a Ch@s<ddlZddlZddlmZddlmZGdddeZdS)N)mkstemp)ConfigGeneratorc @seZdZdZddhZddgZddgZddd d d d d ddd Zddd d dddd dddd ZdddddddddZ d d!ddd"Z d#Z d$d%hd&d'hd(d)hd*Z d+d,d"d-d.Z ed/d0Zed1d2Zed3d4Zd S)5RPMSequoiaGeneratorz rpm-sequoiaZrpmzMLKEM768-X25519zMLKEM1024-X448zMLDSA65-ED25519z MLDSA87-ED448ZMD5ZSHA1NzSHA2-224zSHA2-256zSHA2-384zSHA2-512zSHA3-256zSHA3-512) Zmd5Zsha1Z ripemd160Zsha224Zsha256Zsha384Zsha512sha3-256sha3-512zIDEA-CFBz3DES-CFBz AES-128-CFBz AES-192-CFBz AES-256-CFBzCAMELLIA-128-CFBzCAMELLIA-192-CFBzCAMELLIA-256-CFB) ZideaZ tripledesZcast5ZblowfishZaes128Zaes192Zaes256ZtwofishZ camellia128Z camellia192Z camellia256Z SECP256R1Z SECP384R1Z SECP521R1ZX25519ZX448)Znistp256Znistp384Znistp521Zcv25519x25519x448mlkem768-x25519mlkem1024-x448z EDDSA-ED25519z EDDSA-ED448)Zed25519Zed448zmldsa65-ed25519z mldsa87-ed448)Z elgamal1024Z elgamal2048Z elgamal3072Z elgamal4096Z brainpoolp256Z brainpoolp512z AES-256-EAXz AES-128-EAXz AES-256-OCBz AES-128-OCBz AES-256-GCMz AES-128-GCM)ZeaxZocbgcm)rr)rr r r )r )hashgroupsignaeadcs:fdd|D}|r6ddd|D}d|dSdS) Ncs$g|]}j|gD]}|qqS)ignore_invalidget).0kvclsr=/usr/share/crypto-policies/python/policygenerators/sequoia.py ez@RPMSequoiaGenerator._generate_ignore_invalid..z, css|]}d|dVqdS)"Nr)rrrrr grz?RPMSequoiaGenerator._generate_ignore_invalid..zignore_invalid = [ z ] )join)rZkindsvaluesrrr_generate_ignore_invalidcs  z,RPMSequoiaGenerator._generate_ignore_invalidcCs|j}d}||d7}|jD]D\}}||dvr:dnd}||d|d7}||d|d7}q"|d7}|d 7}||d 7}|jD]0\}}||d vrdnd}||d |d7}q|d7}|d 7}||d d7}tdd|dD}tdd|dD}|jd} dD]4} | | kr4|r4dnd}|d| d |d7}q|jd} dD]4} | | krx|rxdnd}|d| d |d7}q`|jD]D\} } | |d vrdnd}| |jvrd}|| d |d7}q|j D]D\} }||dvr dnd}||j vrd}|| d |d7}q|j D]} || d7}q<|d7}|d7}|d7}||d7}|j D]6\} }| |d rdnd}|| d |d7}q|S)Nz[hash_algorithms] r alwaysneverz.collision_resistance = "z" z.second_preimage_resistance = "zdefault_disposition = "never" z[symmetric_algorithms] Zcipherz = "z[asymmetric_algorithms] rrcss|]}|dVqdS)zRSA-N startswithrsrrrrrz6RPMSequoiaGenerator.generate_config..css|]}|dVqdS)zDSA-Nr$r&rrrrrZ min_rsa_size)iii iZrsaZ min_dsa_sizeZdsaz = "never" zdefault_disposition = "never" z [aead_algorithms] r)Zenabledr!hash_backwards_mapitemssymmetric_backwards_mapanyZintegersasymmetric_group_backwards_mapforce_on_groupasymmetric_sign_backwards_map force_on_signasymmetric_always_disabledaead_backwards_map intersection)rZpolicypZcfgZ seqoia_nameZc_p_namerZany_rsaZany_dsaZmin_rsalZmin_dsaZseq_namerrZ c_p_namesrrrgenerate_configks\     z#RPMSequoiaGenerator.generate_configc Cs^ddd|dD}||k}|}tddkr8dSt\}}zzt|d}||Wdn1st0Ytjd|gd d tj tj d }| d |j |j rd |j dnd|j |j fdkrWWt|dS| d|rdndd| d|Wn,ty>| dYWt|dS0Wt|n t|0d S)N css|]}|ds|VqdS)zignore_invalid = Nr$)rr4rrrrs z2RPMSequoiaGenerator.test_config..Z OLD_SEQUOIA1Twzsequoia-policy-config-checkFzutf-8)checkencodingstdoutstderrz$sequoia-policy-config-check returns z ``r)rrzThere is an error in a tightenedZ generatedz sequoia policyzPolicy: z,sequoia-policy-config not found, skipping...)rsplitosgetenvrfdopenwrite subprocessrunPIPEZSTDOUTZeprint returncoder;unlinkFileNotFoundError)rZconfigZstricter_configr>fdpathfrrrr test_configsR  (    zRPMSequoiaGenerator.test_config)__name__ __module__ __qualname__Z CONFIG_NAMEZSCOPESr-r/r(r*r,r.r0r1r classmethodr!r5rNrrrrrsp      :r)r@rDZtempfilerZconfiggeneratorrrrrrrs