NPc@s{dZddlZddlZddlZyddlmZWnek r]ddlZnXddlm Z ddl m Z ddl m Z yddl ZWnek rddlZnXyddlmZWnek reZnXerdnd ZddlZddlZddlZddlZed Zd Zd efd YZdefdYZdefdYZdefdYZdefdYZdefdYZdefdYZ defdYZ!de fdYZ"de fdYZ#d e!fd!YZ$d"e!fd#YZ%d$efd%YZ&d&efd'YZ'dS((sRepresents cryptographic keys in Keyczar. Identifies a key by its hash_id and type. Includes several subclasses of base class Key. @author: arkajit.dey@gmail.com (Arkajit Dey) iN(tsha1(tAES(tDSA(tRSA(tEVPtm2cryptotpycryptocCs|dkr|j}n|j|s=tjd|nyFitjtj6t jtj 6t jtj 6t jtj6||SWnQtk r|tjks|tjkrd}nd}tj||nXdS(s Generates a key of the given key_type and length. @param key_type: the key_type of key to generate @key_type key_type: L{keyinfo.KeyType} @param size: the length in bits of the key to be generated @key_type size: integer @return: the generated key of the given key_type and size @raise KeyczarError: if key_type is a public key or unsupported or if key size is unsupported. sUnsupported key size %d bits.s>Public keys of key_type %s must be exported from private keys.sUnsupported key key_type: %sN(tNonet default_sizet IsValidSizeterrorst KeyczarErrortAesKeytGeneratetkeyinfoRtHmacKeyt HMAC_SHA1t DsaPrivateKeytDSA_PRIVt RsaPrivateKeytRSA_PRIVtKeyErrortDSA_PUBtRSA_PUB(tkey_typetsizetmsg((s0/usr/lib/python2.7/site-packages/keyczar/keys.pytGenKey<s      cCsy`itjtj6tjtj6tjtj6tjtj 6t jtj 6t jtj 6||SWn$tk rtjd|nXdS(s\ Reads a key of the given key_type from a JSON string representation. @param key_type: the key_type of key to read @key_type key_type: L{keyinfo.KeyType} @param key: the JSON string representation of the key @key_type key: string @return: the key object read from the JSON string @raise KeyczarError: if key_type is unsupported sUnsupported key key_type: %sN(R tReadRRRRRRRRt DsaPublicKeyRt RsaPublicKeyRRR R (Rtkey((s0/usr/lib/python2.7/site-packages/keyczar/keys.pytReadKey]s     tKeycBseZdZdZdZdZdZdZdZdZ e e dd Z e d edd Z e edd Z e d ddZdZRS(sParent class for Keyczar Keys.cCs||_|jj|_dS(N(ttypeRt _Key__size(tselfR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt__init__ys cCs4|j|jko3|j|jko3|j|jkS(N(R"Rt key_string(R$tother((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt__eq__}scCs"|jj|r||_ndS(N(R"R R#(R$tnew_size((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt __SetSizescCsdS(s,Return the key as a string. Abstract method.N((R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt _GetKeyStringscCs |jS(s#Indirect getter for the key string.(R+(R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt__GetKeyStringscCs;tjtjt|j|j}tj|tj S(sLCompute and return the hash_id id of this key. Can override default hash_id.(tutiltHasht IntToBytestlent key_bytestBase64WSEncodetkeyczart KEY_HASH_SIZE(R$tfullhash((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt_Hashs'cCs |jS(sIndirect getter for hash_id.(R6(R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt__HashstdocsThe hash_id id of the key.cCs|jS(N(R#(R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pytssThe size of the key in bits.sThe key as a Base64 string.cCstj|jS(N(R-tBase64WSDecodeR&(R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR9ssThe key as bytes.cCsttjtj|jS(sGReturn the 5-byte header string including version byte, 4-byte hash_id.(tchrR3tVERSIONR-R:thash_id(R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pytHeaders(t__name__t __module__t__doc__R%R(t _Key__SetSizeR+t_Key__GetKeyStringR6t _Key__HashtpropertyR=RR&R1R>(((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR!us          t SymmetricKeycBs eZdZdZdZRS(s6Parent class for symmetric keys such as AES, HMAC-SHA1cCstj||||_dS(N(R!R%t_SymmetricKey__key_string(R$RR&((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR%scCs|jS(sReturn the key as a string.(RG(R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR+s(R?R@RAR%R+(((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRFs t AsymmetricKeycBseZdZdZRS(s!Parent class for asymmetric keys.cCstj||||_dS(N(R!R%t_params(R$Rtparams((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR%s(R?R@RAR%(((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRHsR cBseZdZdefdYZdefdYZejjej dZ dZ dZ e ejjdZe d Zd Zd Zd Zd ZdZejdZRS(s&Represents AES symmetric private keys.t AESAdaptorcBs)eZdZdZdZdZRS(sd Adaptor class to make PyCrypto's Cipher behave the same as M2Crypto's EVP.Cipher class cCstj||||_dS(s% Constructor @param key_bytes: the key for this cipher @type key: string @param iv_bytes: the initialization vector for this cipher @type iv_bytes: string @param mode: the cipher mode @type mode: integer (using AES values, e.g. AES.MODE_CBC) N(Rtnewtcipher(R$R1tiv_bytestmode((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR%s cCst|j|S(N(tgetattrRM(R$tname((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt __getattr__scCsdS(s Collect any remaining encrypted data i.e. non-block size conforming @return: remaining encrypted data, if any t((R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pytfinals(R?R@RAR%RRRT(((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRKs  t EVPAdaptorcBs_eZdZdZdZdZeeefZdZdZdZ dZ edZ RS( sd Adaptor class to make M2Crypto's EVP.Cipher behave the same as PyCrypto's Cipher class iiicCsCi|_||_||_||_tj|_t||_dS(s% Constructor @param key_bytes: the key for this cipher @type key: string @param iv_bytes: the initialization vector for this cipher @type iv_bytes: string @param mode: the cipher mode @type mode: integer (using AES values, e.g. AES.MODE_CBC) N(tciphersR1tIVRORt block_sizeR0tkey_size(R$R1RNRO((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR%s      c Cs||jkrCt|jjdksCt|jj rCnd }||jkrn|jjd}ni|jj|}|sd|jd}tj d|d|j d|j d|d d}||j|tj|d}tj|}tj}t|||S(s Return a newly generated AES key. @param size: length of key in bits to generate @type size: integer @return: an AES key @rtype: L{AesKey} i(R-t RandBytesR2RR R (RR1R&Rm((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR Zs  cCsRtj|}|d}t|dt|d|d|dtj|dS(s Reads an AES key from a JSON string representation of it. @param key: a JSON representation of an AES key @type key: string @return: an AES key @rtype: L{AesKey} RoRnt hmacKeyStringRRO(RpRtR RRtGetMode(Rtaesthmac_val((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRjs   cCs,|jt||j}||t|S(s Returns the data padded using PKCS5. For a block size B and data with N bytes in the last block, PKCS5 pads the data with B-N bytes of the value B-N. @param data: data to be padded @type data: string @return: PKCS5 padded string @rtype: string (RXR0R;(R$tdatatpad((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt_Pad{s cCst|d}|| S(s Returns the unpadded version of a data padded using PKCS5. @param padded: string padded with PKCS5 @type padded: string @return: original, unpadded string @rtype: string i(tord(R$tpaddedR|((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt_UnPads cCs$|j||j}t||jS(sj Return a buffer size that does not require padding that is closest to the requested buffer size. Minimum size is 1 block. Returns a multiple of the cipher block size so there is NO PADDING required on any blocks of this size @param buffer_size: requested buffer size @type data: int @return: best buffer size @rtype: int (RXtmax(R$t buffer_sizet no_pad_size((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt_NoPadBufferSizescCs|j|}tj|j}|j|j|}|j|}||j7}|j||}|j j |}||S(s Return ciphertext byte string containing Header|IV|Ciph|Sig. @param data: plaintext to be encrypted. @type data: string @return: raw byte string ciphertext formatted to have Header|IV|Ciph|Sig. @rtype: string ( R}R-RvRXt_AesKey__CreateCipherR1RkRTR>RmtSign(R$R{RNRMt ciph_bytest msg_bytest sig_bytes((s0/usr/lib/python2.7/site-packages/keyczar/keys.pytEncrypts cCs|tj}t||jtjkrAtjt|n||j }||jtj !}|tj }|jj |tj |stj nt j |j t j|j|}|j|S(s Decrypts the given ciphertext. @param input_bytes: raw byte string formatted as Header|IV|Ciph|Sig where Sig is the signature over the entire payload (Header|IV|Ciph). @type input_bytes: string @return: plaintext message @rtype: string @raise ShortCiphertextError: if the ciphertext is too short to have IV & Sig @raise InvalidSignatureError: if the signature doesn't correspond to payload (R3t HEADER_SIZER0RXR-tHLENR tShortCiphertextErrorRmtVerifytInvalidSignatureErrorRRLR1tMODE_CBCRiR(R$t input_bytest data_bytesRNRRtplain((s0/usr/lib/python2.7/site-packages/keyczar/keys.pytDecrypts  $cCsBtjdkr+tr+|j|||S|j|||SdS(s Factory function for creating cipher of specified type using the active crypto library @param key_bytes: the key for this cipher @type key: string @param iv_bytes: the initialization vector for this cipher @type iv_bytes: string @param mode: the cipher mode @type mode: integer (using AES values, e.g. AES.MODE_CBC) @return: the cipher object RN(tACTIVE_CRYPT_LIBtlowerRRURK(R$R1RNRO((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt__CreateCiphers(R?R@RAtobjectRKRURRRRsR%RuR6t staticmethodR RR}RRRRRR(((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR s #i       RcBs}eZdZejjdZdZdZdZ e ejjdZ e dZ dZ dZd ZRS( s,Represents HMAC-SHA1 symmetric private keys.cCs#tj|tj|||_dS(N(RFR%RRR(R$R&R((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR%scCs!tji|jd6|jd6S(NRRw(RpRqRR&(R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRuscCs&tj|j}tj|tj S(N(R-R.R1R2R3R4(R$R5((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR6scCs t|S(s&Return a streaming version of this key(t HmacKeyStream(R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pytCreateStreamablescCs/tj|d}tj|}t||S(s Return a newly generated HMAC-SHA1 key. @param size: length of key in bits to generate @type size: integer @return: an HMAC-SHA1 key @rtype: L{HmacKey} i(R-RvR2R(RR1R&((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR s cCs$tj|}t|d|dS(s Reads an HMAC-SHA1 key from a JSON string representation of it. @param key: a JSON representation of an HMAC-SHA1 key @type key: string @return: an HMAC-SHA1 key @rtype: L{HmacKey} RwR(RpRtR(Rtmac((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRs cCstj|j|tjS(s Return raw byte string of signature on the message. @param msg: message to be signed @type msg: string @return: raw byte string signature @rtype: string (thmacRLR1Rtdigest(R$R((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRs cCs|j|j||S(s- Return True if the signature corresponds to the message. @param msg: message to be signed @type msg: string @param sig_bytes: raw byte string of the signature @type sig_bytes: string @return: True if signature is valid for message. False otherwise. @rtype: boolean (tVerifySignedDataR(R$RR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR*s cCsft|t|krtSd}x7t||D]&\}}|t|t|AO}q2W|dkS(s; Return True if the signature corresponds to the signed message @param msg: message that has been signed @type msg: string @param sig_bytes: raw byte string of the signature @type sig_bytes: string @return: True if signature is valid for message. False otherwise. @rtype: boolean i(R0tFalsetzipR~(R$t mac_bytesRtresulttxty((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR9s (R?R@RARRRR%RuR6RRR RRRR(((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRs    RcBs)eZdZdZdZdZRS(s7Represents streamable HMAC-SHA1 symmetric private keys.cCs+||_tj|jjdt|_dS(NRS(RmRRLR1R(R$Rm((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR%Ps cCs|jj|dS(N(RRg(R$R{((s0/usr/lib/python2.7/site-packages/keyczar/keys.pytUpdateTscCs |jjS(s Return raw byte string of signature on the streamed message. @return: raw byte string signature @rtype: string (RR(R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRWs(R?R@RAR%RR(((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRMs  t PrivateKeycBs eZdZdZdZRS(s<Represents private keys in Keyczar for asymmetric key pairs.cCs tj|||||_dS(N(RHR%t public_key(R$RRJtpub((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR%dscCs |jjS(N(RR=(R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR6hs(R?R@RAR%R6(((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRas t PublicKeycBseZdZdZRS(s;Represents public keys in Keyczar for asymmetric key pairs.cCstj|||dS(N(RHR%(R$RRJ((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR%ns(R?R@RAR%(((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRksRcBsbeZdZejjdZdZeejjdZ edZ dZ dZ RS(s:Represents DSA private keys in an asymmetric DSA key pair.cCsAtj|tj||||_||_||_||_dS(N(RR%RRRRRJR(R$RJRRR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR%ts    cCsGtjitjt|jd6tj|jdd6|jd6S(Nt publicKeyRR( RpRqRtRrRR-R2RJR(R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRu|s"cCstj|tj}itjtj|jdd6}|j}itjtj|jdd6tjtj|j dd6tjtj|j dd6tjtj|j dd6}t |||}t ||||S(s Return a newly generated DSA private key. @param size: length of key in bits to generate @type size: integer @return: a DSA private key @rtype: L{DsaPrivateKey} iRtgtptqR(RtgenerateR-RvtPadBytest BigIntToBytesRt publickeyRRRRRR(RRRJtpubkeyt pub_paramsR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR s % ""cCstj|}tjtj|d}itj|dd6}tjtj |j dtj |j dtj |j dtj |j dtj |df}t ||||dS(s Reads a DSA private key from a JSON string representation of it. @param key: a JSON representation of a DSA private key @type key: string @return: an DSA private key @rtype: L{DsaPrivateKey} RRRRRRR( RpRtRRRqR-R:Rt constructt BytesToLongRIR(RtdsaRRJ((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRs cCsVtjjd|jjd}|jjtj||\}}tj||S(s Return raw byte string of signature on the message. @param msg: message to be signed @type msg: string @return: byte string formatted as an ASN.1 sequnce of r and s @rtype: string ii( trandomt SystemRandomtrandintRRtsignR-R.t MakeDsaSig(R$Rtktrts((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRs "$cCs|jj||S(s@see: L{DsaPublicKey.Verify}(RR(R$Rtsig((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRs( R?R@RARRRR%RuRR RRR(((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRqs  RcBseZdZejjdZddZdZe ejjdZ e dZ dZ dZ d Zd ZRS( s:Represents RSA private keys in an asymmetric RSA key pair.cCsAtj|tj||||_||_||_||_dS(N(RR%RRRRRJR(R$RJRRR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR%s    RScCst|d kr.tjdt|nt|dtjdkrgtjdt|nttjtj|j j dd}|t|}|dkrd|d|}n|tj }|tj}tj |tj}tj ||}tj |t|} tj || } | tj } tj |} | | krhtjdn| tjjd} | d d krtjd n| dS( Nii=s+OAEP Decoding Error - label is too large %ds6OAEP Decoding Error - encoded_message is too small: %diits(OAEP Decoding Error - hash_id is invalidiss(OAEP Decoding Error - expected a 1 valueI (R0R R R-RtinttmathtfloortlogRtntMGFtXorR.tlstrip(R$tencoded_messagetlabelRtdiff_lent masked_seedtmasked_datablockt seed_masktseedtdatablock_maskt datablockt label_hashtexpected_label_hashtdelimited_message((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt__Decodes.+     cCstjitjt|jd6tj|jdd6tj|jdd6tj|jdd6tj|jdd6tj|jdd6tj|jdd6|jd6S( NRtprivateExponenttprimePtprimeQtprimeExponentPtprimeExponentQtcrtCoefficientR( RpRqRtRrRR-R2RJR(R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRus cCs`tj|tj}itjtj|jdd6tjtj|jdd6tjtj|jdd6tjtj|j|jddd6tjtj|j|jddd6tjtj|j dd6}|j }itjtj|j dd6tjtj|j dd 6}t |||}t||||S( s Return a newly generated RSA private key. @param size: length of key in bits to generate @type size: integer @return: a RSA private key @rtype: L{RsaPrivateKey} iRRRRRRtmodulustpublicExponent(RRR-RvRRtdRRtuRRteRR(RRRJRRR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR s "**" ""c Cs5tj|}tjtj|d}itj|dd6tj|dd6tj|dd6tj|dd6tj|dd6tj|dd6}tjtj |j dtj |j d tj |dtj |dtj |dtj |df}t ||||d S( s Reads a RSA private key from a JSON string representation of it. @param key: a JSON representation of a RSA private key @type key: string @return: a RSA private key @rtype: L{RsaPrivateKey} RRRRRRRRRR( RpRtRRRqR-R:RRRRJR(RtrsaRRJ((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRs cCs|jj|S(s@see: L{RsaPublicKey.Encrypt}(RR(R$R{((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR7scCs,|tj}|jj|}|j|S(s Decrypts the given ciphertext. @param input_bytes: raw byte string formatted as Header|Ciphertext. @type input_bytes: string @return: plaintext message @rtype: string (R3RRRit_RsaPrivateKey__Decode(R$RRt decrypted((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR;s cCs5tj||j}tj|jj|ddS(s Return raw byte string of signature on the SHA-1 hash_id of the message. @param msg: message to be signed @type msg: string @return: string representation of long int signature over message @rtype: string iN(R-tMakeEmsaMessageRRRRR(R$Rt emsa_encoded((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRIs cCs|jj||S(s@see: L{RsaPublicKey.Verify}(RR(R$RR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRVs(R?R@RARRRR%RRuRR RRRRR(((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRs )    RcBsJeZdZejjdZdZdZe dZ dZ RS(s9Represents DSA public keys in an asymmetric DSA key pair.cCs5tj|tj|||_||_||_dS(N(RR%RRRRJR(R$RJRR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR%^s  cCsstjitj|jdd6tj|jdd6tj|jdd6tj|jdd6|jd6S(NRRRRR(RpRqR-R2RJR(R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRuds  cCsltjtj|jdtj|jdtj|jdtj|jd}tj|tj S(NRRRR(R-t PrefixHasht TrimBytesRIR2R3R4(R$R5((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR6ks cCstj|}itj|dd6tj|dd6tj|dd6tj|dd6}tjtj|dtj|dtj|dtj|df}t|||dS(s Reads a DSA public key from a JSON string representation of it. @param key: a JSON representation of a DSA public key @type key: string @return: a DSA public key @rtype: L{DsaPublicKey} RRRRR(RpRtR-R:RRRR(RRRJR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRrs cCsWy;tj|\}}|jjtj|||fSWntjk rRtSXdS(sY Return True if the signature corresponds to the message. @param msg: message that has been signed @type msg: string @param sig: raw byte string of the signature formatted as an ASN.1 sequence of r and s @type sig: string @return: True if signature is valid for message. False otherwise. @rtype: boolean N(R-t ParseDsaSigRtverifyR.R R R(R$RRRR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRs &( R?R@RARRRR%RuR6RRR(((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRZs   RcBs_eZdZejjdZddZdZdZ e dZ dZ dZ RS( s9Represents RSA public keys in an asymmetric RSA key pair.cCs5tj|tj|||_||_||_dS(N(RR%RRRRJR(R$RJRR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR%s  RSc Csbt|d kr$tjdnttjtj|jjdd}t||dt j dkrtjdnt j |}|t|dt j d}|dkrtjdt|n|d |d |}t j t j }t j ||t j d}t j||} t j | t j } t j|| } d | | S( Nii=sOAEP parameter string too long.iis Message too long to OAEP encode.isMessage is too long: %dRsI (R0R R RRRRRRR-RR.RvRR( R$RRRRt pad_octetsRRRRRR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt__Encodes +! cCsEtjitj|jdd6tj|jdd6|jd6S(NRRR(RpRqR-R2RJR(R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRuscCsFtjtj|jdtj|jd}tj|tj S(NRR(R-RRRIR2R3R4(R$R5((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR6scCstj|}itj|dd6tj|dd6}tjtj|dtj|df}t|||dS(s Reads a RSA public key from a JSON string representation of it. @param key: a JSON representation of a RSA public key @type key: string @return: a RSA public key @rtype: L{RsaPublicKey} RRR(RpRtR-R:RRRR(RRRJR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRs cCs6|j|}|jj|dd}|j|S(s Return a raw byte string of the ciphertext in the form Header|Ciph. @param data: message to be encrypted @type data: string @return: ciphertext formatted as Header|Ciph @rtype: string iN(t_RsaPublicKey__EncodeRRkRR>(R$R{R((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRs cCsKy2|jjtj||jtj|fSWntk rFtSXdS(s@ Return True if the signature corresponds to the message. @param msg: message that has been signed @type msg: string @param sig: string representation of long int signature @type sig: string @return: True if signature is valid for the message hash_id. False otherwise. @rtype: boolean N(RRR-RRRt ValueErrorR(R$RR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRs 2 (R?R@RARRRR%RRuR6RRRR(((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRs    tEncryptingStreamWritercBsGeZdZdZdZdZdZedZdZ RS(sh An encrypting stream capable of creating a ciphertext byte stream containing Header|IV|Ciph|Sig. cCs||_||_d|_t|_|jj|_tj |j }t j |j t j||_|j}|jj|||jj||dS(s Constructor @param key: Keyczar Key to perform the padding, verification, cipher creation needed by this stream @type key: Key @param output_stream: stream for encrypted output @type output_stream: 'file-like' object RSN(t_EncryptingStreamWriter__keyt&_EncryptingStreamWriter__output_streamt_EncryptingStreamWriter__dataRt_EncryptingStreamWriter__closedRmRt$_EncryptingStreamWriter__hmac_streamR-RvRXRRLR1Rt_EncryptingStreamWriter__cipherR>Rtwrite(R$Rt output_streamRNthdr((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR%s     cCs}|jd|j|7_|jjt|j}t|j|krc|j|j| nd}|j||_dS(s~ Write the data in encrypted form to the output stream @param data: data to be encrypted. @type data: string RiN(t"_EncryptingStreamWriter__CheckOpenRRRR0t'_EncryptingStreamWriter__WriteEncrypted(R$R{tencrypt_buffer_size((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRs cCsM|jd|j|jdt|jj|jj|jjdS(s Flush this stream. Writes all remaining encrypted data to the output stream. Will also flush the associated output stream. tflushR|N( RRRtTrueRRRRR(R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR.s cCs|jdt|_dS(sw Close this stream. Discards any and all buffered data Does *not* close the associated output stream. tcloseN(RRR(R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR9s cCsQ|r|jj|}n|jj|}|jj||jj|dS(s Helper to write encrypted bytes to output stream. Must *only* pad the last block as PKCS5 *always* pads, even when the data length is a multiple of the block size - it adds block_size chars. We cannot pad intermediate blocks as there is no guarantee that a streaming read will receive the data in the same blocks as the writes were made. @param data: data to be written. @type data: string @param pad: add padding to data @type pad: boolean N(RR}RRkRRRR(R$R{R|tencrypted_bytes((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt__WriteEncryptedBs cCs |jrtd|ndS(s$Helper to ensure this stream is opens(%s() on a closed stream is not permittedN(RR(R$t operation((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt __CheckOpenWs ( R?R@RAR%RRRRRR(((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRs   tDecryptingStreamReadercBsYeZdZejdZddZdZdZe dZ dZ dZ RS( su A stream capable of decrypting a source ciphertext byte stream containing Header|IV|Ciph|Sig into plain text. cCsL||_||_||_d|_d|_d|_d|_t|_ dS(s Constructor @param key_set: Keyczar key set to source key specified in message header @type key: Keyczar @param input_stream: source of encrypted input @type input_stream: 'file-like' object @param buffer_size: Suggested buffer size for reading data (will be adjusted to suit the underlying cipher). Use -1 to read as much data as possible from the source stream @type buffer_size: integer RSN( t _DecryptingStreamReader__key_sett%_DecryptingStreamReader__input_streamt$_DecryptingStreamReader__buffer_sizeRt_DecryptingStreamReader__keyt_DecryptingStreamReader__ciphert)_DecryptingStreamReader__encrypted_buffert)_DecryptingStreamReader__decrypted_bufferRt_DecryptingStreamReader__closed(R$tkey_sett input_streamR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR%bs       ic Cs|jdt}|js+|j}n|rS|jrS|j rS|j}n|r+|jr+|jr+d}t}x|r8|j|jjdt\}}|r|j |7_ nt j }|r||jj7}n|j | }|rt ||jj}nd}|r"|| }n|}|o2| }qzW|r+|j j||j t ||_ |jj|} |s|jj| } n|j| 7_|s(t |j t j krtjt |j n|j j} |j } d|_ |jjj| | s%tjq%q(q+n|dkrL|j} d|_n|j| } |j||_| r|rd} n| S(s Decrypts data from the source stream and returns the resulting plaintext. NOTE: the signature validation is performed on the final read if sufficient data is available. Streaming => it isn't possible to validate up front as done by Decrypt(). @param chars: indicates the number of characters to read from the stream. read() will never return more than chars characters, but it might return less, if there are not enough characters available. @type chars: integer @raise ShortCiphertextError: if the ciphertext is too short to have IV & Sig @raise InvalidSignatureError: if the signature doesn't correspond to payload @raise KeyNotFoundError: if key specified in header doesn't exist @raise ValueError: if stream closed treadRStblockiN(t"_DecryptingStreamReader__CheckOpenRRt"_DecryptingStreamReader__CreateKeyRt%_DecryptingStreamReader__CreateCiphert"_DecryptingStreamReader__ReadBytesRXRR R-RR0t$_DecryptingStreamReader__hmac_streamRRiRR R RRRmRRR( R$tcharst is_data_availtdata_to_decrypttneed_more_datat read_bytestreserved_data_lentavailable_datatno_decrypt_lentdecrypted_datatcurrent_sig_bytest msg_sig_bytesR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR{sb             cCs t|_dS(s Close this stream. Assumes all data has been read or is thrown away as no signature validation is done until all the data is read. N(RR (R$((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRscCs |jrtd|ndS(s$Helper to ensure this stream is opens(%s() on a closed stream is not permittedN(R R(R$R((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyRs cCst}d}xg|ru|jj|}|r:||7}n&|dk rP|tfS|s`|tfSt||k}qW|tfS(s Helper to read bytes from the input stream. If requested will block until required number of bytes is read or input data is exhausted. Returns a tuple of (the data bytes read, is more data available). RSN(RRRRRR0(R$RRRRR((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt __ReadBytess     cCst}|js|jtjt|j\}}|rL|j|7_nt|jtjkr|jtj }|jtj|_|jj||_|jj j |_ |j j ||j dkr|jj|j |_ qqn|S(s5 Helper to create the actual key from the Header NOTE: The key determines what the optimal read buffer size will be. It is a size that does not require any padding to allow allow encrypting without using a stream anddecrypting with a stream i.e. Encrypt() => DecryptingStreamReader() i(RRRR3RR0R Rt _ParseHeaderRmRRRRR(R$RRt hdr_bytes((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyt __CreateKeys  !cCst}|js|jj}|t|j}|j|\}}|r[|j|7_nt|j|kr|j| }|j||_|jj|t j |jj t j ||_qn|S(sC Helper to create the cipher using the IV from the message ( RRRRXR0R RRRRRLR1R(R$Rtreqd_block_sizetnew_bytes_reqdRRN((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR s    '( R?R@RAR-tDEFAULT_STREAM_BUFF_SIZER%RRRRRRR(((s0/usr/lib/python2.7/site-packages/keyczar/keys.pyR\s S    ((RARRRthashlibRt ImportErrortshat Crypto.CipherRtCrypto.PublicKeyRRt simplejsonRptM2CryptoRRRR R3RR-RR RR!RFRHR RRRRRRRRRR(((s0/usr/lib/python2.7/site-packages/keyczar/keys.pytsP            ! , =^ OD`^