a êÇËhÚXã@szddlZddlZddlZddlZddlZddlmZddlmZmZddl m Z mZddlm ZddlmZddlmZddlmZdd lmZmZmZmZdd lmZmZmZddlmZm Z ddl!m"Z"m#Z#dd l$m%Z%m&Z&m'Z'ddl(m)Z)ddl*m+Z+ddl,m-Z-m.Z.ddl/m0Z0m1Z1ddl2m3Z3m4Z4ddl5m6Z6m7Z7ddl8mZ9ddl:m;Z;ddlZ>ddl?m@Z@mAZAmBZBmCZCmDZDddlEmFZFmGZGmHZHmIZIddlJmKZKmLZLmMZMmNZNmOZOmPZPmQZQmRZRmSZSmTZTddlUmVZVmWZWmXZXmYZYmZZZm[Z[m\Z\m]Z]ddl^m_Z_ddl`maZambZbddlcmdZdmeZeddlfmgZge hdd d!g¡ZiGd"d#„d#ejƒZkGd$d%„d%eƒZ Gd&d'„d'ejƒZld(d)„Zme ƒZndS)*éN)Úcontextmanager)ÚutilsÚx509)ÚUnsupportedAlgorithmÚ_Reasons)ÚBackend)Úaead)Ú_CipherContext©Ú_CMACContext)Ú _DHParametersÚ _DHPrivateKeyÚ_DHPublicKeyÚ_dh_params_dup)Ú_DSAParametersÚ_DSAPrivateKeyÚ _DSAPublicKey)Ú_EllipticCurvePrivateKeyÚ_EllipticCurvePublicKey)Ú_Ed25519PrivateKeyÚ_Ed25519PublicKey)Ú_ED448_KEY_SIZEÚ_Ed448PrivateKeyÚ_Ed448PublicKey©Ú_HashContext©Ú_HMACContext)Ú_POLY1305_KEY_SIZEÚ_Poly1305Context)Ú_RSAPrivateKeyÚ _RSAPublicKey)Ú_X25519PrivateKeyÚ_X25519PublicKey)Ú_X448PrivateKeyÚ_X448PublicKey)r)Úbinding)ÚhashesÚ serialization)ÚdhÚdsaÚecÚed25519Úrsa)ÚMGF1ÚOAEPÚPKCS1v15ÚPSS) ÚAESÚARC4ÚBlowfishÚCAST5ÚCamelliaÚChaCha20ÚIDEAÚSEEDÚSM4Ú TripleDES)ÚCBCÚCFBÚCFB8ÚCTRÚECBÚGCMÚOFBÚXTS)Úscrypt)Úpkcs7Ússh)ÚPKCS12CertificateÚPKCS12KeyAndCertificates)ÚPUBLIC_KEY_TYPESÚ _MemoryBIOÚbioZchar_ptrc@seZdZdS)Ú_RC2N)Ú__name__Ú __module__Ú__qualname__©rPrPúR/usr/lib64/python3.9/site-packages/cryptography/hazmat/backends/openssl/backend.pyrLrsrLc@sŒeZdZdZdZhd£ZefZej ej ejejej ejejejejejejejfZejejejejfZdZdZdd>ZdZde>Z dd„Z!d d „Z"ddd „Z#dd„Z$dd„Z%dd„Z&e'j(dd„ƒZ)dd„Z*dd„Z+dd„Z,dd„Z-dd„Z.d d!„Z/d"d#„Z0d$d%„Z1d&d'„Z2d(d)„Z3d*d+„Z4d,d-„Z5d.d/„Z6d0d1„Z7d2d3„Z8d4d5„Z9d6d7„Z:d8d9„Z;d:d;„Zd?„Z>d d@dA„Z?dBdC„Z@dDdE„ZAdFdG„ZBdHdI„ZCdJdK„ZDdLdM„ZEdNdO„ZFdPdQ„ZGdRdS„ZHdTdU„ZIdVdW„ZJdXdY„ZKdZd[„ZLd\d]„ZMd^d_„ZNd`da„ZOdbdc„ZPddde„ZQdfdg„ZRdhdi„ZSdjdk„ZTeUdlœdmdn„ZVejWeUdoœdpdq„ZXdrds„ZYdtdu„ZZdvdw„Z[dxdy„Z\dzd{„Z]d|d}„Z^d~d„Z_d€d„Z`d‚dƒ„Zad„d…„Zbecjdeejfd†œd‡dˆ„Zgeejfecjdd‰œdŠd‹„ZhecjieejfdŒœddŽ„Zjeejfecjidœdd‘„Zkecjleejfd’œd“d”„Zmeejfecjld•œd–d—„ZnecjleoeUd˜œd™dš„ZpecjieUdŒœd›dœ„Zqddž„ZrdŸd „Zsd¡d¢„Ztd£d¤„Zud¥d¦„Zvd§d¨„Zwd©dª„Zxd«d¬„Zydd®„Zzd¯d°„Z{d±d²„Z|d³d´„Z}dµd¶„Z~d·d¸„Zd¹dº„Z€e(d»d¼„ƒZd½d¾„Z‚d¿dÀ„ZƒdÁdÂ„Z„dÃdÄ„Z…dÅdÆ„Z†dÇdÈ„Z‡dÉdÊ„ZˆdËdÌ„Z‰dÍdÎ„ZŠdÏdÐ„Z‹dÑdÒ„ZŒdÓdÔ„ZdÕdÖ„ZŽd×dØ„ZdÙdÚ„Zd!dÛdÜ„Z‘dÝdÞ„Z’dßdà„Z“dádâ„Z”dãdä„Z•dådæ„Z–dçdè„Z—dédê„Z˜dëdì„Z™dídî„Zšdïdð„Z›dñdò„Zœdódô„Zdõdö„Zžd÷dø„ZŸdùdú„Z dûdü„Z¡dýdþ„Z¢dÿd„Z£dd„Z¤dd„Z¥e'j(dd„ƒZ¦dd„Z§e'j(d d „ƒZ¨dd„Z©d d„Zªdd„Z«dd„Z¬dd„Zdd„Z®dd„Z¯dd„Z°dd„Z±dd„Z²dS("rz) OpenSSL API binding interfaces. Zopenssl>saes-256-gcmsaes-256-ccmsaes-128-ccmsaes-192-gcmsaes-192-ccmsaes-128-gcméiécCsˆt ¡|_|jj|_|jj|_d|_| ¡|_ i|_ | ¡|j rX|jjrXt dt¡n| ¡|jjg|_|jjr„|j |jj¡dS)NFz)ÚformatÚopenssl_version_textrZrerPrPrQÚ__repr__¼s ÿzBackend.__repr__NcCstj|j||dS)N)Úerrors)r&Z_openssl_assertrW)rfÚokrkrPrPrQÚopenssl_assertÁszBackend.openssl_assertcCsH|jjr|j |jj¡}nt|jddd„ƒƒ}|dkr@|j ¡t|ƒS)NZ FIPS_modecSsdS©NrrPrPrPrPrQÚÊóz*Backend._is_fips_enabled..r)rWZCryptography_HAS_300_FIPSZ&EVP_default_properties_is_fips_enabledrUÚNULLÚgetattrZERR_clear_errorÚbool)rfÚmoderPrPrQrYÄsÿ zBackend._is_fips_enabledcCs$|j ¡| ¡sJ‚| ¡|_dS©N)rTÚ_enable_fipsrYrZrerPrPrQrvÑs zBackend._enable_fipscCsf|jjrb|j ¡}||jjkrb|j |¡|j |jj¡}| |dk¡|j |¡}| |dk¡dS©NrS) rWr]ZENGINE_get_default_RANDrUrqZENGINE_unregister_RANDÚRAND_set_rand_methodrmÚ ENGINE_finish©rfÚeÚresrPrPrQÚactivate_builtin_randomØs zBackend.activate_builtin_randomc cs¶|j |jj¡}| ||jjk¡|j |¡}| |dk¡z>|VW|j |¡}| |dk¡|j |¡}| |dk¡n6|j |¡}| |dk¡|j |¡}| |dk¡0dSrw) rWZENGINE_by_idZCryptography_osrandom_engine_idrmrUrqZENGINE_initZENGINE_freeryrzrPrPrQÚ_get_osurandom_engineåsüzBackend._get_osurandom_enginecCst|jjrp| ¡| ¡*}|j |¡}| |dk¡Wdƒn1sH0Y|j |jj¡}| |dk¡dSrw) rWr]r}r~ZENGINE_set_default_RANDrmrxrUrqrzrPrPrQraùs ,z Backend.activate_osrandom_enginec Cst|j dd¡}| ¡<}|j |dt|ƒ||jjd¡}| |dk¡Wdƒn1sX0Y|j |¡ d¡S)Núchar[]é@sget_implementationrÚascii) rUÚnewr~rWZENGINE_ctrl_cmdÚlenrqrmÚstringÚdecode)rfÚbufr{r|rPrPrQÚosrandom_engine_implementations ÿ,z&Backend.osrandom_engine_implementationcCs|j |j |jj¡¡ d¡S)zÀ Friendly string name of the loaded OpenSSL library. This is not necessarily the same version as it was compiled against. Example: OpenSSL 1.1.1d 10 Sep 2019 r)rUr„rWZOpenSSL_versionZOPENSSL_VERSIONr…rerPrPrQris ÿþzBackend.openssl_version_textcCs |j ¡Sru)rWZOpenSSL_version_numrerPrPrQÚopenssl_version_numberszBackend.openssl_version_numbercCst|||ƒSrur)rfÚkeyÚ algorithmrPrPrQÚcreate_hmac_ctxszBackend.create_hmac_ctxcCsL|jdks|jdkr0d |j|jd¡ d¡}n|j d¡}|j |¡}|S)NZblake2bZblake2sz{}{}ér)ÚnamerhZdigest_sizeÚencoderWZEVP_get_digestbyname)rfrŠZalgÚevp_mdrPrPrQÚ_evp_md_from_algorithmsÿþzBackend._evp_md_from_algorithmcCs | |¡}| ||jjk¡|Sru)rrmrUrq©rfrŠrrPrPrQÚ_evp_md_non_null_from_algorithm*s z'Backend._evp_md_non_null_from_algorithmcCs,|jrt||jƒsdS| |¡}||jjkS©NF)rZÚ isinstanceÚ_fips_hashesrrUrqr‘rPrPrQÚhash_supported/s zBackend.hash_supportedcCs|jr dS|jjdkSdS©NFrS)rZrWZCryptography_HAS_SCRYPTrerPrPrQÚscrypt_supported6szBackend.scrypt_supportedcCs |jrt|tjƒrdS| |¡S©NT)rZr”r'ÚSHA1r–©rfrŠrPrPrQÚhmac_supported<szBackend.hmac_supportedcCs t||ƒSrurr›rPrPrQÚcreate_hash_ctxCszBackend.create_hash_ctxcCs^|jrt||jƒsdSz|jt|ƒt|ƒf}WntyDYdS0||||ƒ}|jj|kSr“)rZr”Ú _fips_ciphersr[ÚtypeÚKeyErrorrUrq)rfÚcipherrtÚadapterÚ evp_cipherrPrPrQÚcipher_supportedFszBackend.cipher_supportedcCs0||f|jvrtd ||¡ƒ‚||j||f<dS)Nz"Duplicate registration for: {} {}.)r[Ú ValueErrorrh)rfÚ cipher_clsÚmode_clsr¢rPrPrQÚregister_cipher_adapterTsÿÿzBackend.register_cipher_adaptercCs~tttttttfD]}| t|t dƒ¡qtttttfD]}| t |t dƒ¡q8ttttfD]}| t|t dƒ¡q\| ttt dƒ¡ttttfD]}| t|t dƒ¡q’ttttfD]}| t |t dƒ¡q¶t ttgttttg¡D]\}}| ||t dƒ¡qæ| ttdƒt dƒ¡| ttdƒt dƒ¡| ttdƒt d ƒ¡| ttt¡tttttfD]}| t|t d ƒ¡q`dS)Nz+{cipher.name}-{cipher.key_size}-{mode.name}zdes-ede3-{mode.name}zdes-ede3zbf-{mode.name}zseed-{mode.name}z{cipher.name}-{mode.name}Zrc4Zrc2Zchacha20zsm4-{mode.name})r<r?r@rBr=r>rAr¨r2ÚGetCipherByNamer6r;r4r9Ú itertoolsÚproductr5r8r3rŸrLr7rCÚ_get_xts_cipherr:)rfr§r¦rPrPrQr\]s\ýý ÿ ÿ ÿ ÿ þýÿ ÿz!Backend._register_default_cipherscCst|||tjƒSru)r Z_ENCRYPT©rfr¡rtrPrPrQÚcreate_symmetric_encryption_ctxŽsz'Backend.create_symmetric_encryption_ctxcCst|||tjƒSru)r Z_DECRYPTrrPrPrQÚcreate_symmetric_decryption_ctx‘sz'Backend.create_symmetric_decryption_ctxcCs | |¡Sru)rœr›rPrPrQÚpbkdf2_hmac_supported”szBackend.pbkdf2_hmac_supportedc Csh|j d|¡}| |¡}|j |¡}|j |t|ƒ|t|ƒ||||¡} | | dk¡|j |¡dd…S)Núunsigned char[]rS) rUr‚r’Úfrom_bufferrWZPKCS5_PBKDF2_HMACrƒrmÚbuffer) rfrŠÚlengthÚsaltZ iterationsÚkey_materialr†rÚkey_material_ptrr|rPrPrQÚderive_pbkdf2_hmac—s ø zBackend.derive_pbkdf2_hmaccCst |j¡Sru)r&Ú_consume_errorsrWrerPrPrQr¹ªszBackend._consume_errorscCst |j¡Sru)r&Ú_consume_errors_with_textrWrerPrPrQrºsz!Backend._consume_errors_with_textcCsz||jjksJ‚| |j |¡¡|j |¡}|j d|¡}|j ||¡}| |dk¡t |j |¡d|…d¡}|S)Nr±rÚbig)rUrqrmrWZBN_is_negativeZBN_num_bytesr‚Z BN_bn2binÚintÚ from_bytesr³)rfÚbnZbn_num_bytesZbin_ptrZbin_lenÚvalrPrPrQÚ _bn_to_int°szBackend._bn_to_intcCsn|dus||jjksJ‚|dur(|jj}| t| ¡ddƒd¡}|j |t|ƒ|¡}| ||jjk¡|S)a Converts a python integer to a BIGNUM. The returned BIGNUM will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. Ng @rSr») rUrqÚto_bytesr¼Ú bit_lengthrWZ BN_bin2bnrƒrm)rfÚnumr¾ZbinaryZbn_ptrrPrPrQÚ _int_to_bn¼szBackend._int_to_bncCs”t ||¡|j ¡}| ||jjk¡|j ||jj¡}| |¡}|j ||jj ¡}|j ||||jj¡}| |dk¡| |¡}t ||||jƒSrw)r-Z_verify_rsa_parametersrWÚRSA_newrmrUrqÚgcÚRSA_freerÄÚBN_freeZRSA_generate_key_exÚ_rsa_cdata_to_evp_pkeyr rX)rfÚpublic_exponentÚkey_sizeÚ rsa_cdatar¾r|Úevp_pkeyrPrPrQÚgenerate_rsa_private_keyÍs ÿ ÿz Backend.generate_rsa_private_keycCs|dko|d@dko|dkS)NérSrirP)rfrÊrËrPrPrQÚ!generate_rsa_parameters_supportedás ÿýz)Backend.generate_rsa_parameters_supportedc Cs6t |j|j|j|j|j|j|jj |jj ¡|j ¡}| ||jjk¡|j ||jj¡}| |j¡}| |j¡}| |j¡}| |j¡}| |j¡}| |j¡}| |jj ¡} | |jj ¡} |j |||¡}| |dk¡|j || | |¡}| |dk¡|j ||||¡}| |dk¡| |¡}t||||jƒSrw)r-Z_check_private_key_componentsÚpÚqÚdÚdmp1Údmq1ÚiqmpÚpublic_numbersr{ÚnrWrÅrmrUrqrÆrÇrÄZRSA_set0_factorsÚRSA_set0_keyZRSA_set0_crt_paramsrÉr rX) rfÚnumbersrÌrÑrÒrÓrÔrÕrÖr{rØr|rÍrPrPrQÚload_rsa_private_numbersès>ø ÿz Backend.load_rsa_private_numberscCst |j|j¡|j ¡}| ||jjk¡|j ||jj ¡}| |j¡}| |j¡}|j ||||jj¡}| |dk¡| |¡}t|||ƒSrw)r-Z_check_public_key_componentsr{rØrWrÅrmrUrqrÆrÇrÄrÙrÉr!)rfrÚrÌr{rØr|rÍrPrPrQÚload_rsa_public_numbers s zBackend.load_rsa_public_numberscCs2|j ¡}| ||jjk¡|j ||jj¡}|Sru)rWZEVP_PKEY_newrmrUrqrÆÚ EVP_PKEY_free©rfrÍrPrPrQÚ_create_evp_pkey_gcs zBackend._create_evp_pkey_gccCs(| ¡}|j ||¡}| |dk¡|Srw)rßrWZEVP_PKEY_set1_RSArm)rfrÌrÍr|rPrPrQrÉszBackend._rsa_cdata_to_evp_pkeycCsH|j |¡}|j |t|ƒ¡}| ||jjk¡t|j ||jj ¡|ƒS)z® Return a _MemoryBIO namedtuple of (BIO, char*). The char* is the storage for the BIO and it must stay alive until the BIO is finished with. ) rUr²rWZBIO_new_mem_bufrƒrmrqrJrÆÚBIO_free)rfÚdataÚdata_ptrrKrPrPrQÚ _bytes_to_bio#szBackend._bytes_to_biocCsP|j ¡}| ||jjk¡|j |¡}| ||jjk¡|j ||jj¡}|S)z. Creates an empty memory BIO. )rWZ BIO_s_memrmrUrqZBIO_newrÆrà)rfZ bio_methodrKrPrPrQÚ_create_mem_bio_gc0s zBackend._create_mem_bio_gccCs\|j d¡}|j ||¡}| |dk¡| |d|jjk¡|j |d|¡dd…}|S)zE Reads a memory BIO. This only works on memory BIOs. zchar **rN)rUr‚rWZBIO_get_mem_datarmrqr³)rfrKr†Zbuf_lenÚbio_datarPrPrQÚ _read_mem_bio;szBackend._read_mem_biocCs´|j |¡}||jjkrX|j |¡}| ||jjk¡|j ||jj¡}t ||||j ƒS||jjkr |j |¡}| ||jjk¡|j ||jj ¡}t|||ƒS||jjkrè|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS||jvr0|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS|t|jddƒkrNt||ƒS|t|jddƒkrlt||ƒS|t|jddƒkrŠt||ƒS|t|jddƒkr¨t||ƒStdƒ‚dS)zd Return the appropriate type of PrivateKey given an evp_pkey cdata pointer. ÚEVP_PKEY_ED25519NÚ EVP_PKEY_X448ÚEVP_PKEY_X25519ÚEVP_PKEY_ED448úUnsupported key type.)rWÚEVP_PKEY_idÚEVP_PKEY_RSAÚEVP_PKEY_get1_RSArmrUrqrÆrÇr rXÚEVP_PKEY_DSAÚEVP_PKEY_get1_DSAÚDSA_freerÚEVP_PKEY_ECÚEVP_PKEY_get1_EC_KEYÚEC_KEY_freerrbÚEVP_PKEY_get1_DHÚDH_freer rrrr$r"rr©rfrÍÚkey_typerÌÚ dsa_cdataÚec_cdataÚdh_cdatarPrPrQÚ_evp_pkey_to_private_keyFs@ ÿ z Backend._evp_pkey_to_private_keycCs°|j |¡}||jjkrT|j |¡}| ||jjk¡|j ||jj¡}t |||ƒS||jj krœ|j |¡}| ||jjk¡|j ||jj¡}t |||ƒS||jjkrä|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS||jvr,|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS|t|jddƒkrJt||ƒS|t|jddƒkrht||ƒS|t|jddƒkr†t||ƒS|t|jddƒkr¤t||ƒStdƒ‚dS)zc Return the appropriate type of PublicKey given an evp_pkey cdata pointer. rçNrèrérêrë)rWrìrírîrmrUrqrÆrÇr!rïrðrñrròrórôrrbrõrörrrrr%r#rrr÷rPrPrQÚ_evp_pkey_to_public_keyss< zBackend._evp_pkey_to_public_keycCs6|jjr&t|tjtjtjtjtjfƒSt|tjƒSdSru) rWZCryptography_HAS_RSA_OAEP_MDr”r'ršÚSHA224ÚSHA256ÚSHA384ÚSHA512r›rPrPrQÚ_oaep_hash_supportedžsûþzBackend._oaep_hash_supportedcCsªt|tƒrdSt|tƒrNt|jtƒrN|jr>t|jjtjƒr>dS| |jj¡SnXt|t ƒr¢t|jtƒr¢| |jj¡o | |j¡o |jdup t |jƒdkp |jjdkSdSdS)NTrrSF)r”r0r1Z_mgfr.rZZ _algorithmr'ršr–r/rZ_labelrƒrWZCryptography_HAS_RSA_OAEP_LABEL)rfZpaddingrPrPrQÚrsa_padding_supporteds ÿ ÿ û zBackend.rsa_padding_supportedc Cs~|dvrtdƒ‚|j ¡}| ||jjk¡|j ||jj¡}|j |||jjd|jj|jj|jj¡}| |dk¡t ||ƒS)N)irRiiz0Key size must be 1024, 2048, 3072, or 4096 bits.rrS) r¥rWÚDSA_newrmrUrqrÆrñZDSA_generate_parameters_exr)rfrËÚctxr|rPrPrQÚgenerate_dsa_parametersÄs$ÿ ù zBackend.generate_dsa_parameterscCsT|j |j¡}| ||jjk¡|j ||jj¡}|j |¡| |¡}t |||ƒSru)rWZ DSAparams_dupZ _dsa_cdatarmrUrqrÆrñZDSA_generate_keyÚ_dsa_cdata_to_evp_pkeyr)rfÚ parametersrrÍrPrPrQÚgenerate_dsa_private_keyÜs z Backend.generate_dsa_private_keycCs| |¡}| |¡Sru)rr )rfrËrrPrPrQÚ'generate_dsa_private_key_and_parametersås z/Backend.generate_dsa_private_key_and_parameterscCsB|j ||||¡}| |dk¡|j |||¡}| |dk¡dSrw)rWÚDSA_set0_pqgrmZDSA_set0_key)rfrùrÑrÒÚgÚpub_keyÚpriv_keyr|rPrPrQÚ_dsa_cdata_set_valuesészBackend._dsa_cdata_set_valuesc Cs¨t |¡|jj}|j ¡}| ||jjk¡|j ||jj ¡}| |j¡}| |j ¡}| |j¡}| |jj¡}| |j¡}| ||||||¡| |¡} t||| ƒSru)r*Z_check_dsa_private_numbersr×Úparameter_numbersrWrrmrUrqrÆrñrÄrÑrÒrÚyÚxrrr) rfrÚrrùrÑrÒrr rrÍrPrPrQÚload_dsa_private_numbersïs z Backend.load_dsa_private_numbersc Cs¢t |j¡|j ¡}| ||jjk¡|j ||jj ¡}| |jj¡}| |jj¡}| |jj ¡}| |j¡}|jj}| ||||||¡| |¡}t|||ƒSru)r*Ú_check_dsa_parametersrrWrrmrUrqrÆrñrÄrÑrÒrrrrr) rfrÚrùrÑrÒrr rrÍrPrPrQÚload_dsa_public_numberss zBackend.load_dsa_public_numberscCs†t |¡|j ¡}| ||jjk¡|j ||jj¡}| |j ¡}| |j¡}| |j¡}|j ||||¡}| |dk¡t||ƒSrw)r*rrWrrmrUrqrÆrñrÄrÑrÒrrr)rfrÚrùrÑrÒrr|rPrPrQÚload_dsa_parameter_numberss z"Backend.load_dsa_parameter_numberscCs(| ¡}|j ||¡}| |dk¡|Srw)rßrWZEVP_PKEY_set1_DSArm)rfrùrÍr|rPrPrQr!szBackend._dsa_cdata_to_evp_pkey)ÚreturncCs|jSru)rZrerPrPrQÚ dsa_supported'szBackend.dsa_supported)rŠrcCs| ¡sdS| |¡Sr“)rr–r›rPrPrQÚdsa_hash_supported*szBackend.dsa_hash_supportedcCsdSr™rP)rfrÑrÒrrPrPrQÚdsa_parameters_supported/sz Backend.dsa_parameters_supportedcCs| |td|jƒ¡S)Nó)r¤r<Z block_sizer›rPrPrQÚcmac_algorithm_supported2sÿz Backend.cmac_algorithm_supportedcCs t||ƒSrur r›rPrPrQÚcreate_cmac_ctx7szBackend.create_cmac_ctxcCs| |jj|j||¡Sru)Ú _load_keyrWZPEM_read_bio_PrivateKeyrü)rfráÚpasswordrPrPrQÚload_pem_private_key:süzBackend.load_pem_private_keycCsÖ| |¡}|j |j|jj|jj|jj¡}||jjkrR|j ||jj¡}| |¡S| ¡|j |j¡}| |dk¡|j |j|jj|jj|jj¡}||jjkrÊ|j ||jj ¡}| |¡}t|||ƒS| ¡dSrw)rãrWZPEM_read_bio_PUBKEYrKrUrqrÆrÝrýr¹Ú BIO_resetrmZPEM_read_bio_RSAPublicKeyrÇrÉr!Ú_handle_key_loading_error©rfráÚmem_biorÍr|rÌrPrPrQÚload_pem_public_keyBs$ ÿ ÿ zBackend.load_pem_public_keycCs^| |¡}|j |j|jj|jj|jj¡}||jjkrR|j ||jj¡}t||ƒS| ¡dSru) rãrWZPEM_read_bio_DHparamsrKrUrqrÆrörr")rfrár$rûrPrPrQÚload_pem_parameters[s ÿ zBackend.load_pem_parameterscCs>| |¡}| ||¡}|r$| |¡S| |jj|j||¡SdSru)rãÚ"_evp_pkey_from_der_traditional_keyrürrWZd2i_PKCS8PrivateKey_bio)rfrárrår‰rPrPrQÚload_der_private_keygs üzBackend.load_der_private_keycCs^|j |j|jj¡}||jjkrN| ¡|j ||jj¡}|durJtdƒ‚|S| ¡dSdS)Nú4Password was given but private key is not encrypted.) rWÚd2i_PrivateKey_biorKrUrqr¹rÆrÝÚ TypeError)rfrårr‰rPrPrQr'zsÿz*Backend._evp_pkey_from_der_traditional_keycCs¾| |¡}|j |j|jj¡}||jjkrF|j ||jj¡}| |¡S| ¡|j |j¡}| |dk¡|j |j|jj¡}||jjkr²|j ||jj ¡}| |¡}t|||ƒS| ¡dSrw)rãrWZd2i_PUBKEY_biorKrUrqrÆrÝrýr¹r!rmZd2i_RSAPublicKey_biorÇrÉr!r"r#rPrPrQÚload_der_public_keys ÿ zBackend.load_der_public_keycCsº| |¡}|j |j|jj¡}||jjkrF|j ||jj¡}t||ƒS|jj r®| ¡|j |j¡}| |dk¡|j |j|jj¡}||jjkr®|j ||jj¡}t||ƒS| ¡dSrw)rãrWZd2i_DHparams_biorKrUrqrÆrörrcr¹r!rmZCryptography_d2i_DHxparams_bior")rfrár$rûr|rPrPrQÚload_der_parameters¤s ÿ zBackend.load_der_parameters)ÚcertrcCsT| tjj¡}| |¡}|j |j|jj ¡}| ||jj k¡|j ||jj¡}|Sru) Úpublic_bytesr(ÚEncodingÚDERrãrWZd2i_X509_biorKrUrqrmrÆÚ X509_free)rfr.rár$rrPrPrQÚ _cert2ossl¸s zBackend._cert2ossl)rrcCs4| ¡}|j ||¡}| |dk¡t | |¡¡Srw)rärWZi2d_X509_biormÚ rust_x509Zload_der_x509_certificateræ)rfrrKr|rPrPrQÚ _ossl2certÀszBackend._ossl2cert)ÚcsrrcCsT| tjj¡}| |¡}|j |j|jj ¡}| ||jj k¡|j ||jj¡}|Sru) r/r(r0r1rãrWZd2i_X509_REQ_biorKrUrqrmrÆZ X509_REQ_free)rfr6rár$Úx509_reqrPrPrQÚ _csr2osslÆs zBackend._csr2ossl)r7rcCs4| ¡}|j ||¡}| |dk¡t | |¡¡Srw)rärWZi2d_X509_REQ_biormr4Zload_der_x509_csrræ)rfr7rKr|rPrPrQÚ _ossl2csrÎszBackend._ossl2csr)ÚcrlrcCsT| tjj¡}| |¡}|j |j|jj ¡}| ||jj k¡|j ||jj¡}|Sru) r/r(r0r1rãrWZd2i_X509_CRL_biorKrUrqrmrÆZ X509_CRL_free)rfr:rár$Úx509_crlrPrPrQÚ _crl2osslÖs zBackend._crl2ossl)r;rcCs4| ¡}|j ||¡}| |dk¡t | |¡¡Srw)rärWZi2d_X509_CRL_biormr4Zload_der_x509_crlræ)rfr;rKr|rPrPrQÚ _ossl2crlÞszBackend._ossl2crl)r:Ú public_keyrcCsJt|tttfƒstdƒ‚| |¡}|j ||j¡}|dkrF| ¡dSdS)NzGExpecting one of DSAPublicKey, RSAPublicKey, or EllipticCurvePublicKey.rSFT) r”rr!rr+r<rWZX509_CRL_verifyÚ _evp_pkeyr¹)rfr:r>r;r|rPrPrQÚ_crl_is_signature_validæs ýþÿ zBackend._crl_is_signature_validcCs`| |¡}|j |¡}| ||jjk¡|j ||jj¡}|j ||¡}|dkr\| ¡dSdS)NrSFT) r8rWZX509_REQ_get_pubkeyrmrUrqrÆrÝZX509_REQ_verifyr¹)rfr6r7Zpkeyr|rPrPrQÚ_csr_is_signature_validþs zBackend._csr_is_signature_validcCs"|j |j|j¡dkrtdƒ‚dS)NrSzKeys do not correspond)rWZEVP_PKEY_cmpr?r¥)rfZkey1Zkey2rPrPrQÚ_check_keys_correspond szBackend._check_keys_correspondc Cs&| |¡}|j d¡}|durFt d|¡|j |¡}||_t|ƒ|_||j |jj |j |jj d¡|ƒ}||jj krÆ|jdkr¾| ¡|jdkrštdƒ‚qÆ|jdks¨J‚td |jd ¡ƒ‚n| ¡| ¡|j ||jj¡}|durú|jdkrútd ƒ‚|dur|jd ks|dusJ‚||ƒS)NzCRYPTOGRAPHY_PASSWORD_DATA *rZCryptography_pem_password_cbréÿÿÿÿz3Password was not given but private key is encryptedéþÿÿÿzAPasswords longer than {} bytes are not supported by this backend.rSr))rãrUr‚rÚ_check_bytesliker²rrƒr´rKrqZ addressofrWZ _original_libÚerrorr¹r+r¥rhÚmaxsizer"rÆrÝZcalled) rfZopenssl_read_funcZconvert_funcrárr$ZuserdataZpassword_ptrrÍrPrPrQrsT ÿú ÿÿÿÿÿÿþzBackend._load_keycs¨ˆ ¡}|stdƒ‚nŽ|d ˆjjˆjj¡sf|d ˆjjˆjj¡sfˆjjrp|d ˆjj ˆjj ¡rptdƒ‚n4t‡fdd„|Dƒƒrtdƒ‚nt |¡}td|ƒ‚dS)Nz|Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.rz Bad decrypt. Incorrect password?c3s"|]}| ˆjjˆjj¡VqdSru)Ú_lib_reason_matchrWÚERR_LIB_EVPZ'EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM)Ú.0rFrerPrQÚ bs üþz4Backend._handle_key_loading_error..z!Unsupported public key algorithm.zÊCould not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).)r¹r¥rHrWrIZEVP_R_BAD_DECRYPTZERR_LIB_PKCS12Z!PKCS12_R_PKCS12_CIPHERFINAL_ERRORZCryptography_HAS_PROVIDERSZERR_LIB_PROVZPROV_R_BAD_DECRYPTÚanyr&Z_errors_with_text)rfrkrPrerQr"Fs>ÿÿÿþü ÷ þö û ûz!Backend._handle_key_loading_errorcCstz| |¡}Wnty(|jj}Yn0|j |¡}||jjkrN| ¡dS| ||jjk¡|j |¡dSdS)NFT) Ú_elliptic_curve_to_nidrrWÚ NID_undefZEC_GROUP_new_by_curve_namerUrqr¹rmZ EC_GROUP_free)rfÚcurveÚ curve_nidÚgrouprPrPrQÚelliptic_curve_supportedusz Backend.elliptic_curve_supportedcCst|tjƒsdS| |¡Sr“)r”r+ZECDSArR)rfZsignature_algorithmrOrPrPrQÚ,elliptic_curve_signature_algorithm_supported…sz4Backend.elliptic_curve_signature_algorithm_supportedcCs\| |¡rD| |¡}|j |¡}| |dk¡| |¡}t|||ƒStd |j ¡t jƒ‚dS)z@ Generate a new private key on the named curve. rSz#Backend object does not support {}.N)rRÚ_ec_key_new_by_curverWZEC_KEY_generate_keyrmÚ_ec_cdata_to_evp_pkeyrrrhrrÚUNSUPPORTED_ELLIPTIC_CURVE)rfrOrúr|rÍrPrPrQÚ#generate_elliptic_curve_private_keyŽs þz+Backend.generate_elliptic_curve_private_keycCsz|j}| |j¡}|j | |j¡|jj¡}|j ||¡}|dkrR| ¡tdƒ‚| ||j |j¡}| |¡}t|||ƒS)NrSúInvalid EC key.)r×rTrOrUrÆrÄÚ private_valuerWÚ BN_clear_freeÚEC_KEY_set_private_keyr¹r¥Ú)_ec_key_set_public_key_affine_coordinatesrrrUr)rfrÚZpublicrúrYr|rÍrPrPrQÚ#load_elliptic_curve_private_numbers¢sÿ ÿ z+Backend.load_elliptic_curve_private_numberscCs4| |j¡}| ||j|j¡}| |¡}t|||ƒSru)rTrOr\rrrUr)rfrÚrúrÍrPrPrQÚ"load_elliptic_curve_public_numbers·s ÿ z*Backend.load_elliptic_curve_public_numbersc Csâ| |¡}|j |¡}| ||jjk¡|j |¡}| ||jjk¡|j ||jj¡}| ¡@}|j |||t|ƒ|¡}|dkr’| ¡t dƒ‚Wdƒn1s¦0Y|j ||¡}| |dk¡| |¡}t|||ƒS)NrSz(Invalid public bytes for the given curve)rTrWÚEC_KEY_get0_grouprmrUrqÚEC_POINT_newrÆÚ EC_POINT_freeÚ_tmp_bn_ctxZEC_POINT_oct2pointrƒr¹r¥ÚEC_KEY_set_public_keyrUr) rfrOZpoint_bytesrúrQÚpointÚbn_ctxr|rÍrPrPrQÚ load_elliptic_curve_public_bytesÀs" ÿ& z(Backend.load_elliptic_curve_public_bytesc Csb| |¡}| |¡\}}|j |¡}| ||jjk¡|j ||jj¡}| |¡}|j ||jj ¡}| ¡|}|j ||||jj|jj|¡} | | dk¡|j |¡} |j |¡}|||| ||ƒ} | dkrÚ| ¡tdƒ‚Wdƒn1sî0Y|j ||¡} | | dk¡| |¡}|j ||jj ¡}|j ||¡} | | dk¡| |¡} t||| ƒS)NrSz'Unable to derive key from private_value)rTÚ _ec_key_determine_group_get_funcrWr`rmrUrqrÆrarÄrZrbZEC_POINT_mulZ BN_CTX_getr¹r¥rcr[rUr)rfrYrOrúÚget_funcrQrdÚvaluerer|Zbn_xZbn_yZprivaterÍrPrPrQÚ!derive_elliptic_curve_private_keyÔs4 ÿ& z)Backend.derive_elliptic_curve_private_keycCs| |¡}| |¡Sru)rMÚ_ec_key_new_by_curve_nid)rfrOrPrPrPrQrTùs zBackend._ec_key_new_by_curvecCs0|j |¡}| ||jjk¡|j ||jj¡Sru)rWZEC_KEY_new_by_curve_namermrUrqrÆrô)rfrPrúrPrPrQrkýsz Backend._ec_key_new_by_curve_nidcCs,|jrt||jƒsdS| |¡o*t|tjƒSr“)rZr”Ú_fips_ecdh_curvesrRr+ZECDH)rfrŠrOrPrPrQÚ+elliptic_curve_exchange_algorithm_supportedsÿÿz3Backend.elliptic_curve_exchange_algorithm_supportedcCs(| ¡}|j ||¡}| |dk¡|Srw)rßrWZEVP_PKEY_set1_EC_KEYrm)rfrúrÍr|rPrPrQrUszBackend._ec_cdata_to_evp_pkeycCsNdddœ}| |j|j¡}|j | ¡¡}||jjkrJtd |j¡tj ƒ‚|S)z/ Get the NID for a curve name. Z prime192v1Z prime256v1)Z secp192r1Z secp256r1z${} is not a supported elliptic curve) ÚgetrrWÚ OBJ_sn2nidrŽrNrrhrrV)rfrOZ curve_aliasesZ curve_namerPrPrPrQrMs þzBackend._elliptic_curve_to_nidc csd|j ¡}| ||jjk¡|j ||jj¡}|j |¡z|VW|j |¡n|j |¡0dSru) rWZ BN_CTX_newrmrUrqrÆZBN_CTX_freeZBN_CTX_startZ BN_CTX_end)rfrerPrPrQrb#s zBackend._tmp_bn_ctxcCs¼| ||jjk¡|j d¡}| ||jjk¡|j |¡}| ||jjk¡|j |¡}| ||jjk¡|j |¡}| ||jjk¡||kr¤|jj r¤|jj }n|jj}|s´J‚||fS)zu Given an EC_KEY determine the group and what function is required to get point coordinates. scharacteristic-two-field)rmrUrqrWrorNr_ZEC_GROUP_method_ofZEC_METHOD_get_field_typeZCryptography_HAS_EC2MZ$EC_POINT_get_affine_coordinates_GF2mZ#EC_POINT_get_affine_coordinates_GFp)rfrZ nid_two_fieldrQÚmethodÚnidrhrPrPrQrg.s z(Backend._ec_key_determine_group_get_funccCst|dks|dkrtdƒ‚|j | |¡|jj¡}|j | |¡|jj¡}|j |||¡}|dkrp| ¡tdƒ‚|S)zg Sets the public key point in the EC_KEY context to the affine x and y values. rz2Invalid EC key. Both x and y must be non-negative.rSrX)r¥rUrÆrÄrWrÈZ(EC_KEY_set_public_key_affine_coordinatesr¹)rfrrrr|rPrPrQr\Jsÿz1Backend._ec_key_set_public_key_affine_coordinatesc Cs(t|tjƒstdƒ‚t|tjƒs(tdƒ‚t|tjƒs|j j}n | |j jkrV|j j}nt d ƒ‚| |||¡S|tjjurä|rˆt dƒ‚| |j jkr |j j}n8| |j jkr¸|j j}n | |j jkrÐ|j j}nt d ƒ‚| ||¡St dƒ‚|tjjur|tjjurt !||¡St d ƒ‚t dƒ‚dS)Nú/encoding must be an item from the Encoding enumz2format must be an item from the PrivateFormat enumzBEncryption algorithm must be a KeySerializationEncryption instancerpiÿzBPasswords longer than 1023 bytes are not supported by this backendzUnsupported encryption typezUnsupported encoding for PKCS8zCEncrypted traditional OpenSSL format is not supported in FIPS mode.z+Unsupported key type for TraditionalOpenSSLzDEncryption is not supported for DER encoded traditional OpenSSL keysz+Unsupported encoding for TraditionalOpenSSLz=OpenSSH private key format can only be used with PEM encodingúformat is invalid with this key)"r”r(r0r+Z PrivateFormatZKeySerializationEncryptionÚNoEncryptionÚBestAvailableEncryptionrrƒr¥ZPKCS8ÚPEMrWZPEM_write_bio_PKCS8PrivateKeyr1Zi2d_PKCS8PrivateKey_bioÚ_private_key_bytes_via_bioZTraditionalOpenSSLrZrìríZPEM_write_bio_RSAPrivateKeyrïZPEM_write_bio_DSAPrivateKeyròZPEM_write_bio_ECPrivateKeyZi2d_RSAPrivateKey_bioZi2d_ECPrivateKey_bioZi2d_DSAPrivateKey_bioÚ_bio_func_outputÚOpenSSHrFZserialize_ssh_private_key) rfÚencodingrhÚencryption_algorithmr‰rÍÚcdatarÚ write_biorørPrPrQÚ_private_key_bytes^s˜ÿÿÿÿÿ ÿÿÿ ÿÿÿ ÿÿzBackend._private_key_bytesc Cs<|s|jj}n|j d¡}| ||||t|ƒ|jj|jj¡S)Nsaes-256-cbc)rUrqrWÚEVP_get_cipherbynamerxrƒ)rfr}rÍrr£rPrPrQrwÇs ùz"Backend._private_key_bytes_via_biocGs0| ¡}||g|¢RŽ}| |dk¡| |¡Srw)rärmræ)rfr}ÚargsrKr|rPrPrQrxØszBackend._bio_func_outputcCst|tjƒstdƒ‚t|tjƒs(tdƒ‚|tjjurt|tjjurJ|jj}n|tjj ur`|jj }ntdƒ‚| ||¡S|tjj urà|j |¡}||jjkr tdƒ‚|tjjur¶|jj}n|tjj urÌ|jj}ntdƒ‚| ||¡S|tjjur|tjjurt |¡Stdƒ‚tdƒ‚dS)Nrrz1format must be an item from the PublicFormat enumz8SubjectPublicKeyInfo works only with PEM or DER encodingz+PKCS1 format is supported only for RSA keysz)PKCS1 works only with PEM or DER encodingz1OpenSSH format must be used with OpenSSH encodingrs)r”r(r0r+ZPublicFormatZSubjectPublicKeyInforvrWZPEM_write_bio_PUBKEYr1Zi2d_PUBKEY_bior¥rxZPKCS1rìríZPEM_write_bio_RSAPublicKeyZi2d_RSAPublicKey_bioryrFZserialize_ssh_public_key)rfrzrhr‰rÍr|r}rørPrPrQÚ_public_key_bytesÞs@ÿ ÿ ÿzBackend._public_key_bytescCsÌ|tjjurtdƒ‚|j d¡}|j ||jj||jj¡|tjj urj|d|jjkr`|jj }q¢|jj}n8|tjjurš|d|jjkr|jj }q¢|jj}ntdƒ‚| ¡}|||ƒ}| |dk¡| |¡S)Nz!OpenSSH encoding is not supportedz BIGNUM **rrrrS)r(r0ryr+rUr‚rWZDH_get0_pqgrqrvZPEM_write_bio_DHxparamsZPEM_write_bio_DHparamsr1ZCryptography_i2d_DHxparams_bioZi2d_DHparams_biorärmræ)rfrzrhr|rÒr}rKr|rPrPrQÚ_parameter_bytess" zBackend._parameter_bytescCs |jjSru©rWÚCRYPTOGRAPHY_IS_BORINGSSLrerPrPrQÚdh_supported'szBackend.dh_supportedcCs†|tjkrtd tj¡ƒ‚|dvr*tdƒ‚|j ¡}| ||jjk¡|j ||jj ¡}|j ||||jj¡}| |dk¡t||ƒS)Nz$DH key_size must be at least {} bits)éézDH generator must be 2 or 5rS) r)Z_MIN_MODULUS_SIZEr¥rhrWÚDH_newrmrUrqrÆröZDH_generate_parameters_exr)rfÚ generatorrËZdh_param_cdatar|rPrPrQÚgenerate_dh_parameters*s ÿÿ ÿzBackend.generate_dh_parameterscCs(| ¡}|j ||¡}| |dk¡|Srw)rßrWZEVP_PKEY_set1_DHrm)rfrûrÍr|rPrPrQÚ_dh_cdata_to_evp_pkey@szBackend._dh_cdata_to_evp_pkeycCs<t|j|ƒ}|j |¡}| |dk¡| |¡}t|||ƒSrw)rZ _dh_cdatarWZDH_generate_keyrmr‹r )rfrZdh_key_cdatar|rÍrPrPrQÚgenerate_dh_private_keyFs zBackend.generate_dh_private_keycCs| | ||¡¡Sru)rŒrŠ)rfr‰rËrPrPrQÚ&generate_dh_private_key_and_parametersPs ÿz.Backend.generate_dh_private_key_and_parameterscCs>|jj}|j ¡}| ||jjk¡|j ||jj¡}| |j ¡}| |j¡}|jdurf| |j¡}n|jj}| |jj ¡}| |j¡}|j ||||¡} | | dk¡|j |||¡} | | dk¡|j dd¡} |j || ¡} | | dk¡| ddkr(|jdkr | d|jjAdks(tdƒ‚| |¡}t|||ƒS)NrSúint[]rr†z.DH private numbers did not pass safety checks.)r×rrWrˆrmrUrqrÆrörÄrÑrrÒrrÚDH_set0_pqgÚDH_set0_keyr‚ÚCryptography_DH_checkZDH_NOT_SUITABLE_GENERATORr¥r‹r )rfrÚrrûrÑrrÒr rr|ÚcodesrÍrPrPrQÚload_dh_private_numbersUs4 ÿþ zBackend.load_dh_private_numbersc CsÐ|j ¡}| ||jjk¡|j ||jj¡}|j}| |j ¡}| |j ¡}|jdurd| |j¡}n|jj}| |j¡}|j ||||¡}| |dk¡|j |||jj¡}| |dk¡| |¡} t||| ƒSrw)rWrˆrmrUrqrÆrörrÄrÑrrÒrrrr‹r) rfrÚrûrrÑrrÒr r|rÍrPrPrQÚload_dh_public_numbersƒs zBackend.load_dh_public_numberscCs|j ¡}| ||jjk¡|j ||jj¡}| |j¡}| |j ¡}|j dur^| |j ¡}n|jj}|j ||||¡}| |dk¡t||ƒSrw) rWrˆrmrUrqrÆrörÄrÑrrÒrr)rfrÚrûrÑrrÒr|rPrPrQÚload_dh_parameter_numbersžs z!Backend.load_dh_parameter_numberscCs´|j ¡}| ||jjk¡|j ||jj¡}| |¡}| |¡}|durV| |¡}n|jj}|j ||||¡}| |dk¡|j dd¡}|j ||¡}| |dk¡|ddkS)NrSrŽr)rWrˆrmrUrqrÆrörÄrr‚r‘)rfrÑrrÒrûr|r’rPrPrQÚdh_parameters_supported°s zBackend.dh_parameters_supportedcCs|jjdkSrw)rWrcrerPrPrQÚdh_x942_serialization_supportedÆsz'Backend.dh_x942_serialization_supportedcCsht|ƒdkrtdƒ‚| ¡}|j ||jj¡}| |dk¡|j ||t|ƒ¡}| |dk¡t||ƒS)Né z%An X25519 public key is 32 bytes longrS) rƒr¥rßrWZEVP_PKEY_set_typeÚ NID_X25519rmZEVP_PKEY_set1_tls_encodedpointr#)rfrárÍr|rPrPrQÚx25519_load_public_bytesÉs ÿz Backend.x25519_load_public_bytescCsÀt|ƒdkrtdƒ‚d}| d¡F}||dd…<||dd…<| |¡}|j |j|jj¡}Wdƒn1sn0Y| ||jjk¡|j ||jj¡}| |j |¡|jj k¡t||ƒS)Nr˜z&An X25519 private key is 32 bytes longs0.0+en" é0ré)rƒr¥Ú_zeroed_bytearrayrãrWr*rKrUrqrmrÆrÝrìrér")rfráZpkcs8_prefixÚbarKrÍrPrPrQÚx25519_load_private_bytesØs 2ÿz!Backend.x25519_load_private_bytescCs¨|j ||jj¡}| ||jjk¡|j ||jj¡}|j |¡}| |dk¡|j d¡}|j ||¡}| |dk¡| |d|jjk¡|j |d|jj ¡}|S)NrSúEVP_PKEY **r)rWZEVP_PKEY_CTX_new_idrUrqrmrÆZEVP_PKEY_CTX_freeZEVP_PKEY_keygen_initr‚ZEVP_PKEY_keygenrÝ)rfrqZevp_pkey_ctxr|Z evp_ppkeyrÍrPrPrQÚ_evp_pkey_keygen_gcúszBackend._evp_pkey_keygen_gccCs| |jj¡}t||ƒSru)r¡rWr™r"rÞrPrPrQÚx25519_generate_keyszBackend.x25519_generate_keycCs|jr dS|jjSr“)rZrWÚCRYPTOGRAPHY_IS_LIBRESSLrerPrPrQÚx25519_supportedszBackend.x25519_supportedcCs`t|ƒdkrtdƒ‚|j |jj|jj|t|ƒ¡}| ||jjk¡|j ||jj ¡}t ||ƒS)Né8z#An X448 public key is 56 bytes long)rƒr¥rWÚEVP_PKEY_new_raw_public_keyÚNID_X448rUrqrmrÆrÝr%©rfrárÍrPrPrQÚx448_load_public_bytessÿzBackend.x448_load_public_bytescCslt|ƒdkrtdƒ‚|j |¡}|j |jj|jj|t|ƒ¡}| ||jjk¡|j ||jj ¡}t||ƒS)Nr¥z$An X448 private key is 56 bytes long)rƒr¥rUr²rWÚEVP_PKEY_new_raw_private_keyr§rqrmrÆrÝr$©rfrárârÍrPrPrQÚx448_load_private_bytessÿzBackend.x448_load_private_bytescCs| |jj¡}t||ƒSru)r¡rWr§r$rÞrPrPrQÚx448_generate_key'szBackend.x448_generate_keycCs|jr dS|jjo|jjSr“)rZrWZ"CRYPTOGRAPHY_OPENSSL_LESS_THAN_111r„rerPrPrQÚx448_supported+s þzBackend.x448_supportedcCs|jr dS|jjSr“)rZrWÚ#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111BrerPrPrQÚed25519_supported3szBackend.ed25519_supportedcCsnt d|¡t|ƒtjkr"tdƒ‚|j |jj|j j |t|ƒ¡}| ||j j k¡|j ||jj ¡}t||ƒS)Nráz&An Ed25519 public key is 32 bytes long)rÚ_check_bytesrƒr,Ú_ED25519_KEY_SIZEr¥rWr¦ÚNID_ED25519rUrqrmrÆrÝrr¨rPrPrQÚed25519_load_public_bytes8sÿz!Backend.ed25519_load_public_bytescCszt|ƒtjkrtdƒ‚t d|¡|j |¡}|j |jj |jj|t|ƒ¡}| ||jjk¡|j ||jj¡}t||ƒS)Nz'An Ed25519 private key is 32 bytes longrá)rƒr,r²r¥rrErUr²rWrªr³rqrmrÆrÝrr«rPrPrQÚed25519_load_private_bytesFsÿz"Backend.ed25519_load_private_bytescCs| |jj¡}t||ƒSru)r¡rWr³rrÞrPrPrQÚed25519_generate_keyTszBackend.ed25519_generate_keycCs|jr dS|jjo|jjSr“)rZrWr¯r„rerPrPrQÚed448_supportedXs þzBackend.ed448_supportedcCslt d|¡t|ƒtkr tdƒ‚|j |jj|jj |t|ƒ¡}| ||jj k¡|j ||jj¡}t ||ƒS)Nráz$An Ed448 public key is 57 bytes long)rr±rƒrr¥rWr¦Ú NID_ED448rUrqrmrÆrÝrr¨rPrPrQÚed448_load_public_bytes`sÿzBackend.ed448_load_public_bytescCsxt d|¡t|ƒtkr tdƒ‚|j |¡}|j |jj |jj |t|ƒ¡}| ||jj k¡|j ||jj ¡}t||ƒS)Nráz%An Ed448 private key is 57 bytes long)rrErƒrr¥rUr²rWrªr¸rqrmrÆrÝrr«rPrPrQÚed448_load_private_bytesmsÿz Backend.ed448_load_private_bytescCs| |jj¡}t||ƒSru)r¡rWr¸rrÞrPrPrQÚed448_generate_key{szBackend.ed448_generate_keycCs†|j d|¡}|j |¡}|j |t|ƒ|t|ƒ|||tj||¡ } | dkrr| ¡} d||d}t d |¡| ƒ‚|j |¡dd…S)Nr±rSé€izJNot enough memory to derive key. These parameters require {} MB of memory.)rUr‚r²rWZEVP_PBE_scryptrƒrDZ _MEM_LIMITrºÚMemoryErrorrhr³)rfr¶rµr´rØÚrrÑr†r·r|rkZ min_memoryrPrPrQÚ derive_scrypts0öÿýzBackend.derive_scryptcCs2t |¡}|jr||jvrdS|j |¡|jjkSr“)rZ_aead_cipher_namerZÚ _fips_aeadrWrrUrq)rfr¡Úcipher_namerPrPrQÚaead_cipher_supportedšs zBackend.aead_cipher_supportedc cs2t|ƒ}z|VW| ||¡n| ||¡0dS)zÁ This method creates a bytearray, which we copy data into (hopefully also from a mutable buffer that can be dynamically erased!), and then zero when we're done. N)Ú bytearrayÚ _zero_data)rfr´ržrPrPrQr szBackend._zeroed_bytearraycCst|ƒD]}d||<qdSrn)Úrange)rfrár´ÚirPrPrQrÄszBackend._zero_dataccs||dur|jjVndt|ƒ}|j d|d¡}|j |||¡z |VW| |j d|¡|¡n| |j d|¡|¡0dS)aâ This method takes bytes, which can be a bytestring or a mutable buffer like a bytearray, and yields a null-terminated version of that data. This is required because PKCS12_parse doesn't take a length with its password char * and ffi.from_buffer doesn't provide null termination. So, to support zeroing the data via bytearray we need to build this ridiculous construct that copies the memory, but zeroes it after use. NrrSz uint8_t *)rUrqrƒr‚ZmemmoverÄÚcast)rfráZdata_lenr†rPrPrQÚ_zeroed_null_terminated_buf´sz#Backend._zeroed_null_terminated_bufcCs2| ||¡}|j|jr|jjnddd„|jDƒfS)NcSsg|] }|j‘qSrP)Úcertificate)rJr.rPrPrQÚ ÐrpzABackend.load_key_and_certificates_from_pkcs12..)Úload_pkcs12r‰r.rÉZadditional_certs)rfrárZpkcs12rPrPrQÚ%load_key_and_certificates_from_pkcs12Ës ýz-Backend.load_key_and_certificates_from_pkcs12cCsŠ|durt d|¡| |¡}|j |j|jj¡}||jjkrN| ¡t dƒ‚|j ||jj¡}|j d¡}|j d¡}|j d¡}| |¡$}|j |||||¡} Wdƒn1s¸0Y|jjrÒ| ¡| dkrê| ¡t dƒ‚d} d}g}|d|jjkr(|j |d|jj¡} | | ¡}|d|jjkr”|j |d|jj¡}| |¡}d}|j ||jj¡}||jjkrŠ|j |¡}t||ƒ} |d|jjkr~|j |d|jj¡}|j |d¡}|jjsà|jjrêt|ƒ}ntt|ƒƒ}|D]‚}|j ||¡}| ||jjk¡|j ||jj¡}| |¡}d}|j ||jj¡}||jjkrj|j |¡}| t||ƒ¡qút || |ƒS)Nrz!Could not deserialize PKCS12 datar zX509 **zCryptography_STACK_OF_X509 **rzInvalid password or PKCS12 data)!rrErãrWZd2i_PKCS12_biorKrUrqr¹r¥rÆÚPKCS12_freer‚rÈZPKCS12_parser£rÝrür2r5ZX509_alias_get0r„rGÚsk_X509_freeÚsk_X509_numÚ#CRYPTOGRAPHY_OPENSSL_300_OR_GREATERr„rÅÚreversedÚ sk_X509_valuermrdrH)rfrárrKÚp12Zevp_pkey_ptrZx509_ptrZsk_x509_ptrÚpassword_bufr|r.r‰Zadditional_certificatesrÍrZcert_objrZ maybe_nameÚsk_x509rÃÚindicesrÆZ addl_certZ addl_namerPrPrQrËÓsp ÿ" ÿþ ÿzBackend.load_pkcs12cCsÖd}|durt d|¡t|tjƒr6d}d}d} d} n4t|tjƒrb|jj}|jj}d} d} |j}nt dƒ‚|dus~t |ƒdkrˆ|jj}nZ|j ¡}|j ||jj¡}g}|D]4} | | ¡}| |¡|j ||¡}t |dk¡q¬| |¡†}| |¡Z}|r | |¡n|jj}|r|jn|jj}|j |||||||| | d¡ }Wdƒn1sZ0YWdƒn1sz0Y| ||jjk¡|j ||jj¡}| ¡}|j ||¡}| |dk¡| |¡S)NrrCri NrSzUnsupported key encryption type)rr±r”r(rtrurWZ&NID_pbe_WithSHA1And3_Key_TripleDES_CBCrr¥rƒrUrqÚsk_X509_new_nullrÆrÎr3rdÚsk_X509_pushÚbackendrmrÈr?Z PKCS12_createrÍräZi2d_PKCS12_bioræ)rfrr‰r.Zcasr{rZnid_certZnid_keyZpkcs12_iterZmac_iterrÕZossl_casÚcaZossl_car|rÔZname_bufÚ ossl_certrÍrÓrKrPrPrQÚ(serialize_key_and_certificates_to_pkcs12sbÿ öD z0Backend.serialize_key_and_certificates_to_pkcs12cCs|jr dS|jjdkSr—)rZrWZCryptography_HAS_POLY1305rerPrPrQÚpoly1305_supportedcszBackend.poly1305_supportedcCs*t d|¡t|ƒtkr tdƒ‚t||ƒS)Nr‰zA poly1305 key is 32 bytes long)rrErƒrr¥r)rfr‰rPrPrQÚcreate_poly1305_ctxhszBackend.create_poly1305_ctxcCs |jjSrurƒrerPrPrQÚpkcs7_supportedoszBackend.pkcs7_supportedcCsnt d|¡| |¡}|j |j|jj|jj|jj¡}||jjkrR| ¡t dƒ‚|j ||jj¡}| |¡S©NrázUnable to parse PKCS7 data) rr±rãrWZPEM_read_bio_PKCS7rKrUrqr¹r¥rÆÚ PKCS7_freeÚ_load_pkcs7_certificates©rfrárKÚp7rPrPrQÚload_pem_pkcs7_certificatesrs ÿz#Backend.load_pem_pkcs7_certificatescCsbt d|¡| |¡}|j |j|jj¡}||jjkrF| ¡t dƒ‚|j ||jj¡}| |¡Srà) rr±rãrWZ d2i_PKCS7_biorKrUrqr¹r¥rÆrárârãrPrPrQÚload_der_pkcs7_certificatess z#Backend.load_der_pkcs7_certificatesc CsÞ|j |j¡}| ||jjk¡||jjkr>td |¡tj ƒ‚g}|j j|jj krV|S|j jj}|j |¡}t|ƒD]d}|j ||¡}| ||jj k¡|j |¡}| |dk¡|j ||jj¡}| |¡} | | ¡qt|S)NzNOnly basic signed structures are currently supported. NID for this data was {}rS)rWZOBJ_obj2nidrŸrmrNZNID_pkcs7_signedrrhrZUNSUPPORTED_SERIALIZATIONrÓÚsignrUrqr.rÏrÅrÒZX509_up_refrÆr2r5rd) rfrärqÚcertsrÕrÃrÆrr|r.rPrPrQrâŠs.ÿý z Backend._load_pkcs7_certificatescCs´| |j¡}|jj}d}t|jƒdkr0|jj}n\|j ¡}|j ||jj ¡}g}|jD]4} | | ¡} | | ¡|j || ¡}| |dk¡qVtjj|vr°||jjO}||jjO}|j |jj|jj||jj|¡}| ||jjk¡|j ||jj¡}d} tjj|vr| |jjO} ntjj|vr.| |jjO} tjj|vrH| |jjO} |jD]H\}}}| |¡} | |¡}|j || |j|| ¡}| ||jjk¡qN|D]<}|tjjur¼||jj O}n|tjj!urœ||jj"O}qœ| #¡}|t$j%j&ur|j '|||j(|¡}n–|t$j%j)urJ|j *||j(|¡}| |dk¡|j +|||j(|¡}nR|t$j%j,us\J‚|j *||j(|¡}| |dk¡|jj-rŽ| .¡|j /||¡}| |dk¡| 0|¡S)NrrS)1rãÚ_datarWZ PKCS7_PARTIALrƒZ_additional_certsrUrqr×rÆrÎr3rdrØrmrEZPKCS7OptionsZDetachedSignatureZPKCS7_DETACHEDZ PKCS7_signráZNoCapabilitiesZPKCS7_NOSMIMECAPZNoAttributesZPKCS7_NOATTRZNoCertsZ PKCS7_NOCERTSZ_signersr’ZPKCS7_sign_add_signerr?ÚTextZ PKCS7_TEXTZBinaryZPKCS7_BINARYrär(r0ZSMIMEZSMIME_write_PKCS7rKrvZPKCS7_finalZPEM_write_bio_PKCS7_streamr1rÐr¹Z i2d_PKCS7_bioræ)rfZbuilderrzÚoptionsrKZ init_flagsZfinal_flagsrèZ ossl_certsr.rÛr|räZsigner_flagsrÉZprivate_keyZhash_algorithmZmdZp7signerinfoÚoptionZbio_outrPrPrQÚ pkcs7_sign§s~ û ÿ ÿ ÿ zBackend.pkcs7_sign)N)N)N)³rMrNrOÚ__doc__rrÀr2ržr'rþrÿrrZ SHA512_224Z SHA512_256ZSHA3_224ZSHA3_256ZSHA3_384ZSHA3_512ZSHAKE128ZSHAKE256r•r+Z SECP224R1Z SECP256R1Z SECP384R1Z SECP521R1rlZ_fips_rsa_min_key_sizeZ_fips_rsa_min_public_exponentZ_fips_dsa_min_modulusZ_fips_dh_min_key_sizeZ_fips_dh_min_modulusrgrjrmrYrvr}Ú contextlibrr~rar‡rirˆr‹rr’r–r˜rœrr¤r¨r\r®r¯r°r¸r¹rºrÀrÄrÎrÐrÛrÜrßrÉrãrärærürýrrrr r rrrrrrsrZ HashAlgorithmrrrrr r%r&r(r'r,r-rZCertificateÚtypingÚAnyr3r5ZCertificateSigningRequestr8r9ZCertificateRevocationListr<r=rIr@rArBrr"rRrSrWr]r^rfrjrTrkrmrUrMrbrgr\r~rwrxrr‚r…rŠr‹rŒrr“r”r•r–r—ršrŸr¡r¢r¤r©r¬rr®r°r´rµr¶r·r¹rºr»r¿rÂrrÄrÈrÌrËrÜrÝrÞrßrårærârírPrPrPrQrvs\ ôü 1" -+ þ þ þþ5/ % i0 ." LD rc@seZdZdd„Zdd„ZdS)r©cCs ||_dSru)Ú_fmt)rfÚfmtrPrPrQrg szGetCipherByName.__init__cCs&|jj||d ¡}|j | d¡¡S)N)r¡rtr)ròrhÚlowerrWrrŽ)rfrÙr¡rtrÁrPrPrQÚ__call__ szGetCipherByName.__call__N)rMrNrOrgrõrPrPrPrQr© sr©cCs"d |jd¡}|j | d¡¡S)Nz aes-{}-xtsr†r)rhrËrWrrŽ)rÙr¡rtrÁrPrPrQr¬ sr¬)oÚcollectionsrïrªrðr^rZcryptographyrrZcryptography.exceptionsrrZ'cryptography.hazmat.backends.interfacesrZBackendInterfaceZ$cryptography.hazmat.backends.opensslrZ,cryptography.hazmat.backends.openssl.ciphersr Z)cryptography.hazmat.backends.openssl.cmacrZ'cryptography.hazmat.backends.openssl.dhrr rrZ(cryptography.hazmat.backends.openssl.dsarrrZ'cryptography.hazmat.backends.openssl.ecrrZ,cryptography.hazmat.backends.openssl.ed25519rrZ*cryptography.hazmat.backends.openssl.ed448rrrZ+cryptography.hazmat.backends.openssl.hashesrZ)cryptography.hazmat.backends.openssl.hmacrZ-cryptography.hazmat.backends.openssl.poly1305rrZ(cryptography.hazmat.backends.openssl.rsar r!Z+cryptography.hazmat.backends.openssl.x25519r"r#Z)cryptography.hazmat.backends.openssl.x448r$r%Z"cryptography.hazmat.bindings._rustr4Z$cryptography.hazmat.bindings.opensslr&Zcryptography.hazmat.primitivesr'r(Z)cryptography.hazmat.primitives.asymmetricr)r*r+r,r-Z1cryptography.hazmat.primitives.asymmetric.paddingr.r/r0r1Z1cryptography.hazmat.primitives.ciphers.algorithmsr2r3r4r5r6r7r8r9r:r;Z,cryptography.hazmat.primitives.ciphers.modesr<r=r>r?r@rArBrCZ"cryptography.hazmat.primitives.kdfrDZ,cryptography.hazmat.primitives.serializationrErFZ3cryptography.hazmat.primitives.serialization.pkcs12rGrHZcryptography.x509.baserIÚ namedtuplerJÚobjectrLr©r¬rÙrPrPrPrQÚsp0(