a h(@s|ddlmZddlmZmZmZddlmZddlm Z e ej e ej e ej e ejGdddeZdS))utils) InvalidTagUnsupportedAlgorithm_Reasons)ciphers)modesc@sxeZdZdZdZdZddZeedddZee dd d Z ed d d Z eedddZ eddddZ edZdS)_CipherContextri?cCsF||_||_||_||_d|_t|jtjr<|jjd|_ nd|_ |jj }|jj ||jj j}|jj}z|t|t|f}Wn2tytd|j|r|jn|tjYn0||j||}||jj jkrd|} |dur| d|7} | d|j7} t| tjt|tjr6|jj |j} njt|tjrV|jj |j} nJt|tjrv|jj |j } n*t|tjr|jj |j } n |jj j} |jj !|||jj j|jj j|jj j|} |j"| dk|jj #|t$|j%} |j"| dkt|tj&r|jj '||jj j(t$| |jj j} |j"| dk|j)dur|jj '||jj j*t$|j)|j)} |j"| dk|j)|_|jj !||jj j|jj j|jj |j%| |} |j+} |jj } | dkr| j,r| d-| j.| j/s| j0r| d-| j1| j2rt3d|jj"| dk| d |jj 4|d||_5dS) Nr z6cipher {} in {} mode is not supported by this backend.zcipher {0.name} zin {0.name} mode z_is not supported by this backend (Your version of OpenSSL may be too old. Current version: {}.)rz+In XTS mode duplicated keys are not allowederrors)6_backendZ_cipher_mode _operation_tag isinstancerZBlockCipherAlgorithmZ block_size_block_size_bytes_libZEVP_CIPHER_CTX_new_ffigcZEVP_CIPHER_CTX_freeZ_cipher_registrytypeKeyErrorrformatnamerZUNSUPPORTED_CIPHERNULLZopenssl_version_textrZModeWithInitializationVector from_bufferZinitialization_vectorZ ModeWithTweakZtweakZ ModeWithNonceZnonceZEVP_CipherInit_exopenssl_assertZEVP_CIPHER_CTX_set_key_lengthlenkeyGCMEVP_CIPHER_CTX_ctrlZEVP_CTRL_AEAD_SET_IVLENtagEVP_CTRL_AEAD_SET_TAG_consume_errorsZ$CRYPTOGRAPHY_OPENSSL_111D_OR_GREATER_lib_reason_match ERR_LIB_EVPZEVP_R_XTS_DUPLICATED_KEYSCryptography_HAS_PROVIDERS ERR_LIB_PROVZPROV_R_XTS_DUPLICATED_KEYS ValueErrorZEVP_CIPHER_CTX_set_padding_ctx)selfZbackendZciphermodeZ operationctxregistryZadapterZ evp_ciphermsgZiv_nonceresr libr1R/usr/lib64/python3.9/site-packages/cryptography/hazmat/backends/openssl/ciphers.py__init__s            z_CipherContext.__init__)datareturncCs2tt||jd}|||}t|d|S)Nr ) bytearrayrr update_intobytes)r*r4bufnr1r1r2updates z_CipherContext.updatec Cst|}t|||jdkr:tdt||jdd}d}|jjd}|jjj|dd}|jj|}||kr||} ||} t|j ||} |jj |j | || | } | dkrt |jtjr|jtdn|j| dk|| 7}||d7}qp|S)Nr z1buffer must be at least {} bytes for this payloadrint *T)Zrequire_writablezeIn XTS mode you must supply at least a full block in the first update call. For AES this is 16 bytes.)rrr(rr rnewrmin_MAX_CHUNK_SIZErEVP_CipherUpdater)rrrZXTSr#r) r*r4r9Ztotal_data_lenZdata_processedZ total_outoutlenZ baseoutbufZ baseinbufZoutbufZinbufZinlenr/r1r1r2r7s8   z_CipherContext.update_into)r5cCs|j|jkr,t|jtjr,|jdur,td|jj d|j }|jj d}|jj |j||}|dkr|j}|st|jtjrt|jj }|jj|d|j|jp|jr|d|j|jp|jo|dj|jk|dtdt|jtjr^|j|jkr^|jj d|j }|jj |j|jj j|j |}|j|dk|jj |dd|_ |jj !|j}|j|dk|jj |d|dS)Nz4Authentication tag must be provided when decrypting.zunsigned char[]r<rr zFThe length of the provided data is not a multiple of the block length.r )"r_DECRYPTrrrZModeWithAuthenticationTagr!r(r rr=rrZEVP_CipherFinal_exr)r#rrrr$r%Z'EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTHr&r'ZPROV_R_WRONG_FINAL_BLOCK_LENGTHZCRYPTOGRAPHY_IS_BORINGSSLreasonZ*CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH_ENCRYPTr ZEVP_CTRL_AEAD_GET_TAGbufferrZEVP_CIPHER_CTX_reset)r*r9rAr/r r0Ztag_bufr1r1r2finalizesn      z_CipherContext.finalize)r!r5cCst|}||jjkr(td|jjn||jkrBtd|j|jj|j |jjj t||}|j |dk||_ | S)Nz.Authentication tag must be {} bytes or longer.z0Authentication tag cannot be more than {} bytes.r)rrZ_min_tag_lengthr(rrr rr r)r"rrrF)r*r!Ztag_lenr/r1r1r2finalize_with_tags&  z _CipherContext.finalize_with_tagNcCsN|jjd}|jj|j|jjj||jj|t|}|j |dkdS)Nr<r) r rr=rr@r)rrrr)r*r4rAr/r1r1r2authenticate_additional_data s z+_CipherContext.authenticate_additional_datar)__name__ __module__ __qualname__rDrBr?r3r8r;intr7rFrGrHrZread_only_propertyr!r1r1r1r2r sy#@ rN)Z cryptographyrZcryptography.exceptionsrrrZcryptography.hazmat.primitivesrZ&cryptography.hazmat.primitives.ciphersrZregister_interfaceZ CipherContextZAEADCipherContextZAEADEncryptionContextZAEADDecryptionContextobjectrr1r1r1r2s