B \Úæ`³Fã@sLddlmZmZmZddlZddlmZddlmZm Z m Z ddl m Z m Z mZddlmZddlmZmZmZddlmZmZmZmZmZmZdd lmZmZd d „Zd d „Z dd„Z!dd„Z"dd„Z#dd„Z$dd„Z%dd„Z&e 'e¡Gdd„de(ƒƒZ)e 'e¡Gdd„de(ƒƒZ*e 'e¡Gdd„de(ƒƒZ+e 'e¡Gd d!„d!e(ƒƒZ,dS)"é)Úabsolute_importÚdivisionÚprint_functionN)Úutils)ÚInvalidSignatureÚUnsupportedAlgorithmÚ_Reasons)Ú_calculate_digest_and_algorithmÚ_check_not_prehashedÚ_warn_sign_verify_deprecated)Úhashes)ÚAsymmetricSignatureContextÚAsymmetricVerificationContextÚrsa)ÚAsymmetricPaddingÚMGF1ÚOAEPÚPKCS1v15ÚPSSÚcalculate_max_pss_salt_length)ÚRSAPrivateKeyWithSerializationÚRSAPublicKeyWithSerializationcCs,|j}|tjks|tjkr$t||ƒS|SdS)N)Z _salt_lengthrZ MAX_LENGTHrr)ZpssÚkeyZhash_algorithmZsalt©rú[/opt/alt/python37/lib64/python3.7/site-packages/cryptography/hazmat/backends/openssl/rsa.pyÚ_get_rsa_pss_salt_lengths rcCsŒt|tƒstdƒ‚t|tƒr&|jj}nVt|tƒrh|jj}t|jt ƒsPt dt j ƒ‚|  |¡s|t dt jƒ‚nt d |j¡t jƒ‚t|||||ƒS)Nz1Padding must be an instance of AsymmetricPadding.z'Only MGF1 is supported by this backend.zPThis combination of padding and hash algorithm is not supported by this backend.z%{0} is not supported by this backend.)Ú isinstancerÚ TypeErrorrÚ_libÚRSA_PKCS1_PADDINGrZRSA_PKCS1_OAEP_PADDINGÚ_mgfrrrÚUNSUPPORTED_MGFZrsa_padding_supportedÚUNSUPPORTED_PADDINGÚformatÚnameÚ_enc_dec_rsa_pkey_ctx)ÚbackendrÚdataÚpaddingÚ padding_enumrrrÚ _enc_dec_rsa&s&       r*cCs6t|tƒr|jj}|jj}n|jj}|jj}|j |j|j j ¡}|  ||j j k¡|j   ||jj ¡}||ƒ}|  |dk¡|j ||¡}|  |dk¡|j |j¡} |  | dk¡t|tƒrR|jjrR|j |jjj d¡¡} |  | |j j k¡|j || ¡}|  |dk¡|j |jj d¡¡} |  | |j j k¡|j || ¡}|  |dk¡t|tƒrÚ|jdk rÚt|jƒdkrÚ|j t|jƒ¡} |  | |j j k¡|j  | |jt|jƒ¡|j || t|jƒ¡}|  |dk¡|j  d| ¡} |j  d| ¡}|||| |t|ƒƒ}|dkrt||ƒ|j   |¡d| d…S)NérÚasciizsize_t *zunsigned char[])!rÚ _RSAPublicKeyrZEVP_PKEY_encrypt_initZEVP_PKEY_encryptZEVP_PKEY_decrypt_initZEVP_PKEY_decryptÚEVP_PKEY_CTX_newÚ _evp_pkeyÚ_ffiÚNULLÚopenssl_assertÚgcÚEVP_PKEY_CTX_freeÚEVP_PKEY_CTX_set_rsa_paddingÚ EVP_PKEY_sizerZCryptography_HAS_RSA_OAEP_MDÚEVP_get_digestbynamer Ú _algorithmr$ÚencodeÚEVP_PKEY_CTX_set_rsa_mgf1_mdZEVP_PKEY_CTX_set_rsa_oaep_mdZ_labelÚlenZOPENSSL_mallocZmemmoveZ EVP_PKEY_CTX_set0_rsa_oaep_labelÚnewÚ_handle_rsa_enc_dec_errorÚbuffer)r&rr'r)r(ZinitZcryptÚpkey_ctxÚresZbuf_sizeÚmgf1_mdZoaep_mdZlabelptrZoutlenÚbufrrrr%GsV        r%cCs¢| ¡}| |¡|dj|jjks(t‚t|tƒrR|dj|jj ksHt‚t dƒ‚nL|jj |jj |jj |jjg}|jjr„| |jj¡|dj|ks–t‚t dƒ‚dS)NrzGData too long for key size. Encrypt less data or use a larger key size.zDecryption failed.)Ú_consume_errorsr2ÚlibrÚ ERR_LIB_RSAÚAssertionErrorrr-ÚreasonÚ!RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZEÚ ValueErrorZRSA_R_BLOCK_TYPE_IS_NOT_01ZRSA_R_BLOCK_TYPE_IS_NOT_02ZRSA_R_OAEP_DECODING_ERRORZ RSA_R_DATA_TOO_LARGE_FOR_MODULUSZ*Cryptography_HAS_RSA_R_PKCS_DECODING_ERRORÚappendZRSA_R_PKCS_DECODING_ERROR)r&rÚerrorsZdecoding_errorsrrrr=‚s    r=cCs t|tƒstdƒ‚|j |j¡}| |dk¡t|tƒrB|jj}nZt|t ƒrˆt|j t ƒsdt dt jƒ‚||jddkr~tdƒ‚|jj}nt d |j¡t jƒ‚|S)Nz'Expected provider of AsymmetricPadding.rz'Only MGF1 is supported by this backend.ézDDigest too large for key size. Use a larger key or different digest.z%{0} is not supported by this backend.)rrrrr6r/r2rrrr rrrr!Z digest_sizerIZRSA_PKCS1_PSS_PADDINGr#r$r")r&rr(Ú algorithmZ pkey_sizer)rrrÚ_rsa_sig_determine_paddingžs$       rNc Cs4t||||ƒ}|j |j d¡¡}| ||jjk¡|j |j |jj¡}| ||jjk¡|j  ||jj ¡}||ƒ} | | dk¡|j  ||¡} | | dk¡|j  ||¡} | | dk¡t|tƒr0|j |t|||ƒ¡} | | dk¡|j |jjj d¡¡} | | |jjk¡|j || ¡} | | dk¡|S)Nr,r+r)rNrr7r$r9r2r0r1r.r/r3r4ZEVP_PKEY_CTX_set_signature_mdr5rrZ EVP_PKEY_CTX_set_rsa_pss_saltlenrr r8r:) r&r(rMrr'Z init_funcr)Zevp_mdr?r@rArrrÚ_rsa_sig_setup¾s, rOc Csút||||||jjƒ}|j d¡}|j ||jj||t|ƒ¡}| |dk¡|j d|d¡}|j ||||t|ƒ¡}|dkræ|  ¡} | dj |jj ksœt ‚d} | dj |jjkr¸d} n| dj |jjksÎt ‚d} | dk sÞt ‚t| ƒ‚|j |¡dd…S)Nzsize_t *r+zunsigned char[]rz@Salt length too long for key size. Try using MAX_LENGTH instead.z0Digest too large for key size. Use a larger key.)rOrZEVP_PKEY_sign_initr0r<Z EVP_PKEY_signr1r;r2rCrDrErFrGrHZ RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEYrIr>) r&r(rMÚ private_keyr'r?Zbuflenr@rBrKrGrrrÚ _rsa_sig_signÛs6      rQcCsXt||||||jjƒ}|j ||t|ƒ|t|ƒ¡}| |dk¡|dkrT| ¡t‚dS)Nr)rOrZEVP_PKEY_verify_initZEVP_PKEY_verifyr;r2rCr)r&r(rMÚ public_keyÚ signaturer'r?r@rrrÚ_rsa_sig_verifyþs  rTc@s$eZdZdd„Zdd„Zdd„ZdS)Ú_RSASignatureContextcCs<||_||_t||||ƒ||_||_t |j|j¡|_dS)N)Ú_backendÚ _private_keyrNÚ_paddingr8r ÚHashÚ _hash_ctx)Úselfr&rPr(rMrrrÚ__init__s z_RSASignatureContext.__init__cCs|j |¡dS)N)rZÚupdate)r[r'rrrr]sz_RSASignatureContext.updatecCst|j|j|j|j|j ¡ƒS)N)rQrVrXr8rWrZÚfinalize)r[rrrr^ s z_RSASignatureContext.finalizeN)Ú__name__Ú __module__Ú __qualname__r\r]r^rrrrrUs rUc@s$eZdZdd„Zdd„Zdd„ZdS)Ú_RSAVerificationContextcCsF||_||_||_||_t||||ƒ|}||_t |j|j¡|_dS)N) rVÚ _public_keyÚ _signaturerXrNr8r rYrZ)r[r&rRrSr(rMrrrr\,sz _RSAVerificationContext.__init__cCs|j |¡dS)N)rZr])r[r'rrrr]:sz_RSAVerificationContext.updatecCs"t|j|j|j|j|j|j ¡ƒS)N)rTrVrXr8rcrdrZr^)r[rrrÚverify=sz_RSAVerificationContext.verifyN)r_r`rar\r]rerrrrrb*srbc@sNeZdZdd„Ze d¡Zdd„Zdd„Zdd „Z d d „Z d d „Z dd„Z dS)Ú_RSAPrivateKeycCst||_||_||_|jj d¡}|jj |j||jjj|jjj¡|j |d|jjjk¡|jj  |d¡|_ dS)Nz BIGNUM **r) rVÚ _rsa_cdatar/r0r<rÚ RSA_get0_keyr1r2Ú BN_num_bitsÚ _key_size)r[r&Ú rsa_cdataÚevp_pkeyÚnrrrr\Js z_RSAPrivateKey.__init__rjcCstƒt|ƒt|j|||ƒS)N)r r rUrV)r[r(rMrrrÚsignerYsz_RSAPrivateKey.signercCs8tt |jd¡ƒ}|t|ƒkr(tdƒ‚t|j|||ƒS)Ng @z,Ciphertext length must be equal to key size.)ÚintÚmathZceilÚkey_sizer;rIr*rV)r[Z ciphertextr(Zkey_size_bytesrrrÚdecrypt^s z_RSAPrivateKey.decryptcCs||jj |j¡}|j ||jjjk¡|jj ||jjj¡}|jj  ||jjj¡}|j |dk¡|j  |¡}t |j||ƒS)Nr+) rVrZRSAPublicKey_duprgr2r0r1r3ZRSA_freeZRSA_blinding_onZ_rsa_cdata_to_evp_pkeyr-)r[Zctxr@rlrrrrRes z_RSAPrivateKey.public_keyc Cs|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj |j|||¡|j |d|jjjk¡|j |d|jjjk¡|j |d|jjjk¡|jj |j||¡|j |d|jjjk¡|j |d|jjjk¡|jj  |j|||¡|j |d|jjjk¡|j |d|jjjk¡|j |d|jjjk¡t j |j  |d¡|j  |d¡|j  |d¡|j  |d¡|j  |d¡|j  |d¡t j |j  |d¡|j  |d¡ddS)Nz BIGNUM **r)Úerm)ÚpÚqÚdÚdmp1Údmq1ÚiqmpÚpublic_numbers)rVr0r<rrhrgr2r1ZRSA_get0_factorsZRSA_get0_crt_paramsrZRSAPrivateNumbersÚ _bn_to_intÚRSAPublicNumbers) r[rmrsrvrtrurwrxryrrrÚprivate_numbersns<z_RSAPrivateKey.private_numberscCs|j ||||j|j¡S)N)rVZ_private_key_bytesr/rg)r[Úencodingr#Zencryption_algorithmrrrÚ private_bytes‘s z_RSAPrivateKey.private_bytescCs$t|j||ƒ\}}t|j||||ƒS)N)r rVrQ)r[r'r(rMrrrÚsignšsz_RSAPrivateKey.signN) r_r`rar\rÚread_only_propertyrqrnrrrRr}rr€rrrrrfHs  # rfc@sFeZdZdd„Ze d¡Zdd„Zdd„Zdd „Z d d „Z d d „Z dS)r-cCst||_||_||_|jj d¡}|jj |j||jjj|jjj¡|j |d|jjjk¡|jj  |d¡|_ dS)Nz BIGNUM **r) rVrgr/r0r<rrhr1r2rirj)r[r&rkrlrmrrrr\£s z_RSAPublicKey.__init__rjcCs2tƒt|tƒstdƒ‚t|ƒt|j||||ƒS)Nzsignature must be bytes.)r rÚbytesrr rbrV)r[rSr(rMrrrÚverifier²s  z_RSAPublicKey.verifiercCst|j|||ƒS)N)r*rV)r[Z plaintextr(rrrÚencrypt¼sz_RSAPublicKey.encryptcCs’|jj d¡}|jj d¡}|jj |j|||jjj¡|j |d|jjjk¡|j |d|jjjk¡tj |j  |d¡|j  |d¡dS)Nz BIGNUM **r)rsrm) rVr0r<rrhrgr1r2rr|r{)r[rmrsrrrrz¿sz_RSAPublicKey.public_numberscCs|j ||||j|j¡S)N)rVZ_public_key_bytesr/rg)r[r~r#rrrÚ public_bytesÌs z_RSAPublicKey.public_bytescCs&t|j||ƒ\}}t|j|||||ƒS)N)r rVrT)r[rSr'r(rMrrrreÕsz_RSAPublicKey.verifyN) r_r`rar\rrrqrƒr„rzr…rerrrrr-¡s    r-)-Z __future__rrrrpZ cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsr r r Zcryptography.hazmat.primitivesr Z)cryptography.hazmat.primitives.asymmetricr rrZ1cryptography.hazmat.primitives.asymmetric.paddingrrrrrrZ-cryptography.hazmat.primitives.asymmetric.rsarrrr*r%r=rNrOrQrTZregister_interfaceÚobjectrUrbrfr-rrrrÚs0    !; #X