def update(self, data): if self._buffer is None: raise AlreadyFinalized("Context was already finalized") if isinstance(data, six.text_type): raise TypeError("Unicode-objects must be encoded before padding") self._buffer += data finished_blocks = len(self._buffer) // (self.block_size // 8) result = self._buffer[:finished_blocks * (self.block_size // 8)] self._buffer = self._buffer[finished_blocks * (self.block_size // 8):] return result
def derive(self, key_material: bytes) -> bytes: if self._used: raise AlreadyFinalized("PBKDF2 instances can only be used once.") self._used = True utils._check_byteslike("key_material", key_material) from cryptography.hazmat.backends.openssl.backend import backend return backend.derive_pbkdf2_hmac( self._algorithm, self._length, self._salt, self._iterations, key_material, )
def authenticate_additional_data(self, data): if self._ctx is None: raise AlreadyFinalized("Context was already finalized.") if self._updated: raise AlreadyUpdated("Update has been called on this context.") self._aad_bytes_processed += len(data) if self._aad_bytes_processed > self._ctx._mode._MAX_AAD_BYTES: raise ValueError( "{0} has a maximum AAD byte limit of {1}".format( self._ctx._mode.name, self._ctx._mode._MAX_AAD_BYTES ) ) self._ctx.authenticate_additional_data(data)
def update(self, data): if self._buffer is None: raise AlreadyFinalized("Context was already finalized.") if not isinstance(data, bytes): raise TypeError("data must be bytes.") self._buffer += data finished_blocks = len(self._buffer) // (self.block_size // 8) result = self._buffer[:finished_blocks * (self.block_size // 8)] self._buffer = self._buffer[finished_blocks * (self.block_size // 8):] return result
def _byte_unpadding_update(buffer_, data, block_size): if buffer_ is None: raise AlreadyFinalized("Context was already finalized.") if not isinstance(data, bytes): raise TypeError("data must be bytes.") buffer_ += data finished_blocks = max(len(buffer_) // (block_size // 8) - 1, 0) result = buffer_[:finished_blocks * (block_size // 8)] buffer_ = buffer_[finished_blocks * (block_size // 8):] return buffer_, result
def _byte_padding_update(buffer_: typing.Optional[bytes], data: bytes, block_size: int): if buffer_ is None: raise AlreadyFinalized("Context was already finalized.") utils._check_byteslike("data", data) buffer_ += bytes(data) finished_blocks = len(buffer_) // (block_size // 8) result = buffer_[:finished_blocks * (block_size // 8)] buffer_ = buffer_[finished_blocks * (block_size // 8):] return buffer_, result
def _byte_unpadding_update(buffer_, data, block_size): if buffer_ is None: raise AlreadyFinalized("Context was already finalized.") utils._check_byteslike("data", data) # six.PY2: Only coerce non-bytes objects to avoid triggering bad behavior # of future's newbytes type. Unconditionally call bytes() after Python 2 # support is gone. buffer_ += data if isinstance(data, bytes) else bytes(data) finished_blocks = max(len(buffer_) // (block_size // 8) - 1, 0) result = buffer_[:finished_blocks * (block_size // 8)] buffer_ = buffer_[finished_blocks * (block_size // 8):] return buffer_, result
def _verify_pkcs1(self, evp_md): if self._hash_ctx._ctx is None: raise AlreadyFinalized("Context has already been finalized.") res = self._backend._lib.EVP_VerifyFinal(self._hash_ctx._ctx._ctx, self._signature, len(self._signature), self._public_key._evp_pkey) self._hash_ctx.finalize() # The previous call can return negative numbers in the event of an # error. This is not a signature failure but we need to fail if it # occurs. self._backend.openssl_assert(res >= 0) if res == 0: errors = self._backend._consume_errors() assert errors raise InvalidSignature
def finalize(self): if self._buffer is None: raise AlreadyFinalized("Context was already finalized.") if len(self._buffer) != self.block_size // 8: raise ValueError("Invalid padding bytes.") valid = _lib.Cryptography_check_pkcs7_padding(self._buffer, self.block_size // 8) if not valid: raise ValueError("Invalid padding bytes.") pad_size = six.indexbytes(self._buffer, -1) res = self._buffer[:-pad_size] self._buffer = None return res
def _byte_unpadding_check( buffer_: typing.Optional[bytes], block_size: int, checkfn: typing.Callable[[bytes, int], int], ): if buffer_ is None: raise AlreadyFinalized("Context was already finalized.") if len(buffer_) != block_size // 8: raise ValueError("Invalid padding bytes.") valid = checkfn(buffer_, block_size // 8) if not valid: raise ValueError("Invalid padding bytes.") pad_size = buffer_[-1] return buffer_[:-pad_size]
def finalize(self): if self._hash_ctx is None: raise AlreadyFinalized("Context has already been finalized") evp_pkey = self._backend._lib.EVP_PKEY_new() assert evp_pkey != self._backend._ffi.NULL evp_pkey = backend._ffi.gc(evp_pkey, backend._lib.EVP_PKEY_free) rsa_cdata = backend._rsa_cdata_from_private_key(self._private_key) res = self._backend._lib.RSA_blinding_on( rsa_cdata, self._backend._ffi.NULL) assert res == 1 res = self._backend._lib.EVP_PKEY_set1_RSA(evp_pkey, rsa_cdata) assert res == 1 evp_md = self._backend._lib.EVP_get_digestbyname( self._algorithm.name.encode("ascii")) assert evp_md != self._backend._ffi.NULL pkey_size = self._backend._lib.EVP_PKEY_size(evp_pkey) assert pkey_size > 0 return self._finalize_method(evp_pkey, pkey_size, rsa_cdata, evp_md)
def _finalize_pkcs1(self, evp_md): if self._hash_ctx._ctx is None: raise AlreadyFinalized("Context has already been finalized.") sig_buf = self._backend._ffi.new("char[]", self._pkey_size) sig_len = self._backend._ffi.new("unsigned int *") res = self._backend._lib.EVP_SignFinal(self._hash_ctx._ctx._ctx, sig_buf, sig_len, self._private_key._evp_pkey) self._hash_ctx.finalize() if res == 0: errors = self._backend._consume_errors() assert errors[0].lib == self._backend._lib.ERR_LIB_RSA assert (errors[0].reason == self._backend._lib.RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY) raise ValueError("Digest too large for key size. Use a larger " "key.") return self._backend._ffi.buffer(sig_buf)[:sig_len[0]]
def finalize(self): if self._ctx is None: raise AlreadyFinalized("Context was already finalized.") data = self._ctx.finalize() self._ctx = None return data
def update_into(self, data, buf): if self._ctx is None: raise AlreadyFinalized("Context was already finalized.") return self._ctx.update_into(data, buf)
def copy(self): if self._ctx is None: raise AlreadyFinalized("Context was already finalized.") return Hash(self.algorithm, backend=self._backend, ctx=self._ctx.copy())
def update(self, data): if self._ctx is None: raise AlreadyFinalized("Context was already finalized.") if not isinstance(data, bytes): raise TypeError("data must be bytes.") self._ctx.update(data)
def _byte_padding_pad(buffer_, block_size, paddingfn): if buffer_ is None: raise AlreadyFinalized("Context was already finalized.") pad_size = block_size // 8 - len(buffer_) return buffer_ + paddingfn(pad_size)
def update(self, data): if self._hash_ctx is None: raise AlreadyFinalized("Context has already been finalized") self._hash_ctx.update(data)
def update(self, data): if self._ctx is None: raise AlreadyFinalized("Context was already finalized.") return self._ctx.update_user(data)
def update(self, data): if self._ctx is None: raise AlreadyFinalized("Context was already finalized") self._updated = True return self._ctx.update(data)
def copy(self) -> "CMAC": if self._ctx is None: raise AlreadyFinalized("Context was already finalized.") return CMAC(self._algorithm, ctx=self._ctx.copy())
def update(self, data: bytes) -> bytes: if self._ctx is None: raise AlreadyFinalized("Context was already finalized.") return self._ctx.update(data)
def update(self, data: bytes) -> None: if self._ctx is None: raise AlreadyFinalized("Context was already finalized.") utils._check_byteslike("data", data) self._ctx.update(data)
def update(self, data): if self._ctx is None: raise AlreadyFinalized("Context was already finalized.") utils._check_bytes("data", data) self._ctx.update_user(data)
def update(self, msg): if self._ctx is None: raise AlreadyFinalized("Context was already finalized") if isinstance(msg, six.text_type): raise TypeError("Unicode-objects must be encoded before hashing") self._ctx.update(msg)
def authenticate_additional_data(self, data): if self._ctx is None: raise AlreadyFinalized("Context was already finalized") if self._updated: raise AlreadyUpdated("Update has been called on this context") self._ctx.authenticate_additional_data(data)
def copy(self): if self._ctx is None: raise AlreadyFinalized("Context was already finalized.") return DSASignatureHashContext(self._mac_key, dsa_key=self._dsa_key, ctx=self._ctx.copy())
def finalize(self) -> bytes: if self._ctx is None: raise AlreadyFinalized("Context was already finalized.") mac = self._ctx.finalize() self._ctx = None return mac
def finalize(self): if self._ctx is None: raise AlreadyFinalized("Content was already finalized!") digest = self._ctx.finalize() self._ctx = None return digest