U §òcc*‹ã@s¸ddlZddlZddlZddlZddlZddlmZddlmZmZddl m Z m Z ddl m Z ddlmZddlmZddlmZmZmZmZdd lmZmZmZdd lmZmZdd lmZm Z dd l!m"Z"m#Z#m$Z$dd l%m&Z&ddl'm(Z(ddl)m*Z*m+Z+ddl,m-Z-m.Z.ddl/m0Z0m1Z1ddl2m3Z3m4Z4ddl5mZ6ddl7m8Z8ddl9m:Z:m;Z;ddlm?Z?m@Z@mAZAmBZBmCZCmDZDmEZEmFZFddlGmHZHmIZImJZJmKZKddlLmMZMmNZNmOZOddlPmQZQmRZRddlSmTZTmUZUmVZVmWZWmXZXmYZYmZZZm[Z[m\Z\m]Z]m^Z^m_Z_ddl`maZambZbmcZcmdZdmeZemfZfmgZgmhZhmiZiddljmkZkddllmmZmmnZnddlompZpmqZqmrZrmsZsmtZte ud d!d"g¡ZvGd#d$„d$ƒZwGd%d&„d&ƒZxGd'd(„d(ƒZyexeTd)œd*d+„ZzexƒZ{dS),éN)Úcontextmanager)ÚutilsÚx509)ÚUnsupportedAlgorithmÚ_Reasons)Úaead)Ú_CipherContext©Ú _CMACContext)Ú _DHParametersÚ _DHPrivateKeyÚ _DHPublicKeyÚ_dh_params_dup)Ú_DSAParametersÚ_DSAPrivateKeyÚ _DSAPublicKey)Ú_EllipticCurvePrivateKeyÚ_EllipticCurvePublicKey)Ú_Ed25519PrivateKeyÚ_Ed25519PublicKey)Ú_ED448_KEY_SIZEÚ_Ed448PrivateKeyÚ_Ed448PublicKey©Ú _HashContext©Ú _HMACContext)Ú_POLY1305_KEY_SIZEÚ_Poly1305Context)Ú_RSAPrivateKeyÚ _RSAPublicKey)Ú_X25519PrivateKeyÚ_X25519PublicKey)Ú_X448PrivateKeyÚ_X448PublicKey)r)Úbinding)ÚhashesÚ serialization)ÚAsymmetricPadding)ÚdhÚdsaÚecÚed25519Úed448ÚrsaÚx25519Úx448)ÚMGF1ÚOAEPÚPKCS1v15ÚPSS)Ú#CERTIFICATE_ISSUER_PUBLIC_KEY_TYPESÚPRIVATE_KEY_TYPESÚPUBLIC_KEY_TYPES)ÚBlockCipherAlgorithmÚCipherAlgorithm) ÚAESÚAES128ÚAES256ÚARC4ÚCamelliaÚChaCha20ÚSM4Ú TripleDESÚ_BlowfishInternalÚ_CAST5InternalÚ _IDEAInternalÚ _SEEDInternal) ÚCBCÚCFBÚCFB8ÚCTRÚECBÚGCMÚModeÚOFBÚXTS)Úscrypt)Úpkcs7Ússh)ÚPBESÚPKCS12CertificateÚPKCS12KeyAndCertificatesÚ_ALLOWED_PKCS12_TYPESÚ_PKCS12_CAS_TYPESÚ _MemoryBIOÚbioZchar_ptrc@s eZdZdS)Ú_RC2N)Ú__name__Ú __module__Ú __qualname__©r]r]úf/var/www/html/project/venv/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/backend.pyrYƒsrYc @sf eZdZdZdZddddddhZefZej ej ej ej ej ejejejejejejejf ZejejejejfZd Zd Zd d >Zd Zd e>Z d d „Z!e"dœdd„Z#dDe$e%j&e%j'e(j)ddœdd„Z*e$dœdd„Z+ddœdd„Z,ddœdd„Z-e.j/dd„ƒZ0ddœdd„Z1e"dœdd „Z2e"dœd!d"„Z3e4dœd#d$„Z5e6ej7e8d%œd&d'„Z9ej7d(œd)d*„Z:ej7d(œd+d,„Z;ej7e$d-œd.d/„Zej7e$d-œd4d5„Z?ej7ej@d-œd6d7„ZAeBeCe$d8œd9d:„ZDd;d<„ZEddœd=d>„ZFeBeCeGd8œd?d@„ZHeBeCeGd8œdAdB„ZIej7e$d-œdCdD„ZJej7e4e6e4e6e6dEœdFdG„ZKe%j'e(j)dœdHdI„ZLe%j'e(jMdœdJdK„ZNe4dœdLdM„ZOdEe4dNœdOdP„ZPe4e4eQjRdQœdRdS„ZSe4e4e$dQœdTdU„ZTeQjUeQjRdVœdWdX„ZVeQjWeQjXdVœdYdZ„ZYd[d\„ZZd]d^„Z[e6d_œd`da„Z\dbdc„Z]e6dœddde„Z^e_dœdfdg„Z`eadœdhdi„Zbej7e$d-œdjdk„Zcede$dlœdmdn„Zee4efjgdoœdpdq„Zhefjgefjidrœdsdt„Zje4efjidoœdudv„Zkdwdx„ZlefjmefjidVœdydz„ZnefjoefjpdVœd{d|„ZqefjrefjgdVœd}d~„Zsdd€„Zte$dœdd‚„Zuej7e$d-œdƒd„„Zve$dœd…d†„Zwexeyd-œd‡dˆ„Zze6e%j&e6e_d‰œdŠd‹„Z{e6eadŒœddŽ„Z|e6e}j~dŒœdd„Ze6e%j&e6e_d‰œd‘d’„Z€d“d”„Ze6eadŒœd•d–„Z‚e6e}j~dŒœd—d˜„Zƒe„j…e%j†d™œdšd›„Z‡e%j†e„j…dœœddž„Zˆe„j‰e%j†dŸœd d¡„ZŠe%j†e„j‰d¢œd£d¤„Z‹e„jŒe%j†d¥œd¦d§„Ze%j†e„jŒd¨œd©dª„ZŽe„jŒee$d«œd¬d­„Ze„j‰e$dŸœd®d¯„Z‘d°d±„Z’d²d³„Z“e%j”dœd´dµ„Z•ej–e$d¶œd·d¸„Z—ej˜ej–e$d¹œdºd»„Z™ej–ejšd¶œd¼d½„Z›ejœejšdVœd¾d¿„ZejžejŸdVœdÀdÁ„Z ej–e6ejŸdÂœdÃdÄ„Z¡e4ej–ejšdÅœdÆdÇ„Z¢ej–dÈœdÉdÊ„Z£e4dËœdÌdÍ„Z¤ej¥ej–e$dÎœdÏdЄZ¦dÑdÒ„Z§ej–e4d¶œdÓdÔ„Z¨e/dÕdÖ„ƒZ©d×dØ„Zªe4e4dÙœdÚdÛ„Z«e¬j­e¬j®e¬j¯e6dÜœdÝdÞ„Z°dßdà„Z±dádâ„Z²e¬j­e¬j³e6dãœdädå„Z´e$dœdædç„Zµe4e4e}j~dèœdédê„Z¶dëdì„Z·e}j~e}j¸drœdídî„Z¹e4e4e}j¸dèœdïdð„Zºe}j»e}j¸dVœdñdò„Z¼e}j½e}j¾dVœdódô„Z¿e}jÀe}j~dVœdõdö„ZÁdFe4e4e%j&e4e$d÷œdødù„ZÂe$dœdúdû„ZÃe6eÄjÅdŒœdüdý„ZÆe6eÄjÇdŒœdþdÿ„ZÈdd„ZÉeÄjÇdœdd„ZÊe$dœdd„ZËe6eÌjÍdŒœdd„ZÎe6eÌjÏdŒœdd „ZÐeÌjÏdœd d „ZÑe$dœd d „ZÒe$dœdd„ZÓe6eÔjÕdŒœdd„ZÖe6eÔj×dŒœdd„ZØeÔj×dœdd„ZÙe$dœdd„ZÚe6eÛjÜdŒœdd„ZÝe6eÛjÞdŒœdd„ZßeÛjÞdœdd„Zàe6e6e4e4e4e4e6dœdd „Záe$dœd!d"„Zâe.j/e4e%jãeäd#œd$d%„ƒZåe4dd#œd&d'„Zæe.j/d(d)„ƒZçe6e%j&e6e%jèe%j&e_e%j&e„j…e%j'e„j…fd‰œd*d+„Zée6e%j&e6eêd‰œd,d-„Zëe%j&e6e%j&eìe%j&e„j…e%j&e%j'eíe¬j¯e6d.œd/d0„Zîe$dœd1d2„Zïe6eðd3œd4d5„Zñe$dœd6d7„Zòe6e%j'e„j…dŒœd8d9„Zóe6e%j'e„j…dŒœd:d;„Zôd<d=„Zõe%j'e„j…e¬j­d>œd?d@„Zöe÷jøe¬j­e%j'e÷jùe6dAœdBdC„ZúdS(GÚBackendz) OpenSSL API binding interfaces. Zopenssls aes-128-ccms aes-192-ccms aes-256-ccms aes-128-gcms aes-192-gcms aes-256-gcméiécCsˆt ¡|_|jj|_|jj|_d|_| ¡|_ i|_ |  ¡|j rX|jj rXt  dt¡n| ¡|jjg|_|jjr„|j |jj¡dS)NFz)ÚformatÚopenssl_version_textrirtr]r]r^Ú__repr__ÍsÿzBackend.__repr__N)ÚokÚerrorsrwcCstj|j||dS)N)r|)r%Z_openssl_assertrf)rur{r|r]r]r^Úopenssl_assertÒszBackend.openssl_assertcCsH|jjr|j |jj¡}nt|jddd„ƒƒ}|dkr@|j ¡t|ƒS)NZ FIPS_modecSsdS©Nrr]r]r]r]r^Úßóz*Backend._is_fips_enabled..r)rfZCryptography_HAS_300_FIPSZ&EVP_default_properties_is_fips_enabledrdÚNULLÚgetattrZERR_clear_errorÚbool)ruÚmoder]r]r^rhÙsÿ zBackend._is_fips_enabledcCs$|j ¡| ¡st‚| ¡|_dS©N)rbÚ _enable_fipsrhÚAssertionErrorrirtr]r]r^r†æs  zBackend._enable_fipscCsf|jjrb|j ¡}||jjkrb|j |¡|j |jj¡}| |dk¡|j |¡}| |dk¡dS©Nra) rfrlZENGINE_get_default_RANDrdrZENGINE_unregister_RANDÚRAND_set_rand_methodr}Ú ENGINE_finish©ruÚeÚresr]r]r^Úactivate_builtin_randomís    zBackend.activate_builtin_randomc cs‚|j |jj¡}| ||jjk¡|j |¡}| |dk¡z |VW5|j |¡}| |dk¡|j |¡}| |dk¡XdSrˆ) rfZ ENGINE_by_idZCryptography_osrandom_engine_idr}rdrZ ENGINE_initZ ENGINE_freerŠr‹r]r]r^Ú_get_osurandom_engineús    zBackend._get_osurandom_enginec Cs`|jjr\| ¡| ¡ }|j |¡}| |dk¡W5QRX|j |jj¡}| |dk¡dSrˆ) rfrlrŽrZENGINE_set_default_RANDr}r‰rdrr‹r]r]r^rps  z Backend.activate_osrandom_enginec Cs`|j dd¡}| ¡2}|j |dt|ƒ||jjd¡}| |dk¡W5QRX|j |¡  d¡S)Núchar[]é@sget_implementationrÚascii) rdÚnewrrfZENGINE_ctrl_cmdÚlenrr}ÚstringÚdecode)ruÚbufrŒrr]r]r^Úosrandom_engine_implementations ÿz&Backend.osrandom_engine_implementationcCs|j |j |jj¡¡ d¡S)zÀ Friendly string name of the loaded OpenSSL library. This is not necessarily the same version as it was compiled against. Example: OpenSSL 1.1.1d 10 Sep 2019 r’)rdr•rfZOpenSSL_versionÚOPENSSL_VERSIONr–rtr]r]r^ry#s ÿþzBackend.openssl_version_textcCs |j ¡Sr…)rfZOpenSSL_version_numrtr]r]r^Úopenssl_version_number.szBackend.openssl_version_number)ÚkeyÚ algorithmrwcCs t|||ƒSr…r)rur›rœr]r]r^Úcreate_hmac_ctx1szBackend.create_hmac_ctx)rœcCsL|jdks|jdkr0d |j|jd¡ d¡}n |j d¡}|j |¡}|S)NÚblake2bÚblake2sz{}{}ér’)ÚnamerxÚ digest_sizeÚencoderfZEVP_get_digestbyname)rurœÚalgÚevp_mdr]r]r^Ú_evp_md_from_algorithm6sÿþ  zBackend._evp_md_from_algorithmcCs | |¡}| ||jjk¡|Sr…)r¦r}rdr©rurœr¥r]r]r^Ú_evp_md_non_null_from_algorithmAs z'Backend._evp_md_non_null_from_algorithm)rœrwcCs,|jrt||jƒsdS| |¡}||jjkS©NF)riÚ isinstanceÚ _fips_hashesr¦rdrr§r]r]r^Úhash_supportedFs zBackend.hash_supportedcCs |jrt|tjƒrdS| |¡Sr©©rirªr&ÚSHA1r¬©rurœr]r]r^Úsignature_hash_supportedMsz Backend.signature_hash_supportedcCs|jr dS|jjdkSdS©NFra)rirfZCryptography_HAS_SCRYPTrtr]r]r^Úscrypt_supportedVszBackend.scrypt_supportedcCs |jrt|tjƒrdS| |¡S)NTr­r¯r]r]r^Úhmac_supported\szBackend.hmac_supportedcCs t||ƒSr…rr¯r]r]r^Úcreate_hash_ctxcszBackend.create_hash_ctx)Úcipherr„rwcCs`|jrt||jƒsdSz|jt|ƒt|ƒf}Wntk rFYdSX||||ƒ}|jj|kSr©)rirªÚ _fips_ciphersrjÚtypeÚKeyErrorrdr)rurµr„ÚadapterÚ evp_cipherr]r]r^Úcipher_supportedhs  zBackend.cipher_supportedcCs0||f|jkrtd ||¡ƒ‚||j||f<dS)Nz"Duplicate registration for: {} {}.)rjÚ ValueErrorrx)ruÚ cipher_clsÚmode_clsr¹r]r]r^Úregister_cipher_adaptervsÿÿzBackend.register_cipher_adaptercCsŽtttfD].}ttttttt fD]}|  ||t dƒ¡q q tttttfD]}|  t |t dƒ¡qHttttfD]}|  t |t dƒ¡ql|  t tt dƒ¡ttttfD]}|  t|t dƒ¡q¢ttttfD]}|  t|t dƒ¡qÆt ttgttttg¡D]\}}|  ||t dƒ¡qö|  ttdƒt dƒ¡|  ttdƒt dƒ¡|  ttdƒt d ƒ¡|  ttt¡tttttfD]}|  t|t d ƒ¡qpdS) Nz+{cipher.name}-{cipher.key_size}-{mode.name}zdes-ede3-{mode.name}zdes-ede3zbf-{mode.name}zseed-{mode.name}z{cipher.name}-{mode.name}Zrc4Zrc2Zchacha20zsm4-{mode.name})r:r;r<rFrIrJrMrGrHrKr¿ÚGetCipherByNamer>rArBrEÚ itertoolsÚproductrCrDr=r·rYr?rNÚ_get_xts_cipherr@)rur½r¾r]r]r^rkszÿýýÿÿÿÿ þ ýÿÿz!Backend._register_default_cipherscCst|||tjƒSr…)rZ_ENCRYPT©rurµr„r]r]r^Úcreate_symmetric_encryption_ctx³sz'Backend.create_symmetric_encryption_ctxcCst|||tjƒSr…)rZ_DECRYPTrÄr]r]r^Úcreate_symmetric_decryption_ctx¸sz'Backend.create_symmetric_decryption_ctxcCs | |¡Sr…)r³r¯r]r]r^Úpbkdf2_hmac_supported½szBackend.pbkdf2_hmac_supported)rœÚlengthÚsaltÚ iterationsÚ key_materialrwc Csh|j d|¡}| |¡}|j |¡}|j |t|ƒ|t|ƒ||||¡} | | dk¡|j |¡dd…S)Núunsigned char[]ra) rdr“r¨Ú from_bufferrfZPKCS5_PBKDF2_HMACr”r}Úbuffer) rurœrÈrÉrÊrËr—r¥Úkey_material_ptrrr]r]r^Úderive_pbkdf2_hmacÀs  ø zBackend.derive_pbkdf2_hmaccCs t |j¡Sr…)r%Ú_consume_errorsrfrtr]r]r^rÑØszBackend._consume_errorscCs t |j¡Sr…)r%Ú_consume_errors_with_textrfrtr]r]r^rÒÛsz!Backend._consume_errors_with_textcCsz||jjkst‚| |j |¡ ¡|j |¡}|j d|¡}|j ||¡}| |dk¡t   |j  |¡d|…d¡}|S)NrÌrÚbig) rdrr‡r}rfZBN_is_negativeZ BN_num_bytesr“Z BN_bn2binÚintÚ from_bytesrÎ)ruÚbnZ bn_num_bytesZbin_ptrZbin_lenÚvalr]r]r^Ú _bn_to_intàs zBackend._bn_to_int)ÚnumcCsn|dks||jjkst‚|dkr(|jj}| t| ¡ddƒd¡}|j |t|ƒ|¡}|  ||jjk¡|S)a  Converts a python integer to a BIGNUM. The returned BIGNUM will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. Ng @rarÓ) rdrr‡Úto_bytesrÔÚ bit_lengthrfZ BN_bin2bnr”r})rurÙrÖÚbinaryZbn_ptrr]r]r^Ú _int_to_bnìszBackend._int_to_bn)Úpublic_exponentÚkey_sizerwcCs”t ||¡|j ¡}| ||jjk¡|j ||jj¡}|  |¡}|j ||jj ¡}|j  ||||jj¡}| |dk¡|  |¡}t ||||jƒSrˆ)r.Z_verify_rsa_parametersrfÚRSA_newr}rdrÚgcÚRSA_freerÝÚBN_freeZRSA_generate_key_exÚ_rsa_cdata_to_evp_pkeyrrg)rurÞrßÚ rsa_cdatarÖrÚevp_pkeyr]r]r^Úgenerate_rsa_private_keyýs(   ÿ ÿz Backend.generate_rsa_private_keycCs|dko|d@dko|dkS)Nérarir])rurÞrßr]r]r^Ú!generate_rsa_parameters_supporteds  ÿýz)Backend.generate_rsa_parameters_supported)Únumbersrwc Cs6t |j|j|j|j|j|j|jj |jj ¡|j   ¡}|  ||jjk¡|j ||j j¡}| |j¡}| |j¡}| |j¡}| |j¡}| |j¡}| |j¡}| |jj ¡} | |jj ¡} |j  |||¡} |  | dk¡|j  || | |¡} |  | dk¡|j  ||||¡} |  | dk¡| |¡} t||| |jƒSrˆ)r.Z_check_private_key_componentsÚpÚqÚdÚdmp1Údmq1ÚiqmpÚpublic_numbersrŒÚnrfràr}rdrrárârÝZRSA_set0_factorsÚ RSA_set0_keyZRSA_set0_crt_paramsrärrg) rurêrårërìrírîrïrðrŒròrrær]r]r^Úload_rsa_private_numberssDø        ÿz Backend.load_rsa_private_numberscCst |j|j¡|j ¡}| ||jjk¡|j  ||jj ¡}|  |j¡}|  |j¡}|j  ||||jj¡}| |dk¡|  |¡}t|||ƒSrˆ)r.Z_check_public_key_componentsrŒròrfràr}rdrrárârÝrórär )rurêrårŒròrrær]r]r^Úload_rsa_public_numbers@s    zBackend.load_rsa_public_numberscCs2|j ¡}| ||jjk¡|j ||jj¡}|Sr…)rfZ EVP_PKEY_newr}rdrráÚ EVP_PKEY_free©rurær]r]r^Ú_create_evp_pkey_gcOs zBackend._create_evp_pkey_gccCs(| ¡}|j ||¡}| |dk¡|Srˆ)rørfZEVP_PKEY_set1_RSAr})rurårærr]r]r^räUszBackend._rsa_cdata_to_evp_pkey)ÚdatacCsH|j |¡}|j |t|ƒ¡}| ||jjk¡t|j ||jj ¡|ƒS)z® Return a _MemoryBIO namedtuple of (BIO, char*). The char* is the storage for the BIO and it must stay alive until the BIO is finished with. ) rdrÍrfZBIO_new_mem_bufr”r}rrWráÚBIO_free)rurùÚdata_ptrrXr]r]r^Ú _bytes_to_bio[s zBackend._bytes_to_biocCsP|j ¡}| ||jjk¡|j |¡}| ||jjk¡|j ||jj¡}|S)z. Creates an empty memory BIO. )rfZ BIO_s_memr}rdrZBIO_newrárú)ruZ bio_methodrXr]r]r^Ú_create_mem_bio_gchs   zBackend._create_mem_bio_gccCs\|j d¡}|j ||¡}| |dk¡| |d|jjk¡|j |d|¡dd…}|S)zE Reads a memory BIO. This only works on memory BIOs. zchar **rN)rdr“rfZBIO_get_mem_datar}rrÎ)rurXr—Úbuf_lenÚbio_datar]r]r^Ú _read_mem_bioss  zBackend._read_mem_bioc CsD|j |¡}||jjkrX|j |¡}| ||jjk¡|j ||jj¡}t ||||j ƒS||jj krä|jj sä|jj sä|jjsä|j |¡}| ||jjk¡|j ||jj¡}| ¡}|j ||¡}| |dk¡|j| |¡ddS||jjkr.|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS||jjkrx|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS||jkrÀ|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS|t|jddƒkrÞt ||ƒS|t|jddƒkrüt!||ƒS|t|jddƒkrt"||ƒS|t|jddƒkr8t#||ƒSt$dƒ‚dS) zd Return the appropriate type of PrivateKey given an evp_pkey cdata pointer. raN)ÚpasswordÚEVP_PKEY_ED25519Ú EVP_PKEY_X448ÚEVP_PKEY_X25519ÚEVP_PKEY_ED448úUnsupported key type.)%rfÚ EVP_PKEY_idÚ EVP_PKEY_RSAÚEVP_PKEY_get1_RSAr}rdrrárârrgÚEVP_PKEY_RSA_PSSÚCRYPTOGRAPHY_IS_LIBRESSLÚCRYPTOGRAPHY_IS_BORINGSSLÚ#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111ErýÚi2d_RSAPrivateKey_bioÚload_der_private_keyrÚ EVP_PKEY_DSAÚEVP_PKEY_get1_DSAÚDSA_freerÚ EVP_PKEY_ECÚEVP_PKEY_get1_EC_KEYÚ EC_KEY_freerrqÚEVP_PKEY_get1_DHÚDH_freer r‚rr#r!rr) ruræÚkey_typerårXrÚ dsa_cdataÚec_cdataÚdh_cdatar]r]r^Ú_evp_pkey_to_private_key~sj   ÿ ÿþýü ÿ           z Backend._evp_pkey_to_private_keyc CsJ|j |¡}||jjkrT|j |¡}| ||jjk¡|j ||jj¡}t |||ƒS||jj krÜ|jj sÜ|jj sÜ|jj sÜ|j |¡}| ||jjk¡|j ||jj¡}| ¡}|j ||¡}| |dk¡| | |¡¡S||jjkr&|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS||jjkr~|j |¡}||jjkr`| ¡}td|ƒ‚|j ||jj¡}t|||ƒS||jkrÆ|j |¡} | | |jjk¡|j | |jj¡} t|| |ƒS|t |jddƒkrät!||ƒS|t |jddƒkrt"||ƒS|t |jddƒkr t#||ƒS|t |jddƒkr>t$||ƒSt%dƒ‚dS) zc Return the appropriate type of PublicKey given an evp_pkey cdata pointer. razUnable to load EC keyrNrrrr)&rfrrr r}rdrrárâr r r r r rýÚi2d_RSAPublicKey_bioÚload_der_public_keyrrrrrrrrÒr¼rrrqrrr r‚rr$r"rr) rurærrårXrrrr|rr]r]r^Ú_evp_pkey_to_public_key¾s^     ÿþýü             zBackend._evp_pkey_to_public_keycCst|tjtjtjtjtjfƒSr…)rªr&r®ÚSHA224ÚSHA256ÚSHA384ÚSHA512r¯r]r]r^Ú_oaep_hash_supportedøsûþzBackend._oaep_hash_supported)ÚpaddingrwcCs†t|tƒrdSt|tƒrNt|jtƒrN|jr>t|jjtjƒr>dS|  |jj¡Sn4t|t ƒr~t|jtƒr~|  |jj¡o||  |j¡SdSdS)NTF) rªr3r4Z_mgfr1riÚ _algorithmr&r®r¬r2r$)rur%r]r]r^Úrsa_padding_supporteds  ÿÿ þzBackend.rsa_padding_supported)rßrwc Cs~|dkrtdƒ‚|j ¡}| ||jjk¡|j ||jj¡}|j |||jjd|jj|jj|jj¡}| |dk¡t ||ƒS)N)ir`i iz0Key size must be 1024, 2048, 3072, or 4096 bits.rra) r¼rfÚDSA_newr}rdrrárZDSA_generate_parameters_exr)rurßÚctxrr]r]r^Úgenerate_dsa_parameterss$ÿ ù zBackend.generate_dsa_parameters)Ú parametersrwcCsT|j |j¡}| ||jjk¡|j ||jj¡}|j |¡|  |¡}t |||ƒSr…) rfZ DSAparams_dupZ _dsa_cdatar}rdrrárZDSA_generate_keyÚ_dsa_cdata_to_evp_pkeyr)rur+r)rær]r]r^Úgenerate_dsa_private_key/sÿ  z Backend.generate_dsa_private_keycCs| |¡}| |¡Sr…)r*r-)rurßr+r]r]r^Ú'generate_dsa_private_key_and_parameters<s z/Backend.generate_dsa_private_key_and_parameterscCsB|j ||||¡}| |dk¡|j |||¡}| |dk¡dSrˆ)rfÚ DSA_set0_pqgr}Z DSA_set0_key)rurrërìÚgÚpub_keyÚpriv_keyrr]r]r^Ú_dsa_cdata_set_valuesBszBackend._dsa_cdata_set_valuesc Cs¨t |¡|jj}|j ¡}| ||jjk¡|j  ||jj ¡}|  |j ¡}|  |j ¡}|  |j¡}|  |jj¡}|  |j¡}| ||||||¡| |¡} t||| ƒSr…)r*Z_check_dsa_private_numbersrñÚparameter_numbersrfr(r}rdrrárrÝrërìr0ÚyÚxr3r,r) rurêr4rrërìr0r1r2rær]r]r^Úload_dsa_private_numbersHs       z Backend.load_dsa_private_numbersc Cs¢t |j¡|j ¡}| ||jjk¡|j ||jj ¡}|  |jj ¡}|  |jj ¡}|  |jj ¡}|  |j¡}|jj}| ||||||¡| |¡}t|||ƒSr…)r*Ú_check_dsa_parametersr4rfr(r}rdrrárrÝrërìr0r5r3r,r) rurêrrërìr0r1r2rær]r]r^Úload_dsa_public_numbers]s    zBackend.load_dsa_public_numberscCs†t |¡|j ¡}| ||jjk¡|j ||jj¡}|  |j ¡}|  |j ¡}|  |j ¡}|j  ||||¡}| |dk¡t||ƒSrˆ)r*r8rfr(r}rdrrárrÝrërìr0r/r)rurêrrërìr0rr]r]r^Úload_dsa_parameter_numbersps     z"Backend.load_dsa_parameter_numberscCs(| ¡}|j ||¡}| |dk¡|Srˆ)rørfZEVP_PKEY_set1_DSAr})rurrærr]r]r^r,€szBackend._dsa_cdata_to_evp_pkeycCs|j Sr…)rirtr]r]r^Ú dsa_supported†szBackend.dsa_supportedcCs| ¡s dS| |¡Sr©)r;r°r¯r]r]r^Údsa_hash_supported‰szBackend.dsa_hash_supportedcCs| |td|jƒ¡S)Nó)r»rFÚ block_sizer¯r]r]r^Úcmac_algorithm_supportedŽs ÿz Backend.cmac_algorithm_supportedcCs t||ƒSr…r r¯r]r]r^Úcreate_cmac_ctx“szBackend.create_cmac_ctx)rùrrwcCs| |jj|j||¡Sr…)Ú _load_keyrfZPEM_read_bio_PrivateKeyr)rurùrr]r]r^Úload_pem_private_key–s üzBackend.load_pem_private_key)rùrwcCsî| |¡}|j d¡}|j |j|jj|j |jjd¡|¡}||jjkrd|j  ||jj ¡}|  |¡S|  ¡|j  |j¡}| |dk¡|j |j|jj|j |jjd¡|¡}||jjkrâ|j  ||jj¡}| |¡}t|||ƒS| ¡dS)NúCRYPTOGRAPHY_PASSWORD_DATA *ÚCryptography_pem_password_cbra)rürdr“rfZPEM_read_bio_PUBKEYrXrÚ addressofÚ _original_librárörrÑÚ BIO_resetr}ZPEM_read_bio_RSAPublicKeyrârär Ú_handle_key_loading_error)rurùÚmem_bioÚuserdatarærrår]r]r^Úload_pem_public_key s>  ÿú  ÿú   zBackend.load_pem_public_keycCs^| |¡}|j |j|jj|jj|jj¡}||jjkrR|j ||jj¡}t||ƒS|  ¡dSr…) rürfZPEM_read_bio_DHparamsrXrdrrárr rH)rurùrIrr]r]r^Úload_pem_parametersÊs ÿ  zBackend.load_pem_parameterscCs>| |¡}| ||¡}|r$| |¡S| |jj|j||¡SdSr…)rüÚ"_evp_pkey_from_der_traditional_keyrrArfZd2i_PKCS8PrivateKey_bio)rurùrrÿr›r]r]r^rÖs   üzBackend.load_der_private_keycCs^|j |j|jj¡}||jjkrN| ¡|j ||jj¡}|dk rJtdƒ‚|S| ¡dSdS)Nú4Password was given but private key is not encrypted.) rfÚd2i_PrivateKey_biorXrdrrÑráröÚ TypeError)rurÿrr›r]r]r^rMës ÿz*Backend._evp_pkey_from_der_traditional_keycCs¾| |¡}|j |j|jj¡}||jjkrF|j ||jj¡}| |¡S|  ¡|j  |j¡}|  |dk¡|j  |j|jj¡}||jjkr²|j ||jj ¡}| |¡}t|||ƒS| ¡dSrˆ)rürfZd2i_PUBKEY_biorXrdrrárörrÑrGr}Zd2i_RSAPublicKey_biorârär rH)rurùrIrærrår]r]r^rþs"   ÿ   zBackend.load_der_public_keycCsº| |¡}|j |j|jj¡}||jjkrF|j ||jj¡}t||ƒS|jj r®|  ¡|j  |j¡}|  |dk¡|j  |j|jj¡}||jjkr®|j ||jj¡}t||ƒS| ¡dSrˆ)rürfZd2i_DHparams_biorXrdrrárr rrrÑrGr}ZCryptography_d2i_DHxparams_biorH)rurùrIrrr]r]r^Úload_der_parameterss"   ÿ  zBackend.load_der_parameters)ÚcertrwcCsT| tjj¡}| |¡}|j |j|jj ¡}|  ||jj k¡|j  ||jj ¡}|Sr…) Ú public_bytesr'ÚEncodingÚDERrürfZ d2i_X509_biorXrdrr}ráÚ X509_free)rurRrùrIrr]r]r^Ú _cert2ossl)s  zBackend._cert2ossl)rrwcCs4| ¡}|j ||¡}| |dk¡t | |¡¡Srˆ)rýrfZ i2d_X509_bior}Ú rust_x509Zload_der_x509_certificater)rurrXrr]r]r^Ú _ossl2cert1szBackend._ossl2cert)ÚcsrrwcCsT| tjj¡}| |¡}|j |j|jj ¡}|  ||jj k¡|j  ||jj ¡}|Sr…) rSr'rTrUrürfZd2i_X509_REQ_biorXrdrr}ráZ X509_REQ_free)rurZrùrIÚx509_reqr]r]r^Ú _csr2ossl7s  zBackend._csr2ossl)r[rwcCs4| ¡}|j ||¡}| |dk¡t | |¡¡Srˆ)rýrfZi2d_X509_REQ_bior}rXZload_der_x509_csrr)rur[rXrr]r]r^Ú _ossl2csr?szBackend._ossl2csr)ÚcrlrwcCsT| tjj¡}| |¡}|j |j|jj ¡}|  ||jj k¡|j  ||jj ¡}|Sr…) rSr'rTrUrürfZd2i_X509_CRL_biorXrdrr}ráZ X509_CRL_free)rur^rùrIÚx509_crlr]r]r^Ú _crl2osslGs  zBackend._crl2ossl)r_rwcCs4| ¡}|j ||¡}| |dk¡t | |¡¡Srˆ)rýrfZi2d_X509_CRL_bior}rXZload_der_x509_crlr)rur_rXrr]r]r^Ú _ossl2crlOszBackend._ossl2crl)r^Ú public_keyrwcCsJt|tttfƒstdƒ‚| |¡}|j ||j¡}|dkrF|  ¡dSdS)NzGExpecting one of DSAPublicKey, RSAPublicKey, or EllipticCurvePublicKey.raFT) rªrr rrPr`rfZX509_CRL_verifyÚ _evp_pkeyrÑ)rur^rbr_rr]r]r^Ú_crl_is_signature_validWs ýþÿ zBackend._crl_is_signature_validcCs`| |¡}|j |¡}| ||jjk¡|j ||jj¡}|j ||¡}|dkr\|  ¡dSdS)NraFT) r\rfZX509_REQ_get_pubkeyr}rdrráröZX509_REQ_verifyrÑ)rurZr[Úpkeyrr]r]r^Ú_csr_is_signature_validqs  zBackend._csr_is_signature_validcCs"|j |j|j¡dkrtdƒ‚dS)NrazKeys do not correspond)rfZ EVP_PKEY_cmprcr¼)ruÚkey1Úkey2r]r]r^Ú_check_keys_correspond€szBackend._check_keys_correspondc Cs&| |¡}|j d¡}|dk rFt d|¡|j |¡}||_t|ƒ|_||j |jj |j  |j j d¡|ƒ}||jj krÆ|jdkr¾| ¡|jdkrštdƒ‚qÆ|jdks¨t‚td |jd ¡ƒ‚n| ¡| ¡|j ||j j¡}|dk rú|jdkrútd ƒ‚|dk r|jd ks|dkst‚||ƒS) NrCrrDréÿÿÿÿz3Password was not given but private key is encryptedéþÿÿÿzAPasswords longer than {} bytes are not supported by this backend.rarN)rürdr“rÚ_check_byteslikerÍrr”rÈrXrrErfrFÚerrorrÑrPr‡r¼rxÚmaxsizerHráröÚcalled) ruZopenssl_read_funcZ convert_funcrùrrIrJZ password_ptrrær]r]r^rA„sV     ÿú   ÿÿÿÿÿÿþzBackend._load_keycs¨ˆ ¡}|stdƒ‚nŽ|d ˆjjˆjj¡sf|d ˆjjˆjj¡sfˆjjrp|d ˆjj ˆjj ¡rptdƒ‚n4t ‡fdd„|Dƒƒrtdƒ‚nt   |¡}td|ƒ‚dS)Nz|Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.rz Bad decrypt. Incorrect password?c3s"|]}| ˆjjˆjj¡VqdSr…)Ú_lib_reason_matchrfÚ ERR_LIB_EVPZ'EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM)Ú.0rmrtr]r^Ú Õs üþz4Backend._handle_key_loading_error..z!Unsupported public key algorithm.zÊCould not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).)rÑr¼rprfrqZEVP_R_BAD_DECRYPTZERR_LIB_PKCS12Z!PKCS12_R_PKCS12_CIPHERFINAL_ERRORZCryptography_HAS_PROVIDERSZ ERR_LIB_PROVZPROV_R_BAD_DECRYPTÚanyr%Z_errors_with_text)rur|Zerrors_with_textr]rtr^rH¹s@ÿÿÿþü ÷ þö  û  ûz!Backend._handle_key_loading_error)ÚcurverwcCsvz| |¡}Wntk r*|jj}YnX|j |¡}||jjkrP| ¡dS| ||jjk¡|j  |¡dSdS)NFT) Ú_elliptic_curve_to_nidrrfÚ NID_undefZEC_GROUP_new_by_curve_namerdrrÑr}Z EC_GROUP_free)ruruÚ curve_nidÚgroupr]r]r^Úelliptic_curve_supportedès   z Backend.elliptic_curve_supported)Úsignature_algorithmrurwcCst|tjƒsdS| |¡Sr©)rªr+ZECDSArz)rur{rur]r]r^Ú,elliptic_curve_signature_algorithm_supportedøs z4Backend.elliptic_curve_signature_algorithm_supportedcCs\| |¡rD| |¡}|j |¡}| |dk¡| |¡}t|||ƒStd |j ¡t j ƒ‚dS)z@ Generate a new private key on the named curve. raz#Backend object does not support {}.N) rzÚ_ec_key_new_by_curverfZEC_KEY_generate_keyr}Ú_ec_cdata_to_evp_pkeyrrrxr¡rÚUNSUPPORTED_ELLIPTIC_CURVE)rururrrær]r]r^Ú#generate_elliptic_curve_private_keys      þz+Backend.generate_elliptic_curve_private_keycCsz|j}| |j¡}|j | |j¡|jj¡}|j  ||¡}|dkrR|  ¡t dƒ‚|  ||j |j¡| |¡}t|||ƒS)NraúInvalid EC key.)rñr}rurdrárÝÚ private_valuerfÚ BN_clear_freeÚEC_KEY_set_private_keyrÑr¼Ú)_ec_key_set_public_key_affine_coordinatesr6r5r~r)rurêÚpublicrr‚rrær]r]r^Ú#load_elliptic_curve_private_numberss"  ÿÿ z+Backend.load_elliptic_curve_private_numberscCs4| |j¡}| ||j|j¡| |¡}t|||ƒSr…)r}rur…r6r5r~r)rurêrrær]r]r^Ú"load_elliptic_curve_public_numbers0s ÿ z*Backend.load_elliptic_curve_public_numbers)ruÚ point_bytesrwc CsÎ| |¡}|j |¡}| ||jjk¡|j |¡}| ||jjk¡|j ||jj¡}|  ¡6}|j  |||t |ƒ|¡}|dkr’|  ¡t dƒ‚W5QRX|j ||¡}| |dk¡| |¡}t|||ƒS)Nraz(Invalid public bytes for the given curve)r}rfÚEC_KEY_get0_groupr}rdrÚ EC_POINT_newráÚ EC_POINT_freeÚ _tmp_bn_ctxZEC_POINT_oct2pointr”rÑr¼ÚEC_KEY_set_public_keyr~r) rurur‰rryÚpointÚbn_ctxrrær]r]r^Ú load_elliptic_curve_public_bytes;s*    ÿ z(Backend.load_elliptic_curve_public_bytes)r‚rurwc CsN| |¡}| |¡\}}|j |¡}| ||jjk¡|j ||jj¡}|  |¡}|j ||jj ¡}|  ¡r}|j  ||||jj|jj|¡} | | dk¡|j  |¡} |j  |¡} |||| | |ƒ} | dkrÚ| ¡tdƒ‚W5QRX|j ||¡} | | dk¡|  |¡} |j | |jj ¡} |j || ¡} | | dk¡| |¡} t||| ƒS)Nraz'Unable to derive key from private_value)r}Ú _ec_key_determine_group_get_funcrfr‹r}rdrrárŒrÝrƒrZ EC_POINT_mulZ BN_CTX_getrÑr¼rŽr„r~r)rur‚rurÚget_funcryrÚvaluerrZbn_xZbn_yÚprivaterær]r]r^Ú!derive_elliptic_curve_private_keyQs>    ÿ    z)Backend.derive_elliptic_curve_private_key)rucCs| |¡}| |¡Sr…)rvÚ_ec_key_new_by_curve_nid)rururxr]r]r^r}xs zBackend._ec_key_new_by_curve)rxcCs0|j |¡}| ||jjk¡|j ||jj¡Sr…)rfZEC_KEY_new_by_curve_namer}rdrrár)rurxrr]r]r^r—|s z Backend._ec_key_new_by_curve_nid)rœrurwcCs,|jrt||jƒsdS| |¡o*t|tjƒSr©)rirªÚ_fips_ecdh_curvesrzr+ÚECDH)rurœrur]r]r^Ú+elliptic_curve_exchange_algorithm_supportedsÿ ÿz3Backend.elliptic_curve_exchange_algorithm_supportedcCs(| ¡}|j ||¡}| |dk¡|Srˆ)rørfZEVP_PKEY_set1_EC_KEYr})rurrærr]r]r^r~szBackend._ec_cdata_to_evp_pkeycCsNdddœ}| |j|j¡}|j | ¡¡}||jjkrJtd |j¡tj ƒ‚|S)z/ Get the NID for a curve name. Z prime192v1Z prime256v1)Z secp192r1Z secp256r1z${} is not a supported elliptic curve) Úgetr¡rfÚ OBJ_sn2nidr£rwrrxrr)ruruZ curve_aliasesZ curve_namerxr]r]r^rv“s   þzBackend._elliptic_curve_to_nidc csX|j ¡}| ||jjk¡|j ||jj¡}|j |¡z |VW5|j |¡XdSr…) rfZ BN_CTX_newr}rdrráZ BN_CTX_freeZ BN_CTX_startZ BN_CTX_end)rurr]r]r^r¤s   zBackend._tmp_bn_ctxcCs¼| ||jjk¡|j d¡}| ||jjk¡|j |¡}| ||jjk¡|j |¡}| ||jjk¡|j |¡}| ||jjk¡||kr¤|jj r¤|jj }n|jj }|s´t ‚||fS)zu Given an EC_KEY determine the group and what function is required to get point coordinates. scharacteristic-two-field) r}rdrrfrœrwrŠZEC_GROUP_method_ofZEC_METHOD_get_field_typeZCryptography_HAS_EC2MZ$EC_POINT_get_affine_coordinates_GF2mZ#EC_POINT_get_affine_coordinates_GFpr‡)rur)Z nid_two_fieldryÚmethodÚnidr“r]r]r^r’¯s     z(Backend._ec_key_determine_group_get_func)r6r5cCst|dks|dkrtdƒ‚|j | |¡|jj¡}|j | |¡|jj¡}|j |||¡}|dkrp| ¡tdƒ‚dS)zg Sets the public key point in the EC_KEY context to the affine x and y values. rz2Invalid EC key. Both x and y must be non-negative.rarN)r¼rdrárÝrfrãZ(EC_KEY_set_public_key_affine_coordinatesrÑ)rur)r6r5rr]r]r^r…Ësÿz1Backend._ec_key_set_public_key_affine_coordinates)ÚencodingrxÚencryption_algorithmrwc Cs`t|tjƒstdƒ‚t|tjƒs(tdƒ‚t|tjƒs|jj}|j ¡}| ||jjk¡|j ||jj¡}|  |j ¡}|  |j ¡}|j dk rf|  |j ¡}n|jj}|  |jj ¡}|  |j¡}|j ||||¡} | | dk¡|j |||¡} | | dk¡|j dd¡} |j || ¡} | | dk¡| ddkr(|j dkr | d|jjAdks(tdƒ‚| |¡} t||| ƒS)Nraúint[]rr·z.DH private numbers did not pass safety checks.)rñr4rfr¹r}rdrrárrÝrër0rìr5r6Ú DH_set0_pqgÚ DH_set0_keyr“ÚCryptography_DH_checkZDH_NOT_SUITABLE_GENERATORr¼r»r ) rurêr4rrër0rìr1r2rÚcodesrær]r]r^Úload_dh_private_numbersÛs4      ÿþ zBackend.load_dh_private_numbersc CsÐ|j ¡}| ||jjk¡|j ||jj¡}|j}| |j ¡}| |j ¡}|j dk rd| |j ¡}n|jj}| |j ¡}|j  ||||¡}| |dk¡|j |||jj¡}| |dk¡| |¡} t||| ƒSrˆ)rfr¹r}rdrrárr4rÝrër0rìr5r¿rÀr»r ) rurêrr4rër0rìr1rrær]r]r^Úload_dh_public_numbers s       zBackend.load_dh_public_numberscCs|j ¡}| ||jjk¡|j ||jj¡}| |j¡}| |j ¡}|j dk r^| |j ¡}n|jj}|j  ||||¡}| |dk¡t ||ƒSrˆ) rfr¹r}rdrrárrÝrër0rìr¿r )rurêrrër0rìrr]r]r^Úload_dh_parameter_numbers(s    z!Backend.load_dh_parameter_numbers)rër0rìrwcCs´|j ¡}| ||jjk¡|j ||jj¡}| |¡}| |¡}|dk rV| |¡}n|jj}|j ||||¡}| |dk¡|j  dd¡}|j  ||¡}| |dk¡|ddkS)Nrar¾r) rfr¹r}rdrrárrÝr¿r“rÁ)rurër0rìrrrÂr]r]r^Údh_parameters_supported<s    zBackend.dh_parameters_supportedcCs |jjdkSrˆ)rfrrrtr]r]r^Údh_x942_serialization_supportedTsz'Backend.dh_x942_serialization_supportedcCsht|ƒdkrtdƒ‚| ¡}|j ||jj¡}| |dk¡|j ||t|ƒ¡}| |dk¡t||ƒS)Né z%An X25519 public key is 32 bytes longra) r”r¼rørfZEVP_PKEY_set_typeÚ NID_X25519r}ZEVP_PKEY_set1_tls_encodedpointr")rurùrærr]r]r^Úx25519_load_public_bytesWs ÿz Backend.x25519_load_public_bytesc Cs¬t|ƒdkrtdƒ‚d}| d¡<}||dd…<||dd…<| |¡}|j |j|jj¡}W5QRX|  ||jjk¡|j  ||jj ¡}|  |j  |¡|jj k¡t||ƒS)NrÈz&An X25519 private key is 32 bytes longs0.0+en" é0ré)r”r¼Ú_zeroed_bytearrayrürfrOrXrdrr}rárörrr!)rurùZ pkcs8_prefixÚbarXrær]r]r^Úx25519_load_private_bytesfs     ÿz!Backend.x25519_load_private_bytescCs¨|j ||jj¡}| ||jjk¡|j ||jj¡}|j |¡}| |dk¡|j d¡}|j  ||¡}| |dk¡| |d|jjk¡|j |d|jj ¡}|S)Nraú EVP_PKEY **r) rfZEVP_PKEY_CTX_new_idrdrr}ráZEVP_PKEY_CTX_freeZEVP_PKEY_keygen_initr“ZEVP_PKEY_keygenrö)ruržZ evp_pkey_ctxrZ evp_ppkeyrær]r]r^Ú_evp_pkey_keygen_gcŠs  zBackend._evp_pkey_keygen_gccCs| |jj¡}t||ƒSr…)rÑrfrÉr!r÷r]r]r^Úx25519_generate_key—szBackend.x25519_generate_keycCs|jr dS|jj Sr©)rirfr rtr]r]r^Úx25519_supported›szBackend.x25519_supportedcCs`t|ƒdkrtdƒ‚|j |jj|jj|t|ƒ¡}| ||jjk¡|j ||jj ¡}t ||ƒS)Né8z#An X448 public key is 56 bytes long) r”r¼rfÚEVP_PKEY_new_raw_public_keyÚNID_X448rdrr}rárör$©rurùrær]r]r^Úx448_load_public_bytes s ÿzBackend.x448_load_public_bytescCslt|ƒdkrtdƒ‚|j |¡}|j |jj|jj|t|ƒ¡}| ||jjk¡|j  ||jj ¡}t ||ƒS)NrÔz$An X448 private key is 56 bytes long) r”r¼rdrÍrfÚEVP_PKEY_new_raw_private_keyrÖrr}rárör#©rurùrûrær]r]r^Úx448_load_private_bytes«s  ÿzBackend.x448_load_private_bytescCs| |jj¡}t||ƒSr…)rÑrfrÖr#r÷r]r]r^Úx448_generate_key·szBackend.x448_generate_keycCs|jr dS|jj o|jj Sr©)rirfZ"CRYPTOGRAPHY_OPENSSL_LESS_THAN_111r rtr]r]r^Úx448_supported»s  þzBackend.x448_supportedcCs|jr dS|jj Sr©)rirfÚ#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111Brtr]r]r^Úed25519_supportedÃszBackend.ed25519_supportedcCsnt d|¡t|ƒtjkr"tdƒ‚|j |jj|j j |t|ƒ¡}|  ||j j k¡|j   ||jj ¡}t||ƒS)Nrùz&An Ed25519 public key is 32 bytes long)rÚ _check_bytesr”r,Ú_ED25519_KEY_SIZEr¼rfrÕÚ NID_ED25519rdrr}rárörr×r]r]r^Úed25519_load_public_bytesÈs ÿz!Backend.ed25519_load_public_bytescCszt|ƒtjkrtdƒ‚t d|¡|j |¡}|j  |jj |jj |t|ƒ¡}|  ||jj k¡|j  ||jj¡}t||ƒS)Nz'An Ed25519 private key is 32 bytes longrù)r”r,rár¼rrlrdrÍrfrÙrârr}rárörrÚr]r]r^Úed25519_load_private_bytesØs  ÿz"Backend.ed25519_load_private_bytescCs| |jj¡}t||ƒSr…)rÑrfrârr÷r]r]r^Úed25519_generate_keyèszBackend.ed25519_generate_keycCs|jr dS|jj o|jj Sr©)rirfrÞr rtr]r]r^Úed448_supportedìs  þzBackend.ed448_supportedcCslt d|¡t|ƒtkr tdƒ‚|j |jj|jj |t|ƒ¡}|  ||jj k¡|j  ||jj ¡}t ||ƒS)Nrùz$An Ed448 public key is 57 bytes long)rràr”rr¼rfrÕÚ NID_ED448rdrr}rárörr×r]r]r^Úed448_load_public_bytesôs  ÿzBackend.ed448_load_public_bytescCsxt d|¡t|ƒtkr tdƒ‚|j |¡}|j |jj |jj |t|ƒ¡}|  ||jj k¡|j  ||jj ¡}t||ƒS)Nrùz%An Ed448 private key is 57 bytes long)rrlr”rr¼rdrÍrfrÙrçrr}rárörrÚr]r]r^Úed448_load_private_bytess   ÿz Backend.ed448_load_private_bytescCs| |jj¡}t||ƒSr…)rÑrfrçrr÷r]r]r^Úed448_generate_keyszBackend.ed448_generate_key)rËrÉrÈròÚrrërwc Cs†|j d|¡}|j |¡}|j |t|ƒ|t|ƒ|||tj||¡ } | dkrr| ¡} d||d} t d  | ¡| ƒ‚|j  |¡dd…S)NrÌraé€izJNot enough memory to derive key. These parameters require {} MB of memory.) rdr“rÍrfZEVP_PBE_scryptr”rOZ _MEM_LIMITrÒÚ MemoryErrorrxrÎ) rurËrÉrÈròrërër—rÏrr|Z min_memoryr]r]r^Ú derive_scrypts0  ö ÿýzBackend.derive_scryptcCsLt |¡}|jr||jkrdS| d¡r4|jjdkS|j |¡|jj kSdS)NFs-sivra) rZ_aead_cipher_nameriÚ _fips_aeadÚendswithrfÚ#CRYPTOGRAPHY_OPENSSL_300_OR_GREATERr°rdr)rurµÚ cipher_namer]r]r^Úaead_cipher_supported6s   ÿzBackend.aead_cipher_supported)rÈrwc cs&t|ƒ}z |VW5| ||¡XdS)zÁ This method creates a bytearray, which we copy data into (hopefully also from a mutable buffer that can be dynamically erased!), and then zero when we're done. N)Ú bytearrayÚ _zero_data)rurÈrÎr]r]r^rÍDs zBackend._zeroed_bytearraycCst|ƒD] }d||<qdSr~)Úrange)rurùrÈÚir]r]r^rõQs zBackend._zero_datac csf|dkr|jjVnNt|ƒ}|j d|d¡}|j |||¡z |VW5| |j d|¡|¡XdS)aâ This method takes bytes, which can be a bytestring or a mutable buffer like a bytearray, and yields a null-terminated version of that data. This is required because PKCS12_parse doesn't take a length with its password char * and ffi.from_buffer doesn't provide null termination. So, to support zeroing the data via bytearray we need to build this ridiculous construct that copies the memory, but zeroes it after use. Nrraz uint8_t *)rdrr”r“ZmemmoverõÚcast)rurùÚdata_lenr—r]r]r^Ú_zeroed_null_terminated_bufXs   z#Backend._zeroed_null_terminated_bufcCs2| ||¡}|j|jr|jjnddd„|jDƒfS)NcSsg|] }|j‘qSr])Ú certificate©rrrRr]r]r^Ú zszABackend.load_key_and_certificates_from_pkcs12..)Ú load_pkcs12r›rRrûZadditional_certs)rurùrZpkcs12r]r]r^Ú%load_key_and_certificates_from_pkcs12os  ýz-Backend.load_key_and_certificates_from_pkcs12c Csf|dk rt d|¡| |¡}|j |j|jj¡}||jjkrN| ¡t dƒ‚|j  ||jj ¡}|j  d¡}|j  d¡}|j  d¡}|  |¡}|j |||||¡} W5QRX| ¡| dkrÆt dƒ‚d} d} g} |d|jjkr|j  |d|jj¡} | | ¡} |d|jjkrp|j  |d|jj¡}| |¡}d}|j ||jj¡}||jjkrf|j |¡}t||ƒ} |d|jjkrZ|j  |d|jj¡}|j |d¡}|jjs¼|jjrÆt|ƒ}n tt|ƒƒ}|D]‚}|j ||¡}| ||jjk¡|j  ||jj¡}| |¡}d}|j ||jj¡}||jjkrF|j |¡}|  t||ƒ¡qÖt| | | ƒS)Nrz!Could not deserialize PKCS12 datarÐzX509 **zCryptography_STACK_OF_X509 **rzInvalid password or PKCS12 data) rrlrürfZd2i_PKCS12_biorXrdrrÑr¼ráÚ PKCS12_freer“rúZ PKCS12_parserörrVrYZX509_alias_get0r•rSÚ sk_X509_freeÚ sk_X509_numrñr röÚreversedÚ sk_X509_valuer}rsrT)rurùrrXÚp12Z evp_pkey_ptrZx509_ptrZ sk_x509_ptrÚ password_bufrrRr›Zadditional_certificatesrærZcert_objr¡Z maybe_nameÚsk_x509rÙÚindicesr÷Z addl_certZ addl_namer]r]r^rþ}st       ÿ    ÿþ    ÿzBackend.load_pkcs12)r¡r›rRÚcasr rwcCsXd}|dk rt d|¡t|tjƒr@d}d}d} d} |jj} nDt|tjƒrŽ|jj rf|jj }|jj }n|jj }|jj }d} d} |jj} |j }nöt|tj ƒr||jtjjkr|d}d}d} d} |j }|j} | tjkrä|jj }|jj }n>| tjkr|jj stdƒ‚|jj }|jj }n| dks"t‚|jdk r`|jjs@tdƒ‚| |j¡} | | |jjk¡n|jj} |jdk r„|j} ntdƒ‚|dksœt|ƒdkr¦|jj} n°|j ¡} |j | |jj ¡} g}|D]Š}t|t!ƒr"|j"}| #|j$¡}| %|¡$}|j &||d¡}| |dk¡W5QRXn | #|¡}| '|¡|j (| |¡}t) |dk¡qÊ| %|¡ }| %|¡V}|r~| #|¡n|jj}|dk r˜|j*}n|jj}|j +||||| ||| | d¡ }W5QRX|jjrü| |jjkrü|j ,||d|jjd| | ¡W5QRX| ||jjk¡|j ||jj-¡}| .¡}|j /||¡}| |dk¡| 0|¡S) Nr¡rjri Nraz2PBESv2 is not supported by this version of OpenSSLzBSetting MAC algorithm is not supported by this version of OpenSSL.zUnsupported key encryption type)1rràrªr'r¥rdrr¦rfrñZNID_aes_256_cbcZ&NID_pbe_WithSHA1And3_Key_TripleDES_CBCrr§r¨r£ZPKCS12Z_key_cert_algorithmrRZPBESv1SHA1And3KeyTripleDESCBCZPBESv2SHA256AndAES256CBCrr‡Z _hmac_hashZCryptography_HAS_PKCS12_SET_MACr¨r}Z _kdf_roundsr¼r”Úsk_X509_new_nullrárrSZ friendly_namerWrûrúZX509_alias_set1rsÚ sk_X509_pushÚbackendrcZ PKCS12_createZPKCS12_set_macrrýZi2d_PKCS12_bior)rur¡r›rRr r rZnid_certZnid_keyZ pkcs12_iterZmac_iterZmac_algZ keycertalgrZossl_casÚcaZca_aliasZossl_caZ ca_name_bufrrZname_bufÚ ossl_certrærrXr]r]r^Ú(serialize_key_and_certificates_to_pkcs12Çsò   ÿ ÿÿÿü     ÿ   ÿÿ     ÿÿ     öÿ þù z0Backend.serialize_key_and_certificates_to_pkcs12cCs|jr dS|jjdkSr±)rirfZCryptography_HAS_POLY1305rtr]r]r^Úpoly1305_supportedd szBackend.poly1305_supported)r›rwcCs*t d|¡t|ƒtkr tdƒ‚t||ƒS)Nr›zA poly1305 key is 32 bytes long)rrlr”rr¼r)rur›r]r]r^Úcreate_poly1305_ctxi s  zBackend.create_poly1305_ctxcCs |jj Sr…r´rtr]r]r^Úpkcs7_supportedp szBackend.pkcs7_supportedcCsnt d|¡| |¡}|j |j|jj|jj|jj¡}||jjkrR| ¡t dƒ‚|j  ||jj ¡}|  |¡S©NrùzUnable to parse PKCS7 data) rràrürfZPEM_read_bio_PKCS7rXrdrrÑr¼ráÚ PKCS7_freeÚ_load_pkcs7_certificates©rurùrXÚp7r]r]r^Úload_pem_pkcs7_certificatess s  ÿ z#Backend.load_pem_pkcs7_certificatescCsbt d|¡| |¡}|j |j|jj¡}||jjkrF| ¡t dƒ‚|j  ||jj ¡}|  |¡Sr) rràrürfZ d2i_PKCS7_biorXrdrrÑr¼rárrrr]r]r^Úload_der_pkcs7_certificates‚ s   z#Backend.load_der_pkcs7_certificatesc CsÊ|j |j¡}| ||jjk¡||jjkr>td |¡tj ƒ‚|j j j }|j  |¡}g}t|ƒD]d}|j ||¡}| ||jjk¡|j |¡}| |dk¡|j ||jj¡}| |¡} | | ¡q`|S)NzNOnly basic signed structures are currently supported. NID for this data was {}ra)rfZ OBJ_obj2nidr·r}rwZNID_pkcs7_signedrrxrZUNSUPPORTED_SERIALIZATIONríÚsignrRrrörrdrZ X509_up_refrárVrYrs) rurržrrÙÚcertsr÷rrrRr]r]r^r s* ÿý      z Backend._load_pkcs7_certificates)rrŸc Cs"t|ƒ}|rtdd„|Dƒƒs&tdƒ‚|tjjtjjfkrBtdƒ‚|j ¡}|j   ||jj ¡}g}|D]4}|  |¡}|  |¡|j ||¡}| |dk¡qf|j |j j|j j||j j|jj¡}| ¡} |tjjkrì|j | ||j jd¡}n|tjjksüt‚|j | |¡}| |dk¡| | ¡S)Ncss|]}t|tjƒVqdSr…)rªrÚ Certificaterür]r]r^rs¯ sz7Backend.pkcs7_serialize_certificates..z.certs must be a list of certs with length >= 1z/encoding must DER or PEM from the Encoding enumrar)ÚlistÚallrPr'rTrªrUrfr rdrárrWrsr r}Ú PKCS7_signrÚ PKCS7_PARTIALrýÚPEM_write_bio_PKCS7_streamr‡Ú i2d_PKCS7_bior) rurrŸZcerts_skÚ ossl_certsrRrrrÚbio_outr]r]r^Úpkcs7_serialize_certificates© sJ ÿþ   û ÿz$Backend.pkcs7_serialize_certificates)ÚbuilderrŸÚoptionsrwcCsÂ|jdk st‚| |j¡}|jj}d}t|jƒdkr>|jj}n\|j  ¡}|j  ||jj ¡}g}|jD]4} |  | ¡} |  | ¡|j || ¡} | | dk¡qdtjj|kr¾||jjO}||jjO}|j |jj|jj||jj|¡} | | |jjk¡|j  | |jj¡} d} tjj|kr"| |jjO} ntjj|kr<| |jjO} tjj|krV| |jjO} |jD]H\}}}|  |¡} | |¡}|j | | |j|| ¡}| ||jjk¡q\|D]<}|tjj krÊ||jj!O}n|tjj"krª||jj#O}qª| $¡}|t%j&j'kr|j (|| |j)|¡} n–|t%j&j*krX|j +| |j)|¡} | | dk¡|j ,|| |j)|¡} nR|t%j&j-ksjt‚|j +| |j)|¡} | | dk¡|jj.rœ| /¡|j 0|| ¡} | | dk¡| 1|¡S)Nrra)2Ú_datar‡rürfr r”Z_additional_certsrdrr rárrWrsr r}rPÚ PKCS7OptionsZDetachedSignatureZPKCS7_DETACHEDrrZNoCapabilitiesZPKCS7_NOSMIMECAPZ NoAttributesZ PKCS7_NOATTRZNoCertsZ PKCS7_NOCERTSZ_signersr¨ZPKCS7_sign_add_signerrcÚTextZ PKCS7_TEXTÚBinaryZ PKCS7_BINARYrýr'rTZSMIMEZSMIME_write_PKCS7rXrªZ PKCS7_finalr!rUrñrÑr"r)rur&rŸr'rXZ init_flagsZ final_flagsrr#rRrrrZ signer_flagsrûZ private_keyZhash_algorithmÚmdZ p7signerinfoÚoptionr$r]r]r^Ú pkcs7_signØ s”         û    ûÿÿ zBackend.pkcs7_sign)N)N)N)ûrZr[r\Ú__doc__r¡rïr:r¶r&r r!r"r#Z SHA512_224Z SHA512_256ZSHA3_224ZSHA3_256ZSHA3_384ZSHA3_512ZSHAKE128ZSHAKE256r«r+Z SECP224R1Z SECP256R1Z SECP384R1Z SECP521R1r˜Z_fips_rsa_min_key_sizeZ_fips_rsa_min_public_exponentZ_fips_dsa_min_modulusZ_fips_dh_min_key_sizeZ_fips_dh_min_modulusrvÚstrrzrƒÚtypingÚOptionalÚListr%Z _OpenSSLErrorr}rhr†rŽÚ contextlibrrrpr˜ryrÔršÚbytesZ HashAlgorithmrrr¦r¨r¬r°r²r³Z HashContextr´r9rLr»r¿rkrrÅrÆrÇrÐrÑZ_OpenSSLErrorWithTextrÒrØrÝr.Z RSAPrivateKeyrçréZRSAPrivateNumbersrôZRSAPublicNumbersZ RSAPublicKeyrõrørärürýrr6rr7rr$r(r'r*Z DSAParametersr*Z DSAPrivateKeyr-r.r3ZDSAPrivateNumbersr7ZDSAPublicNumbersZ DSAPublicKeyr9ZDSAParameterNumbersr:r,r;r<r?r8r r@rBrKr)Z DHParametersrLrrMrrQrrÚAnyrWrYZCertificateSigningRequestr\r]ZCertificateRevocationListr`rar5rdrfrirAÚNoReturnrHZ EllipticCurverzZEllipticCurveSignatureAlgorithmr|ZEllipticCurvePrivateKeyr€ZEllipticCurvePrivateNumbersr‡ZEllipticCurvePublicNumbersZEllipticCurvePublicKeyrˆr‘r–r}r—r™ršr~rvrr’r…r'rTr£r¤r¯r«r¬r²r³rµrºr»Z DHPrivateKeyr¼r½ZDHPrivateNumbersrÃZDHPublicNumbersZ DHPublicKeyrÄZDHParameterNumbersrÅrÆrÇr/ZX25519PublicKeyrÊZX25519PrivateKeyrÏrÑrÒrÓr0Z X448PublicKeyrØZX448PrivateKeyrÛrÜrÝrßr,ZEd25519PublicKeyrãZEd25519PrivateKeyrärårær-ZEd448PublicKeyrèZEd448PrivateKeyrérêrîróÚIteratorrôrÍrõrúÚTuplerÿrTrþrUrVrrrrrrrrr%rPZPKCS7SignatureBuilderr)r.r]r]r]r^r_‡s|ú ôüýü       þ  þ þ  5þ þ ù  þ  þ þ þ %þ    @: þ þ þ þ þ þ * þ  þ  þ ü þ 5/ü þ þ þ þ þ 'þ  ø zù 7þ þ þ þ 1þ þ ÿþ þ $   þþ ø#   þÿþþL ù þ þ  ý1 ûr_c@s,eZdZedœdd„Zeeedœdd„ZdS)rÀ)ÚfmtcCs ||_dSr…)Ú_fmt)rur:r]r]r^rv< szGetCipherByName.__init__)r rµr„cCsd|jj||d ¡}|j | d¡¡}||jjkrX|jjrX|j  |jj| d¡|jj¡}|  ¡|S)N)rµr„r’) r;rxÚlowerrfr°r£rdrZCryptography_HAS_300_EVP_CIPHERZEVP_CIPHER_fetchrÑ)rur rµr„ròrºr]r]r^Ú__call__? sÿ ÿþýzGetCipherByName.__call__N) rZr[r\r0rvr_r9rLr=r]r]r]r^rÀ; srÀ)r rµcCs"d |jd¡}|j | d¡¡S)Nz aes-{}-xtsr·r’)rxrßrfr°r£)r rµr„ròr]r]r^rÃT srÃ)|Ú collectionsr4rÁr1rmrZ cryptographyrrZcryptography.exceptionsrrZ$cryptography.hazmat.backends.opensslrZ,cryptography.hazmat.backends.openssl.ciphersrZ)cryptography.hazmat.backends.openssl.cmacr Z'cryptography.hazmat.backends.openssl.dhr r r rZ(cryptography.hazmat.backends.openssl.dsarrrZ'cryptography.hazmat.backends.openssl.ecrrZ,cryptography.hazmat.backends.openssl.ed25519rrZ*cryptography.hazmat.backends.openssl.ed448rrrZ+cryptography.hazmat.backends.openssl.hashesrZ)cryptography.hazmat.backends.openssl.hmacrZ-cryptography.hazmat.backends.openssl.poly1305rrZ(cryptography.hazmat.backends.openssl.rsarr Z+cryptography.hazmat.backends.openssl.x25519r!r"Z)cryptography.hazmat.backends.openssl.x448r#r$Z"cryptography.hazmat.bindings._rustrXZ$cryptography.hazmat.bindings.opensslr%Zcryptography.hazmat.primitivesr&r'Z*cryptography.hazmat.primitives._asymmetricr(Z)cryptography.hazmat.primitives.asymmetricr)r*r+r,r-r.r/r0Z1cryptography.hazmat.primitives.asymmetric.paddingr1r2r3r4Z/cryptography.hazmat.primitives.asymmetric.typesr5r6r7Z&cryptography.hazmat.primitives.ciphersr8r9Z1cryptography.hazmat.primitives.ciphers.algorithmsr:r;r<r=r>r?r@rArBrCrDrEZ,cryptography.hazmat.primitives.ciphers.modesrFrGrHrIrJrKrLrMrNZ"cryptography.hazmat.primitives.kdfrOZ,cryptography.hazmat.primitives.serializationrPrQZ3cryptography.hazmat.primitives.serialization.pkcs12rRrSrTrUrVÚ namedtuplerWrYr_rÀrÃr r]r]r]r^Úsv         ( 8,  G