_fiRddlmZddlZddlZddlZddlZddlmZddlmZm Z ddl m Z m Z ddl mZddlmZddlmZdd lmZmZdd lmZmZdd lmZdd lmZdd lmZm Z ddl!m"Z"ddl#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+ddl,m-Z-m.Z.m/Z/m0Z0ddl1m2Z2m3Z3ddl4m5Z5m6Z6ddl7m8Z8m9Z9m:Z:m;Z;mZ>m?Z?m@Z@mAZAmBZBmCZCddlDmEZEmFZFmGZGmHZHmIZImJZJmKZKmLZLmMZMddlNmOZOddlPmQZQmRZRmSZSmTZTmUZUejVdddgZWGddZXGddZYGddZZd$d#Z[eYZ\dS)%) annotationsN)contextmanager)utilsx509)UnsupportedAlgorithm_Reasons)aead)_CipherContext _CMACContext)_EllipticCurvePrivateKey_EllipticCurvePublicKey)_RSAPrivateKey _RSAPublicKey)openssl)binding)hashes serialization)AsymmetricPadding)dhdsaeced448ed25519rsax448x25519)MGF1OAEPPSSPKCS1v15)PrivateKeyTypesPublicKeyTypes)BlockCipherAlgorithmCipherAlgorithm) AESAES128AES256ARC4SM4CamelliaChaCha20 TripleDES_BlowfishInternal_CAST5Internal _IDEAInternal _SEEDInternal) CBCCFBCFB8CTRECBGCMOFBXTSMode)ssh)PBESPKCS12CertificatePKCS12KeyAndCertificatesPKCS12PrivateKeyTypes_PKCS12CATypes _MemoryBIObiochar_ptrceZdZdS)_RC2N)__name__ __module__ __qualname__^/var/www/html/env/lib/python3.11/site-packages/cryptography/hazmat/backends/openssl/backend.pyrErE\sDrJrEc eZdZdZdZhdZefZej ej ej ej ej ejejejejejejejf ZejejejejfZdZdZddzZdZdezZ dd Z!dd Z" dddZ#ddZ$ddZ%ddZ&ddZ'ddZ(ddZ)ddZ*ddZ+ddZ,dd"Z-dd#Z.dd$Z/dd&Z0dd'Z1dd(Z2dd*Z3dd+Z4dd-Z5dd1Z6dd2Z7dd6Z8dd9Z9d:Z:d;Z;dd?ZddCZ?ddEZ@ddFZAddIZBddJZCddLZDddOZEddPZFddRZGddUZHddWZIddXZJddYZKddZZLdd]ZMdd`ZNddaZOddcZPdddZQdeZRddfZSddgZTddkZUddmZVddpZWddqZXddsZYddvZZddyZ[dd{Z\dd}Z]ddZ^ddZ_ddZ`ddZaddZbddZcdZdddZeefdZgd dZhd dZiddZjddZkd dZlddZmd dZnd dZoddZpddZqddZrddZs dܐddZtddZuddZvddZwddZxddZyddZzddZ{ddZ|ddZ}ddZ~ddZddZddZddZdd„ZddĄZddńZddƄZddȄZejfdɄZd d˄Zd!d̈́Zd"dӄZddԄZddՄZd#dׄZd#d؄Zd$dلZd S(%Backendz) OpenSSL API binding interfaces. r> aes-128-ccm aes-128-gcm aes-192-ccm aes-192-gcm aes-256-ccm aes-256-gcmireturnNonechtj|_|jj|_|jj|_tj|_ i|_ | |jj g|_ |jjr&|j |jjdSdSN)rBinding_bindingffi_ffilib_lib rust_opensslis_fips_enabled _fips_enabled_cipher_registry_register_default_ciphers EVP_PKEY_DH _dh_typesCryptography_HAS_EVP_PKEY_DHXappend EVP_PKEY_DHXselfs rK__init__zBackend.__init__s)) M% M% )9;;   &&((()/0 9 2 : N ! !$)"8 9 9 9 9 9 : :rJstrcrd||j|jjS)Nz3)formatopenssl_version_textrbr[_legacy_provider_loadedrjs rK__repr__zBackend.__repr__s7DKK  % % ' '   M 1   rJNokboolerrors7typing.Optional[typing.List[rust_openssl.OpenSSLError]]c:tj|j||S)N)ru)r_openssl_assertr_)rkrsrus rKopenssl_assertzBackend.openssl_asserts &ty"VDDDDrJc|jtjsJtj|_dSrY)r[ _enable_fipsr`rarbrjs rKr{zBackend._enable_fipssD ""$$$+-----)9;;rJc|j|j|jjdS)z Friendly string name of the loaded OpenSSL library. This is not necessarily the same version as it was compiled against. Example: OpenSSL 1.1.1d 10 Sep 2019 ascii)r]stringr_OpenSSL_versionOPENSSL_VERSIONdecoderjs rKrpzBackend.openssl_version_textsAy I % %di&? @ @  &// rJintc4|jSrY)r_OpenSSL_version_numrjs rKopenssl_version_numberzBackend.openssl_version_numbersy,,...rJ algorithmhashes.HashAlgorithmc|jdks |jdkr7d|j|jdzd}n|jd}|j|}|S)Nblake2bblake2sz{}{}r})namero digest_sizeencoder_EVP_get_digestbyname)rkralgevp_mds rK_evp_md_from_algorithmzBackend._evp_md_from_algorithms~ >Y & &).I*E*E-- 5 9fWoo C.''00C//44 rJcv||}|||jjk|SrY)rryr]NULLrkrrs rK_evp_md_non_null_from_algorithmz'Backend._evp_md_non_null_from_algorithms7,,Y77 Fdin4555 rJc|jrt||jsdS||}||jjkSNF)rb isinstance _fips_hashesrr]rrs rKhash_supportedzBackend.hash_supportedsH   jDj(2333rJc tttfD]U}ttt t tttfD]&}| ||td'Vttt t tfD]+}| t|td,tttt fD]+}| t|td,| tt td| ttdtd| tt t"t tt ttfD]+}| t$|td,|jjs |jjs]ttt t fD]+}| t.|td,ttt t fD]+}| t0|td,t3jt6t8gtt tt gD])\}}| ||td*| t:tdtd | t<tdtd dSdS) Nz+{cipher.name}-{cipher.key_size}-{mode.name}zdes-ede3-{mode.name}zdes-ede3chacha20zsm4-{mode.name}zbf-{mode.name}zseed-{mode.name}z{cipher.name}-{mode.name}rc4rc2)r&r'r(r2r5r6r8r3r4r7rGetCipherByNamer+r-r,rr9_get_xts_cipherr*r[rqr_#CRYPTOGRAPHY_OPENSSL_300_OR_GREATERr.r1 itertoolsproductr/r0r)rE)rkrrs rKrdz!Backend._register_default_cipherssA/  J #sCdC@  ,,#E c3S1  H  ( ( MNN     c4-  H  ( (8_5K%L%L     $$ sOJ77    $$ d4jj/*"="=    $$S#???c3S1  H  ( (X/@AA     M 1 9@ !#sC0  ,,%#$455 !#sC0  ,,!#$677 )2(9/c3$))  $ H,,#$?@@  ( (d4jj/%"8"8     ( (d4jj/%"8"8     ;  rJr c:t|||tjSrY)r _ENCRYPTrkrrs rKcreate_symmetric_encryption_ctxz'Backend.create_symmetric_encryption_ctxLdFD.2IJJJrJc:t|||tjSrY)r _DECRYPTrs rKcreate_symmetric_decryption_ctxz'Backend.create_symmetric_decryption_ctxQrrJc,||SrY)rrs rKpbkdf2_hmac_supportedzBackend.pbkdf2_hmac_supportedVs""9---rJ&typing.List[rust_openssl.OpenSSLError]c(tjSrY)r`capture_error_stackrjs rK_consume_errorszBackend._consume_errorsYs/111rJc||jjksJ||j| |j|}|jd|}|j||}||dkt |j |d|d}|S)Nzunsigned char[]rbig) r]rryr_BN_is_negative BN_num_bytesnew BN_bn2binr from_bytesbuffer)rkbn bn_num_bytesbin_ptrbin_lenvals rK _bn_to_intzBackend._bn_to_int\sTY^####  8 8 < <<===y--b11 )-- 1<@@)%%b'22 GqL)))nnTY--g66xx@%HH rJnumc(|t|dz dzd}|j|t ||jj}|||jjk|S)a  Converts a python integer to a BIGNUM. The returned BIGNUM will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. g @rUr) to_bytesr bit_lengthr_ BN_bin2bnlenr]rry)rkrbinarybn_ptrs rK _int_to_bnzBackend._int_to_bnhsxc#.."2"2S"81"<==uEE$$VS[[$).II Fdin4555 rJpublic_exponentkey_sizersa.RSAPrivateKeyc2tj|||j}|||jjk|j||jj}| |}|j||jj }|j ||||jj}||dk| |}t|||dS)NrUTunsafe_skip_rsa_key_validation)r_verify_rsa_parametersr_RSA_newryr]rgcRSA_freerBN_freeRSA_generate_key_ex_rsa_cdata_to_evp_pkeyr)rkrr rsa_cdatarresevp_pkeys rKgenerate_rsa_private_keyz Backend.generate_rsa_private_keyts "?H===I%%''  I7888ILLDI,>?? ___ - - Y\\"di/ 0 0i++ xTY^   C1H%%%..y99 )Xd    rJc,|dko|dzdko|dkS)NrUrirI)rkrrs rK!generate_rsa_parameters_supportedz)Backend.generate_rsa_parameters_supporteds/ q  !#q( C rJnumbersrsa.RSAPrivateNumbersrc tj|j|j|j|j|j|j|jj |jj |j }| ||jjk|j||j j}||j}||j}||j}||j}||j}||j} ||jj } ||jj } |j |||} | | dk|j || | |} | | dk|j |||| } | | dk||} t/||| |S)NrUr)r_check_private_key_componentspqddmp1dmq1iqmppublic_numbersenr_rryr]rrrrRSA_set0_factors RSA_set0_keyRSA_set0_crt_paramsrr)rkrrrrrrrrrrrrrs rKload_rsa_private_numbersz Backend.load_rsa_private_numberss ) I I I L L L  " $  " $ I%%''  I7888ILLDI,>?? OOGI & & OOGI & & OOGI & &w|,,w|,,w|,, OOG24 5 5 OOG24 5 5i((Aq99 C1H%%%i$$Y1a88 C1H%%%i++ItT4HH C1H%%%..y99   +I     rJrsa.RSAPublicNumbersrsa.RSAPublicKeyc6tj|j|j|j}|||jjk|j ||jj }| |j}| |j}|j ||||jj}||dk| |}t|||SNrU)r_check_public_key_componentsrrr_rryr]rrrrrrr)rkrrrrrrs rKload_rsa_public_numberszBackend.load_rsa_public_numberss (GI>>>I%%''  I7888ILLDI,>?? OOGI & & OOGI & &i$$Y1dinEE C1H%%%..y99T9h777rJc|j}|||jjk|j||jj}|SrY)r_ EVP_PKEY_newryr]rr EVP_PKEY_free)rkrs rK_create_evp_pkey_gczBackend._create_evp_pkey_gcsQ9))++ H 67779<<$)*ABBrJc|}|j||}||dk|Sr )rr_EVP_PKEY_set1_RSAry)rkrrrs rKrzBackend._rsa_cdata_to_evp_pkeysG++--i))(I>> C1H%%%rJdatabytesrAc2|j|}|j|t |}|||jjkt|j||jj |S)z Return a _MemoryBIO namedtuple of (BIO, char*). The char* is the storage for the BIO and it must stay alive until the BIO is finished with. ) r] from_bufferr_BIO_new_mem_bufrryrrArBIO_free)rkrdata_ptrrBs rK _bytes_to_biozBackend._bytes_to_biosx9((..i''#d))<< C49>1222$),,sDI,>??JJJrJcB|j}|||jjk|j|}|||jjk|j||jj}|S)z. Creates an empty memory BIO. )r_ BIO_s_memryr]rBIO_newrr)rk bio_methodrBs rK_create_mem_bio_gczBackend._create_mem_bio_gcsY((**  J$).8999i ++ C49>1222ill3 233 rJcF|jd}|j||}||dk||d|jjk|j|d|dd}|S)zE Reads a memory BIO. This only works on memory BIOs. zchar **rN)r]rr_BIO_get_mem_dataryrr)rkrBbufbuf_lenbio_datas rK _read_mem_biozBackend._read_mem_biosimmI&&),,S#66 GaK((( CFdin45559##CFG44QQQ7rJr"c|j|}||jjkru|j|}|||jjk|j||jj}t||||S||jj kr|jj s|jj s|jj s|j|}|||jjk|j||jj}|}|j||}||dk|||d|S||jjkrEt&jt-|jd|S||jjkrs|j|}|||jjk|j||jj}t7|||S||jvrEt&jt-|jd|S|t=|jddkrEt&jt-|jd|S|t=|jddkrEt&j t-|jd|S||jj!krEt&j"t-|jd|S|t=|jddkrEt&j#t-|jd|StId ) zd Return the appropriate type of PrivateKey given an evp_pkey cdata pointer. rrUN)passwordr uintptr_tEVP_PKEY_ED25519 EVP_PKEY_X448EVP_PKEY_ED448Unsupported key type.)%r_ EVP_PKEY_id EVP_PKEY_RSAEVP_PKEY_get1_RSAryr]rrrrEVP_PKEY_RSA_PSSCRYPTOGRAPHY_IS_LIBRESSLCRYPTOGRAPHY_IS_BORINGSSL#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111Er i2d_RSAPrivateKey_bioload_der_private_keyr& EVP_PKEY_DSAr`rprivate_key_from_ptrrcast EVP_PKEY_ECEVP_PKEY_get1_EC_KEY EC_KEY_freer rfrgetattrrrEVP_PKEY_X25519rrr)rkrrkey_typerrBrec_cdatas rK_evp_pkey_to_private_keyz Backend._evp_pkey_to_private_keys9((22 ty- - - 33H==I    TY^ ; < < < Y 0BCCI!/M    2 2 2I6 3I7 3IA 3 33H==I    TY^ ; < < < Y 0BCCI))++C)11#yAAC   q ) ) ),,""3''/M-  / / /#88DINN;99:: . . .y55h??H   DIN : ; ; ;y||Hdi.CDDH+D(HEE E  ' '?77DINN;99:: ,>EE E E'<<DINN;99:: OTBB B B$99DINN;99:: 2 2 2&;;DINN;99:: ,?? ?rJr#c|j|}||jjkrs|j|}|||jjk|j||jj}t|||S||jj kr|jj s|jj s|jj s|j|}|||jjk|j||jj}|}|j||}||dk|||S||jjkrEt&jt-|jd|S||jjkr|j|}||jjkr$|}t7d||j||jj}t;|||S||jvrEt&jt-|jd|S|tA|jddkrEt&j!t-|jd|S|tA|jddkrEt&j"t-|jd|S||jj#krEt&j$t-|jd|S|tA|jddkrEt&j%t-|jd|StMd) zc Return the appropriate type of PublicKey given an evp_pkey cdata pointer. rUr)zUnable to load EC keyr*Nr+r,r-)'r_r.r/r0ryr]rrrrr1r2r3r4r i2d_RSAPublicKey_bioload_der_public_keyr&r7r`rpublic_key_from_ptrrr9r:r;rrr<rrfrr=rrr>rrr)rkrr?rrBrr@rus rK_evp_pkey_to_public_keyzBackend._evp_pkey_to_public_keyGs 9((22 ty- - - 33H==I    TY^ ; < < < Y 0BCCI y(;; ;  2 2 2I6 3I7 3IA 3  33H==I    TY^ ; < < < Y 0BCCI))++C)00i@@C   q ) ) )++D,>,>s,C,CDD D / / /#77DINN;99:: . . .y55h??H49>))--// !8&AAAy||Hdi.CDDH*48DD D  ' '?66DINN;99:: ,>EE E E';;DINN;99:: OTBB B B$88DINN;99:: 2 2 2&::DINN;99:: ,?? ?rJc|jrt|tjrdSt|tjtjtjtjtjfSr)rbrrrSHA224SHA256SHA384SHA512rs rK_oaep_hash_supportedzBackend._oaep_hash_supportedsX   *Y "D"D 5          rJpaddingrct|trdSt|trft|jtrL|jr&t|jjtjrdS| |jjSt|trSt|jtr9| |jjo| |jSdS)NTF) rr!r _mgfrrb _algorithmrrrrrLrkrMs rKrsa_padding_supportedzBackend.rsa_padding_supporteds gx ( ( 4  % % *W\4*H*H ! Dj ''' Dt**7<+BCCC  & & :glD+I+I ,, '@++G,>?? @5rJch|jrt|trdS||Sr)rbrr!rRrQs rKrsa_encryption_supportedz Backend.rsa_encryption_supporteds7   7*Wh"?"? 75--g66 6rJdsa.DSAParameterscf|dvrtdtj|S)N)irTi iz0Key size must be 1024, 2048, 3072, or 4096 bits.)rr`rgenerate_parameters)rkrs rKgenerate_dsa_parameterszBackend.generate_dsa_parameterss< 3 3 3B 33H===rJ parametersdsa.DSAPrivateKeyc*|SrYgenerate_private_keyrkrYs rKgenerate_dsa_private_keyz Backend.generate_dsa_private_key..000rJcV||}||SrY)rXr_)rkrrYs rK'generate_dsa_private_key_and_parametersz/Backend.generate_dsa_private_key_and_parameterss+11(;; ,,Z888rJdsa.DSAPrivateNumberschtj|tj|SrY)r_check_dsa_private_numbersr`from_private_numbersrkrs rKload_dsa_private_numbersz Backend.load_dsa_private_numberss, &w///44W===rJdsa.DSAPublicNumbersdsa.DSAPublicKeycrtj|jtj|SrY)r_check_dsa_parametersparameter_numbersr`from_public_numbersrgs rKload_dsa_public_numberszBackend.load_dsa_public_numberss/ !'";<<<33G<<> 1.  rJc|j|j|jj}||jjkr8|j||jj}|td|S|dS)N4Password was given but private key is not encrypted.) r_d2i_PrivateKey_biorBr]rrr TypeErrorr)rkr%r(rs rKrz*Backend._evp_pkey_from_der_traditional_key9si**8<HH $). ),,sDI$;<BB DDIN2333y||D$)"566 rJx509_ptrc|}|j||}||dkt j||Sr )r r_ i2d_X509_bioryrload_der_x509_certificater&)rkrrBrs rK _ossl2certzBackend._ossl2certisa%%''i$$S(33 C1H%%%-d.@.@.E.EFFFrJrr?c|tjjtjjtj}||}|j |j |j j }| ||j j k|j ||jjSrY) private_bytesrrr PrivateFormatPKCS8 NoEncryptionrr_rrBr]rryrr)rkrrrrs rK _key2osslzBackend._key2osslos   " &  ' -  & ( (   $$T**9// K IN   H 6777y||Hdi&=>>>rJcp||}|jd}|Jtjd||j|}||_t||_||j |jj |j |j j d|}||jj kr|jdkre||jdkrt!d|jdksJt#d|jd z ||j||j j}||jdkrt!d | |jd ks|J|||S) Nrr(rrz3Password was not given but private key is encryptedzAPasswords longer than {} bytes are not supported by this backend.rUr)rr]rr_check_byteslikerr(rlengthrBrrr_rerrorrrrromaxsizerrrcalledrA) rkopenssl_read_funcrr(rrr password_ptrrs rKrzBackend._load_key~s$$T**9==!?@@    ":x 8 8 8900::L ,H !(mmHO$$ K IN I   ')G       ty~ % %~""$$&&&>R''#M$>R////$++16(2BQ2F+G+G ..0009<<$)*ABB  HOq$8$8F   X_%9%9   ,, 4   rJtyping.NoReturnc}|std|djjjjsl|djjjjs<jjr?|djj jj rtdtfd|Drtdtd|)Nz|Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.rz Bad decrypt. Incorrect password?c3lK|].}|jjjjV/dSrY)_lib_reason_matchr_ ERR_LIB_EVP'EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM).0rrks rK z4Backend._handle_key_loading_error..sY    # # % A        rJz!Unsupported public key algorithm.zCould not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).) rrrr_rEVP_R_BAD_DECRYPTERR_LIB_PKCS12!PKCS12_R_PKCS12_CIPHERFINAL_ERRORCryptography_HAS_PROVIDERS ERR_LIB_PROVPROV_R_BAD_DECRYPTany)rkrus` rKrz!Backend._handle_key_loading_errorsE%%'')   1I ' ' %ty'B  " ay** ( ; "  4" 1I//I*I0"  ?@@ @            @AA A4  rJcurveec.EllipticCurvecf ||}n#t$r|jj}YnwxYw|j|}||jjkr|dS|||jjk|j |dS)NFT) _elliptic_curve_to_nidrr_ NID_undefEC_GROUP_new_by_curve_namer]rrry EC_GROUP_free)rkr curve_nidgroups rKelliptic_curve_supportedz Backend.elliptic_curve_supporteds ,33E::II# , , , +III , 44Y?? DIN " "  " " "5    TY-@ @ A A A I # #E * * *4s 11signature_algorithm"ec.EllipticCurveSignatureAlgorithmcdt|tjsdS||Sr)rrECDSAr)rkrrs rK,elliptic_curve_signature_algorithm_supportedz4Backend.elliptic_curve_signature_algorithm_supporteds2 -rx88 5,,U333rJec.EllipticCurvePrivateKeycN||rn||}|j|}||dk||}t |||Std|jdtj )z@ Generate a new private key on the named curve. rUz Backend object does not support .) r_ec_key_new_by_curver_EC_KEY_generate_keyry_ec_cdata_to_evp_pkeyr rrrUNSUPPORTED_ELLIPTIC_CURVE)rkrr@rrs rK#generate_elliptic_curve_private_keyz+Backend.generate_elliptic_curve_private_keys  ( ( / / 0077H)//99C   q ) ) )11(;;H+D(HEE E&@5:@@@3 rJec.EllipticCurvePrivateNumbersc |j}||j}|j||j|jj}|j ||}|dkr#| td| 5}| ||j|j||j|}|||jjkt&j|}|||jjk|j|} || |jjk|j| |jj} |j|| ||jj|jj|}||dk|j||| |dkrtd dddn #1swxYwY||} t5||| S)NrUInvalid EC key.r)rrrr]rr private_valuer_ BN_clear_freeEC_KEY_set_private_keyrr _tmp_bn_ctx)_ec_key_set_public_key_affine_coordinatesxyEC_KEY_get0_groupryrbackendEC_KEY_get0_public_key EC_POINT_new EC_POINT_free EC_POINT_mul EC_POINT_cmprr ) rkrpublicr@rrbn_ctxr set_pointcomputed_pointrs rK#load_elliptic_curve_private_numbersz+Backend.load_elliptic_curve_private_numberss',,V\:: OOG1 2 2DI4K  i..xGG !88  " " ".// /      46  : :&(FHf    I//99E    7 8 8 8 ;;HEEI    TY^ ; < < <!Y33E::N   $). @ A A A!Y\\ 7N)((   C   q ) ) ) &&9nf !!2333 5 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4B--h77'hAAAs7FII Iec.EllipticCurvePublicNumbersec.EllipticCurvePublicKeyc||j}|5}|||j|j|dddn #1swxYwY||}t|||SrY)rrrrrrrr)rkrr@rrs rK"load_elliptic_curve_public_numbersz*Backend.load_elliptic_curve_public_numbersEs,,W];;      6  : :')WY                  --h77&tXx@@@s#AA"%A" point_bytesc  ||}|j|}|||jjk|j|}|||jjk|j||jj}| 5}|j |||t||}|dkr#| td dddn #1swxYwY|j||}||dk||}t!|||S)NrUz(Invalid public bytes for the given curve)rr_rryr]rrrrrEC_POINT_oct2pointrrrEC_KEY_set_public_keyrr) rkrrr@rpointrrrs rK load_elliptic_curve_public_bytesz(Backend.load_elliptic_curve_public_bytesQs,,U33 ++H55 ETY^3444 &&u-- ETY^3444 UDI$;<<      M6)..uk3{+;+;VCaxx$$&&& !KLLL  M M M M M M M M M M M M M M Mi--h>> C1H%%%--h77&tXx@@@s AD++D/2D/rc V||}|j|}|||jjk|j|}|||jjk|j||jj}| |}|j||jj }| 5}|j ||||jj|jj|}||dk|j |} |j |} |j||| | |}|dkr#|t!d dddn #1swxYwY|j||}||dk| |} |j| |jj } |j|| }||dk||} t)||| S)NrUz'Unable to derive key from private_value)rr_rryr]rrrrrrrr BN_CTX_getEC_POINT_get_affine_coordinatesrrrrrr ) rkrrr@rrvaluerrbn_xbn_yprivaters rK!derive_elliptic_curve_private_keyz)Backend.derive_elliptic_curve_private_keygs,,U33 ++H55 ETY^3444 &&u-- ETY^3444 UDI$;<< .. UDI$;<<      L6)((ueTY^TY^VC   q ) ) )9''//D9''//D);;udD&Caxx$$&&& !JKKK L L L L L L L L L L L L L L L i--h>> C1H%%%//-00),,w (?@@i..xAA C1H%%%--h77'hAAAsCGGGcV||}||SrY)r_ec_key_new_by_curve_nid)rkrrs rKrzBackend._ec_key_new_by_curves)//66 ,,Y777rJrc|j|}|||jjk|j||jjSrY)r_EC_KEY_new_by_curve_nameryr]rrr<)rkrr@s rKrz Backend._ec_key_new_by_curve_nidsO955i@@ H 6777y||Hdi&;<<> I(():):)<)<==  + + +&:AAA3 rJc#|K|j}|||jjk|j||jj}|j| |V|j|dS#|j|wxYwrY) r_ BN_CTX_newryr]rr BN_CTX_free BN_CTX_start BN_CTX_end)rkrs rKrzBackend._tmp_bn_ctxs%%'' Fdin4555fdi&;<< v&&& )LLL I  ( ( ( ( (DI  ( ( ( (s ?BB;rrcP|dks|dkrtd|j|||jj}|j|||jj}|j|}|||jjk|j |}|||jjk|j||jj }|j |||||}|dkr#| td|j ||}||dkdS)zg Sets the public key point in the EC_KEY context to the affine x and y values. rz2Invalid EC key. Both x and y must be non-negative.rUrN)rr]rrr_rrryrrrEC_POINT_set_affine_coordinatesrr)rkr@rrrrrrs rKrz1Backend._ec_key_set_public_key_affine_coordinatessy q55AEED  ILL++TY-> ? ? ILL++TY-> ? ? ++H55 ETY^3444 &&u-- ETY^3444 UDI$;<<i77 5!Q   !88  " " ".// /i--h>> C1H%%%%%rJencodingserialization.Encodingroserialization.PrivateFormatencryption_algorithm(serialization.KeySerializationEncryptionct|tjstdt|tjstdt|tjstdt|tjrd}nt|tjr*|j}t|dkrtdnQt|tj r(|j |cxurtjj ur nn|j}ntd|tjjurf|tjjur |jj}n/|tjjur |jj}ntd||||S|tjjur3|jr)t|tjstd |j|} |tjjurR| |jjkr |jj}n| |jjksJ|jj}||||S|tjjurb|rtd | |jjkr |jj}n| |jjksJ|jj}|||Std |tjj ur8|tjjurt?j |||Std td )N/encoding must be an item from the Encoding enumz2format must be an item from the PrivateFormat enumzBEncryption algorithm must be a KeySerializationEncryption instancerJizBPasswords longer than 1023 bytes are not supported by this backendzUnsupported encryption typezUnsupported encoding for PKCS8zCEncrypted traditional OpenSSL format is not supported in FIPS mode.zDEncryption is not supported for DER encoded traditional OpenSSL keysz+Unsupported encoding for TraditionalOpenSSLz=OpenSSH private key format can only be used with PEM encodingformat is invalid with this key)!rrrrrKeySerializationEncryptionrBestAvailableEncryptionr(rr_KeySerializationEncryption_formatOpenSSHrPEMr_PEM_write_bio_PKCS8PrivateKeyri2d_PKCS8PrivateKey_bio_private_key_bytes_via_bioTraditionalOpenSSLrbr.r/PEM_write_bio_RSAPrivateKeyr:PEM_write_bio_ECPrivateKeyr5i2d_ECPrivateKey_bio_bio_func_outputr;_serialize_ssh_private_key) rkr+ror.rrcdatar( write_bior?s rK_private_key_byteszBackend._private_key_bytess(M$:;; OMNN N&-"=>> D  -"J     *M,F G G <HH  -"G   <,4H8}}t## #$ $m&O   <%,3333*233333,4HH:;; ; ]06 6 6=1555 IC ]3777 I=  !ABBB228X  ]0C C C! *$m&@++ !.y,,X66H=1555ty555 $ EII#ty'<<<<< $ DI66uh=1555$3ty555 $ ?II#ty'<<<<< $ >I,,Y>>>JKK K ]08 8 8=15555#7% :;;;rJc |s |jj}n|jd}|||||t ||jj|jjS)Ns aes-256-cbc)r]rr_EVP_get_cipherbynamer@r)rkrCrr(rs rKr;z"Backend._private_key_bytes_via_bioYsj HJJ77GGJ$$     MM IN IN   rJc|}||g|R}||dk||Sr )r ryr&)rkrCargsrBrs rKr@zBackend._bio_func_outputlsV%%''i#d### C1H%%%!!#&&&rJserialization.PublicFormatct|tjstdt|tjstd|tjjure|tjjur |jj}n/|tjj ur |jj }ntd| ||S|tjj ur|j|}||jjkrtd|tjjur |jj}n/|tjj ur |jj}ntd| ||S|tjjur6|tjjurt'j|Stdtd)Nr1z1format must be an item from the PublicFormat enumz8SubjectPublicKeyInfo works only with PEM or DER encodingz+PKCS1 format is supported only for RSA keysz)PKCS1 works only with PEM or DER encodingz1OpenSSH format must be used with OpenSSH encodingr2)rrrr PublicFormatSubjectPublicKeyInfor8r_PEM_write_bio_PUBKEYri2d_PUBKEY_biorr@PKCS1r.r/PEM_write_bio_RSAPublicKeyrCr7r;serialize_ssh_public_key)rkr+rorrrBrCr?s rK_public_key_byteszBackend._public_key_bytesrs(M$:;; OMNN N&-"<== C  ]/D D D=1555 I: ]3777 I4  N((H== = ]/5 5 5y,,X66H49111 !NOOO=1555 I@ ]3777 I:  !LMMM((E:: : ]/7 7 7=19993C888C  :;;;rJc|jj SrYr_r3rjs rK dh_supportedzBackend.dh_supported9666rJ generatorcBtj||SrY)r`rrWrkrWrs rKgenerate_dh_parameterszBackend.generate_dh_parameterss229hGGGrJdh.DHPrivateKeyc*|SrYr\r^s rKgenerate_dh_private_keyzBackend.generate_dh_private_keyr`rJcT||||SrY)r]rZrYs rK&generate_dh_private_key_and_parametersz.Backend.generate_dh_private_key_and_parameterss/++  ' ' 8 < <   rJdh.DHPrivateNumbersc@tj|SrY)r`rrfrgs rKload_dh_private_numberszBackend.load_dh_private_numberss33G<<>>rJrgrtyping.Optional[int]c tjtj|||dS#t$rYdSwxYw)N)rrjrTF)r`rrrDHParameterNumbersr)rkrrjrs rKdh_parameters_supportedzBackend.dh_parameters_supportedsa  O 2 2%Q!444    4   55 s48 AAc"|jjdkSr )r_rgrjs rKdh_x942_serialization_supportedz'Backend.dh_x942_serialization_supportedsy6!;;rJx25519.X25519PublicKeyc@tj|SrY)r`rfrom_public_bytesrs rKx25519_load_public_bytesz Backend.x25519_load_public_bytess"44T:::rJx25519.X25519PrivateKeyc@tj|SrY)r`rfrom_private_bytesrs rKx25519_load_private_bytesz!Backend.x25519_load_private_bytess"55d;;;rJc>tjSrY)r`r generate_keyrjs rKx25519_generate_keyzBackend.x25519_generate_keys"//111rJc.|jrdS|jj Sr)rbr_#CRYPTOGRAPHY_LIBRESSL_LESS_THAN_370rjs rKx25519_supportedzBackend.x25519_supporteds   59@@@rJx448.X448PublicKeyc@tj|SrY)r`rrsrs rKx448_load_public_byteszBackend.x448_load_public_bytess 224888rJx448.X448PrivateKeyc@tj|SrY)r`rrwrs rKx448_load_private_byteszBackend.x448_load_private_bytess 33D999rJc>tjSrY)r`rrzrjs rKx448_generate_keyzBackend.x448_generate_keys --///rJcH|jrdS|jj o |jj Srrbr_r2r3rjs rKx448_supportedzBackend.x448_supported2   5 2 2 8I77 rJc,|jrdS|jjSr)rbr_ CRYPTOGRAPHY_HAS_WORKING_ED25519rjs rKed25519_supportedzBackend.ed25519_supporteds   5y99rJed25519.Ed25519PublicKeyc@tj|SrY)r`rrsrs rKed25519_load_public_bytesz!Backend.ed25519_load_public_bytess#55d;;;rJed25519.Ed25519PrivateKeyc@tj|SrY)r`rrwrs rKed25519_load_private_bytesz"Backend.ed25519_load_private_bytess#66t<<tjSrY)r`rrzrjs rKed25519_generate_keyzBackend.ed25519_generate_key s#00222rJcH|jrdS|jj o |jj Srrrjs rKed448_supportedzBackend.ed448_supportedrrJed448.Ed448PublicKeyc@tj|SrY)r`rrsrs rKed448_load_public_byteszBackend.ed448_load_public_bytess!33D999rJed448.Ed448PrivateKeyc@tj|SrY)r`rrwrs rKed448_load_private_bytesz Backend.ed448_load_private_bytess!44T:::rJc>tjSrY)r`rrzrjs rKed448_generate_keyzBackend.ed448_generate_keys!..000rJc,tj||SrY)r _aead_cipher_supported)rkrs rKaead_cipher_supportedzBackend.aead_cipher_supporteds*4888rJrc4t|D]}d||<dS)Nr)range)rkrris rK _zero_datazBackend._zero_data"s.v  ADGG  rJc#K||jjVdSt|}|jd|dz}|j||| |V||jd||dS#||jd||wxYw)a This method takes bytes, which can be a bytestring or a mutable buffer like a bytearray, and yields a null-terminated version of that data. This is required because PKCS12_parse doesn't take a length with its password char * and ffi.from_buffer doesn't provide null termination. So, to support zeroing the data via bytearray we need to build this ridiculous construct that copies the memory, but zeroes it after use. Nzchar[]rUz uint8_t *)r]rrrmemmoverr9)rkrdata_lenr#s rK_zeroed_null_terminated_bufz#Backend._zeroed_null_terminated_buf)s <). 4yyH)--(Q,77C I  c4 2 2 2 L  {C @ @(KKKKK {C @ @(KKKKs B1Cptyping.Tuple[typing.Optional[PrivateKeyTypes], typing.Optional[x509.Certificate], typing.List[x509.Certificate]]c|||}|j|jr |jjndd|jDfS)Ncg|] }|j SrI) certificate)rrs rK zABackend.load_key_and_certificates_from_pkcs12..Ks B B B$T  B B BrJ) load_pkcs12rrradditional_certs)rkrr(pkcs12s rK%load_key_and_certificates_from_pkcs12z-Backend.load_key_and_certificates_from_pkcs12@sP!!$11 J'-{ c\|tjd|||}|j|j|jj}||jjkr#|td|j ||jj }|j d}|j d}|j d}| |5}|j|||||} dddn #1swxYwY| dkr#|tdd} d} g} |d|jjkrB|j |d|jj} || d } |d|jjkr|j |d|jj}||}d}|j||jj}||jjkr|j|}t+||} |d|jjkr|j |d|jj}|j|d}|jjs |jjrt5|}nt7t5|}|D]}|j||}|||jjk|j ||jj}||}d}|j||jj}||jjkr|j|}| t+||t?| | | S) Nr(z!Could not deserialize PKCS12 dataz EVP_PKEY **zX509 **zCryptography_STACK_OF_X509 **rzInvalid password or PKCS12 dataFr) rrrr_d2i_PKCS12_biorBr]rrrr PKCS12_freerr PKCS12_parserrArrX509_alias_get0r~r= sk_X509_free sk_X509_numrr3rreversed sk_X509_valueryrhr>)rkrr(rBp12 evp_pkey_ptrr sk_x509_ptr password_bufrrradditional_certificatesrrcert_objr maybe_namesk_x509rindicesr addl_cert addl_names rKrzBackend.load_pkcs12Ns    ":x 8 8 8  &&i&&sw ?? $).  " " "@AA Aill3 566y}}]33 9==++imm$CDD  - -h 7 7 <)((\<;C                !88  " " ">?? ?"$ ?din , ,y||LOTY5LMMH//0C A;$). ( (9<< TY-@AADt,,HD224HHJTY^++y'' 33$Xt44D q>TY^ + +ill;q>493IJJG)'' A77C  = /96 / **"5::..  y..w::##DDIN$:;;;y||D$)*=>> OOD11  !Y66tTY^LL // $ 0 0 < >(3##Gty~$=>>>>).#/;2> >?? ? ;#c((a--inGGi0022Gill7DI,BCCGH 1 1b"344 2!/H"oobn==G'"i77#TY^R#i77#Xs8}}''q1111"oob11G(((i,,Wg>>&&sax0000  - -h 7 7 <11$77 859MDOOD111ty~ +.?DNN3''' i--                   ( 9 ty~-- (( IN1               D C49>1222ill3 566%%''i&&sC00 C!G$$$!!#&&&s8>Q'A*P > Q' P Q'P A Q''Q+.Q+c4|jrdS|jjdkSr)rbr_Cryptography_HAS_POLY1305rjs rKpoly1305_supportedzBackend.poly1305_supported7s"   5y2a77rJc|jj SrYrTrjs rKpkcs7_supportedzBackend.pkcs7_supported<rVrJtyping.List[x509.Certificate]ctjd|||}|j|j|jj|jj|jj}||jjkr#|td|j ||jj }| |SNrzUnable to parse PKCS7 data) rrrr_PEM_read_bio_PKCS7rBr]rrrr PKCS7_free_load_pkcs7_certificatesrkrrBp7s rKload_pem_pkcs7_certificatesz#Backend.load_pem_pkcs7_certificates?s 64(((  && Y ) ) GTY^TY^TY^       " " "9:: : Y\\"di2 3 3,,R000rJctjd|||}|j|j|jj}||jjkr#|td|j ||jj }| |Sr) rrrr_ d2i_PKCS7_biorBr]rrrrrrrs rKload_der_pkcs7_certificatesz#Backend.load_der_pkcs7_certificatesNs 64(((  && Y $ $SWdin = =     " " "9:: : Y\\"di2 3 3,,R000rJc|j|j}|||jjk||jjkr-t d|tj g}|j j |j j kr|S|j j j}|j|}t!|D]j}|j||}|||j j k||}||k|S)NzNOnly basic signed structures are currently supported. NID for this data was {})r_ OBJ_obj2nidrryrNID_pkcs7_signedrrorUNSUPPORTED_SERIALIZATIONrsignr]rrrrrrrh) rkrnidcertsrrrrrs rKrz Backend._load_pkcs7_certificates[s"i##BG,, C49#66777 $), , ,&((.s 2  )+ 49  & &L$).i##G,,s  A9**7A66D     6 7 7 7??4((D LL     rJ)rVrW)rVrmrY)rsrtrurvrVrW)rVr)rr)rrrVrt)rVrt)rr%rr:rVrt)rr%rr:rVr )rVr)rr)rrrrrVr)rrrrrVrt)rrrrtrVr)rrrVr )rrrVrA)rVr)rrtrVr")rVr#)rMrrVrt)rrrVrU)rYrUrVrZ)rrrVrZ)rrcrVrZ)rrirVrj)rrprVrU)rr$rVr )rrr(r~rrtrVr")rrrVr#)rrrVr)rrrVr)rrrVr)rr?rVr)rVr")rVr)rrrVrt)rrrrrVrt)rrrVr)rrrVr)rrrVr)rrrrrVr)rrrrrVr)rr)rr)rrrrrVrt)rrrVr)rrrrrVrW)r+r,ror-r.r/rVr)r+r,rorIrVr)rWrrrrVr)rYrrVr[)rWrrrrVr[)rr`rVr[)rrcrVrd)rrgrVr)rrrjrrrkrVrt)rrrVrq)rrrVru)rVru)rrrVr)rrrVr)rVr)rrrVr)rrrVr)rVr)rrrVr)rrrVr)rVr)rrrVrW)rrr(r~rVr)rrr(r~rVr>) rr~rrrrrrr.r/rVr)rrrVr)rVr)rFrGrH__doc__r _fips_aeadr&rrrHrIrJrK SHA512_224 SHA512_256SHA3_224SHA3_256SHA3_384SHA3_512SHAKE128SHAKE256rr SECP224R1 SECP256R1 SECP384R1 SECP521R1r_fips_rsa_min_key_size_fips_rsa_min_public_exponent_fips_dsa_min_modulus_fips_dh_min_key_size_fips_dh_min_modulusrlrrryr{rprrrrrrrrrrdrrrrrrrrrr rrrr r&rArFrLrRrTrXr_rbrhrorsrurwr{r}rrrr6rrDrrrrrrrrrrrrrrrrrrrrrrDr;r@rRrUrZr]r_rbrfrirnrprtrxr{r~rrrrrrrrrrrrrr contextlibrrrrrrrrrrIrJrKrMrM`s  D JFM      L     "$)!I  55 : : : :    KOEEEEE<<<<    ////     ((((....:::: .... , , , ,>>>>BBBBHKKKK KKKK ....2222            .    ' ' ' ' R 8 8 8 8  K K K K       J@J@J@J@X=@=@=@=@~     &7777 >>>>1111 9999 >>>> ==== @@@@     8888     ----     (1(1(1(1T99994   1111.9999GGGG ? ? ? ?2 2 2 2 h,,,,\ 4 4 4 4,2B2B2B2Bh A A A AAAAA,(B(B(B(BT8888====      "))^)&&&&Bn<n<n<n<`    &'''' 5<5<5<5r?r@ namedtuplerArErMrrrrIrJrKr;sh #""""" %%%%%%$$$$$$$$BBBBBBBB555555GGGGGGBBBBBBGFFFFF888888@@@@@@@@HHHHHH                                                                       =<<<<<$[ #L5*2E F F         QQQQQQQQh82JJJJ '))rJ