F/j3ddlZddlZddlZddlmZddlmZddlmZddl m Z ddl m Z m Z mZddlmZmZddlmZed d d z Zd Zd ZdZd Zdd idd idd idZGddeZ ddZdZ ddZ ddZ y)N) InvalidTag)default_backend)hashes)HKDF)Cipher algorithmsmodes)Encoding PublicFormat)ec pad) aes128gcmaesgcm aesgcm128ceZdZdZdZy) ECEExceptionz&Exception for ECE encryption functionsc||_y)N)message)selfrs O/var/www/html/maxservice/venv/lib/python3.12/site-packages/http_ece/__init__.py__init__zECEException.__init__s  N)__name__ __module__ __qualname____doc__rrrrrs 0rrc d} d} d} d} d} |tvr td|dvrtd|z|t|tk7r td || td | ||||| \}} n|}| td |d k(r| d| } | d| } n|dk(rd} d} n |dk(rd} d} |d}|L|dk(r| }n | dd}t t j d||t}|j|}t t j t|| t}t t j t|| t}|j||j|fS)aDerive the encryption key :param mode: operational mode (encrypt or decrypt) :type mode: enumerate('encrypt', 'decrypt) :param salt: encryption salt value :type salt: str :param key: raw key :type key: str :param private_key: DH private key :type key: object :param dh: Diffie Helman public key value :type dh: str :param keyid: key identifier label :type keyid: str :param keylabel: label for aesgcm/aesgcm128 :type keylabel: str :param auth_secret: authorization secret :type auth_secret: str :param version: Content Type identifier :type version: enumerate('aes128gcm', 'aesgcm', 'aesgcm128') rcd|zdz|zS)NsContent-Encoding: r#)base info_contexts r build_infozderive_key..build_info?s$t+e3lBBrcJd}t|tjr1|}|jtj t j}n2tjjtj|}|jjtj t j}|dk(r|}|} n|}|} |dk(r d| z|z} n&|jddz|| z||z} |jtj|| fS)NcFtjdt||zS)Nz!H)structpacklen)keys r length_prefixz4derive_key..derive_dh..length_prefixCs;;tSX.4 4rencryptrsWebPush: infoutf-8r') isinstancer EllipticCurvePublicKey public_bytesr X962r UncompressedPointfrom_encoded_point SECP256R1 public_keyencodeexchangeECDH) modeversion private_keydhkeylabelr1pubkeyencodedsender_pub_keyreceiver_pub_keycontexts r derive_dhzderive_key..derive_dhBs 5 b"33 4F 0N0NOB..AA",,.RTUF((*77 MM<99  9 $N! N&  k !*-==NG( 012 /0 ##BGGIv6??rInvalid version)r2decryptzunknown 'mode' specified: Nz'salt' must be a 16 octet valuezDH requires a private_key)r?r@rArBrCzunable to determine the secretrsaesgcmsnoncersContent-Encoding: aesgcm128sContent-Encoding: noncersContent-Encoding: aes128gcmsContent-Encoding: noncesauth ) algorithmlengthsaltinfobackend) versionsrr/ KEY_LENGTHrrSHA256rderive NONCE_LENGTH)r?r@rOr0rArB auth_secretkeyidrCrHkeyinfo nonceinfor*rIsecretrP hkdf_authhkdf_key hkdf_nonces r derive_keyr_"s2GGIC@@h,-- ))7$>?? |s4yJ.<== ~  :; ;%#   ~;<<(Y0x1 K 0. K 42 :K k !Dgs+Dmmo#%  !!&)--/  ! H--/  ! J ??6 "J$5$5f$= ==rc|dz dk7r tdtjd|dd\}|ddtjd||z zS)z"Generate an initialization vector.@rzCounter too bigz!QN)rr-unpackr.)r(countermasks rivrfsR2 !,--mmD$qr(+GT 8fkk$$7 77rc  d} d} fd} d} tvr tdt d} dk(r: | |}|d }|d }|d }||s|}n|jd }|d}|dz }t d ||||||| \}}||kr td|} dk7r!|dz }t ||zdk(r tdd}d} t tdt ||D]F}| |||||||z} dk(r||zt |k\}|| ||z }n || |z }|dz }H |S#t$r tdwxYw#t$r(}tdjt|d }~wwxYw)a Decrypt a data block :param content: Data to be decrypted :type content: str :param salt: Encryption salt :type salt: str :param key: local public key :type key: str :param private_key: DH private key :type key: object :param keyid: Internal key identifier for private key info :type keyid: str :param dh: Remote Diffie Hellman sequence (omit for aes128gcm) :type dh: str :param rs: Record size :type rs: int :param auth_secret: Authorization secret :type auth_secret: str :param version: ECE Method version :type version: enumerate('aes128gcm', 'aesgcm', 'aesgcm128') :return: Decrypted message content :rtype str ctjd|ddd}|ddtjd|ddd|dd|z|d|zddS) zParse an aes128gcm content body and extract the header values. :param content: The encrypted body of the message :type content: str !BrNr!L)rOrsrXcontent)r-rc)rnid_lens rparse_content_headerz%decrypt..parse_content_headersgtWR^4Q7CRL--gbn5a8R"v+.rF{}-   rc ttj|tjt |||t dtj}|j|dt |jzS)N)tagrQ) rrAESr GCMrf TAG_LENGTHr decryptorupdatefinalize)r0noncerdrnrws rdecrypt_recordzdecrypt..decrypt_recordsr NN3  IIb(gzkl.C D#%  )+   * 569K9K9MMMrc td}tjdtjdd|zz|d|}||zt |kDs||||zd|zk7r t d|||zdS)Nrc|dz|zS)Nr#)xys rz/decrypt..unpad_legacy..sa!r!Brr'z Bad padding)rR functoolsreducer-rcr/r)datapad_sizerr@s r unpad_legacyzdecrypt..unpad_legacysG$U+ # MM#x0$q2B C  c>CI %hC)H cM* }- -HsN$%%rct|dz }tt|dz ddD]Q}tjd|||dzd}|dk7s(|s|dk7r t d|r|dk7r t d|d|cSt d) Nrrrzrecord delimiter != 1r zlast record delimiter != 2zall zero record plaintext)r/ranger-rcr)rlastivs runpadzdecrypt..unpads IMs4y1}b"- !A c4AE?3A6AAvQ&'>??AF&'CDDAay  !677rrJrrz"Could not parse the content headerrOrmrXNr3rnrrKr@rOr0rArBrWrXrCRecord size too smallrzMessage truncatedrrzDecryption error: {}) rRr Exceptiondecoder_r/listrrformatrepr)rnrOr0rArBrWrXrCrmr@rpr{rroverheadcontent_headerkey_nonce_chunkresultrdrrrexs ` rrKrKsL  N & 8h,-- 'H+ E1':Nf% D !w'  "2BLL)E +B    NT6 X~233 E+   w<% 1 $23 3 FG DeAs7|U34 A!$QY9OPD+%E c'l2%d++,t,, qLG  MY ECD D ET D188bBCCDs$D-A(E-E E6#E11E6c p fd} d} tvr td|tjd}t d ||||||| \} } t d} dk(r|dz }t |}nt |d z}||kr td ||z }d }d }t td ||D]"}|| | | |||||z||z|k\z }|d z }$ dk(rb|?|=|jjtjtj}n|xsd jd}| ||||S|S)a Encrypt a data block :param content: block of data to encrypt :type content: str :param salt: Encryption salt :type salt: str :param key: Encryption key data :type key: str :param private_key: DH private key :type key: object :param keyid: Internal key identifier for private key info :type keyid: str :param dh: Remote Diffie Hellman sequence :type dh: str :param rs: Record size :type rs: int :param auth_secret: Authorization secret :type auth_secret: str :param version: ECE Method version :type version: enumerate('aes128gcm', 'aesgcm', 'aesgcm128') :return: Encrypted message content :rtype str c rttj|tjt ||t j}dk(r|j||rdndz}n!|jdtdz|z}||jz }||jz }|S)Nrsrr'r) rrrtr rurfr encryptorrxrRryrr)r0rzrdbufrrrr@s rencrypt_recordzencrypt..encrypt_record]s NN3  IIb( )#%  )+  k !##Cd7$HID##Wx/@/G%G3$NOD ""$$  rct|dkDr td|}|tkDr td|tjd|z }|tjdt|z }||z }||zS)aCompose the header and content of an aes128gcm encrypted message body :param salt: The sender's salt value :type salt: str :param content: The encrypted body of the message :type content: str :param rs: Override for the content length :type rs: int :param keyid: The keyid to use for this message :type keyid: str zkeyid is too longzToo much contentrlri)r/rMAX_RECORD_SIZEr-r.)rOrnrmrXheaders rcompose_aes128gcmz"encrypt..compose_aes128gcmlsw u: 23 3  12 2&++dB''&++dCJ//%rrJrr2rrrrrrrr%r3)rX)rRrosurandomr_r/rrr;r6r r7r r8r<)rnrOr0rArBrWrXrCrmr@rrrrrend chunk_sizerrdrkids ` rr2r27sL  0h,-- |zz"~    NT6 'H+B'l'lQ X~233hJ FG%3 + ,. &'71q:~#>ZTW@W   1   + =[4((*77 |==C;B&&w/C vr== Mr)P-256) NNNNNNrir)!rrr-cryptography.exceptionsrcryptography.hazmat.backendsrcryptography.hazmat.primitivesr'cryptography.hazmat.primitives.kdf.hkdfr&cryptography.hazmat.primitives.ciphersrrr ,cryptography.hazmat.primitives.serializationr r )cryptography.hazmat.primitives.asymmetricr powrMIN_RECORD_SIZErSrVrvrRrrr_rfrKr2r#rrrs .818LLO8a*q.    aj 9MT>D8      HZ      {r