o 4Wc)@s\ddlZddlmZmZmZddlmZddlmZm Z ej r%ddl m Z GdddZ dS)N) InvalidTagUnsupportedAlgorithm_Reasons)ciphers) algorithmsmodes)Backendc@seZdZdZdZdZdddeddfd d Zd edefd d Z d ededefddZ defddZ dedefddZ d eddfddZ edejefddZdS)_CipherContextri?backendr operationreturnNcCs8||_||_||_||_d|_t|jtjr|jjd|_ nd|_ |jj }|jj ||jj j}|jj}z |t|t|f}WntyYtd|j|rS|jn|tjw||j||}||jj jkrd|} |durx| d|7} | d|j7} t| tjt|tjr|jj |j} n2t|tjr|jj |j} n#t|tjr|jj |j } nt|t!j"r|jj |j } n|jj j} |jj #|||jj j|jj j|jj j|} |j$| dk|jj %|t&|j'} |j$| dkt|tj(r=|jj )||jj j*t&| |jj j} |j$| dk|j+dur=|jj )||jj j,t&|j+|j+} |j$| dk|j+|_|jj #||jj j|jj j|jj |j'| |} |j-} |jj } | dkr| j.rr| d/| j0| j1s| j2r| d/| j3| j4rt5d|jj$| dk| d |jj 6|d||_7dS) Nr z6cipher {} in {} mode is not supported by this backend.zcipher {0.name} zin {0.name} mode z_is not supported by this backend (Your version of OpenSSL may be too old. Current version: {}.)rz+In XTS mode duplicated keys are not allowederrors)8_backendZ_cipher_mode _operation_tag isinstancerZBlockCipherAlgorithm block_size_block_size_bytes_libZEVP_CIPHER_CTX_new_ffigcZEVP_CIPHER_CTX_freeZ_cipher_registrytypeKeyErrorrformatnamerZUNSUPPORTED_CIPHERNULLZopenssl_version_textrZModeWithInitializationVector from_bufferZinitialization_vectorZ ModeWithTweakZtweakZ ModeWithNoncenoncerZChaCha20ZEVP_CipherInit_exopenssl_assertZEVP_CIPHER_CTX_set_key_lengthlenkeyGCMEVP_CIPHER_CTX_ctrlZEVP_CTRL_AEAD_SET_IVLENtagEVP_CTRL_AEAD_SET_TAG_consume_errorsZ$CRYPTOGRAPHY_OPENSSL_111D_OR_GREATER_lib_reason_match ERR_LIB_EVPZEVP_R_XTS_DUPLICATED_KEYSCryptography_HAS_PROVIDERS ERR_LIB_PROVZPROV_R_XTS_DUPLICATED_KEYS ValueErrorZEVP_CIPHER_CTX_set_padding_ctx)selfr ciphermoder ctxregistryadapterZ evp_ciphermsgZiv_nonceresrlibr9ND:\Flask\env\Lib\site-packages\cryptography/hazmat/backends/openssl/ciphers.py__init__s                  z_CipherContext.__init__datacCs2tt||jd}|||}t|d|S)Nr ) bytearrayr#r update_intobytes)r0r<bufnr9r9r:updates z_CipherContext.updater@c Cst|}t|||jdkrtdt||jdd}d}|jjd}|jj|}|jj|}||kr||} ||} t|j ||} |jj |j | || | } | dkrjt |jtjrj|jtd|j| dk|| 7}||d7}||ks:|S)Nr z1buffer must be at least {} bytes for this payloadrint *zeIn XTS mode you must supply at least a full block in the first update call. For AES this is 16 bytes.)r#rr.rrrnewr min_MAX_CHUNK_SIZErEVP_CipherUpdater/rrrZXTSr)r") r0r<r@Ztotal_data_lenZdata_processedZ total_outoutlenZ baseoutbufZ baseinbufZoutbufZinbufZinlenr7r9r9r:r>s8   z_CipherContext.update_intocCs|j|jkrt|jtjr|jdurtd|jj d|j }|jj d}|jj |j||}|dkrt|j}|sDt|jtjrDt|jj }|jj|d|j|jpl|joa|d|j|jpl|jol|dj|jk|dtdt|jtjr|j|jkr|jj d|j }|jj |j|jj j|j |}|j|dk|jj |dd|_ |jj !|j}|j|dk|jj |d|dS)Nz4Authentication tag must be provided when decrypting.zunsigned char[]rCrrzFThe length of the provided data is not a multiple of the block length.r )"r_DECRYPTrrrZModeWithAuthenticationTagr'r.rrrDrrZEVP_CipherFinal_exr/r)r%rr"r*r+Z'EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTHr,r-ZPROV_R_WRONG_FINAL_BLOCK_LENGTHZCRYPTOGRAPHY_IS_BORINGSSLreasonZ*CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH_ENCRYPTr&ZEVP_CTRL_AEAD_GET_TAGbufferrZEVP_CIPHER_CTX_reset)r0r@rHr7rr8Ztag_bufr9r9r:finalizesn      z_CipherContext.finalizer'cCs~t|}||jjkrtd|jj||jkr td|j|jj|j |jjj t||}|j |dk||_ | S)Nz.Authentication tag must be {} bytes or longer.z0Authentication tag cannot be more than {} bytes.r)r#rZ_min_tag_lengthr.rrrrr&r/r(r"rrM)r0r'Ztag_lenr7r9r9r:finalize_with_tags&  z _CipherContext.finalize_with_tagcCsN|jjd}|jj|j|jjj||jj|t|}|j |dkdS)NrCr) rrrDrrGr/rr r#r")r0r<rHr7r9r9r:authenticate_additional_data s z+_CipherContext.authenticate_additional_datacCs|jS)N)r)r0r9r9r:r'sz_CipherContext.tag)__name__ __module__ __qualname__rKrIrFintr;r?rBr>rMrNrOpropertytypingOptionalr'r9r9r9r:r s$ {#@ r )rUZcryptography.exceptionsrrrZcryptography.hazmat.primitivesrZ&cryptography.hazmat.primitives.ciphersrr TYPE_CHECKINGZ,cryptography.hazmat.backends.openssl.backendrr r9r9r9r:s