a bf(@s\ddlZddlmZmZmZddlmZddlmZm Z ej rJddl m Z GdddZ dS)N) InvalidTagUnsupportedAlgorithm_Reasons)ciphers) algorithmsmodes)Backendc@seZdZdZdZdZdeddddZeed d d Z eeed d dZ edddZ eedddZ edd ddZ eejedddZdS)_CipherContextri?rN)backend operationreturncCsF||_||_||_||_d|_t|jtjr<|jjd|_ nd|_ |jj }|jj ||jj j}|jj}z|t|t|f}Wn2tytd|j|r|jn|tjYn0||j||}||jj jkrd|} |dur| d|7} | d|j7} t| tjt|tjr6|jj |j} njt|tjrV|jj |j} nJt|tjrv|jj |j } n*t|t!j"r|jj |j } n |jj j} |jj #|||jj j|jj j|jj j|} |j$| dk|jj %|t&|j'} |j$| dkt|tj(r|jj )||jj j*t&| |jj j} |j$| dk|j+dur|jj )||jj j,t&|j+|j+} |j$| dk|j+|_|jj #||jj j|jj j|jj |j'| |} |j-} |jj } | dkr| j.r| d/| j0| j1s| j2r| d/| j3| j4rt5d|jj$| dk| d |jj 6|d||_7dS) Nr z6cipher {} in {} mode is not supported by this backend.zcipher {0.name} zin {0.name} mode z_is not supported by this backend (Your version of OpenSSL may be too old. Current version: {}.)rz+In XTS mode duplicated keys are not allowederrors)8_backendZ_cipher_mode _operation_tag isinstancerZBlockCipherAlgorithm block_size_block_size_bytes_libZEVP_CIPHER_CTX_new_ffigcZEVP_CIPHER_CTX_freeZ_cipher_registrytypeKeyErrorrformatnamerZUNSUPPORTED_CIPHERNULLZopenssl_version_textrZModeWithInitializationVector from_bufferZinitialization_vectorZ ModeWithTweakZtweakZ ModeWithNoncenoncerZChaCha20ZEVP_CipherInit_exopenssl_assertZEVP_CIPHER_CTX_set_key_lengthlenkeyGCMEVP_CIPHER_CTX_ctrlZEVP_CTRL_AEAD_SET_IVLENtagEVP_CTRL_AEAD_SET_TAG_consume_errorsZ$CRYPTOGRAPHY_OPENSSL_111D_OR_GREATER_lib_reason_match ERR_LIB_EVPZEVP_R_XTS_DUPLICATED_KEYSCryptography_HAS_PROVIDERS ERR_LIB_PROVZPROV_R_XTS_DUPLICATED_KEYS ValueErrorZEVP_CIPHER_CTX_set_padding_ctx)selfr ciphermoder ctxregistryadapterZ evp_ciphermsgZiv_nonceresrlibr9S/tmp/pip-target-98j97qn4/lib/python/cryptography/hazmat/backends/openssl/ciphers.py__init__s            z_CipherContext.__init__)datar cCs2tt||jd}|||}t|d|S)Nr ) bytearrayr#r update_intobytes)r0r<bufnr9r9r:updates z_CipherContext.update)r<r@r c Cst|}t|||jdkr:tdt||jdd}d}|jjd}|jj|}|jj|}||kr||} ||} t|j ||} |jj |j | || | } | dkrt |jtjr|jtdn|j| dk|| 7}||d7}ql|S)Nr z1buffer must be at least {} bytes for this payloadrint *zeIn XTS mode you must supply at least a full block in the first update call. For AES this is 16 bytes.)r#rr.rrrnewr min_MAX_CHUNK_SIZErEVP_CipherUpdater/rrrZXTSr)r") r0r<r@Ztotal_data_lenZdata_processedZ total_outoutlenZ baseoutbufZ baseinbufZoutbufZinbufZinlenr7r9r9r:r>s8  z_CipherContext.update_into)r cCs|j|jkr,t|jtjr,|jdur,td|jj d|j }|jj d}|jj |j||}|dkr|j}|st|jtjrt|jj }|jj|d|j|jp|jr|d|j|jp|jo|dj|jk|dtdt|jtjr^|j|jkr^|jj d|j }|jj |j|jj j|j |}|j|dk|jj |dd|_ |jj !|j}|j|dk|jj |d|dS)Nz4Authentication tag must be provided when decrypting.zunsigned char[]rCrrzFThe length of the provided data is not a multiple of the block length.r )"r_DECRYPTrrrZModeWithAuthenticationTagr'r.rrrDrrZEVP_CipherFinal_exr/r)r%rr"r*r+Z'EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTHr,r-ZPROV_R_WRONG_FINAL_BLOCK_LENGTHZCRYPTOGRAPHY_IS_BORINGSSLreasonZ*CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH_ENCRYPTr&ZEVP_CTRL_AEAD_GET_TAGbufferrZEVP_CIPHER_CTX_reset)r0r@rHr7rr8Ztag_bufr9r9r:finalizesn      z_CipherContext.finalize)r'r cCst|}||jjkr(td|jjn||jkrBtd|j|jj|j |jjj t||}|j |dk||_ | S)Nz.Authentication tag must be {} bytes or longer.z0Authentication tag cannot be more than {} bytes.r)r#rZ_min_tag_lengthr.rrrrr&r/r(r"rrM)r0r'Ztag_lenr7r9r9r:finalize_with_tags&  z _CipherContext.finalize_with_tagcCsN|jjd}|jj|j|jjj||jj|t|}|j |dkdS)NrCr) rrrDrrGr/rr r#r")r0r<rHr7r9r9r:authenticate_additional_data s z+_CipherContext.authenticate_additional_datacCs|jS)N)r)r0r9r9r:r'sz_CipherContext.tag)__name__ __module__ __qualname__rKrIrFintr;r?rBr>rMrNrOpropertytypingOptionalr'r9r9r9r:r s {#@ r )rUZcryptography.exceptionsrrrZcryptography.hazmat.primitivesrZ&cryptography.hazmat.primitives.ciphersrr TYPE_CHECKINGZ,cryptography.hazmat.backends.openssl.backendrr r9r9r9r:s