B \Úæ`³Fã@sLddlmZmZmZddlZddlmZddlmZm Z m Z ddl m Z m Z mZddlmZddlmZmZmZddlmZmZmZmZmZmZdd lmZmZd d „Zd d „Z dd„Z!dd„Z"dd„Z#dd„Z$dd„Z%dd„Z&e 'e¡Gdd„de(ƒƒZ)e 'e¡Gdd„de(ƒƒZ*e 'e¡Gdd„de(ƒƒZ+e 'e¡Gd d!„d!e(ƒƒZ,dS)"é)Úabsolute_importÚdivisionÚprint_functionN)Úutils)ÚInvalidSignatureÚUnsupportedAlgorithmÚ_Reasons)Ú_calculate_digest_and_algorithmÚ_check_not_prehashedÚ_warn_sign_verify_deprecated)Úhashes)ÚAsymmetricSignatureContextÚAsymmetricVerificationContextÚrsa)ÚAsymmetricPaddingÚMGF1ÚOAEPÚPKCS1v15ÚPSSÚcalculate_max_pss_salt_length)ÚRSAPrivateKeyWithSerializationÚRSAPublicKeyWithSerializationcCs,|j}|tjks|tjkr$t||ƒS|SdS)N)Z _salt_lengthrZ MAX_LENGTHrr)ZpssÚkeyZhash_algorithmZsalt©rú[/opt/alt/python37/lib64/python3.7/site-packages/cryptography/hazmat/backends/openssl/rsa.pyÚ_get_rsa_pss_salt_lengths rcCsŒt|tƒstdƒ‚t|tƒr&|jj}nVt|tƒrh|jj}t|jt ƒsPt dt j ƒ‚|  |¡s|t dt jƒ‚nt d |j¡t jƒ‚t|||||ƒS)Nz1Padding must be an instance of AsymmetricPadding.z'Only MGF1 is supported by this backend.zPThis combination of padding and hash algorithm is not supported by this backend.z%{0} is not supported by this backend.)Ú isinstancerÚ TypeErrorrÚ_libÚRSA_PKCS1_PADDINGrZRSA_PKCS1_OAEP_PADDINGÚ_mgfrrrÚUNSUPPORTED_MGFZrsa_padding_supportedÚUNSUPPORTED_PADDINGÚformatÚnameÚ_enc_dec_rsa_pkey_ctx)ÚbackendrÚdataÚpaddingÚ padding_enumrrrÚ _enc_dec_rsa&s&       r*cCs6t|tƒr|jj}|jj}n|jj}|jj}|j |j|j j ¡}|  ||j j k¡|j   ||jj ¡}||ƒ}|  |dk¡|j ||¡}|  |dk¡|j |j¡} |  | dk¡t|tƒrR|jjrR|j |jjj d¡¡} |  | |j j k¡|j || ¡}|  |dk¡|j |jj d¡¡} |  | |j j k¡|j || ¡}|  |dk¡t|tƒrÚ|jdk rÚt|jƒdkrÚ|j t|jƒ¡} |  | |j j k¡|j  | |jt|jƒ¡|j || t|jƒ¡}|  |dk¡|j  d| ¡} |j  d| ¡}|||| |t|ƒƒ}|dkrt||ƒ|j   |¡d| d…S)NérÚasciizsize_t *zunsigned char[])!rÚ _RSAPublicKeyrZEVP_PKEY_encrypt_initZEVP_PKEY_encryptZEVP_PKEY_decrypt_initZEVP_PKEY_decryptÚEVP_PKEY_CTX_newÚ _evp_pkeyÚ_ffiÚNULLÚopenssl_assertÚgcÚEVP_PKEY_CTX_freeÚEVP_PKEY_CTX_set_rsa_paddingÚ EVP_PKEY_sizerZCryptography_HAS_RSA_OAEP_MDÚEVP_get_digestbynamer Ú _algorithmr$ÚencodeÚEVP_PKEY_CTX_set_rsa_mgf1_mdZEVP_PKEY_CTX_set_rsa_oaep_mdZ_labelÚlenZOPENSSL_mallocZmemmoveZ EVP_PKEY_CTX_set0_rsa_oaep_labelÚnewÚ_handle_rsa_enc_dec_errorÚbuffer)r&rr'r)r(ZinitZcryptÚpkey_ctxÚresZbuf_sizeÚmgf1_mdZoaep_mdZlabelptrZoutlenÚbufrrrr%GsV        r%cCsd| ¡}| |¡t|tƒr&tdƒ‚n:|jj|jj|jj|jj g}|jj rX|  |jj ¡tdƒ‚dS)NzGData too long for key size. Encrypt less data or use a larger key size.zDecryption failed.) Ú_consume_errorsr2rr-Ú ValueErrorrZRSA_R_BLOCK_TYPE_IS_NOT_01ZRSA_R_BLOCK_TYPE_IS_NOT_02ZRSA_R_OAEP_DECODING_ERRORZ RSA_R_DATA_TOO_LARGE_FOR_MODULUSZ*Cryptography_HAS_RSA_R_PKCS_DECODING_ERRORÚappendZRSA_R_PKCS_DECODING_ERROR)r&rÚerrorsZdecoding_errorsrrrr=‚s   r=cCs t|tƒstdƒ‚|j |j¡}| |dk¡t|tƒrB|jj}nZt|t ƒrˆt|j t ƒsdt dt jƒ‚||jddkr~tdƒ‚|jj}nt d |j¡t jƒ‚|S)Nz'Expected provider of AsymmetricPadding.rz'Only MGF1 is supported by this backend.ézDDigest too large for key size. Use a larger key or different digest.z%{0} is not supported by this backend.)rrrrr6r/r2rrrr rrrr!Z digest_sizerDZRSA_PKCS1_PSS_PADDINGr#r$r")r&rr(Ú algorithmZ pkey_sizer)rrrÚ_rsa_sig_determine_paddingžs$       rIc Cs4t||||ƒ}|j |j d¡¡}| ||jjk¡|j |j |jj¡}| ||jjk¡|j  ||jj ¡}||ƒ} | | dk¡|j  ||¡} | | dk¡|j  ||¡} | | dk¡t|tƒr0|j |t|||ƒ¡} | | dk¡|j |jjj d¡¡} | | |jjk¡|j || ¡} | | dk¡|S)Nr,r+r)rIrr7r$r9r2r0r1r.r/r3r4ZEVP_PKEY_CTX_set_signature_mdr5rrZ EVP_PKEY_CTX_set_rsa_pss_saltlenrr r8r:) r&r(rHrr'Z init_funcr)Zevp_mdr?r@rArrrÚ_rsa_sig_setup¾s, rJc CsÂt||||||jjƒ}|j d¡}|j ||jj||t|ƒ¡}| |dk¡|j d|d¡}|j ||||t|ƒ¡}|dkr®|  ¡} d} | dj |jj kr¢d} nd} t | ƒ‚|j  |¡dd…S)Nzsize_t *r+zunsigned char[]rz@Salt length too long for key size. Try using MAX_LENGTH instead.z0Digest too large for key size. Use a larger key.)rJrZEVP_PKEY_sign_initr0r<Z EVP_PKEY_signr1r;r2rCÚreasonZ!RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZErDr>) r&r(rHÚ private_keyr'r?Zbuflenr@rBrFrKrrrÚ _rsa_sig_signÛs.     rMcCsXt||||||jjƒ}|j ||t|ƒ|t|ƒ¡}| |dk¡|dkrT| ¡t‚dS)Nr)rJrZEVP_PKEY_verify_initZEVP_PKEY_verifyr;r2rCr)r&r(rHÚ public_keyÚ signaturer'r?r@rrrÚ_rsa_sig_verifyþs  rPc@s$eZdZdd„Zdd„Zdd„ZdS)Ú_RSASignatureContextcCs<||_||_t||||ƒ||_||_t |j|j¡|_dS)N)Ú_backendÚ _private_keyrIÚ_paddingr8r ÚHashÚ _hash_ctx)Úselfr&rLr(rHrrrÚ__init__s z_RSASignatureContext.__init__cCs|j |¡dS)N)rVÚupdate)rWr'rrrrYsz_RSASignatureContext.updatecCst|j|j|j|j|j ¡ƒS)N)rMrRrTr8rSrVÚfinalize)rWrrrrZ s z_RSASignatureContext.finalizeN)Ú__name__Ú __module__Ú __qualname__rXrYrZrrrrrQs rQc@s$eZdZdd„Zdd„Zdd„ZdS)Ú_RSAVerificationContextcCsF||_||_||_||_t||||ƒ|}||_t |j|j¡|_dS)N) rRÚ _public_keyÚ _signaturerTrIr8r rUrV)rWr&rNrOr(rHrrrrX,sz _RSAVerificationContext.__init__cCs|j |¡dS)N)rVrY)rWr'rrrrY:sz_RSAVerificationContext.updatecCs"t|j|j|j|j|j|j ¡ƒS)N)rPrRrTr8r_r`rVrZ)rWrrrÚverify=sz_RSAVerificationContext.verifyN)r[r\r]rXrYrarrrrr^*sr^c@sNeZdZdd„Ze d¡Zdd„Zdd„Zdd „Z d d „Z d d „Z dd„Z dS)Ú_RSAPrivateKeycCst||_||_||_|jj d¡}|jj |j||jjj|jjj¡|j |d|jjjk¡|jj  |d¡|_ dS)Nz BIGNUM **r) rRÚ _rsa_cdatar/r0r<rÚ RSA_get0_keyr1r2Ú BN_num_bitsÚ _key_size)rWr&Ú rsa_cdataÚevp_pkeyÚnrrrrXJs z_RSAPrivateKey.__init__rfcCstƒt|ƒt|j|||ƒS)N)r r rQrR)rWr(rHrrrÚsignerYsz_RSAPrivateKey.signercCs8tt |jd¡ƒ}|t|ƒkr(tdƒ‚t|j|||ƒS)Ng @z,Ciphertext length must be equal to key size.)ÚintÚmathZceilÚkey_sizer;rDr*rR)rWZ ciphertextr(Zkey_size_bytesrrrÚdecrypt^s z_RSAPrivateKey.decryptcCs||jj |j¡}|j ||jjjk¡|jj ||jjj¡}|jj  ||jjj¡}|j |dk¡|j  |¡}t |j||ƒS)Nr+) rRrZRSAPublicKey_duprcr2r0r1r3ZRSA_freeZRSA_blinding_onZ_rsa_cdata_to_evp_pkeyr-)rWZctxr@rhrrrrNes z_RSAPrivateKey.public_keyc Cs|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj |j|||¡|j |d|jjjk¡|j |d|jjjk¡|j |d|jjjk¡|jj |j||¡|j |d|jjjk¡|j |d|jjjk¡|jj  |j|||¡|j |d|jjjk¡|j |d|jjjk¡|j |d|jjjk¡t j |j  |d¡|j  |d¡|j  |d¡|j  |d¡|j  |d¡|j  |d¡t j |j  |d¡|j  |d¡ddS)Nz BIGNUM **r)Úeri)ÚpÚqÚdÚdmp1Údmq1ÚiqmpÚpublic_numbers)rRr0r<rrdrcr2r1ZRSA_get0_factorsZRSA_get0_crt_paramsrZRSAPrivateNumbersÚ _bn_to_intÚRSAPublicNumbers) rWrirorrrprqrsrtrurrrÚprivate_numbersns<z_RSAPrivateKey.private_numberscCs|j ||||j|j¡S)N)rRZ_private_key_bytesr/rc)rWÚencodingr#Zencryption_algorithmrrrÚ private_bytes‘s z_RSAPrivateKey.private_bytescCs$t|j||ƒ\}}t|j||||ƒS)N)r rRrM)rWr'r(rHrrrÚsignšsz_RSAPrivateKey.signN) r[r\r]rXrÚread_only_propertyrmrjrnrNryr{r|rrrrrbHs  # rbc@sFeZdZdd„Ze d¡Zdd„Zdd„Zdd „Z d d „Z d d „Z dS)r-cCst||_||_||_|jj d¡}|jj |j||jjj|jjj¡|j |d|jjjk¡|jj  |d¡|_ dS)Nz BIGNUM **r) rRrcr/r0r<rrdr1r2rerf)rWr&rgrhrirrrrX£s z_RSAPublicKey.__init__rfcCs2tƒt|tƒstdƒ‚t|ƒt|j||||ƒS)Nzsignature must be bytes.)r rÚbytesrr r^rR)rWrOr(rHrrrÚverifier²s  z_RSAPublicKey.verifiercCst|j|||ƒS)N)r*rR)rWZ plaintextr(rrrÚencrypt¼sz_RSAPublicKey.encryptcCs’|jj d¡}|jj d¡}|jj |j|||jjj¡|j |d|jjjk¡|j |d|jjjk¡tj |j  |d¡|j  |d¡dS)Nz BIGNUM **r)rori) rRr0r<rrdrcr1r2rrxrw)rWrirorrrrv¿sz_RSAPublicKey.public_numberscCs|j ||||j|j¡S)N)rRZ_public_key_bytesr/rc)rWrzr#rrrÚ public_bytesÌs z_RSAPublicKey.public_bytescCs&t|j||ƒ\}}t|j|||||ƒS)N)r rRrP)rWrOr'r(rHrrrraÕsz_RSAPublicKey.verifyN) r[r\r]rXrr}rmrr€rvrrarrrrr-¡s    r-)-Z __future__rrrrlZ cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsr r r Zcryptography.hazmat.primitivesr Z)cryptography.hazmat.primitives.asymmetricr rrZ1cryptography.hazmat.primitives.asymmetric.paddingrrrrrrZ-cryptography.hazmat.primitives.asymmetric.rsarrrr*r%r=rIrJrMrPZregister_interfaceÚobjectrQr^rbr-rrrrÚs0    !; #X