a a@s^ddlZddlZddlmZddlmZmZddlmZm Z Gdddej dZ Gdd d ej dZ Gd d d ej dZ Gd d d ej dZGdddej dZddZddZeeddddZddZGddde e ZGddde e ZGddde ZGdd d e e ZGd!d"d"e e ZGd#d$d$e e ZGd%d&d&e eZGd'd(d(e e eZdS))N)utils)UnsupportedAlgorithm_Reasons)BlockCipherAlgorithmCipherAlgorithmc@s6eZdZejedddZejeddddZ dS)ModereturncCsdS)z@ A string naming this mode (e.g. "ECB", "CBC"). Nselfr r R/usr/lib64/python3.9/site-packages/cryptography/hazmat/primitives/ciphers/modes.pynamesz Mode.nameN algorithmr cCsdS)zq Checks that all the necessary invariants of this (mode, algorithm) combination are met. Nr r rr r r validate_for_algorithmszMode.validate_for_algorithm) __name__ __module__ __qualname__abcabstractpropertystrrabstractmethodrrr r r r rsr) metaclassc@s eZdZejedddZdS)ModeWithInitializationVectorrcCsdS)zP The value of the initialization vector for this mode as bytes. Nr r r r r initialization_vector!sz2ModeWithInitializationVector.initialization_vectorN)rrrrrbytesrr r r r r src@s eZdZejedddZdS) ModeWithTweakrcCsdS)z@ The value of the tweak for this mode as bytes. Nr r r r r tweak)szModeWithTweak.tweakN)rrrrrrrr r r r r(src@s eZdZejedddZdS) ModeWithNoncercCsdS)z@ The value of the nonce for this mode as bytes. Nr r r r r nonce1szModeWithNonce.nonceN)rrrrrrr!r r r r r 0sr c@s&eZdZejejedddZdS)ModeWithAuthenticationTagrcCsdS)zP The value of the tag supplied to the constructor of this mode. Nr r r r r tag9szModeWithAuthenticationTag.tagN) rrrrrtypingOptionalrr#r r r r r"8sr"cCs |jdkr|jdkrtddS)NZAESz=Only 128, 192, and 256 bit keys are allowed for this AES mode)key_sizer ValueErrorrr r r _check_aes_key_length@sr)cCs0t|jd|jkr,tdt|j|jdS)NzInvalid IV size ({}) for {}.)lenr block_sizer(formatrrr r r _check_iv_lengthGs  r.)r!rr cCs*t|d|jkr&tdt||dS)Nr*zInvalid nonce size ({}) for {}.)r+r,r(r-)r!rrr r r _check_nonce_lengthPsr/cCst||t||dSN)r)r.rr r r _check_iv_and_key_lengthWs r1c@s4eZdZdZedddZeedddZeZ dS)CBCrcCstd|||_dSNrr_check_byteslike_initialization_vectorr rr r r __init___s z CBC.__init__rcCs|jSr0r7r r r r rcszCBC.initialization_vectorN rrrrrr9propertyrr1rr r r r r2\s r2c@s@eZdZdZedddZeedddZeddd d Z dS) XTS)rcCs*td|t|dkr td||_dS)Nrz!tweak must be 128-bits (16 bytes))rr6r+r(_tweak)r rr r r r9ms  z XTS.__init__rcCs|jSr0)r?r r r r rusz XTS.tweakNrcCs|jdvrtddS)N)r&iz\The XTS specification requires a 256-bit key for AES-128-XTS and 512-bit key for AES-256-XTS)r'r(rr r r rys zXTS.validate_for_algorithm) rrrrrr9r<rrrr r r r r=js r=c@seZdZdZeZdS)ECBN)rrrrr)rr r r r r@sr@c@s4eZdZdZedddZeedddZeZ dS)OFBr3cCstd|||_dSr4r5r8r r r r9s z OFB.__init__rcCs|jSr0r:r r r r rszOFB.initialization_vectorNr;r r r r rAs rAc@s4eZdZdZedddZeedddZeZ dS)CFBr3cCstd|||_dSr4r5r8r r r r9s z CFB.__init__rcCs|jSr0r:r r r r rszCFB.initialization_vectorNr;r r r r rBs rBc@s4eZdZdZedddZeedddZeZ dS)CFB8r3cCstd|||_dSr4r5r8r r r r9s z CFB8.__init__rcCs|jSr0r:r r r r rszCFB8.initialization_vectorNr;r r r r rCs rCc@s@eZdZdZedddZeedddZeddd d Z dS) CTR)r!cCstd|||_dS)Nr!)rr6_nonce)r r!r r r r9s z CTR.__init__rcCs|jSr0)rEr r r r r!sz CTR.nonceNrcCst||t|j|j|dSr0)r)r/r!rrr r r rs zCTR.validate_for_algorithm) rrrrrr9r<r!rrr r r r rDs rDc@sleZdZdZdZdZdeejee dddZ e ejedd d Z e edd d Z edd ddZdS)GCMl?lNr>)rr#min_tag_lengthcCstd|t|dks$t|dkr,td||_|durptd||dkrVtdt||krptd|||_||_dS) Nrr*zIinitialization_vector must be between 8 and 128 bytes (64 and 1024 bits).r#zmin_tag_length must be >= 4z.Authentication tag must be {} bytes or longer.) rr6r+r(r7 _check_bytesr-_tagZ_min_tag_length)r rr#rGr r r r9s$   z GCM.__init__rcCs|jSr0)rKr r r r r#szGCM.tagcCs|jSr0r:r r r r rszGCM.initialization_vectorrcCsTt||t|ts tdtj|jd}|jdurPt|j|krPt d |dS)Nz%GCM requires a block cipher algorithmr*z0Authentication tag cannot be more than {} bytes.) r) isinstancerrrZUNSUPPORTED_CIPHERr,rKr+r(r-)r rZblock_size_bytesr r r rs   zGCM.validate_for_algorithm)Nr>)rrrrZ_MAX_ENCRYPTED_BYTESZ_MAX_AAD_BYTESrr$r%intr9r<r#rrrr r r r rFs rF)rr$Z cryptographyrZcryptography.exceptionsrrZ/cryptography.hazmat.primitives._cipheralgorithmrrABCMetarrrr r"r)r.rrr/r1r2r=r@rArBrCrDrFr r r r s*