o +ke@sddlZddlZddlZddlZddlZddlZddlZddlZddlZddlm Z m Z m Z ddl m Z mZmZddlmZeZddlTddlmZddlmZdd lmZmZdd lmZdd lmZmZdd lmZdd lmZddlmZddlmZddlm Z ddl!m"Z"m#Z#ddl$m%Z%ddl&m'Z'ddl(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0ddl(m1Z1m2Z2de vZ3GdddeZ4GdddeZ5GdddeZ6GdddeZ7Gd d!d!eZ8Gd"d#d#eZ9Gd$d%d%eZ:Gd&d'd'eZ;Gd(d)d)eZGd.d/d/e>Z?Gd0d1d1eZ@Gd2d3d3eZAGd4d5d5eZBGd6d7d7ZCd8d9ZDd:d;ZEdd?ZGd@dAZHdBdCZIGdDdEdEZJGdFdGdGeJZKdHdIZLGdJdKdKZMGdLdMdMZNGdNdOdOeJZOGdPdQdQePZQGdRdSdSeNeOZRGdTdUdUeOZSGdVdWdWeNeSZTGdXdYdYeNeSZUGdZd[d[eMeTZVGd\d]d]eMeUZWGd^d_d_eUZXGd`dadaeXZYGdbdcdceMeXZZeKeReTeUeYeVeWeZfZ[dS)dN) a2b_base64 b2a_base64hexlify)sha256sha512 pbkdf2_hmac) create_logger)*) Compressor) StableDict)ErrorIntegrityError)yes) get_keys_dirget_security_dir)get_limited_unpacker) bin_to_hex)prepare_subprocess_env)msgpack) workarounds)Key EncryptedKey)SaveFile) NonceManager)AES bytes_to_long long_to_bytes bytes_to_intnum_cipher_blocks hmac_sha256 blake2b_256hkdf_hmac_sha512)AES256_CTR_HMAC_SHA256AES256_CTR_BLAKE2bZauthenticated_no_keyc@eZdZdZdS)NoPassphraseFailurez can not acquire a passphrase: {}N__name__ __module__ __qualname____doc__r-r-3usr/lib/python3.10/site-packages/borg/crypto/key.pyr'(r'c@r&)PassphraseWrongzcpassphrase supplied in BORG_PASSPHRASE, by BORG_PASSCOMMAND or via BORG_PASSPHRASE_FD is incorrect.Nr(r-r-r-r.r0,r/r0c@r&)PasscommandFailurez3passcommand supplied in BORG_PASSCOMMAND failed: {}Nr(r-r-r-r.r10r/r1c@r&)PasswordRetriesExceededz%exceeded the maximum password retriesNr(r-r-r-r.r24r/r2c@r&)UnsupportedPayloadErrorzSUnsupported payload type {}. A newer version is required to access this repository.Nr(r-r-r-r.r38r/r3c@r&)UnsupportedManifestErrorzUUnsupported manifest envelope. A newer version is required to access this repository.Nr(r-r-r-r.r4<r/r4c@r&)KeyfileNotFoundErrorz*No key file for repository {} found in {}.Nr(r-r-r-r.r5@r/r5c@r&)KeyfileInvalidErrorz/Invalid key file for repository {} found in {}.Nr(r-r-r-r.r6Dr/r6c@r&)KeyfileMismatchErrorz/Mismatch between repository {} and key file {}.Nr(r-r-r-r.r7Hr/r7c@r&)RepoKeyNotFoundErrorz2No key entry found in the config of repository {}.Nr(r-r-r-r.r8Lr/r8c@eZdZedZdZdS)TAMRequiredErroraT Manifest is unauthenticated, but it is required for this repository. This either means that you are under attack, or that you modified this repository with a Borg version older than 1.0.9 after TAM authentication was enabled. In the latter case, use "borg upgrade --tam --force '{}'" to re-authenticate the manifest. TNr)r*r+textwrapdedentstripr, tracebackr-r-r-r.r:Ps r:c@r9)ArchiveTAMRequiredErrorzR Archive '{}' is unauthenticated, but it is required for this repository. TNr;r-r-r-r.r@\s r@c&eZdZejZdZfddZZS) TAMInvalidTctddS)Nz&Manifest authentication did not verifysuper__init__self __class__r-r.rFgzTAMInvalid.__init__r)r*r+rr,r?rF __classcell__r-r-rIr.rBcrBcrA)ArchiveTAMInvalidTcrC)Nz%Archive authentication did not verifyrDrGrIr-r.rFprKzArchiveTAMInvalid.__init__rLr-r-rIr.rOlrNrOc@seZdZdZdZdS)TAMUnsupportedSuiteErrorzMCould not verify manifest: Unsupported suite {!r}; a newer version is needed.TN)r)r*r+r,r?r-r-r-r.rPusrPc@eZdZdZdZdZdS)KeyBlobStorageZ no_storagekeyfile repositoryN)r)r*r+ NO_STORAGEKEYFILEREPOr-r-r-r.rRzrRcCsBtD]}|j|jkr|jdusJ|||Sqtd|j)NzInvalid encryption mode "%s")AVAILABLE_KEY_TYPESARG_NAMEZ encryptioncreate ValueError)rTargskeyr-r-r. key_creators  r_cCsddtDS)NcSsg|]}|jr|jqSr-)rZ).0r^r-r-r. sz&key_argument_names..)rYr-r-r-r.key_argument_namessrbcCs:|d}|tjkr tStD] }|j|kr|Sq t|)Nr) PassphraseKeyTYPERepoKeyrYr3) manifest_dataZkey_typer^r-r-r. identify_keys  rgcCst|||SN)rgdetect)rTrfr-r-r. key_factorysrjcCstt|j}tj|dS)N tam_required)rridospathjoin)rTZ security_dirr-r-r.tam_required_filesrpcCst|}tj|Srh)rprmrnisfile)rTfiler-r-r.rks rkc@sveZdZdZdZdZejZdZ dZ ddZ ddZ dd Z dd d Zd dZddZdddZdddZdddZdS)KeyBaseNZ UNDEFINEDFcCs8t|jg|_||_d|_td|_|jj|_d|_dS)Nlz4T) bytesrdTYPE_STRrTtargetr compressor decompressrkrHrTr-r-r.rFs    zKeyBase.__init__cCdS)z1Return HMAC hash using the "id" HMAC key Nr-rHdatar-r-r.id_hashszKeyBase.id_hashcCdSrhr-)rHchunkr-r-r.encryptzKeyBase.encryptTcCrrhr-)rHrlr}ryr-r-r.decryptrzKeyBase.decryptcCs2|r||}t||stdt|dSdS)Nz Chunk %s: id verification failed)r~hmaccompare_digestrr)rHrlr}Z id_computedr-r-r. assert_ids   zKeyBase.assert_idcCs"t|j|j|j|d|ddS)Nsborg-metadata-authentication-@)ZikmsaltinfoZ output_length)r#id_keyenc_key enc_hmac_keyrHrcontextr-r-r._tam_keys zKeyBase._tam_keymanifestcCsh|dur td}t|}tdtd|d}|d<t|}|||}t||d|d<t|S)NrHKDF_HMAC_SHA512)typerrtamrr) rmurandomr rurpackbrrdigest)rHZ metadata_dictrrrZpackedtam_keyr-r-r.pack_and_authenticate_metadatas    z&KeyBase.pack_and_authenticate_metadatac Csp|drt|j}|r|rtdd}t|}td}|||}t r-|dfSd|vrD|r;t |j j td|dfS|dd}t|tsRt|d d d d }|d krr|rhtt|td||dfS|d}|d} t| trt|tst||} td|| | d<|j| dd} t| |d} t| |sttd|dfS)z8Unpack msgpacked *data* and return (object, did_verify).sz!Manifest authentication DISABLED.FmanifestTtamz'Manifest TAM not found and not requiredNtypeasciireplacerzPIgnoring manifest TAM made with unsupported suite, since TAM is not required: %rhmacsaltrrrrzTAM-verified manifest) startswithr4rkloggerwarning bytearrayrfeedunpackAUTHENTICATED_NO_KEYr:rT _locationcanonical_pathdebugpop isinstancedictrBgetdecoderPreprruindexrrrr) rHr}force_tam_not_requiredrkunpackerunpackedrtam_typetam_hmactam_saltoffsetrcalculated_hmacr-r-r.unpack_and_verify_manifestsL             z"KeyBase.unpack_and_verify_manifestcCs|j}|r|rtdd}t|}td}|||}d|vr=|r3|dddd}t |td |dd fS| dd }t |t sKt |d d dd}|d krl|ratt|td||dd fS|d} |d} t | trt | tst || } td|| | d<|j| dd} t| |d} t| | sdtvrtd|dd fSt td|d| fS)z>Unpack msgpacked *data* and return (object, did_verify, salt).z Archive authentication DISABLED.Farchiversnames rrz&Archive TAM not found and not requiredNrrrzOIgnoring archive TAM made with unsupported suite, since TAM is not required: %rrrrsarchiverrZignore_invalid_archive_tamz4ignoring invalid archive TAM due to BORG_WORKAROUNDSzTAM-verified archiveT)rkrrrrrrrrr@rrrrOrPrrurrrrrr)rHr}rrkrr archive_namerrrrrrrr-r-r.unpack_and_verify_archivesL                 z!KeyBase.unpack_and_verify_archiveT)rNF)r)r*r+rdNAMErZrRrUSTORAGE chunk_seedlogically_encryptedrFr~rrrrrrrr-r-r-r.rss      ,rscspeZdZdZdZdZejZdZ dZ fddZ e dd Z e d d Zd d ZddZdddZddZZS) PlaintextKeyrZ plaintextnonerFcst|d|_dSNF)rErFrkrzrIr-r.rFWs  zPlaintextKey.__init__cCstd||S)NzTEncryption NOT enabled. Use the "--encryption=repokey|keyfile" to enable encryption.)rr)clsrTr]r-r-r.r[[s zPlaintextKey.createcCs||Srhr-)rrTrfr-r-r.ri`szPlaintextKey.detectcCs t|Srh)rrr|r-r-r.r~d zPlaintextKey.id_hashcC|j|}d|j|gSNrxcompressrorvrHrr}r-r-r.rg zPlaintextKey.encryptTcCs`|d|jkr|durt|nd}td|t|dd}|s#|S||}||||S)Nr (unknown)%Chunk %s: Invalid encryption enveloper)rdrr memoryviewryrrHrlr}ryid_strpayloadr-r-r.rks   zPlaintextKey.decryptcCs||Srhr-rr-r-r.rvszPlaintextKey._tam_keyr)r)r*r+rdrrZrRrUrrrrF classmethodr[rir~rrrrMr-r-rIr.rNs      rcCstdtdS)Nr)rmrrur-r-r-r.random_blake2b_256_keyzs rcs*eZdZdZddZdfdd ZZS)ID_BLAKE2b_256zi Key mix-in class for using BLAKE2b-256 for the id key. The id_key length must be 32 bytes. cC t|j|Srh)r"rr|r-r-r.r~rzID_BLAKE2b_256.id_hashNcs*|dusJtt|_t|_dSrh)rEinit_from_random_datarrrr|rIr-r.rs   z$ID_BLAKE2b_256.init_from_random_datarh)r)r*r+r,r~rrMr-r-rIr.rsrc@seZdZdZddZdS)ID_HMAC_SHA_256zj Key mix-in class for using HMAC-SHA-256 for the id key. The id_key length must be 32 bytes. cCrrh)r!rr|r-r-r.r~rzID_HMAC_SHA_256.id_hashN)r)r*r+r,r~r-r-r-r.rs rc@sBeZdZdZdZeZdZddZd ddZ dd d Z dd d Z dS) AESKeyBasea Common base class shared by KeyfileKey and PassphraseKey Chunks are encrypted using 256bit AES in Counter Mode (CTR) Payload layout: TYPE(1) + HMAC(32) + NONCE(8) + CIPHERTEXT To reduce payload size only 8 bytes of the 16 bytes nonce is saved in the payload, the first 8 bytes are always zeros. This does not affect security but limits the maximum repository capacity to only 295 exabytes! )TcCs@|j|}|j|j|jt|}|jj||j |dS)N)headerZiv) rxr nonce_managerZensure_reservationciphernext_ivZ block_countlenrrv)rHrr}rr-r-r.rs zAESKeyBase.encryptc Cs|d|jks#|dtjkrt|ts#|durt|nd}td|z|j|}WntyF}ztdt|dt|dd}~ww|sK|S| |}| |||S)NrrrzChunk z: Could not decrypt []) rdrcrrerrrrstrryr)rHrlr}ryrrer-r-r.rs   zAESKeyBase.decryptNcCsp|dur td}|dd|_|dd|_|dd|_t|dd|_|jd@r6|jdd|_dSdS) Ndr r`llr)rmrrrrrrr|r-r-r.rs  z AESKeyBase.init_from_random_datacCs|j|j|jddd|_|durd}n%|d|jks*|dtjkr&t|ts*tdt t |}|j ||}|j |t |j||_dS)Nr)Zmac_keyrZ header_lenZ aad_offsetr%Manifest: Invalid encryption envelope) CIPHERSUITErrrrdrcrrerr rZ extract_ivZset_ivrrTr)rHrfZnonceZmanifest_blocksr-r-r. init_cipherss  zAESKeyBase.init_ciphersrrh) r)r*r+r,ZPAYLOAD_OVERHEADr$rrrrrrr-r-r-r.rs    rc@seZdZedddZedddZedddZedd Zedd d Zed d Z eddZ edddZ ddZ ddZ dS) PassphraseNcCs"tj||}|dur||SdSrh)rmenvironr)renv_vardefault passphraser-r-r._env_passphraseszPassphrase._env_passphrasecCsD|d|}|dur |S|}|dur|S|}|dur |SdS)NBORG_PASSPHRASE)renv_passcommand fd_passphrase)rrrr-r-r.env_passphrases zPassphrase.env_passphrasec Csttjdd}|dur8tdd}z tjt|d|d}Wntjt fy0}zt |d}~ww|| dSdS)NBORG_PASSCOMMANDT)system)universal_newlinesenv ) rmrrr subprocess check_outputshlexsplitCalledProcessErrorFileNotFoundErrorr1rstrip)rrZ passcommandrrrr-r-r.rs zPassphrase.env_passcommandc Csrz ttjd}Wn ttfyYdSwtj|dd }|}Wdn1s-wY||dS)NZBORG_PASSPHRASE_FDr)moder) intrmrrr\ TypeErrorfdopenreadr)rfdfrr-r-r.rs zPassphrase.fd_passphrasecCs |d|S)NZBORG_NEW_PASSPHRASE)r)rrr-r-r.env_new_passphrases zPassphrase.env_new_passphrasec Csz t|}W||Sty?|rtg}dD]}tj|du}|d||r-dndq|dtd |dw)N)rrz {} is {}.setznot setz"Interactive password query failed. ) getpassEOFErrorprintrmrrappendformatr'ro)rpromptZpwmsgrZ env_var_setr-r-r.rs   zPassphrase.getpassc Csd}t||ddddrCtd|tjdtdtjdz|d WdStyBtd t|d tjdtd tjdYdSwdS) NzDDo you want your passphrase to be displayed for verification? [yN]: zInvalid answer, try again.TZBORG_DISPLAY_PASSPHRASE)Z retry_msgZ invalid_msgretryZenv_var_overridez-Your passphrase (between double-quotes): "%s"rrzDMake sure the passphrase displayed above is exactly what you wanted.rz+Your passphrase (UTF-8 encoding in hex): %sutf-8zAs you have a non-ASCII passphrase, it is recommended to keep the UTF-8 encoding in hex together with the passphrase at a safe place.)rrsysstderrencodeUnicodeEncodeErrorr)rrrr-r-r. verification&s.   zPassphrase.verificationFcCs|}|dur |S|}|dur|StddD]1}|d}|s$|rC|d}||kr;||td|Stdtj dqtdtj dqt ) Nr zEnter new passphrase: zEnter same passphrase again: zDRemember your passphrase. Your data will be inaccessible without it.zPassphrases do not matchrzPassphrase must not be blank) r rrangerrrrrrrr2)r allow_emptyrrZ passphrase2r-r-r.new8s"    zPassphrase.newcCr{)Nzr-rGr-r-r.__repr__OrzPassphrase.__repr__cCstd|d|||S)Nrr)rr)rHr iterationslengthr-r-r.kdfRszPassphrase.kdfrhr)r)r*r+rrrrrr rrr r!r$r-r-r-r.rs&         rc@sJeZdZdZdZdZejZdZ e ddZ e ddZ d d Z d d ZdS) rcrrNicCs.||}tdtjdd}||||S)Nz9WARNING: "passphrase" mode is unsupported since borg 1.0.Fr)rrrr init)rrTr]r^rr-r-r.r[fs    zPassphraseKey.createc Csd|j}||}t}|durt|}tddD])}|||z|d|||||_ |WSt yFt|}Yqwt )NzEnter passphrase for %s: r) rrrrrrr&rr _passphraserr2)rrTrfrr^rrr-r-r.rins       zPassphraseKey.detectcCsGdddt}|)Nc@r&)zAPassphraseKey.change_passphrase..ImmutablePassphraseErrorz=The passphrase for this encryption key type can't be changed.Nr(r-r-r-r.ImmutablePassphraseErrorr/r))r )rHr)r-r-r.change_passphraseszPassphraseKey.change_passphrasecCs*|||j|jd|d|_dS)NrF)rr$rlr"rrk)rHrTrr-r-r.r&s zPassphraseKey.init)r)r*r+rdrrZrRrUrr"rr[rir*r&r-r-r-r.rcVs    rcc@speZdZeddZddZddZddZd d Zd d Z d dZ dddZ eddZ dddZ ddZdS)KeyfileKeyBasecCs||}|}d|}t}|dur5t}|||s4tddD]}t|}|||r1nq"tn|||s=t||||_ |S)NzEnter passphrase for key %s: rr') find_keyrrloadrrr2r0rr()rrTrfr^rwrrrr-r-r.ris&     zKeyfileKeyBase.detectcCtrhNotImplementedErrorrGr-r-r.r,rzKeyfileKeyBase.find_keycCr.rhr/)rHrwrr-r-r.r-rzKeyfileKeyBase.loadcCst|}|||}|r?t|}t|d}|jdkrtd|j|_|j|_|j |_ |j |_ |j |_ | dt |j|_ dSdS)NZ internal_dictrz5key version %d is not supported by this borg version.rkTF)rdecrypt_key_filerZunpackbrversionr repository_idrrrrrrkrT)rHkey_datarcdatar}r^r-r-r._loads    zKeyfileKeyBase._loadcCstd}|||}t|d}|jdkrtd|j|jdkr*td|j||j|j d}t |d |j }t t|||jrH|SdS) Nr^r1rz?encrypted key version %d is not supported by this borg version.rzCencrypted key algorithm '%s' is not supported by this borg version.r)rrrrr3r algorithmr$rr"rrr}rrr!hash)rHr}rrrr^r-r-r.r2s    zKeyfileKeyBase.decrypt_key_filec CsXtd}t}|||d}t||}t|d|}td||d||d}t | S)Nrr8rr)r3rr"r9r:r}) rmrZPBKDF2_ITERATIONSr$r!rrrrras_dict) rHr}rrr"r^r:r6rr-r-r.encrypt_key_files  zKeyfileKeyBase.encrypt_key_filec CsVtd|j|j|j|j|j|jd}|t | |}d t t|d}|S)Nr)r3r4rrrrrkrr)rr4rrrrrkr<rrr;ror<wraprr)rHrr^r}r5r-r-r._saves zKeyfileKeyBase._saveNcCs&|dur tjdd}||j|dS)NTr%)rr saverw)rHrr-r-r.r*s z KeyfileKeyBase.change_passphrasecCsbtjdd}||}|j|_||||}|j||ddt d|t d|S)NTr%r[zKey in "%s" created.z>Keep this key safe. Your data will be inaccessible without it.) rr rlr4rrget_new_targetr?rr)rrTr]rr^rwr-r-r.r[s   zKeyfileKeyBase.createFcCr.rhr/rHrwrr[r-r-r.r?rzKeyfileKeyBase.savecCr.rhr/rHr]r-r-r.rArzKeyfileKeyBase.get_new_targetrhr)r)r*r+rrir,r-r7r2r<r>r*r[r?rAr-r-r-r.r+s    r+c@sleZdZdZdZdZejZdZ ddZ ddZ d d Z d d Z d dZddZddZddZdddZdS) KeyfileKeyrzkey filerSBORG_KEYc Cs|jd}t|}t|d,}|t||kr#t|jj ||t||kr5t |jj |Wdn1s?wYt|d}| }t|dkrft d|dt|jj |t|dt|t|krt d|dt|jj |d |d d}zt|}Wntjyt d |dt|jj |wt|d krt d |dt|jj |Wd|S1swY|S)N rbrrz1borg key sanity check: expected 2+ lines total. [rrz3borg key sanity check: key line 1 seems too long. [rz?borg key sanity check: key line 2+ does not look like base64. [zWborg key sanity check: binary encrypted key data from key line 2+ suspiciously short. [)FILE_IDrropenrrr6rTrrr7 readlinesrrrrorbinasciir ) rHfilenamerlZfile_idZrepo_idr linesZkey_b64r^r-r-r. sanity_checksD        zKeyfileKey.sanity_checkcCsH|}|dur|||jjS|}|dur|St|jjtrh) _find_key_file_from_environmentrPrTrl_find_key_in_keys_dirr5rrrrHrSr-r-r.r,*szKeyfileKey.find_keycCs2|}|dur |S|}|dur|S||Srh)rQrR_get_new_target_in_keys_dirrHr]rSr-r-r.get_existing_or_new_target3s z%KeyfileKey.get_existing_or_new_targetc CsX|jj}t}t|D]}tj||}z |||WStt fy)Yq wdSrh) rTrlrrmlistdirrnrorPr6r7)rHrlZkeys_dirnamerNr-r-r.rR<sz KeyfileKey._find_key_in_keys_dircCs|}|dur |S||Srh)rQrTrUr-r-r.rAFs zKeyfileKey.get_new_targetcCs tjd}|rtj|SdS)NZ BORG_KEY_FILE)rmrrrnabspathrSr-r-r.rQLs  z*KeyfileKey._find_key_file_from_environmentcCsB|j}|}d}tj|r|d7}|d|}tj|s|S)Nrz.%d)locationZto_key_filenamermrnexists)rHr]rNrnir-r-r.rTQs    z&KeyfileKey._get_new_target_in_keys_dircCsXt|}d|dd}Wdn1swY|||}|r*||_|S)NrHr)rKrorLr7rw)rHrwrr r5successr-r-r.r-Zs  zKeyfileKey.loadFcCs|rtj|rtd|||}t|!}||jdt|j d|||dWdn1s;wY||_ dS)Nz,Aborting because key in "%s" already exists.r r) rmrnrqr r>rwriterJrr4rw)rHrwrr[r5r r-r-r.r?bs      zKeyfileKey.saveNr)r)r*r+rdrrZrRrVrrJrPr,rVrRrArQrTr-r?r-r-r-r.rDs"    rDc@s@eZdZdZdZdZejZddZ ddZ ddZ d d d Z d S)rer'ZrepokeycCs(|jj}|j}|st|d|Srh)rTrrload_keyr8)rHlocr^r-r-r.r,vs   zRepoKey.find_keycCs|jSrh)rTrCr-r-r.rA~szRepoKey.get_new_targetcCsT|dk|_|j}|}|s|j}t|d|d}|||}|r(||_|SNrHr) rrTr_rrr8rr7rw)rHrwrr5r`r]r-r-r.r-s     z RepoKey.loadFcCs2|dk|_||}|d}||||_dSra)rr>rZsave_keyrw)rHrwrr[r5r-r-r.r?s     z RepoKey.saveNr) r)r*r+rdrrZrRrWrr,rAr-r?r-r-r-r.repsrec@s&eZdZdZdZdZejZdZ e Z dS)Blake2KeyfileKeyzkey file BLAKE2bzkeyfile-blake2rEN) r)r*r+rdrrZrRrVrrJr%rr-r-r-r.rbsrbc@s"eZdZdZdZdZejZe Z dS) Blake2RepoKeyzrepokey BLAKE2bzrepokey-blake2N) r)r*r+rdrrZrRrWrr%rr-r-r-r.rds rdcs\eZdZejZdZfddZfddZdfdd Z dd d Z d d Z dddZ Z S)AuthenticatedKeyBaseFcsBtrtd}||_||_||_||_d|_d|_dSt ||S)NrrFT) rrur4rrrrrkrEr7)rHr5rZNOPErIr-r.r7szAuthenticatedKeyBase._loadcst||}d|_|Sr)rEr-r)rHrwrr]rIr-r.r-szAuthenticatedKeyBase.loadcstj|||dd|_dS)Nr@F)rEr?rrBrIr-r.r?s zAuthenticatedKeyBase.saveNcCs&|dur|d|jkrtddSdS)Nrr)rdr)rHrfr-r-r.rsz!AuthenticatedKeyBase.init_cipherscCrrrrr-r-r.rrzAuthenticatedKeyBase.encryptTcCsh|d|jkr|durt|nd}td|t|dd}|s#|S||}tr,|S||||S)NrrzChunk %s: Invalid enveloper)rdrrrryrrrr-r-r.rs   zAuthenticatedKeyBase.decryptrrhr)r)r*r+rRrWrrr7r-r?rrrrMr-r-rIr.rfs   rfc@seZdZdZdZdZdS)AuthenticatedKeyZ authenticatedNr)r*r+rdrrZr-r-r-r.rgrXrgc@rQ)Blake2AuthenticatedKeyzauthenticated BLAKE2bzauthenticated-blake2Nrir-r-r-r.rjrXrj)\rM configparserrrrmrrr<rrrrZhashlibrrrrr constantsrr helpersr r rrrrrrrrritemrrplatformrZnoncesrZ low_levelrrrrr r!r"r#r$r%rr'r0r1r2r3r4r5r6r7r8r:r@rBrOrPrRr_rbrgrjrprkrsrrrrrrrrcr+rDrerbrdrfrgrjrYr-r-r-r.s           (    &, Em7sp+  2