pgddlZddlZddlZddlZddlZddlmZddlmZmZddl m Z m Z ddl m Z ddlmZddlmZddlmZmZmZmZdd lmZmZmZdd lmZmZdd lmZm Z dd l!m"Z"m#Z#m$Z$dd l%m&Z&ddl'm(Z(ddl)m*Z*m+Z+ddl,m-Z-m.Z.ddl/m0Z0m1Z1ddl2m3Z3m4Z4ddl5mZ6ddl7m8Z8ddl9m:Z:m;Z;ddlm?Z?m@Z@mAZAmBZBmCZCmDZDmEZEmFZFddlGmHZHmIZImJZJmKZKddlLmMZMmNZNmOZOddlPmQZQmRZRddlSmTZTmUZUmVZVmWZWmXZXmYZYmZZZm[Z[m\Z\m]Z]m^Z^m_Z_ddl`maZambZbmcZcmdZdmeZemfZfmgZgmhZhmiZiddljmkZkddllmmZmmnZnddlompZpmqZqmrZrmsZsmtZtejud d!d"gZvGd#d$ZwGd%d&ZxGd'd(Zyd)exd*eTfd+ZzexZ{dS),N)contextmanager)utilsx509)UnsupportedAlgorithm_Reasons)aead)_CipherContext _CMACContext) _DHParameters _DHPrivateKey _DHPublicKey_dh_params_dup)_DSAParameters_DSAPrivateKey _DSAPublicKey)_EllipticCurvePrivateKey_EllipticCurvePublicKey)_Ed25519PrivateKey_Ed25519PublicKey)_ED448_KEY_SIZE_Ed448PrivateKey_Ed448PublicKey _HashContext _HMACContext)_POLY1305_KEY_SIZE_Poly1305Context)_RSAPrivateKey _RSAPublicKey)_X25519PrivateKey_X25519PublicKey)_X448PrivateKey_X448PublicKey)r)binding)hashes serialization)AsymmetricPadding)dhdsaeced25519ed448rsax25519x448)MGF1OAEPPKCS1v15PSS)#CERTIFICATE_ISSUER_PUBLIC_KEY_TYPESPRIVATE_KEY_TYPESPUBLIC_KEY_TYPES)BlockCipherAlgorithmCipherAlgorithm) AESAES128AES256ARC4CamelliaChaCha20SM4 TripleDES_BlowfishInternal_CAST5Internal _IDEAInternal _SEEDInternal) CBCCFBCFB8CTRECBGCMModeOFBXTS)scrypt)pkcs7ssh)PBESPKCS12CertificatePKCS12KeyAndCertificates_ALLOWED_PKCS12_TYPES_PKCS12_CAS_TYPES _MemoryBIObiochar_ptrceZdZdS)_RC2N)__name__ __module__ __qualname__N/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/backend.pyr\r\sDrar\ceZdZdZdZhdZefZej ej ej ej ej ejejejejejejejf ZejejejejfZdZdZddzZdZdezZ dZ!de"fd Z# dd e$d e%j&e%j'e(j)dd fd Z*de$fdZ+ddZ,ddZ-e.j/dZ0ddZ1de"fdZ2de"fdZ3de4fdZ5de6dej7de8fdZ9dej7fdZ:dej7fdZ;dej7de$fdZdej7de$fdZ?dej7dej@fdZAd eBd!eCde$fd"ZDd#ZEdd$ZFd eBd!eCdeGfd%ZHd eBd!eCdeGfd&ZIdej7de$fd'ZJdej7d(e4d)e6d*e4d+e6de6f d,ZKde%j'e(j)fd-ZLde%j'e(jMfd.ZNde4fd/ZOdd0e4fd1ZPd2e4d3e4deQjRfd4ZSd2e4d3e4de$fd5ZTd6eQjUdeQjRfd7ZVd6eQjWdeQjXfd8ZYd9ZZd:Z[d;e6fd<Z\d=Z]de6fd>Z^de_fd?Z`deafd@Zbdej7de$fdAZcdBedde$fdCZed3e4defjgfdDZhdEefjgdefjifdFZjd3e4defjifdGZkdHZld6efjmdefjifdIZnd6efjodefjpfdJZqd6efjrdefjgfdKZsdLZtde$fdMZudej7de$fdNZvde$fdOZwdexdeyfdPZzd;e6dQe%j&e6de_fdRZ{d;e6deafdSZ|d;e6de}j~fdTZd;e6dQe%j&e6de_fdUZdVZd;e6deafdWZd;e6de}j~fdXZdYejde%jfdZZd[e%jdejfd\Zd]ejde%jfd^Zd_e%jdejfd`Zdaejde%jfdbZdce%jdejfddZdaejdeede$fdfZd]ejde$fdgZdhZdiZde%jfdjZdkejde$fdlZdmejdkejde$fdnZdkejdejfdoZd6ejdejfdpZd6ejdejfdqZdkejdre6dejfdsZdte4dkejdejfduZdkejfdvZdwe4fdxZdejdkejde$fdyZdzZdkejde4fd{Ze/d|Zd}Zd~e4de4fdZdejdejdejde6fdZdZdZdejdejde6fdZde$fdZde4d3e4de}j~fdZdZdEe}j~de}jfdZde4d3e4de}jfdZd6e}jde}jfdZd6e}jde}jfdZd6e}jde}j~fdZ dde4de4de%j&e4de$fdZde$fdZd;e6dejfdZd;e6dejfdZdZdejfdZde$fdZd;e6dejfdZd;e6dejfdZdejfdZde$fdZde$fdZd;e6dejfdZd;e6dejfdZdejfdZde$fdZd;e6dejfdZd;e6dejfdZdejfdZd+e6d)e6d(e4de4de4de4de6fdZde$fdZe.j/d(e4de%jefdZd(e4dd fdZe.j/dZd;e6dQe%j&e6de%je%j&e_e%j&eje%j'ejffdZd;e6dQe%j&e6defdZde%j&e6de%j&edYe%j&ejde%j&e%j'edejde6f dZde$fdZde6defdZde$fdZd;e6de%j'ejfdZd;e6de%j'ejfdZdZde%j'ejdejfdZdejdejde%j'ejde6fdZd S)Backendz) OpenSSL API binding interfaces. openssl> aes-128-ccm aes-128-gcm aes-192-ccm aes-192-gcm aes-256-ccm aes-256-gcmictj|_|jj|_|jj|_d|_||_ i|_ | |j r'|jj rtjdtn||jjg|_|jjr&|j|jjdSdS)NFz)formatopenssl_version_textrwrs rb__repr__zBackend.__repr__s.8??  % % ' ');   raNokerrorsc:tj|j||S)N)r)r&_openssl_assertrt)rrrs rbopenssl_assertzBackend.openssl_asserts &ty"VDDDDrac|jjr%|j|jj}nt |jdd}|dkr|jt|S)N FIPS_modecdSNrr`r`rarbz*Backend._is_fips_enabled..s1rar)rtCryptography_HAS_300_FIPS&EVP_default_properties_is_fips_enabledrrNULLgetattrERR_clear_errorbool)rmodes rbrvzBackend._is_fips_enabledsx 9 . @9CC DD>749k99==??D 199 I % % ' ' 'Dzzrac|j|sJ||_dSN)rp _enable_fipsrvrwrs rbrzBackend._enable_fipssJ ""$$$$$&&&&&!2244rac|jjr|j}||jjkr|j||j|jj}||dk|j|}||dkdSdSdSNrm) rtrzENGINE_get_default_RANDrrrENGINE_unregister_RANDRAND_set_rand_methodr ENGINE_finishreress rbactivate_builtin_randomzBackend.activate_builtin_randoms 9 7 . 1133ADIN"" 00333i44TY^DD##C1H---i--a00##C1H----- . .#"rac#K|j|jj}|||jjk|j|}||dk |V|j|}||dk|j|}||dkdS#|j|}||dk|j|}||dkwxYwr) rt ENGINE_by_idCryptography_osrandom_engine_idrrrr ENGINE_init ENGINE_freerrs rb_get_osurandom_enginezBackend._get_osurandom_engines? I " "49#L M M A/000i##A&& C1H%%% *GGG)''**C   q ) ) ))))!,,C   q ) ) ) ) ) )''**C   q ) ) ))))!,,C   q ) ) ) )s >C**A(Ec|jjr||5}|j|}||dkdddn #1swxYwY|j|jj}||dkdSdSr) rtrzrrENGINE_set_default_RANDrrrrrrs rbr~z Backend.activate_osrandom_engines 9 7 *  ( ( * * *++-- .i77::##C1H--- . . . . . . . . . . . . . . . )00@@C   q ) ) ) ) ) * *s4A55A9<A9c |jdd}|5}|j|dt |||jjd}||dkdddn #1swxYwY|j| dS)Nchar[]@sget_implementationrascii) rrnewrrtENGINE_ctrl_cmdlenrrstringdecode)rbufrrs rbosrandom_engine_implementationz&Backend.osrandom_engine_implementationsimmHb))  ' ' ) ) )Q)++(#c((CC   a ( ( (  ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) y$$++G444sAB  BBc|j|j|jjdS)z Friendly string name of the loaded OpenSSL library. This is not necessarily the same version as it was compiled against. Example: OpenSSL 1.1.1d 10 Sep 2019 r)rrrrtOpenSSL_versionOPENSSL_VERSIONrrs rbrzBackend.openssl_version_text#sAy I % %di&? @ @  &// rac4|jSr)rtOpenSSL_version_numrs rbopenssl_version_numberzBackend.openssl_version_number.sy,,...rakey algorithmc$t|||Srr)rrrs rbcreate_hmac_ctxzBackend.create_hmac_ctx1sD#y111rac|jdks |jdkr7d|j|jdzd}n|jd}|j|}|S)Nblake2bblake2sz{}{}r)namer digest_sizeencodertEVP_get_digestbyname)rralgevp_mds rb_evp_md_from_algorithmzBackend._evp_md_from_algorithm6s~ >Y & &).I*E*E-- 5 9fWoo C.''00C//44 racv||}|||jjk|Sr)rrrrrrrrs rb_evp_md_non_null_from_algorithmz'Backend._evp_md_non_null_from_algorithmAs7,,Y77 Fdin4555 rac|jrt||jsdS||}||jjkSNF)rw isinstance _fips_hashesrrrrrs rbhash_supportedzBackend.hash_supportedFsH   jDj(2333rac `tttfD]U}ttt t tttfD]&}| ||td'Vttt t tfD]+}| t|td,tttt fD]+}| t|td,| tt tdttt t fD]+}| t|td,ttt t fD]+}| t|td,t!jt$t&gtt tt gD])\}}| ||td*| t(t+dtd| t,t+dtd| t.t+dtd | tt0t2t tt ttfD]+}| t4|td ,dS) Nz+{cipher.name}-{cipher.key_size}-{mode.name}zdes-ede3-{mode.name}zdes-ede3zbf-{mode.name}zseed-{mode.name}z{cipher.name}-{mode.name}rc4rc2chacha20zsm4-{mode.name})r;r<r=rGrJrKrNrHrIrLrGetCipherByNamer?rBrCrF itertoolsproductrDrEr>rr\r@rO_get_xts_cipherrA)rrrs rbryz!Backend._register_default_cipherss/  J #sCdC@  ,,#E c3S1  H  ( ( MNN     c4-  H  ( (8_5K%L%L     $$ sOJ77   c3,  H  ( (!8_=M-N-N    c3,  H  ( (x9K)L)L    %.$5 ] + #sC % %    J  ( ( ;<<     $$T4::u7M7MNNN $$T4::u7M7MNNN $$ d4jj/*"="=    $$S#???c3S1  H  ( (X/@AA      rac:t|||tjSr)r _ENCRYPTrrrs rbcreate_symmetric_encryption_ctxz'Backend.create_symmetric_encryption_ctxdFD.2IJJJrac:t|||tjSr)r _DECRYPTrs rbcreate_symmetric_decryption_ctxz'Backend.create_symmetric_decryption_ctxrrac,||Sr)rrs rbpbkdf2_hmac_supportedzBackend.pbkdf2_hmac_supporteds""9---ralengthsalt iterations key_materialc |jd|}||}|j|}|j|t ||t |||||} || dk|j|ddS)Nunsigned char[]rm) rrrr from_bufferrtPKCS5_PBKDF2_HMACrrbuffer) rrrrrr rrkey_material_ptrrs rbderive_pbkdf2_hmaczBackend.derive_pbkdf2_hmacsimm-v6655i@@900>>i))      II        C1H%%%y$$QQQ''rac4tj|jSr)r&_consume_errorsrtrs rbrzBackend._consume_errorss&ty111rac4tj|jSr)r&_consume_errors_with_textrtrs rbrz!Backend._consume_errors_with_texts0;;;rac||jjksJ||j| |j|}|jd|}|j||}||dkt |j |d|d}|S)Nr rbig) rrrrrtBN_is_negative BN_num_bytesr BN_bn2binint from_bytesr)rbn bn_num_bytesbin_ptrbin_lenvals rb _bn_to_intzBackend._bn_to_intsTY^####  8 8 < <<===y--b11 )-- 1<@@)%%b'22 GqL)))nnTY--g66xx@%HH ranumcX|||jjksJ| |jj}|t|dz dzd}|j|t||}|||jjk|S)a  Converts a python integer to a BIGNUM. The returned BIGNUM will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. Ng @rmr) rrrto_bytesr bit_lengthrt BN_bin2bnrr)rr"rbinarybn_ptrs rb _int_to_bnzBackend._int_to_bnszR49>1111 :Bc#.."2"2S"81"<==uEE$$VS[["== Fdin4555 rapublic_exponentkey_sizec:tj|||j}|||jjk|j||jj}| |}|j||jj }|j ||||jj}||dk| |}t||||jSr)r/_verify_rsa_parametersrtRSA_newrrrrgcRSA_freer)BN_freeRSA_generate_key_ex_rsa_cdata_to_evp_pkeyr ru)rr*r+ rsa_cdatarrevp_pkeys rbgenerate_rsa_private_keyz Backend.generate_rsa_private_keys "?H===I%%''  I7888ILLDI,>?? ___ - - Y\\"di/ 0 0i++ xTY^   C1H%%%..y99 )Xt'?   rac,|dko|dzdko|dkS)Nrmrir`)rr*r+s rb!generate_rsa_parameters_supportedz)Backend.generate_rsa_parameters_supporteds/ q  !#q( C ranumbersc tj|j|j|j|j|j|j|jj |jj |j }| ||jjk|j||j j}||j}||j}||j}||j}||j}||j}||jj } ||jj } |j |||} | | dk|j || | |} | | dk|j ||||} | | dk||} t/||| |jSr)r/_check_private_key_componentspqddmp1dmq1iqmppublic_numbersrnrtr.rrrrr/r0r)RSA_set0_factors RSA_set0_keyRSA_set0_crt_paramsr3r ru) rr:r4r=r>r?r@rArBrrDrr5s rbload_rsa_private_numbersz Backend.load_rsa_private_numberss ) I I I L L L  " $  " $ I%%''  I7888ILLDI,>?? OOGI & & OOGI & & OOGI & &w|,,w|,,w|,, OOG24 5 5 OOG24 5 5i((Aq99 C1H%%%i$$Y1a88 C1H%%%i++ItT4HH C1H%%%..y99 )Xt'?   rac6tj|j|j|j}|||jjk|j ||jj }| |j}| |j}|j ||||jj}||dk| |}t|||Sr)r/_check_public_key_componentsrrDrtr.rrrrr/r0r)rFr3r!)rr:r4rrDrr5s rbload_rsa_public_numberszBackend.load_rsa_public_numbers@s (GI>>>I%%''  I7888ILLDI,>?? OOGI & & OOGI & &i$$Y1dinEE C1H%%%..y99T9h777rac|j}|||jjk|j||jj}|Sr)rt EVP_PKEY_newrrrrr/ EVP_PKEY_freerr5s rb_create_evp_pkey_gczBackend._create_evp_pkey_gcOsQ9))++ H 67779<<$)*ABBrac|}|j||}||dk|Sr)rPrtEVP_PKEY_set1_RSAr)rr4r5rs rbr3zBackend._rsa_cdata_to_evp_pkeyUG++--i))(I>> C1H%%%radatac2|j|}|j|t |}|||jjkt|j||jj |S)z Return a _MemoryBIO namedtuple of (BIO, char*). The char* is the storage for the BIO and it must stay alive until the BIO is finished with. ) rrr rtBIO_new_mem_bufrrrrXr/BIO_free)rrTdata_ptrrYs rb _bytes_to_biozBackend._bytes_to_bio[sx9((..i''#d))<< C49>1222$),,sDI,>??JJJracB|j}|||jjk|j|}|||jjk|j||jj}|S)z. Creates an empty memory BIO. )rt BIO_s_memrrrrBIO_newr/rW)r bio_methodrYs rb_create_mem_bio_gczBackend._create_mem_bio_gchsY((**  J$).8999i ++ C49>1222ill3 233 racF|jd}|j||}||dk||d|jjk|j|d|dd}|S)zE Reads a memory BIO. This only works on memory BIOs. zchar **rN)rrrrtBIO_get_mem_datarrr)rrYrbuf_lenbio_datas rb _read_mem_biozBackend._read_mem_biossimmI&&),,S#66 GaK((( CFdin45559##CFG44QQQ7rac|j|}||jjkry|j|}|||jjk|j||jj}t||||j S||jj kr|jj s|jj s|jjs|j|}|||jjk|j||jj}|}|j||}||dk|||dS||jjkrs|j|}|||jjk|j||jj}t-|||S||jjkrs|j|}|||jjk|j||jj}t5|||S||jvrs|j|}|||jjk|j||jj}t=|||S|t?|jddkrtA||S|t?|jddkrtC||S|t?|jddkrtE||S|t?|jddkrtG||StId) zd Return the appropriate type of PrivateKey given an evp_pkey cdata pointer. rmN)passwordEVP_PKEY_ED25519 EVP_PKEY_X448EVP_PKEY_X25519EVP_PKEY_ED448Unsupported key type.)%rt EVP_PKEY_id EVP_PKEY_RSAEVP_PKEY_get1_RSArrrrr/r0r ruEVP_PKEY_RSA_PSSCRYPTOGRAPHY_IS_LIBRESSLCRYPTOGRAPHY_IS_BORINGSSL#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111Er^i2d_RSAPrivateKey_bioload_der_private_keyrc EVP_PKEY_DSAEVP_PKEY_get1_DSADSA_freer EVP_PKEY_ECEVP_PKEY_get1_EC_KEY EC_KEY_freerrEVP_PKEY_get1_DHDH_freer rrr$r"rr) rr5key_typer4rYr dsa_cdataec_cdatadh_cdatas rb_evp_pkey_to_private_keyz Backend._evp_pkey_to_private_key~s 9((22 ty- - - 33H==I    TY^ ; < < < Y 0BCCI!i4+C   2 2 2I6 3I7 3IA 3 33H==I    TY^ ; < < < Y 0BCCI))++C)11#yAAC   q ) ) ),,""3''$- / / / 33H==I    TY^ ; < < < Y 0BCCI!$ 8<< < . . .y55h??H   DIN : ; ; ;y||Hdi.CDDH+D(HEE E  ' 'y11(;;H   DIN : ; ; ;y||Hdi.?@@H x:: : ,>EE E E%dH55 5 OTBB B B"422 2 ,=tDD D D$T844 4 ,?? ?rac|j|}||jjkrs|j|}|||jjk|j||jj}t|||S||jj kr|jj s|jj s|jj s|j|}|||jjk|j||jj}|}|j||}||dk|||S||jjkrs|j|}|||jjk|j||jj}t+|||S||jjkr|j|}||jjkr$|}t3d||j||jj}t7|||S||jvrs|j|} || |jjk|j| |jj} t?|| |S|tA|jddkrtC||S|tA|jddkrtE||S|tA|jddkrtG||S|tA|jddkrtI||StKd) zc Return the appropriate type of PublicKey given an evp_pkey cdata pointer. rmzUnable to load EC keyrfNrgrhrirj)&rtrkrlrmrrrrr/r0r!rnrorprqr^i2d_RSAPublicKey_bioload_der_public_keyrcrtrurvrrwrxrrryrrrzr{rrrr%r#rr) rr5r|r4rYrr}r~rrs rb_evp_pkey_to_public_keyzBackend._evp_pkey_to_public_keys 9((22 ty- - - 33H==I    TY^ ; < < < Y 0BCCI y(;; ;  2 2 2I6 3I7 3IA 3  33H==I    TY^ ; < < < Y 0BCCI))++C)00i@@C   q ) ) )++D,>,>s,C,CDD D / / / 33H==I    TY^ ; < < < Y 0BCCI y(;; ; . . .y55h??H49>))7799 !8&AAAy||Hdi.CDDH*48DD D  ' 'y11(;;H   DIN : ; ; ;y||Hdi.?@@Hh99 9 ,>EE E E$T844 4 OTBB B B!$11 1 ,=tDD D D#D(33 3 ,?? ?ract|tjtjtjtjtjfSr)rr'rSHA224SHA256SHA384SHA512rs rb_oaep_hash_supportedzBackend._oaep_hash_supporteds5          rapaddingct|trdSt|trft|jtrL|jr&t|jjtjrdS| |jjSt|trSt|jtr9| |jjo| |jSdS)NTF) rr4r5_mgfr2rw _algorithmr'rrr3r)rrs rbrsa_padding_supportedzBackend.rsa_padding_supporteds gx ( ( 4  % % *W\4*H*H ! Dj ''' Dt**7<+BCCC  & & :glD+I+I ,, '@++G,>?? @5rac |dvrtd|j}|||jjk|j||jj}|j|||jjd|jj|jj|jj}||dkt||S)N)irli iz0Key size must be 1024, 2048, 3072, or 4096 bits.rrm) rrtDSA_newrrrrr/rvDSA_generate_parameters_exr)rr+ctxrs rbgenerate_dsa_parameterszBackend.generate_dsa_parameterss 3 3 3B i!! C49>1222ill3 233i22   IN IN IN IN   C1H%%%dC(((ra parameterscP|j|j}|||jjk|j||jj}|j|| |}t|||Sr) rt DSAparams_dup _dsa_cdatarrrrr/rvDSA_generate_key_dsa_cdata_to_evp_pkeyr)rrrr5s rbgenerate_dsa_private_keyz Backend.generate_dsa_private_key/si%%  !   C49>1222ill3 233 ""3'''..s33dC222racV||}||Sr)rr)rr+rs rb'generate_dsa_private_key_and_parametersz/Backend.generate_dsa_private_key_and_parameters<s+11(;; ,,Z888rac|j||||}||dk|j|||}||dkdSr)rt DSA_set0_pqgr DSA_set0_key)rr}r=r>gpub_keypriv_keyrs rb_dsa_cdata_set_valueszBackend._dsa_cdata_set_valuesBsli$$Y1a88 C1H%%%i$$YBB C1H%%%%%ractj||jj}|j}|||jjk|j ||jj }| |j }| |j }| |j}| |jj}| |j}|||||||||} t'||| Sr)r+_check_dsa_private_numbersrCparameter_numbersrtrrrrrr/rvr)r=r>ryxrrr) rr:rr}r=r>rrrr5s rbload_dsa_private_numbersz Backend.load_dsa_private_numbersHs &w///#2DI%%''  I7888ILLDI,>?? OO-/ 0 0 OO-/ 0 0 OO-/ 0 0//'"8":;;??79-- ""9aAwIII..y99dIx888rac|tj|j|j}|||jjk|j||jj }| |jj }| |jj }| |jj }| |j}|jj}|||||||||}t#|||Sr)r+_check_dsa_parametersrrtrrrrrr/rvr)r=r>rrrrr) rr:r}r=r>rrrr5s rbload_dsa_public_numberszBackend.load_dsa_public_numbers]s !'";<<<I%%''  I7888ILLDI,>?? OOG57 8 8 OOG57 8 8 OOG57 8 8//'),,9> ""9aAwIII..y99T9h777ractj||j}|||jjk|j||jj}| |j }| |j }| |j }|j ||||}||dkt||Sr)r+rrtrrrrrr/rvr)r=r>rrr)rr:r}r=r>rrs rbload_dsa_parameter_numbersz"Backend.load_dsa_parameter_numbersps !'***I%%''  I7888ILLDI,>?? OOGI & & OOGI & & OOGI & &i$$Y1a88 C1H%%%dI...rac|}|j||}||dk|Sr)rPrtEVP_PKEY_set1_DSAr)rr}r5rs rbrzBackend._dsa_cdata_to_evp_pkeyrSrac|j Sr)rwrs rb dsa_supportedzBackend.dsa_supporteds%%%racX|sdS||Sr)rrrs rbdsa_hash_supportedzBackend.dsa_hash_supporteds/!!## 5,,Y777racX||td|jzS)N)rrG block_sizers rbcmac_algorithm_supportedz Backend.cmac_algorithm_supporteds/$$ s7Y%99::   rac"t||Srr rs rbcreate_cmac_ctxzBackend.create_cmac_ctxsD),,,rarecP||jj|j||Sr) _load_keyrtPEM_read_bio_PrivateKeyr)rrTres rbload_pem_private_keyzBackend.load_pem_private_keys.~~ I -  )      rac||}|jd}|j|j|jj|j|jjd|}||jjkr:|j ||jj }| |S| |j |j}||dk|j|j|jj|j|jjd|}||jjkrK|j ||jj}||}t%|||S|dS)NCRYPTOGRAPHY_PASSWORD_DATA *Cryptography_pem_password_cbrm)rYrrrrtPEM_read_bio_PUBKEYrYr addressof _original_libr/rNrr BIO_resetrPEM_read_bio_RSAPublicKeyr0r3r!_handle_key_loading_error)rrTmem_biouserdatar5rr4s rbload_pem_public_keyzBackend.load_pem_public_keys$$T**9==!?@@900 K IN I   ')G       ty~ % %y||Hdi.EFFH//99 9  " " ")%%gk22C   q ) ) ) ;;   ##I+-K IDIN** ILLDI4FGG 66yAA$T9h???..00000racb||}|j|j|jj|jj|jj}||jjkr5|j||jj}t||S| dSr) rYrtPEM_read_bio_DHparamsrYrrrr/r{r r)rrTrrs rbload_pem_parameterszBackend.load_pem_parameterss$$T**922 K   ty~ % %y||Hdi.?@@H x00 0  * * , , , , ,rac||}|||}|r||S||jj|j||Sr)rY"_evp_pkey_from_der_traditional_keyrrrtd2i_PKCS8PrivateKey_bio)rrTrerbrs rbrszBackend.load_der_private_keyst%%d++55hII  0055 5>> 1-  rac:|j|j|jj}||jjkrL||j||jj}|td|S|dS)N4Password was given but private key is not encrypted.) rtd2i_PrivateKey_biorYrrrrr/rN TypeError)rrbrers rbrz*Backend._evp_pkey_from_der_traditional_keysi**8<HH $).   " " "),,sDI$;<JJ ty~ % %y||Hdi.?@@H x00 0 Y 4 5  " " ")%%gk22C   q ) ) )y?? TY^H49>))9<<$)2CDD$T8444 &&(((((racertc\|tjj}||}|j|j|jj }| ||jj k|j ||jj }|Sr) public_bytesr(EncodingDERrYrt d2i_X509_biorYrrrrr/ X509_free)rrrTrrs rb _cert2osslzBackend._cert2ossl)s  !7!;<<$$T**y%%gk49>BB DDIN2333y||D$)"566 rarc|}|j||}||dkt j||Sr)r^rt i2d_X509_bior rust_x509load_der_x509_certificaterc)rrrYrs rb _ossl2certzBackend._ossl2cert1sa%%''i$$S$// C1H%%%243E3Ec3J3JKKKracsrc\|tjj}||}|j|j|jj }| ||jj k|j ||jj }|Sr) rr(rrrYrtd2i_X509_REQ_biorYrrrrr/ X509_REQ_free)rrrTrx509_reqs rb _csr2osslzBackend._csr2ossl7 6 :;;$$T**9--gk49>JJ H 67779<<$)*ABBrarc|}|j||}||dkt j||Sr)r^rti2d_X509_REQ_biorrload_der_x509_csrrc)rrrYrs rb _ossl2csrzBackend._ossl2csr?c%%''i((h77 C1H%%%*4+=+=c+B+BCCCracrlc\|tjj}||}|j|j|jj }| ||jj k|j ||jj }|Sr) rr(rrrYrtd2i_X509_CRL_biorYrrrrr/ X509_CRL_free)rrrTrx509_crls rb _crl2osslzBackend._crl2osslGrrarc|}|j||}||dkt j||Sr)r^rti2d_X509_CRL_biorrload_der_x509_crlrc)rrrYrs rb _ossl2crlzBackend._ossl2crlOrra public_keyc t|tttfst d||}|j||j}|dkr| dSdS)NzGExpecting one of DSAPublicKey, RSAPublicKey, or EllipticCurvePublicKey.rmFT) rrr!rrrrtX509_CRL_verify _evp_pkeyr)rrrrrs rb_crl_is_signature_validzBackend._crl_is_signature_validWs  '   . >>#&&i''*2FGG !88  " " "5tracb||}|j|}|||jjk|j||jj}|j||}|dkr| dSdS)NrmFT) rrtX509_REQ_get_pubkeyrrrrr/rNX509_REQ_verifyr)rrrpkeyrs rb_csr_is_signature_validzBackend._csr_is_signature_validqs>>#&&y,,X66 DDIN2333y||D$)"9::i''$77 !88  " " "5tracv|j|j|jdkrtddS)NrmzKeys do not correspond)rt EVP_PKEY_cmprr)rkey1key2s rb_check_keys_correspondzBackend._check_keys_corresponds; 9 ! !$.$. A AQ F F566 6 G Frac||}|jd}|Jtjd||j|}||_t||_||j |jj |j |j j d|}||jj kr|jdkre||jdkrt!d|jdksJt#d|jd z |||j||j j}||jdkrt!d | |jd ks|J||S) Nrrerrz3Password was not given but private key is encryptedzAPasswords longer than {} bytes are not supported by this backend.rmr)rYrrrr_check_bytesliker rerrrYrrrtrerrorrrrrmaxsizerr/rNcalled) ropenssl_read_func convert_funcrTrerr password_ptrr5s rbrzBackend._load_keys$$T**9==!?@@    ":x 8 8 8900::L ,H !(mmHO$$ K IN I   ')G       ty~ % %~""$$&&&>R''#M$>R////$++16(2BQ2F+G+G ..000 9<<$)*ABB  HOq$8$8F   X_%9%9    |H%%%rac@}|std|djjjjsl|djjjjs<jjr?|djj jj rtdtfd|Drtdtj |}td|)Nz|Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.rz Bad decrypt. Incorrect password?c3lK|].}|jjjjV/dSr)_lib_reason_matchrt ERR_LIB_EVP'EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM).0rrs rb z4Backend._handle_key_loading_error..sY    # # % A        raz!Unsupported public key algorithm.zCould not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).)rrrrtrEVP_R_BAD_DECRYPTERR_LIB_PKCS12!PKCS12_R_PKCS12_CIPHERFINAL_ERRORCryptography_HAS_PROVIDERS ERR_LIB_PROVPROV_R_BAD_DECRYPTanyr&_errors_with_text)rrerrors_with_texts` rbrz!Backend._handle_key_loading_errorsV%%''*   1I ' ' %ty'B  # ay** ( ; #  4# 1I//I*I0#  ?@@ @            @AA A '8@@ 4!  racurvecf ||}n#t$r|jj}YnwxYw|j|}||jjkr|dS|||jjk|j |dS)NFT) _elliptic_curve_to_nidrrt NID_undefEC_GROUP_new_by_curve_namerrrrr EC_GROUP_free)rr) curve_nidgroups rbelliptic_curve_supportedz Backend.elliptic_curve_supporteds ,33E::II# , , , +III , 44Y?? DIN " "  " " "5    TY-@ @ A A A I # #E * * *4s 11signature_algorithmcdt|tjsdS||Sr)rr,ECDSAr1)rr2r)s rb,elliptic_curve_signature_algorithm_supportedz4Backend.elliptic_curve_signature_algorithm_supporteds2 -rx88 5,,U333racl||rn||}|j|}||dk||}t |||Std|j tj )z@ Generate a new private key on the named curve. rmz#Backend object does not support {}.) r1_ec_key_new_by_curvertEC_KEY_generate_keyr_ec_cdata_to_evp_pkeyrrrrrUNSUPPORTED_ELLIPTIC_CURVE)rr)r~rr5s rb#generate_elliptic_curve_private_keyz+Backend.generate_elliptic_curve_private_keys  ( ( / / 0077H)//99C   q ) ) )11(;;H+D(HEE E&5<rr5s rb#load_elliptic_curve_private_numbersz+Backend.load_elliptic_curve_private_numberss',,V\:: OOG1 2 2DI4K  i..xGG !88  " " ".// / 66 fh   --h77'hAAArac||j}|||j|j||}t |||Sr)r7r)rArrr9r)rr:r~r5s rb"load_elliptic_curve_public_numbersz*Backend.load_elliptic_curve_public_numbers0sc,,W];; 66 gi   --h77&tXx@@@ra point_bytesc  ||}|j|}|||jjk|j|}|||jjk|j||jj}| 5}|j |||t||}|dkr#| td dddn #1swxYwY|j||}||dk||}t!|||S)Nrmz(Invalid public bytes for the given curve)r7rtEC_KEY_get0_grouprrrr EC_POINT_newr/ EC_POINT_free _tmp_bn_ctxEC_POINT_oct2pointrrrEC_KEY_set_public_keyr9r) rr)rFr~r0pointbn_ctxrr5s rb load_elliptic_curve_public_bytesz(Backend.load_elliptic_curve_public_bytes;s,,U33 ++H55 ETY^3444 &&u-- ETY^3444 UDI$;<<      M6)..uk3{+;+;VCaxx$$&&& !KLLL  M M M M M M M M M M M M M M Mi--h>> C1H%%%--h77&tXx@@@s AD++D/2D/r>c ||}||\}}|j|}|||jjk|j||jj}| |}|j||jj }| 5}|j ||||jj|jj|} || dk|j |} |j |} |||| | |} | dkr#|td dddn #1swxYwY|j||} || dk| |} |j| |jj } |j|| } || dk||} t'||| S)Nrmz'Unable to derive key from private_value)r7 _ec_key_determine_group_get_funcrtrIrrrrr/rJr)r?rK EC_POINT_mul BN_CTX_getrrrMr@r9r)rr>r)r~get_funcr0rNvaluerOrbn_xbn_yprivater5s rb!derive_elliptic_curve_private_keyz)Backend.derive_elliptic_curve_private_keyQs,,U33??II% &&u-- ETY^3444 UDI$;<< .. UDI$;<<      L6)((ueTY^TY^VC   q ) ) )9''//D9''//D(5%tV<> C1H%%%//-00),,w (?@@i..xAA C1H%%%--h77'hAAAsB9F$$F(+F(cV||}||Sr)r+_ec_key_new_by_curve_nid)rr)r/s rbr7zBackend._ec_key_new_by_curvexs)//66 ,,Y777rar/c|j|}|||jjk|j||jjSr)rtEC_KEY_new_by_curve_namerrrrr/ry)rr/r~s rbr\z Backend._ec_key_new_by_curve_nid|sO955i@@ H 6777y||Hdi&;<<> I(():):)<)<==  + + +&6==ejII3 rac#|K|j}|||jjk|j||jj}|j| |V|j|dS#|j|wxYwr) rt BN_CTX_newrrrrr/ BN_CTX_free BN_CTX_start BN_CTX_end)rrOs rbrKzBackend._tmp_bn_ctxs%%'' Fdin4555fdi&;<< v&&& )LLL I  ( ( ( ( (DI  ( ( ( (s ?BB;c|||jjk|jd}|||jjk|j|}|||jjk|j|}|||jjk|j|}|||jjk||kr|jj r |jj }n |jj }|sJ||fS)zu Given an EC_KEY determine the group and what function is required to get point coordinates. scharacteristic-two-field) rrrrrtrkr,rHEC_GROUP_method_ofEC_METHOD_get_field_typeCryptography_HAS_EC2M$EC_POINT_get_affine_coordinates_GF2m#EC_POINT_get_affine_coordinates_GFp)rr nid_two_fieldr0methodnidrUs rbrRz(Backend._ec_key_determine_group_get_funcs* C49>1222 ,,-HII  MTY-@@AAA ++C00 ETY^3444--e44 Fdin4555i0088 C49#66777 -  DI$C yEHHyDHrarrc|dks|dkrtd|j|||jj}|j|||jj}|j|||}|dkr#|tddS)zg Sets the public key point in the EC_KEY context to the affine x and y values. rz2Invalid EC key. Both x and y must be non-negative.rmr=N)rrrr/r)rtr1(EC_KEY_set_public_key_affine_coordinatesr)rrrrrs rbrAz1Backend._ec_key_set_public_key_affine_coordinatess q55AEED  ILL++TY-> ? ? ILL++TY-> ? ?i@@aKK !88  " " ".// / 8raencodingrencryption_algorithmc<t|tjstdt|tjstdt|tjstdt|tjrd}nt|tjr*|j}t|dkrtdnQt|tj r(|j |cxurtjj ur nn|j}ntd|tjjurf|tjjur |jj}n/|tjjur |jj}ntd||||S|tjjur|jr)t|tjstd |j|} |tjjur}| |jjkr |jj}nI| |jjkr |jj}n,| |jjkr |jj}ntd ||||S|tjjur|rtd | |jjkr |jj}nI| |jjkr |jj}n,| |jjkr |jj }ntd |!||Std |tjj ur8|tjjurtEj#|||Std td)N/encoding must be an item from the Encoding enumz2format must be an item from the PrivateFormat enumzBEncryption algorithm must be a KeySerializationEncryption instanceraizBPasswords longer than 1023 bytes are not supported by this backendzUnsupported encryption typezUnsupported encoding for PKCS8zCEncrypted traditional OpenSSL format is not supported in FIPS mode.z+Unsupported key type for TraditionalOpenSSLzDEncryption is not supported for DER encoded traditional OpenSSL keysz+Unsupported encoding for TraditionalOpenSSLz=OpenSSH private key format can only be used with PEM encodingformat is invalid with this key)$rr(rr PrivateFormatKeySerializationEncryption NoEncryptionBestAvailableEncryptionrerr_KeySerializationEncryption_formatOpenSSHPKCS8PEMrtPEM_write_bio_PKCS8PrivateKeyri2d_PKCS8PrivateKey_bio_private_key_bytes_via_bioTraditionalOpenSSLrwrkrlPEM_write_bio_RSAPrivateKeyrtPEM_write_bio_DSAPrivateKeyrwPEM_write_bio_ECPrivateKeyrri2d_ECPrivateKey_bioi2d_DSAPrivateKey_bio_bio_func_outputrR_serialize_ssh_private_key) rr~rrrr5cdatare write_bior|s rb_private_key_byteszBackend._private_key_bytess(M$:;; OMNN N&-"=>> D  -"J     *M,F G G <HH  -"G   <,4H8}}t## #$ $m&O   <%,3333*233333,4HH:;; ; ]06 6 6=1555 IC ]3777 I=  !ABBB228X  ]0C C C! *$m&@++ !.y,,X66H=1555ty555 $ EII!777 $ EII!666 $ DII$E66uh=1555$3ty555 $ ?II!666 $ >II!777 $ ?II$E,,Y>>>JKK K ]08 8 8=15555#7% :;;;rac |s |jj}n|jd}|||||t ||jj|jjS)Ns aes-256-cbc)rrrrtEVP_get_cipherbynamerr)rrr5rers rbrz"Backend._private_key_bytes_via_bioWsh HJJ77GGJ$$     MM IN IN   rac|}||g|R}||dk||Sr)r^rrc)rrargsrYrs rbrzBackend._bio_func_outputhsV%%''i#d### C1H%%%!!#&&&ract|tjstdt|tjstd|tjjure|tjjur |jj}n/|tjj ur |jj }ntd| ||S|tjj ur|j|}||jjkrtd|tjjur |jj}n/|tjj ur |jj}ntd| ||S|tjjur6|tjjurt'j|Stdtd)Nrz1format must be an item from the PublicFormat enumz8SubjectPublicKeyInfo works only with PEM or DER encodingz+PKCS1 format is supported only for RSA keysz)PKCS1 works only with PEM or DER encodingz1OpenSSH format must be used with OpenSSH encodingr)rr(rr PublicFormatSubjectPublicKeyInforrtPEM_write_bio_PUBKEYri2d_PUBKEY_biorrPKCS1rkrlPEM_write_bio_RSAPublicKeyrrrRserialize_ssh_public_key)rr~rrr5rrr|s rb_public_key_byteszBackend._public_key_bytesns(M$:;; OMNN N&-"<== C  ]/D D D=1555 I: ]3777 I4  N((H== = ]/5 5 5y,,X66H49111 !NOOO=1555 I@ ]3777 I:  !LMMM((E:: : ]/7 7 7=19993C888C  :;;;rac|jj Srrtrprs rb dh_supportedzBackend.dh_supported9666ra generatorc|tjkr,tdtj|dvrtd|j}|||jjk|j ||jj }|j ||||jj}||dkt||S)Nz$DH key_size must be at least {} bits)zDH generator must be 2 or 5rm) r*_MIN_MODULUS_SIZErrrtDH_newrrrrr/r{DH_generate_parameters_exr )rrr+dh_param_cdatars rbgenerate_dh_parameterszBackend.generate_dh_parameterss b* * *6==(  F " ":;; ;))++ Ndin<===ndi6GHHi11 Hi   C1H%%%T>222rac|}|j||}||dk|Sr)rPrtEVP_PKEY_set1_DHr)rrr5rs rb_dh_cdata_to_evp_pkeyzBackend._dh_cdata_to_evp_pkeysG++--i((8<< C1H%%%ract|j|}|j|}||dk||}t |||Sr)r _dh_cdatartDH_generate_keyrrr )rr dh_key_cdatarr5s rbgenerate_dh_private_keyzBackend.generate_dh_private_keyso&  $  i'' 55 C1H%%%--l;;T<:::racT||||Sr)rr)rrr+s rb&generate_dh_private_key_and_parametersz.Backend.generate_dh_private_key_and_parameterss/++  ' ' 8 < <   racP|jj}|j}|||jjk|j||jj}| |j }| |j }|j | |j }n |jj}| |jj }| |j}|j||||} || dk|j|||} || dk|jdd} |j|| } || dk| ddkr3|j dkr| d|jjz dkst)d||} t-||| S)Nrmint[]rrz.DH private numbers did not pass safety checks.)rCrrtrrrrrr/r{r)r=rr>rr DH_set0_pqg DH_set0_keyrCryptography_DH_checkDH_NOT_SUITABLE_GENERATORrrr ) rr:rrr=rr>rrrcodesr5s rbload_dh_private_numberszBackend.load_dh_private_numberss$2D9##%% H 67779<<$)*;<< OO-/ 0 0 OO-/ 0 0   * 1 344AA A//'"8":;;??79--i##HaA66 C1H%%%i##Hgx@@ C1H%%% gq))i--h>> C1H%%% 8q==  1 $ $a49>>!CCMNN N--h77T8X666rac|j}|||jjk|j||jj}|j}||j }||j }|j ||j }n |jj}||j }|j ||||}||dk|j|||jj}||dk||} t!||| Sr)rtrrrrrr/r{rr)r=rr>rrrrr) rr:rrr=rr>rrr5s rbload_dh_public_numberszBackend.load_dh_public_numbers sJ9##%% H 67779<<$)*;<<#5 OO-/ 0 0 OO-/ 0 0   * 1 344AA A//'),,i##HaA66 C1H%%%i##Hgty~FF C1H%%%--h77D(H555rac|j}|||jjk|j||jj}||j}||j }|j ||j }n |jj}|j ||||}||dkt||Sr) rtrrrrrr/r{r)r=rr>rr )rr:rr=rr>rs rbload_dh_parameter_numbersz!Backend.load_dh_parameter_numbers(s9##%% H 67779<<$)*;<< OOGI & & OOGI & & 9  **AA Ai##HaA66 C1H%%%T8,,,rar=rr>c|j}|||jjk|j||jj}||}||}|||}n |jj}|j||||}||dk|j dd}|j ||}||dk|ddkS)Nrmrr) rtrrrrrr/r{r)rrr)rr=rr>rrrs rbdh_parameters_supportedzBackend.dh_parameters_supported<s9##%% H 67779<<$)*;<< OOA   OOA   =""AA Ai##HaA66 C1H%%% gq))i--h>> C1H%%%Qx1}rac"|jjdkSr)rtrrs rbdh_x942_serialization_supportedz'Backend.dh_x942_serialization_supportedTsy6!;;ract|dkrtd|}|j||jj}||dk|j||t|}||dkt||S)N z%An X25519 public key is 32 bytes longrm) rrrPrtEVP_PKEY_set_type NID_X25519rEVP_PKEY_set1_tls_encodedpointr#)rrTr5rs rbx25519_load_public_bytesz Backend.x25519_load_public_bytesWs t99??DEE E++--i))(DI4HII C1H%%%i66 dCII   C1H%%%h///racdt|dkrtdd}|d5}||dd<||dd<||}|j|j|jj}dddn #1swxYwY| ||jjk|j ||jj }| |j ||jj kt||S)Nrz&An X25519 private key is 32 bytes longs0.0+en" 0r)rr_zeroed_bytearrayrYrtrrYrrrrr/rNrkrhr")rrT pkcs8_prefixbarYr5s rbx25519_load_private_bytesz!Backend.x25519_load_private_bytesfsg& t99??EFF FB  # #B ' ' M2#BqtHBrssG$$R((Cy33CGTY^LLH  M M M M M M M M M M M M M M M H 67779<<$)*ABB  I ! !( + +ty/H H   !x000sABBBc|j||jj}|||jjk|j||jj}|j|}||dk|jd}|j ||}||dk||d|jjk|j|d|jj }|S)Nrm EVP_PKEY **r) rtEVP_PKEY_CTX_new_idrrrrr/EVP_PKEY_CTX_freeEVP_PKEY_keygen_initrEVP_PKEY_keygenrN)rr{ evp_pkey_ctxr evp_ppkeyr5s rb_evp_pkey_keygen_gczBackend._evp_pkey_keygen_gcsy44S$).II  LDIN:;;;y||L$)2MNN i,,\:: C1H%%%IMM-00 i'' i@@ C1H%%% IaLDIN:;;;9<< ! di.EFFrac`||jj}t||Sr)rrtrr"rOs rbx25519_generate_keyzBackend.x25519_generate_keys*++DI,@AA x000rac.|jrdS|jj Sr)rwrtrors rbx25519_supportedzBackend.x25519_supporteds   59555racrt|dkrtd|j|jj|jj|t|}|||jjk|j||jj }t||S)N8z#An X448 public key is 56 bytes long) rrrtEVP_PKEY_new_raw_public_keyNID_X448rrrrr/rNr%rrTr5s rbx448_load_public_byteszBackend.x448_load_public_bytess t99??BCC C988 I  c$ii   H 67779<<$)*ABBdH---ract|dkrtd|j|}|j|jj|jj|t|}|||jjk|j ||jj }t||S)Nrz$An X448 private key is 56 bytes long) rrrrr rtEVP_PKEY_new_raw_private_keyrrrr/rNr$rrTrXr5s rbx448_load_private_byteszBackend.x448_load_private_bytess t99??CDD D9((..999 I  #d))   H 67779<<$)*ABBtX...rac`||jj}t||Sr)rrtrr$rOs rbx448_generate_keyzBackend.x448_generate_keys*++DI,>??tX...racH|jrdS|jj o |jj Sr)rwrt"CRYPTOGRAPHY_OPENSSL_LESS_THAN_111rprs rbx448_supportedzBackend.x448_supporteds2   5 < < 8I77 rac.|jrdS|jj Sr)rwrt#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111Brs rbed25519_supportedzBackend.ed25519_supporteds   59@@@ractjd|t|tjkrt d|j|jj|j j |t|}| ||j j k|j ||jj }t||S)NrTz&An Ed25519 public key is 32 bytes long)r _check_bytesrr-_ED25519_KEY_SIZErrtr NID_ED25519rrrrr/rNrrs rbed25519_load_public_bytesz!Backend.ed25519_load_public_bytess 64((( t991 1 1EFF F988 I !49>4T   H 67779<<$)*ABB x000ract|tjkrtdt jd||j|}|j |jj |jj |t|}| ||jj k|j ||jj}t||S)Nz'An Ed25519 private key is 32 bytes longrT)rr-rrrrrrr rtrrrrr/rNrrs rbed25519_load_private_bytesz"Backend.ed25519_load_private_bytess t991 1 1FGG G vt,,,9((..999 I !49>8SYY   H 67779<<$)*ABB!$111rac`||jj}t||Sr)rrtrrrOs rbed25519_generate_keyzBackend.ed25519_generate_keys*++DI,ABB!$111racH|jrdS|jj o |jj Sr)rwrtrrprs rbed448_supportedzBackend.ed448_supporteds2   5 = = 8I77 ractjd|t|tkrt d|j|jj|jj |t|}| ||jj k|j ||jj }t||S)NrTz$An Ed448 public key is 57 bytes long)rrrrrrtr NID_ED448rrrrr/rNrrs rbed448_load_public_byteszBackend.ed448_load_public_bytess 64((( t99 ' 'CDD D988 I s4yy   H 67779<<$)*ABBtX...ractjd|t|tkrt d|j|}|j|jj |jj |t|}| ||jj k|j ||jj }t||S)NrTz%An Ed448 private key is 57 bytes long)rrrrrrrr rtrrrrr/rNrrs rbed448_load_private_bytesz Backend.ed448_load_private_bytess vt,,, t99 ' 'DEE E9((..999 I 3t99   H 67779<<$)*ABBh///rac`||jj}t||Sr)rrtrrrOs rbed448_generate_keyzBackend.ed448_generate_keys*++DI,?@@h///rarDrc |jd|}|j|}|j|t ||t ||||t j|| } | dkrB|} d|z|zdz} td | | |j |ddS)Nr rmizJNot enough memory to derive key. These parameters require {} MB of memory.) rrrr rtEVP_PBE_scryptrrP _MEM_LIMITr MemoryErrorrr) rr rrrDr r=rrrr min_memorys rb derive_scryptzBackend.derive_scryptsimm-v66900>>i&&      II        !883355Fq11J$$*F:$6$6  y$$QQQ''ractj|}|jr ||jvrdS|dr|jjdkS|j||jj kS)NFs-sivrm) r_aead_cipher_namerw _fips_aeadendswithrt#CRYPTOGRAPHY_OPENSSL_300_OR_GREATERrrrr)rr cipher_names rbaead_cipher_supportedzBackend.aead_cipher_supported6sy,V44   +T_"D"D5    ( ( 9@AE E ..{;;ty~M rac#Kt|} |V|||dS#|||wxYw)z This method creates a bytearray, which we copy data into (hopefully also from a mutable buffer that can be dynamically erased!), and then zero when we're done. N) bytearray _zero_data)rrrs rbrzBackend._zeroed_bytearrayDsWv   (HHH OOB ' ' ' ' 'DOOB ' ' ' 's /Ac4t|D]}d||<dSr)range)rrTris rbrzBackend._zero_dataQs.v  ADGG  rac#K||jjVdSt|}|jd|dz}|j||| |V||jd||dS#||jd||wxYw)a This method takes bytes, which can be a bytestring or a mutable buffer like a bytearray, and yields a null-terminated version of that data. This is required because PKCS12_parse doesn't take a length with its password char * and ffi.from_buffer doesn't provide null termination. So, to support zeroing the data via bytearray we need to build this ridiculous construct that copies the memory, but zeroes it after use. Nrrmz uint8_t *)rrrrrmemmovercast)rrTdata_lenrs rb_zeroed_null_terminated_bufz#Backend._zeroed_null_terminated_bufXs <). 4yyH)--(Q,77C I  c4 2 2 2 L  {C @ @(KKKKK {C @ @(KKKKs B1Cc|||}|j|jr |jjndd|jDfS)Ncg|] }|j Sr`) certificaterrs rb zABackend.load_key_and_certificates_from_pkcs12..zs B B B$T  B B Bra) load_pkcs12rrr(additional_certs)rrTrepkcs12s rb%load_key_and_certificates_from_pkcs12z-Backend.load_key_and_certificates_from_pkcs12osP!!$11 J'-{ ?? ?"$ ?din , ,y||LOTY5LMMH//99C A;$). ( (9<< TY-@AADt,,HD224HHJTY^++y'' 33$Xt44D q>TY^ + +ill;q>493IJJG)'' A77C  = /96 / **"5::..  y..w::##DDIN$:;;;y||D$)*=>> OOD11  !Y66tTY^LL // $ 0 0 < >(3##Gty~$=>>>>).#/;2> >?? ? ;#c((a--inGGi0022Gill7DI,BCCGH 1 1b"344 2!/H"oobn==G99 6$"i77#["++C1H555 666666666666666#oob11G(((i,,Wg>>&&sax0000  - -h 7 7* <11$77 859MDOOD111ty~ ?"}HH#y~Hi--   $).((!1133F$, )'               < 9 ty~-- (( INE* * * * * * * * * * * * * * * X C49>1222ill3 566%%''i&&sC00 C!G$$$!!#&&&sJ,6K..K2 5K2 3R BP' R'P+ +R.P+ /A RR Rc4|jrdS|jjdkSr)rwrtCryptography_HAS_POLY1305rs rbpoly1305_supportedzBackend.poly1305_supportedm s"   5y2a77ractjd|t|tkrt dt ||S)NrzA poly1305 key is 32 bytes long)rrrrrr)rrs rbcreate_poly1305_ctxzBackend.create_poly1305_ctxr sF uc*** s88) ) )>?? ?c***rac|jj Srrrs rbpkcs7_supportedzBackend.pkcs7_supportedy rractjd|||}|j|j|jj|jj|jj}||jjkr#|td|j ||jj }| |SNrTzUnable to parse PKCS7 data) rrrYrtPEM_read_bio_PKCS7rYrrrrrr/ PKCS7_free_load_pkcs7_certificatesrrTrYp7s rbload_pem_pkcs7_certificatesz#Backend.load_pem_pkcs7_certificates| s 64(((  && Y ) ) GTY^TY^TY^       " " "9:: : Y\\"di2 3 3,,R000ractjd|||}|j|j|jj}||jjkr#|td|j ||jj }| |Srm) rrrYrt d2i_PKCS7_biorYrrrrrr/rorprqs rbload_der_pkcs7_certificatesz#Backend.load_der_pkcs7_certificates s 64(((  && Y $ $SWdin = =     " " "9:: : Y\\"di2 3 3,,R000rac:|j|j}|||jjk||jjkr-t d|tj g}|j j |j j kr|S|j j j}|j|}t!|D]}|j||}|||j j k|j|}||dk|j ||jj}||} || |S)NzNOnly basic signed structures are currently supported. NID for this data was {}rm)rt OBJ_obj2nidrrr,NID_pkcs7_signedrrrUNSUPPORTED_SERIALIZATIONr?signrrrrr5rr7 X509_up_refr/rrr) rrrr{certsr@r"r rrrs rbrpz Backend._load_pkcs7_certificates ski##BG,, C49#66777 $), , ,&((.s 2  )+ 49  & &L$).i##G,,s  A9**7A66D     6 7 7 7)''--C   q ) ) )9<<di&9::D??4((D LL     rar}ct|}|rtd|Dstd|tjjtjjfvrtd|j}|j ||jj }g}|D]`}| |}| ||j||}||dka|j|j j|j j||j j|jj}|} |tjjur(|j| ||j jd}n0|tjjusJ|j| |}||dk|| S)Nc3JK|]}t|tjVdSr)rr Certificater)s rbrz7Backend.pkcs7_serialize_certificates.. s@  37JtT- . .      raz.certs must be a list of certs with length >= 1z/encoding must DER or PEM from the Encoding enumrmr)listallrr(rrrrtrOrrr/r4rrrRr PKCS7_signr PKCS7_PARTIALr^PEM_write_bio_PKCS7_stream i2d_PKCS7_biorc) rr}r~certs_sk ossl_certsrrcrrrbio_outs rbpkcs7_serialize_certificatesz$Backend.pkcs7_serialize_certificates s U  NC  ;@      NLMM M   " &  " &   MNN N9--//9<<$)*@AA  * *D--I   i ( ( ()((9==C   q ) ) ) )Y ! ! IN IN  IN I #   ))++ }-1 1 1)66TY^QCC}599999)))'266C C1H%%%!!'***rabuilderoptionsc|jJ||j}|jj}d}t |jdkr |jj}n|j}|j ||jj }g}|jD]`} | | } | | |j || } || dkatjj|vr||jjz}||jjz}|j|jj|jj||jj|} || |jjk|j | |jj} d} tjj|vr| |jjz} n"tjj|vr| |jjz} tjj|vr| |jjz} |jD]v\}}}| |} ||}|j| | |j|| }|||jjkw|D]G}|tjjur||jj z}%|tjj!ur||jj"z}H|#}|tHj%j&ur#|j'|| |j(|} n|tHj%j)ur]|j*| |j(|} || dk|j+|| |j(|} n|tHj%j,usJ|j*| |j(|} || dk|jj-r|.|j/|| } || dk|0|S)Nrrm)1_datarYrtrr_additional_certsrrrrOr/r4rrrRrrQ PKCS7OptionsDetachedSignaturePKCS7_DETACHEDrroNoCapabilitiesPKCS7_NOSMIMECAP NoAttributes PKCS7_NOATTRNoCerts PKCS7_NOCERTS_signersrPKCS7_sign_add_signerrText PKCS7_TEXTBinary PKCS7_BINARYr^r(rSMIMESMIME_write_PKCS7rYr PKCS7_finalrrrrrrc)rrr~rrY init_flags final_flagsr}rrrcrrr signer_flagsr( private_keyhash_algorithmmd p7signerinfooptionrs rb pkcs7_signzBackend.pkcs7_sign s7 }(((  //Y,  w( ) )Q . .INEEI..00EILL (>??EJ1 . . OOD11 !!),,,i,,UI>>##C1H----   /7 : : $)2 2J 493 3KY ! ! IN IN  IN     B$).0111 Y\\"di2 3 3    , 7 7 DI6 6LL   , 7 7 DI2 2L   % 0 0 DI3 3L8?8H @ @ 4Kn 44I55nEEB9::% L      > ? ? ? ? 6 6F+000ty33 5-444ty55 ))++ }-3 3 3)--SWkCC/3 3 3)''CG[AAC   q ) ) ))66SWkCC}599999)''CG[AAC   q ) ) )y< '$$&&&)))'266C C1H%%%!!'***rar)rN)r]r^r___doc__rrr;rr'rrrr SHA512_224 SHA512_256SHA3_224SHA3_256SHA3_384SHA3_512SHAKE128SHAKE256rr, SECP224R1 SECP256R1 SECP384R1 SECP521R1r`_fips_rsa_min_key_size_fips_rsa_min_public_exponent_fips_dsa_min_modulus_fips_dh_min_key_size_fips_dh_min_modulusrstrrrtypingOptionalListr& _OpenSSLErrorrrvrr contextlibrrr~rrrrbytes HashAlgorithmrrrrrrrr HashContextrr:rMrrryr rrrrr_OpenSSLErrorWithTextrr!r)r/ RSAPrivateKeyr6r9RSAPrivateNumbersrHRSAPublicNumbers RSAPublicKeyrKrPr3rYr^rcr7rr8rrr)rr+ DSAParametersr DSAPrivateKeyrrrDSAPrivateNumbersrDSAPublicNumbers DSAPublicKeyrDSAParameterNumbersrrrrrr9r rrrr* DHParametersrrsrrrrrAnyrrCertificateSigningRequestrrCertificateRevocationListrrr6rr rrNoReturnr EllipticCurver1EllipticCurveSignatureAlgorithmr5EllipticCurvePrivateKeyr;EllipticCurvePrivateNumbersrCEllipticCurvePublicNumbersEllipticCurvePublicKeyrErPrZr7r\rarbr9r+rKrRrAr(rrrrrrrrrrr DHPrivateKeyrrDHPrivateNumbersrDHPublicNumbers DHPublicKeyrDHParameterNumbersrrrr0X25519PublicKeyrX25519PrivateKeyrrrrr1 X448PublicKeyrX448PrivateKeyrrrrr-Ed25519PublicKeyrEd25519PrivateKeyrrrr.Ed448PublicKeyrEd448PrivateKeyr r rrIteratorrrrr%Tupler.rUr+rVrWrdrgrrirkrsrvrprrQPKCS7SignatureBuilderrrr`rarbrdrds D JFM      L     "$)!I  55:::( #    GKEE E G,A BCE  EEEE $    5555 . . . .***& * * * *55555 c    /////22%+%92 2222 0D    9M ((<(((((.-. ....:$:::: .(<.....---  ---- , ,d ,t , , , ,>>>2222hK%K-1K KKKK K%K-1K KKKK .v/C.....('(( (  (  ( ((((02W-B!C2222< W2 3<<<<     c" " .1     , " .1     " ," " " " " H 8+ 8  8 8 8 8  K% K K K K    E    >@4E>@>@>@>@@8@3C8@8@8@8@t  f.B  t     ->4&))8I))))0 3+ 3  3 3 3 399 9999 &&& 9,9 9999*8+8 8888&/./ ////  &t&&&&8F,@8T8888  T    -)=-,----  %+_U%;     (1(12B(1(1(1(1T - -"/ - - - -%+_U%; *&112B1111.))"/))))(t/FJLvzLd.>LLLL T; D D 'DDDDT; D D 'DDDD  +8  4 1      7773&3&3&j-6?----^b.>4 4? 4 4  4 4 4 4% #,B5B #BBBB. A4 A " A A A AA%A49A "AAAA,%B %B)+)9%B #%B%B%B%BN8"*:8888=#====    )+)9        B,<"))^)8000000$x<(x<+x<,F x< x<x<x<xr?r@rArBrCrDrErF,cryptography.hazmat.primitives.ciphers.modesrGrHrIrJrKrLrMrNrO"cryptography.hazmat.primitives.kdfrP,cryptography.hazmat.primitives.serializationrQrR3cryptography.hazmat.primitives.serialization.pkcs12rSrTrUrVrW namedtuplerXr\rdrrrSr`rarbrs  %%%%%%$$$$$$$$BBBBBBBB555555GGGGGGBBBBBB   EDDDDDBBBBBB988888@@@@@@@@HHHHHH                                                                        655555CCCCCCCC$[ #L5*2E F F         }&+}&+}&+}&+}&+}&+}&+}&+@N2JWJcJJJJ '))ra