o 4WcV@sddlZddlZddlmZmZmZddlmZddlm Z m Z ddl m Z ddlmZmZmZmZmZmZmZmZmZddlmZmZmZmZejrQddlmZd d d ed ej eefd e j!de"f ddZ#d d d ej dde$dede$f ddZ%d d d ej dde$de"dede$f ddZ&d d d ej ddedej'e j!de"f ddZ(d d dedej'e j!d ej ddej)ej*ge"ff ddZ+d d dede j!d d!de$de$f d"d#Z,d d dede j!d$d%d&e$de$ddfd'd(Z-d d dedej'e j!d$d%d&e$de$f d)d*Z.Gd+d!d!eZ/Gd,d%d%eZ0dS)-N)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm)hashes serialization)utils) AsymmetricPaddingMGF1OAEPPKCS1v15PSS_Auto _DigestLength _MaxLengthcalculate_max_pss_salt_length) RSAPrivateKeyRSAPrivateNumbers RSAPublicKeyRSAPublicNumbers)Backendbackendrpsskeyhash_algorithmreturncCsR|j}t|tr t||St|tr|jSt|tr't|tr#td|j j S|S)Nz6PSS salt length can only be set to AUTO when verifying) Z _salt_length isinstancerrr digest_sizerr ValueError_libZRSA_PSS_SALTLEN_AUTO)rrrrsaltr!JD:\Flask\env\Lib\site-packages\cryptography/hazmat/backends/openssl/rsa.py_get_rsa_pss_salt_length+s     r#)_RSAPrivateKey _RSAPublicKeydatapaddingcCst|ts tdt|tr|jj}n+t|tr4|jj}t|jt s(t dt j | |s3t dt jn t d|jt jt|||||S)Nz1Padding must be an instance of AsymmetricPadding.'Only MGF1 is supported by this backend.zPThis combination of padding and hash algorithm is not supported by this backend.${} is not supported by this backend.)rr TypeErrorr rRSA_PKCS1_PADDINGr ZRSA_PKCS1_OAEP_PADDING_mgfr rrUNSUPPORTED_MGFZrsa_padding_supportedUNSUPPORTED_PADDINGformatname_enc_dec_rsa_pkey_ctx)rrr&r' padding_enumr!r!r" _enc_dec_rsaAs,       r3r2cCst|tr|jj}|jj}n|jj}|jj}|j|j|j j }| ||j j k|j ||jj }||}| |dk|j||}| |dk|j|j} | | dkt|tr||jj} |j|| }| |dk||j} |j|| }| |dkt|tr|jdurt|jdkr|jt|j} | | |j j k|j | |jt|j|j|| t|j}| |dk|j d| } |j d| }|||| |t|}|j |d| d}|j|dkrtd|S)Nrsize_t *unsigned char[]zEncryption/decryption failed.)rr%rZEVP_PKEY_encrypt_initZEVP_PKEY_encryptZEVP_PKEY_decrypt_initZEVP_PKEY_decryptEVP_PKEY_CTX_new _evp_pkey_ffiNULLopenssl_assertgcEVP_PKEY_CTX_freeEVP_PKEY_CTX_set_rsa_padding EVP_PKEY_sizer _evp_md_non_null_from_algorithmr, _algorithmEVP_PKEY_CTX_set_rsa_mgf1_mdZEVP_PKEY_CTX_set_rsa_oaep_mdZ_labellenZOPENSSL_mallocmemmoveZ EVP_PKEY_CTX_set0_rsa_oaep_labelnewbufferERR_clear_errorr)rrr&r2r'initZcryptpkey_ctxresZbuf_sizemgf1_mdZoaep_mdZlabelptrZoutlenbufresbufr!r!r"r1esX       r1 algorithmcCst|ts td|j|j}||dkt|tr"|jj}|St|t rPt|j t s3t dt jt|tjs=td||jddkrJtd|jj}|St d|jt j)Nz'Expected provider of AsymmetricPadding.rr(z*Expected instance of hashes.HashAlgorithm.zDDigest too large for key size. Use a larger key or different digest.r))rr r*rr?r8r;r r+r r,r rrr-r HashAlgorithmrrZRSA_PKCS1_PSS_PADDINGr/r0r.)rrr'rNZ pkey_sizer2r!r!r"_rsa_sig_determine_paddings2     rQ)r%r$ init_funcc CsLt||||}|j|j|jj}|||jjk|j||jj}||}|dkr4| }t d||durV| |} |j || }|dkrV| t d|jtj|j||}|dkro| t d|jtjt|trt|tjs|J|j|t||||}||dk| |jj} |j|| }||dk|S)Nr4z#Unable to sign/verify with this keyrz4{} is not supported by this backend for RSA signing.z4{} is not supported for the RSA signature operation.)rQrr7r8r9r:r;r<r=_consume_errorsrr@ZEVP_PKEY_CTX_set_signature_mdrr/r0rZUNSUPPORTED_HASHr>r.rr rrPZ EVP_PKEY_CTX_set_rsa_pss_saltlenr#r,rArB) rr'rNrrRr2rIrJerrorsZevp_mdrKr!r!r"_rsa_sig_setupsR    rU private_keyr$c Cst|||||jj}|jd}|j||jj||t|}||dk|jd|d}|j||||t|}|dkrG| } t d| |j |ddS)Nr5r4r6rzuDigest or salt length too long for key size. Use a larger key or shorter salt length if you are specifying a PSS salt) rUrZEVP_PKEY_sign_initr9rEZ EVP_PKEY_signr:rCr;_consume_errors_with_textrrF) rr'rNrVr&rIbuflenrJrLrTr!r!r" _rsa_sig_sign s* rY public_keyr% signaturecCsVt|||||jj}|j||t||t|}||dk|dkr)|tdS)Nr)rUrZEVP_PKEY_verify_initZEVP_PKEY_verifyrCr;rSr)rr'rNrZr[r&rIrJr!r!r"_rsa_sig_verify-sr\c Cst|||||jj}|j|j}||dk|jd|}|jd|}|j||||t |} |j |d|d} |j | dkrIt | S)Nrr6r5r4) rUrZEVP_PKEY_verify_recover_initr?r8r;r9rEZEVP_PKEY_verify_recoverrCrFrGr) rr'rNrZr[rImaxlenrLrXrJrMr!r!r"_rsa_sig_recoverHs&  r^c@seZdZUeed<eed<eed<dddefddZd"d d Zd"d dZ e d efddZ de de d e fddZd efddZd efddZdejdejdejd e fddZde de dejejejfd e fd d!Zd S)#r$r8 _rsa_cdata _key_sizerr_skip_check_keyc CsD|s`|j|}|dkr|}td||jd}|jd}|j|||||d|jjk||d|jjk|j |d} |j |d} | dksW| dkr`|}td|||_ ||_ ||_ d|_ t|_|j jd} |j j|j | |j jj|j jj|j | d|j jjk|j j| d|_dS)Nr4zInvalid private key BIGNUM **rF)rZ RSA_check_keyrWrr9rERSA_get0_factorsr;r:Z BN_is_odd_backendr_r8_blinded threadingLock_blinding_lock RSA_get0_key BN_num_bitsr`) selfr rsa_cdataevp_pkeyrarJrTpqZp_oddZq_oddnr!r!r"__init__qs:      z_RSAPrivateKey.__init__rNcCs>|js|j |WddS1swYdSdSN)rerh_non_threadsafe_enable_blindingrkr!r!r"_enable_blindings  "z_RSAPrivateKey._enable_blindingcCs<|js|jj|j|jjj}|j|dkd|_dSdS)Nr4T)rerdrZRSA_blinding_onr_r9r:r;)rkrJr!r!r"rss  z._RSAPrivateKey._non_threadsafe_enable_blindingcC|jSrrr`rtr!r!r"key_sizez_RSAPrivateKey.key_size ciphertextr'cCs:||jdd}|t|krtdt|j|||S)Nz,Ciphertext length must be equal to key size.)rurxrCrr3rd)rkrzr'Zkey_size_bytesr!r!r"decrypts  z_RSAPrivateKey.decryptcCsV|jj|j}|j||jjjk|jj||jjj}|j |}t |j||Srr) rdrZRSAPublicKey_dupr_r;r9r:r<ZRSA_freeZ_rsa_cdata_to_evp_pkeyr%)rkctxrmr!r!r"rZs  z_RSAPrivateKey.public_keyc Cs|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jj|j||||j|d|jjjk|j|d|jjjk|j|d|jjjk|jj|j|||j|d|jjjk|j|d|jjjk|jj |j||||j|d|jjjk|j|d|jjjk|j|d|jjjkt |j |d|j |d|j |d|j |d|j |d|j |dt |j |d|j |dddS)Nrbrerp)rnroddmp1dmq1iqmppublic_numbers) rdr9rErrir_r;r:rcZRSA_get0_crt_paramsr _bn_to_intr) rkrprrrnrorrrr!r!r"private_numberssB z_RSAPrivateKey.private_numbersencodingr/encryption_algorithmcCs|j|||||j|jSrr)rdZ_private_key_bytesr8r_)rkrr/rr!r!r" private_bytessz_RSAPrivateKey.private_bytesr&rNcCs(|t||\}}t|j||||Srr)rurrYrd)rkr&r'rNr!r!r"signsz_RSAPrivateKey.sign)rN)__name__ __module__ __qualname__object__annotations__intboolrqrurspropertyrxbytesr r}rrZrrrEncodingZ PrivateFormatZKeySerializationEncryptionrtypingUnion asym_utils PrehashedrrPrr!r!r!r"r$lsD  ,  # c @seZdZUeed<eed<eed<dddZedefd d Zd e d e de fd dZ de fddZ dejdejde fddZde de d e dejejejfddf ddZde d e dejejde fddZdS)r%r8r_r`rrcCst||_||_||_|jjd}|jj|j||jjj|jjj|j|d|jjjk|jj |d|_ dS)Nrbr) rdr_r8r9rErrir:r;rjr`)rkrrlrmrpr!r!r"rqsz_RSAPublicKey.__init__rcCrvrrrwrtr!r!r"rxryz_RSAPublicKey.key_size plaintextr'cCst|j|||Srr)r3rd)rkrr'r!r!r"encryptsz_RSAPublicKey.encryptcCs|jjd}|jjd}|jj|j|||jjj|j|d|jjjk|j|d|jjjkt|j |d|j |ddS)Nrbrr) rdr9rErrir_r:r;rr)rkrprr!r!r"rsz_RSAPublicKey.public_numbersrr/cCs|j||||j|jSrr)rdZ_public_key_bytesr8r_)rkrr/r!r!r" public_bytes(sz_RSAPublicKey.public_bytesr[r&rNNcCs&t||\}}t|j|||||dSrr)rr\rd)rkr[r&r'rNr!r!r"verify1sz_RSAPublicKey.verifycCs&t|tjr tdt|j||||S)NzoPrehashed is only supported in the sign and verify methods. It cannot be used with recover_data_from_signature.)rrrr*r^rd)rkr[r'rNr!r!r"recover_data_from_signature=s  z)_RSAPublicKey.recover_data_from_signature)rr)rrrrrrrqrrxrr rrrrrZ PublicFormatrrrrrrrPrOptionalrr!r!r!r"r%sH        )1rfrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsrZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrrZ1cryptography.hazmat.primitives.asymmetric.paddingr r r r r rrrrZ-cryptography.hazmat.primitives.asymmetric.rsarrrr TYPE_CHECKINGZ,cryptography.hazmat.backends.openssl.backendrrrPrr#rr3r1rrQCallableAnyrUrYr\r^r$r%r!r!r!r"s  ,     $ C  0  5     $