U ­\àeýCã@sDddlmZmZmZddlZddlmZddlmZm Z m Z ddl m Z m Z mZddlmZddlmZmZmZddlmZmZmZmZmZmZdd lmZmZd d „Zd d „Z dd„Z!dd„Z"dd„Z#dd„Z$dd„Z%e &e¡Gdd„de'ƒƒZ(e &e¡Gdd„de'ƒƒZ)e &e¡Gdd„de'ƒƒZ*e &e¡Gdd„de'ƒƒZ+dS) é)Úabsolute_importÚdivisionÚprint_functionN)Úutils)ÚInvalidSignatureÚUnsupportedAlgorithmÚ_Reasons)Ú_calculate_digest_and_algorithmÚ_check_not_prehashedÚ_warn_sign_verify_deprecated)Úhashes)ÚAsymmetricSignatureContextÚAsymmetricVerificationContextÚrsa)ÚAsymmetricPaddingÚMGF1ÚOAEPÚPKCS1v15ÚPSSÚcalculate_max_pss_salt_length)ÚRSAPrivateKeyWithSerializationÚRSAPublicKeyWithSerializationcCs,|j}|tjks|tjkr$t||ƒS|SdS©N)Z _salt_lengthrZ MAX_LENGTHrr)ZpssÚkeyZhash_algorithmZsalt©rúJ/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/rsa.pyÚ_get_rsa_pss_salt_lengths rcCsŒt|tƒstdƒ‚t|tƒr&|jj}nVt|tƒrh|jj}t|jt ƒsPt dt j ƒ‚|  |¡s|t dt jƒ‚nt d |j¡t jƒ‚t|||||ƒS)Nz1Padding must be an instance of AsymmetricPadding.ú'Only MGF1 is supported by this backend.zPThis combination of padding and hash algorithm is not supported by this backend.ú${} is not supported by this backend.)Ú isinstancerÚ TypeErrorrÚ_libÚRSA_PKCS1_PADDINGrZRSA_PKCS1_OAEP_PADDINGÚ_mgfrrrÚUNSUPPORTED_MGFZrsa_padding_supportedÚUNSUPPORTED_PADDINGÚformatÚnameÚ_enc_dec_rsa_pkey_ctx)ÚbackendrÚdataÚpaddingÚ padding_enumrrrÚ _enc_dec_rsa&s.     þ ýÿür-cCs t|tƒr|jj}|jj}n|jj}|jj}|j |j|j j ¡}|  ||j j k¡|j   ||jj ¡}||ƒ}|  |dk¡|j ||¡}|  |dk¡|j |j¡} |  | dk¡t|tƒr|jjr| |jj¡} |j || ¡}|  |dk¡| |j¡} |j || ¡}|  |dk¡t|tƒr¢|jdk r¢t|jƒdkr¢|j t|jƒ¡} |  | |j j k¡|j  | |jt|jƒ¡|j || t|jƒ¡}|  |dk¡|j  d| ¡} |j  d| ¡}|||| |t|ƒƒ}|j  |¡d| d…}|j ¡|dkrtdƒ‚|S)Nérúsize_t *úunsigned char[]zEncryption/decryption failed.) rÚ _RSAPublicKeyr!ZEVP_PKEY_encrypt_initZEVP_PKEY_encryptZEVP_PKEY_decrypt_initZEVP_PKEY_decryptÚEVP_PKEY_CTX_newÚ _evp_pkeyÚ_ffiÚNULLÚopenssl_assertÚgcÚEVP_PKEY_CTX_freeÚEVP_PKEY_CTX_set_rsa_paddingÚ EVP_PKEY_sizerZCryptography_HAS_RSA_OAEP_MDÚ_evp_md_non_null_from_algorithmr#Ú _algorithmÚEVP_PKEY_CTX_set_rsa_mgf1_mdZEVP_PKEY_CTX_set_rsa_oaep_mdZ_labelÚlenZOPENSSL_mallocZmemmoveZ EVP_PKEY_CTX_set0_rsa_oaep_labelÚnewÚbufferZERR_clear_errorÚ ValueError)r)rr*r,r+ZinitZcryptÚpkey_ctxÚresZbuf_sizeÚmgf1_mdZoaep_mdZlabelptrZoutlenÚbufZresbufrrrr(Gsn  ÿÿÿþÿ ÿþ ýÿ  r(cCs t|tƒstdƒ‚|j |j¡}| |dk¡t|tƒrB|jj}nZt|t ƒrˆt|j t ƒsdt dt jƒ‚||jddkr~tdƒ‚|jj}nt d |j¡t jƒ‚|S)Nz'Expected provider of AsymmetricPadding.rrézDDigest too large for key size. Use a larger key or different digest.r)rrr r!r:r3r6rr"rr#rrrr$Z digest_sizerAZRSA_PKCS1_PSS_PADDINGr&r'r%)r)rr+Ú algorithmZ pkey_sizer,rrrÚ_rsa_sig_determine_padding‡s(     þ  þrHc Cst||||ƒ}| |¡}|j |j|jj¡}| ||jjk¡|j ||jj ¡}||ƒ} | | dk¡|j  ||¡} | dkr˜|  ¡t d  |j¡tjƒ‚|j ||¡} | | dk¡t|tƒr|j |t|||ƒ¡} | | dk¡| |jj¡} |j || ¡} | | dk¡|S)Nr.rz4{} is not supported by this backend for RSA signing.)rHr;r!r2r3r4r5r6r7r8ZEVP_PKEY_CTX_set_signature_mdÚ_consume_errorsrr&r'rZUNSUPPORTED_HASHr9rrZ EVP_PKEY_CTX_set_rsa_pss_saltlenrr#r<r=) r)r+rGrr*Z init_funcr,Zevp_mdrBrCrDrrrÚ_rsa_sig_setup§s< ÿü  ÿÿrJc Csît||||||jjƒ}|j d¡}|j ||jj||t|ƒ¡}| |dk¡|j d|d¡}|j ||||t|ƒ¡}|dkrÚ|  ¡} | | dj |jj k¡| dj |jj kr¶d} n| | dj |jjk¡d} t| ƒ‚|j |¡dd…S)Nr/r.r0rz@Salt length too long for key size. Try using MAX_LENGTH instead.z0Digest too large for key size. Use a larger key.)rJr!ZEVP_PKEY_sign_initr4r?Z EVP_PKEY_signr5r>r6rIÚlibZ ERR_LIB_RSAÚreasonZ!RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZEZ RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEYrAr@) r)r+rGÚ private_keyr*rBZbuflenrCrEÚerrorsrLrrrÚ _rsa_sig_signÈsRþ ûÿÿÿÿÿrOcCsXt||||||jjƒ}|j ||t|ƒ|t|ƒ¡}| |dk¡|dkrT| ¡t‚dS)Nr)rJr!ZEVP_PKEY_verify_initZEVP_PKEY_verifyr>r6rIr)r)r+rGÚ public_keyÚ signaturer*rBrCrrrÚ_rsa_sig_verifyís&þÿrRc@s$eZdZdd„Zdd„Zdd„ZdS)Ú_RSASignatureContextcCs<||_||_t||||ƒ||_||_t |j|j¡|_dSr)Ú_backendÚ _private_keyrHÚ_paddingr<r ÚHashÚ _hash_ctx)Úselfr)rMr+rGrrrÚ__init__s z_RSASignatureContext.__init__cCs|j |¡dSr©rXÚupdate©rYr*rrrr\ sz_RSASignatureContext.updatecCst|j|j|j|j|j ¡ƒSr)rOrTrVr<rUrXÚfinalize©rYrrrr^sûz_RSASignatureContext.finalizeN)Ú__name__Ú __module__Ú __qualname__rZr\r^rrrrrSþs rSc@s$eZdZdd„Zdd„Zdd„ZdS)Ú_RSAVerificationContextcCsF||_||_||_||_t||||ƒ|}||_t |j|j¡|_dSr) rTÚ _public_keyÚ _signaturerVrHr<r rWrX)rYr)rPrQr+rGrrrrZsz _RSAVerificationContext.__init__cCs|j |¡dSrr[r]rrrr\)sz_RSAVerificationContext.updatecCs"t|j|j|j|j|j|j ¡ƒSr)rRrTrVr<rdrerXr^r_rrrÚverify,súz_RSAVerificationContext.verifyN)r`rarbrZr\rfrrrrrcsrcc@sNeZdZdd„Ze d¡Zdd„Zdd„Zdd „Z d d „Z d d „Z dd„Z dS)Ú_RSAPrivateKeycCst||_||_||_|jj d¡}|jj |j||jjj|jjj¡|j |d|jjjk¡|jj  |d¡|_ dS©Nú BIGNUM **r© rTÚ _rsa_cdatar3r4r?r!Ú RSA_get0_keyr5r6Z BN_num_bitsÚ _key_size©rYr)Z rsa_cdataÚevp_pkeyÚnrrrrZ9sþz_RSAPrivateKey.__init__rmcCstƒt|ƒt|j|||ƒSr)r r rSrT)rYr+rGrrrÚsignerHsz_RSAPrivateKey.signercCs8tt |jd¡ƒ}|t|ƒkr(tdƒ‚t|j|||ƒS)Ng @z,Ciphertext length must be equal to key size.)ÚintÚmathZceilÚkey_sizer>rAr-rT)rYZ ciphertextr+Zkey_size_bytesrrrÚdecryptMs z_RSAPrivateKey.decryptcCs||jj |j¡}|j ||jjjk¡|jj ||jjj¡}|jj  ||jjj¡}|j |dk¡|j  |¡}t |j||ƒS)Nr.) rTr!ZRSAPublicKey_duprkr6r4r5r7ZRSA_freeZRSA_blinding_onZ_rsa_cdata_to_evp_pkeyr1)rYZctxrCrorrrrPTs z_RSAPrivateKey.public_keyc Cs|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj |j|||¡|j |d|jjjk¡|j |d|jjjk¡|j |d|jjjk¡|jj |j||¡|j |d|jjjk¡|j |d|jjjk¡|jj  |j|||¡|j |d|jjjk¡|j |d|jjjk¡|j |d|jjjk¡t j |j  |d¡|j  |d¡|j  |d¡|j  |d¡|j  |d¡|j  |d¡t j |j  |d¡|j  |d¡ddS)Nrir©Úerp)ÚpÚqÚdÚdmp1Údmq1ÚiqmpÚpublic_numbers)rTr4r?r!rlrkr6r5ZRSA_get0_factorsZRSA_get0_crt_paramsrZRSAPrivateNumbersÚ _bn_to_intÚRSAPublicNumbers) rYrprwrzrxryr{r|r}rrrÚprivate_numbers]sHÿþùz_RSAPrivateKey.private_numberscCs|j ||||j|j¡Sr)rTZ_private_key_bytesr3rk)rYÚencodingr&Zencryption_algorithmrrrÚ private_bytes€sûz_RSAPrivateKey.private_bytescCs$t|j||ƒ\}}t|j||||ƒSr)r rTrO)rYr*r+rGrrrÚsign‰s ÿz_RSAPrivateKey.signN) r`rarbrZrÚread_only_propertyrtrqrurPrrƒr„rrrrrg7s  # rgc@sFeZdZdd„Ze d¡Zdd„Zdd„Zdd „Z d d „Z d d „Z dS)r1cCst||_||_||_|jj d¡}|jj |j||jjj|jjj¡|j |d|jjjk¡|jj  |d¡|_ dSrhrjrnrrrrZ’sþz_RSAPublicKey.__init__rmcCs,tƒt d|¡t|ƒt|j||||ƒS)NrQ)r rÚ _check_bytesr rcrT)rYrQr+rGrrrÚverifier¡s ÿz_RSAPublicKey.verifiercCst|j|||ƒSr)r-rT)rYZ plaintextr+rrrÚencryptªsz_RSAPublicKey.encryptcCs’|jj d¡}|jj d¡}|jj |j|||jjj¡|j |d|jjjk¡|j |d|jjjk¡tj |j  |d¡|j  |d¡dS)Nrirrv) rTr4r?r!rlrkr5r6rr€r)rYrprwrrrr~­sÿþz_RSAPublicKey.public_numberscCs|j ||||j|j¡Sr)rTZ_public_key_bytesr3rk)rYr‚r&rrrÚ public_bytesºsûz_RSAPublicKey.public_bytescCs&t|j||ƒ\}}t|j|||||ƒSr)r rTrR)rYrQr*r+rGrrrrfÃsÿÿz_RSAPublicKey.verifyN) r`rarbrZrr…rtr‡rˆr~r‰rfrrrrr1s    r1),Z __future__rrrrsZ cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsr r r Zcryptography.hazmat.primitivesr Z)cryptography.hazmat.primitives.asymmetricr rrZ1cryptography.hazmat.primitives.asymmetric.paddingrrrrrrZ-cryptography.hazmat.primitives.asymmetric.rsarrrr-r(rHrJrOrRZregister_interfaceÚobjectrSrcrgr1rrrrÚs.    !@ !%X