U cc7@sddlZddlZddlZddlZddlZddlmZddlmZmZddl m Z m Z ddl m Z ddlmZddlmZddlmZmZmZmZdd lmZmZmZdd lmZmZdd lmZm Z dd l!m"Z"m#Z#m$Z$dd l%m&Z&ddl'm(Z(ddl)m*Z*m+Z+ddl,m-Z-m.Z.ddl/m0Z0m1Z1ddl2m3Z3m4Z4ddl5mZ6ddl7m8Z8ddl9m:Z:m;Z;ddlm?Z?m@Z@mAZAmBZBmCZCmDZDmEZEmFZFddlGmHZHmIZImJZJmKZKddlLmMZMmNZNmOZOddlPmQZQmRZRddlSmTZTmUZUmVZVmWZWmXZXmYZYmZZZm[Z[m\Z\m]Z]m^Z^m_Z_ddl`maZambZbmcZcmdZdmeZemfZfmgZgmhZhmiZiddljmkZkddllmmZmmnZnddlompZpmqZqmrZrmsZsmtZteud d!d"gZvGd#d$d$ZwGd%d&d&ZxGd'd(d(ZyexeTd)d*d+ZzexZ{dS),N)contextmanager)utilsx509)UnsupportedAlgorithm_Reasons)aead)_CipherContext _CMACContext) _DHParameters _DHPrivateKey _DHPublicKey_dh_params_dup)_DSAParameters_DSAPrivateKey _DSAPublicKey)_EllipticCurvePrivateKey_EllipticCurvePublicKey)_Ed25519PrivateKey_Ed25519PublicKey)_ED448_KEY_SIZE_Ed448PrivateKey_Ed448PublicKey _HashContext _HMACContext)_POLY1305_KEY_SIZE_Poly1305Context)_RSAPrivateKey _RSAPublicKey)_X25519PrivateKey_X25519PublicKey)_X448PrivateKey_X448PublicKey)r)binding)hashes serialization)AsymmetricPadding)dhdsaeced25519ed448rsax25519x448)MGF1OAEPPKCS1v15PSS)#CERTIFICATE_ISSUER_PUBLIC_KEY_TYPESPRIVATE_KEY_TYPESPUBLIC_KEY_TYPES)BlockCipherAlgorithmCipherAlgorithm) AESAES128AES256ARC4CamelliaChaCha20SM4 TripleDES_BlowfishInternal_CAST5Internal _IDEAInternal _SEEDInternal) CBCCFBCFB8CTRECBGCMModeOFBXTS)scrypt)pkcs7ssh)PBESPKCS12CertificatePKCS12KeyAndCertificates_ALLOWED_PKCS12_TYPES_PKCS12_CAS_TYPES _MemoryBIObioZchar_ptrc@s eZdZdS)_RC2N)__name__ __module__ __qualname__r]r]P/tmp/pip-unpacked-wheel-4layejjw/cryptography/hazmat/backends/openssl/backend.pyrYsrYc @sf eZdZdZdZddddddhZefZej ej ej ej ej ejejejejejejejf ZejejejejfZd Zd Zd d >Zd Zd e>Z d d Z!e"dddZ#dDe$e%j&e%j'e(j)ddddZ*e$dddZ+ddddZ,ddddZ-e.j/ddZ0ddddZ1e"ddd Z2e"dd!d"Z3e4dd#d$Z5e6ej7e8d%d&d'Z9ej7d(d)d*Z:ej7d(d+d,Z;ej7e$d-d.d/Zej7e$d-d4d5Z?ej7ej@d-d6d7ZAeBeCe$d8d9d:ZDd;d<ZEddd=d>ZFeBeCeGd8d?d@ZHeBeCeGd8dAdBZIej7e$d-dCdDZJej7e4e6e4e6e6dEdFdGZKe%j'e(j)ddHdIZLe%j'e(jMddJdKZNe4ddLdMZOdEe4dNdOdPZPe4e4eQjRdQdRdSZSe4e4e$dQdTdUZTeQjUeQjRdVdWdXZVeQjWeQjXdVdYdZZYd[d\ZZd]d^Z[e6d_d`daZ\dbdcZ]e6ddddeZ^e_ddfdgZ`eaddhdiZbej7e$d-djdkZcede$dldmdnZee4efjgdodpdqZhefjgefjidrdsdtZje4efjidodudvZkdwdxZlefjmefjidVdydzZnefjoefjpdVd{d|ZqefjrefjgdVd}d~ZsddZte$dddZuej7e$d-ddZve$dddZwexeyd-ddZze6e%j&e6e_dddZ{e6eadddZ|e6e}j~dddZe6e%j&e6e_dddZddZe6eadddZe6e}j~dddZeje%jdddZe%jejdddZeje%jdddZe%jejdddZeje%jdddZe%jejdddZejee$dddZeje$dddZddZddZe%jdddZeje$dddZejeje$dddZejejdddZejejdVddZejejdVddZeje6ejdœddĄZe4ejejdŜddDŽZejdȜddʄZe4d˜dd̈́Zejeje$dΜddЄZdd҄Zeje4dddԄZe/ddքZdd؄Ze4e4dٜddۄZejejeje6dܜddބZddZddZejeje6dddZe$dddZe4e4e}j~dddZddZe}j~e}jdrddZe4e4e}jdddZe}je}jdVddZe}je}jdVddZe}je}j~dVddZdFe4e4e%j&e4e$dddZe$dddZe6ejdddZe6ejdddZȐddZejdddZe$dddZe6ejdddZe6ejddd Zejdd d Ze$dd d Ze$dddZe6ejdddZe6ejdddZejdddZe$dddZe6ejdddZe6ejdddZejdddZe6e6e4e4e4e4e6ddd Ze$dd!d"Ze.j/e4e%jed#d$d%Ze4dd#d&d'Ze.j/d(d)Ze6e%j&e6e%je%j&e_e%j&eje%j'ejfdd*d+Ze6e%j&e6edd,d-Ze%j&e6e%j&ee%j&eje%j&e%j'eeje6d.d/d0Ze$dd1d2Ze6ed3d4d5Ze$dd6d7Ze6e%j'ejdd8d9Ze6e%j'ejdd:d;Zd<d=Ze%j'ejejd>d?d@Zejeje%j'eje6dAdBdCZdS(GBackendz) OpenSSL API binding interfaces. Zopenssls aes-128-ccms aes-192-ccms aes-256-ccms aes-128-gcms aes-192-gcms aes-256-gcmicCst|_|jj|_|jj|_d|_||_ i|_ | |j rX|jj rXt dtn||jjg|_|jjr|j|jjdS)NFz)formatopenssl_version_textrirtr]r]r^__repr__szBackend.__repr__N)okerrorsrwcCstj|j||dS)N)r|)r%Z_openssl_assertrf)rur{r|r]r]r^openssl_assertszBackend.openssl_assertcCsH|jjr|j|jj}nt|jddd}|dkr@|jt|S)NZ FIPS_modecSsdSNrr]r]r]r]r^z*Backend._is_fips_enabled..r)rfZCryptography_HAS_300_FIPSZ&EVP_default_properties_is_fips_enabledrdNULLgetattrZERR_clear_errorbool)rumoder]r]r^rhs zBackend._is_fips_enabledcCs$|j|st||_dSN)rb _enable_fipsrhAssertionErrorrirtr]r]r^rs  zBackend._enable_fipscCsf|jjrb|j}||jjkrb|j||j|jj}||dk|j|}||dkdSNra) rfrlZENGINE_get_default_RANDrdrZENGINE_unregister_RANDRAND_set_rand_methodr} ENGINE_finishrueresr]r]r^activate_builtin_randoms    zBackend.activate_builtin_randomc cs|j|jj}|||jjk|j|}||dkz |VW5|j|}||dk|j|}||dkXdSr) rfZ ENGINE_by_idZCryptography_osrandom_engine_idr}rdrZ ENGINE_initZ ENGINE_freerrr]r]r^_get_osurandom_engines    zBackend._get_osurandom_enginec Cs`|jjr\|| }|j|}||dkW5QRX|j|jj}||dkdSr) rfrlrrZENGINE_set_default_RANDr}rrdrrr]r]r^rps  z Backend.activate_osrandom_enginec Cs`|jdd}|2}|j|dt|||jjd}||dkW5QRX|j| dS)Nchar[]@sget_implementationrascii) rdnewrrfZENGINE_ctrl_cmdlenrr}stringdecode)rubufrrr]r]r^osrandom_engine_implementations z&Backend.osrandom_engine_implementationcCs|j|j|jjdS)z Friendly string name of the loaded OpenSSL library. This is not necessarily the same version as it was compiled against. Example: OpenSSL 1.1.1d 10 Sep 2019 r)rdrrfZOpenSSL_versionOPENSSL_VERSIONrrtr]r]r^ry#s zBackend.openssl_version_textcCs |jSr)rfZOpenSSL_version_numrtr]r]r^openssl_version_number.szBackend.openssl_version_number)key algorithmrwcCs t|||Srr)rurrr]r]r^create_hmac_ctx1szBackend.create_hmac_ctx)rcCsL|jdks|jdkr0d|j|jdd}n |jd}|j|}|S)Nblake2bblake2sz{}{}r)namerx digest_sizeencoderfZEVP_get_digestbyname)rurZalgevp_mdr]r]r^_evp_md_from_algorithm6s  zBackend._evp_md_from_algorithmcCs ||}|||jjk|Sr)rr}rdrrurrr]r]r^_evp_md_non_null_from_algorithmAs z'Backend._evp_md_non_null_from_algorithm)rrwcCs,|jrt||jsdS||}||jjkSNF)ri isinstance _fips_hashesrrdrrr]r]r^hash_supportedFs zBackend.hash_supportedcCs |jrt|tjrdS||Srrirr&SHA1rrurr]r]r^signature_hash_supportedMsz Backend.signature_hash_supportedcCs|jr dS|jjdkSdSNFra)rirfZCryptography_HAS_SCRYPTrtr]r]r^scrypt_supportedVszBackend.scrypt_supportedcCs |jrt|tjrdS||S)NTrrr]r]r^hmac_supported\szBackend.hmac_supportedcCs t||Srrrr]r]r^create_hash_ctxcszBackend.create_hash_ctx)cipherrrwcCs`|jrt||jsdSz|jt|t|f}Wntk rFYdSX||||}|jj|kSr)rir _fips_ciphersrjtypeKeyErrorrdr)rurradapter evp_cipherr]r]r^cipher_supportedhs  zBackend.cipher_supportedcCs0||f|jkrtd||||j||f<dS)Nz"Duplicate registration for: {} {}.)rj ValueErrorrx)ru cipher_clsmode_clsrr]r]r^register_cipher_adaptervszBackend.register_cipher_adaptercCstttfD].}ttttttt fD]}| ||t dq q tttttfD]}| t |t dqHttttfD]}| t |t dql| t tt dttttfD]}| t|t dqttttfD]}| t|t dqtttgttttgD]\}}| ||t dq| ttdt d| ttdt d| ttdt d | ttttttttfD]}| t|t d qpdS) Nz+{cipher.name}-{cipher.key_size}-{mode.name}zdes-ede3-{mode.name}zdes-ede3zbf-{mode.name}zseed-{mode.name}z{cipher.name}-{mode.name}Zrc4Zrc2Zchacha20zsm4-{mode.name})r:r;r<rFrIrJrMrGrHrKrGetCipherByNamer>rArBrE itertoolsproductrCrDr=rrYr?rN_get_xts_cipherr@)rurrr]r]r^rksz z!Backend._register_default_cipherscCst|||tjSr)rZ_ENCRYPTrurrr]r]r^create_symmetric_encryption_ctxsz'Backend.create_symmetric_encryption_ctxcCst|||tjSr)rZ_DECRYPTrr]r]r^create_symmetric_decryption_ctxsz'Backend.create_symmetric_decryption_ctxcCs ||Sr)rrr]r]r^pbkdf2_hmac_supportedszBackend.pbkdf2_hmac_supported)rlengthsalt iterations key_materialrwc Csh|jd|}||}|j|}|j|t||t|||||} || dk|j|ddS)Nunsigned char[]ra) rdrr from_bufferrfZPKCS5_PBKDF2_HMACrr}buffer) rurrrrrrrkey_material_ptrrr]r]r^derive_pbkdf2_hmacs   zBackend.derive_pbkdf2_hmaccCs t|jSr)r%_consume_errorsrfrtr]r]r^rszBackend._consume_errorscCs t|jSr)r%_consume_errors_with_textrfrtr]r]r^rsz!Backend._consume_errors_with_textcCsz||jjkst||j| |j|}|jd|}|j||}||dkt |j |d|d}|S)Nrrbig) rdrrr}rfZBN_is_negativeZ BN_num_bytesrZ BN_bn2binint from_bytesr)rubnZ bn_num_bytesZbin_ptrZbin_lenvalr]r]r^ _bn_to_ints zBackend._bn_to_int)numcCsn|dks||jjkst|dkr(|jj}|t|ddd}|j|t||}| ||jjk|S)a  Converts a python integer to a BIGNUM. The returned BIGNUM will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. Ng @rar) rdrrto_bytesr bit_lengthrfZ BN_bin2bnrr})rurrbinaryZbn_ptrr]r]r^ _int_to_bnszBackend._int_to_bn)public_exponentkey_sizerwcCst|||j}|||jjk|j||jj}| |}|j||jj }|j ||||jj}||dk| |}t ||||jSr)r.Z_verify_rsa_parametersrfRSA_newr}rdrgcRSA_freerBN_freeZRSA_generate_key_ex_rsa_cdata_to_evp_pkeyrrg)rurr rsa_cdatarrevp_pkeyr]r]r^generate_rsa_private_keys(    z Backend.generate_rsa_private_keycCs|dko|d@dko|dkS)Nrarir])rurrr]r]r^!generate_rsa_parameters_supporteds  z)Backend.generate_rsa_parameters_supported)numbersrwc Cs6t|j|j|j|j|j|j|jj |jj |j }| ||jjk|j||j j}||j}||j}||j}||j}||j}||j}||jj } ||jj } |j |||} | | dk|j || | |} | | dk|j ||||} | | dk||} t||| |jSr)r.Z_check_private_key_componentspqddmp1dmq1iqmppublic_numbersrnrfrr}rdrrrrZRSA_set0_factors RSA_set0_keyZRSA_set0_crt_paramsrrrg) rurrrrrrrrrrrrr]r]r^load_rsa_private_numberssD        z Backend.load_rsa_private_numberscCst|j|j|j}|||jjk|j ||jj }| |j}| |j}|j ||||jj}||dk| |}t|||Sr)r.Z_check_public_key_componentsrrrfrr}rdrrrrrrr )rurrrrrrr]r]r^load_rsa_public_numbers@s    zBackend.load_rsa_public_numberscCs2|j}|||jjk|j||jj}|Sr)rfZ EVP_PKEY_newr}rdrr EVP_PKEY_freerurr]r]r^_create_evp_pkey_gcOs zBackend._create_evp_pkey_gccCs(|}|j||}||dk|Sr)rrfZEVP_PKEY_set1_RSAr})rurrrr]r]r^rUszBackend._rsa_cdata_to_evp_pkey)datacCsH|j|}|j|t|}|||jjkt|j||jj |S)z Return a _MemoryBIO namedtuple of (BIO, char*). The char* is the storage for the BIO and it must stay alive until the BIO is finished with. ) rdrrfZBIO_new_mem_bufrr}rrWrBIO_free)rurdata_ptrrXr]r]r^ _bytes_to_bio[s zBackend._bytes_to_biocCsP|j}|||jjk|j|}|||jjk|j||jj}|S)z. Creates an empty memory BIO. )rfZ BIO_s_memr}rdrZBIO_newrr)ruZ bio_methodrXr]r]r^_create_mem_bio_gchs   zBackend._create_mem_bio_gccCs\|jd}|j||}||dk||d|jjk|j|d|dd}|S)zE Reads a memory BIO. This only works on memory BIOs. zchar **rN)rdrrfZBIO_get_mem_datar}rr)rurXrZbuf_lenbio_datar]r]r^ _read_mem_bioss  zBackend._read_mem_bioc CsD|j|}||jjkrX|j|}|||jjk|j||jj}t ||||j S||jj kr|jj s|jj s|jjs|j|}|||jjk|j||jj}|}|j||}||dk|j||ddS||jjkr.|j|}|||jjk|j||jj}t|||S||jjkrx|j|}|||jjk|j||jj}t|||S||jkr|j|}|||jjk|j||jj}t|||S|t|jddkrt ||S|t|jddkrt!||S|t|jddkrt"||S|t|jddkr8t#||St$ddS) zd Return the appropriate type of PrivateKey given an evp_pkey cdata pointer. raN)passwordEVP_PKEY_ED25519 EVP_PKEY_X448EVP_PKEY_X25519EVP_PKEY_ED448Unsupported key type.)%rf EVP_PKEY_id EVP_PKEY_RSAEVP_PKEY_get1_RSAr}rdrrrrrgEVP_PKEY_RSA_PSSCRYPTOGRAPHY_IS_LIBRESSLCRYPTOGRAPHY_IS_BORINGSSL#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111Eri2d_RSAPrivateKey_bioload_der_private_keyr EVP_PKEY_DSAEVP_PKEY_get1_DSADSA_freer EVP_PKEY_ECEVP_PKEY_get1_EC_KEY EC_KEY_freerrqEVP_PKEY_get1_DHDH_freer rrr#r!rr) rurkey_typerrXr dsa_cdataec_cdatadh_cdatar]r]r^_evp_pkey_to_private_key~sj                z Backend._evp_pkey_to_private_keyc CsJ|j|}||jjkrT|j|}|||jjk|j||jj}t |||S||jj kr|jj s|jj s|jj s|j|}|||jjk|j||jj}|}|j||}||dk|||S||jjkr&|j|}|||jjk|j||jj}t|||S||jjkr~|j|}||jjkr`|}td||j||jj}t|||S||jkr|j|} || |jjk|j| |jj} t|| |S|t |jddkrt!||S|t |jddkrt"||S|t |jddkr t#||S|t |jddkr>t$||St%ddS) zc Return the appropriate type of PublicKey given an evp_pkey cdata pointer. razUnable to load EC keyrNrrrr)&rfrrrr}rdrrrr rr r r ri2d_RSAPublicKey_bioload_der_public_keyrrrrrrrrrrrrqrrr rrr$r"rr) rurrrrXrrrr|rr]r]r^_evp_pkey_to_public_keys^                  zBackend._evp_pkey_to_public_keycCst|tjtjtjtjtjfSr)rr&rSHA224SHA256SHA384SHA512rr]r]r^_oaep_hash_supportedszBackend._oaep_hash_supported)paddingrwcCst|trdSt|trNt|jtrN|jr>t|jjtjr>dS| |jjSn4t|t r~t|jtr~| |jjo|| |jSdSdS)NTF) rr3r4Z_mgfr1ri _algorithmr&rrr2r")rur#r]r]r^rsa_padding_supporteds   zBackend.rsa_padding_supported)rrwc Cs~|dkrtd|j}|||jjk|j||jj}|j|||jjd|jj|jj|jj}||dkt ||S)N)ir`i iz0Key size must be 1024, 2048, 3072, or 4096 bits.rra) rrfDSA_newr}rdrrrZDSA_generate_parameters_exr)rurctxrr]r]r^generate_dsa_parameterss$  zBackend.generate_dsa_parameters) parametersrwcCsT|j|j}|||jjk|j||jj}|j|| |}t |||Sr) rfZ DSAparams_dupZ _dsa_cdatar}rdrrrZDSA_generate_key_dsa_cdata_to_evp_pkeyr)rur)r'rr]r]r^generate_dsa_private_key/s  z Backend.generate_dsa_private_keycCs||}||Sr)r(r+)rurr)r]r]r^'generate_dsa_private_key_and_parameters<s z/Backend.generate_dsa_private_key_and_parameterscCsB|j||||}||dk|j|||}||dkdSr)rf DSA_set0_pqgr}Z DSA_set0_key)rurrrgpub_keypriv_keyrr]r]r^_dsa_cdata_set_valuesBszBackend._dsa_cdata_set_valuesc Cst||jj}|j}|||jjk|j ||jj }| |j }| |j }| |j}| |jj}| |j}|||||||||} t||| Sr)r*Z_check_dsa_private_numbersrparameter_numbersrfr&r}rdrrrrrrr.yxr1r*r) rurr2rrrr.r/r0rr]r]r^load_dsa_private_numbersHs       z Backend.load_dsa_private_numbersc Cst|j|j}|||jjk|j||jj }| |jj }| |jj }| |jj }| |j}|jj}|||||||||}t|||Sr)r*_check_dsa_parametersr2rfr&r}rdrrrrrrr.r3r1r*r) rurrrrr.r/r0rr]r]r^load_dsa_public_numbers]s    zBackend.load_dsa_public_numberscCst||j}|||jjk|j||jj}| |j }| |j }| |j }|j ||||}||dkt||Sr)r*r6rfr&r}rdrrrrrrr.r-r)rurrrrr.rr]r]r^load_dsa_parameter_numbersps     z"Backend.load_dsa_parameter_numberscCs(|}|j||}||dk|Sr)rrfZEVP_PKEY_set1_DSAr})rurrrr]r]r^r*szBackend._dsa_cdata_to_evp_pkeycCs|j Sr)rirtr]r]r^ dsa_supportedszBackend.dsa_supportedcCs|s dS||Sr)r9rrr]r]r^dsa_hash_supportedszBackend.dsa_hash_supportedcCs||td|jS)N)rrF block_sizerr]r]r^cmac_algorithm_supporteds z Backend.cmac_algorithm_supportedcCs t||Srr rr]r]r^create_cmac_ctxszBackend.create_cmac_ctx)rrrwcCs||jj|j||Sr) _load_keyrfZPEM_read_bio_PrivateKeyr)rurrr]r]r^load_pem_private_keys zBackend.load_pem_private_key)rrwcCs||}|jd}|j|j|jj|j|jjd|}||jjkrd|j ||jj }| |S| |j |j}||dk|j|j|jj|j|jjd|}||jjkr|j ||jj}||}t|||S|dS)NCRYPTOGRAPHY_PASSWORD_DATA *Cryptography_pem_password_cbra)rrdrrfZPEM_read_bio_PUBKEYrXr addressof _original_librrrr BIO_resetr}ZPEM_read_bio_RSAPublicKeyrrr _handle_key_loading_error)rurmem_biouserdatarrrr]r]r^load_pem_public_keys>       zBackend.load_pem_public_keycCs^||}|j|j|jj|jj|jj}||jjkrR|j||jj}t||S| dSr) rrfZPEM_read_bio_DHparamsrXrdrrrr rF)rurrGrr]r]r^load_pem_parameterss   zBackend.load_pem_parameterscCs>||}|||}|r$||S||jj|j||SdSr)r"_evp_pkey_from_der_traditional_keyrr?rfZd2i_PKCS8PrivateKey_bio)rurrrrr]r]r^r s   zBackend.load_der_private_keycCs^|j|j|jj}||jjkrN||j||jj}|dk rJtd|S|dSdS)N4Password was given but private key is not encrypted.) rfd2i_PrivateKey_biorXrdrrrr TypeError)rurrrr]r]r^rKs z*Backend._evp_pkey_from_der_traditional_keycCs||}|j|j|jj}||jjkrF|j||jj}||S| |j |j}| |dk|j |j|jj}||jjkr|j||jj }||}t|||S|dSr)rrfZd2i_PUBKEY_biorXrdrrrrrrEr}Zd2i_RSAPublicKey_biorrr rF)rurrGrrrr]r]r^rs"      zBackend.load_der_public_keycCs||}|j|j|jj}||jjkrF|j||jj}t||S|jj r| |j |j}| |dk|j |j|jj}||jjkr|j||jj}t||S|dSr)rrfZd2i_DHparams_biorXrdrrrr rrrrEr}ZCryptography_d2i_DHxparams_biorF)rurrGrrr]r]r^load_der_parameterss"     zBackend.load_der_parameters)certrwcCsT|tjj}||}|j|j|jj }| ||jj k|j ||jj }|Sr) public_bytesr'EncodingDERrrfZ d2i_X509_biorXrdrr}r X509_free)rurPrrGrr]r]r^ _cert2ossl)s  zBackend._cert2ossl)rrwcCs4|}|j||}||dkt||Sr)rrfZ i2d_X509_bior} rust_x509Zload_der_x509_certificater)rurrXrr]r]r^ _ossl2cert1szBackend._ossl2cert)csrrwcCsT|tjj}||}|j|j|jj }| ||jj k|j ||jj }|Sr) rQr'rRrSrrfZd2i_X509_REQ_biorXrdrr}rZ X509_REQ_free)rurXrrGx509_reqr]r]r^ _csr2ossl7s  zBackend._csr2ossl)rYrwcCs4|}|j||}||dkt||Sr)rrfZi2d_X509_REQ_bior}rVZload_der_x509_csrr)rurYrXrr]r]r^ _ossl2csr?szBackend._ossl2csr)crlrwcCsT|tjj}||}|j|j|jj }| ||jj k|j ||jj }|Sr) rQr'rRrSrrfZd2i_X509_CRL_biorXrdrr}rZ X509_CRL_free)rur\rrGx509_crlr]r]r^ _crl2osslGs  zBackend._crl2ossl)r]rwcCs4|}|j||}||dkt||Sr)rrfZi2d_X509_CRL_bior}rVZload_der_x509_crlr)rur]rXrr]r]r^ _ossl2crlOszBackend._ossl2crl)r\ public_keyrwcCsJt|tttfstd||}|j||j}|dkrF| dSdS)NzGExpecting one of DSAPublicKey, RSAPublicKey, or EllipticCurvePublicKey.raFT) rrr rrNr^rfZX509_CRL_verify _evp_pkeyr)rur\r`r]rr]r]r^_crl_is_signature_validWs  zBackend._crl_is_signature_validcCs`||}|j|}|||jjk|j||jj}|j||}|dkr\| dSdS)NraFT) rZrfZX509_REQ_get_pubkeyr}rdrrrZX509_REQ_verifyr)rurXrYZpkeyrr]r]r^_csr_is_signature_validqs  zBackend._csr_is_signature_validcCs"|j|j|jdkrtddS)NrazKeys do not correspond)rfZ EVP_PKEY_cmprar)rukey1key2r]r]r^_check_keys_correspondszBackend._check_keys_correspondc Cs&||}|jd}|dk rFtd||j|}||_t||_||j |jj |j |j j d|}||jj kr|jdkr||jdkrtdq|jdksttd|jd n|||j||j j}|dk r|jdkrtd |dk r|jd ks|dkst||S) NrArrBrz3Password was not given but private key is encryptedzAPasswords longer than {} bytes are not supported by this backend.rarL)rrdrr_check_byteslikerrrrrXrrCrfrDerrorrrNrrrxmaxsizerFrrcalled) ruZopenssl_read_funcZ convert_funcrrrGrHZ password_ptrrr]r]r^r?sV        zBackend._load_keycs}|stdn|djjjjsf|djjjjsfjjrp|djj jj rptdn4t fdd|Drtdnt |}td|dS)Nz|Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.rz Bad decrypt. Incorrect password?c3s"|]}|jjjjVqdSr)_lib_reason_matchrf ERR_LIB_EVPZ'EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM).0rjrtr]r^ s z4Backend._handle_key_loading_error..z!Unsupported public key algorithm.zCould not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).)rrrmrfrnZEVP_R_BAD_DECRYPTZERR_LIB_PKCS12Z!PKCS12_R_PKCS12_CIPHERFINAL_ERRORZCryptography_HAS_PROVIDERSZ ERR_LIB_PROVZPROV_R_BAD_DECRYPTanyr%Z_errors_with_text)rur|Zerrors_with_textr]rtr^rFs@      z!Backend._handle_key_loading_error)curverwcCsvz||}Wntk r*|jj}YnX|j|}||jjkrP|dS|||jjk|j |dSdS)NFT) _elliptic_curve_to_nidrrf NID_undefZEC_GROUP_new_by_curve_namerdrrr}Z EC_GROUP_free)rurr curve_nidgroupr]r]r^elliptic_curve_supporteds   z Backend.elliptic_curve_supported)signature_algorithmrrrwcCst|tjsdS||Sr)rr+ZECDSArw)rurxrrr]r]r^,elliptic_curve_signature_algorithm_supporteds z4Backend.elliptic_curve_signature_algorithm_supportedcCs\||rD||}|j|}||dk||}t|||Std|j t j dS)z@ Generate a new private key on the named curve. raz#Backend object does not support {}.N) rw_ec_key_new_by_curverfZEC_KEY_generate_keyr}_ec_cdata_to_evp_pkeyrrrxrrUNSUPPORTED_ELLIPTIC_CURVE)rurrrrrr]r]r^#generate_elliptic_curve_private_keys      z+Backend.generate_elliptic_curve_private_keycCsz|j}||j}|j||j|jj}|j ||}|dkrR| t d| ||j |j||}t|||S)NraInvalid EC key.)rrzrrrdrr private_valuerf BN_clear_freeEC_KEY_set_private_keyrr)_ec_key_set_public_key_affine_coordinatesr4r3r{r)rurpublicrrrrr]r]r^#load_elliptic_curve_private_numberss"   z+Backend.load_elliptic_curve_private_numberscCs4||j}|||j|j||}t|||Sr)rzrrrr4r3r{r)rurrrr]r]r^"load_elliptic_curve_public_numbers0s  z*Backend.load_elliptic_curve_public_numbers)rr point_bytesrwc Cs||}|j|}|||jjk|j|}|||jjk|j||jj}| 6}|j |||t ||}|dkr| t dW5QRX|j||}||dk||}t|||S)Nraz(Invalid public bytes for the given curve)rzrfEC_KEY_get0_groupr}rdr EC_POINT_newr EC_POINT_free _tmp_bn_ctxZEC_POINT_oct2pointrrrEC_KEY_set_public_keyr{r) rurrrrrvpointbn_ctxrrr]r]r^ load_elliptic_curve_public_bytes;s*     z(Backend.load_elliptic_curve_public_bytes)rrrrwc CsN||}||\}}|j|}|||jjk|j||jj}| |}|j||jj }| r}|j ||||jj|jj|} || dk|j |} |j |} |||| | |} | dkr|tdW5QRX|j||} || dk| |} |j| |jj } |j|| } || dk||} t||| S)Nraz'Unable to derive key from private_value)rz _ec_key_determine_group_get_funcrfrr}rdrrrrrrZ EC_POINT_mulZ BN_CTX_getrrrrr{r)rurrrrget_funcrvrvaluerrZbn_xZbn_yprivaterr]r]r^!derive_elliptic_curve_private_keyQs>        z)Backend.derive_elliptic_curve_private_key)rrcCs||}||Sr)rs_ec_key_new_by_curve_nid)rurrrur]r]r^rzxs zBackend._ec_key_new_by_curve)rucCs0|j|}|||jjk|j||jjSr)rfZEC_KEY_new_by_curve_namer}rdrrr)rururr]r]r^r|s z Backend._ec_key_new_by_curve_nid)rrrrwcCs,|jrt||jsdS||o*t|tjSr)rir_fips_ecdh_curvesrwr+ECDH)rurrrr]r]r^+elliptic_curve_exchange_algorithm_supporteds z3Backend.elliptic_curve_exchange_algorithm_supportedcCs(|}|j||}||dk|Sr)rrfZEVP_PKEY_set1_EC_KEYr})rurrrr]r]r^r{szBackend._ec_cdata_to_evp_pkeycCsNddd}||j|j}|j|}||jjkrJtd|jtj |S)z/ Get the NID for a curve name. Z prime192v1Z prime256v1)Z secp192r1Z secp256r1z${} is not a supported elliptic curve) getrrf OBJ_sn2nidrrtrrxrr|)rurrZ curve_aliasesZ curve_namerur]r]r^rss   zBackend._elliptic_curve_to_nidc csX|j}|||jjk|j||jj}|j|z |VW5|j|XdSr) rfZ BN_CTX_newr}rdrrZ BN_CTX_freeZ BN_CTX_startZ BN_CTX_end)rurr]r]r^rs   zBackend._tmp_bn_ctxcCs|||jjk|jd}|||jjk|j|}|||jjk|j|}|||jjk|j|}|||jjk||kr|jj r|jj }n|jj }|st ||fS)zu Given an EC_KEY determine the group and what function is required to get point coordinates. scharacteristic-two-field) r}rdrrfrrtrZEC_GROUP_method_ofZEC_METHOD_get_field_typeZCryptography_HAS_EC2MZ$EC_POINT_get_affine_coordinates_GF2mZ#EC_POINT_get_affine_coordinates_GFpr)rur'Z nid_two_fieldrvmethodnidrr]r]r^rs     z(Backend._ec_key_determine_group_get_func)r4r3cCst|dks|dkrtd|j|||jj}|j|||jj}|j|||}|dkrp|tddS)zg Sets the public key point in the EC_KEY context to the affine x and y values. rz2Invalid EC key. Both x and y must be non-negative.rar~N)rrdrrrfrZ(EC_KEY_set_public_key_affine_coordinatesr)rur'r4r3rr]r]r^rsz1Backend._ec_key_set_public_key_affine_coordinates)encodingrxencryption_algorithmrwc Cs`t|tjstdt|tjs(tdt|tjs|jj}|j}|||jjk|j||jj}| |j }| |j }|j dk rf| |j }n|jj}| |jj }| |j}|j||||} || dk|j|||} || dk|jdd} |j|| } || dk| ddkr(|j dkr | d|jjAdks(td||} t||| S)Nraint[]rrz.DH private numbers did not pass safety checks.)rr2rfrr}rdrrrrrr.rr3r4 DH_set0_pqg DH_set0_keyrCryptography_DH_checkZDH_NOT_SUITABLE_GENERATORrrr ) rurr2rrr.rr/r0rcodesrr]r]r^load_dh_private_numberss4       zBackend.load_dh_private_numbersc Cs|j}|||jjk|j||jj}|j}||j }||j }|j dk rd||j }n|jj}||j }|j ||||}||dk|j|||jj}||dk||} t||| Sr)rfrr}rdrrrr2rrr.rr3rrrr ) rurrr2rr.rr/rrr]r]r^load_dh_public_numbers s       zBackend.load_dh_public_numberscCs|j}|||jjk|j||jj}||j}||j }|j dk r^||j }n|jj}|j ||||}||dkt ||Sr) rfrr}rdrrrrrr.rrr )rurrrr.rrr]r]r^load_dh_parameter_numbers(s    z!Backend.load_dh_parameter_numbers)rr.rrwcCs|j}|||jjk|j||jj}||}||}|dk rV||}n|jj}|j||||}||dk|j dd}|j ||}||dk|ddkS)Nrarr) rfrr}rdrrrrrrr)rurr.rrrrr]r]r^dh_parameters_supported<s    zBackend.dh_parameters_supportedcCs |jjdkSr)rfrrrtr]r]r^dh_x942_serialization_supportedTsz'Backend.dh_x942_serialization_supportedcCsht|dkrtd|}|j||jj}||dk|j||t|}||dkt||S)N z%An X25519 public key is 32 bytes longra) rrrrfZEVP_PKEY_set_type NID_X25519r}ZEVP_PKEY_set1_tls_encodedpointr")rurrrr]r]r^x25519_load_public_bytesWs z Backend.x25519_load_public_bytesc Cst|dkrtdd}|d<}||dd<||dd<||}|j|j|jj}W5QRX| ||jjk|j ||jj }| |j ||jj kt||S)Nrz&An X25519 private key is 32 bytes longs0.0+en" 0r)rr_zeroed_bytearrayrrfrMrXrdrr}rrrrr!)rurZ pkcs8_prefixbarXrr]r]r^x25519_load_private_bytesfs     z!Backend.x25519_load_private_bytescCs|j||jj}|||jjk|j||jj}|j|}||dk|jd}|j ||}||dk||d|jjk|j|d|jj }|S)Nra EVP_PKEY **r) rfZEVP_PKEY_CTX_new_idrdrr}rZEVP_PKEY_CTX_freeZEVP_PKEY_keygen_initrZEVP_PKEY_keygenr)rurZ evp_pkey_ctxrZ evp_ppkeyrr]r]r^_evp_pkey_keygen_gcs  zBackend._evp_pkey_keygen_gccCs||jj}t||Sr)rrfrr!rr]r]r^x25519_generate_keyszBackend.x25519_generate_keycCs|jr dS|jj Sr)rirfr rtr]r]r^x25519_supportedszBackend.x25519_supportedcCs`t|dkrtd|j|jj|jj|t|}|||jjk|j||jj }t ||S)N8z#An X448 public key is 56 bytes long) rrrfEVP_PKEY_new_raw_public_keyNID_X448rdrr}rrr$rurrr]r]r^x448_load_public_bytess zBackend.x448_load_public_bytescCslt|dkrtd|j|}|j|jj|jj|t|}|||jjk|j ||jj }t ||S)Nrz$An X448 private key is 56 bytes long) rrrdrrfEVP_PKEY_new_raw_private_keyrrr}rrr#rurrrr]r]r^x448_load_private_bytess  zBackend.x448_load_private_bytescCs||jj}t||Sr)rrfrr#rr]r]r^x448_generate_keyszBackend.x448_generate_keycCs|jr dS|jj o|jj Sr)rirfZ"CRYPTOGRAPHY_OPENSSL_LESS_THAN_111r rtr]r]r^x448_supporteds  zBackend.x448_supportedcCs|jr dS|jj Sr)rirf#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111Brtr]r]r^ed25519_supportedszBackend.ed25519_supportedcCsntd|t|tjkr"td|j|jj|j j |t|}| ||j j k|j ||jj }t||S)Nrz&An Ed25519 public key is 32 bytes long)r _check_bytesrr,_ED25519_KEY_SIZErrfr NID_ED25519rdrr}rrrrr]r]r^ed25519_load_public_bytess z!Backend.ed25519_load_public_bytescCszt|tjkrtdtd||j|}|j |jj |jj |t|}| ||jj k|j ||jj}t||S)Nz'An Ed25519 private key is 32 bytes longr)rr,rrrrirdrrfrrrr}rrrrr]r]r^ed25519_load_private_bytess  z"Backend.ed25519_load_private_bytescCs||jj}t||Sr)rrfrrrr]r]r^ed25519_generate_keyszBackend.ed25519_generate_keycCs|jr dS|jj o|jj Sr)rirfrr rtr]r]r^ed448_supporteds  zBackend.ed448_supportedcCsltd|t|tkr td|j|jj|jj |t|}| ||jj k|j ||jj }t ||S)Nrz$An Ed448 public key is 57 bytes long)rrrrrrfr NID_ED448rdrr}rrrrr]r]r^ed448_load_public_bytess  zBackend.ed448_load_public_bytescCsxtd|t|tkr td|j|}|j|jj |jj |t|}| ||jj k|j ||jj }t||S)Nrz%An Ed448 private key is 57 bytes long)rrirrrrdrrfrrrr}rrrrr]r]r^ed448_load_private_bytess   z Backend.ed448_load_private_bytescCs||jj}t||Sr)rrfrrrr]r]r^ed448_generate_keyszBackend.ed448_generate_key)rrrrrrrwc Cs|jd|}|j|}|j|t||t||||tj|| } | dkrr|} d||d} t d | | |j |ddS)NrraizJNot enough memory to derive key. These parameters require {} MB of memory.) rdrrrfZEVP_PBE_scryptrrOZ _MEM_LIMITr MemoryErrorrxr) rurrrrrrrrrr|Z min_memoryr]r]r^ derive_scrypts0   zBackend.derive_scryptcCsLt|}|jr||jkrdS|dr4|jjdkS|j||jj kSdS)NFs-sivra) rZ_aead_cipher_nameri _fips_aeadendswithrf#CRYPTOGRAPHY_OPENSSL_300_OR_GREATERrrdr)rur cipher_namer]r]r^aead_cipher_supported6s   zBackend.aead_cipher_supported)rrwc cs&t|}z |VW5|||XdS)z This method creates a bytearray, which we copy data into (hopefully also from a mutable buffer that can be dynamically erased!), and then zero when we're done. N) bytearray _zero_data)rurrr]r]r^rDs zBackend._zeroed_bytearraycCst|D] }d||<qdSr~)range)rurrir]r]r^rQs zBackend._zero_datac csf|dkr|jjVnNt|}|jd|d}|j|||z |VW5||jd||XdS)a This method takes bytes, which can be a bytestring or a mutable buffer like a bytearray, and yields a null-terminated version of that data. This is required because PKCS12_parse doesn't take a length with its password char * and ffi.from_buffer doesn't provide null termination. So, to support zeroing the data via bytearray we need to build this ridiculous construct that copies the memory, but zeroes it after use. Nrraz uint8_t *)rdrrrmemmovercast)rurZdata_lenrr]r]r^_zeroed_null_terminated_bufXs   z#Backend._zeroed_null_terminated_bufcCs2|||}|j|jr|jjnddd|jDfS)NcSsg|] }|jqSr]) certificaterorPr]r]r^ zszABackend.load_key_and_certificates_from_pkcs12..) load_pkcs12rrPrZadditional_certs)rurrZpkcs12r]r]r^%load_key_and_certificates_from_pkcs12os  z-Backend.load_key_and_certificates_from_pkcs12c Csv|dk rtd|||}|j|j|jj}||jjkrN|t d|j ||jj }|j d}|j d}|j d}| |}|j|||||} W5QRX|jjr|| dkr|t dd} d} g} |d|jjkr|j |d|jj} || } |d|jjkr|j |d|jj}||}d}|j||jj}||jjkrv|j|}t||} |d|jjkrj|j |d|jj}|j|d}|jjs|jjrt|}n tt|}|D]}|j||}|||jjk|j ||jj}||}d}|j||jj}||jjkrV|j|}| t||qt | | | S)Nrz!Could not deserialize PKCS12 datarzX509 **zCryptography_STACK_OF_X509 **rzInvalid password or PKCS12 data)!rrirrfZd2i_PKCS12_biorXrdrrrr PKCS12_freerrZ PKCS12_parseZ#CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340rrrTrWZX509_alias_get0rrS sk_X509_free sk_X509_numrr rreversed sk_X509_valuer}rsrT)rurrrXp12Z evp_pkey_ptrZx509_ptrZ sk_x509_ptr password_bufrrPrZadditional_certificatesrrZcert_objrZ maybe_namesk_x509rindicesrZ addl_certZ addl_namer]r]r^r}sx               zBackend.load_pkcs12)rrrPcasrrwcCsXd}|dk rtd|t|tjr@d}d}d} d} |jj} nDt|tjr|jj rf|jj }|jj }n|jj }|jj }d} d} |jj} |j }nt|tj r||jtjjkr|d}d}d} d} |j }|j} | tjkr|jj }|jj }n>| tjkr|jj std|jj }|jj }n| dks"t|jdk r`|jjs@td||j} || |jjkn|jj} |jdk r|j} ntd|dkst|dkr|jj} n|j} |j| |jj } g}|D]}t|t!r"|j"}|#|j$}|%|$}|j&||d}||dkW5QRXn |#|}|'||j(| |}t)|dkq|%|}|%|V}|r~|#|n|jj}|dk r|j*}n|jj}|j+||||| ||| | d }W5QRX|jjr| |jjkr|j,||d|jjd| | W5QRX|||jjk|j||jj-}|.}|j/||}||dk|0|S) Nrrgri Nraz2PBESv2 is not supported by this version of OpenSSLzBSetting MAC algorithm is not supported by this version of OpenSSL.zUnsupported key encryption type)1rrrr'rrdrrrfrZNID_aes_256_cbcZ&NID_pbe_WithSHA1And3_Key_TripleDES_CBCrrrrZPKCS12Z_key_cert_algorithmrRZPBESv1SHA1And3KeyTripleDESCBCZPBESv2SHA256AndAES256CBCrrZ _hmac_hashZCryptography_HAS_PKCS12_SET_MACrr}Z _kdf_roundsrrsk_X509_new_nullrrrSZ friendly_namerUrrZX509_alias_set1rs sk_X509_pushbackendraZ PKCS12_createZPKCS12_set_macrrZi2d_PKCS12_bior)rurrrPrrrZnid_certZnid_keyZ pkcs12_iterZmac_iterZmac_algZ keycertalgrZossl_cascaZca_aliasZossl_caZ ca_name_bufrrZname_buf ossl_certrrrXr]r]r^(serialize_key_and_certificates_to_pkcs12s                        z0Backend.serialize_key_and_certificates_to_pkcs12cCs|jr dS|jjdkSr)rirfZCryptography_HAS_POLY1305rtr]r]r^poly1305_supportedg szBackend.poly1305_supported)rrwcCs*td|t|tkr tdt||S)NrzA poly1305 key is 32 bytes long)rrirrrr)rurr]r]r^create_poly1305_ctxl s  zBackend.create_poly1305_ctxcCs |jj Srrrtr]r]r^pkcs7_supporteds szBackend.pkcs7_supportedcCsntd|||}|j|j|jj|jj|jj}||jjkrR|t d|j ||jj }| |SNrzUnable to parse PKCS7 data) rrrrfZPEM_read_bio_PKCS7rXrdrrrr PKCS7_free_load_pkcs7_certificatesrurrXp7r]r]r^load_pem_pkcs7_certificatesv s   z#Backend.load_pem_pkcs7_certificatescCsbtd|||}|j|j|jj}||jjkrF|t d|j ||jj }| |Sr) rrrrfZ d2i_PKCS7_biorXrdrrrrrrrr]r]r^load_der_pkcs7_certificates s   z#Backend.load_der_pkcs7_certificatesc Cs|j|j}|||jjk||jjkr>td|tj |j j j }|j |}g}t|D]d}|j||}|||jjk|j|}||dk|j||jj}||} || q`|S)NzNOnly basic signed structures are currently supported. NID for this data was {}ra)rfZ OBJ_obj2nidrr}rtZNID_pkcs7_signedrrxrZUNSUPPORTED_SERIALIZATIONrsignrPrrrrdrZ X509_up_refrrTrWrs) rurrrrcertsrrrrPr]r]r^r s*       z Backend._load_pkcs7_certificates)rrc Cs"t|}|rtdd|Ds&td|tjjtjjfkrBtd|j}|j ||jj }g}|D]4}| |}| ||j||}||dkqf|j|j j|j j||j j|jj}|} |tjjkr|j| ||j jd}n|tjjkst|j| |}||dk|| S)Ncss|]}t|tjVqdSr)rr Certificaterr]r]r^rp sz7Backend.pkcs7_serialize_certificates..z.certs must be a list of certs with length >= 1z/encoding must DER or PEM from the Encoding enumrar)listallrNr'rRrrSrfrrdrrrUrsrr} PKCS7_signr PKCS7_PARTIALrPEM_write_bio_PKCS7_streamr i2d_PKCS7_bior) rurrZcerts_sk ossl_certsrPr rrbio_outr]r]r^pkcs7_serialize_certificates sJ     z$Backend.pkcs7_serialize_certificates)builderroptionsrwcCs|jdk st||j}|jj}d}t|jdkr>|jj}n\|j }|j ||jj }g}|jD]4} | | } | | |j|| } || dkqdtjj|kr||jjO}||jjO}|j|jj|jj||jj|} || |jjk|j | |jj} d} tjj|kr"| |jjO} ntjj|kr<| |jjO} tjj|krV| |jjO} |jD]H\}}}| |} ||}|j| | |j|| }|||jjkq\|D]<}|tjj kr||jj!O}n|tjj"kr||jj#O}q|$}|t%j&j'kr|j(|| |j)|} n|t%j&j*krX|j+| |j)|} || dk|j,|| |j)|} nR|t%j&j-ksjt|j+| |j)|} || dk|jj.r|/|j0|| } || dk|1|S)Nrra)2_datarrrfrrZ_additional_certsrdrrrrrUrsrr}rP PKCS7OptionsZDetachedSignatureZPKCS7_DETACHEDrrZNoCapabilitiesZPKCS7_NOSMIMECAPZ NoAttributesZ PKCS7_NOATTRZNoCertsZ PKCS7_NOCERTSZ_signersrZPKCS7_sign_add_signerraTextZ PKCS7_TEXTBinaryZ PKCS7_BINARYrr'rRZSMIMEZSMIME_write_PKCS7rXrZ PKCS7_finalrrSrrrr)rur#rr$rXZ init_flagsZ final_flagsrr rPr rrZ signer_flagsrZ private_keyZhash_algorithmZmdZ p7signerinfooptionr!r]r]r^ pkcs7_sign s              zBackend.pkcs7_sign)N)N)N)rZr[r\__doc__rrr:rr&rrr r!Z SHA512_224Z SHA512_256ZSHA3_224ZSHA3_256ZSHA3_384ZSHA3_512ZSHAKE128ZSHAKE256rr+Z SECP224R1Z SECP256R1Z SECP384R1Z SECP521R1rZ_fips_rsa_min_key_sizeZ_fips_rsa_min_public_exponentZ_fips_dsa_min_modulusZ_fips_dh_min_key_sizeZ_fips_dh_min_modulusrvstrrzrtypingOptionalListr%Z _OpenSSLErrorr}rhrr contextlibrrrprryrrbytesZ HashAlgorithmrrrrrrrrZ HashContextrr9rLrrrkrrrrrrZ_OpenSSLErrorWithTextrrrr.Z RSAPrivateKeyrrZRSAPrivateNumbersrZRSAPublicNumbersZ RSAPublicKeyrrrrrrr6rr7rr"r(r%r*Z DSAParametersr(Z DSAPrivateKeyr+r,r1ZDSAPrivateNumbersr5ZDSAPublicNumbersZ DSAPublicKeyr7ZDSAParameterNumbersr8r*r9r:r=r8r r>r@rIr)Z DHParametersrJr rKrrOrrAnyrUrWZCertificateSigningRequestrZr[ZCertificateRevocationListr^r_r5rbrcrfr?NoReturnrFZ EllipticCurverwZEllipticCurveSignatureAlgorithmryZEllipticCurvePrivateKeyr}ZEllipticCurvePrivateNumbersrZEllipticCurvePublicNumbersZEllipticCurvePublicKeyrrrrzrrrr{rsrrrr'rRrrrrrrrrrrZ DHPrivateKeyrrZDHPrivateNumbersrZDHPublicNumbersZ DHPublicKeyrZDHParameterNumbersrrrr/ZX25519PublicKeyrZX25519PrivateKeyrrrrr0Z X448PublicKeyrZX448PrivateKeyrrrrr,ZEd25519PublicKeyrZEd25519PrivateKeyrrrr-ZEd448PublicKeyrZEd448PrivateKeyrrrrIteratorrrrrTuplerrTrrUrVr r rrrrrrr"rPZPKCS7SignatureBuilderr&r*r]r]r]r^r_s|             5        %    @:       *        5/      '   z 7    1    $    #   O     1 r_c@s,eZdZedddZeeedddZdS)r)fmtcCs ||_dSr)_fmt)rur6r]r]r^rv? szGetCipherByName.__init__)r rrcCsd|jj||d}|j|d}||jjkrX|jjrX|j |jj|d|jj}| |S)N)rrr) r7rxlowerrfrrrdrZCryptography_HAS_300_EVP_CIPHERZEVP_CIPHER_fetchr)rur rrrrr]r]r^__call__B s zGetCipherByName.__call__N) rZr[r\r,rvr_r9rLr9r]r]r]r^r> sr)r rcCs"d|jd}|j|dS)Nz aes-{}-xtsrr)rxrrfrr)r rrrr]r]r^rW sr)| collectionsr0rr-rmrZ cryptographyrrZcryptography.exceptionsrrZ$cryptography.hazmat.backends.opensslrZ,cryptography.hazmat.backends.openssl.ciphersrZ)cryptography.hazmat.backends.openssl.cmacr Z'cryptography.hazmat.backends.openssl.dhr r r rZ(cryptography.hazmat.backends.openssl.dsarrrZ'cryptography.hazmat.backends.openssl.ecrrZ,cryptography.hazmat.backends.openssl.ed25519rrZ*cryptography.hazmat.backends.openssl.ed448rrrZ+cryptography.hazmat.backends.openssl.hashesrZ)cryptography.hazmat.backends.openssl.hmacrZ-cryptography.hazmat.backends.openssl.poly1305rrZ(cryptography.hazmat.backends.openssl.rsarr Z+cryptography.hazmat.backends.openssl.x25519r!r"Z)cryptography.hazmat.backends.openssl.x448r#r$Z"cryptography.hazmat.bindings._rustrVZ$cryptography.hazmat.bindings.opensslr%Zcryptography.hazmat.primitivesr&r'Z*cryptography.hazmat.primitives._asymmetricr(Z)cryptography.hazmat.primitives.asymmetricr)r*r+r,r-r.r/r0Z1cryptography.hazmat.primitives.asymmetric.paddingr1r2r3r4Z/cryptography.hazmat.primitives.asymmetric.typesr5r6r7Z&cryptography.hazmat.primitives.ciphersr8r9Z1cryptography.hazmat.primitives.ciphers.algorithmsr:r;r<r=r>r?r@rArBrCrDrEZ,cryptography.hazmat.primitives.ciphers.modesrFrGrHrIrJrKrLrMrNZ"cryptography.hazmat.primitives.kdfrOZ,cryptography.hazmat.primitives.serializationrPrQZ3cryptography.hazmat.primitives.serialization.pkcs12rRrSrTrUrV namedtuplerWrYr_rrr r]r]r]r^sv         ( 8,  J