o

�N�g$)�@s�dd
lm
Z

ddlmZ
ddlmZ
ddlmZmZ
ddl	m
Z
mZmZ
ddl
mZ
dZddd	�
ZGd
d�de�Z		dd
d�
ZdS)�)
�	unhexlify)
�BLAKE2s)
�strxor)�
long_to_bytes�
bytes_to_long)�bord�tobytes�_copy_bytes)
�get_random_bytesNcCs,t|�
d
>|
A}t
|t|�
�t|�
d�S)N�
)rr�len)�bsZxor_lsb�num�r�H/opt/saltstack/salt/lib/python3.10/site-packages/Cryptodome/Hash/CMAC.py�_shift_bytes$s

rc@sTeZ
dZd
ZdZdd�Zdd�Zdd�Zd	d
�Zdd�Z	d
d�Z
dd�Zdd�ZdS)�CMACz�A CMAC hash object.
    Do not instantiate directly. Use the :func:`new` function.

    :ivar digest_size: the size in bytes of the resulting MAC tag
    :vartype digest_size: integer
    NcCsD
||_t
dd|
�|_||_||_|j|_}d|_||_|d
kr&d}d|_	n|dkr0d}d|_	nt
d|�
�
d|}	|j|
|jfi|j�
�
|_
|j
�|	�
}
t|
d	�
d
@r\t|
|�|_nt|
�
|_t|jd	�
d
@rrt|j|�|_nt|j�
|_|j|
|j|	fi|j�
�
|_t|�
|_d	|_|	|_d|_d	|_|r�|�|�

dSdS)N��i
��l�zACMAC requires a cipher with a block size of 8 or 16 bytes, not %d�
r
�)�digest_sizer	�_key�_factory�_cipher_params�
block_size�_block_size�_mac_tag�_update_after_digest�	_max_size�	TypeError�newZMODE_ECB�_ecb�encryptrr�_k1�_k2�MODE_CBC�_cbc�	bytearray�_cache�_cache_n�_last_ct�_last_pt�
_data_size�update)�self�key�msg�	ciphermod�
cipher_params�mac_len�update_after_digestr
Zconst_RbZ
zero_block�
Lrrr�__init__3sV










�

��






��


�z
CMAC.__init__cCs
|jd
u
r|j
std�
�
|jt|
�
7_|j}|jdkrUt||jt|
�
�}|
d
|�|j|j|j|�<|j|7_|j|krD|St	|
�
|d
�}
|�
|j�

d|_t|
�
|}|dkrv|�
|
d
|��

|
|d
�|jd
|�<n|�
|
�

||_|S)z�Authenticate the next chunk of message.

        Args:
            data (byte string/byte array/memoryview): The next chunk of data
        Nz4update() cannot be called after digest() or verify()r
)rr r"r/rrr,�minr+�
memoryview�_update)r1r3r
ZfillerZremainrrrr0os(















zCMAC.updatecCs�|j}t
|
�
|d
ks
J�
t
|
�
d
krdS|j�|
�
}t
|
�
|kr%|j}n
||d|�}||d�|_t||
|d��|_dS)z,Update a block aligned to the block boundaryr
N�)rrr)r%r-rr.)r1Z
data_blockr
�ctZsecond_lastrrrr<�s





zCMAC._updatec
Cs^|�t
�
}
|j��|
_|jj|j|jj|jfi|j	�
�
|
_
|jd
d
�|
_|jd
d
�|
_|
S)a+
Return a copy ("clone") of the CMAC object.

        The copy will have the same internal state as the original CMAC
        object.
        This can be used to efficiently compute the MAC tag of byte
        strings that share a common initial substring.

        :return: An :class:`CMAC`
        N)�__new__r�__dict__�copyrr#rr(r-rr)r+)r1�objrrrrA�s





��

z	CMAC.copyc
Cs�|j}
|j
d
u
r|js|j
S|j|jkrtd�
�
|jdkr*|jdkr*t|j|j	�}n!|j
d
d
�}dd|
|jd||jd
�<tt|j|�|j�}|j
�|�
d
|j�|_
|j
S)z�Return the **binary** (non-printable) MAC tag of the message
        that has been authenticated so far.

        :return: The MAC tag, computed over the data processed so far.
                 Binary form.
        :rtype: byte string
        NzMAC is unsafe for this messager
�
�rr)rrr r/r!�
ValueErrorr,rr.r&r+r-r'r$r%r)r1r
�pt�partialrrr�digest�s	

 

zCMAC.digestc

Csd
�dd�t
|���
D�
�
S)z�Return the **printable** MAC tag of the message authenticated so far.

        :return: The MAC tag, computed over the data processed so far.
                 Hexadecimal encoded.
        :rtype: string
        �c
Ssg|]}
dt|
�
�qS)
z%02x)
r)�.0�
xrrr�
<listcomp>�s
�z"CMAC.hexdigest.<locals>.<listcomp>)�join�tuplerG)
r1rrr�	hexdigest�s


�zCMAC.hexdigestcCsHtd
�
}t
jd||
d�}t
jd||��d�}|��|��kr"td�
�
dS)ag
Verify that a given **binary** MAC (computed by another party)
        is valid.

        Args:
          mac_tag (byte string/byte array/memoryview): the expected MAC of the message.

        Raises:
            ValueError: if the MAC does not match. It means that the message
                has been tampered with or that the MAC key is incorrect.
        r�)Zdigest_bitsr2�datazMAC check failedN)r
rr#rGrD)r1Zmac_tagZsecretZmac1Zmac2rrr�verify�s

�zCMAC.verifycCs|�t
t|
�
�
�

d
S)al
Verify that a given **printable** MAC (computed by another party)
        is valid.

        Args:
          hex_mac_tag (string): the expected MAC of the message, as a hexadecimal string.

        Raises:
            ValueError: if the MAC does not match. It means that the message
                has been tampered with or that the MAC key is incorrect.
        N)rQrr)r1Zhex_mac_tagrrr�	hexverify�szCMAC.hexverify)
�__name__�
__module__�__qualname__�__doc__rr9r0r<rArGrNrQrRrrrrr)s
<"rFcCsl|d
urtd�
�
|d
urint
|�
}|d
ur|j}|dkr!td�
�
||jkr-td|j�
�
t||
||||�S)aCreate a new MAC object.

    Args:
        key (byte string/byte array/memoryview):
            key for the CMAC object.
            The key must be valid for the underlying cipher algorithm.
            For instance, it must be 16 bytes long for AES-128.
        ciphermod (module):
            A cipher module from :mod:`Cryptodome.Cipher`.
            The cipher's block size has to be 128 bits,
            like :mod:`Cryptodome.Cipher.AES`, to reduce the probability
            of collisions.
        msg (byte string/byte array/memoryview):
            Optional. The very first chunk of the message to authenticate.
            It is equivalent to an early call to `CMAC.update`. Optional.
        cipher_params (dict):
            Optional. A set of parameters to use when instantiating a cipher
            object.
        mac_len (integer):
            Length of the MAC, in bytes.
            It must be at least 4 bytes long.
            The default (and recommended) length matches the size of a cipher block.
        update_after_digest (boolean):
            Optional. By default, a hash object cannot be updated anymore after
            the digest is computed. When this flag is ``True``, such check
            is no longer enforced.
    Returns:
        A :class:`CMAC` object
    Nz%ciphermod must be specified (try AES)�z,MAC tag length must be at least 4 bytes longz>MAC tag length cannot be larger than a cipher block (%d) bytes)r"�dictrrDr)r2r3r4r5r6r7rrrr#
s 





�r#)
r
)NNNNF)�binasciirZCryptodome.HashrZCryptodome.Util.strxorrZCryptodome.Util.numberrrZCryptodome.Util.py3compatrrr	ZCryptodome.Randomr
rr�objectrr#rrrr�<module>
s




[
�