([f/,vddlZddlZddlmZddlmZddlmZddlm Z m Z ddl m Z ddl mZddlmZdd lmZdd lmZmZmZmZdd lmZd d lmZd dlmZd dlmZGddeZ GddeZ!GddeZ"GddeZ#GddeZ$d%dZ%e e!ddej&e!ddej'ej(ej)ej)de!d d!ej'ej(ej*ej*de"d"e"d#e"d$e#d"e#d#e#d$e$de$d"e$d#e$d$gZ+dS)&N)padding)hashes)default_backend) aes_key_wrapaes_key_unwrap)Cipher)AES)GCM) ConcatKDFHash)to_bytes to_nativeurlsafe_b64decodeurlsafe_b64encode) JWEAlgorithm)RSAKey)ECKey)OctKeyc0eZdZdZdZdZdZddZdZdS) DirectAlgorithmdirz$Direct use of a shared symmetric keyc*tj|SNr import_keyselfraw_datas Q/var/www/piapp/venv/lib/python3.11/site-packages/authlib/jose/rfc7518/jwe_algs.py prepare_keyzDirectAlgorithm.prepare_key ***ciSr)renc_algkeys rgenerate_presetzDirectAlgorithm.generate_preset s r"Nc|d}t|dz|jkrtdd|dS)NencryptInvalid "cek" lengthr"ekcek get_op_keylenCEK_SIZE ValueErrorrr%headersr&presetr.s rwrapzDirectAlgorithm.wrap#sHnnY'' s88a<7+ + +344 4#&&&r"c|d}t|dz|jkrtd|S)Ndecryptr*r+r/)rr%r-r5r&r.s runwrapzDirectAlgorithm.unwrap)s?nnY'' s88a<7+ + +344 4 r"r) __name__ __module__ __qualname__name descriptionr r'r7r:r$r"rrrs_ D8K+++'''' r"rc2eZdZdZdZdZdZddZdZdS) RSAAlgorithmic0||_||_||_dSr)r>r?r)rr>r?pad_fns r__init__zRSAAlgorithm.__init__5s & r"c*tj|Sr)rrrs rr zRSAAlgorithm.prepare_key:r!r"c2|}d|iSNr. generate_cekrr%r&r.s rr'zRSAAlgorithm.generate_preset=""$$s|r"Nc|r d|vr |d}n|}|d}|j|jkrtd|||j}||dS)Nr.wrapKeyz.A key of size 2048 bits or larger MUST be usedr,)rIr0key_sizer3r)r)rr%r5r&r6r.op_keyr-s rr7zRSAAlgorithm.wrapAs  )evoo-CC&&((C ** ?T] * *MNN N ^^C . .%%%r"c|d}|||j}t|dz|jkrt d|SN unwrapKeyr*r+)r0r9rr1r2r3rr%r-r5r&rOr.s rr:zRSAAlgorithm.unwrapMsT ,,nnR.. s88a<7+ + +344 4 r"r) r;r<r=rNrDr r'r7r:r$r"rrArA0skH +++ & & & &r"rAc:eZdZdZdZdZdZdZd dZdZ dS) AESAlgorithmc@d|d|_d|d|_||_dS)NAKWzAES Key Wrap using -bit keyr>r?rNrrNs rrDzAESAlgorithm.__init__Ws2$$$$ CCCC  r"c*tj|Srrrs rr zAESAlgorithm.prepare_key\r!r"c2|}d|iSrGrHrJs rr'zAESAlgorithm.generate_preset_rKr"clt|dz|jkrtd|jddSNr*zA key of size z bits is required.r1rNr3rr&s r _check_keyzAESAlgorithm._check_keycF s88a<4= ( (BBBBDD D ) (r"c|d}||t||t}||dS)NrMr,)r0rbrr)rr.r&rOr-s rwrap_cekzAESAlgorithm.wrap_cekhsJ **  &#'8'8 9 9%%%r"Nct|r d|vr |d}n|}|||SrG)rIrer4s rr7zAESAlgorithm.wrapnsB  )evoo-CC&&((C}}S#&&&r"c|d}||t||t}t |dz|jkrt d|SrQ)r0rbrrr1r2r3rSs rr:zAESAlgorithm.unwrapush ,, VR):):;; s88a<7+ + +344 4 r"r) r;r<r=rDr r'rbrer7r:r$r"rrUrUVs!!! +++DDD &&& ''''r"rUcNeZdZeddgZdZdZdZdZd dZ d Z dS) AESGCMAlgorithmivtagc@d|d|_d|d|_||_dS)NrWGCMKWz Key wrapping with AES GCM using rYrZr[s rrDzAESGCMAlgorithm.__init__s2'''' PhPPP  r"c*tj|Srrrs rr zAESGCMAlgorithm.prepare_keyr!r"c2|}d|iSrGrHrJs rr'zAESGCMAlgorithm.generate_presetrKr"clt|dz|jkrtd|jddSr_r`ras rrbzAESGCMAlgorithm._check_keyrcr"NcB|r d|vr |d}n|}|d}||d}tj|dz}t t |t|t} | } | || z} tt|tt| jd} | || dS)Nr.rM`r*backend)rjrkr-r.header)rIr0rbosurandomrr r r encryptorupdatefinalizer rrk) rr%r5r&r6r.rOiv_sizerjcipherencr-hs rr7zAESGCMAlgorithm.wraps  )evoo-CC&&((C **   Z1 % %F SWWo6G6GHHH   ZZ__s||~~ --b1122.sw7788  222r"c|d}|||d}|std|d}|stdt t |}t t |}t t|t||t}| } | || z} t| dz|jkrtd| S) NrRrjzMissing "iv" in headersrkzMissing "tag" in headersrsr*r+)r0rbgetr3rr rr r r decryptorrzr{r1r2) rr%r-r5r&rOrjrkr}dr.s rr:zAESGCMAlgorithm.unwraps ,,  [[   8677 7kk%   9788 8 x|| , , ..F SS\\?;L;LMMM     hhrllQZZ\\) s88a<7+ + +344 4 r"r) r;r<r= frozenset EXTRA_HEADERSrDr r'rbr7r:r$r"rriri~sItUm,,M!!! +++DDD 33332r"ricZeZdZgdZeZd dZdZdZdZ dZ dZ d Z d Z d d Zd ZdS)ECDHESAlgorithm)epkapuapvNc|d|_d|_n%d|d|_d||_||_t ||_dS)NzECDH-ESz(ECDH-ES in the Direct Key Agreement modez ECDH-ES+ArXz3ECDH-ES using Concat KDF and CEK wrapped with A{}KW)r>r?formatrNrUaeskwr[s rrDzECDHESAlgorithm.__init__sb  !DIID  0H000DI$fX..  ! !(++ r"cXt||jr|Stj|Sr) isinstanceALLOWED_KEY_CLSrrrs rr zECDHESAlgorithm.prepare_keys- h 4 5 5 O)))r"c||}||}||d}|j|}||d<|S)N)rrvr.)_generate_ephemeral_key_prepare_headersrNrI)rr%r&rrr6r.s rr'zECDHESAlgorithm.generate_presets\**3//  ! !# & &** = $&&((CF5M r"c2|jt|d}nt|d}t|dd}t|dd}tjd|}||z|z|zS)Nr~algrTr>I)rNu32be_len_inputrstructpack)rr5bit_sizealg_idapu_infoapv_infopub_infos rcompute_fixed_infoz"ECDHESAlgorithm.compute_fixed_infos = $WU^44FF$WU^44F#7;;u#5#5t<<#7;;u#5#5t<<;tX.. 8+h66r"cttj|dz|t}||S)Nr*) algorithmlength otherinfort)r rSHA256rderive)r shared_key fixed_inforckdfs rcompute_derived_keyz#ECDHESAlgorithm.compute_derived_keysFmooq= #%%     {{:&&&r"c||}|||}||||Sr)exchange_shared_keyrr)rr&pubkeyr5rrrs rdeliverzECDHESAlgorithm.deliversB,,V44 ,,Wh?? '' JIIIr"c<||ddS)NcrvT) is_private) generate_keyras rrz'ECDHESAlgorithm._generate_ephemeral_keysE t<<z4ECDHESAlgorithm._prepare_headers..s???1c!f???r"ktyr)REQUIRED_JSON_FIELDSr)rrpub_epks ` rrz ECDHESAlgorithm._prepare_headerss5????c&>???wr"c|j|j}n|j}|rd|vr |d}i}n*||}||}|d}|||||} |jd| |dS|rd|vr d|di} nd} |j| } |j||| | } || d<| S)NrrMr"rur.rv) rNr2rrr0rrr r7) rr%r5r&r6rrr public_keydk preset_for_kwkekrvs rr7zECDHESAlgorithm.wrap s = 'HH}H  +evoo-CAA..s33C%%c**A^^I.. \\#z7H = = = bA66 6  !evoo"F5M2MM Mj$$R(( Z__WgsM B B8  r"cdd|vrtd|j|j}n|j}||d}|d}|||||}|j|S|j|} |j|||| S)NrzMissing "epk" in headersrM) r3rNr2rr0rrr r:) rr%r-r5r&rrrrrs rr:zECDHESAlgorithm.unwrap's   788 8 = 'HH}HnnWU^,,^^I.. \\#z7H = = = Ij$$R((z  "gs;;;r"r)r;r<r=rrrrDr r'rrrrrr7r:r$r"rrrs)))MO , , , ,*** 777$'''JJJ ===   :<<<<rs ======111111888888:99999AAAAAA<<<<<<FFFFFF .-----l.#####<###L%%%%%<%%%PAAAAAlAAAHv<v<v<v<v