o )%a@sJddlZddlZddlmZddlmZGdddejdZGdddejdZGd d d ejdZ Gd d d ejdZ Gd ddejdZ ddZ ddZ dedefddZddZGdddeeZGdddee ZGdddeZGdd d eeZGd!d"d"eeZGd#d$d$eeZGd%d&d&ee ZGd'd(d(eee ZdS))N)utils)CipherAlgorithmc@s8eZdZejdefddZejdeddfddZ dS)ModereturncCdS)z@ A string naming this mode (e.g. "ECB", "CBC"). NselfrrN/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/ciphers/modes.pynamez Mode.name algorithmNcCr)zq Checks that all the necessary invariants of this (mode, algorithm) combination are met. Nrr r rrr validate_for_algorithmr zMode.validate_for_algorithm) __name__ __module__ __qualname__abcabstractpropertystrr abstractmethodrrrrrr r s r) metaclassc@ eZdZejdefddZdS)ModeWithInitializationVectorrcCr)zP The value of the initialization vector for this mode as bytes. Nrrrrr initialization_vectorr z2ModeWithInitializationVector.initialization_vectorN)rrrrrbytesrrrrr rrc@r) ModeWithTweakrcCr)z@ The value of the tweak for this mode as bytes. Nrrrrr tweak%r zModeWithTweak.tweakN)rrrrrrrrrrr r$rrc@r) ModeWithNoncercCr)z@ The value of the nonce for this mode as bytes. Nrrrrr nonce-r zModeWithNonce.nonceN)rrrrrrr rrrr r,rrc@r)ModeWithAuthenticationTagrcCr)zP The value of the tag supplied to the constructor of this mode. Nrrrrr tag5r zModeWithAuthenticationTag.tagN)rrrrrrr"rrrr r!4rr!cCs$|jdkr|jdkrtddSdS)NAESz=Only 128, 192, and 256 bit keys are allowed for this AES mode)key_sizer ValueErrorrrrr _check_aes_key_length<s r'cCs0t|jd|jkrtdt|j|jdS)NzInvalid IV size ({}) for {}.)lenr block_sizer&formatr rrrr _check_iv_lengthCs r,r r cCs*t|d|jkrtdt||dS)Nr(zInvalid nonce size ({}) for {}.)r)r*r&r+)r r r rrr _check_nonce_lengthLs r-cCst||t||dSN)r'r,rrrr _check_iv_and_key_lengthSs r/c@,eZdZdZdefddZedZe Z dS)CBCrcCtd|||_dSNrr_check_byteslike_initialization_vectorr rrrr __init__[  z CBC.__init__r6N rrrr rr8rread_only_propertyrr/rrrrr r1X  r1c@6eZdZdZdefddZedZde fddZ dS) XTSrcCs*td|t|dkrtd||_dS)Nrz!tweak must be 128-bits (16 bytes))rr5r)r&_tweak)r rrrr r8fs   z XTS.__init__r@r cCs|jdvr tddS)N)r#iz\The XTS specification requires a 256-bit key for AES-128-XTS and 512-bit key for AES-256-XTS)r%r&rrrr rps zXTS.validate_for_algorithmN) rrrr rr8rr;rrrrrrr r>cs  r>c@seZdZdZeZdS)ECBN)rrrr r'rrrrr rAxsrAc@r0)OFBrcCr2r3r4r7rrr r8r9z OFB.__init__r6Nr:rrrr rB~r<rBc@r0)CFBrcCr2r3r4r7rrr r8r9z CFB.__init__r6Nr:rrrr rCr<rCc@r0)CFB8rcCr2r3r4r7rrr r8r9z CFB8.__init__r6Nr:rrrr rDr<rDc@r=) CTRr cCr2)Nr )rr5_nonce)r r rrr r8r9z CTR.__init__rFr cCst||t|j|j|dSr.)r'r-r r rrrr rs zCTR.validate_for_algorithmN) rrrr rr8rr;r rrrrrr rEs  rEc@s\eZdZdZdZdZ  ddedejede fdd Z e d Z e d Zd efd dZdS)GCMl?lNr?rr"min_tag_lengthcCstd|t|dkst|dkrtd||_|dur8td||dkr+tdt||kr8td|||_||_dS) Nrr(zIinitialization_vector must be between 8 and 128 bytes (64 and 1024 bits).r"zmin_tag_length must be >= 4z.Authentication tag must be {} bytes or longer.) rr5r)r&r6 _check_bytesr+_tag_min_tag_length)r rr"rHrrr r8s$    z GCM.__init__rLr6r cCst||dSr.)r'rrrr rszGCM.validate_for_algorithm)Nr?)rrrr _MAX_ENCRYPTED_BYTES_MAX_AAD_BYTESrtypingOptionalintr8rr;r"rrrrrrr rGs   rG)rrP cryptographyr/cryptography.hazmat.primitives._cipheralgorithmrABCMetarrrrr!r'r,rrr-r/r1r>rArBrCrDrErGrrrr s*