σ 9(Zc@`sΐddlmZmZmZddlZddlmZddlmZm Z m Z ddl m Z m Z mZddlmZddlmZmZmZddlmZmZmZmZmZmZdd lmZmZd „Zd „Z d „Z!d „Z"d„Z#d„Z$d„Z%d„Z&ej'eƒde(fd„ƒYƒZ)ej'eƒde(fd„ƒYƒZ*ej'eƒde(fd„ƒYƒZ+ej'eƒde(fd„ƒYƒZ,dS(i(tabsolute_importtdivisiontprint_functionN(tutils(tInvalidSignaturetUnsupportedAlgorithmt_Reasons(t_calculate_digest_and_algorithmt_check_not_prehashedt_warn_sign_verify_deprecated(thashes(tAsymmetricSignatureContexttAsymmetricVerificationContexttrsa(tAsymmetricPaddingtMGF1tOAEPtPKCS1v15tPSStcalculate_max_pss_salt_length(tRSAPrivateKeyWithSerializationtRSAPublicKeyWithSerializationcC`s<|j}|tjks'|tjkr4t||ƒS|SdS(N(t _salt_lengthRt MAX_LENGTHRR(tpsstkeythash_algorithmtsalt((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyt_get_rsa_pss_salt_lengths  cC`sΩt|tƒstdƒ‚nt|tƒr<|jj}n‡t|tƒr₯|jj}t|jt ƒs~t dt j ƒ‚n|j |ƒsΓt dt jƒ‚qΓnt dj|jƒt jƒ‚t|||||ƒS(Ns1Padding must be an instance of AsymmetricPadding.s'Only MGF1 is supported by this backend.sPThis combination of padding and hash algorithm is not supported by this backend.s%{0} is not supported by this backend.(t isinstanceRt TypeErrorRt_libtRSA_PKCS1_PADDINGRtRSA_PKCS1_OAEP_PADDINGt_mgfRRRtUNSUPPORTED_MGFtrsa_padding_supportedtUNSUPPORTED_PADDINGtformattnamet_enc_dec_rsa_pkey_ctx(tbackendRtdatatpaddingt padding_enum((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyt _enc_dec_rsa&s&   cC`s$t|tƒr*|jj}|jj}n|jj}|jj}|jj|j|j j ƒ}|j ||j j kƒ|j j ||jj ƒ}||ƒ}|j |dkƒ|jj||ƒ}|j |dkƒ|jj|jƒ} |j | dkƒt|tƒrθ|jjrθ|jj|jjjjdƒƒ} |j | |j j kƒ|jj|| ƒ}|j |dkƒ|jj|jjjdƒƒ} |j | |j j kƒ|jj|| ƒ}|j |dkƒnt|tƒr¨|jdk r¨t|jƒdkr¨|jjt|jƒƒ} |j | |j j kƒ|j j| |jt|jƒƒ|jj|| t|jƒƒ}|j |dkƒn|j jd| ƒ} |j jd| ƒ}|||| |t|ƒƒ}|dkr t ||ƒn|j j!|ƒ| d S(Niitasciissize_t *sunsigned char[]("Rt _RSAPublicKeyRtEVP_PKEY_encrypt_inittEVP_PKEY_encrypttEVP_PKEY_decrypt_inittEVP_PKEY_decrypttEVP_PKEY_CTX_newt _evp_pkeyt_ffitNULLtopenssl_asserttgctEVP_PKEY_CTX_freetEVP_PKEY_CTX_set_rsa_paddingt EVP_PKEY_sizeRtCryptography_HAS_RSA_OAEP_MDtEVP_get_digestbynameR"t _algorithmR'tencodetEVP_PKEY_CTX_set_rsa_mgf1_mdtEVP_PKEY_CTX_set_rsa_oaep_mdt_labeltNonetlentOPENSSL_malloctmemmovet EVP_PKEY_CTX_set0_rsa_oaep_labeltnewt_handle_rsa_enc_dec_errortbuffer(R)RR*R,R+tinittcrypttpkey_ctxtrestbuf_sizetmgf1_mdtoaep_mdtlabelptrtoutlentbuf((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyR(GsV          "  cC`sι|jƒ}|st‚|dj|jjks7t‚t|tƒrt|dj|jjkset‚t dƒ‚nq|jj |jj |jj |jj g}|jjrΐ|j|jjƒn|dj|ksΩt‚t dƒ‚dS(NisGData too long for key size. Encrypt less data or use a larger key size.sDecryption failed.(t_consume_errorstAssertionErrortlibRt ERR_LIB_RSARR/treasont!RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZEt ValueErrortRSA_R_BLOCK_TYPE_IS_NOT_01tRSA_R_BLOCK_TYPE_IS_NOT_02tRSA_R_OAEP_DECODING_ERRORt RSA_R_DATA_TOO_LARGE_FOR_MODULUSt*Cryptography_HAS_RSA_R_PKCS_DECODING_ERRORtappendtRSA_R_PKCS_DECODING_ERROR(R)Rterrorstdecoding_errors((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyRJ‚s         cC`sρt|tƒstdƒ‚n|jj|jƒ}|j|dkƒt|tƒrd|jj}n‰t|t ƒrΟt|j t ƒsšt dt jƒ‚n||jddkrΐtdƒ‚n|jj}nt dj|jƒt jƒ‚|S(Ns'Expected provider of AsymmetricPadding.is'Only MGF1 is supported by this backend.isDDigest too large for key size. Use a larger key or different digest.s%{0} is not supported by this backend.(RRRRR<R5R8RR RR"RRRR#t digest_sizeR\tRSA_PKCS1_PSS_PADDINGR&R'R%(R)RR+t algorithmt pkey_sizeR,((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyt_rsa_sig_determine_paddingžs$ c C`sΌt||||ƒ}|jj|jjdƒƒ}|j||jjkƒ|jj|j |jjƒ}|j||jjkƒ|jj ||jj ƒ}||ƒ} |j| dkƒ|jj ||ƒ} |j| dkƒ|jj ||ƒ} |j| dkƒt|tƒrΈ|jj|t|||ƒƒ} |j| dkƒ|jj|jjjjdƒƒ} |j| |jjkƒ|jj|| ƒ} |j| dkƒn|S(NR.ii(RjRR>R'R@R8R6R7R4R5R9R:tEVP_PKEY_CTX_set_signature_mdR;RRt EVP_PKEY_CTX_set_rsa_pss_saltlenRR"R?RA( R)R+RhRR*t init_funcR,tevp_mdRNRORQ((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyt_rsa_sig_setupΎs,   c C`sct||||||jjƒ}|jjdƒ}|jj||jj||t|ƒƒ}|j|dkƒ|jjd|dƒ}|jj||||t|ƒƒ}|dkrR|j ƒ} | dj |jj ksδt ‚d} | dj|jjkr d} n%| dj|jjks+t ‚d} | dk sCt ‚t| ƒ‚n|jj|ƒS(Nssize_t *isunsigned char[]is@Salt length too long for key size. Try using MAX_LENGTH instead.s0Digest too large for key size. Use a larger key.(RoRtEVP_PKEY_sign_initR6RIt EVP_PKEY_signR7RER8RVRXRYRWRDRZR[t RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEYR\RK( R)R+Rht private_keyR*RNtbuflenRORURdRZ((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyt _rsa_sig_signΫs6        c C`st||||||jjƒ}|jj||t|ƒ|t|ƒƒ}|j|dkƒ|dkr‹|jƒ}|s‚t‚t‚ndS(Ni( RoRtEVP_PKEY_verify_inittEVP_PKEY_verifyRER8RVRWR( R)R+Rht public_keyt signatureR*RNRORd((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyt_rsa_sig_verifyώs !   t_RSASignatureContextcB`s#eZd„Zd„Zd„ZRS(cC`sV||_||_t||||ƒ||_||_tj|j|jƒ|_dS(N(t_backendt _private_keyRjt_paddingR?R tHasht _hash_ctx(tselfR)RsR+Rh((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyt__init__s     cC`s|jj|ƒdS(N(R€tupdate(RR*((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyRƒscC`s+t|j|j|j|j|jjƒƒS(N(RuR|R~R?R}R€tfinalize(R((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyR„!s (t__name__t __module__R‚RƒR„(((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyR{s t_RSAVerificationContextcB`s#eZd„Zd„Zd„ZRS(cC`se||_||_||_||_t||||ƒ|}||_tj|j|jƒ|_dS(N( R|t _public_keyt _signatureR~RjR?R RR€(RR)RxRyR+Rh((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyR‚-s     cC`s|jj|ƒdS(N(R€Rƒ(RR*((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyRƒ;scC`s1t|j|j|j|j|j|jjƒƒS(N(RzR|R~R?RˆR‰R€R„(R((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pytverify>s(R…R†R‚RƒRŠ(((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyR‡+s  t_RSAPrivateKeycB`sVeZd„ZejdƒZd„Zd„Zd„Zd„Z d„Z d„Z RS(cC`s€||_||_||_|jjjdƒ}|jjj|j||jjj|jjjƒ|jj|d|jjjkƒ|jjj |dƒ|_ dS(Ns BIGNUM **i( R|t _rsa_cdataR5R6RIRt RSA_get0_keyR7R8t BN_num_bitst _key_size(RR)t rsa_cdatatevp_pkeytn((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyR‚Ks    #RcC`s'tƒt|ƒt|j|||ƒS(N(R RR{R|(RR+Rh((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pytsignerZs cC`sSttj|jdƒƒ}|t|ƒkr=tdƒ‚nt|j|||ƒS(Ng @s,Ciphertext length must be equal to key size.(tinttmathtceiltkey_sizeRER\R-R|(Rt ciphertextR+tkey_size_bytes((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pytdecrypt_scC`s΄|jjj|jƒ}|jj||jjjkƒ|jjj||jjjƒ}|jjj ||jjjƒ}|jj|dkƒ|jj |ƒ}t |j||ƒS(Ni( R|RtRSAPublicKey_dupRŒR8R6R7R9tRSA_freetRSA_blinding_ont_rsa_cdata_to_evp_pkeyR/(RtctxROR‘((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyRxfs!!c C`sΰ|jjjdƒ}|jjjdƒ}|jjjdƒ}|jjjdƒ}|jjjdƒ}|jjjdƒ}|jjjdƒ}|jjjdƒ}|jjj|j|||ƒ|jj|d|jjjkƒ|jj|d|jjjkƒ|jj|d|jjjkƒ|jjj|j||ƒ|jj|d|jjjkƒ|jj|d|jjjkƒ|jjj |j|||ƒ|jj|d|jjjkƒ|jj|d|jjjkƒ|jj|d|jjjkƒt j d|jj |dƒd|jj |dƒd|jj |dƒd|jj |dƒd|jj |dƒd|jj |dƒd t j d |jj |dƒd |jj |dƒƒƒS( Ns BIGNUM **itptqtdtdmp1tdmq1tiqmptpublic_numbersteR’(R|R6RIRRRŒR8R7tRSA_get0_factorstRSA_get0_crt_paramsR tRSAPrivateNumberst _bn_to_inttRSAPublicNumbers( RR’R§R’R R‘R£R€R₯((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pytprivate_numbersos<##### ###  cC`s"|jj||||j|jƒS(N(R|t_private_key_bytesR5RŒ(RtencodingR&tencryption_algorithm((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyt private_bytes’s  cC`s4t|j||ƒ\}}t|j||||ƒS(N(RR|Ru(RR*R+Rh((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pytsign›s( R…R†R‚Rtread_only_propertyR—R“RšRxR­R±R²(((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyR‹Is    # R/cB`sMeZd„ZejdƒZd„Zd„Zd„Zd„Z d„Z RS(cC`s€||_||_||_|jjjdƒ}|jjj|j||jjj|jjjƒ|jj|d|jjjkƒ|jjj |dƒ|_ dS(Ns BIGNUM **i( R|RŒR5R6RIRRR7R8RŽR(RR)RR‘R’((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyR‚€s    #RcC`sHtƒt|tƒs%tdƒ‚nt|ƒt|j||||ƒS(Nssignature must be bytes.(R RtbytesRRR‡R|(RRyR+Rh((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pytverifier³s  cC`st|j|||ƒS(N(R-R|(Rt plaintextR+((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pytencrypt½scC`sΞ|jjjdƒ}|jjjdƒ}|jjj|j|||jjjƒ|jj|d|jjjkƒ|jj|d|jjjkƒtj d|jj |dƒd|jj |dƒƒS(Ns BIGNUM **iR§R’( R|R6RIRRRŒR7R8R R¬R«(RR’R§((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyR¦ΐs ## cC`s"|jj||||j|jƒS(N(R|t_public_key_bytesR5RŒ(RR―R&((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyt public_bytesΝs  cC`s7t|j||ƒ\}}t|j|||||ƒS(N(RR|Rz(RRyR*R+Rh((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyRŠΦs( R…R†R‚RR³R—R΅R·R¦RΉRŠ(((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyR/’s   (-t __future__RRRR•t cryptographyRtcryptography.exceptionsRRRt*cryptography.hazmat.backends.openssl.utilsRRR tcryptography.hazmat.primitivesR t)cryptography.hazmat.primitives.asymmetricR R R t1cryptography.hazmat.primitives.asymmetric.paddingRRRRRRt-cryptography.hazmat.primitives.asymmetric.rsaRRRR-R(RJRjRoRuRztregister_interfacetobjectR{R‡R‹R/(((sN/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/rsa.pyts0 . ! ;   # X