U afx @sddlmZmZmZmZddlmZddlmZm Z m Z m Z m Z m Z mZmZmZmZddlmZddlmZddlmZmZeZed krdd lmZmZmZmZmZndd l m!Z!m"Z"mZm#Z#m$Z$d d ddddddddddg Z%dd Z&dd Z'ddZ(ddZ)ddZ*ddZ+ddZ,ddZ-d dZ.d!dZ/d"dZ0d#dZ1d$d%Z2d&d'Z3d(d)Z4d*d+Z5d,d-Z6d.d/Z7d0d1Z8d2d3Z9d4S)5)unicode_literalsdivisionabsolute_importprint_function)pretty_message) buffer_from_bytesbytes_from_bufferderefnewnull pointer_setstruct struct_bytesunwrapwrite_to_buffer) rand_bytes)backend) type_namebyte_cls winlegacy)advapi32 Advapi32Const handle_erroropen_context_handleclose_context_handle)bcrypt BcryptConstropen_alg_handleclose_alg_handleaes_cbc_no_padding_decryptaes_cbc_no_padding_encryptaes_cbc_pkcs7_decryptaes_cbc_pkcs7_encryptdes_cbc_pkcs5_decryptdes_cbc_pkcs5_encryptrc2_cbc_pkcs5_decryptrc2_cbc_pkcs5_encrypt rc4_decrypt rc4_encrypttripledes_cbc_pkcs5_decrypttripledes_cbc_pkcs5_encryptcCst|dkrttdt||s,td}nt|dkrJttdt|t|ddkrlttdt||td|||dfS) a Encrypts plaintext using AES in CBC mode with a 128, 192 or 256 bit key and no padding. This means the ciphertext must be an exact multiple of 16 bytes long. :param key: The encryption key - a byte string either 16, 24 or 32 bytes long :param data: The plaintext - a byte string :param iv: The initialization vector - either a byte string 16-bytes long or None to generate an IV :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A tuple of two byte strings (iv, ciphertext)  o key must be either 16, 24 or 32 bytes (128, 192 or 256 bits) long - is %s r.: iv must be 16 bytes long - is %s rzJ data must be a multiple of 16 bytes long - is %s aesFlen ValueErrorrr_encryptkeydataivr<H/opt/nydus/tmp/pip-target-53d1vnqk/lib/python/oscrypto/_win/symmetric.pyr"-s$   cCsLt|dkrttdt|t|dkrr8r<r<r=r#s  cCs:t|dkst|dkr*ttdt|td||ddS)a Encrypts plaintext using RC4 with a 40-128 bit key :param key: The encryption key - a byte string 5-16 bytes long :param data: The plaintext - a byte string :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the ciphertext r.Q key must be 5 to 16 bytes (40 to 128 bits) long - is %s rc4N)r5r6rr7r9r:r<r<r=r*s cCs:t|dkst|dkr*ttdt|td||ddS)a Decrypts RC4 ciphertext using a 40-128 bit key :param key: The encryption key - a byte string 5-16 bytes long :param data: The ciphertext - a byte string :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the plaintext r@r.rArBNr>rCr<r<r=r)s cCsjt|dkst|dkr*ttdt||s8td}nt|dkrVttdt||td|||dfS)ab Encrypts plaintext using RC2 with a 64 bit key :param key: The encryption key - a byte string 8 bytes long :param data: The plaintext - a byte string :param iv: The 8-byte initialization vector to use - a byte string - set as None to generate an appropriate one :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A tuple of two byte strings (iv, ciphertext) r@r.rA9 iv must be 8 bytes long - is %s rc2Tr4r8r<r<r=r(#s  cCsXt|dkst|dkr*ttdt|t|dkrHttdt|td|||dS)a" Decrypts RC2 ciphertext using a 64 bit key :param key: The encryption key - a byte string 8 bytes long :param data: The ciphertext - a byte string :param iv: The initialization vector used for encryption - a byte string :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the plaintext r@r.rArDrErFTr>r8r<r<r=r'Os cCs~t|dkr*t|dkr*ttdt||s8td}nt|dkrVttdt|d}t|dkrjd}|t||||dfS) a Encrypts plaintext using 3DES in either 2 or 3 key mode :param key: The encryption key - a byte string 16 or 24 bytes long (2 or 3 key mode) :param data: The plaintext - a byte string :param iv: The 8-byte initialization vector to use - a byte string - set as None to generate an appropriate one :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A tuple of two byte strings (iv, ciphertext) r.r/W key must be 16 bytes (2 key) or 24 bytes (3 key) long - is %s rDrEtripledes_3keytripledes_2keyTr4r9r:r;cipherr<r<r=r,xs    cCslt|dkr*t|dkr*ttdt|t|dkrHttdt|d}t|dkr\d}t||||dS) aC Decrypts 3DES ciphertext in either 2 or 3 key mode :param key: The encryption key - a byte string 16 or 24 bytes long (2 or 3 key mode) :param data: The ciphertext - a byte string :param iv: The initialization vector used for encryption - a byte string :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the plaintext r.r/rGrDrErHrITr>rJr<r<r=r+s  cCs^t|dkrttdt||s,td}nt|dkrJttdt||td|||dfS)a Encrypts plaintext using DES with a 56 bit key :param key: The encryption key - a byte string 8 bytes long (includes error correction bits) :param data: The plaintext - a byte string :param iv: The 8-byte initialization vector to use - a byte string - set as None to generate an appropriate one :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A tuple of two byte strings (iv, ciphertext) rDT key must be 8 bytes (56 bits + 8 parity bits) long - is %s rEdesTr4r8r<r<r=r&s   cCsLt|dkrttdt|t|dkrr8r<r<r=r%s  cCsd}|dkr(tjtjtjdt|}ntjtjtjtjtj d|}tj }t |dd}t t d}t|}tj|_tj|_d|_||_t t d }t|} || _t|| _t||} d} |td d gkrt|d krtj} tt d } t || t| t| | } t| t| }|d krFtt dt|d}t |tj|d} t| |d krt |tj |d} t| tt dtj!}t |tj"|d} t| tt dtj#}t |tj$|d} t| ||fS)a Creates an HCRYPTPROV and HCRYPTKEY for symmetric encryption/decryption. The HCRYPTPROV must be released by close_context_handle() and the HCRYPTKEY must be released by advapi32.CryptDestroyKey() when done. :param cipher: A unicode string of "aes", "des", "tripledes_2key", "tripledes_3key", "rc2", "rc4" :param key: A byte string of the symmetric key :param iv: The initialization vector - a byte string - unused for RC4 :return: A tuple of (HCRYPTPROV, HCRYPTKEY) Nr3r-)rMrIrHrFrBF)Z verify_onlyZ BLOBHEADERrPLAINTEXTKEYBLOBrFrBr@z HCRYPTKEY *DWORD *rD)%rZ CALG_AES_128Z CALG_AES_192Z CALG_AES_256r5ZCALG_DESZ CALG_3DES_112Z CALG_3DESZCALG_RC2ZCALG_RC4ZMS_ENH_RSA_AES_PROVrrrrrNZbTypeZCUR_BLOB_VERSIONZbVersionreservedZaiKeyAlghdrZ dwKeySizersetZ CRYPT_NO_SALTr ZCryptImportKeyr rZCryptSetKeyParamZKP_EFFECTIVE_KEYLENZKP_IVZCRYPT_MODE_CBCZKP_MODEZ PKCS5_PADDINGZ KP_PADDING)rKr9r;context_handleZ algorithm_idproviderZblob_header_pointerZ blob_headerblob_struct_pointer blob_structblobflagskey_handle_pointerres key_handlebufr<r<r=_advapi32_create_handles,s        r]c Csd}tjtjtjtjtjtjd|}zt|}tj }t t d}t |}tj |_tj|_t||_t||}|dkrtt dt|d}t |tj|dd} t| tt d } t |t|| td|t|d } t| t | WS|rt|XdS) ao Creates a BCRYPT_KEY_HANDLE for symmetric encryption/decryption. The handle must be released by bcrypt.BCryptDestroyKey() when done. :param cipher: A unicode string of "aes", "des", "tripledes_2key", "tripledes_3key", "rc2", "rc4" :param key: A byte string of the symmetric key :return: A BCRYPT_KEY_HANDLE N)r3rMrIrHrFrBZBCRYPT_KEY_DATA_BLOB_HEADERrFrOrDrzBCRYPT_KEY_HANDLE *)rZBCRYPT_AES_ALGORITHMZBCRYPT_DES_ALGORITHMZBCRYPT_3DES_112_ALGORITHMZBCRYPT_3DES_ALGORITHMZBCRYPT_RC2_ALGORITHMZBCRYPT_RC4_ALGORITHMr rZBCRYPT_KEY_DATA_BLOBrrrZBCRYPT_KEY_DATA_BLOB_MAGICZdwMagicZBCRYPT_KEY_DATA_BLOB_VERSION1Z dwVersionr5Z cbKeyDatarr ZBCryptSetPropertyZBCRYPT_EFFECTIVE_KEY_LENGTHrZBCryptImportKeyr ) rKr9Z alg_handleZ alg_constantZ blob_typerUrVrWr\rZrYr<r<r=_bcrypt_create_key_handlesZ       r_cCst|tsttdt|t|ts8ttdt||dkr\t|ts\ttdt||dkr|s|dkrt|ddkstdtd krt|||||St |||||S) a Encrypts plaintext :param cipher: A unicode string of "aes", "des", "tripledes_2key", "tripledes_3key", "rc2", "rc4" :param key: The encryption key - a byte string 5-16 bytes long :param data: The plaintext - a byte string :param iv: The initialization vector - a byte string - unused for RC4 :param padding: Boolean, if padding should be used - unused for RC4 :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the ciphertext ; key must be a byte string, not %s < data must be a byte string, not %s rB: iv must be a byte string, not %s r3r.rpadding must be specifiedr) isinstancer TypeErrorrrr5r6_backend_advapi32_encrypt_bcrypt_encryptrKr9r:r;paddingr<r<r=r7s*   r7c Csd}d}zt|||\}}ttdt|}t|tddt|d}t|t |} t | } t | |t |t|t|tdd| || }t|t | t |} |dkr|st| t|dkr| dd} | WS|rt||rt|XdS)a Encrypts plaintext via CryptoAPI :param cipher: A unicode string of "aes", "des", "tripledes_2key", "tripledes_3key", "rc2", "rc4" :param key: The encryption key - a byte string 5-16 bytes long :param data: The plaintext - a byte string :param iv: The initialization vector - a byte string - unused for RC4 :param padding: Boolean, if padding should be used - unused for RC4 :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the ciphertext NrOTrr3r.i)rCryptDestroyKeyrr]r r5Z CryptEncryptr rr rrr r ) rKr9r:r;rjrSr[out_lenrZ buffer_lenbufferoutputr<r<r=rg"sJ      rgc Csd}zt||}|dkrd}nt|}d}|dkr8tj}ttd}t||t|ttdtd|| } t | t |} t | } |rt |nt} t||t|t| || | || } t | t | t |WS|rt|XdS)a Encrypts plaintext via CNG :param cipher: A unicode string of "aes", "des", "tripledes_2key", "tripledes_3key", "rc2", "rc4" :param key: The encryption key - a byte string 5-16 bytes long :param data: The plaintext - a byte string :param iv: The initialization vector - a byte string - unused for RC4 :param padding: Boolean, if padding should be used - unused for RC4 :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the ciphertext NrTULONG *) rBCryptDestroyKeyr_r5rBCRYPT_BLOCK_PADDINGr Z BCryptEncryptr rr rr rKr9r:r;rjr[Ziv_lenrXrlrZrmrnZ iv_bufferr<r<r=rhqsT    rhcCst|tsttdt|t|ts8ttdt||dkr\t|ts\ttdt||tddgkrx|sxtdtdkrt|||||St |||||S)a Decrypts AES/RC4/RC2/3DES/DES ciphertext :param cipher: A unicode string of "aes", "des", "tripledes_2key", "tripledes_3key", "rc2", "rc4" :param key: The encryption key - a byte string 5-16 bytes long :param data: The ciphertext - a byte string :param iv: The initialization vector - a byte string - unused for RC4 :param padding: Boolean, if padding should be used - unused for RC4 :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the plaintext r`rarBrbr3rcr) rdrrerrrRr6rf_advapi32_decrypt_bcrypt_decryptrir<r<r=r?s(  r?c Csd}d}zt|||\}}|dkr>|s>t|ddkr>tdt|}ttdt|}t|t |dkrp|spdndd||} t | t |t |WS|rt||rt|XdS) a Decrypts AES/RC4/RC2/3DES/DES ciphertext via CryptoAPI :param cipher: A unicode string of "aes", "des", "tripledes_2key", "tripledes_3key", "rc2", "rc4" :param key: The encryption key - a byte string 5-16 bytes long :param data: The ciphertext - a byte string :param iv: The initialization vector - a byte string - unused for RC4 :param padding: Boolean, if padding should be used - unused for RC4 :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the plaintext Nr3r.rz9Invalid data - ciphertext length must be a multiple of 16rOFT) rrkrr]r5r6rr Z CryptDecryptr rr r ) rKr9r:r;rjrSr[rnrlrZr<r<r=rts,  rtc Csd}zt||}|dkrd}nt|}d}|dkr8tj}ttd}t||t|ttdtd|| } t | t |} t | } |rt |nt} t||t|t| || | || } t | t | t |WS|rt|XdS)a Decrypts AES/RC4/RC2/3DES/DES ciphertext via CNG :param cipher: A unicode string of "aes", "des", "tripledes_2key", "tripledes_3key", "rc2", "rc4" :param key: The encryption key - a byte string 5-16 bytes long :param data: The ciphertext - a byte string :param iv: The initialization vector - a byte string - unused for RC4 :param padding: Boolean, if padding should be used - unused for RC4 :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the plaintext NrTrp) rrqr_r5rrrr Z BCryptDecryptr rr rr rsr<r<r=ru>sT    ruN): __future__rrrr_errorsrZ_ffirr r r r r rrrrutilrr_typesrrrfZ _advapi32rrrrrZ_cngrrrr __all__r"r!r$r#r*r)r(r'r,r+r&r%r]r_r7rgrhr?rtrur<r<r<r=sT 0  7+.*,)0--*oG@OS==