}||dk| |jj} |j|| }||dk|S)Nr7rz4{} is not supported by this backend for RSA signing.z4{} is not supported for the RSA signature operation.)rfr*r>r?r@rArBrCrDrHEVP_PKEY_CTX_set_signature_md_consume_errorsrr1r2rUNSUPPORTED_HASHrEr0r(r EVP_PKEY_CTX_set_rsa_pss_saltlenr!r-rIrJ) r4r%rdr init_funcr5rWrXevp_mdrZrrr _rsa_sig_setupsJ   rmc Cst|||||jj}|jd}|j||jj||t|}||dk|jd|d}|j||||t|}|dkrG| } t d| |j |ddS)Nr8r7r9rzuDigest or salt length too long for key size. Use a larger key or shorter salt length if you are specifying a PSS salt) rmr*EVP_PKEY_sign_initr@rQ EVP_PKEY_signrArMrB_consume_errors_with_textrTrR) r4r%rd private_keyr$rWbuflenrXr^errorsrrr _rsa_sig_signs* rtcCsVt|||||jj}|j||t||t|}||dk|dkr)|tdS)Nr)rmr*EVP_PKEY_verify_initEVP_PKEY_verifyrMrBrhr)r4r%rd public_key signaturer$rWrXrrr _rsa_sig_verify sryc Cst|||||jj}|j|j}||dk|jd|}|jd|}|j||||t |} |j |d|d} |j | dkrIt | S)Nrr9r8r7) rmr*EVP_PKEY_verify_recover_initrFr?rBr@rQEVP_PKEY_verify_recoverrMrRrSr) r4r%rdrwrxrWmaxlenr^rrrXr_rrr _rsa_sig_recovers&  r}c@sDeZdZdededejfddZdeddfd d Z defd d Z dS) _RSASignatureContextrqr%rdcCs<||_||_t||||||_||_t|j|j|_dSr)_backend _private_keyrf_paddingrIr Hash _hash_ctx)selfr4rqr%rdrrr __init__=s z_RSASignatureContext.__init__r$rNcC|j|dSrrupdaterr$rrr rOz_RSASignatureContext.updatecCst|j|j|j|j|jSr)rtrrrIrrfinalizerrrr rRsz_RSASignatureContext.finalize) __name__ __module__ __qualname__rr r rarbytesrrrrrr r~<s r~c@sDeZdZdedededejfddZdedd fd d Z dd d Z d S)_RSAVerificationContextrwrxr%rdcCsF||_||_||_||_t|||||}||_t|j|j|_dSr) r _public_key _signaturerrfrIr rr)rr4rwrxr%rdrrr r]sz _RSAVerificationContext.__init__r$rNcCrrrrrrr rrrz_RSAVerificationContext.updatecCs"t|j|j|j|j|j|jSr)ryrrrIrrrrrrrr verifyusz_RSAVerificationContext.verify)rN) rrrrrr r rarrrrrrr r\s rc@seZdZddZedZdedej de fddZ d e dede fd d Z defd d ZdefddZdejdejdejde fddZde dedejejej fde fddZdS)r"cCs|j|}|dkr|}td||j||jj}||dk||_||_ ||_ |jj d}|jj |j ||jjj|jjj|j|d|jjjk|jj |d|_dS)Nr7zInvalid private key BIGNUM **r)r* RSA_check_keyrprTRSA_blinding_onr@rArBr _rsa_cdatar?rQ RSA_get0_key BN_num_bits _key_size)rr4 rsa_cdataevp_pkeyrXrsnrrr rs$  z_RSAPrivateKey.__init__rr%rdrcCstt|t|j|||Sr)rrr~r)rr%rdrrr signersz_RSAPrivateKey.signer ciphertextcCs2|jdd}|t|krtdt|j|||S)Nz,Ciphertext length must be equal to key size.)key_sizerMrTr6r)rrr%key_size_bytesrrr decrypts z_RSAPrivateKey.decryptcCsV|jj|j}|j||jjjk|jj||jjj}|j |}t |j||Sr) rr*RSAPublicKey_duprrBr@rArCRSA_free_rsa_cdata_to_evp_pkeyr#)rctxrrrr rws  z_RSAPrivateKey.public_keyc Cs|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jj|j||||j|d|jjjk|j|d|jjjk|j|d|jjjk|jj|j|||j|d|jjjk|j|d|jjjk|jj |j||||j|d|jjjk|j|d|jjjk|j|d|jjjkt |j |d|j |d|j |d|j |d|j |d|j |dt |j |d|j |dddS)Nrrer)pqddmp1dmq1iqmppublic_numbers) rr@rQr*rrrBrARSA_get0_factorsRSA_get0_crt_paramsr _bn_to_intr) rrrrrrrrrrrr private_numberssB z_RSAPrivateKey.private_numbersencodingr1encryption_algorithmcCs|j|||||j|jSr)r_private_key_bytesr?r)rrr1rrrr private_bytessz_RSAPrivateKey.private_bytesr$cCs$t|j||\}}t|j||||Sr)rrrt)rr$r%rdrrr signsz_RSAPrivateKey.signN)rrrrrread_only_propertyrr r rar rrrrrwrrr Encoding PrivateFormatKeySerializationEncryptionrtypingUnion asym_utils Prehashedrrrrr r"s>  # r"c @seZdZddZedZdedede j de fdd Z d ededefd d Z defd dZdejdejdefddZdedededejeje j fddf ddZdededeje j defddZdS)r#cCst||_||_||_|jjd}|jj|j||jjj|jjj|j|d|jjjk|jj |d|_ dS)Nrr) rrr?r@rQr*rrArBrr)rr4rrrrrr rsz_RSAPublicKey.__init__rrxr%rdrcCs,ttd|t|t|j||||S)Nrx)rr _check_bytesrrrrrxr%rdrrr verifiers   z_RSAPublicKey.verifier plaintextcCst|j|||Sr)r6r)rrr%rrr encryptrz_RSAPublicKey.encryptcCs|jjd}|jjd}|jj|j|||jjj|j|d|jjjk|j|d|jjjkt|j |d|j |ddS)Nrrr) rr@rQr*rrrArBrr)rrrrrr rsz_RSAPublicKey.public_numbersrr1cCs|j||||j|jSr)r_public_key_bytesr?r)rrr1rrr public_bytessz_RSAPublicKey.public_bytesr$NcCs&t|j||\}}t|j|||||Sr)rrry)rrxr$r%rdrrr r(s z_RSAPublicKey.verifycCst|t|j||||Sr)rr}rrrrr recover_data_from_signature6s z)_RSAPublicKey.recover_data_from_signature)rrrrrrrrr r rar rrrrr r PublicFormatrrrrrrOptionalrrrrr r#sR       r#).r cryptographyrcryptography.exceptionsrrr*cryptography.hazmat.backends.openssl.utilsrrrcryptography.hazmat.primitivesr r )cryptography.hazmat.primitives.asymmetricr r r1cryptography.hazmat.primitives.asymmetric.paddingr rrrrr-cryptography.hazmat.primitives.asymmetric.rsarrrrrraintr!rr6r3rfrmrtryr}r~rr"r#rrrr s\      $ A+* $o