3 l_C@s<ddlmZmZmZddlmZddlmZmZm Z ddl m Z m Z m Z ddlmZddlmZmZmZddlmZmZmZmZmZmZddlmZmZd d Zd d Zd dZ ddZ!ddZ"ddZ#ddZ$ej%eGddde&Z'ej%eGddde&Z(ej%eGddde&Z)ej%eGddde&Z*dS) )absolute_importdivisionprint_function)utils)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_check_not_prehashed_warn_sign_verify_deprecated)hashes)AsymmetricSignatureContextAsymmetricVerificationContextrsa)AsymmetricPaddingMGF1OAEPPKCS1v15PSScalculate_max_pss_salt_length)RSAPrivateKeyWithSerializationRSAPublicKeyWithSerializationcCs,|j}|tjks|tjkr$t||S|SdS)N)Z _salt_lengthrZ MAX_LENGTHrr)ZpsskeyZhash_algorithmZsaltr/usr/lib64/python3.6/rsa.py_get_rsa_pss_salt_length&s rcCst|tstdt|tr&|jj}nVt|trh|jj}t|jt sPt dt j |j |s|t dt jnt dj|jt jt|||||S)Nz1Padding must be an instance of AsymmetricPadding.z'Only MGF1 is supported by this backend.zPThis combination of padding and hash algorithm is not supported by this backend.z${} is not supported by this backend.) isinstancer TypeErrorr_libRSA_PKCS1_PADDINGrZRSA_PKCS1_OAEP_PADDING_mgfrrrUNSUPPORTED_MGFZrsa_padding_supportedUNSUPPORTED_PADDINGformatname_enc_dec_rsa_pkey_ctx)backendrdatapadding padding_enumrrr _enc_dec_rsa/s$        r*cCst|tr|jj}|jj}n|jj}|jj}|jj|j|j j }|j ||j j k|j j ||jj }||}|j |dk|jj||}|j |dk|jj|j} |j | dkt|to|jjr|j|jj} |jj|| }|j |dk|j|j} |jj|| }|j |dkt|tr|jdk rt|jdkr|jjt|j} |j | |j j k|j j| |jt|j|jj|| t|j}|j |dk|j jd| } |j jd| }|||| |t|}|j j|d| d}|jj|dkrtd|S)Nrzsize_t *zunsigned char[]zEncryption/decryption failed.) r _RSAPublicKeyrZEVP_PKEY_encrypt_initZEVP_PKEY_encryptZEVP_PKEY_decrypt_initZEVP_PKEY_decryptEVP_PKEY_CTX_new _evp_pkey_ffiNULLopenssl_assertgcEVP_PKEY_CTX_freeEVP_PKEY_CTX_set_rsa_padding EVP_PKEY_sizerZCryptography_HAS_RSA_OAEP_MD_evp_md_non_null_from_algorithmr _algorithmEVP_PKEY_CTX_set_rsa_mgf1_mdZEVP_PKEY_CTX_set_rsa_oaep_mdZ_labellenZOPENSSL_mallocZmemmoveZ EVP_PKEY_CTX_set0_rsa_oaep_labelnewbufferZERR_clear_error ValueError)r&rr'r)r(ZinitZcryptpkey_ctxresZbuf_sizemgf1_mdZoaep_mdZlabelptrZoutlenbufZresbufrrrr%NsN        r%cCst|tstd|jj|j}|j|dkt|trB|jj}nZt|t rt|j t sdt dt j||jddkr~td|jj}nt dj|jt j|S)Nz'Expected provider of AsymmetricPadding.rz'Only MGF1 is supported by this backend.zDDigest too large for key size. Use a larger key or different digest.z${} is not supported by this backend.)rrrrr5r.r1rrrr rrrr!Z digest_sizer<ZRSA_PKCS1_PSS_PADDINGr#r$r")r&rr( algorithmZ pkey_sizer)rrr_rsa_sig_determine_paddings&       rCc Cst||||}|j|}|jj|j|jj}|j||jjk|jj||jj }||} |j| dk|jj ||} | dkr|j t dj |jtj|jj||} |j| dkt|tr|jj|t|||} |j| dk|j|jj} |jj|| } |j| dk|S)Nr+rz4{} is not supported by this backend for RSA signing.)rCr6rr-r.r/r0r1r2r3ZEVP_PKEY_CTX_set_signature_md_consume_errorsrr#r$rZUNSUPPORTED_HASHr4rrZ EVP_PKEY_CTX_set_rsa_pss_saltlenrr r7r8) r&r(rBrr'Z init_funcr)Zevp_mdr=r>r?rrr_rsa_sig_setups2   rEc Cst||||||jj}|jjd}|jj||jj||t|}|j|dk|jjd|d}|jj||||t|}|dkr|j } t d| |jj |ddS)Nzsize_t *r+zunsigned char[]rzuDigest or salt length too long for key size. Use a larger key or shorter salt length if you are specifying a PSS salt) rErZEVP_PKEY_sign_initr/r:Z EVP_PKEY_signr0r9r1_consume_errors_with_textr<r;) r&r(rB private_keyr'r=Zbuflenr>r@errorsrrr _rsa_sig_signs&  rIcCsXt||||||jj}|jj||t||t|}|j|dk|dkrT|jtdS)Nr)rErZEVP_PKEY_verify_initZEVP_PKEY_verifyr9r1rDr)r&r(rB public_key signaturer'r=r>rrr_rsa_sig_verifys rLc@s$eZdZddZddZddZdS)_RSASignatureContextcCs<||_||_t||||||_||_tj|j|j|_dS)N)_backend _private_keyrC_paddingr7r Hash _hash_ctx)selfr&rGr(rBrrr__init__s z_RSASignatureContext.__init__cCs|jj|dS)N)rRupdate)rSr'rrrrU sz_RSASignatureContext.updatecCst|j|j|j|j|jjS)N)rIrNrPr7rOrRfinalize)rSrrrrVs z_RSASignatureContext.finalizeN)__name__ __module__ __qualname__rTrUrVrrrrrMs rMc@s$eZdZddZddZddZdS)_RSAVerificationContextcCsF||_||_||_||_t|||||}||_tj|j|j|_dS)N) rN _public_key _signaturerPrCr7r rQrR)rSr&rJrKr(rBrrrrTsz _RSAVerificationContext.__init__cCs|jj|dS)N)rRrU)rSr'rrrrU(sz_RSAVerificationContext.updatecCs"t|j|j|j|j|j|jjS)N)rLrNrPr7r[r\rRrV)rSrrrverify+sz_RSAVerificationContext.verifyN)rWrXrYrTrUr]rrrrrZsrZc@sNeZdZddZejdZddZddZdd Z d d Z d d Z ddZ dS)_RSAPrivateKeycCs|jj|}|dkr&|j}td||jj||jj}|j|dk||_||_ ||_ |jjj d}|jjj |j ||jjj|jjj|jj|d|jjjk|jjj |d|_dS)Nr+zInvalid private keyz BIGNUM **r)rZ RSA_check_keyrFr<ZRSA_blinding_onr/r0r1rN _rsa_cdatar.r: RSA_get0_key BN_num_bits _key_size)rSr& rsa_cdataevp_pkeyr>rHnrrrrT8s"   z_RSAPrivateKey.__init__rbcCstt|t|j|||S)N)r r rMrN)rSr(rBrrrsignerSsz_RSAPrivateKey.signercCs2|jdd}|t|kr"tdt|j|||S)Nz,Ciphertext length must be equal to key size.)key_sizer9r<r*rN)rSZ ciphertextr(Zkey_size_bytesrrrdecryptXs z_RSAPrivateKey.decryptcCsV|jjj|j}|jj||jjjk|jjj||jjj}|jj |}t |j||S)N) rNrZRSAPublicKey_dupr_r1r/r0r2ZRSA_freeZ_rsa_cdata_to_evp_pkeyr,)rSZctxrdrrrrJ_s  z_RSAPrivateKey.public_keyc Cs|jjjd}|jjjd}|jjjd}|jjjd}|jjjd}|jjjd}|jjjd}|jjjd}|jjj|j||||jj|d|jjjk|jj|d|jjjk|jj|d|jjjk|jjj|j|||jj|d|jjjk|jj|d|jjjk|jjj |j||||jj|d|jjjk|jj|d|jjjk|jj|d|jjjkt j |jj |d|jj |d|jj |d|jj |d|jj |d|jj |dt j |jj |d|jj |dddS)Nz BIGNUM **r)ere)pqddmp1dmq1iqmppublic_numbers)rNr/r:rr`r_r1r0ZRSA_get0_factorsZRSA_get0_crt_paramsrZRSAPrivateNumbers _bn_to_intRSAPublicNumbers) rSrerkrnrlrmrorprqrrrprivate_numbersfs<z_RSAPrivateKey.private_numberscCs|jj|||||j|jS)N)rNZ_private_key_bytesr.r_)rSencodingr#Zencryption_algorithmrrr private_bytessz_RSAPrivateKey.private_bytescCs$t|j||\}}t|j||||S)N)r rNrI)rSr'r(rBrrrsignsz_RSAPrivateKey.signN) rWrXrYrTrread_only_propertyrirfrjrJrurwrxrrrrr^6s # r^c@sFeZdZddZejdZddZddZdd Z d d Z d d Z dS)r,cCst||_||_||_|jjjd}|jjj|j||jjj|jjj|jj|d|jjjk|jjj |d|_ dS)Nz BIGNUM **r) rNr_r.r/r:rr`r0r1rarb)rSr&rcrdrerrrrTs z_RSAPublicKey.__init__rbcCs,ttjd|t|t|j||||S)NrK)r r _check_bytesr rZrN)rSrKr(rBrrrverifiers  z_RSAPublicKey.verifiercCst|j|||S)N)r*rN)rSZ plaintextr(rrrencryptsz_RSAPublicKey.encryptcCs|jjjd}|jjjd}|jjj|j|||jjj|jj|d|jjjk|jj|d|jjjktj |jj |d|jj |ddS)Nz BIGNUM **r)rkre) rNr/r:rr`r_r0r1rrtrs)rSrerkrrrrrsz_RSAPublicKey.public_numberscCs|jj||||j|jS)N)rNZ_public_key_bytesr.r_)rSrvr#rrr public_bytessz_RSAPublicKey.public_bytescCs&t|j||\}}t|j|||||S)N)r rNrL)rSrKr'r(rBrrrr]sz_RSAPublicKey.verifyN) rWrXrYrTrryrir{r|rrr}r]rrrrr,s   r,N)+Z __future__rrrZ cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsr r r Zcryptography.hazmat.primitivesr Z)cryptography.hazmat.primitives.asymmetricr rrZ1cryptography.hazmat.primitives.asymmetric.paddingrrrrrrZ-cryptography.hazmat.primitives.asymmetric.rsarrrr*r%rCrErIrLZregister_interfaceobjectrMrZr^r,rrrrs,    ;""c