U [eQ@sZddlZddlmZddlmZmZmZddlmZm Z m Z ddl m Z m Z ddlmZmZmZddlmZmZmZmZmZmZddlmZmZmZmZeejeefe je d d d Z!ejd e"ee"d ddZ#ejd e"e ee"dddZ$ddZ%ddZ&ddZ'ddZ(ddZ)GdddeZ*Gdd d eZ+Gd!d"d"eZ,Gd#d$d$eZ-dS)%N)utils)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_check_not_prehashed_warn_sign_verify_deprecated)hashes serialization)AsymmetricSignatureContextAsymmetricVerificationContextr)AsymmetricPaddingMGF1OAEPPKCS1v15PSScalculate_max_pss_salt_length) RSAPrivateKeyRSAPrivateNumbers RSAPublicKeyRSAPublicNumbers)psskeyhash_algorithmreturncCs,|j}|tjks|tjkr$t||S|SdSN)Z _salt_lengthrZ MAX_LENGTHrr)rrrsaltrj/var/www/html/services/stratfitenv/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/rsa.py_get_rsa_pss_salt_length)s r)_RSAPrivateKey _RSAPublicKey)rdatapaddingrcCst|tstdt|tr&|jj}nVt|trh|jj}t|jt sPt dt j | |s|t dt jnt d|jt jt|||||S)Nz1Padding must be an instance of AsymmetricPadding.'Only MGF1 is supported by this backend.zPThis combination of padding and hash algorithm is not supported by this backend.${} is not supported by this backend.) isinstancer TypeErrorr_libRSA_PKCS1_PADDINGrZRSA_PKCS1_OAEP_PADDING_mgfrrrUNSUPPORTED_MGFZrsa_padding_supportedUNSUPPORTED_PADDINGformatname_enc_dec_rsa_pkey_ctx)backendrr"r# padding_enumrrr _enc_dec_rsa6s*       r2)rr"r1r#rcCs t|tr|jj}|jj}n|jj}|jj}|j|j|j j }| ||j j k|j ||jj }||}| |dk|j||}| |dk|j|j} | | dkt|tr|jjr||jj} |j|| }| |dk||j} |j|| }| |dkt|tr|jdk rt|jdkr|jt|j} | | |j j k|j | |jt|j|j|| t|j}| |dk|j d| } |j d| }|||| |t|}|j |d| d}|j|dkrtd|S)Nrsize_t *unsigned char[]zEncryption/decryption failed.) r&r!r(ZEVP_PKEY_encrypt_initZEVP_PKEY_encryptZEVP_PKEY_decrypt_initZEVP_PKEY_decryptEVP_PKEY_CTX_new _evp_pkey_ffiNULLopenssl_assertgcEVP_PKEY_CTX_freeEVP_PKEY_CTX_set_rsa_padding EVP_PKEY_sizerZCryptography_HAS_RSA_OAEP_MD_evp_md_non_null_from_algorithmr* _algorithmEVP_PKEY_CTX_set_rsa_mgf1_mdZEVP_PKEY_CTX_set_rsa_oaep_mdZ_labellenZOPENSSL_mallocZmemmoveZ EVP_PKEY_CTX_set0_rsa_oaep_labelnewbufferERR_clear_error ValueError)r0rr"r1r#initZcryptpkey_ctxresZbuf_sizemgf1_mdZoaep_mdZlabelptrZoutlenbufresbufrrrr/Zs\      r/cCst|tstd|j|j}||dkt|trB|jj}nnt|t rt|j t sdt dt jt|tjsxtd||jddkrtd|jj}nt d|jt j|S)Nz'Expected provider of AsymmetricPadding.rr$z*Expected instance of hashes.HashAlgorithm.zDDigest too large for key size. Use a larger key or different digest.r%)r&r r'r(r>r7r:rr)rr*rrrr+r HashAlgorithm digest_sizerFZRSA_PKCS1_PSS_PADDINGr-r.r,)r0rr# algorithmZ pkey_sizer1rrr_rsa_sig_determine_paddings0        rQc Cs0t||||}|j|j|jj}|||jjk|j||jj}||}||dk|dk r| |}|j ||}|dkr| t d |jtj|j||}|dkr| t d |jtjt|tr,|j|t|||}||dk| |jj} |j|| }||dk|S)Nr3rz4{} is not supported by this backend for RSA signing.z4{} is not supported for the RSA signature operation.)rQr(r6r7r8r9r:r;r<r?ZEVP_PKEY_CTX_set_signature_md_consume_errorsrr-r.rZUNSUPPORTED_HASHr=r,r&rZ EVP_PKEY_CTX_set_rsa_pss_saltlenrr*r@rA) r0r#rPrZ init_funcr1rHrIZevp_mdrJrrr_rsa_sig_setupsL   rSc Cst|||||jj}|jd}|j||jj||t|}||dk|jd|d}|j||||t|}|dkr| } t d| |j |ddS)Nr4r3r5rzuDigest or salt length too long for key size. Use a larger key or shorter salt length if you are specifying a PSS salt) rSr(ZEVP_PKEY_sign_initr8rCZ EVP_PKEY_signr9rBr:_consume_errors_with_textrFrD) r0r#rP private_keyr"rHbuflenrIrKerrorsrrr _rsa_sig_signs2 rXcCsVt|||||jj}|j||t||t|}||dk|dkrR|tdS)Nr)rSr(ZEVP_PKEY_verify_initZEVP_PKEY_verifyrBr:rRr)r0r#rP public_key signaturer"rHrIrrr_rsa_sig_verify s$r[c Cst|||||jj}|j|j}||dk|jd|}|jd|}|j||||t |} |j |d|d} |j | dkrt | S)Nrr5r4r3) rSr(ZEVP_PKEY_verify_recover_initr>r7r:r8rCZEVP_PKEY_verify_recoverrBrDrEr) r0r#rPrYrZrHmaxlenrKrVrIrLrrr_rsa_sig_recovers.  r]c@s>eZdZeeejdddZeddddZ edd d Z dS) _RSASignatureContext)rUr#rPcCs<||_||_t||||||_||_t|j|j|_dSr)_backend _private_keyrQ_paddingr@r Hash _hash_ctx)selfr0rUr#rPrrr__init__=s z_RSASignatureContext.__init__Nr"rcCs|j|dSrrcupdaterdr"rrrrhOsz_RSASignatureContext.updatercCst|j|j|j|j|jSr)rXr_rar@r`rcfinalizerdrrrrkRsz_RSASignatureContext.finalize) __name__ __module__ __qualname__rr r rNrebytesrhrkrrrrr^<s  r^c@s@eZdZeeeejdddZeddddZ ddd d Z dS) _RSAVerificationContext)rYrZr#rPcCsF||_||_||_||_t|||||}||_t|j|j|_dSr) r_ _public_key _signaturerarQr@r rbrc)rdr0rYrZr#rPrrrre]sz _RSAVerificationContext.__init__NrfcCs|j|dSrrgrirrrrhrsz_RSAVerificationContext.updaterjcCs"t|j|j|j|j|j|jSr)r[r_rar@rrrsrcrkrlrrrverifyusz_RSAVerificationContext.verify) rmrnrorrpr r rNrerhrtrrrrrq\s rqc@seZdZddZedZeej e dddZ e ee ddd Z ed d d Zed d dZejejeje dddZe eejejej fe dddZdS)r cCs|j|}|dkr&|}td||j||jj}||dk||_||_ ||_ |jj d}|jj |j ||jjj|jjj|j|d|jjjk|jj |d|_dS)Nr3zInvalid private key BIGNUM **r)r(Z RSA_check_keyrTrFZRSA_blinding_onr8r9r:r_ _rsa_cdatar7rC RSA_get0_key BN_num_bits _key_size)rdr0 rsa_cdataevp_pkeyrIrWnrrrres$  z_RSAPrivateKey.__init__ry)r#rPrcCstt|t|j|||Sr)rrr^r_)rdr#rPrrrsignersz_RSAPrivateKey.signer) ciphertextr#rcCs2|jdd}|t|kr"tdt|j|||S)Nz,Ciphertext length must be equal to key size.)key_sizerBrFr2r_)rdr~r#Zkey_size_bytesrrrdecrypts z_RSAPrivateKey.decryptrjcCsV|jj|j}|j||jjjk|jj||jjj}|j |}t |j||Sr) r_r(ZRSAPublicKey_duprvr:r8r9r;ZRSA_freeZ_rsa_cdata_to_evp_pkeyr!)rdctxr{rrrrYs  z_RSAPrivateKey.public_keyc Cs|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jj|j||||j|d|jjjk|j|d|jjjk|j|d|jjjk|jj|j|||j|d|jjjk|j|d|jjjk|jj |j||||j|d|jjjk|j|d|jjjk|j|d|jjjkt |j |d|j |d|j |d|j |d|j |d|j |dt |j |d|j |dddS)Nrurer|)pqddmp1dmq1iqmppublic_numbers) r_r8rCr(rwrvr:r9ZRSA_get0_factorsZRSA_get0_crt_paramsr _bn_to_intr) rdr|rrrrrrrrrrprivate_numberssHz_RSAPrivateKey.private_numbers)encodingr-encryption_algorithmrcCs|j|||||j|jSr)r_Z_private_key_bytesr7rv)rdrr-rrrr private_bytessz_RSAPrivateKey.private_bytes)r"r#rPrcCs$t|j||\}}t|j||||Sr)rr_rX)rdr"r#rPrrrsigns z_RSAPrivateKey.signN)rmrnrorerread_only_propertyrr r rNr r}rprrrYrrr EncodingZ PrivateFormatZKeySerializationEncryptionrtypingUnion asym_utils Prehashedrrrrrr s&  % r c@seZdZddZedZeee j e dddZ eeeddd Z ed d d Zejejed ddZeeeejeje j fddddZeeeje j edddZdS)r!cCst||_||_||_|jjd}|jj|j||jjj|jjj|j|d|jjjk|jj |d|_ dS)Nrur) r_rvr7r8rCr(rwr9r:rxry)rdr0rzr{r|rrrresz_RSAPublicKey.__init__ry)rZr#rPrcCs,ttd|t|t|j||||S)NrZ)rr _check_bytesrrqr_rdrZr#rPrrrverifiers z_RSAPublicKey.verifier) plaintextr#rcCst|j|||Sr)r2r_)rdrr#rrrencryptsz_RSAPublicKey.encryptrjcCs|jjd}|jjd}|jj|j|||jjj|j|d|jjjk|j|d|jjjkt|j |d|j |ddS)Nrurr) r_r8rCr(rwrvr9r:rr)rdr|rrrrrsz_RSAPublicKey.public_numbers)rr-rcCs|j||||j|jSr)r_Z_public_key_bytesr7rv)rdrr-rrr public_bytessz_RSAPublicKey.public_bytesN)rZr"r#rPrcCs&t|j||\}}t|j|||||Sr)rr_r[)rdrZr"r#rPrrrrt(sz_RSAPublicKey.verifycCst|t|j||||Sr)rr]r_rrrrrecover_data_from_signature6sz)_RSAPublicKey.recover_data_from_signature)rmrnrorerrrrpr r rNr rrrrr rZ PublicFormatrrrrrrtOptionalrrrrrr!s0     r!).rZ cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsrrrZcryptography.hazmat.primitivesr r Z)cryptography.hazmat.primitives.asymmetricr r rZ1cryptography.hazmat.primitives.asymmetric.paddingr rrrrrZ-cryptography.hazmat.primitives.asymmetric.rsarrrrrrNintrrpr2r/rQrSrXr[r]r^rqr r!rrrrs@      & A+* $o