o

we�?�@s�dd
lm
Z

ddlmZmZmZmZ
ddlmZm	Z	
ddl
mZmZm
Z
mZmZmZ
ddlmZmZmZmZ
ddlmZmZmZ
dZdZd	Zd
ZdZdZd
Z dZ!dZ"dZ#dZ$dZ%dZ&dZ'dZ(dZ)Gdd�de*�Z+Gdd�de,�Z-Gdd�de,�Z.dS)�)
�Random)�DerSequence�DerOctetString�DerObjectId�
DerInteger)�pad�unpad)�MD5�SHA1�SHA224�SHA256�SHA384�SHA512)�DES�ARC2�DES3�AES)�PBKDF1�PBKDF2�scryptz1.2.840.113549.1.5.3z1.2.840.113549.1.5.6z1.2.840.113549.1.5.10z1.2.840.113549.1.5.11z1.2.840.113549.1.5.13z1.2.840.113549.1.5.12z1.3.6.1.4.1.11591.4.11�1.2.840.113549.2.7z1.2.840.113549.2.8z1.2.840.113549.2.9z1.2.840.113549.2.10z1.2.840.113549.2.11z1.2.840.113549.3.7z2.16.840.1.101.3.4.1.2z2.16.840.1.101.3.4.1.22z2.16.840.1.101.3.4.1.42c
@seZ
dZd
S)�	PbesErrorN)�__name__�
__module__�__qualname__�rr�H/home/arjun/projects/env/lib/python3.10/site-packages/Crypto/IO/_PBES.pyrCs
rc@seZ
dZd
Zedd��
ZdS)�PBES1z�Deprecated encryption scheme with password-based key derivation
    (originally defined in PKCS#5 v1.5, but still present in `v2.0`__).

    .. __: http://www.ietf.org/rfc/rfc2898.txt
    cCs*
t��
|�
}t��
|d
�
}t��
|d�
j}t��
|d
�
j}i}|tkr+t}t}n'|t	kr8t}t
}d|d<n|tkrAt}t}n|t
krNt}t
}d|d<ntd�
�
t�j
|ddd�}	t��
|	d
�
j}
|	d}t|
|
d||�}|d	d
�|d
d	�}
}|j|
|j|fi|�
�
}|�|�
}t||j�S)ax
Decrypt a piece of data using a passphrase and *PBES1*.

        The algorithm to use is automatically detected.

        :Parameters:
          data : byte string
            The piece of data to decrypt.
          passphrase : byte string
            The passphrase to use for decrypting the data.
        :Returns:
          The decrypted data, as a binary string.
        r
�
�@�effective_keylenzUnknown OID for PBES1��
�nr_elements�N�)r�decoder�payloadr�value�_OID_PBE_WITH_MD5_AND_DES_CBCr	r�_OID_PBE_WITH_MD5_AND_RC2_CBCr�_OID_PBE_WITH_SHA1_AND_DES_CBCr
�_OID_PBE_WITH_SHA1_AND_RC2_CBCrr�new�MODE_CBC�decryptr�
block_size)�data�
passphrase�enc_private_key_info�encrypted_algorithm�encrypted_data�pbe_oid�
cipher_params�hashmod�	ciphermod�
pbe_params�salt�
iterations�key_iv�key�iv�cipher�ptrrrr/ys8




















z
PBES1.decryptN)rrr�__doc__�staticmethodr/rrrrrrs

rc@s*eZ
dZd
Zeddd�
�
Zedd��
ZdS)�PBES2z�Encryption scheme with password-based key derivation
    (defined in `PKCS#5 v2.0`__).

    .. __: http://www.ietf.org/rfc/rfc2898.txt.NcCs�
|d
uri}|d
urt�
�j}|dkrd}t}tj}t}n.|dvr+d}t}tj}t}n |dvr9d}t}tj}t}n|dvrGd}t}tj}t	}nt
d	�
�
||j�
}	||�d
d��
}
|�
d�
r{|�d
d�}t|
|
||�}ttt�
tt|
�
t|�
g�
g�
}
n1|�d
d�}|�dd�}|�dd�}t|
|
||||�}ttt�
tt|
�
t|�
t|�
t|�
g�
g�
}
|�
|||	�}|�t||j��
}tt|�
t|	�
g�
}tttt�
t|
|g�
g�
t|�
g�
}|��S)a�	Encrypt a piece of data using a passphrase and *PBES2*.

        :Parameters:
          data : byte string
            The piece of data to encrypt.
          passphrase : byte string
            The passphrase to use for encrypting the data.
          protection : string
            The identifier of the encryption algorithm to use.
            The default value is '``PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC``'.
          prot_params : dictionary
            Parameters of the protection algorithm.

            +------------------+-----------------------------------------------+
            | Key              | Description                                   |
            +==================+===============================================+
            | iteration_count  | The KDF algorithm is repeated several times to|
            |                  | slow down brute force attacks on passwords    |
            |                  | (called *N* or CPU/memory cost in scrypt).    |
            |                  |                                               |
            |                  | The default value for PBKDF2 is 1 000.        |
            |                  | The default value for scrypt is 16 384.       |
            +------------------+-----------------------------------------------+
            | salt_size        | Salt is used to thwart dictionary and rainbow |
            |                  | attacks on passwords. The default value is 8  |
            |                  | bytes.                                        |
            +------------------+-----------------------------------------------+
            | block_size       | *(scrypt only)* Memory-cost (r). The default  |
            |                  | value is 8.                                   |
            +------------------+-----------------------------------------------+
            | parallelization  | *(scrypt only)* CPU-cost (p). The default     |
            |                  | value is 1.                                   |
            +------------------+-----------------------------------------------+


          randfunc : callable
            Random number generation function; it should accept
            a single integer N and return a string of random data,
            N bytes long. If not specified, a new RNG will be
            instantiated from ``Crypto.Random``.

        :Returns:
          The encrypted data, as a binary string.
        Nz"PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC�)z PBKDF2WithHMAC-SHA1AndAES128-CBCzscryptAndAES128-CBCr$)z PBKDF2WithHMAC-SHA1AndAES192-CBCzscryptAndAES192-CBC)z PBKDF2WithHMAC-SHA1AndAES256-CBCzscryptAndAES256-CBC� zUnknown PBES2 mode�	salt_sizer%r�iteration_counti�i@r0�parallelizationr)rr-�readrr.�_OID_DES_EDE3_CBCr�_OID_AES128_CBC�_OID_AES192_CBC�_OID_AES256_CBC�
ValueErrorr0�get�
startswithrrr�_OID_PBKDF2rrr�_OID_SCRYPT�encryptr�
_OID_PBES2�encode)r1r2�
protection�prot_params�randfunc�key_size�module�cipher_mode�enc_oidr?r;�countr>�kdf_info�scrypt_r�scrypt_pr@r5�enc_infor3rrrrT�s�/




























��	



�





��



�



���z
PBES2.encryptcst�j
|d
d�}t��
|d�
}t��
|d�
j}t��
|d�
j}|tkr*td�
�
t�j
|dd
d�}t�j
|dd
d�}t��
|d�
j}d}	|tkr�t�j
|ddd�}
t��
|
d�
j}|
d}t	|
�
d
}
d
}|
dkr�z|
|d}	|
d8}
|d7}Wn	t
y�


Yn
wd}|
dkr�t��
|
|�
}t��
|d�
j}n5|tkr�t�j
|dd	d��t��
�d�
j}�f
d
d�dD�
\}}}t	��
d
krЈd
}	nd}	ntd�
�
t��
|d�
}t��
|d�
j}|tkr�t
}d}n!|tkr�t}d}n|tk�
rt}d}n|tk�
rt}d}ntd�
�
|	�
r|	|k�
rtd�
�
t��
|d�
j}|tk�
rd|tk�
r4t}n&|tk�
r<t}n|tk�
rDt}n|tk�
rLt}n|tk�
rTt}ntd|�
�
t|
||||d�}n	t|
|||||�}|�||j|�}|� |�
}t!||j"�S)ax
Decrypt a piece of data using a passphrase and *PBES2*.

        The algorithm to use is automatically detected.

        :Parameters:
          data : byte string
            The piece of data to decrypt.
          passphrase : byte string
            The passphrase to use for decrypting the data.
        :Returns:
          The decrypted data, as a binary string.
        r!r"r
rzNot a PBES2 objectN)r!��r)rd�c
sg|]}
�|
�qSrr)�.0�
x�
�
scrypt_paramsrr�
<listcomp>u
s
�z!PBES2.decrypt.<locals>.<listcomp>)rr!rcrdzUnsupported PBES2 KDFrEr$rFzUnsupported PBES2 cipherz9Mismatch between PBES2 KDF parameters and selected cipherzUnsupported HMAC %s)
�hmac_hash_module)#rr&rr'rr(rUrrR�len�	TypeErrorrSrKrrLrrMrN�_OID_HMAC_SHA1r
�_OID_HMAC_SHA224r�_OID_HMAC_SHA256r�_OID_HMAC_SHA384r
�_OID_HMAC_SHA512rrrr-r.r/rr0)r1r2r3�enc_algor5r6�pbes2_paramsr_�kdf_oid�kdf_key_length�
pbkdf2_paramsr;rH�left�idx�pbkdf2_prf_oid�pbkdf2_prf_algo_idr`rarbr]r9rZ�IVrkr>r@rArrhrr/:
s�













�


�



�






























�

�

z
PBES2.decrypt)NN)rrrrBrCrTr/rrrrrD�s


rDN)/�Cryptor�Crypto.Util.asn1rrrr�Crypto.Util.Paddingrr�Crypto.Hashr	r
rrr
r�
Crypto.Cipherrrrr�Crypto.Protocol.KDFrrrr)r*r+r,rUrRrSrnrorprqrrrKrLrMrNrOr�objectrrDrrrr�<module>
s2!
 













/=