3TfAUddlmZddlZddlZddlmZmZmZddlm Z ddl m Z m Z ddl mZddlmZmZmZmZmZmZmZmZmZddlmZmZmZmZej>rdd l m!Z! dd Z" dd Z# dd Z$ dd Z% ddZ& ddZ' ddZ( ddZ)GddeZ*GddeZ+y)) annotationsN)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm)hashes serialization)utils) MGF1OAEPPSSAsymmetricPaddingPKCS1v15_Auto _DigestLength _MaxLengthcalculate_max_pss_salt_length) RSAPrivateKeyRSAPrivateNumbers RSAPublicKeyRSAPublicNumbers)Backendc|j}t|tr t||St|tr |j St|t r1t|tr td|jjS|S)Nz6PSS salt length can only be set to AUTO when verifying) _salt_length isinstancerrr digest_sizerr ValueError_libRSA_PSS_SALTLEN_AUTO)backendpsskeyhash_algorithmsalts J/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/rsa.py_get_rsa_pss_salt_lengthr&*sw   D$ #,S.AA D- ())) D% c= )H ||000 ct|ts tdt|tr|jj }nt|t ru|jj}t|jtstdtj|j|sAtdtjt|jdtjt!|||||S)Nz1Padding must be an instance of AsymmetricPadding.'Only MGF1 is supported by this backend.zPThis combination of padding and hash algorithm is not supported by this backend." is not supported by this backend.)rr TypeErrorrrRSA_PKCS1_PADDINGr RSA_PKCS1_OAEP_PADDING_mgfr rrUNSUPPORTED_MGFrsa_padding_supportedUNSUPPORTED_PADDINGname_enc_dec_rsa_pkey_ctx)r r"datapadding padding_enums r% _enc_dec_rsar7@s g0 1KLL'8$||55 GT "||:: ',,-&9((  ,,W5&-,, #||n> ?  ( (  !#t\7 KKr'c t|tr-|jj}|jj}n,|jj }|jj }|jj|j|jj}|j||jjk7|jj||jj}||}|j|dk(|jj||}|j|dkD|jj|j} |j| dkDt|t r|j#|j$j&} |jj)|| }|j|dkD|j#|j&} |jj+|| }|j|dkDt|t r|j,t/|j,dkDr|jj1t/|j,} |j| |jjk7|jj3| |j,t/|j,|jj5|| t/|j,}|j|dk(|jj7d| } |jj7d| }|||| |t/|}|jj9|d| d}|jj;|dkr t=d|S)Nrsize_t *unsigned char[]zEncryption/decryption failed.)r _RSAPublicKeyrEVP_PKEY_encrypt_initEVP_PKEY_encryptEVP_PKEY_decrypt_initEVP_PKEY_decryptEVP_PKEY_CTX_new _evp_pkey_ffiNULLopenssl_assertgcEVP_PKEY_CTX_freeEVP_PKEY_CTX_set_rsa_padding EVP_PKEY_sizer _evp_md_non_null_from_algorithmr. _algorithmEVP_PKEY_CTX_set_rsa_mgf1_mdEVP_PKEY_CTX_set_rsa_oaep_md_labellenOPENSSL_mallocmemmove EVP_PKEY_CTX_set0_rsa_oaep_labelnewbufferERR_clear_errorr)r r"r4r6r5initcryptpkey_ctxresbuf_sizemgf1_mdoaep_mdlabelptroutlenbufresbufs r%r3r3ds#}%||11 --||11 --||,,S]]GLL>/BCx7<<+<+<<= Xw~~s7>>7JKll;; hGNN 3  sax( \\  j( 3F ,,  ,h 7C #vtSY 7C \\  %kq 2F LL  " ax899 Mr'ct|ts td|jj |j }|j |dkDt|tr|jj}|St|trt|jtstdtjt|tj s td||j"z dz dkr t%d|jj&}|St|j(dtj*)Nz'Expected provider of AsymmetricPadding.rr)z*Expected instance of hashes.HashAlgorithm.zDDigest too large for key size. Use a larger key or different digest.r*)rrr+rrIrBrErr,r r.r rrr/r HashAlgorithmrrRSA_PKCS1_PSS_PADDINGr2r1)r r"r5 algorithm pkey_sizer6s r%_rsa_sig_determine_paddingrgs# g0 1ABB **3==9I 9q=)'8$||55 6 5 GS !',,-&9((  )V%9%9:HI I y,, ,q 01 4+  ||99   #||n> ?  ( (  r'c t||||}|jj|j|jj }|j ||jj k7|jj||jj}||}|dk7r|j}td||u|j|} |jj|| }|dkrC|jtdj|jt j"|jj%||}|dkrC|jtdj|jt j&t)|t*rt)|t,j.sJ|jj1|t3||||}|j |dkD|j|j4j6} |jj9|| }|j |dkD|S)Nr9z#Unable to sign/verify with this keyrz4{} is not supported by this backend for RSA signing.z4{} is not supported for the RSA signature operation.)rgrrArBrCrDrErFrG_consume_errorsrrJEVP_PKEY_CTX_set_signature_mdrformatr2rUNSUPPORTED_HASHrHr1rr rrc EVP_PKEY_CTX_set_rsa_pss_saltlenr&r.rKrL) r r5rer" init_funcr6rXrYerrorsevp_mdr[s r%_rsa_sig_setuprqs .gsGYOL||,,S]]GLLGG88Cll886J !8  # # %&FMMNN))   ,, 3 3Hl KC ax!" B I I    ( (   '3)V%9%9:::ll;;  $WgsI F  sQw'99 LL # # ll77'JsQw' Or'_RSAPrivateKeyc *t|||||jj}|jj d}|jj ||jj ||t|}|j|dk(|jj d|d}|jj ||||t|}|dk7r|j} td| |jj|ddS)Nr:r9r;rzuDigest or salt length too long for key size. Use a larger key or shorter salt length if you are specifying a PSS salt) rqrEVP_PKEY_sign_initrCrS EVP_PKEY_signrDrOrErirrT) r r5re private_keyr4rXbuflenrYr_ros r% _rsa_sig_signrx s '' H\\  j )F ,, $ $',,##VT3t9 C 3!8$ ,,  ,fQi 8C ,, $ $XsFD#d) LC ax((* F   <<  s #A &&r'r<c  t|||||jj}|jj||t ||t |}|j |dk\|dk(r|j ty)Nr)rqrEVP_PKEY_verify_initEVP_PKEY_verifyrOrErir)r r5re public_key signaturer4rXrYs r%_rsa_sig_verifyr~,s )) H ,, & &)S^T3t9 C  3!8$ ax!r'c  t|||||jj}|jj|j}|j |dkD|j jd|}|j jd|}|jj||||t|} |j j|d|d} |jj| dk7rt| S)Nrr;r:r9) rqrEVP_PKEY_verify_recover_initrIrBrErCrSEVP_PKEY_verify_recoverrOrTrUr) r r5rer|r}rXmaxlenr_rwrYr`s r%_rsa_sig_recoverrGs 11 H\\ ' ' (<(< =F 6A:& ,,  ,f 5C \\  j& 1F ,, . .#vy#i. C\\  %kq 2F LL  " ax Mr'ceZdZUded<ded<ded< ddZddZddZedd Zdd Z dd Z dd Z dd Z ddZ y)rrobjectrB _rsa_cdataint _key_sizec|sG|jj|}|dk7r|j}td||jj d}|jj d}|jj ||||j|d|jjk7|j|d|jjk7|jj|d} |jj|d} | dk7s| dk7r|j}td|||_ ||_ ||_ d|_ tj|_|jjj d} |jjj#|j| |jjj|jjj|jj| d|jjjk7|jjj%| d|_y)Nr9zInvalid private key BIGNUM **rF)r RSA_check_keyrirrCrSRSA_get0_factorsrErD BN_is_odd_backendrrB_blinded threadingLock_blinding_lock RSA_get0_key BN_num_bitsr) selfr rsa_cdataevp_pkeyunsafe_skip_rsa_key_validationrYropqp_oddq_oddns r%__init__z_RSAPrivateKey.__init__ps.,,,,Y7Cax 002 !6??   -A   -A LL ) ))Q :  " "1Q47<<+<+<#< =  " "1Q47<<+<+<#< =LL**1Q40ELL**1Q40EzUaZ 002 !6?? #! 'nn. MM   " "; / '' OO MM   # # MM   # #  $$QqTT]]-?-?-D-D%DE++77!=r'c|js&|j5|jdddyy#1swYyxYwN)rr_non_threadsafe_enable_blindingrs r%_enable_blindingz_RSAPrivateKey._enable_blindings?}}$$ 7446 7 7 7 7s4=c|jst|jjj|j|jj j }|jj|dk(d|_yy)Nr9T)rrrRSA_blinding_onrrCrDrE)rrYs r%rz._RSAPrivateKey._non_threadsafe_enable_blindingsb }}--$$44!3!3!8!8C MM ( ( 2 DM r'c|jSrrrs r%key_sizez_RSAPrivateKey.key_size ~~r'c|j|jdzdz}|t|k7r tdt |j |||S)Nz,Ciphertext length must be equal to key size.)rrrOrr7r)r ciphertextr5key_size_bytess r%decryptz_RSAPrivateKey.decryptsN --!+1 S_ ,KL LDMM4WEEr'c|jjj|j}|jj ||jj j k7|jj j||jjj}|jj|}t|j||Sr) rrRSAPublicKey_duprrErCrDrFRSA_free_rsa_cdata_to_evp_pkeyr<)rctxrs r%r|z_RSAPrivateKey.public_keysmm  11$//B $$SDMM,>,>,C,C%CDmm  ##C););)D)DE==77<T]]C::r'cf |jjjd}|jjjd}|jjjd}|jjjd}|jjjd}|jjjd}|jjjd}|jjjd}|jjj |j ||||jj |d|jjjk7|jj |d|jjjk7|jj |d|jjjk7|jjj|j |||jj |d|jjjk7|jj |d|jjjk7|jjj|j ||||jj |d|jjjk7|jj |d|jjjk7|jj |d|jjjk7t|jj|d|jj|d|jj|d|jj|d|jj|d|jj|dt|jj|d|jj|dS)Nrrer)rrddmp1dmq1iqmppublic_numbers) rrCrSrrrrErDrRSA_get0_crt_paramsr _bn_to_intr) rrrrrrrrrs r%private_numbersz_RSAPrivateKey.private_numberssX MM   " "; / MM   " "; / MM   " "; / MM   " "; / MM   " "; /}}!!%%k2}}!!%%k2}}!!%%k2 ''AqA $$QqTT]]-?-?-D-D%DE $$QqTT]]-?-?-D-D%DE $$QqTT]]-?-?-D-D%DE ++DOOQB $$QqTT]]-?-?-D-D%DE $$QqTT]]-?-?-D-D%DE .. OOT4  $$T!W 0B0B0G0G%GH $$T!W 0B0B0G0G%GH $$T!W 0B0B0G0G%GH mm&&qt,mm&&qt,mm&&qt,))$q'2))$q'2))$q'2+--**1Q40--**1Q40  r'cj|jj|||||j|jSr)r_private_key_bytesrBr)rencodingrkencryption_algorithms r% private_bytesz_RSAPrivateKey.private_bytess5 }}//    NN OO   r'cr|jt||\}}t|j||||Sr)rrrxr)rr4r5res r%signz_RSAPrivateKey.signs7 9$ JiT]]GYdKKr'N)r rrbool)returnNonerr)rbytesr5rrr)rr)rr)rserialization.Encodingrkzserialization.PrivateFormatrz(serialization.KeySerializationEncryptionrr)r4rr5rre8typing.Union[asym_utils.Prehashed, hashes.HashAlgorithm]rr)__name__ __module__ __qualname____annotations__rrrpropertyrrr|rrrr'r%rrrrksN/>/> )- />b7 !F;! F  (  ,  G    LL#LL L  Lr'ceZdZUded<ded<ded<ddZeddZddZdd Zdd Z dd Z dd Z dd Z y)r<rrBrrrc,||_||_||_|jjj d}|jj j |j||jjj|jjj|jj|d|jjjk7|jj j|d|_ y)Nrr) rrrBrCrSrrrDrErr)rr rrrs r%rz_RSAPublicKey.__init__ s #! MM   " "; / '' OO MM   # # MM   # #  $$QqTT]]-?-?-D-D%DE++77!=r'c|jSrrrs r%rz_RSAPublicKey.key_sizerr'ct|tstS|jjj |j |j dk(S)Nr9)rr<NotImplementedrr EVP_PKEY_cmprB)rothers r%__eq__z_RSAPublicKey.__eq__sC%/! ! MM   + +DNNEOO L  r'c2t|j|||Sr)r7r)r plaintextr5s r%encryptz_RSAPublicKey.encrypt%sDMM4GDDr'c|jjjd}|jjjd}|jjj |j |||jjj |jj|d|jjj k7|jj|d|jjj k7t|jj|d|jj|dS)Nrrr) rrCrSrrrrDrErr)rrrs r%rz_RSAPublicKey.public_numbers(s MM   " "; / MM   " "; / '' OOQ4==#5#5#:#:  $$QqTT]]-?-?-D-D%DE $$QqTT]]-?-?-D-D%DEmm&&qt,mm&&qt,  r'ch|jj||||j|jSr)r_public_key_bytesrBr)rrrks r% public_bytesz_RSAPublicKey.public_bytes5s. }}.. fdDNNDOO  r'cVt||\}}t|j|||||yr)rr~r)rr}r4r5res r%verifyz_RSAPublicKey.verify>s-:$ Ji MM7ItY r'c~t|tjr tdt |j ||||S)NzoPrehashed is only supported in the sign and verify methods. It cannot be used with recover_data_from_signature.)r asym_utils Prehashedr+rr)rr}r5res r%recover_data_from_signaturez)_RSAPublicKey.recover_data_from_signatureJsE i!5!5 6F  MM7ItY  r'N)r rr)rrrr)rrr5rrr)rr)rrrkzserialization.PublicFormatrr) r}rr4rr5rrerrr)r}rr5rre%typing.Optional[hashes.HashAlgorithm]rr) rrrrrrrrrrrrrrr'r%r<r<sN > E   ( +          #  L        #  9    r') r rr!r r"z)typing.Union[RSAPrivateKey, RSAPublicKey]r#hashes.HashAlgorithmrr) r rr"+typing.Union[_RSAPrivateKey, _RSAPublicKey]r4rr5rrr) r rr"rr4rr6rr5rrr) r rr"rr5rrerrr) r rr5rrerr"z+typing.Union[_RSAPublicKey, _RSAPrivateKey]rnz"typing.Callable[[typing.Any], int]) r rr5rrerrvrrr4rrr)r rr5rrerr|r<r}rr4rrr) r rr5rrerr|r<r}rrr), __future__rrtypingcryptography.exceptionsrrr*cryptography.hazmat.backends.openssl.utilsrcryptography.hazmat.primitivesrr )cryptography.hazmat.primitives.asymmetricr r1cryptography.hazmat.primitives.asymmetric.paddingr r r rrrrrr-cryptography.hazmat.primitives.asymmetric.rsarrrr TYPE_CHECKING,cryptography.hazmat.backends.openssl.backendrr&r7r3rgrqrxr~rrrr<rr'r%rsK #  AI    D   3)   ,!L !L 4!L !L !L  !LH@ @ 4@ @ @  @  @F) ) 4))5 )  )`2 2 252 5 2 2 2j' ' '$' '  '  '@  $      6! ! !5! !  !  !HVL]VLrS LS r'