o n~b(@sddlmZddlmZddlmZddlmZmZddl m Z m Z m Z ddl mZdZddd ZGd d d eZ  dd dZdS)) unhexlify)BLAKE2s)strxor) long_to_bytes bytes_to_long)bordtobytes _copy_bytes)get_random_bytesNcCs,t|d>|A}t|t|t| dS)N)rrlen)bsZxor_lsbnumr?/usr/local/lib/python3.10/dist-packages/Cryptodome/Hash/CMAC.py _shift_bytes$src@sTeZdZdZdZddZddZddZd d Zd d Z d dZ ddZ ddZ dS)CMACzA CMAC hash object. Do not instantiate directly. Use the :func:`new` function. :ivar digest_size: the size in bytes of the resulting MAC tag :vartype digest_size: integer Nc CsD||_tdd||_||_||_|j|_}d|_||_|dkr&d}d|_ n|dkr0d}d|_ nt d|d|} |j ||j fi|j|_ |j | } t| d d @r\t| ||_nt| |_t|jd d @rrt|j||_nt|j|_|j ||j| fi|j|_t||_d |_| |_d|_d |_|r||dSdS) NilzACMAC requires a cipher with a block size of 8 or 16 bytes, not %dr) digest_sizer _key_factory_cipher_params block_size _block_size_mac_tag_update_after_digest _max_size TypeErrornewZMODE_ECB_ecbencryptrr_k1_k2MODE_CBC_cbc bytearray_cache_cache_n_last_ct_last_pt _data_sizeupdate) selfkeymsg ciphermod cipher_paramsmac_lenupdate_after_digestr Zconst_RbZ zero_blockLrrr__init__3sV     z CMAC.__init__cCs|jdur |js td|jt|7_|j}|jdkrUt||jt|}|d||j|j|j|<|j|7_|j|krD|St ||d}| |jd|_t||}|dkrv| |d| || d|jd|<n| |||_|S)zAuthenticate the next chunk of message. Args: data (byte string/byte array/memoryview): The next chunk of data Nz4update() cannot be called after digest() or verify()r) rr r"r/r rr,minr+ memoryview_update)r1r3r fillerZremainrrrr0os(     z CMAC.updatecCs|j}t||dks Jt|dkrdS|j|}t||kr%|j}n || d| }|| d|_t||| d|_dS)z,Update a block aligned to the block boundaryrN)rr r)r%r-rr.)r1Z data_blockr ctZ second_lastrrrr<s   z CMAC._updatecCs^|t}|j|_|jj|j|jj|jfi|j |_ |j dd|_ |jdd|_|S)a+Return a copy ("clone") of the CMAC object. The copy will have the same internal state as the original CMAC object. This can be used to efficiently compute the MAC tag of byte strings that share a common initial substring. :return: An :class:`CMAC` N) __new__r__dict__copyrr#rr(r-rr)r+)r1objrrrrBs  z CMAC.copycCs|j}|jdur|js|jS|j|jkrtd|jdkr*|jdkr*t|j|j }n!|j dd}dd||jd||jd<tt|j ||j }|j |d|j|_|jS)zReturn the **binary** (non-printable) MAC tag of the message that has been authenticated so far. :return: The MAC tag, computed over the data processed so far. Binary form. :rtype: byte string NzMAC is unsafe for this messagerrr )rrr r/r! ValueErrorr,rr.r&r+r-r'r$r%r)r1r ptpartialrrrdigests   z CMAC.digestcCsdddt|DS)Return the **printable** MAC tag of the message authenticated so far. :return: The MAC tag, computed over the data processed so far. Hexadecimal encoded. :rtype: string cSsg|]}dt|qS)z%02x)r).0xrrr sz"CMAC.hexdigest..)jointuplerH)r1rrr hexdigests  zCMAC.hexdigestcCsHtd}tjd||d}tjd||d}||kr"tddS)agVerify that a given **binary** MAC (computed by another party) is valid. Args: mac_tag (byte string/byte array/memoryview): the expected MAC of the message. Raises: ValueError: if the MAC does not match. It means that the message has been tampered with or that the MAC key is incorrect. r)Z digest_bitsr2datazMAC check failedN)r rr#rHrE)r1Zmac_tagsecretZmac1Zmac2rrrverifys  z CMAC.verifycCs|tt|dS)rIN)rTrr)r1Z hex_mac_tagrrr hexverifyszCMAC.hexverify) __name__ __module__ __qualname____doc__rr9r0r<rBrHrPrTrUrrrrr)s<" rFcCsl|durtd|durint|}|dur|j}|dkr!td||jkr-td|jt||||||S)aCreate a new MAC object. Args: key (byte string/byte array/memoryview): key for the CMAC object. The key must be valid for the underlying cipher algorithm. For instance, it must be 16 bytes long for AES-128. ciphermod (module): A cipher module from :mod:`Cryptodome.Cipher`. The cipher's block size has to be 128 bits, like :mod:`Cryptodome.Cipher.AES`, to reduce the probability of collisions. msg (byte string/byte array/memoryview): Optional. The very first chunk of the message to authenticate. It is equivalent to an early call to `CMAC.update`. Optional. cipher_params (dict): Optional. A set of parameters to use when instantiating a cipher object. mac_len (integer): Length of the MAC, in bytes. It must be at least 4 bytes long. The default (and recommended) length matches the size of a cipher block. update_after_digest (boolean): Optional. By default, a hash object cannot be updated anymore after the digest is computed. When this flag is ``True``, such check is no longer enforced. Returns: A :class:`CMAC` object Nz%ciphermod must be specified (try AES)z,MAC tag length must be at least 4 bytes longz>MAC tag length cannot be larger than a cipher block (%d) bytes)r"dictrrEr)r2r3r4r5r6r7rrrr#s   r#)r)NNNNF)binasciirZCryptodome.HashrZCryptodome.Util.strxorrZCryptodome.Util.numberrrZCryptodome.Util.py3compatrrr ZCryptodome.Randomr rrobjectrr#rrrrs     W