o  `yL@sDddlmZmZmZddlmZddlmZmZm Z ddl m Z m Z m Z ddlmZddlmZmZmZddlmZmZmZmZmZmZddlmZmZd d Zd d Zd dZ ddZ!ddZ"ddZ#ddZ$ddZ%e&eGddde'Z(e&eGddde'Z)e&eGddde'Z*e&eGdd d e'Z+d!S)")absolute_importdivisionprint_function)utils)InvalidSignatureUnsupportedAlgorithm_Reasons)_calculate_digest_and_algorithm_check_not_prehashed_warn_sign_verify_deprecated)hashes)AsymmetricSignatureContextAsymmetricVerificationContextrsa)AsymmetricPaddingMGF1OAEPPKCS1v15PSScalculate_max_pss_salt_length)RSAPrivateKeyWithSerializationRSAPublicKeyWithSerializationcCs(|j}|tjus |tjurt||S|SN)Z _salt_lengthrZ MAX_LENGTHrr)ZpsskeyZhash_algorithmZsaltr~home/ych/rk3568/buildroot/output/rockchip_rk3568/host/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/rsa.py_get_rsa_pss_salt_length&s rcCst|ts tdt|tr|jj}n+t|tr4|jj}t|jt s(t dt j | |s3t dt jn t d|jt jt|||||S)Nz1Padding must be an instance of AsymmetricPadding.'Only MGF1 is supported by this backend.zPThis combination of padding and hash algorithm is not supported by this backend.${} is not supported by this backend.) isinstancer TypeErrorr_libRSA_PKCS1_PADDINGrZRSA_PKCS1_OAEP_PADDING_mgfrrrUNSUPPORTED_MGFZrsa_padding_supportedUNSUPPORTED_PADDINGformatname_enc_dec_rsa_pkey_ctx)backendrdatapadding padding_enumrrr _enc_dec_rsa/s,       r-cCst|tr|jj}|jj}n|jj}|jj}|j|j|j j }| ||j j k|j ||jj }||}| |dk|j||}| |dk|j|j} | | dkt|tr|jjr||jj} |j|| }| |dk||j} |j|| }| |dkt|tr|jdurt|jdkr|jt|j} | | |j j k|j | |jt|j|j|| t|j}| |dk|j d| } |j d| }|||| |t|}|j |d| d}|j|dkrtd|S)Nrsize_t *unsigned char[]zEncryption/decryption failed.) r _RSAPublicKeyr!ZEVP_PKEY_encrypt_initZEVP_PKEY_encryptZEVP_PKEY_decrypt_initZEVP_PKEY_decryptEVP_PKEY_CTX_new _evp_pkey_ffiNULLopenssl_assertgcEVP_PKEY_CTX_freeEVP_PKEY_CTX_set_rsa_padding EVP_PKEY_sizerZCryptography_HAS_RSA_OAEP_MD_evp_md_non_null_from_algorithmr# _algorithmEVP_PKEY_CTX_set_rsa_mgf1_mdZEVP_PKEY_CTX_set_rsa_oaep_mdZ_labellenZOPENSSL_mallocmemmoveZ EVP_PKEY_CTX_set0_rsa_oaep_labelnewbufferERR_clear_error ValueError)r)rr*r,r+initZcryptpkey_ctxresbuf_sizemgf1_mdZoaep_mdZlabelptrZoutlenbufresbufrrrr(NsX      r(cCst|ts td|j|j}||dkt|tr"|jj}|St|t rPt|j t s3t dt jt|tjs=td||jddkrJtd|jj}|St d|jt j)Nz'Expected provider of AsymmetricPadding.rrz*Expected instance of hashes.HashAlgorithm.zDDigest too large for key size. Use a larger key or different digest.r)rrr r!r:r3r6rr"rr#rrrr$r Z HashAlgorithm digest_sizerCZRSA_PKCS1_PSS_PADDINGr&r'r%)r)rr+ algorithmZ pkey_sizer,rrr_rsa_sig_determine_paddings2     rNc Cs.t||||}|j|j|jj}|||jjk|j||jj}||}||dk|durP| |}|j ||}|dkrP| t d |jtj|j||}|dkri| t d |jtjt|tr|j|t|||}||dk| |jj} |j|| }||dk|S)Nr.rz4{} is not supported by this backend for RSA signing.z4{} is not supported for the RSA signature operation.)rNr!r2r3r4r5r6r7r8r;ZEVP_PKEY_CTX_set_signature_md_consume_errorsrr&r'rZUNSUPPORTED_HASHr9r%rrZ EVP_PKEY_CTX_set_rsa_pss_saltlenrr#r<r=) r)r+rMrZ init_funcr,rErFZevp_mdrHrrr_rsa_sig_setupsJ   rPc Cst|||||jj}|jd}|j||jj||t|}||dk|jd|d}|j||||t|}|dkrG| } t d| |j |ddS)Nr/r.r0rzuDigest or salt length too long for key size. Use a larger key or shorter salt length if you are specifying a PSS salt) rPr!ZEVP_PKEY_sign_initr4r@Z EVP_PKEY_signr5r>r6_consume_errors_with_textrCrA) r)r+rM private_keyr*rEbuflenrFrIerrorsrrr _rsa_sig_signs* rUcCsVt|||||jj}|j||t||t|}||dk|dkr)|tdS)Nr)rPr!ZEVP_PKEY_verify_initZEVP_PKEY_verifyr>r6rOr)r)r+rM public_key signaturer*rErFrrr_rsa_sig_verifysrXc Cst|||||jj}|j|j}||dk|jd|}|jd|}|j||||t |} |j |d|d} |j | dkrIt | S)Nrr0r/r.) rPr!ZEVP_PKEY_verify_recover_initr:r3r6r4r@ZEVP_PKEY_verify_recoverr>rArBr) r)r+rMrVrWrEmaxlenrIrSrFrJrrr_rsa_sig_recover s&  rZc@$eZdZddZddZddZdS)_RSASignatureContextcCs<||_||_t||||||_||_t|j|j|_dSr)_backend _private_keyrN_paddingr<r Hash _hash_ctx)selfr)rRr+rMrrr__init__,s z_RSASignatureContext.__init__cC|j|dSrraupdaterbr*rrrrf8z_RSASignatureContext.updatecCst|j|j|j|j|jSr)rUr]r_r<r^rafinalizerbrrrri;sz_RSASignatureContext.finalizeN)__name__ __module__ __qualname__rcrfrirrrrr\*s r\c@r[)_RSAVerificationContextcCsF||_||_||_||_t|||||}||_t|j|j|_dSr) r] _public_key _signaturer_rNr<r r`ra)rbr)rVrWr+rMrrrrcGsz _RSAVerificationContext.__init__cCrdrrergrrrrfUrhz_RSAVerificationContext.updatecCs"t|j|j|j|j|j|jSr)rXr]r_r<rorprarirjrrrverifyXsz_RSAVerificationContext.verifyN)rkrlrmrcrfrqrrrrrnEs rnc@NeZdZddZedZddZddZdd Z d d Z d d Z ddZ dS)_RSAPrivateKeycCs|j|}|dkr|}td||j||jj}||dk||_||_ ||_ |jj d}|jj |j ||jjj|jjj|j|d|jjjk|jj |d|_dS)Nr.zInvalid private key BIGNUM **r)r!Z RSA_check_keyrQrCZRSA_blinding_onr4r5r6r] _rsa_cdatar3r@ RSA_get0_key BN_num_bits _key_size)rbr) rsa_cdataevp_pkeyrFrTnrrrrces$  z_RSAPrivateKey.__init__rxcCstt|t|j|||Sr)r r r\r])rbr+rMrrrsignersz_RSAPrivateKey.signercCs2|jdd}|t|krtdt|j|||S)Nz,Ciphertext length must be equal to key size.)key_sizer>rCr-r])rbZ ciphertextr+Zkey_size_bytesrrrdecrypts z_RSAPrivateKey.decryptcCsV|jj|j}|j||jjjk|jj||jjj}|j |}t |j||Sr) r]r!ZRSAPublicKey_duprur6r4r5r7ZRSA_freeZ_rsa_cdata_to_evp_pkeyr1)rbctxrzrrrrVs  z_RSAPrivateKey.public_keyc Cs|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jjd}|jj|j||||j|d|jjjk|j|d|jjjk|j|d|jjjk|jj|j|||j|d|jjjk|j|d|jjjk|jj |j||||j|d|jjjk|j|d|jjjk|j|d|jjjkt j |j |d|j |d|j |d|j |d|j |d|j |dt j |j |d|j |dddS)Nrtrer{)pqddmp1dmq1iqmppublic_numbers)r]r4r@r!rvrur6r5ZRSA_get0_factorsZRSA_get0_crt_paramsrZRSAPrivateNumbers _bn_to_intRSAPublicNumbers) rbr{rrrrrrrrrrprivate_numberssB z_RSAPrivateKey.private_numberscCs|j|||||j|jSr)r]Z_private_key_bytesr3ru)rbencodingr&Zencryption_algorithmrrr private_bytessz_RSAPrivateKey.private_bytescCs$t|j||\}}t|j||||Sr)r r]rU)rbr*r+rMrrrsignsz_RSAPrivateKey.signN) rkrlrmrcrread_only_propertyrr|rrVrrrrrrrrscs # rsc@rr)r1cCst||_||_||_|jjd}|jj|j||jjj|jjj|j|d|jjjk|jj |d|_ dS)Nrtr) r]rur3r4r@r!rvr5r6rwrx)rbr)ryrzr{rrrrcsz_RSAPublicKey.__init__rxcCs,ttd|t|t|j||||S)NrW)r r _check_bytesr rnr]rbrWr+rMrrrverifiers   z_RSAPublicKey.verifiercCst|j|||Sr)r-r])rbZ plaintextr+rrrencryptrhz_RSAPublicKey.encryptcCs|jjd}|jjd}|jj|j|||jjj|j|d|jjjk|j|d|jjjktj |j |d|j |ddS)Nrtrr) r]r4r@r!rvrur5r6rrr)rbr{rrrrrsz_RSAPublicKey.public_numberscCs|j||||j|jSr)r]Z_public_key_bytesr3ru)rbrr&rrr public_bytessz_RSAPublicKey.public_bytescCs&t|j||\}}t|j|||||Sr)r r]rX)rbrWr*r+rMrrrrqs z_RSAPublicKey.verifycCst|t|j||||Sr)r rZr]rrrrrecover_data_from_signatures z)_RSAPublicKey.recover_data_from_signatureN) rkrlrmrcrrrrrrrrqrrrrrr1s    r1N), __future__rrr cryptographyrZcryptography.exceptionsrrrZ*cryptography.hazmat.backends.openssl.utilsr r r Zcryptography.hazmat.primitivesr Z)cryptography.hazmat.primitives.asymmetricr rrZ1cryptography.hazmat.primitives.asymmetric.paddingrrrrrrZ-cryptography.hazmat.primitives.asymmetric.rsarrrr-r(rNrPrUrXrZZregister_interfaceobjectr\rnrsr1rrrrs0    ;+*c