U

�\�ey$�@s�dd
lm
Z
mZmZ
ddlmZ
ddlmZmZm	Z	
ddl
mZ
ddlm
Z

e�ej�
e�ej�
e�ej�
e�ej�
Gdd�de��
�
�
�
ZdS)	�)�absolute_import�division�print_function)
�utils)�
InvalidTag�UnsupportedAlgorithm�_Reasons)
�ciphers)
�modesc@sNeZ
dZd
ZdZdd�Zdd�Zdd�Zd	d
�Zdd�Z	d
d�Z
e�d�
Z
dS)�_CipherContext�
r
cCs|
|_||_
||_||_d|_t|j
tj�r<|j
jd
|_	nd|_	|jj
��}|jj�
||jj
j�}|jj}z|t|�
t|�
f}Wn4tk
r�


td�|j|r�|jn|�tj��
YnX||j||�}||jjjk�
rd�|�
}	|dk	r�|	d�|�
7}	|	d�|j���
7}	t|	tj��
t|tj��
r8|jj�|j�
}
njt|tj��
rX|jj�|j�
}
nJt|tj��
rx|jj�|j �
}
n*t|tj��
r�|jj�|j �
}
n
|jjj}
|jj
�!|||jjj|jjj|jjj|�}|j�"|dk�

|jj
�#|t$|j%�
�}|j�"|dk�

t|tj&��r�|jj
�'||jj
j(t$|
�
|jjj�}|j�"|dk�

|j)dk	�r�|jj
�'||jj
j*t$|j)�
|j)�}|j�"|dk�

|j)|_n.|j|j+k�r�|jj
j,�r�|jj
j-�s�t.d�
�
|jj
�!||jjj|jjj|jj�|j%�
|
|�}|j�"|dk�

|jj
�/|d�
||_0dS)	N�rz6cipher {} in {} mode is not supported by this backend.zcipher {0.name} zin {0.name} mode z_is not supported by this backend (Your version of OpenSSL may be too old. Current version: {}.)r
z_delayed passing of GCM tag requires OpenSSL >= 1.0.2. To use this feature please update OpenSSL)1�_backendZ_cipher�_mode�
_operation�_tag�
isinstancer	ZBlockCipherAlgorithmZ
block_size�_block_size_bytes�_libZEVP_CIPHER_CTX_new�_ffi�gcZEVP_CIPHER_CTX_freeZ_cipher_registry�type�KeyErrorr�format�namerZUNSUPPORTED_CIPHER�NULLZopenssl_version_textr
ZModeWithInitializationVector�from_bufferZinitialization_vectorZ
ModeWithTweakZtweakZ
ModeWithNonceZnonceZEVP_CipherInit_ex�openssl_assertZEVP_CIPHER_CTX_set_key_length�len�key�GCM�EVP_CIPHER_CTX_ctrlZEVP_CTRL_AEAD_SET_IVLEN�tag�EVP_CTRL_AEAD_SET_TAG�_DECRYPT�"CRYPTOGRAPHY_OPENSSL_LESS_THAN_102�CRYPTOGRAPHY_IS_LIBRESSL�NotImplementedErrorZEVP_CIPHER_CTX_set_padding�_ctx)�selfZbackendZcipher�modeZ	operationZctx�registryZadapterZ
evp_cipher�msgZiv_nonce�res�r.�N/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/ciphers.py�__init__s�







�




��







��

�









�
�



�



�


���
�





�
z_CipherContext.__init__cCs2tt
|
�
|jd
�
}|�|
|�}t|d|��
S)Nr)�	bytearrayrr�update_into�bytes)r)�data�buf�
nr.r.r/�updatezs


z_CipherContext.updatecCs�t|�
t|
�
|j
d
kr6td�t|
�
|j
d
�
�
�
|jj�d|jjj|dd��}|jj�d�
}|jj	�
|j|||jj�|
�
t|
�
�}|j�|dk�

|dS)Nrz1buffer must be at least {} bytes for this payloadzunsigned char *T)
Zrequire_writable�int *r
)
rr�
ValueErrorrrr�castr�newr�EVP_CipherUpdater(r)r)r4r5�outlenr-r.r.r/r2s(



��
�


�
z_CipherContext.update_intoc
Cs|
t|j
tj�r|�d
�

|j|jkrDt|j
tj�rD|jdkrDt	d�
�
|j
j�d|j
�}
|j
j�d�
}|j
j�|j|
|�}|dkr�|j
��}|s�t|j
tj�r�t�
|j
�|d�|j
jj|j
jj��

t	d�
�
t|j
tj��
rB|j|jk�
rB|j
j�d|j
�}|j
j�|j|j
jj|j
|�}|j
�|dk�

|j
j�|�
dd�|_|j
j�|j�
}|j
�|dk�

|j
j�|
�
d|d�S)N�z4Authentication tag must be provided when decrypting.zunsigned char[]r8r
zFThe length of the provided data is not a multiple of the block length.r)rrr
r r7rr$ZModeWithAuthenticationTagr"r9rrr;rrZEVP_CipherFinal_exr(Z_consume_errorsrrZ_lib_reason_matchZERR_LIB_EVPZ'EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH�_ENCRYPTr!ZEVP_CTRL_AEAD_GET_TAG�bufferrZEVP_CIPHER_CTX_cleanup)r)r5r=r-�errorsZtag_bufr.r.r/�finalize�sZ


���
�








��
�

�
�

�


z_CipherContext.finalizecCs||jj
jr|jj
jstd
�
�
t|
�
|jjkr>td�	|jj�
�
�
|jj
�
|j|jj
jt|
�
|
�}|j�
|dk�

|
|_|��S)NzUfinalize_with_tag requires OpenSSL >= 1.0.2. To use this method please update OpenSSLz.Authentication tag must be {} bytes or longer.r
)rrr%r&r'rrZ_min_tag_lengthr9rr!r(r#rrrB)r)r"r-r.r.r/�finalize_with_tag�s,��
�


��

�

z _CipherContext.finalize_with_tagcCsN|jj
�d
�
}|jj�|j|jj
j||jj
�|
�
t|
�
�}|j�	|dk�

dS)Nr8r
)
rrr;rr<r(rrrr)r)r4r=r-r.r.r/�authenticate_additional_data�s



�z+_CipherContext.authenticate_additional_datarN)�__name__�
__module__�__qualname__r?r$r0r7r2rBrCrDrZread_only_propertyr"r.r.r.r/r
s
e6rN)Z
__future__rrrZcryptographyrZcryptography.exceptionsrrrZcryptography.hazmat.primitivesr	Z&cryptography.hazmat.primitives.ciphersr
Zregister_interfaceZ
CipherContextZAEADCipherContextZAEADEncryptionContextZAEADDecryptionContext�objectrr.r.r.r/�<module>s