U q`Q@sZddlZddlmZddlmZmZmZddlmZm Z m Z ddl m Z m Z ddlmZmZmZddlmZmZmZmZmZmZddlmZmZmZmZeejeefe je d d d Z!ejd e"ee"d ddZ#ejd e"e ee"dddZ$ddZ%ddZ&ddZ'ddZ(ddZ)GdddeZ*Gdd d eZ+Gd!d"d"eZ,Gd#d$d$eZ-dS)%N)utils)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_check_not_prehashed_warn_sign_verify_deprecated)hashes serialization)AsymmetricSignatureContextAsymmetricVerificationContextr)AsymmetricPaddingMGF1OAEPPKCS1v15PSScalculate_max_pss_salt_length) RSAPrivateKeyRSAPrivateNumbers RSAPublicKeyRSAPublicNumbers)psskeyhash_algorithmreturncCs,|j}|tjks|tjkr$t||S|SdSN)Z _salt_lengthrZ MAX_LENGTHrr)rrrZsaltrO/tmp/pip-target-nv4zd3e_/lib/python/cryptography/hazmat/backends/openssl/rsa.py_get_rsa_pss_salt_length)s r)_RSAPrivateKey _RSAPublicKey)rdatapaddingrcCst|tstdt|tr&|jj}nVt|trh|jj}t|jt sPt dt j | |s|t dt jnt d|jt jt|||||S)Nz1Padding must be an instance of AsymmetricPadding.'Only MGF1 is supported by this backend.zPThis combination of padding and hash algorithm is not supported by this backend.${} is not supported by this backend.) isinstancer TypeErrorr_libRSA_PKCS1_PADDINGrZRSA_PKCS1_OAEP_PADDING_mgfrrrUNSUPPORTED_MGFZrsa_padding_supportedUNSUPPORTED_PADDINGformatname_enc_dec_rsa_pkey_ctx)backendrr!r" padding_enumrrr _enc_dec_rsa6s*       r1)rr!r0r"rcCs t|tr|jj}|jj}n|jj}|jj}|j|j|j j }| ||j j k|j ||jj }||}| |dk|j||}| |dk|j|j} | | dkt|tr|jjr||jj} |j|| }| |dk||j} |j|| }| |dkt|tr|jdk rt|jdkr|jt|j} | | |j j k|j | |jt|j|j|| t|j}| |dk|j d| } |j d| }|||| |t|}|j |d| d}|j|dkrtd|S)Nrsize_t *unsigned char[]zEncryption/decryption failed.) r%r r'ZEVP_PKEY_encrypt_initZEVP_PKEY_encryptZEVP_PKEY_decrypt_initZEVP_PKEY_decryptEVP_PKEY_CTX_new _evp_pkey_ffiNULLopenssl_assertgcEVP_PKEY_CTX_freeEVP_PKEY_CTX_set_rsa_padding EVP_PKEY_sizerZCryptography_HAS_RSA_OAEP_MD_evp_md_non_null_from_algorithmr) _algorithmEVP_PKEY_CTX_set_rsa_mgf1_mdZEVP_PKEY_CTX_set_rsa_oaep_mdZ_labellenZOPENSSL_mallocmemmoveZ EVP_PKEY_CTX_set0_rsa_oaep_labelnewbufferERR_clear_error ValueError)r/rr!r0r"initZcryptpkey_ctxresbuf_sizemgf1_mdZoaep_mdZlabelptrZoutlenbufresbufrrrr.Zs\      r.cCst|tstd|j|j}||dkt|trB|jj}nnt|t rt|j t sdt dt jt|tjsxtd||jddkrtd|jj}nt d|jt j|S)Nz'Expected provider of AsymmetricPadding.rr#z*Expected instance of hashes.HashAlgorithm.zDDigest too large for key size. Use a larger key or different digest.r$)r%r r&r'r=r6r9rr(rr)rrrr*r HashAlgorithm digest_sizerFZRSA_PKCS1_PSS_PADDINGr,r-r+)r/rr" algorithmZ pkey_sizer0rrr_rsa_sig_determine_paddings0        rRc Cs0t||||}|j|j|jj}|||jjk|j||jj}||}||dk|dk r| |}|j ||}|dkr| t d |jtj|j||}|dkr| t d |jtjt|tr,|j|t|||}||dk| |jj} |j|| }||dk|S)Nr2rz4{} is not supported by this backend for RSA signing.z4{} is not supported for the RSA signature operation.)rRr'r5r6r7r8r9r:r;r>ZEVP_PKEY_CTX_set_signature_md_consume_errorsrr,r-rZUNSUPPORTED_HASHr<r+r%rZ EVP_PKEY_CTX_set_rsa_pss_saltlenrr)r?r@) r/r"rQrZ init_funcr0rHrIZevp_mdrKrrr_rsa_sig_setupsL   rTc Cst|||||jj}|jd}|j||jj||t|}||dk|jd|d}|j||||t|}|dkr| } t d| |j |ddS)Nr3r2r4rzuDigest or salt length too long for key size. Use a larger key or shorter salt length if you are specifying a PSS salt) rTr'ZEVP_PKEY_sign_initr7rCZ EVP_PKEY_signr8rAr9_consume_errors_with_textrFrD) r/r"rQ private_keyr!rHbuflenrIrLerrorsrrr _rsa_sig_signs2 rYcCsVt|||||jj}|j||t||t|}||dk|dkrR|tdS)Nr)rTr'ZEVP_PKEY_verify_initZEVP_PKEY_verifyrAr9rSr)r/r"rQ public_key signaturer!rHrIrrr_rsa_sig_verify s$r\c Cst|||||jj}|j|j}||dk|jd|}|jd|}|j||||t |} |j |d|d} |j | dkrt | S)Nrr4r3r2) rTr'ZEVP_PKEY_verify_recover_initr=r6r9r7rCZEVP_PKEY_verify_recoverrArDrEr) r/r"rQrZr[rHmaxlenrLrWrIrMrrr_rsa_sig_recovers.  r^c@s>eZdZeeejdddZeddddZ edd d Z dS) _RSASignatureContext)rVr"rQcCs<||_||_t||||||_||_t|j|j|_dSr)_backend _private_keyrR_paddingr?r Hash _hash_ctx)selfr/rVr"rQrrr__init__=s z_RSASignatureContext.__init__Nr!rcCs|j|dSrrdupdaterer!rrrriOsz_RSASignatureContext.updatercCst|j|j|j|j|jSr)rYr`rbr?rardfinalizererrrrlRsz_RSASignatureContext.finalize) __name__ __module__ __qualname__rr r rOrfbytesrirlrrrrr_<s  r_c@s@eZdZeeeejdddZeddddZ ddd d Z dS) _RSAVerificationContext)rZr[r"rQcCsF||_||_||_||_t|||||}||_t|j|j|_dSr) r` _public_key _signaturerbrRr?r rcrd)rer/rZr[r"rQrrrrf]sz _RSAVerificationContext.__init__NrgcCs|j|dSrrhrjrrrrirsz_RSAVerificationContext.updaterkcCs"t|j|j|j|j|j|jSr)r\r`rbr?rsrtrdrlrmrrrverifyusz_RSAVerificationContext.verify) rnrorprrqr r rOrfrirurrrrrr\s rrc@seZdZddZedZeej e dddZ e ee ddd Z ed d d Zed d dZejejeje dddZe eejejej fe dddZdS)rcCs|j|}|dkr&|}td||j||jj}||dk||_||_ ||_ |jj d}|jj |j ||jjj|jjj|j|d|jjjk|jj |d|_dS)Nr2zInvalid private key BIGNUM **r)r'Z RSA_check_keyrUrFZRSA_blinding_onr7r8r9r` _rsa_cdatar6rC RSA_get0_key BN_num_bits _key_size)rer/ rsa_cdataevp_pkeyrIrXnrrrrfs$  z_RSAPrivateKey.__init__rz)r"rQrcCstt|t|j|||Sr)rrr_r`)rer"rQrrrsignersz_RSAPrivateKey.signer) ciphertextr"rcCs2|jdd}|t|kr"tdt|j|||S)Nz,Ciphertext length must be equal to key size.)key_sizerArFr1r`)rerr"Zkey_size_bytesrrrdecrypts z_RSAPrivateKey.decryptrkcCsV|jj|j}|j||jjjk|jj||jjj}|j |}t |j||Sr) r`r'ZRSAPublicKey_duprwr9r7r8r:ZRSA_freeZ_rsa_cdata_to_evp_pkeyr )rectxr|rrrrZs  z_RSAPrivateKey.public_keyc Cs|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jj|j||||j|d|jjjk|j|d|jjjk|j|d|jjjk|jj|j|||j|d|jjjk|j|d|jjjk|jj |j||||j|d|jjjk|j|d|jjjk|j|d|jjjkt |j |d|j |d|j |d|j |d|j |d|j |dt |j |d|j |dddS)Nrvrer})pqddmp1dmq1iqmppublic_numbers) r`r7rCr'rxrwr9r8ZRSA_get0_factorsZRSA_get0_crt_paramsr _bn_to_intr) rer}rrrrrrrrrrprivate_numberssHz_RSAPrivateKey.private_numbers)encodingr,encryption_algorithmrcCs|j|||||j|jSr)r`Z_private_key_bytesr6rw)rerr,rrrr private_bytessz_RSAPrivateKey.private_bytes)r!r"rQrcCs$t|j||\}}t|j||||Sr)rr`rY)rer!r"rQrrrsigns z_RSAPrivateKey.signN)rnrorprfrread_only_propertyrr r rOr r~rqrrrZrrr EncodingZ PrivateFormatZKeySerializationEncryptionrtypingUnion asym_utils Prehashedrrrrrrs&  % rc@seZdZddZedZeee j e dddZ eeeddd Z ed d d Zejejed ddZeeeejeje j fddddZeeeje j edddZdS)r cCst||_||_||_|jjd}|jj|j||jjj|jjj|j|d|jjjk|jj |d|_ dS)Nrvr) r`rwr6r7rCr'rxr8r9ryrz)rer/r{r|r}rrrrfsz_RSAPublicKey.__init__rz)r[r"rQrcCs,ttd|t|t|j||||S)Nr[)rr _check_bytesrrrr`rer[r"rQrrrverifiers z_RSAPublicKey.verifier) plaintextr"rcCst|j|||Sr)r1r`)rerr"rrrencryptsz_RSAPublicKey.encryptrkcCs|jjd}|jjd}|jj|j|||jjj|j|d|jjjk|j|d|jjjkt|j |d|j |ddS)Nrvrr) r`r7rCr'rxrwr8r9rr)rer}rrrrrsz_RSAPublicKey.public_numbers)rr,rcCs|j||||j|jSr)r`Z_public_key_bytesr6rw)rerr,rrr public_bytessz_RSAPublicKey.public_bytesN)r[r!r"rQrcCs&t|j||\}}t|j|||||Sr)rr`r\)rer[r!r"rQrrrru(sz_RSAPublicKey.verifycCst|t|j||||Sr)rr^r`rrrrrecover_data_from_signature6sz)_RSAPublicKey.recover_data_from_signature)rnrorprfrrrrqr r rOr rrrrr rZ PublicFormatrrrrrruOptionalrrrrrr s0     r ).rZ cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsrrrZcryptography.hazmat.primitivesr r Z)cryptography.hazmat.primitives.asymmetricr r rZ1cryptography.hazmat.primitives.asymmetric.paddingr rrrrrZ-cryptography.hazmat.primitives.asymmetric.rsarrrrrrOintrrqr1r.rRrTrYr\r^r_rrrr rrrrs@      & A+* $o