U cc:T@sddlZddlZddlmZmZmZddlmZddlm Z m Z ddl m Z ddlmZmZmZmZmZmZmZmZmZddlmZmZmZmZejrddlmZd eej eefe j!e"d d d Z#d ej d e$ee$dddZ%d ej d e$e"ee$dddZ&d ej d eej'e j!e"dddZ(d eej'e j!ej dej)ej*ge"fdddZ+d ee j!de$e$dddZ,d ee j!de$e$dd d!d"Z-d eej'e j!de$e$d#d$d%Z.Gd&ddeZ/Gd'ddeZ0dS)(N)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm)hashes serialization)utils) AsymmetricPaddingMGF1OAEPPKCS1v15PSS_Auto _DigestLength _MaxLengthcalculate_max_pss_salt_length) RSAPrivateKeyRSAPrivateNumbers RSAPublicKeyRSAPublicNumbers)Backendr)backendpsskeyhash_algorithmreturncCsV|j}t|trt||St|tr*|jSt|trNt|trFtd|j j S|SdS)Nz6PSS salt length can only be set to AUTO when verifying) Z _salt_length isinstancerrr digest_sizerr ValueError_libZRSA_PSS_SALTLEN_AUTO)rrrrsaltr!b/var/www/html/project/venv/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/rsa.py_get_rsa_pss_salt_length+s     r#)_RSAPrivateKey _RSAPublicKey)rrdatapaddingrcCst|tstdt|tr&|jj}nVt|trh|jj}t|jt sPt dt j | |s|t dt jnt d|jt jt|||||S)Nz1Padding must be an instance of AsymmetricPadding.'Only MGF1 is supported by this backend.zPThis combination of padding and hash algorithm is not supported by this backend.${} is not supported by this backend.)rr TypeErrorr rRSA_PKCS1_PADDINGr ZRSA_PKCS1_OAEP_PADDING_mgfr rrUNSUPPORTED_MGFZrsa_padding_supportedUNSUPPORTED_PADDINGformatname_enc_dec_rsa_pkey_ctx)rrr&r' padding_enumr!r!r" _enc_dec_rsaAs*       r3)rrr&r2r'rcCst|tr|jj}|jj}n|jj}|jj}|j|j|j j }| ||j j k|j ||jj }||}| |dk|j||}| |dk|j|j} | | dkt|tr||jj} |j|| }| |dk||j} |j|| }| |dkt|tr|jdk rt|jdkr|jt|j} | | |j j k|j | |jt|j|j|| t|j}| |dk|j d| } |j d| }|||| |t|}|j |d| d}|j|dkrtd|S)Nrsize_t *unsigned char[]zEncryption/decryption failed.)rr%rZEVP_PKEY_encrypt_initZEVP_PKEY_encryptZEVP_PKEY_decrypt_initZEVP_PKEY_decryptEVP_PKEY_CTX_new _evp_pkey_ffiNULLopenssl_assertgcEVP_PKEY_CTX_freeEVP_PKEY_CTX_set_rsa_padding EVP_PKEY_sizer _evp_md_non_null_from_algorithmr, _algorithmEVP_PKEY_CTX_set_rsa_mgf1_mdZEVP_PKEY_CTX_set_rsa_oaep_mdZ_labellenZOPENSSL_mallocZmemmoveZ EVP_PKEY_CTX_set0_rsa_oaep_labelnewbufferERR_clear_errorr)rrr&r2r'initZcryptpkey_ctxresZbuf_sizemgf1_mdZoaep_mdZlabelptrZoutlenbufresbufr!r!r"r1es\       r1)rrr' algorithmrcCst|tstd|j|j}||dkt|trB|jj}nnt|t rt|j t sdt dt jt|tjsxtd||jddkrtd|jj}nt d|jt j|S)Nz'Expected provider of AsymmetricPadding.rr(z*Expected instance of hashes.HashAlgorithm.zDDigest too large for key size. Use a larger key or different digest.r))rr r*rr?r8r;r r+r r,r rrr-r HashAlgorithmrrZRSA_PKCS1_PSS_PADDINGr/r0r.)rrr'rMZ pkey_sizer2r!r!r"_rsa_sig_determine_paddings0        rP)r%r$)rr'rMr init_funcc CsNt||||}|j|j|jj}|||jjk|j||jj}||}|dkrh| }t d||dk r| |} |j || }|dkr| t d|jtj|j||}|dkr| t d|jtjt|trJt|tjst|j|t||||}||dk| |jj} |j|| }||dk|S)Nr4z#Unable to sign/verify with this keyrz4{} is not supported by this backend for RSA signing.z4{} is not supported for the RSA signature operation.)rPrr7r8r9r:r;r<r=_consume_errorsrr@ZEVP_PKEY_CTX_set_signature_mdrr/r0rZUNSUPPORTED_HASHr>r.rr rrOAssertionErrorZ EVP_PKEY_CTX_set_rsa_pss_saltlenr#r,rArB) rr'rMrrQr2rHrIerrorsZevp_mdrJr!r!r"_rsa_sig_setupsR    rUr$)rr'rM private_keyr&rc Cst|||||jj}|jd}|j||jj||t|}||dk|jd|d}|j||||t|}|dkr| } t d| |j |ddS)Nr5r4r6rzuDigest or salt length too long for key size. Use a larger key or shorter salt length if you are specifying a PSS salt) rUrZEVP_PKEY_sign_initr9rDZ EVP_PKEY_signr:rCr;_consume_errors_with_textrrE) rr'rMrVr&rHbuflenrIrKrTr!r!r" _rsa_sig_sign s2 rYr%)rr'rM public_key signaturer&rcCsVt|||||jj}|j||t||t|}||dk|dkrR|tdS)Nr)rUrZEVP_PKEY_verify_initZEVP_PKEY_verifyrCr;rRr)rr'rMrZr[r&rHrIr!r!r"_rsa_sig_verify-s$r\)rr'rMrZr[rc Cst|||||jj}|j|j}||dk|jd|}|jd|}|j||||t |} |j |d|d} |j | dkrt | S)Nrr6r5r4) rUrZEVP_PKEY_verify_recover_initr?r8r;r9rDZEVP_PKEY_verify_recoverrCrErFr) rr'rMrZr[rHmaxlenrKrXrIrLr!r!r"_rsa_sig_recoverHs.  r^c@seZdZUeed<eed<eed<dedddZdd d d Zdd d d Z e ed ddZ e e e dddZed ddZed ddZejejeje dddZe e ejejejfe dddZdS)r$r8 _rsa_cdata _key_sizer)r_skip_check_keyc CsD|s|j|}|dkr*|}td||jd}|jd}|j|||||d|jjk||d|jjk|j |d} |j |d} | dks| dkr|}td|||_ ||_ ||_ d|_ t|_|j jd} |j j|j | |j jj|j jj|j | d|j jjk|j j| d|_dS)Nr4zInvalid private key BIGNUM **rF)rZ RSA_check_keyrWrr9rDRSA_get0_factorsr;r:Z BN_is_odd_backendr_r8_blinded threadingLock_blinding_lock RSA_get0_key BN_num_bitsr`) selfr rsa_cdataevp_pkeyrarIrTpqZp_oddZq_oddnr!r!r"__init__qs:       z_RSAPrivateKey.__init__Nrc Cs$|js |j|W5QRXdSN)rerh_non_threadsafe_enable_blindingrkr!r!r"_enable_blindingsz_RSAPrivateKey._enable_blindingcCs8|js4|jj|j|jjj}|j|dkd|_dS)Nr4T)rerdrZRSA_blinding_onr_r9r:r;)rkrIr!r!r"rtsz._RSAPrivateKey._non_threadsafe_enable_blindingcCs|jSrsr`rur!r!r"key_sizesz_RSAPrivateKey.key_size) ciphertextr'rcCs:||jdd}|t|kr*tdt|j|||S)Nz,Ciphertext length must be equal to key size.)rvrxrCrr3rd)rkryr'Zkey_size_bytesr!r!r"decrypts  z_RSAPrivateKey.decryptcCsV|jj|j}|j||jjjk|jj||jjj}|j |}t |j||Srs) rdrZRSAPublicKey_dupr_r;r9r:r<ZRSA_freeZ_rsa_cdata_to_evp_pkeyr%)rkctxrmr!r!r"rZs  z_RSAPrivateKey.public_keyc Cs|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jj|j||||j|d|jjjk|j|d|jjjk|j|d|jjjk|jj|j|||j|d|jjjk|j|d|jjjk|jj |j||||j|d|jjjk|j|d|jjjk|j|d|jjjkt |j |d|j |d|j |d|j |d|j |d|j |dt |j |d|j |dddS)Nrbrerp)rnroddmp1dmq1iqmppublic_numbers) rdr9rDrrir_r;r:rcZRSA_get0_crt_paramsr _bn_to_intr) rkrprrrnrorrrr!r!r"private_numberssHz_RSAPrivateKey.private_numbers)encodingr/encryption_algorithmrcCs|j|||||j|jSrs)rdZ_private_key_bytesr8r_)rkrr/rr!r!r" private_bytessz_RSAPrivateKey.private_bytes)r&r'rMrcCs(|t||\}}t|j||||Srs)rvrrYrd)rkr&r'rMr!r!r"signsz_RSAPrivateKey.sign)__name__ __module__ __qualname__object__annotations__intboolrqrvrtpropertyrxbytesr r|rrZrrrEncodingZ PrivateFormatZKeySerializationEncryptionrtypingUnion asym_utils PrehashedrrOrr!r!r!r"r$ls.  , % c@seZdZUeed<eed<eed<ddddZeedd d Ze e e d d d Z e dddZ ejeje dddZe e e ejejejfddddZe e ejeje dddZdS)r%r8r_r`r)rcCst||_||_||_|jjd}|jj|j||jjj|jjj|j|d|jjjk|jj |d|_ dS)Nrbr) rdr_r8r9rDrrir:r;rjr`)rkrrlrmrpr!r!r"rqsz_RSAPublicKey.__init__rrcCs|jSrsrwrur!r!r"rxsz_RSAPublicKey.key_size) plaintextr'rcCst|j|||Srs)r3rd)rkrr'r!r!r"encryptsz_RSAPublicKey.encryptcCs|jjd}|jjd}|jj|j|||jjj|j|d|jjjk|j|d|jjjkt|j |d|j |ddS)Nrbrr~) rdr9rDrrir_r:r;rr)rkrprr!r!r"rsz_RSAPublicKey.public_numbers)rr/rcCs|j||||j|jSrs)rdZ_public_key_bytesr8r_)rkrr/r!r!r" public_bytes(sz_RSAPublicKey.public_bytesN)r[r&r'rMrcCs&t||\}}t|j|||||dSrs)rr\rd)rkr[r&r'rMr!r!r"verify1sz_RSAPublicKey.verify)r[r'rMrcCs&t|tjrtdt|j||||S)NzoPrehashed is only supported in the sign and verify methods. It cannot be used with recover_data_from_signature.)rrrr*r^rd)rkr[r'rMr!r!r"recover_data_from_signature=s z)_RSAPublicKey.recover_data_from_signature)rrrrrrrqrrxrr rrrrrZ PublicFormatrrrrrrrOrOptionalrr!r!r!r"r%s.    )1rfrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsrZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrrZ1cryptography.hazmat.primitives.asymmetric.paddingr r r r r rrrrZ-cryptography.hazmat.primitives.asymmetric.rsarrrr TYPE_CHECKINGZ,cryptography.hazmat.backends.openssl.backendrrrOrr#rr3r1rrPCallableAnyrUrYr\r^r$r%r!r!r!r"s  ,     % D  1  6 !   $