o e?@sddlmZddlmZmZmZmZddlmZm Z ddl m Z m Z m Z mZmZmZddlmZmZmZmZddlmZmZmZdZdZd Zd Zd Zd Zd Z dZ!dZ"dZ#dZ$dZ%dZ&dZ'dZ(dZ)Gddde*Z+Gddde,Z-Gddde,Z.dS))Random) DerSequenceDerOctetString DerObjectId DerInteger)padunpad)MD5SHA1SHA224SHA256SHA384SHA512)DESARC2DES3AES)PBKDF1PBKDF2scryptz1.2.840.113549.1.5.3z1.2.840.113549.1.5.6z1.2.840.113549.1.5.10z1.2.840.113549.1.5.11z1.2.840.113549.1.5.13z1.2.840.113549.1.5.12z1.3.6.1.4.1.11591.4.111.2.840.113549.2.7z1.2.840.113549.2.8z1.2.840.113549.2.9z1.2.840.113549.2.10z1.2.840.113549.2.11z1.2.840.113549.3.7z2.16.840.1.101.3.4.1.2z2.16.840.1.101.3.4.1.22z2.16.840.1.101.3.4.1.42c@s eZdZdS) PbesErrorN)__name__ __module__ __qualname__rr5/usr/lib/python3/dist-packages/Cryptodome/IO/_PBES.pyrCsrc@seZdZdZeddZdS)PBES1zDeprecated encryption scheme with password-based key derivation (originally defined in PKCS#5 v1.5, but still present in `v2.0`__). .. __: http://www.ietf.org/rfc/rfc2898.txt cCs*t|}t|d}t|dj}t|dj}i}|tkr+t}t}n'|t kr8t}t }d|d<n|t krAt }t}n|t krNt }t }d|d<ntdtj|ddd} t| dj} | d} t|| d| |} | d d | d d } }|j| |j|fi|}||}t||jS) axDecrypt a piece of data using a passphrase and *PBES1*. The algorithm to use is automatically detected. :Parameters: data : byte string The piece of data to decrypt. passphrase : byte string The passphrase to use for decrypting the data. :Returns: The decrypted data, as a binary string. r@effective_keylenzUnknown OID for PBES1 nr_elementsN)rdecoderpayloadrvalue_OID_PBE_WITH_MD5_AND_DES_CBCr r_OID_PBE_WITH_MD5_AND_RC2_CBCr_OID_PBE_WITH_SHA1_AND_DES_CBCr _OID_PBE_WITH_SHA1_AND_RC2_CBCrrnewMODE_CBCdecryptr block_size)data passphraseenc_private_key_infoencrypted_algorithmencrypted_datapbe_oid cipher_paramshashmod ciphermod pbe_paramssalt iterationskey_ivkeyivcipherptrrrr/ys8     z PBES1.decryptN)rrr__doc__ staticmethodr/rrrrrrsrc@s*eZdZdZedddZeddZdS)PBES2zEncryption scheme with password-based key derivation (defined in `PKCS#5 v2.0`__). .. __: http://www.ietf.org/rfc/rfc2898.txt.NcCs|duri}|durtj}|dkrd}t}tj}t}n.|dvr+d}t}tj}t}n |dvr9d}t}tj}t}n|dvrGd}t}tj}t }nt d ||j } || d d } | d r{| d d} t|| || } ttttt| t| gg} n1| d d} | dd }| dd}t|| || ||} ttttt| t| t|t|gg} || || }|t||j }tt|t| g}ttttt| |ggt|g}|S)a Encrypt a piece of data using a passphrase and *PBES2*. :Parameters: data : byte string The piece of data to encrypt. passphrase : byte string The passphrase to use for encrypting the data. protection : string The identifier of the encryption algorithm to use. The default value is '``PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC``'. prot_params : dictionary Parameters of the protection algorithm. +------------------+-----------------------------------------------+ | Key | Description | +==================+===============================================+ | iteration_count | The KDF algorithm is repeated several times to| | | slow down brute force attacks on passwords | | | (called *N* or CPU/memory cost in scrypt). | | | | | | The default value for PBKDF2 is 1 000. | | | The default value for scrypt is 16 384. | +------------------+-----------------------------------------------+ | salt_size | Salt is used to thwart dictionary and rainbow | | | attacks on passwords. The default value is 8 | | | bytes. | +------------------+-----------------------------------------------+ | block_size | *(scrypt only)* Memory-cost (r). The default | | | value is 8. | +------------------+-----------------------------------------------+ | parallelization | *(scrypt only)* CPU-cost (p). The default | | | value is 1. | +------------------+-----------------------------------------------+ randfunc : callable Random number generation function; it should accept a single integer N and return a string of random data, N bytes long. If not specified, a new RNG will be instantiated from ``Cryptodome.Random``. :Returns: The encrypted data, as a binary string. Nz"PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC)z PBKDF2WithHMAC-SHA1AndAES128-CBCzscryptAndAES128-CBCr$)z PBKDF2WithHMAC-SHA1AndAES192-CBCzscryptAndAES192-CBC)z PBKDF2WithHMAC-SHA1AndAES256-CBCzscryptAndAES256-CBC zUnknown PBES2 mode salt_sizer%riteration_countii@r0parallelizationr)rr-readrr._OID_DES_EDE3_CBCr_OID_AES128_CBC_OID_AES192_CBC_OID_AES256_CBC ValueErrorr0get startswithrrr _OID_PBKDF2rrr _OID_SCRYPTencryptr _OID_PBES2encode)r1r2 protection prot_paramsrandfunckey_sizemodule cipher_modeenc_oidr?r;countr>kdf_infoscrypt_rscrypt_pr@r5enc_infor3rrrrTs/        z PBES2.encryptcstj|dd}t|d}t|dj}t|dj}|tkr*tdtj|ddd}tj|ddd}t|dj}d} |tkrtj|ddd} t| dj} | d} t | d} d}| dkrz| |d} | d8} |d7}Wn t yYnwd}| dkrt| |}t|dj}n5|t krtj|dd dtdj} fd d d D\} }}t d krЈd } nd} ntdt|d}t|dj}|t krt }d}n!|tkrt}d}n|tkrt}d}n|tkrt}d}ntd| r| |krtdt|dj}|tkrd|tkr4t}n&|tkrus z!PBES2.decrypt..)rr!rcrdzUnsupported PBES2 KDFrEr$rFzUnsupported PBES2 cipherz9Mismatch between PBES2 KDF parameters and selected cipherzUnsupported HMAC %s)hmac_hash_module)#rr&rr'rr(rUrrRlen TypeErrorrSrKrrLrrMrN_OID_HMAC_SHA1r _OID_HMAC_SHA224r _OID_HMAC_SHA256r _OID_HMAC_SHA384r _OID_HMAC_SHA512rrrr-r.r/rr0)r1r2r3enc_algor5r6 pbes2_paramsr_kdf_oidkdf_key_length pbkdf2_paramsr;rHleftidxpbkdf2_prf_oidpbkdf2_prf_algo_idr`rarbr]r9rZIVrkr>r@rArrhrr/:s                    z PBES2.decrypt)NN)rrrrBrCrTr/rrrrrDs rDN)/ CryptodomerCryptodome.Util.asn1rrrrCryptodome.Util.PaddingrrCryptodome.Hashr r r r r rCryptodome.CipherrrrrCryptodome.Protocol.KDFrrrr)r*r+r,rUrRrSrnrorprqrrrKrLrMrNrOrobjectrrDrrrrs2 ! /=