pg:TddlZddlZddlmZmZmZddlmZddlm Z m Z ddl m Z ddlmZmZmZmZmZmZmZmZmZddlmZmZmZmZejrddlmZd d d ed ej eefd e j!de"f dZ#d d d ej dde$dede$f dZ%d d d ej dde$de"dede$f dZ&d d d ej ddedej'e j!de"f dZ(d d dedej'e j!d ej ddej)ej*ge"ff dZ+d d dede j!ddde$de$f dZ,d d dede j!ddd e$de$ddfd!Z-d d dedej'e j!ddd e$de$f d"Z.Gd#deZ/Gd$deZ0dS)%N)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm)hashes serialization)utils) AsymmetricPaddingMGF1OAEPPKCS1v15PSS_Auto _DigestLength _MaxLengthcalculate_max_pss_salt_length) RSAPrivateKeyRSAPrivateNumbers RSAPublicKeyRSAPublicNumbers)Backendbackendrpsskeyhash_algorithmreturnc |j}t|trt||St|tr|jSt|t r0t|trtd|j j S|S)Nz6PSS salt length can only be set to AUTO when verifying) _salt_length isinstancerrr digest_sizerr ValueError_libRSA_PSS_SALTLEN_AUTO)rrrrsalts J/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/rsa.py_get_rsa_pss_salt_lengthr&+s  D$ ## ,S.AAA D- ( ( )) D%  c= ) ) H |00 )_RSAPrivateKey _RSAPublicKeydatapaddingc"t|tstdt|tr |jj}nt|t rp|jj}t|jtstdtj | |stdtjn2td|jtjt#|||||S)Nz1Padding must be an instance of AsymmetricPadding.'Only MGF1 is supported by this backend.zPThis combination of padding and hash algorithm is not supported by this backend.${} is not supported by this backend.)rr TypeErrorr r"RSA_PKCS1_PADDINGr RSA_PKCS1_OAEP_PADDING_mgfr rrUNSUPPORTED_MGFrsa_padding_supportedUNSUPPORTED_PADDINGformatname_enc_dec_rsa_pkey_ctx)rrr*r+ padding_enums r% _enc_dec_rsar:As g0 1 1MKLLL'8$$ |5 GT " " |: ',-- &9(  ,,W55 &-,  # 2 9 9', G G  (   !#t\7 K KKr'r9c Lt|tr|jj}|jj}n|jj}|jj}|j|j|j j }| ||j j k|j ||jj }||}| |dk|j||}| |dk|j|j} | | dkt|t r||jj} |j|| }| |dk||j} |j|| }| |dkt|t r|jt/|jdkr|jt/|j} | | |j j k|j | |jt/|j|j|| t/|j}| |dk|j d| } |j d| }|||| |t/|}|j |d| d}|j|dkrt=d|S)Nrsize_t *unsigned char[]zEncryption/decryption failed.)rr)r"EVP_PKEY_encrypt_initEVP_PKEY_encryptEVP_PKEY_decrypt_initEVP_PKEY_decryptEVP_PKEY_CTX_new _evp_pkey_ffiNULLopenssl_assertgcEVP_PKEY_CTX_freeEVP_PKEY_CTX_set_rsa_padding EVP_PKEY_sizer _evp_md_non_null_from_algorithmr2 _algorithmEVP_PKEY_CTX_set_rsa_mgf1_mdEVP_PKEY_CTX_set_rsa_oaep_md_labellenOPENSSL_mallocmemmove EVP_PKEY_CTX_set0_rsa_oaep_labelnewbufferERR_clear_errorr!)rrr*r9r+initcryptpkey_ctxresbuf_sizemgf1_mdoaep_mdlabelptroutlenbufresbufs r%r8r8es7#}%%.|1 -|1 -|,,S]GL/B/BCCx7<+<<=== Xw~s7>7J7JKKKl;; hGN 3 3   sax((( \  j( 3 3F ,  ,h 7 7C %#vtSYY 7 7C \  % %kq k 2F L  """ axx8999 Mr' algorithmct|tstd|j|j}||dkt|tr |jj}nt|trt|j tstdtjt|tjstd||jz dz dkrt%d|jj}n2td|jtj|S)Nz'Expected provider of AsymmetricPadding.rr-z*Expected instance of hashes.HashAlgorithm.zDDigest too large for key size. Use a larger key or different digest.r.)rr r/r"rKrDrGr r0rr2r rrr3r HashAlgorithmr r!RSA_PKCS1_PSS_PADDINGr6r7r5)rrr+rc pkey_sizer9s r%_rsa_sig_determine_paddingrisN g0 1 1CABBB **3=99I 9q=)))'8$$ |5 GS ! ! ',-- &9(  )V%9:: JHII I y, ,q 01 4 4+  |9 " 2 9 9', G G  (   r')r)r( init_funcc t||||}|j|j|jj}|||jjk|j||jj}||}|dkr$| }td|||| |} |j || }|dkrF| td|jt j|j||}|dkrF| td|jt jt)|t*rt)|t,jsJ|j|t3||||}||dk| |jj} |j|| }||dk|S)Nr<z#Unable to sign/verify with this keyrz4{} is not supported by this backend for RSA signing.z4{} is not supported for the RSA signature operation.)rir"rCrDrErFrGrHrI_consume_errorsr!rLEVP_PKEY_CTX_set_signature_mdrr6r7rUNSUPPORTED_HASHrJr5rrrrf EVP_PKEY_CTX_set_rsa_pss_saltlenr&r2rMrN) rr+rcrrjr9rZr[errorsevp_mdr]s r%_rsa_sig_setuprrsO.gsGYOOL|,,S]GLGGG88CCl886JJ !88  # # % % %&FMMN)   , 3 3Hl K KC axx!!!" B I I     (    '3 ()V%9:::::l;;  $WgsI F F   sQw'''99 L #  l77'JJsQw''' Or' private_keyr(c <t|||||jj}|jd}|j||jj||t|}||dk|jd|d}|j||||t|}|dkr$| } td| |j |ddS)Nr=r<r>rzuDigest or salt length too long for key size. Use a larger key or shorter salt length if you are specifying a PSS salt) rrr"EVP_PKEY_sign_initrErU EVP_PKEY_signrFrQrG_consume_errors_with_textr!rV) rr+rcrsr*rZbuflenr[rarps r% _rsa_sig_signry s ' H\  j ) )F , $ $',#VT3t99  C 3!8$$$ ,  ,fQi 8 8C , $ $XsFD#d)) L LC axx2244 F    <  s # #AAA &&r' public_keyr) signaturec $t|||||jj}|j||t ||t |}||dk|dkr|tdS)Nr)rrr"EVP_PKEY_verify_initEVP_PKEY_verifyrQrGrlr)rr+rcrzr{r*rZr[s r%_rsa_sig_verifyr-s ) H , & &)S^^T3t99  C  3!8$$$ axx!!!xr'c t|||||jj}|j|j}||dk|jd|}|jd|}|j||||t|} |j |d|d} |j | dkrt| S)Nrr>r=r<) rrr"EVP_PKEY_verify_recover_initrKrDrGrErUEVP_PKEY_verify_recoverrQrVrWr) rr+rcrzr{rZmaxlenrarxr[rbs r%_rsa_sig_recoverrHs 1 H\ ' ' (< = =F 6A:&&& ,  ,f 5 5C \  j& 1 1F , . .#vy#i..  C\  % %kq k 2F L  """ axx Mr'ceZdZUeed<eed<eed<dddefdZdd Zdd Z e defd Z d e de de fdZdefdZdefdZdejdejdejde fdZde de dejejejfde fdZd S)r(rD _rsa_cdata _key_sizerr_skip_check_keyc|sV|j|}|dkr$|}td||jd}|jd}|j|||||d|jjk||d|jjk|j |d} |j |d} | dks| dkr$|}td|||_ ||_ ||_ d|_ tj|_|j jd} |j j|j | |j jj|j jj|j | d|j jjk|j j| d|_dS)Nr<zInvalid private key BIGNUM **rF)r" RSA_check_keyrwr!rErURSA_get0_factorsrGrF BN_is_odd_backendrrD_blinded threadingLock_blinding_lock RSA_get0_key BN_num_bitsr) selfr rsa_cdataevp_pkeyrr[rppqp_oddq_oddns r%__init__z_RSAPrivateKey.__init__qs @,,,Y77Caxx ::<< !6???   --A   --A L ) ))Q : : :  " "1Q47<+<#< = = =  " "1Q47<+<#< = = =L**1Q400EL**1Q400EzzUaZZ ::<< !6??? #! 'n.. M  " "; / / '' O M  # M  #    $$QqTT]-?-D%DEEE+77!==r'rNc|js6|j5|ddddS#1swxYwYdSdSN)rr_non_threadsafe_enable_blindingrs r%_enable_blindingz_RSAPrivateKey._enable_blindings} 7$ 7 744666 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7s 155c|js[|jj|j|jjj}|j|dkd|_dSdS)Nr<T)rrr"RSA_blinding_onrrErFrG)rr[s r%rz._RSAPrivateKey._non_threadsafe_enable_blindingsh } !-$44!3!8C M ( ( 2 2 2 DMMM  ! !r'c|jSrrrs r%key_sizez_RSAPrivateKey.key_size ~r' ciphertextr+c||jdzdz}|t|krtdt |j|||S)Nz,Ciphertext length must be equal to key size.)rrrQr!r:r)rrr+key_size_bytess r%decryptz_RSAPrivateKey.decrypts[ -!+1 S__ , ,KLL LDM4WEEEr'cb|jj|j}|j||jjjk|jj||jjj}|j |}t|j||Sr) rr"RSAPublicKey_duprrGrErFrHRSA_free_rsa_cdata_to_evp_pkeyr))rctxrs r%rzz_RSAPrivateKey.public_keysm 11$/BB $$SDM,>,C%CDDDm ##C);)DEE=77<<T]C:::r'c4|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jj|j||||j|d|jjjk|j|d|jjjk|j|d|jjjk|jj|j|||j|d|jjjk|j|d|jjjk|jj |j||||j|d|jjjk|j|d|jjjk|j|d|jjjkt|j |d|j |d|j |d|j |d|j |d|j |dt|j |d|j |dS)Nrrer)rrddmp1dmq1iqmppublic_numbers) rrErUr"rrrGrFrRSA_get0_crt_paramsr _bn_to_intr) rrrrrrrrrs r%private_numbersz_RSAPrivateKey.private_numberssE M  " "; / / M  " "; / / M  " "; / / M  " "; / / M  " "; / /}!%%k22}!%%k22}!%%k22 ''AqAAA $$QqTT]-?-D%DEEE $$QqTT]-?-D%DEEE $$QqTT]-?-D%DEEE ++DOQBBB $$QqTT]-?-D%DEEE $$QqTT]-?-D%DEEE .. OT4    $$T!W 0B0G%GHHH $$T!W 0B0G%GHHH $$T!W 0B0G%GHHH m&&qt,,m&&qt,,m&&qt,,))$q'22))$q'22))$q'22+-**1Q400-**1Q400    r'encodingr6encryption_algorithmcT|j|||||j|jSr)r_private_key_bytesrDr)rrr6rs r% private_bytesz_RSAPrivateKey.private_bytess4 }//    N O    r'r*rcc|t||\}}t|j||||Sr)rrryr)rr*r+rcs r%signz_RSAPrivateKey.signsA 9$ JJiT]GYdKKKr')rN)__name__ __module__ __qualname__object__annotations__intboolrrrpropertyrbytesr rrrzrrrEncoding PrivateFormatKeySerializationEncryptionrtypingUnion asym_utils Prehashedrrfrr'r%r(r(lsNNN*> *>HL*>*>*>*>X7777 ! ! ! !#XF%F2CFFFFF;L;;;;! !2! ! ! ! F  (  +  ,F       LL#L< 4f6J JK L  LLLLLLr'c eZdZUeed<eed<eed<ddZedefdZd e d e de fd Z de fd Z d ejdejde fdZde de d e dejejejfddf dZde d e dejejde fdZdS)r)rDrrrrc||_||_||_|jjd}|jj|j||jjj|jjj|j|d|jjjk|jj |d|_ dS)Nrr) rrrDrErUr"rrFrGrr)rrrrrs r%rz_RSAPublicKey.__init__s #! M  " "; / / '' O M  # M  #    $$QqTT]-?-D%DEEE+77!==r'rc|jSrrrs r%rz_RSAPublicKey.key_sizerr' plaintextr+c0t|j|||Sr)r:r)rrr+s r%encryptz_RSAPublicKey.encryptsDM4GDDDr'cP|jjd}|jjd}|jj|j|||jjj|j|d|jjjk|j|d|jjjkt|j |d|j |dS)Nrrr) rrErUr"rrrFrGrr)rrrs r%rz_RSAPublicKey.public_numberss M  " "; / / M  " "; / / '' OQ4=#5#:    $$QqTT]-?-D%DEEE $$QqTT]-?-D%DEEEm&&qt,,m&&qt,,    r'rr6cR|j||||j|jSr)r_public_key_bytesrDr)rrr6s r% public_bytesz_RSAPublicKey.public_bytes(s- }.. fdDNDO   r'r{r*rcNc^t||\}}t|j|||||dSr)rrr)rr{r*r+rcs r%verifyz_RSAPublicKey.verify1sB:$ JJi M7ItY     r'ct|tjrtdt |j||||S)NzoPrehashed is only supported in the sign and verify methods. It cannot be used with recover_data_from_signature.)rrrr/rr)rr{r+rcs r%recover_data_from_signaturez)_RSAPublicKey.recover_data_from_signature=sR i!5 6 6 F  M7ItY   r')rr)rrrrrrrrrrr rrrrr PublicFormatrrrrrrrfrOptionalrrr'r%r)r)sNNN > > > >#XEE1BEuEEEE  0      ( *             #  < 4f6J JK           #  ?6#78         r')1rrcryptography.exceptionsrrr*cryptography.hazmat.backends.openssl.utilsrcryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricr r1cryptography.hazmat.primitives.asymmetric.paddingr r r r rrrrr-cryptography.hazmat.primitives.asymmetric.rsarrrr TYPE_CHECKING,cryptography.hazmat.backends.openssl.backendrrrfrr&rr:r8rriCallableAnyrrryrrr(r)rr'r%rs   A@@@@@@@                       EDDDDDD   m\1 2(   ,!L !L 7 8!L !L !L  !L!L!L!LH@ @ 7 8@ @ @  @  @@@@F) ) 7 8))v34 )  ))))`2 2 2v342 7 8 2  |S01 2222j' ' '#'" '  '  ''''@  #      6! ! !v34! !  !  !!!!HQLQLQLQLQL]QLQLQLhJ J J J J LJ J J J J r'