o Ìn~bà?ã@sôddlmZddlmZmZmZmZddlmZm Z ddl m Z m Z m Z mZmZmZddlmZmZmZmZddlmZmZmZdZdZd Zd Zd Zd Zd Z dZ!dZ"dZ#dZ$dZ%dZ&dZ'dZ(dZ)Gdd„de*ƒZ+Gdd„de,ƒZ-Gdd„de,ƒZ.dS)é)ÚRandom)Ú DerSequenceÚDerOctetStringÚ DerObjectIdÚ DerInteger)ÚpadÚunpad)ÚMD5ÚSHA1ÚSHA224ÚSHA256ÚSHA384ÚSHA512)ÚDESÚARC2ÚDES3ÚAES)ÚPBKDF1ÚPBKDF2Úscryptz1.2.840.113549.1.5.3z1.2.840.113549.1.5.6z1.2.840.113549.1.5.10z1.2.840.113549.1.5.11z1.2.840.113549.1.5.13z1.2.840.113549.1.5.12z1.3.6.1.4.1.11591.4.11ú1.2.840.113549.2.7z1.2.840.113549.2.8z1.2.840.113549.2.9z1.2.840.113549.2.10z1.2.840.113549.2.11z1.2.840.113549.3.7z2.16.840.1.101.3.4.1.2z2.16.840.1.101.3.4.1.22z2.16.840.1.101.3.4.1.42c@s eZdZdS)Ú PbesErrorN)Ú__name__Ú __module__Ú __qualname__©rrú>/usr/local/lib/python3.10/dist-packages/Cryptodome/IO/_PBES.pyrCsrc@seZdZdZedd„ƒZdS)ÚPBES1z¼Deprecated encryption scheme with password-based key derivation (originally defined in PKCS#5 v1.5, but still present in `v2.0`__). .. __: http://www.ietf.org/rfc/rfc2898.txt cCs*tƒ |¡}tƒ |d¡}tƒ |d¡j}tƒ |d¡j}i}|tkr+t}t}n'|t kr8t}t }d|d<n|t krAt }t}n|t krNt }t }d|d<ntdƒ‚tƒj|ddd} tƒ | d¡j} | d} t|| d| |ƒ} | d d …| d d …} }|j| |j|fi|¤Ž}| |¡}t||jƒS) axDecrypt a piece of data using a passphrase and *PBES1*. The algorithm to use is automatically detected. :Parameters: data : byte string The piece of data to decrypt. passphrase : byte string The passphrase to use for decrypting the data. :Returns: The decrypted data, as a binary string. réé@Zeffective_keylenzUnknown OID for PBES1é©Z nr_elementséNé)rÚdecoderÚpayloadrÚvalueÚ_OID_PBE_WITH_MD5_AND_DES_CBCr rÚ_OID_PBE_WITH_MD5_AND_RC2_CBCrÚ_OID_PBE_WITH_SHA1_AND_DES_CBCr Ú_OID_PBE_WITH_SHA1_AND_RC2_CBCrrÚnewÚMODE_CBCÚdecryptrÚ block_size)ÚdataÚ passphraseÚenc_private_key_infoZencrypted_algorithmÚencrypted_dataÚpbe_oidZ cipher_paramsZhashmodÚ ciphermodZ pbe_paramsÚsaltZ iterationsZkey_ivÚkeyÚivÚcipherÚptrrrr-ys8     z PBES1.decryptN)rrrÚ__doc__Ú staticmethodr-rrrrrrsrc@s*eZdZdZeddd„ƒZedd„ƒZdS)ÚPBES2z‡Encryption scheme with password-based key derivation (defined in `PKCS#5 v2.0`__). .. __: http://www.ietf.org/rfc/rfc2898.txt.NcCs¸|duri}|durt ¡j}|dkrd}t}tj}t}n.|dvr+d}t}tj}t}n |dvr9d}t}tj}t}n|dvrGd}t}tj}t }nt d ƒ‚||j ƒ} ||  d d ¡ƒ} |  d ¡r{|  d d¡} t|| || ƒ} tttƒtt| ƒt| ƒgƒgƒ} n1|  d d¡} |  dd ¡}|  dd¡}t|| || ||ƒ} tttƒtt| ƒt| ƒt|ƒt|ƒgƒgƒ} | | || ¡}| t||j ƒ¡}tt|ƒt| ƒgƒ}ttttƒt| |gƒgƒt|ƒgƒ}| ¡S)aª Encrypt a piece of data using a passphrase and *PBES2*. :Parameters: data : byte string The piece of data to encrypt. passphrase : byte string The passphrase to use for encrypting the data. protection : string The identifier of the encryption algorithm to use. The default value is '``PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC``'. prot_params : dictionary Parameters of the protection algorithm. +------------------+-----------------------------------------------+ | Key | Description | +==================+===============================================+ | iteration_count | The KDF algorithm is repeated several times to| | | slow down brute force attacks on passwords | | | (called *N* or CPU/memory cost in scrypt). | | | | | | The default value for PBKDF2 is 1 000. | | | The default value for scrypt is 16 384. | +------------------+-----------------------------------------------+ | salt_size | Salt is used to thwart dictionary and rainbow | | | attacks on passwords. The default value is 8 | | | bytes. | +------------------+-----------------------------------------------+ | block_size | *(scrypt only)* Memory-cost (r). The default | | | value is 8. | +------------------+-----------------------------------------------+ | parallelization | *(scrypt only)* CPU-cost (p). The default | | | value is 1. | +------------------+-----------------------------------------------+ randfunc : callable Random number generation function; it should accept a single integer N and return a string of random data, N bytes long. If not specified, a new RNG will be instantiated from ``Cryptodome.Random``. :Returns: The encrypted data, as a binary string. Nz"PBKDF2WithHMAC-SHA1AndDES-EDE3-CBCé)z PBKDF2WithHMAC-SHA1AndAES128-CBCzscryptAndAES128-CBCr")z PBKDF2WithHMAC-SHA1AndAES192-CBCzscryptAndAES192-CBC)z PBKDF2WithHMAC-SHA1AndAES256-CBCzscryptAndAES256-CBCé zUnknown PBES2 modeZ salt_sizer#rÚiteration_countièi@r.Zparallelizationr)rr+Úreadrr,Ú_OID_DES_EDE3_CBCrÚ_OID_AES128_CBCÚ_OID_AES192_CBCÚ_OID_AES256_CBCÚ ValueErrorr.ÚgetÚ startswithrrrÚ _OID_PBKDF2rrrÚ _OID_SCRYPTÚencryptrÚ _OID_PBES2Úencode)r/r0Z protectionZ prot_paramsZrandfuncÚkey_sizeÚmoduleZ cipher_modeÚenc_oidr7r5Úcountr6Úkdf_infoÚscrypt_rÚscrypt_pr8r2Úenc_infor1rrrrJµsŠ/    þþ  ÿüþ þþþ÷ z PBES2.encryptcstƒj|dd}tƒ |d¡}tƒ |d¡j}tƒ |d¡j}|tkr*tdƒ‚tƒj|ddd}tƒj|ddd}tƒ |d¡j}d} |tkr¢tƒj|ddd} tƒ | d¡j} | d} t | ƒd} d}| dkrŠz| |d} | d8} |d7}Wn t y‰Ynwd}| dkr¡tƒ | |¡}tƒ |d¡j}n5|t krÓtƒj|dd d‰tƒ ˆd¡j} ‡fd d „d Dƒ\} }}t ˆƒd krЈd } nd} ntdƒ‚tƒ |d¡}tƒ |d¡j}|t krñt }d}n!|tkrút}d}n|tkrt}d}n|tkrt}d}ntdƒ‚| r| |krtdƒ‚tƒ |d¡j}|tkrd|tkr4t}n&|tkrus ÿz!PBES2.decrypt..)rr rUrVzUnsupported PBES2 KDFr=r"r>zUnsupported PBES2 cipherz9Mismatch between PBES2 KDF parameters and selected cipherzUnsupported HMAC %s)Úhmac_hash_module)#rr$rr%rr&rKrrHÚlenÚ TypeErrorrIrArrBrrCrDÚ_OID_HMAC_SHA1r Ú_OID_HMAC_SHA224r Ú_OID_HMAC_SHA256r Ú_OID_HMAC_SHA384r Ú_OID_HMAC_SHA512rrrr+r,r-rr.)r/r0r1Zenc_algor2r3Z pbes2_paramsrQZkdf_oidZkdf_key_lengthZ pbkdf2_paramsr5r?ÚleftÚidxZpbkdf2_prf_oidZpbkdf2_prf_algo_idrRrSrTrOr4rMZIVr\r6r8r9rrZrr-:sœ    ÿ€  ÿ            ÿ ÿ  z PBES2.decrypt)NN)rrrr:r;rJr-rrrrr<¯s r<N)/Z CryptodomerZCryptodome.Util.asn1rrrrZCryptodome.Util.PaddingrrZCryptodome.Hashr r r r r rZCryptodome.CipherrrrrZCryptodome.Protocol.KDFrrrr'r(r)r*rKrHrIr_r`rarbrcrArBrCrDrErÚobjectrr<rrrrÚs2 ! /=