o ge$@s|ddlmZddlmZmZmZddlmZddlm Z e ej e ej e ej e ejGdddeZdS))utils) InvalidTagUnsupportedAlgorithm_Reasons)ciphers)modesc@seZdZdZdZdZddZdedefdd Zdede fd d Z defd d Z dedefddZ deddfddZ edZdS)_CipherContextri?c Cs||_||_||_||_d|_t|jtjr|jjd|_ nd|_ |jj }|jj ||jj j}|jj}z |t|t|f}WntyYtd|j|rS|jn|tjw||j||}||jj jkrd|} |durx| d|7} | d|j7} t| tjt|tjr|jj |j} n2t|tjr|jj |j} n#t|tjr|jj |j } nt|tjr|jj |j } n|jj j} |jj !|||jj j|jj j|jj j|} |j"| dk|jj #|t$|j%} |j"| dkt|tj&r=|jj '||jj j(t$| |jj j} |j"| dk|j)dur=|jj '||jj j*t$|j)|j)} |j"| dk|j)|_|jj !||jj j|jj j|jj |j%| |} |j"| dk|jj +|d||_,dS)Nr z6cipher {} in {} mode is not supported by this backend.zcipher {0.name} zin {0.name} mode z_is not supported by this backend (Your version of OpenSSL may be too old. Current version: {}.)r)-_backend_cipher_mode _operation_tag isinstancerBlockCipherAlgorithm block_size_block_size_bytes_libEVP_CIPHER_CTX_new_ffigcEVP_CIPHER_CTX_free_cipher_registrytypeKeyErrorrformatnamerUNSUPPORTED_CIPHERNULLopenssl_version_textrModeWithInitializationVector from_bufferinitialization_vector ModeWithTweaktweak ModeWithNoncenonceEVP_CipherInit_exopenssl_assertEVP_CIPHER_CTX_set_key_lengthlenkeyGCMEVP_CIPHER_CTX_ctrlEVP_CTRL_AEAD_SET_IVLENtagEVP_CTRL_AEAD_SET_TAGEVP_CIPHER_CTX_set_padding_ctx) selfbackendciphermode operationctxregistryadapter evp_ciphermsgiv_nonceresr@N/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/ciphers.py__init__s               z_CipherContext.__init__datareturncCs2tt||jd}|||}t|d|S)Nr ) bytearrayr+r update_intobytes)r4rCbufnr@r@rAupdateys z_CipherContext.updatec Cst|}t|||jdkrtdt||jdd}d}|jjd}|jjj|dd}|jj|}||kr}||} ||} t|j ||} |jj |j | || | } | dkrgt |jtjrgtd|j| dk|| 7}||d7}||ks<|S)Nr z1buffer must be at least {} bytes for this payloadrint *T)require_writablezeIn XTS mode you must supply at least a full block in the first update call. For AES this is 16 bytes.)r+r ValueErrorrr rnewr"min_MAX_CHUNK_SIZErEVP_CipherUpdater3rr rXTSr)) r4rCrHtotal_data_lendata_processed total_outoutlen baseoutbuf baseinbufoutbufinbufinlenr?r@r@rArF~s6  z_CipherContext.update_intocCs|j|jkrt|jtjr|jdurtd|jj d|j }|jj d}|jj |j||}|dkro|j}|sDt|jtjrDt|jj|d|jj j|jj jpg|jj jog|d|jj j|jj j|dtdt|jtjr|j|jkr|jj d|j }|jj |j|jj j|j |}|j|dk|jj |dd|_|jj |j}|j|dk|jj |d|dS)Nz4Authentication tag must be provided when decrypting.zunsigned char[]rKr)errorszFThe length of the provided data is not a multiple of the block length.r )r_DECRYPTrr rModeWithAuthenticationTagr0rMr rrNrrEVP_CipherFinal_exr3_consume_errorsr-rr)_lib_reason_match ERR_LIB_EVP'EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTHCryptography_HAS_PROVIDERS ERR_LIB_PROVPROV_R_WRONG_FINAL_BLOCK_LENGTH_ENCRYPTr.EVP_CTRL_AEAD_GET_TAGbufferrEVP_CIPHER_CTX_reset)r4rHrVr?r\tag_bufr@r@rAfinalizes\       z_CipherContext.finalizer0cCs`t||jjkrtd|jj|jj|j|jjj t||}|j |dk||_ | S)Nz.Authentication tag must be {} bytes or longer.r) r+r _min_tag_lengthrMrr rr.r3r1r)rrl)r4r0r?r@r@rAfinalize_with_tagsz _CipherContext.finalize_with_tagNcCsN|jjd}|jj|j|jjj||jj|t|}|j |dkdS)NrKr) r rrNrrQr3rr"r+r))r4rCrVr?r@r@rAauthenticate_additional_datas z+_CipherContext.authenticate_additional_datar)__name__ __module__ __qualname__rgr]rPrBrGrJintrFrlrnrorread_only_propertyr0r@r@r@rAr sd": rN) cryptographyrcryptography.exceptionsrrrcryptography.hazmat.primitivesr&cryptography.hazmat.primitives.ciphersrregister_interface CipherContextAEADCipherContextAEADEncryptionContextAEADDecryptionContextobjectrr@r@r@rAs