U
    a�f]O  �                   @   s<  d dl mZmZmZmZ d dlZd dlZd dlZd dlZd dl	Z	d dl
Z
ddlmZ ddlmZmZ ddlmZmZmZmZmZ ddlmZ ddlmZ dd	lmZmZmZ ejd
k r�eZ e!Z"ndd� Z e� Z#dddddddgZ$dd� Z%dd� Z&dd� Z'dd� Z(dd� Z)dd� Z*dd� Z+dd� Z,dd � Z-d!d� Z.d"d� Z/dS )#�    )�unicode_literals�division�absolute_import�print_functionN�   )�backend)�constant_compare�
rand_bytes)�Certificate�int_from_bytes�int_to_bytes�PrivateKeyInfo�PublicKeyInfo)�pretty_message)�
fill_width)�	type_name�byte_cls�	int_types)�   c                 C   s
   t | g�S )N)�bytes)�num� r   �@/opt/nydus/tmp/pip-target-53d1vnqk/lib/python/oscrypto/_pkcs1.py�chr_cls   s    r   �add_pss_padding�add_pkcs1v15_signature_padding�raw_rsa_private_crypt�raw_rsa_public_crypt�"remove_pkcs1v15_encryption_padding�!remove_pkcs1v15_signature_padding�verify_pss_paddingc                  C   s:   t jdkrdS t�� d } ttt| �d���dd� dkS )zM
    :return:
        A bool if the current machine is running OS X 10.7
    �darwinFr   �.�   )�
   �   )�sys�platform�mac_ver�tuple�map�int�split)�versionr   r   r   �_is_osx_107/   s    
r.   c                 C   s  t dkrtjdkrttd���t|t�s:ttdt|����t|t	�sVttdt|����|dk rpt
tdt|����t|t	�s�ttdt|����|d	k r�t
td
t|����| tdddddg�kr�t
tdt| ����tt| �}|d }tt�|d ��}||��� }t|�}||| d k �r$t
td���|dk�r:t�|�}	nd}	d| |	 }
||
��� }d|| | d  }|d |	 }t| ||| d �}tt|�t|�A �}t|t|��}d| | }d| dd|   }t|d�}|dk�rt|t|dd� �@ �|dd�  }|| d S )a5  
    Pads a byte string using the EMSA-PSS-Encode operation described in PKCS#1
    v2.2.

    :param hash_algorithm:
        The string name of the hash algorithm to use: "sha1", "sha224",
        "sha256", "sha384", "sha512"

    :param salt_length:
        The length of the salt as an integer - typically the same as the length
        of the output from the hash_algorithm

    :param key_length:
        The length of the RSA key, in bits

    :param message:
        A byte string of the message to pad

    :return:
        The encoded (passed) message
    �	winlegacyr!   z~
            Pure-python RSA PSS signature padding addition code is only for
            Windows XP/2003 and OS X
            �?
            message must be a byte string, not %s
            �@
            salt_length must be an integer, not %s
            r   �?
            salt_length must be 0 or more - is %s
            �?
            key_length must be an integer, not %s
            i   z@
            key_length must be 512 or more - is %s
            �sha1�sha224�sha256�sha384�sha512�z
            hash_algorithm must be one of "sha1", "sha224", "sha256", "sha384",
            "sha512", not %s
            r   �   r#   zq
            Key is not long enough to use with specified hash_algorithm and
            salt_length
            �    �           �    �   �0�1��   N�   �)�_backendr&   r'   �SystemErrorr   �
isinstancer   �	TypeErrorr   r   �
ValueError�repr�set�getattr�hashlibr+   �math�ceil�digest�len�os�urandom�_mgf1r   r   r   r   �ord)�hash_algorithm�salt_length�
key_length�message�	hash_func�em_bits�em_len�message_digest�hash_length�salt�m_prime�m_prime_digest�padding�db�db_mask�	masked_db�	zero_bits�left_bit_mask�left_int_maskr   r   r   r   ;   sv    �
�
��
���
�


$c                 C   s�  t dkrtjdkrttd���t|t�s:ttdt|����t|t�sVttdt|����t|t	�srttdt|����|dk r�t
tdt|����| td	d
dddg�kr�t
tdt| ����tt| �}|d }tt�|d ��}||��� }t|�}	||	| d k �rdS |dd� dk�rdS d| | }
||	 d }|d|� }t|dd� �}|d|
 ? }|dk�rfdS ||||	 � }t| |||	 d �}d|
 dd|
   }t|d�}|dk�r�t|t|dd� �@ �|dd�  }tt|�t|�A �}t|�t|�k �rdt|�t|�  | }||	 | d }d| }t|d|� |��sDdS |||d � dk�r^dS |d| d� }d| | }||��� }t||�S )aZ  
    Verifies the PSS padding on an encoded message

    :param hash_algorithm:
        The string name of the hash algorithm to use: "sha1", "sha224",
        "sha256", "sha384", "sha512"

    :param salt_length:
        The length of the salt as an integer - typically the same as the length
        of the output from the hash_algorithm

    :param key_length:
        The length of the RSA key, in bits

    :param message:
        A byte string of the message to pad

    :param signature:
        The signature to verify

    :return:
        A boolean indicating if the signature is invalid
    r/   r!   z�
            Pure-python RSA PSS signature padding verification code is only for
            Windows XP/2003 and OS X
            r0   zA
            signature must be a byte string, not %s
            r1   r   r2   r4   r5   r6   r7   r8   r9   r   r:   r#   F�����NrB   r?   r@   rA   r=   r>   r<   )rC   r&   r'   rD   r   rE   r   rF   r   r   rG   rH   rI   rJ   rK   r+   rL   rM   rN   rO   rS   rR   r   r   r   r   )rT   rU   rV   rW   �	signaturerX   rY   rZ   r[   r\   rd   Zmasked_db_lengthrc   Z
first_byteZbits_that_should_be_zeror_   rb   re   rf   ra   Zzero_lengthZzero_stringr]   r^   Zh_primer   r   r   r    �   s�    �
�
�
���



$c           
      C   s�   t |t�sttdt|����t |t�s8ttdt|����|dk rRttdt|����| tddddd	g�krzttd
t| ����d}dddddd�|  }t	t
�|| ��}t�d�j}tt| �}td|�D ] }||�}	||||	 ��� 7 }q�|d|� S )a|  
    The PKCS#1 MGF1 mask generation algorithm

    :param hash_algorithm:
        The string name of the hash algorithm to use: "sha1", "sha224",
        "sha256", "sha384", "sha512"

    :param seed:
        A byte string to use as the seed for the mask

    :param mask_length:
        The desired mask length, as an integer

    :return:
        A byte string of the mask
    z<
            seed must be a byte string, not %s
            z@
            mask_length must be an integer, not %s
            r   zD
            mask_length must be greater than 0 - is %s
            r4   r5   r6   r7   r8   r9   r;   �   �   �    �0   �@   )r4   r5   r6   r7   r8   s   >Ir   )rE   r   rF   r   r   r   rG   rH   rI   r+   rL   rM   �struct�Struct�packrJ   rK   �rangerN   )
rT   �seedZmask_length�outputr\   Z
iterationsrp   rX   �counter�br   r   r   rR   :  sH    
�
�����
rR   c                 C   s    t dkrttd���t| |d�S )z�
    Adds PKCS#1 v1.5 padding to a message to be signed

    :param key_length:
        An integer of the number of bytes in the key

    :param data:
        A byte string to pad

    :return:
        The padded data as a byte string
    r/   zz
            Pure-python RSA PKCSv1.5 signature padding addition code is only
            for Windows XP/2003
            Zsigning)rC   rD   r   �_add_pkcs1v15_padding�rV   �datar   r   r   r   �  s
    �c                 C   s    t dkrttd���t| |d�S )a  
    Removes PKCS#1 v1.5 padding from a signed message using constant time
    operations

    :param key_length:
        An integer of the number of bytes in the key

    :param data:
        A byte string to unpad

    :return:
        The unpadded data as a byte string
    r/   zy
            Pure-python RSA PKCSv1.5 signature padding removal code is only for
            Windows XP/2003
            Z	verifying)rC   rD   r   �_remove_pkcs1v15_paddingrw   r   r   r   r   �  s
    �c                 C   s   t � sttd���t| |d�S )a  
    Removes PKCS#1 v1.5 padding from a decrypted message using constant time
    operations

    :param key_length:
        An integer of the number of bytes in the key

    :param data:
        A byte string to unpad

    :return:
        The unpadded data as a byte string
    zt
            Pure-python RSA PKCSv1.5 encryption padding removal code is only
            for OS X 10.7
            �
decrypting)r.   rD   r   ry   rw   r   r   r   r   �  s
    �c                 C   s�   |dkrd}nd}t |t�s.ttdt|����t | t�sJttdt| ����| dk rdttdt| ����t|�| d kr�ttd	| d t|����| d
 t|� }d}|dkr�t	|�}d�
|�d��}||7 }|t|�8 }q�d| | d | S )a1  
    Adds PKCS#1 v1.5 padding to a message

    :param key_length:
        An integer of the number of bytes in the key

    :param data:
        A byte string to unpad

    :param operation:
        A unicode string of "encrypting" or "signing"

    :return:
        The padded data as a byte string
    Z
encrypting�   r>   �<
            data must be a byte string, not %s
            r3   rm   �?
            key_length must be 64 or more - is %s
            �   zJ
            data must be between 1 and %s bytes long - is %s
            r   r;   r   r=   )rE   r   rF   r   r   r   rG   rH   rO   r	   �joinr,   )rV   rx   �	operation�second_byteZrequired_bytesr`   Ztemp_paddingr   r   r   rv   �  s@    
�
���rv   c                 C   sn  |dkrd}nd}t |t�s.ttdt|����t | t�sJttdt| ����| dk rdttdt| ����t|�| kr|td| ��d	}d	}d	}t	d	t|��D ]�}|||d � }t
|�}	|d	kr�||	O }q�|dkr�|t|	|B |k�O }q�|d
k �r|t|	d	A d	k�O }q�|	d	B }
|d	k�r.|
�r$||O }n||O }q�|
�r>||O }q�||O }q�|d	k�r^td| ��||d d� S )aY  
    Removes PKCS#1 v1.5 padding from a message using constant time operations

    :param key_length:
        An integer of the number of bytes in the key

    :param data:
        A byte string to unpad

    :param operation:
        A unicode string of "decrypting" or "verifying"

    :return:
        The unpadded data as a byte string
    rz   r#   r   r|   r3   rm   r}   zError %sr   r$   N)rE   r   rF   r   r   r   rG   rH   rO   rq   rS   r+   )rV   rx   r�   r�   �errorZtrashZpadding_end�i�byteZbyte_numZnon_zeror   r   r   ry     sV    
�
��







ry   c                 C   s�   t dkrtd��t| d�r&t| jt�s8ttdt| ����| jd d j	}|dkrj|dkrjt
td	|�� ���t|t�s�ttd
t|����| jd j}tt|�|d j	|d j	�}t|| jjd�S )aa  
    Performs a raw RSA algorithm in a byte string using a private key.
    This is a low-level primitive and is prone to disastrous results if used
    incorrectly.

    :param private_key:
        An oscrypto.asymmetric.PrivateKey object

    :param data:
        A byte string of the plaintext to be signed or ciphertext to be
        decrypted. Must be less than or equal to the length of the private key.
        In the case of signing, padding must already be applied. In the case of
        decryption, padding must be removed afterward.

    :return:
        A byte string of the transformed data
    r/   �1Pure-python RSA crypt is only for Windows XP/2003�asn1zy
            private_key must be an instance of the
            oscrypto.asymmetric.PrivateKey class, not %s
            Zprivate_key_algorithm�	algorithm�rsa�
rsassa_pssz@
            private_key must be an RSA key, not %s
            r|   �private_keyZprivate_exponent�modulus��width)rC   rD   �hasattrrE   r�   r   rF   r   r   �nativerG   �upperr   �parsed�powr   r   �	byte_size)r�   rx   �algoZrsa_private_key�transformed_intr   r   r   r   n  s2    ��
��c                 C   s�   t dkrtd��t| d�}ttf}|r2t| j|�sDttdt	| ����| jd d j
}|dkrv|dkrvttd|�� ���t|t�s�ttd	t	|����| jd
 j}tt|�|d j
|d j
�}t|| jjd�S )a�  
    Performs a raw RSA algorithm in a byte string using a certificate or
    public key. This is a low-level primitive and is prone to disastrous results
    if used incorrectly.

    :param certificate_or_public_key:
        An oscrypto.asymmetric.PublicKey or oscrypto.asymmetric.Certificate
        object

    :param data:
        A byte string of the signature when verifying, or padded plaintext when
        encrypting. Must be less than or equal to the length of the public key.
        When verifying, padding will need to be removed afterwards. When
        encrypting, padding must be applied before.

    :return:
        A byte string of the transformed data
    r/   r�   r�   z�
            certificate_or_public_key must be an instance of the
            oscrypto.asymmetric.PublicKey or oscrypto.asymmetric.Certificate
            classes, not %s
            r�   r�   r�   zN
            certificate_or_public_key must be an RSA key, not %s
            r|   Z
public_keyZpublic_exponentr�   r�   )rC   rD   r�   r   r
   rE   r�   rF   r   r   r�   rG   r�   r   r�   r�   r   r   r�   )Zcertificate_or_public_keyrx   Zhas_asn1Zvalid_typesr�   Zrsa_public_keyr�   r   r   r   r   �  s<    
�	�
���)0�
__future__r   r   r   r   r&   rK   rL   r'   rn   rP   � r   �utilr   r	   Z_asn1r
   r   r   r   r   �_errorsr   �_intr   �_typesr   r   r   �version_info�chrr   �xrangerq   rC   �__all__r.   r   r    rR   r   r   r   rv   ry   r   r   r   r   r   r   �<module>   sJ   
�~ IC[9