U EZhLT@sddlZddlZddlmZmZmZddlmZddlm Z m Z ddl m Z ddlmZmZmZmZmZmZmZmZmZddlmZmZmZmZejrddlmZd eej eefe j!e"d d d Z#d ej d e$ee$dddZ%d ej d e$e"ee$dddZ&d ej d eej'e j!e"dddZ(d eej'e j!ej dej)ej*ge"fdddZ+d ee j!de$e$dddZ,d ee j!de$e$dd d!d"Z-d eej'e j!de$e$d#d$d%Z.Gd&ddeZ/Gd'ddeZ0dS)(N)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm)hashes serialization)utils) MGF1OAEPPSSAsymmetricPaddingPKCS1v15_Auto _DigestLength _MaxLengthcalculate_max_pss_salt_length) RSAPrivateKeyRSAPrivateNumbers RSAPublicKeyRSAPublicNumbers)Backendr)backendpsskeyhash_algorithmreturncCsV|j}t|trt||St|tr*|jSt|trNt|trFtd|j j S|SdS)Nz6PSS salt length can only be set to AUTO when verifying) Z _salt_length isinstancerrr digest_sizerr ValueError_libZRSA_PSS_SALTLEN_AUTO)rrrrsaltr!o/home/aprabhat/apps/x.techxrdev.in/venv/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/rsa.py_get_rsa_pss_salt_length(s     r#)_RSAPrivateKey _RSAPublicKey)rrdatapaddingrcCst|tstdt|tr&|jj}nVt|trh|jj}t|jt sPt dt j | |s|t dt jnt |jdt jt|||||S)Nz1Padding must be an instance of AsymmetricPadding.'Only MGF1 is supported by this backend.zPThis combination of padding and hash algorithm is not supported by this backend." is not supported by this backend.)rr TypeErrorr rRSA_PKCS1_PADDINGr ZRSA_PKCS1_OAEP_PADDING_mgfr rrUNSUPPORTED_MGFZrsa_padding_supportedUNSUPPORTED_PADDINGname_enc_dec_rsa_pkey_ctx)rrr&r' padding_enumr!r!r" _enc_dec_rsa>s*       r2)rrr&r1r'rcCst|tr|jj}|jj}n|jj}|jj}|j|j|j j }| ||j j k|j ||jj }||}| |dk|j||}| |dk|j|j} | | dkt|tr||jj} |j|| }| |dk||j} |j|| }| |dkt|tr|jdk rt|jdkr|jt|j} | | |j j k|j | |jt|j|j|| t|j}| |dk|j d| } |j d| }|||| |t|}|j |d| d}|j|dkrtd|S)Nrsize_t *unsigned char[]zEncryption/decryption failed.)rr%rZEVP_PKEY_encrypt_initZEVP_PKEY_encryptZEVP_PKEY_decrypt_initZEVP_PKEY_decryptEVP_PKEY_CTX_new _evp_pkey_ffiNULLopenssl_assertgcEVP_PKEY_CTX_freeEVP_PKEY_CTX_set_rsa_padding EVP_PKEY_sizer _evp_md_non_null_from_algorithmr, _algorithmEVP_PKEY_CTX_set_rsa_mgf1_mdZEVP_PKEY_CTX_set_rsa_oaep_mdZ_labellenZOPENSSL_mallocZmemmoveZ EVP_PKEY_CTX_set0_rsa_oaep_labelnewbufferERR_clear_errorr)rrr&r1r'initZcryptpkey_ctxresbuf_sizemgf1_mdZoaep_mdZlabelptrZoutlenbufresbufr!r!r"r0bs\       r0)rrr' algorithmrcCst|tstd|j|j}||dkt|trB|jj}nnt|t rt|j t sdt dt jt|tjsxtd||jddkrtd|jj}nt |jdt j|S)Nz'Expected provider of AsymmetricPadding.rr(z*Expected instance of hashes.HashAlgorithm.zDDigest too large for key size. Use a larger key or different digest.r))rr r*rr>r7r:r r+r r,r rrr-r HashAlgorithmrrZRSA_PKCS1_PSS_PADDINGr/r.)rrr'rMZ pkey_sizer1r!r!r"_rsa_sig_determine_paddings0        rP)r%r$)rr'rMr init_funcc CsNt||||}|j|j|jj}|||jjk|j||jj}||}|dkrh| }t d||dk r| |} |j || }|dkr| t d|jtj|j||}|dkr| t d|jtjt|trJt|tjst|j|t||||}||dk| |jj} |j|| }||dk|S)Nr3z#Unable to sign/verify with this keyrz4{} is not supported by this backend for RSA signing.z4{} is not supported for the RSA signature operation.)rPrr6r7r8r9r:r;r<_consume_errorsrr?ZEVP_PKEY_CTX_set_signature_mdrformatr/rZUNSUPPORTED_HASHr=r.rr rrOAssertionErrorZ EVP_PKEY_CTX_set_rsa_pss_saltlenr#r,r@rA) rr'rMrrQr1rGrHerrorsZevp_mdrJr!r!r"_rsa_sig_setupsR    rVr$)rr'rM private_keyr&rc Cst|||||jj}|jd}|j||jj||t|}||dk|jd|d}|j||||t|}|dkr| } t d| |j |ddS)Nr4r3r5rzuDigest or salt length too long for key size. Use a larger key or shorter salt length if you are specifying a PSS salt) rVrZEVP_PKEY_sign_initr8rCZ EVP_PKEY_signr9rBr:rRrrD) rr'rMrWr&rGbuflenrHrKrUr!r!r" _rsa_sig_sign s2 rYr%)rr'rM public_key signaturer&rcCsVt|||||jj}|j||t||t|}||dk|dkrR|tdS)Nr)rVrZEVP_PKEY_verify_initZEVP_PKEY_verifyrBr:rRr)rr'rMrZr[r&rGrHr!r!r"_rsa_sig_verify*s$r\)rr'rMrZr[rc Cst|||||jj}|j|j}||dk|jd|}|jd|}|j||||t |} |j |d|d} |j | dkrt | S)Nrr5r4r3) rVrZEVP_PKEY_verify_recover_initr>r7r:r8rCZEVP_PKEY_verify_recoverrBrDrEr) rr'rMrZr[rGmaxlenrKrXrHrLr!r!r"_rsa_sig_recoverEs.  r^c@seZdZUeed<eed<eed<dedddZdd d d Zdd d d Z e ed ddZ e e e dddZed ddZed ddZejejeje dddZe e ejejejfe dddZdS)r$r7 _rsa_cdata _key_sizer)runsafe_skip_rsa_key_validationc CsD|s|j|}|dkr*|}td||jd}|jd}|j|||||d|jjk||d|jjk|j |d} |j |d} | dks| dkr|}td|||_ ||_ ||_ d|_ t|_|j jd} |j j|j | |j jj|j jj|j | d|j jjk|j j| d|_dS)Nr3zInvalid private key BIGNUM **rF)rZ RSA_check_keyrRrr8rCRSA_get0_factorsr:r9Z BN_is_odd_backendr_r7_blinded threadingLock_blinding_lock RSA_get0_key BN_num_bitsr`) selfr rsa_cdataevp_pkeyrarHrUpqZp_oddZq_oddnr!r!r"__init__ns:      z_RSAPrivateKey.__init__Nrc Cs$|js |j|W5QRXdSN)rerh_non_threadsafe_enable_blindingrkr!r!r"_enable_blindingsz_RSAPrivateKey._enable_blindingcCs8|js4|jj|j|jjj}|j|dkd|_dS)Nr3T)rerdrZRSA_blinding_onr_r8r9r:)rkrHr!r!r"rtsz._RSAPrivateKey._non_threadsafe_enable_blindingcCs|jSrsr`rur!r!r"key_sizesz_RSAPrivateKey.key_size) ciphertextr'rcCs:||jdd}|t|kr*tdt|j|||S)Nz,Ciphertext length must be equal to key size.)rvrxrBrr2rd)rkryr'Zkey_size_bytesr!r!r"decrypts  z_RSAPrivateKey.decryptcCsV|jj|j}|j||jjjk|jj||jjj}|j |}t |j||Srs) rdrZRSAPublicKey_dupr_r:r8r9r;ZRSA_freeZ_rsa_cdata_to_evp_pkeyr%)rkctxrmr!r!r"rZs  z_RSAPrivateKey.public_keyc Cs|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jj|j||||j|d|jjjk|j|d|jjjk|j|d|jjjk|jj|j|||j|d|jjjk|j|d|jjjk|jj |j||||j|d|jjjk|j|d|jjjk|j|d|jjjkt |j |d|j |d|j |d|j |d|j |d|j |dt |j |d|j |dddS)Nrbrerp)rnroddmp1dmq1iqmppublic_numbers) rdr8rCrrir_r:r9rcZRSA_get0_crt_paramsr _bn_to_intr) rkrprrrnrorrrr!r!r"private_numberssHz_RSAPrivateKey.private_numbers)encodingrSencryption_algorithmrcCs|j|||||j|jSrs)rdZ_private_key_bytesr7r_)rkrrSrr!r!r" private_bytessz_RSAPrivateKey.private_bytes)r&r'rMrcCs(|t||\}}t|j||||Srs)rvrrYrd)rkr&r'rMr!r!r"signsz_RSAPrivateKey.sign)__name__ __module__ __qualname__object__annotations__intboolrqrvrtpropertyrxbytesr r|rrZrrrEncodingZ PrivateFormatZKeySerializationEncryptionrtypingUnion asym_utils PrehashedrrOrr!r!r!r"r$is.  1 % c@seZdZUeed<eed<eed<ddddZeedd d Ze e e d d d Z e dddZ ejeje dddZe e e ejejejfddddZe e ejeje dddZdS)r%r7r_r`r)rcCst||_||_||_|jjd}|jj|j||jjj|jjj|j|d|jjjk|jj |d|_ dS)Nrbr) rdr_r7r8rCrrir9r:rjr`)rkrrlrmrpr!r!r"rqsz_RSAPublicKey.__init__rrcCs|jSrsrwrur!r!r"rxsz_RSAPublicKey.key_size) plaintextr'rcCst|j|||Srs)r2rd)rkrr'r!r!r"encryptsz_RSAPublicKey.encryptcCs|jjd}|jjd}|jj|j|||jjj|j|d|jjjk|j|d|jjjkt|j |d|j |ddS)Nrbrr~) rdr8rCrrir_r9r:rr)rkrprr!r!r"rsz_RSAPublicKey.public_numbers)rrSrcCs|j||||j|jSrs)rdZ_public_key_bytesr7r_)rkrrSr!r!r" public_bytes*sz_RSAPublicKey.public_bytesN)r[r&r'rMrcCs&t||\}}t|j|||||dSrs)rr\rd)rkr[r&r'rMr!r!r"verify3sz_RSAPublicKey.verify)r[r'rMrcCs&t|tjrtdt|j||||S)NzoPrehashed is only supported in the sign and verify methods. It cannot be used with recover_data_from_signature.)rrrr*r^rd)rkr[r'rMr!r!r"recover_data_from_signature?s z)_RSAPublicKey.recover_data_from_signature)rrrrrrrqrrxrr rrrrrZ PublicFormatrrrrrrrOrOptionalrr!r!r!r"r%s.    )1rfrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsrZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrrZ1cryptography.hazmat.primitives.asymmetric.paddingr r r r r rrrrZ-cryptography.hazmat.primitives.asymmetric.rsarrrr TYPE_CHECKINGZ,cryptography.hazmat.backends.openssl.backendrrrOrr#rr2r0rrPCallableAnyrVrYr\r^r$r%r!r!r!r"s  ,     % D  1  6 !   $