U *”}fâCã@s<ddlmZmZmZddlmZddlmZmZm Z ddl m Z m Z m Z ddlmZddlmZmZmZddlmZmZmZmZmZmZddlmZmZd d „Zd d „Zd d„Z dd„Z!dd„Z"dd„Z#dd„Z$e %e¡Gdd„de&ƒƒZ'e %e¡Gdd„de&ƒƒZ(e %e¡Gdd„de&ƒƒZ)e %e¡Gdd„de&ƒƒZ*dS) é)Úabsolute_importÚdivisionÚprint_function)Úutils)ÚInvalidSignatureÚUnsupportedAlgorithmÚ_Reasons)Ú_calculate_digest_and_algorithmÚ_check_not_prehashedÚ_warn_sign_verify_deprecated)Úhashes)ÚAsymmetricSignatureContextÚAsymmetricVerificationContextÚrsa)ÚAsymmetricPaddingÚMGF1ÚOAEPÚPKCS1v15ÚPSSÚcalculate_max_pss_salt_length)ÚRSAPrivateKeyWithSerializationÚRSAPublicKeyWithSerializationcCs,|j}|tjks|tjkr$t||ƒS|SdS©N)Z _salt_lengthrZ MAX_LENGTHrr)ZpssÚkeyZhash_algorithmZsalt©rúL/tmp/pip-unpacked-wheel-x36vw73o/cryptography/hazmat/backends/openssl/rsa.pyÚ_get_rsa_pss_salt_length&s rcCsŒt|tƒstdƒ‚t|tƒr&|jj}nVt|tƒrh|jj}t|jt ƒsPt dt j ƒ‚|  |¡s|t dt jƒ‚nt d |j¡t jƒ‚t|||||ƒS)Nz1Padding must be an instance of AsymmetricPadding.ú'Only MGF1 is supported by this backend.zPThis combination of padding and hash algorithm is not supported by this backend.ú${} is not supported by this backend.)Ú isinstancerÚ TypeErrorrÚ_libÚRSA_PKCS1_PADDINGrZRSA_PKCS1_OAEP_PADDINGÚ_mgfrrrÚUNSUPPORTED_MGFZrsa_padding_supportedÚUNSUPPORTED_PADDINGÚformatÚnameÚ_enc_dec_rsa_pkey_ctx)ÚbackendrÚdataÚpaddingÚ padding_enumrrrÚ _enc_dec_rsa/s*     þ ý þr-cCs t|tƒr|jj}|jj}n|jj}|jj}|j |j|j j ¡}|  ||j j k¡|j   ||jj ¡}||ƒ}|  |dk¡|j ||¡}|  |dk¡|j |j¡} |  | dk¡t|tƒr|jjr| |jj¡} |j || ¡}|  |dk¡| |j¡} |j || ¡}|  |dk¡t|tƒr¢|jdk r¢t|jƒdkr¢|j t|jƒ¡} |  | |j j k¡|j  | |jt|jƒ¡|j || t|jƒ¡}|  |dk¡|j  d| ¡} |j  d| ¡}|||| |t|ƒƒ}|j  |¡d| d…}|j ¡|dkrtdƒ‚|S)Nérúsize_t *úunsigned char[]zEncryption/decryption failed.) rÚ _RSAPublicKeyr!ZEVP_PKEY_encrypt_initZEVP_PKEY_encryptZEVP_PKEY_decrypt_initZEVP_PKEY_decryptÚEVP_PKEY_CTX_newÚ _evp_pkeyÚ_ffiÚNULLÚopenssl_assertÚgcÚEVP_PKEY_CTX_freeÚEVP_PKEY_CTX_set_rsa_paddingÚ EVP_PKEY_sizerZCryptography_HAS_RSA_OAEP_MDÚ_evp_md_non_null_from_algorithmr#Ú _algorithmÚEVP_PKEY_CTX_set_rsa_mgf1_mdZEVP_PKEY_CTX_set_rsa_oaep_mdZ_labelÚlenZOPENSSL_mallocÚmemmoveZ EVP_PKEY_CTX_set0_rsa_oaep_labelÚnewÚbufferZERR_clear_errorÚ ValueError)r)rr*r,r+ÚinitZcryptÚpkey_ctxÚresÚbuf_sizeÚmgf1_mdZoaep_mdZlabelptrZoutlenÚbufZresbufrrrr(Ns\  ÿ ÿþ ýÿ  r(cCs t|tƒstdƒ‚|j |j¡}| |dk¡t|tƒrB|jj}nZt|t ƒrˆt|j t ƒsdt dt jƒ‚||jddkr~tdƒ‚|jj}nt d |j¡t jƒ‚|S)Nz'Expected provider of AsymmetricPadding.rrézDDigest too large for key size. Use a larger key or different digest.r)rrr r!r:r3r6rr"rr#rrrr$Ú digest_sizerBZRSA_PKCS1_PSS_PADDINGr&r'r%)r)rr+Ú algorithmZ pkey_sizer,rrrÚ_rsa_sig_determine_padding‰s,     þÿ  þrLc Cst||||ƒ}| |¡}|j |j|jj¡}| ||jjk¡|j ||jj ¡}||ƒ} | | dk¡|j  ||¡} | dkr˜|  ¡t d  |j¡tjƒ‚|j ||¡} | | dk¡t|tƒr|j |t|||ƒ¡} | | dk¡| |jj¡} |j || ¡} | | dk¡|S)Nr.rz4{} is not supported by this backend for RSA signing.)rLr;r!r2r3r4r5r6r7r8ZEVP_PKEY_CTX_set_signature_mdÚ_consume_errorsrr&r'rZUNSUPPORTED_HASHr9rrZ EVP_PKEY_CTX_set_rsa_pss_saltlenrr#r<r=) r)r+rKrr*Z init_funcr,Zevp_mdrDrErGrrrÚ_rsa_sig_setup«s< ÿü  ÿÿrNc Cs¤t||||||jjƒ}|j d¡}|j ||jj||t|ƒ¡}| |dk¡|j d|d¡}|j ||||t|ƒ¡}|dkr|  ¡} t d| ƒ‚|j  |¡dd…S)Nr/r.r0rzuDigest or salt length too long for key size. Use a larger key or shorter salt length if you are specifying a PSS salt) rNr!ZEVP_PKEY_sign_initr4r@Z EVP_PKEY_signr5r>r6Ú_consume_errors_with_textrBrA) r)r+rKÚ private_keyr*rDÚbuflenrErHÚerrorsrrrÚ _rsa_sig_signÍs4ú ÿýrScCsXt||||||jjƒ}|j ||t|ƒ|t|ƒ¡}| |dk¡|dkrT| ¡t‚dS)Nr)rNr!ZEVP_PKEY_verify_initZEVP_PKEY_verifyr>r6rMr)r)r+rKÚ public_keyÚ signaturer*rDrErrrÚ_rsa_sig_verifyès&úÿrVc@s$eZdZdd„Zdd„Zdd„ZdS)Ú_RSASignatureContextcCs<||_||_t||||ƒ||_||_t |j|j¡|_dSr)Ú_backendÚ _private_keyrLÚ_paddingr<r ÚHashÚ _hash_ctx)Úselfr)rPr+rKrrrÚ__init__ÿs z_RSASignatureContext.__init__cCs|j |¡dSr©r\Úupdate©r]r*rrrr` sz_RSASignatureContext.updatecCst|j|j|j|j|j ¡ƒSr)rSrXrZr<rYr\Úfinalize©r]rrrrbsûz_RSASignatureContext.finalizeN)Ú__name__Ú __module__Ú __qualname__r^r`rbrrrrrWýs rWc@s$eZdZdd„Zdd„Zdd„ZdS)Ú_RSAVerificationContextcCsF||_||_||_||_t||||ƒ|}||_t |j|j¡|_dSr) rXÚ _public_keyÚ _signaturerZrLr<r r[r\)r]r)rTrUr+rKrrrr^sz _RSAVerificationContext.__init__cCs|j |¡dSrr_rarrrr`(sz_RSAVerificationContext.updatecCs"t|j|j|j|j|j|j ¡ƒSr)rVrXrZr<rhrir\rbrcrrrÚverify+súz_RSAVerificationContext.verifyN)rdrerfr^r`rjrrrrrgsrgc@sNeZdZdd„Ze d¡Zdd„Zdd„Zdd „Z d d „Z d d „Z dd„Z dS)Ú_RSAPrivateKeycCsº|j |¡}|dkr&| ¡}td|ƒ‚|j ||jj¡}| |dk¡||_||_ ||_ |jj  d¡}|jj  |j ||jjj|jjj¡|j |d|jjjk¡|jj  |d¡|_dS)Nr.zInvalid private keyú BIGNUM **r)r!Z RSA_check_keyrOrBZRSA_blinding_onr4r5r6rXÚ _rsa_cdatar3r@Ú RSA_get0_keyÚ BN_num_bitsÚ _key_size)r]r)Ú rsa_cdataÚevp_pkeyrErRÚnrrrr^8s$  üz_RSAPrivateKey.__init__rpcCstƒt|ƒt|j|||ƒSr)r r rWrX)r]r+rKrrrÚsignerSsz_RSAPrivateKey.signercCs2|jdd}|t|ƒkr"tdƒ‚t|j|||ƒS)Nééz,Ciphertext length must be equal to key size.)Úkey_sizer>rBr-rX)r]Z ciphertextr+Zkey_size_bytesrrrÚdecryptXs z_RSAPrivateKey.decryptcCsV|jj |j¡}|j ||jjjk¡|jj ||jjj¡}|j  |¡}t |j||ƒSr) rXr!ZRSAPublicKey_duprmr6r4r5r7ZRSA_freeZ_rsa_cdata_to_evp_pkeyr1)r]ÚctxrrrrrrT_s  z_RSAPrivateKey.public_keyc Cs|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj d¡}|jj |j|||¡|j |d|jjjk¡|j |d|jjjk¡|j |d|jjjk¡|jj |j||¡|j |d|jjjk¡|j |d|jjjk¡|jj  |j|||¡|j |d|jjjk¡|j |d|jjjk¡|j |d|jjjk¡t j |j  |d¡|j  |d¡|j  |d¡|j  |d¡|j  |d¡|j  |d¡t j |j  |d¡|j  |d¡ddS)Nrlr©Úers)ÚpÚqÚdÚdmp1Údmq1ÚiqmpÚpublic_numbers)rXr4r@r!rnrmr6r5ZRSA_get0_factorsZRSA_get0_crt_paramsrZRSAPrivateNumbersÚ _bn_to_intÚRSAPublicNumbers) r]rsr{r~r|r}rr€rrrrÚprivate_numbersfsHÿþùz_RSAPrivateKey.private_numberscCs|j |||||j|j¡Sr)rXZ_private_key_bytesr3rm)r]Úencodingr&Zencryption_algorithmrrrÚ private_bytes‰súz_RSAPrivateKey.private_bytescCs$t|j||ƒ\}}t|j||||ƒSr)r rXrS)r]r*r+rKrrrÚsign“s ÿz_RSAPrivateKey.signN) rdrerfr^rÚread_only_propertyrwrtrxrTr…r‡rˆrrrrrk6s # rkc@sFeZdZdd„Ze d¡Zdd„Zdd„Zdd „Z d d „Z d d „Z dS)r1cCst||_||_||_|jj d¡}|jj |j||jjj|jjj¡|j |d|jjjk¡|jj  |d¡|_ dS)Nrlr) rXrmr3r4r@r!rnr5r6rorp)r]r)rqrrrsrrrr^œsüz_RSAPublicKey.__init__rpcCs,tƒt d|¡t|ƒt|j||||ƒS)NrU)r rÚ _check_bytesr rgrX)r]rUr+rKrrrÚverifier­s ÿz_RSAPublicKey.verifiercCst|j|||ƒSr)r-rX)r]Ú plaintextr+rrrÚencrypt¶sz_RSAPublicKey.encryptcCs’|jj d¡}|jj d¡}|jj |j|||jjj¡|j |d|jjjk¡|j |d|jjjk¡tj |j  |d¡|j  |d¡dS)Nrlrrz) rXr4r@r!rnrmr5r6rr„rƒ)r]rsr{rrrr‚¹sÿþz_RSAPublicKey.public_numberscCs|j ||||j|j¡Sr)rXZ_public_key_bytesr3rm)r]r†r&rrrÚ public_bytesÆsÿz_RSAPublicKey.public_bytescCs&t|j||ƒ\}}t|j|||||ƒSr)r rXrV)r]rUr*r+rKrrrrjËsÿÿz_RSAPublicKey.verifyN) rdrerfr^rr‰rwr‹rr‚rŽrjrrrrr1šs   r1N)+Ú __future__rrrZ cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsr r r Zcryptography.hazmat.primitivesr Z)cryptography.hazmat.primitives.asymmetricr rrZ1cryptography.hazmat.primitives.asymmetric.paddingrrrrrrZ-cryptography.hazmat.primitives.asymmetric.rsarrrr-r(rLrNrSrVZregister_interfaceÚobjectrWrgrkr1rrrrÚs,    ;""c