U \ey$@sddlmZmZmZddlmZddlmZmZm Z ddl m Z ddl m Z ee jee jee jee jGdddeZdS) )absolute_importdivisionprint_function)utils) InvalidTagUnsupportedAlgorithm_Reasons)ciphers)modesc@sNeZdZdZdZddZddZddZd d Zd d Z d dZ e dZ dS)_CipherContextrc Cs||_||_||_||_d|_t|jtjr<|jjd|_ nd|_ |jj }|jj ||jj j}|jj}z|t|t|f}Wn4tk rtd|j|r|jn|tjYnX||j||}||jj jkrd|} |dk r| d|7} | d|j7} t| tjt|tjr8|jj |j} njt|tjrX|jj |j} nJt|tjrx|jj |j } n*t|tjr|jj |j } n |jj j} |jj !|||jj j|jj j|jj j|} |j"| dk|jj #|t$|j%} |j"| dkt|tj&r|jj '||jj j(t$| |jj j} |j"| dk|j)dk r|jj '||jj j*t$|j)|j)} |j"| dk|j)|_n.|j|j+kr|jj j,r|jj j-st.d|jj !||jj j|jj j|jj |j%| |} |j"| dk|jj /|d||_0dS) Nr z6cipher {} in {} mode is not supported by this backend.zcipher {0.name} zin {0.name} mode z_is not supported by this backend (Your version of OpenSSL may be too old. Current version: {}.)rz_delayed passing of GCM tag requires OpenSSL >= 1.0.2. To use this feature please update OpenSSL)1_backendZ_cipher_mode _operation_tag isinstancer ZBlockCipherAlgorithmZ block_size_block_size_bytes_libZEVP_CIPHER_CTX_new_ffigcZEVP_CIPHER_CTX_freeZ_cipher_registrytypeKeyErrorrformatnamerZUNSUPPORTED_CIPHERNULLZopenssl_version_textr ZModeWithInitializationVector from_bufferZinitialization_vectorZ ModeWithTweakZtweakZ ModeWithNonceZnonceZEVP_CipherInit_exopenssl_assertZEVP_CIPHER_CTX_set_key_lengthlenkeyGCMEVP_CIPHER_CTX_ctrlZEVP_CTRL_AEAD_SET_IVLENtagEVP_CTRL_AEAD_SET_TAG_DECRYPT"CRYPTOGRAPHY_OPENSSL_LESS_THAN_102CRYPTOGRAPHY_IS_LIBRESSLNotImplementedErrorZEVP_CIPHER_CTX_set_padding_ctx) selfZbackendZciphermodeZ operationZctxregistryZadapterZ evp_ciphermsgZiv_nonceresr.N/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/ciphers.py__init__s          z_CipherContext.__init__cCs2tt||jd}|||}t|d|S)Nr ) bytearrayrr update_intobytes)r)databufnr.r.r/updatezs z_CipherContext.updatecCst|t||jdkr6tdt||jd|jjd|jjj|dd}|jjd}|jj |j |||jj|t|}|j |dk|dS)Nr z1buffer must be at least {} bytes for this payloadzunsigned char *T)Zrequire_writableint *r) rr ValueErrorrrrcastrnewrEVP_CipherUpdater(r)r)r4r5outlenr-r.r.r/r2s( z_CipherContext.update_intocCs|t|jtjr|d|j|jkrDt|jtjrD|jdkrDt d|j j d|j }|j j d}|j j|j||}|dkr|j }|st|jtjrt|j |d|j jj|j jjt dt|jtjrB|j|jkrB|j j d|j }|j j|j|j jj|j |}|j |dk|j j |dd|_|j j|j}|j |dk|j j |d|dS)Nz4Authentication tag must be provided when decrypting.zunsigned char[]r8rzFThe length of the provided data is not a multiple of the block length.r )rrr r r7rr$ZModeWithAuthenticationTagr"r9rrr;rrZEVP_CipherFinal_exr(Z_consume_errorsrrZ_lib_reason_matchZ ERR_LIB_EVPZ'EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH_ENCRYPTr!ZEVP_CTRL_AEAD_GET_TAGbufferrZEVP_CIPHER_CTX_cleanup)r)r5r=r-errorsZtag_bufr.r.r/finalizesZ     z_CipherContext.finalizecCs||jjjr|jjjstdt||jjkr>td |jj|jj |j |jjj t||}|j |dk||_|S)NzUfinalize_with_tag requires OpenSSL >= 1.0.2. To use this method please update OpenSSLz.Authentication tag must be {} bytes or longer.r)rrr%r&r'rrZ_min_tag_lengthr9rr!r(r#rrrB)r)r"r-r.r.r/finalize_with_tags,z _CipherContext.finalize_with_tagcCsN|jjd}|jj|j|jjj||jj|t|}|j |dkdS)Nr8r) rrr;rr<r(rrrr)r)r4r=r-r.r.r/authenticate_additional_datas z+_CipherContext.authenticate_additional_datarN)__name__ __module__ __qualname__r?r$r0r7r2rBrCrDrZread_only_propertyr"r.r.r.r/r se6r N)Z __future__rrrZ cryptographyrZcryptography.exceptionsrrrZcryptography.hazmat.primitivesr Z&cryptography.hazmat.primitives.ciphersr Zregister_interfaceZ CipherContextZAEADCipherContextZAEADEncryptionContextZAEADDecryptionContextobjectr r.r.r.r/s