,hwBddlZddlmZddlmZddlmZddlmZm Z ddl m Z m Z m Z ddlmZdd lmZdd lmZdd lmZmZmZdd lmZmZGd deZGddeZGddeZGddeZddefddefddefddefddefdZ de!de!de!d e!d!ef d"Z"d#e!de!d$e!d%e#d e!d!ef d&Z$d'e!d(e!d e!d!efd)Z%Gd*d+Z&ddddd,d-ed.ed/ee!d0eed1ee'e!e!fd$ee!d2e&fd3Z(y)4N)IntEnum) ModuleType)Optional) _HKDF_extract _HKDF_expand) key_agreementimport_x25519_public_keyimport_x448_public_key)strxor)ECC)EccKey)SHA256SHA384SHA512)AESChaCha20_Poly1305c eZdZdZdZdZdZdZy)MODEz HPKE modesrrN)__name__ __module__ __qualname____doc__BASEPSKAUTHAUTH_PSKV/var/www/html/Resume-Scraper/venv/lib/python3.12/site-packages/Crypto/Protocol/HPKE.pyrrs D C DHr!rceZdZdZdZdZdZy)AEADz>Authenticated Encryption with Associated Data (AEAD) FunctionsrrrN)rrrr AES128_GCM AES256_GCMCHACHA20_POLY1305r r!r"r$r$sHJJr!r$c eZdZy)DeserializeErrorNrrrr r!r"r)r)r!r)c eZdZy)MessageLimitReachedErrorNr*r r!r"r-r-"r+r!r-rr !z NIST P-256z NIST P-384z NIST P-521 Curve25519Curve448saltlabelikmsuite_idhashmodc2d|z|z|z}t|||S)NHPKE-v1)r)r6r7r8r9r: labeled_ikms r"_labeled_extractr>/s' x'%/#5K {G 44r!prkinfoLcbtjd|dz|z|z|z}t||||S)N>Hr<)structpackr)r?r7r@rAr9r: labeled_infos r"_labeled_expandrG8s? ;;tQ'*4x? L \1g 66r!dh kem_contextc\|j}tdd|||}t|d||||}|S)Nr!seae_prks shared_secret) digest_sizer>rG)rHrIr9r:Nsecreteae_prk shared_secrets r"_extract_and_expandrOCsL!!Gs)!'& (G $G$4$/$+$,$+ -M r!c eZdZdedeedeedeeefdededefdZ e dded e d e deed eef d Z e ddeded e d e deef dZe dedeeeffdZdedededefdZdZddedeefdZddedeefdZy ) HPKE_Cipher receiver_keyenc sender_keypsk_pairr@aead_idmodec|dn||_ |j|||j|_||_||_ t |j\|_|_|_ |jtjk(rdnd|_d|_d|_|jj$|_|j) |_|j*r>| td|j-||j|j|\} |_n6| td|j/|||j|j|} d|_d d |j zzd z |_|j4| |g|\|_|_|_y#t$r*}tdj|j|d}~wwxYw) Nr!z!Curve {} is not supported by HPKEr.r1 z0Parameter 'enc' cannot be an input when sealingz'Parameter 'enc' required when unsealingrr)rS_verify_psk_inputscurve_curve_aead_id_mode _Curve_Config_kem_id_kdf_id_hashmodKeyError ValueErrorformatr$r%_Nk_Nn_NtrK_Nh has_private_encrypt_encap_decap _sequence _max_sequence _key_schedule_key _base_nonce_export_secret) selfrRrSrTrUr@rVrWkerNs r"__init__zHPKE_Cipher.__init__Zs"%##+ h/"((    ^+4;;7 DL \ ]$//92r==,,(4466 == !STT&*kk,26,,26--2<'> #M48 { !JKK KK(4(, (, (2 4M AL1Q6#5$"4"4]59#@6>#@     C ^@GG TU[] ] ^s&F G%GGNkem_idr:eph_keyc||jsJ||jsJ| tj|j}|j j d}|j j d}||z}i}|r'||j j dz }d|i}dt jd|z} || |fd} td ||| d|} | |fS) N)r\rawrf static_privKEMrCct||||SNrOrHrIr9r:s r"kdfzHPKE_Cipher._encap..kdf'r;'J Jr!)eph_priv static_pubrr ) rkr generater\ public_key export_keyrDrEr ) rRrxr:rTryrSpkRmrI extra_paramr9rrNs r"rmzHPKE_Cipher._encaps"z'='='??G$7$7$99 ?ll););.kdfrr!)eph_pubr}rr ) rkr\r r r import_keyrer)rrrDrEr ) rSrRrxr:rTpkEverrIrr9rrNs r"rnzHPKE_Cipher._decaps-'')) Y!!\1.s3##z1,S1nnS\5G5GH&&(3353ADj   :002==U=K KK'4KFKKf55(! K &5c2>*-5)45 - Y"#OPVX X YsAC,, D5 DDcF|\}}|dk(|dk(z r td|dk(r;|tjtjfvrtd|jyt |dkr td|tj tjfvr tdy)Nr!zInconsistent PSK inputszPSK is required with mode r1z!PSK must be at least 32 byte longz$PSK is not compatible with this mode)rerrrnamelenrr)rWrUpsk_idpsks r"r[zHPKE_Cipher._verify_psk_inputss  3J6S= )67 7 3J$--00 #=dii[!IJJ13x"} !DEE 499-- !GHH.r!rNrrc0dtjd|j|j|jz}t dd|||j }t dd|||j }|jjdd|z|z}t |d|||j } t| d ||j||j } t| d ||j||j } t| d ||j||j } | | | fS) NsHPKEz>HHHr!s psk_id_hashs info_hashrbigssecretskeys base_noncesexp) rDrErarbr^r>rcr_to_bytesrGrgrhrj) rurNr@rrr9 psk_id_hash info_hashkey_schedule_contextsecretkey base_nonceexporter_secrets r"rqzHPKE_Cipher._key_schedules) V[[)-)-)-88 's'5'-'/'+}} 6 %S%1%)%-%)]] 4 $zz221e<{JYV!-"+"%"*"&-- 1 f$2"hh&"mm -%V%2%9%)XX%-%)]] 4 *&*0*>*.((*2*.-- 9J//r!cjt|j|jj|jd}|j t jt jfvr >WWTYY E488TF ]]d44 4&**tyyFF6t}}R6HIJ J >>T// /*, , ! r! plaintext auth_datac|js td|j}|r|j||j |\}}||zS)aEncrypt and authenticate a message. This method can be invoked multiple times to seal an ordered sequence of messages. Arguments: plaintext: bytes The message to seal. auth_data: bytes Optional. Additional Authenticated data (AAD) that is not encrypted but that will be also covered by the authentication tag. Returns: The ciphertext concatenated with the authentication tag. z$This cipher can only be used to seal)rlrerupdateencrypt_and_digest)rurrrcttags r"sealzHPKE_Cipher.seal3sQ"}}CD D!!#  MM) $++I6CCxr! ciphertextc|jr tdt||jkr td|j }|r|j | |j |d|j ||j d}|S#t$r&|jdk(r tdtdwxYw)aDecrypt a message and validate its authenticity. This method can be invoked multiple times to unseal an ordered sequence of messages. Arguments: cipertext: bytes The message to unseal. auth_data: bytes Optional. Additional Authenticated data (AAD) that was also covered by the authentication tag. Returns: The original plaintext. Raises: ValueError If the ciphertext (in combination with the AAD) is not valid. But if it is the first time you call ``unseal()`` this exception may also mean that any of the parameters or keys used to establish the session is wrong or that one is missing. z&This cipher can only be used to unsealzCiphertext is too smallNrzAIncorrect HPKE keys/parameters or invalid message (wrong MAC tag)zInvalid message (wrong MAC tag))rlrerrirrdecrypt_and_verifyro)rurrrpts r"unsealzHPKE_Cipher.unsealLs0 ==EF F z?TXX %67 7!!#  MM) $ @**:jy+A+5txxij+ACB   @~~" !dee>? ? @s .B/B>)NNr)rrrrrbytestupler$rrw staticmethodintrrmrnr[rqrrrr r!r"rQrQXs9@%9@uo9@&f-9@!. 9@  9@  9@9@v/3+/ "V " "" "$F+ "!( " "D /3 %E%#%%#%$F+ %%N I Iue|1D I I40%*40!40$40! 40l e2''8E?'r!rQ)rSrTrr@rRrVrSrTrreturnc |tvrtd|d|j}|dvrtd||rt|j t|j z}|dk7r td|j|k7r%tdj |j||t jnt j}n"|t jnt j}|d}|d }t|||||||S) a Create an HPKE context which can be used: - by the sender to seal (encrypt) a message or - by the receiver to unseal (decrypt) it. As a minimum, the two parties agree on the receiver's asymmetric key (of which the sender will only know the public half). Additionally, for authentication purposes, they may also agree on: * the sender's asymmetric key (of which the receiver will only know the public half) * a shared secret (e.g., a symmetric key derived from a password) Args: receiver_key: The ECC key of the receiver. It must be on one of the following curves: ``NIST P-256``, ``NIST P-384``, ``NIST P-521``, ``X25519`` or ``X448``. If this is a **public** key, the HPKE context can only be used to **seal** (**encrypt**). If this is a **private** key, the HPKE context can only be used to **unseal** (**decrypt**). aead_id: The HPKE identifier of the symmetric cipher. The possible values are: * ``HPKE.AEAD.AES128_GCM`` * ``HPKE.AEAD.AES256_GCM`` * ``HPKE.AEAD.CHACHA20_POLY1305`` enc: The encapsulated session key (i.e., the KEM shared secret). The receiver must always specify this parameter. The sender must always omit this parameter. sender_key: The ECC key of the sender. It must be on the same curve as the ``receiver_key``. If the ``receiver_key`` is a public key, ``sender_key`` must be a private key, and vice versa. psk: A Pre-Shared Key (PSK) as a 2-tuple of non-empty byte strings: the identifier and the actual secret value. Sender and receiver must use the same PSK (or none). The secret value must be at least 32 bytes long, but it must not be a low-entropy password (use a KDF like PBKDF2 or scrypt to derive a secret from a password). info: A non-secret parameter that contributes to the generation of all session keys. Sender and receive must use the same **info** parameter (or none). Returns: An object that can be used for sealing (if ``receiver_key`` is a public key) or unsealing (if ``receiver_key`` is a private key). In the latter case, correctness of all the keys and parameters will only be assessed with the first call to ``unseal()``. .. _HPKE: https://datatracker.ietf.org/doc/rfc9180/ rrr3zUnsupported curve rzExactly 1 private key requiredz'Sender key uses {} but recipient key {})r!r!r!) r$rer\rrkrfrrrrrrQ) rRrVrSrTrr@r\count_private_keysrWs r"rrvs^d272,?@@   E //-eW566 !9!9!;< !7!7!9:;  "=> >   u $F#VJ$4$4e<> >KtyyT]]KtyyTXX { | |!  r!))rDenumrtypesrtypingrKDFrrDHr r r Crypto.Util.strxorr Crypto.PublicKeyr Crypto.PublicKey.ECCr Crypto.Hashrrr Crypto.Cipherrrrr$rer)r-r`rr>rrGrOrQrrr r!r"rs ,OO% '..077 z  z (((((  555!55 %5) 577 777$ 7 ( 7E%*"'",*[[@ $'+-1 $ ooo e_oV$oeE5L) * o uo o *5 or!