a ϏPfq(@shddlmZddlZddlmZmZmZddlmZddl m Z m Z ej rVddl mZGdddZdS) ) annotationsN) InvalidTagUnsupportedAlgorithm_Reasons)ciphers) algorithmsmodes)Backendc@seZdZdZdZdZdddddd Zd d d d d Zd d ddddZd dddZ d d dddZ d dd ddZ e ddddZ dS)_CipherContextri r intNone)backend operationreturncCsN||_||_||_||_d|_t|jtjr<|jjd|_ nd|_ |jj }|jj ||jj j}|jj}z|t|t|f}Wn2tytd|j|r|jn|tjYn0||j||}||jj jkrd|jd} |dur| d|jd7} | d|j7} t| tjt|tjr>|jj |j} njt|tjr^|jj |j} nJt|tjr~|jj |j } n*t|t!j"r|jj |j } n |jj j} |jj #|||jj j|jj j|jj j|} |j$| d k|jj %|t&|j'} |j$| d kt|tj(r|jj )||jj j*t&| |jj j} |j$| d k|j+dur|jj )||jj j,t&|j+|j+} |j$| d k|j+|_|jj #||jj j|jj j|jj |j'| |} |j-} |jj } | d kr | j.s| d /| j0| j1s| j2r | d /| j3| j4r t5d |jj$| d k| d |jj 6|d ||_7dS) Nr z6cipher {} in {} mode is not supported by this backend.zcipher  zin z mode z_is not supported by this backend (Your version of OpenSSL may be too old. Current version: {}.)rz+In XTS mode duplicated keys are not allowederrors)8_backendZ_cipher_mode _operation_tag isinstancerZBlockCipherAlgorithm block_size_block_size_bytes_libZEVP_CIPHER_CTX_new_ffigcZEVP_CIPHER_CTX_freeZ_cipher_registrytypeKeyErrorrformatnamerZUNSUPPORTED_CIPHERNULLZopenssl_version_textrZModeWithInitializationVector from_bufferZinitialization_vectorZ ModeWithTweakZtweakZ ModeWithNoncenoncerZChaCha20ZEVP_CipherInit_exopenssl_assertZEVP_CIPHER_CTX_set_key_lengthlenkeyGCMEVP_CIPHER_CTX_ctrlZEVP_CTRL_AEAD_SET_IVLENtagEVP_CTRL_AEAD_SET_TAG_consume_errorsZCRYPTOGRAPHY_IS_LIBRESSL_lib_reason_match ERR_LIB_EVPZEVP_R_XTS_DUPLICATED_KEYSCryptography_HAS_PROVIDERS ERR_LIB_PROVZPROV_R_XTS_DUPLICATED_KEYS ValueErrorZEVP_CIPHER_CTX_set_padding_ctx)selfrciphermoderctxregistryadapterZ evp_ciphermsgZiv_nonceresrlibr=m/var/www/html/python-backend/venv/lib/python3.9/site-packages/cryptography/hazmat/backends/openssl/ciphers.py__init__s           z_CipherContext.__init__bytes)datarcCs2tt||jd}|||}t|d|S)Nr ) bytearrayr'r update_intor@)r4rAbufnr=r=r>updates z_CipherContext.update)rArDrc Cst|}t|||jdkr:tdt||jdd}d}|jjd}|jjj|dd}|jj|}||kr||} ||} t|j ||} |jj |j | || | } | dkrt |jtjr|jtdn|j| dk|| 7}||d7}qp|S)Nr z1buffer must be at least {} bytes for this payloadrint *T)Zrequire_writablezeIn XTS mode you must supply at least a full block in the first update call. For AES this is 16 bytes.)r'rr2r!rrnewr$min_MAX_CHUNK_SIZErEVP_CipherUpdater3rrrZXTSr-r&) r4rArDZtotal_data_lenZdata_processedZ total_outoutlenZ baseoutbufZ baseinbufZoutbufZinbufZinlenr;r=r=r>rCs8   z_CipherContext.update_into)rcCs|j|jkr,t|jtjr,|jdur,td|jj d|j }|jj d}|jj |j||}|dkr|j}|st|jtjrt|jj }|jj|d|j|jp|jr|d|j|jp|jo|dj|jk|dtdt|jtjr^|j|jkr^|jj d|j }|jj |j|jj j|j |}|j|dk|jj |dd|_ |jj !|j}|j|dk|jj |d|dS)Nz4Authentication tag must be provided when decrypting.zunsigned char[]rGrrzFThe length of the provided data is not a multiple of the block length.r )"r_DECRYPTrrrZModeWithAuthenticationTagr+r2rrrHrrZEVP_CipherFinal_exr3r-r)rr&r.r/Z'EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTHr0r1ZPROV_R_WRONG_FINAL_BLOCK_LENGTHZCRYPTOGRAPHY_IS_BORINGSSLreasonZ*CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH_ENCRYPTr*ZEVP_CTRL_AEAD_GET_TAGbufferrZEVP_CIPHER_CTX_reset)r4rDrLr;rr<Ztag_bufr=r=r>finalizesn      z_CipherContext.finalize)r+rcCst|}||jjkr(td|jjn||jkrBtd|j|jj|j |jjj t||}|j |dk||_ | S)Nz.Authentication tag must be {} bytes or longer.z0Authentication tag cannot be more than {} bytes.r)r'rZ_min_tag_lengthr2r!rrrr*r3r,r&rrQ)r4r+Ztag_lenr;r=r=r>finalize_with_tags&  z _CipherContext.finalize_with_tagcCsN|jjd}|jj|j|jjj||jj|t|}|j |dkdS)NrGr) rrrHrrKr3r#r$r'r&)r4rArLr;r=r=r>authenticate_additional_data s z+_CipherContext.authenticate_additional_dataz bytes | NonecCs|jS)N)r)r4r=r=r>r+sz_CipherContext.tagN)__name__ __module__ __qualname__rOrMrJr?rFrCrQrRrSpropertyr+r=r=r=r>r sy$@ r ) __future__rtypingZcryptography.exceptionsrrrZcryptography.hazmat.primitivesrZ&cryptography.hazmat.primitives.ciphersrr TYPE_CHECKINGZ,cryptography.hazmat.backends.openssl.backendr r r=r=r=r>s