HEX
Server: Apache
System: Linux scp1.abinfocom.com 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64
User: confeduphaar (1010)
PHP: 8.1.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /lib/python3/dist-packages/cryptography/hazmat/backends/openssl/__pycache__/
Upload Files
File: //lib/python3/dist-packages/cryptography/hazmat/backends/openssl/__pycache__/backend.cpython-38.pyc
U

�e�]�{�@s�ddlmZmZmZddlZddlZddlZddlZddlmZddl	Z	ddl
mZddlm
Z
mZddlmZmZddlmZmZmZmZmZddlmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%dd	l&m'Z'dd
l(m)Z)ddl*m+Z+ddl,m-Z-dd
l.m/Z/m0Z0m1Z1m2Z2ddl3m4Z4m5Z5m6Z6ddl7m8Z8m9Z9ddl:m;Z;m<Z<ddl=m>Z>m?Z?m@Z@ddlAmBZBmCZCmDZDmEZEmFZFmGZGmHZHmIZImJZJddlKmLZLddlMmNZNddlOmPZPmQZQddlRmSZSmTZTddlUmVZVmWZWddlXmYZYmZZZddl[m\Z\m]Z]ddl^m_Z_m`Z`maZambZbddlcmdZdddlemfZfmgZgddlhmiZimjZjmkZkmlZlmmZmddlnmoZompZpmqZqmrZrddlsmtZtmuZumvZvmwZwmxZxmyZymzZzm{Z{m|Z|dd l}m~Z~mZm�Z�m�Z�m�Z�m�Z�m�Z�m�Z�dd!l�m�Z�dd"l�m�Z�dd#l�m�Z�e��d$d%d&g�Z�e
��e�e
��e�e
��e�e
��e�e
��e�e
��e�e
��e �e
��e�e
��e!�e
��e#�e
��e"�e
��e%�e
��ed���j�j�e$�Gd'd(�d(e���������������Z�Gd)d*�d*e��Z�d+d,�Z�e��Z�dS)-�)�absolute_import�division�print_functionN)�contextmanager��range)�utils�x509)�UnsupportedAlgorithm�_Reasons)�INTEGER�NULL�SEQUENCE�
encode_der�encode_der_integer)
�CMACBackend�
CipherBackend�DERSerializationBackend�	DHBackend�
DSABackend�EllipticCurveBackend�HMACBackend�HashBackend�PBKDF2HMACBackend�PEMSerializationBackend�
RSABackend�
ScryptBackend�X509Backend)�aead)�_CipherContext��_CMACContext)�_CRL_ENTRY_REASON_ENUM_TO_CODE)�
_DHParameters�
_DHPrivateKey�_DHPublicKey�_dh_params_dup)�_DSAParameters�_DSAPrivateKey�
_DSAPublicKey)�_EllipticCurvePrivateKey�_EllipticCurvePublicKey)�_Ed25519PrivateKey�_Ed25519PublicKey)�_ED448_KEY_SIZE�_Ed448PrivateKey�_Ed448PublicKey)	�$_CRL_ENTRY_EXTENSION_ENCODE_HANDLERS�_CRL_EXTENSION_ENCODE_HANDLERS�_EXTENSION_ENCODE_HANDLERS�)_OCSP_BASICRESP_EXTENSION_ENCODE_HANDLERS�'_OCSP_REQUEST_EXTENSION_ENCODE_HANDLERS�_encode_asn1_int_gc�_encode_asn1_str_gc�_encode_name_gc�_txt2obj_gc��_HashContext��_HMACContext)�_OCSPRequest�
_OCSPResponse)�_POLY1305_KEY_SIZE�_Poly1305Context)�_RSAPrivateKey�
_RSAPublicKey)�_X25519PrivateKey�_X25519PublicKey)�_X448PrivateKey�_X448PublicKey)�_Certificate�_CertificateRevocationList�_CertificateSigningRequest�_RevokedCertificate)�binding)�hashes�
serialization)�dsa�ec�ed25519�ed448�rsa)�MGF1�OAEP�PKCS1v15�PSS)	�AES�ARC4�Blowfish�CAST5�Camellia�ChaCha20�IDEA�SEED�	TripleDES)�CBC�CFB�CFB8�CTR�ECB�GCM�OFB�XTS)�scrypt)�ssh)�ocsp�
_MemoryBIO�bioZchar_ptrc@sveZdZdZdZdd�Zdd�Zdd�Zej	d	d
��Z
dd�Zd
d�Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd �Zd!d"�Zd#d$�Zd%d&�Zd'd(�Zd)d*�Zd+d,�Zd-d.�Zd/d0�Z�dd2d3�Zd4d5�Zd6d7�Z d8d9�Z!d:d;�Z"d<d=�Z#d>d?�Z$d@dA�Z%dBdC�Z&dDdE�Z'dFdG�Z(dHdI�Z)dJdK�Z*dLdM�Z+dNdO�Z,dPdQ�Z-dRdS�Z.dTdU�Z/dVdW�Z0dXdY�Z1dZd[�Z2d\d]�Z3d^d_�Z4d`da�Z5dbdc�Z6ddde�Z7dfdg�Z8dhdi�Z9djdk�Z:dldm�Z;dndo�Z<dpdq�Z=drds�Z>dtdu�Z?dvdw�Z@dxdy�ZAdzd{�ZBd|d}�ZCd~d�ZDd�d��ZEd�d��ZFd�d��ZGd�d��ZHd�d��ZId�d��ZJd�d��ZKd�d��ZLd�d��ZMd�d��ZNd�d��ZOd�d��ZPd�d��ZQd�d��ZRd�d��ZSd�d��ZTd�d��ZUd�d��ZVd�d��ZWd�d��ZXd�d��ZYd�d��ZZd�d��Z[d�d��Z\d�d��Z]d�d��Z^d�d��Z_d�d��Z`e	d�d���Zad�d��Zbd�d��Zcd�d��Zdd�d��Zed�dÄZfd�dńZgd�dDŽZhd�dɄZid�d˄Zjd�d̈́Zkd�dτZld�dфZmd�dӄZnd�dՄZo�dd�dׄZpd�dلZqd�dۄZrd�d݄Zsd�d߄Ztd�d�Zud�d�Zvd�d�Zwd�d�Zxd�d�Zyd�d�Zzd�d�Z{d�d�Z|d�d�Z}d�d�Z~d�d��Zd�d��Z�d�d��Z�d�d��Z�d�d��Z�d�d��Z��d�d�Z�ej	�d�d��Z��d�d�Z�ej	�d�d��Z��d�d	�Z��d
�d�Z��d�d
�Z�d1S(�Backendz)
    OpenSSL API binding interfaces.
    ZopensslcCs\t��|_|jj|_|jj|_i|_|��|�	�|jj
g|_|jjrX|j�
|jj�dS�N)rL�BindingZ_bindingZffi�_ffi�lib�_lib�_cipher_registry�_register_default_ciphers�activate_osrandom_engineZEVP_PKEY_DH�	_dh_types�Cryptography_HAS_EVP_PKEY_DHX�appendZEVP_PKEY_DHX��self�r|�N/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/backend.py�__init__vs


zBackend.__init__cCst�|j|�Sro)rLZ_openssl_assertrs)r{�okr|r|r}�openssl_assert�szBackend.openssl_assertcCsf|jjrb|j��}||jjkrb|j�|�|j�|jj�}|�|dk�|j�|�}|�|dk�dS�N�)	rs�Cryptography_HAS_ENGINEZENGINE_get_default_RANDrqr
ZENGINE_unregister_RAND�RAND_set_rand_methodr��
ENGINE_finish�r{�e�resr|r|r}�activate_builtin_random�s
zBackend.activate_builtin_randomc
cs�|j�|jj�}|�||jjk�|j�|�}|�|dk�z
|VW5|j�|�}|�|dk�|j�|�}|�|dk�XdSr�)	rsZENGINE_by_idZCryptography_osrandom_engine_idr�rqr
ZENGINE_initZENGINE_freer�r�r|r|r}�_get_osurandom_engine�s
zBackend._get_osurandom_enginec	Cs`|jjr\|��|��� }|j�|�}|�|dk�W5QRX|j�|jj�}|�|dk�dSr�)	rsr�r�r�ZENGINE_set_default_RANDr�r�rqr
r�r|r|r}rv�s
z Backend.activate_osrandom_enginec	Cs`|j�dd�}|���2}|j�|dt|�||jjd�}|�|dk�W5QRX|j�|��	d�S)N�char[]�@sget_implementationr�ascii)
rq�newr�rsZENGINE_ctrl_cmd�lenr
r��string�decode)r{�bufr�r�r|r|r}�osrandom_engine_implementation�s

�z&Backend.osrandom_engine_implementationcCs|j�|j�|jj���d�S)z�
        Friendly string name of the loaded OpenSSL library. This is not
        necessarily the same version as it was compiled against.

        Example: OpenSSL 1.0.1e 11 Feb 2013
        r�)rqr�rsZOpenSSL_versionZOPENSSL_VERSIONr�rzr|r|r}�openssl_version_text�s
��zBackend.openssl_version_textcCs
|j��Sro)rsZOpenSSL_version_numrzr|r|r}�openssl_version_number�szBackend.openssl_version_numbercCst|||�Sror<)r{�key�	algorithmr|r|r}�create_hmac_ctx�szBackend.create_hmac_ctxcCsL|jdks|jdkr0d�|j|jd��d�}n|j�d�}|j�|�}|S)NZblake2bZblake2sz{}{}�r�)�name�formatZdigest_size�encodersZEVP_get_digestbyname)r{r�Zalg�evp_mdr|r|r}�_evp_md_from_algorithm�s��zBackend._evp_md_from_algorithmcCs |�|�}|�||jjk�|Sro)r�r�rqr
�r{r�r�r|r|r}�_evp_md_non_null_from_algorithm�s
z'Backend._evp_md_non_null_from_algorithmcCs|�|�}||jjkSro)r�rqr
r�r|r|r}�hash_supported�s
zBackend.hash_supportedcCs
|�|�Sro�r��r{r�r|r|r}�hmac_supported�szBackend.hmac_supportedcCs
t||�Sror:r�r|r|r}�create_hash_ctx�szBackend.create_hash_ctxcCsJz|jt|�t|�f}Wntk
r0YdSX||||�}|jj|kS�NF)rt�type�KeyErrorrqr
)r{�cipher�mode�adapter�
evp_cipherr|r|r}�cipher_supported�szBackend.cipher_supportedcCs0||f|jkrtd�||���||j||f<dS)Nz"Duplicate registration for: {} {}.)rt�
ValueErrorr�)r{�
cipher_cls�mode_clsr�r|r|r}�register_cipher_adapter�s�zBackend.register_cipher_adaptercCs@tttttttfD]}|�t|t	d��qtttttfD]}|�t
|t	d��q8ttttfD]}|�t|t	d��q\|�ttt	d��ttttfD]}|�t|t	d��q�ttttfD]}|�t
|t	d��q�t�ttgttttg�D]\}}|�||t	d��q�|�ttd�t	d��|�ttd�t	d��|�ttt�dS)	Nz+{cipher.name}-{cipher.key_size}-{mode.name}zdes-ede3-{mode.name}zdes-ede3zbf-{mode.name}zseed-{mode.name}z{cipher.name}-{mode.name}Zrc4Zchacha20)rardrergrbrcrfr�rX�GetCipherByNamer\r`rZr_�	itertools�productr[r^rYr�r]rh�_get_xts_cipher)r{r�r�r|r|r}ru�sn������
����z!Backend._register_default_cipherscCst|||tj�Sro)rZ_ENCRYPT�r{r�r�r|r|r}�create_symmetric_encryption_ctx.sz'Backend.create_symmetric_encryption_ctxcCst|||tj�Sro)rZ_DECRYPTr�r|r|r}�create_symmetric_decryption_ctx1sz'Backend.create_symmetric_decryption_ctxcCs
|�|�Sro)r�r�r|r|r}�pbkdf2_hmac_supported4szBackend.pbkdf2_hmac_supportedc

Csh|j�d|�}|�|�}|j�|�}|j�|t|�|t|�||||�}	|�|	dk�|j�|�dd�S)N�unsigned char[]r�)	rqr�r��from_bufferrsZPKCS5_PBKDF2_HMACr�r��buffer)
r{r��length�saltZ
iterations�key_materialr�r��key_material_ptrr�r|r|r}�derive_pbkdf2_hmac7s
�
zBackend.derive_pbkdf2_hmaccCst�|j�Sro)rL�_consume_errorsrsrzr|r|r}r�IszBackend._consume_errorscCs�||jjkst�tjs~|j�|�}|j�d|�}|j�||�}|�	|dk�t
�|j�|�d|�d�}|j�
|�rz|}|S|j�|�}|�	||jjk�|j�|�}|j�|�t
|d�SdS)Nr�r�big�)rqr
�AssertionError�six�PY2rsZBN_num_bytesr�Z	BN_bn2binr��int�
from_bytesr�ZBN_is_negativeZ	BN_bn2hexr��OPENSSL_free)r{�bnZbn_num_bytesZbin_ptrZbin_len�valZ	hex_cdataZhex_strr|r|r}�
_bn_to_intLszBackend._bn_to_intNcCs�|dks||jjkst�|dkr(|jj}tjst|�t|��dd�d�}|j�	|t
|�|�}|�||jjk�|St|��
d�dd��d�}|j�d�}||d	<|j�||�}|�|d	k�|�|d	|jjk�|d	SdS)
a

        Converts a python integer to a BIGNUM. The returned BIGNUM will not
        be garbage collected (to support adding them to structs that take
        ownership of the object). Be sure to register it for GC if it will
        be discarded after use.
        Ng @r�r��L�r��	BIGNUM **r)rqr
r�r�r��to_bytesr��
bit_lengthrsZ	BN_bin2bnr�r��hex�rstripr�r�Z	BN_hex2bn)r{�numr��binaryZbn_ptrZhex_numr�r|r|r}�
_int_to_bnbszBackend._int_to_bncCs�t�||�|j��}|�||jjk�|j�||jj�}|�	|�}|j�||jj
�}|j�||||jj�}|�|dk�|�|�}t
|||�Sr�)rSZ_verify_rsa_parametersrs�RSA_newr�rqr
�gc�RSA_freer��BN_freeZRSA_generate_key_ex�_rsa_cdata_to_evp_pkeyrB)r{�public_exponent�key_size�	rsa_cdatar�r��evp_pkeyr|r|r}�generate_rsa_private_key�s

�
z Backend.generate_rsa_private_keycCs|dko|d@dko|dkS)N�r�r�r|)r{r�r�r|r|r}�!generate_rsa_parameters_supported�s�z)Backend.generate_rsa_parameters_supportedc

CsRt�|j|j|j|j|j|j|jj	|jj
�|j��}|�
||jjk�|j�||jj�}|�|j�}|�|j�}|�|j�}|�|j�}|�|j�}|�|j�}|�|jj	�}	|�|jj
�}
|j�|||�}|�
|dk�|j�||
|	|�}|�
|dk�|j�||||�}|�
|dk�|j�||jj�}|�
|dk�|�|�}t|||�Sr�)rSZ_check_private_key_components�p�q�d�dmp1�dmq1�iqmp�public_numbersr��nrsr�r�rqr
r�r�r�ZRSA_set0_factors�RSA_set0_keyZRSA_set0_crt_paramsZRSA_blinding_onr�rB)
r{�numbersr�r�r�r�r�r�r�r�r�r�r�r|r|r}�load_rsa_private_numbers�s>�


z Backend.load_rsa_private_numberscCs�t�|j|j�|j��}|�||jjk�|j�	||jj
�}|�|j�}|�|j�}|j�||||jj�}|�|dk�|�
|�}t|||�Sr�)rSZ_check_public_key_componentsr�r�rsr�r�rqr
r�r�r�r�r�rC)r{r�r�r�r�r�r�r|r|r}�load_rsa_public_numbers�s

zBackend.load_rsa_public_numberscCs2|j��}|�||jjk�|j�||jj�}|Sro)rsZEVP_PKEY_newr�rqr
r��
EVP_PKEY_free�r{r�r|r|r}�_create_evp_pkey_gc�s
zBackend._create_evp_pkey_gccCs(|��}|j�||�}|�|dk�|Sr�)r�rsZEVP_PKEY_set1_RSAr�)r{r�r�r�r|r|r}r��szBackend._rsa_cdata_to_evp_pkeycCsH|j�|�}|j�|t|��}|�||jjk�t|j�||jj	�|�S)z�
        Return a _MemoryBIO namedtuple of (BIO, char*).

        The char* is the storage for the BIO and it must stay alive until the
        BIO is finished with.
        )
rqr�rsZBIO_new_mem_bufr�r�r
rlr��BIO_free)r{�data�data_ptrrmr|r|r}�
_bytes_to_bio�s�zBackend._bytes_to_biocCsP|j��}|�||jjk�|j�|�}|�||jjk�|j�||jj�}|S)z.
        Creates an empty memory BIO.
        )rsZ	BIO_s_memr�rqr
ZBIO_newr�r�)r{Z
bio_methodrmr|r|r}�_create_mem_bio_gc�s
zBackend._create_mem_bio_gccCs\|j�d�}|j�||�}|�|dk�|�|d|jjk�|j�|d|�dd�}|S)zE
        Reads a memory BIO. This only works on memory BIOs.
        zchar **rN)rqr�rsZBIO_get_mem_datar�r
r�)r{rmr�Zbuf_len�bio_datar|r|r}�
_read_mem_bio�szBackend._read_mem_biocCs�|j�|�}||jjkrT|j�|�}|�||jjk�|j�||jj�}t	|||�S||jj
kr�|j�|�}|�||jjk�|j�||jj�}t
|||�S||jjkr�|j�|�}|�||jjk�|j�||jj�}t|||�S||jk�r,|j�|�}|�||jjk�|j�||jj�}t|||�S|t|jdd�k�rJt||�S|t|jdd�k�rht||�S|t|jdd�k�r�t||�S|t|jdd�k�r�t||�Std��dS)zd
        Return the appropriate type of PrivateKey given an evp_pkey cdata
        pointer.
        �EVP_PKEY_ED25519N�
EVP_PKEY_X448�EVP_PKEY_X25519�EVP_PKEY_ED448�Unsupported key type.)rs�EVP_PKEY_id�EVP_PKEY_RSA�EVP_PKEY_get1_RSAr�rqr
r�r�rB�EVP_PKEY_DSA�EVP_PKEY_get1_DSA�DSA_freer(�EVP_PKEY_EC�EVP_PKEY_get1_EC_KEY�EC_KEY_freer*rw�EVP_PKEY_get1_DH�DH_freer$�getattrr,rFrDr/r
�r{r��key_typer��	dsa_cdata�ec_cdata�dh_cdatar|r|r}�_evp_pkey_to_private_key�s<



z Backend._evp_pkey_to_private_keycCs�|j�|�}||jjkrT|j�|�}|�||jjk�|j�||jj�}t	|||�S||jj
kr�|j�|�}|�||jjk�|j�||jj�}t
|||�S||jjkr�|j�|�}|�||jjk�|j�||jj�}t|||�S||jk�r,|j�|�}|�||jjk�|j�||jj�}t|||�S|t|jdd�k�rJt||�S|t|jdd�k�rht||�S|t|jdd�k�r�t||�S|t|jdd�k�r�t||�Std��dS)zc
        Return the appropriate type of PublicKey given an evp_pkey cdata
        pointer.
        r�Nr�r�r�r�)rsrrrr�rqr
r�r�rCrrrr)rrrr+rwr	r
r%rr-rGrEr0r
rr|r|r}�_evp_pkey_to_public_key"s<



zBackend._evp_pkey_to_public_keycCs6|jjr&t|tjtjtjtjtjf�St|tj�SdSro)	rsZCryptography_HAS_RSA_OAEP_MD�
isinstancerMZSHA1ZSHA224ZSHA256ZSHA384ZSHA512r�r|r|r}�_oaep_hash_supportedMs��
zBackend._oaep_hash_supportedcCs�t|t�rdSt|t�r2t|jt�r2|�|jj�St|t�r�t|jt�r�|�|jj�o�|�|j�o�|j	dkp�t
|j	�dkp�|jjdkSdSdS)NTrr�F)
rrVrWZ_mgfrTr��
_algorithmrUrZ_labelr�rsZCryptography_HAS_RSA_OAEP_LABEL)r{Zpaddingr|r|r}�rsa_padding_supported[s

�
�	zBackend.rsa_padding_supportedc	Cs~|dkrtd��|j��}|�||jjk�|j�||jj�}|j�|||jjd|jj|jj|jj�}|�|dk�t	||�S)N)iiiz+Key size must be 1024 or 2048 or 3072 bits.rr�)
r�rs�DSA_newr�rqr
r�rZDSA_generate_parameters_exr')r{r��ctxr�r|r|r}�generate_dsa_parametersls 
�zBackend.generate_dsa_parameterscCsT|j�|j�}|�||jjk�|j�||jj�}|j�|�|�	|�}t
|||�Sro)rsZ
DSAparams_dupZ
_dsa_cdatar�rqr
r�rZDSA_generate_key�_dsa_cdata_to_evp_pkeyr()r{�
parametersrr�r|r|r}�generate_dsa_private_key}s
z Backend.generate_dsa_private_keycCs|�|�}|�|�Sro)rr)r{r�rr|r|r}�'generate_dsa_private_key_and_parameters�s
z/Backend.generate_dsa_private_key_and_parameterscCsB|j�||||�}|�|dk�|j�|||�}|�|dk�dSr�)rs�DSA_set0_pqgr�ZDSA_set0_key)r{rr�r��g�pub_key�priv_keyr�r|r|r}�_dsa_cdata_set_values�szBackend._dsa_cdata_set_valuesc
Cs�t�|�|jj}|j��}|�||jjk�|j�	||jj
�}|�|j�}|�|j
�}|�|j�}|�|jj�}|�|j�}|�||||||�|�|�}	t|||	�Sro)rOZ_check_dsa_private_numbersr��parameter_numbersrsrr�rqr
r�rr�r�r�r�y�xr"rr()
r{r�r#rr�r�rr r!r�r|r|r}�load_dsa_private_numbers�s


z Backend.load_dsa_private_numbersc	Cs�t�|j�|j��}|�||jjk�|j�||jj	�}|�
|jj�}|�
|jj�}|�
|jj
�}|�
|j�}|jj}|�||||||�|�|�}t|||�Sro)rO�_check_dsa_parametersr#rsrr�rqr
r�rr�r�r�rr$r"rr))	r{r�rr�r�rr r!r�r|r|r}�load_dsa_public_numbers�s

zBackend.load_dsa_public_numberscCs�t�|�|j��}|�||jjk�|j�||jj�}|�	|j
�}|�	|j�}|�	|j�}|j�
||||�}|�|dk�t||�Sr�)rOr'rsrr�rqr
r�rr�r�r�rrr')r{r�rr�r�rr�r|r|r}�load_dsa_parameter_numbers�s

z"Backend.load_dsa_parameter_numberscCs(|��}|j�||�}|�|dk�|Sr�)r�rsZEVP_PKEY_set1_DSAr�)r{rr�r�r|r|r}r�szBackend._dsa_cdata_to_evp_pkeycCs
|�|�Sror�r�r|r|r}�dsa_hash_supported�szBackend.dsa_hash_supportedcCsdS)NTr|)r{r�r�rr|r|r}�dsa_parameters_supported�sz Backend.dsa_parameters_supportedcCs|�|td|j��S)N�)r�raZ
block_sizer�r|r|r}�cmac_algorithm_supported�s�z Backend.cmac_algorithm_supportedcCs
t||�Sror r�r|r|r}�create_cmac_ctx�szBackend.create_cmac_ctxc
s�t|tj�std��t|tjtjf�r8|dk	rntd��n6t|t	j
�sNtd��n t|t	j�rnt|tj
�sntd����||�}�j��}��|�jjk��j�|�jj�}�j�|tjjj�}��|dk��j�|t�|j��}��|dk�|��}�j�||j�}��|dk��j� �}��|�jjk��j�|�fdd��}�j!|j"t#|�jj$dd	��j�%||�}��|dk��j�&||j|�}|d
k�rƈ�'�}	��|	d
�(�jj)�jj*��td��t+�|�S)N�Builder type mismatch.�8algorithm must be None when signing via ed25519 or ed448�.Algorithm must be a registered hash algorithm.z5MD5 is not a supported hash algorithm for EC/DSA CSRsr�cs�j�|�j��jjd��S)N�X509_EXTENSION_free)rsZsk_X509_EXTENSION_pop_freerq�	addressof�
_original_lib)r%rzr|r}�<lambda>s��z)Backend.create_x509_csr.<locals>.<lambda>F��
extensions�handlers�x509_obj�add_funcr�r�Digest too big for RSA key),rr	Z CertificateSigningRequestBuilder�	TypeErrorrQ�Ed25519PrivateKeyrR�Ed448PrivateKeyr�rM�
HashAlgorithm�MD5rS�
RSAPrivateKey�_evp_md_x509_null_if_eddsarsZX509_REQ_newr�rqr
r��
X509_REQ_freeZX509_REQ_set_versionZVersionZv1�valueZX509_REQ_set_subject_namer8�
_subject_name�
public_keyZX509_REQ_set_pubkey�	_evp_pkeyZsk_X509_EXTENSION_new_null�_create_x509_extensions�_extensionsr3Zsk_X509_EXTENSION_insertZX509_REQ_add_extensionsZ
X509_REQ_signr��_lib_reason_match�ERR_LIB_RSA� RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEYrJ)
r{�builder�private_keyr�r��x509_reqr�rFZsk_extension�errorsr|rzr}�create_x509_csr�s�
��

�
��

��

�
��
��zBackend.create_x509_csrc	Cs�t|tj�std��t|tjtjf�r8|dk	rLtd��nt|t	j
�sLtd��t|t	j�rlt|tj
�sltd��|�||�}|j��}|j�|tjj�}|j�||jj�}|�|dk�|j�|t||j��}|�|dk�|j�||jj�}|�|dk�t||j �}|j�!||�}|�|dk�|�"|j�#|�|j$�|�"|j�%|�|j&�|j'|j(t)||jj*dd�|j�+|t||j,��}|�|dk�|j�-||j|�}|dk�r�|�.�}|�|d�/|jj0|jj1��td	��t2||�S)
Nr/r0r1z8MD5 is only (reluctantly) supported for RSA certificatesr�Tr6rr;)3rr	ZCertificateBuilderr<rQr=rRr>r�rMr?r@rSrArBrsZX509_newrqr��backend�	X509_freeZX509_set_versionZ_versionrDr�ZX509_set_subject_namer8rEZX509_set_pubkeyZ_public_keyrGr6�_serial_numberZX509_set_serialNumber�_set_asn1_timeZX509_getm_notBeforeZ_not_valid_beforeZX509_getm_notAfterZ_not_valid_afterrHrIr3ZX509_add_extZX509_set_issuer_name�_issuer_nameZ	X509_signr�rJrKrLrH)	r{rMrNr�r�Z	x509_certr��
serial_numberrPr|r|r}�create_x509_certificate+s�
��
�
��

��
�
��	
��
��zBackend.create_x509_certificatecCs(t|tjtjf�r|jjS|�|�SdSro)rrQr=rRr>rqr
r�)r{rNr�r|r|r}rB�s

�z"Backend._evp_md_x509_null_if_eddsacCsL|jdkr|�d��d�}n|�d��d�}|j�||�}|�|dk�dS)Niz
%Y%m%d%H%M%SZr�z
%y%m%d%H%M%SZr�)Zyear�strftimer�rsZASN1_TIME_set_stringr�)r{�	asn1_time�timeZasn1_strr�r|r|r}rU�s

zBackend._set_asn1_timecCs>|j��}|�||jjk�|j�||jj�}|�||�|Sro)rsZ
ASN1_TIME_newr�rqr
r�ZASN1_TIME_freerU)r{r[rZr|r|r}�_create_asn1_time�s

zBackend._create_asn1_timecCs�t|tj�std��t|tjtjf�r8|dk	rLtd��nt|t	j
�sLtd��t|t	j�rlt|tj
�sltd��|�||�}|j��}|j�|tjj�}|j�|d�}|�|dk�|j�|t||j��}|�|dk�|�|j�}|j�||�}|�|dk�|�|j�}|j�||�}|�|dk�|j|j t!||jj"dd�|j#D]B}	|j�$|	j%�}
|�|
|jj&k�|j�'||
�}|�|dk��qD|j�(||j)|�}|dk�r�|�*�}|�|d�+|jj,|jj-��td	��t.||�S)
Nr/r0r1z5MD5 is not a supported hash algorithm for EC/DSA CRLsr�Tr6rr;)/rr	Z CertificateRevocationListBuilderr<rQr=rRr>r�rMr?r@rSrArBrsZX509_CRL_newrqr�rR�
X509_CRL_freeZX509_CRL_set_versionr�ZX509_CRL_set_issuer_namer8rVr\Z_last_updateZX509_CRL_set_lastUpdate�_next_updateZX509_CRL_set_nextUpdaterHrIr2ZX509_CRL_add_extZ_revoked_certificatesZCryptography_X509_REVOKED_dupZ
_x509_revokedr
ZX509_CRL_add0_revokedZ
X509_CRL_signrGr�rJrKrLrI)r{rMrNr�r��x509_crlr�Zlast_update�next_updateZrevoked_certZrevokedrPr|r|r}�create_x509_crl�s~
��
�
��

��	
��
��zBackend.create_x509_crlc
Csdt|�D]V\}}|�||�}|�||jjk�|rD|j�||jj�}||||�}	|�|	dk�qdSr�)�	enumerate�_create_x509_extensionr�rqr
r�rsr2)
r{r7r8r9r:r��i�	extensionZx509_extensionr�r|r|r}rH�s��zBackend._create_x509_extensionscCs.t||jj�}|j�|jj||jr&dnd|�S)Nr�r)r9�oid�
dotted_stringrsZX509_EXTENSION_create_by_OBJrqr
�critical)r{rerD�objr|r|r}�_create_raw_x509_extension�s�z"Backend._create_raw_x509_extensioncCst|jtj�r(t||jj�}|�||�St|jtj�rfttfdd�|jD���}t||�}|�||�St|jtj	�r�t|tt
��}|�||�Sz||j}Wn$tk
r�t
d�|j���YnX|||j�}|j�|jj�d��}t�||jjk�|j�||j�r
dnd|�SdS)NcSsg|]}ttt|j���qSr|)rrrrD)�.0r%r|r|r}�
<listcomp>s�z2Backend._create_x509_extension.<locals>.<listcomp>zExtension not supported: {}r�r�r)rrDr	ZUnrecognizedExtensionr7rjZ
TLSFeaturerrZ
PrecertPoisonr
rfr��NotImplementedErrorr�rsZOBJ_txt2nidrgr�rRr��	NID_undefZX509V3_EXT_i2drh)r{r8rerDZasn1r�Z
ext_struct�nidr|r|r}rcs@���

�
��zBackend._create_x509_extensioncCs�t|tj�std��|j��}|�||jjk�|j�	||jj
�}t||j�}|j�
||�}|�|dk�|�|j�}|j�||�}|�|dk�|j|jt||jjdd�t|d|�S)Nr/r�Tr6)rr	ZRevokedCertificateBuilderr<rsZX509_REVOKED_newr�rqr
r�ZX509_REVOKED_freer6rTZX509_REVOKED_set_serialNumberr\Z_revocation_dateZX509_REVOKED_set_revocationDaterHrIr1ZX509_REVOKED_add_extrK)r{rMZx509_revokedrWr�Zrev_dater|r|r}�create_x509_revoked_certificate#s,
��z'Backend.create_x509_revoked_certificatecCs|�|jj|j||�Sro)�	_load_keyrsZPEM_read_bio_PrivateKeyr)r{r��passwordr|r|r}�load_pem_private_key<s�zBackend.load_pem_private_keycCs�|�|�}|j�|j|jj|jj|jj�}||jjkrR|j�||jj�}|�|�S|�	�|j�
|j�}|�|dk�|j�|j|jj|jj|jj�}||jjkr�|j�||jj
�}|�|�}t|||�S|��dSr�)r�rsZPEM_read_bio_PUBKEYrmrqr
r�r�rr��	BIO_resetr�ZPEM_read_bio_RSAPublicKeyr�r�rC�_handle_key_loading_error�r{r��mem_bior�r�r�r|r|r}�load_pem_public_keyDs0
�
�
zBackend.load_pem_public_keycCs^|�|�}|j�|j|jj|jj|jj�}||jjkrR|j�||jj�}t||�S|�	�dSro)
r�rsZPEM_read_bio_DHparamsrmrqr
r�r
r#ru)r{r�rwrr|r|r}�load_pem_parameters]s
�
zBackend.load_pem_parameterscCs>|�|�}|�||�}|r$|�|�S|�|jj|j||�SdSro)r��"_evp_pkey_from_der_traditional_keyrrqrsZd2i_PKCS8PrivateKey_bio)r{r�rrr�r�r|r|r}�load_der_private_keyhs

�zBackend.load_der_private_keycCsV|j�|j|jj�}||jjkrF|j�||jj�}|dk	rBtd��|S|��dSdS)N�4Password was given but private key is not encrypted.)	rs�d2i_PrivateKey_biormrqr
r�r�r<r�)r{r�rrr�r|r|r}rz{s�z*Backend._evp_pkey_from_der_traditional_keycCs�|�|�}|j�|j|jj�}||jjkrF|j�||jj�}|�|�S|�	�|j�
|j�}|�|dk�|j�|j|jj�}||jjkr�|j�||jj
�}|�|�}t|||�S|��dSr�)r�rsZd2i_PUBKEY_biormrqr
r�r�rr�rtr�Zd2i_RSAPublicKey_bior�r�rCrurvr|r|r}�load_der_public_key�s"

�
zBackend.load_der_public_keycCs�|�|�}|j�|j|jj�}||jjkrF|j�||jj�}t||�S|jj	r�|�
�|j�|j�}|�|dk�|j�
|j|jj�}||jjkr�|j�||jj�}t||�S|��dSr�)r�rsZd2i_DHparams_biormrqr
r�r
r#rxr�rtr�ZCryptography_d2i_DHxparams_bioru)r{r�rwrr�r|r|r}�load_der_parameters�s(
�
�
zBackend.load_der_parameterscCsb|�|�}|j�|j|jj|jj|jj�}||jjkrF|��td��|j�||jj	�}t
||�S)NzwUnable to load certificate. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details.)r�rsZPEM_read_bio_X509rmrqr
r�r�r�rSrH�r{r�rwr	r|r|r}�load_pem_x509_certificate�s
��z!Backend.load_pem_x509_certificatecCsV|�|�}|j�|j|jj�}||jjkr:|��td��|j�||jj	�}t
||�S)NzUnable to load certificate)r�rsZd2i_X509_biormrqr
r�r�r�rSrHr�r|r|r}�load_der_x509_certificate�s
z!Backend.load_der_x509_certificatecCsb|�|�}|j�|j|jj|jj|jj�}||jjkrF|��td��|j�||jj	�}t
||�S)NzoUnable to load CRL. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details.)r�rsZPEM_read_bio_X509_CRLrmrqr
r�r�r�r]rI�r{r�rwr_r|r|r}�load_pem_x509_crl�s
��zBackend.load_pem_x509_crlcCsV|�|�}|j�|j|jj�}||jjkr:|��td��|j�||jj	�}t
||�S)NzUnable to load CRL)r�rsZd2i_X509_CRL_biormrqr
r�r�r�r]rIr�r|r|r}�load_der_x509_crl�s
zBackend.load_der_x509_crlcCsb|�|�}|j�|j|jj|jj|jj�}||jjkrF|��td��|j�||jj	�}t
||�S)NzsUnable to load request. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details.)r�rsZPEM_read_bio_X509_REQrmrqr
r�r�r�rCrJ�r{r�rwrOr|r|r}�load_pem_x509_csr�s
��zBackend.load_pem_x509_csrcCsV|�|�}|j�|j|jj�}||jjkr:|��td��|j�||jj	�}t
||�S)NzUnable to load request)r�rsZd2i_X509_REQ_biormrqr
r�r�r�rCrJr�r|r|r}�load_der_x509_csr�s
zBackend.load_der_x509_csrc
Cs(|�|�}|j�d�}|dk	rFt�d|�|j�|�}||_t|�|_||j	|jj
|j�|jj
d�|�}||jj
kr�|jdkr�|��}	|�|	�|jdkr�td��q�|jdks�t�td�|jd	���n|��|j�||jj�}|dk	r�|jdkr�td
��|dk	�r|jd	k�s |dk�s t�||�S)NzCRYPTOGRAPHY_PASSWORD_DATA *rrZCryptography_pem_password_cbr���z3Password was not given but private key is encrypted���zAPasswords longer than {} bytes are not supported by this backend.r�r|)r�rqr�r�_check_bytesliker�rrr�r�rmr
r3rsr4�errorr�r�r<r�r�r��maxsizerur�r�Zcalled)
r{Zopenssl_read_funcZconvert_funcr�rrrwZuserdataZpassword_ptrr�rPr|r|r}rqsV

��	


�������zBackend._load_keycs����}|std��n�|d��jj�jj�sF|d��jj�jj�rPtd��n�|d��jj�jj�s�|d��jj	�jj
�r�tdtj
��nLt�fdd�|D��r�td��n,|dj�jj�jj	�jjfks�t�td��dS)NzCould not deserialize key data.rz Bad decrypt. Incorrect password?z0PEM data is encrypted with an unsupported cipherc3s"|]}|��jj�jj�VqdSro)rJrs�ERR_LIB_EVPZ'EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM)rkr�rzr|r}�	<genexpr>Ns
��z4Backend._handle_key_loading_error.<locals>.<genexpr>z!Unsupported public key algorithm.)r�r�rJrsr�ZEVP_R_BAD_DECRYPTZERR_LIB_PKCS12Z!PKCS12_R_PKCS12_CIPHERFINAL_ERRORZEVP_R_UNKNOWN_PBE_ALGORITHMZERR_LIB_PEMZPEM_R_UNSUPPORTED_ENCRYPTIONr
rZUNSUPPORTED_CIPHER�anyrrZERR_LIB_ASN1r�)r{rPr|rzr}ru2sL
����
������
�
z!Backend._handle_key_loading_errorcCs�z|�|�}Wntk
r*|jj}YnX|j�|�}||jjkrz|��}|�||jjkpr|d�	|jj
|jj��dS|�||jjk�|j�|�dSdS)NrFT)
�_elliptic_curve_to_nidr
rsrnZEC_GROUP_new_by_curve_namerqr
r�r�rJZ
ERR_LIB_ECZEC_R_UNKNOWN_GROUPZ
EC_GROUP_free)r{�curve�	curve_nid�grouprPr|r|r}�elliptic_curve_supported_s$��z Backend.elliptic_curve_supportedcCst|tj�sdS|�|�Sr�)rrPZECDSAr�)r{Zsignature_algorithmr�r|r|r}�,elliptic_curve_signature_algorithm_supportedvsz4Backend.elliptic_curve_signature_algorithm_supportedcCs\|�|�rD|�|�}|j�|�}|�|dk�|�|�}t|||�Std�|j	�t
j��dS)z@
        Generate a new private key on the named curve.
        r�z#Backend object does not support {}.N)r��_ec_key_new_by_curversZEC_KEY_generate_keyr��_ec_cdata_to_evp_pkeyr*r
r�r�r�UNSUPPORTED_ELLIPTIC_CURVE)r{r�rr�r�r|r|r}�#generate_elliptic_curve_private_keys



�z+Backend.generate_elliptic_curve_private_keycCsp|j}|�|j�}|j�|�|j�|jj�}|j�	||�}|�
|dk�|�||j|j
�}|�|�}t|||�Sr�)r�r�r�rqr�r��
private_valuers�
BN_clear_free�EC_KEY_set_private_keyr��)_ec_key_set_public_key_affine_coordinatesr%r$r�r*)r{r�Zpublicrr�r�r�r|r|r}�#load_elliptic_curve_private_numbers�s
��
z+Backend.load_elliptic_curve_private_numberscCs4|�|j�}|�||j|j�}|�|�}t|||�Sro)r�r�r�r%r$r�r+)r{r�rr�r|r|r}�"load_elliptic_curve_public_numbers�s�
z*Backend.load_elliptic_curve_public_numbersc		Cs�|�|�}|j�|�}|�||jjk�|j�|�}|�||jjk�|j�||jj�}|�	��6}|j�
|||t|�|�}|dkr�|��t
d��W5QRX|j�||�}|�|dk�|�|�}t|||�S)Nr�z(Invalid public bytes for the given curve)r�rs�EC_KEY_get0_groupr�rqr
�EC_POINT_newr��
EC_POINT_free�_tmp_bn_ctxZEC_POINT_oct2pointr�r�r��EC_KEY_set_public_keyr�r+)	r{r�Zpoint_bytesrr��point�bn_ctxr�r�r|r|r}� load_elliptic_curve_public_bytes�s*

�
z(Backend.load_elliptic_curve_public_bytesc	CsD|�|�}|�|�\}}|j�|�}|�||jjk�|j�||jj�}|�	|�}|j�||jj
�}|���h}|j�||||jj|jj|�}	|�|	dk�|j�
|�}
|j�
|�}||||
||�}	|�|	dk�W5QRX|j�||�}	|�|	dk�|�	|�}|j�||jj
�}|j�||�}	|�|	dk�|�|�}
t|||
�Sr�)r�� _ec_key_determine_group_get_funcrsr�r�rqr
r�r�r�r�r�ZEC_POINT_mulZ
BN_CTX_getr�r�r�r*)r{r�r�r�get_funcr�r�rDr�r�Zbn_xZbn_yZprivater�r|r|r}�!derive_elliptic_curve_private_key�s2


�

z)Backend.derive_elliptic_curve_private_keycCs:|�|�}|j�|�}|�||jjk�|j�||jj�Sro)r�rsZEC_KEY_new_by_curve_namer�rqr
r�r)r{r�r�rr|r|r}r��s
zBackend._ec_key_new_by_curvecCsV|�|�}|j�|j|jj�}||jjkr:|��td��|j�||jj	�}t
||�S)NzUnable to load OCSP request)r�rsZd2i_OCSP_REQUEST_biormrqr
r�r�r��OCSP_REQUEST_freer>)r{r�rwZrequestr|r|r}�load_der_ocsp_request�s
zBackend.load_der_ocsp_requestcCsV|�|�}|j�|j|jj�}||jjkr:|��td��|j�||jj	�}t
||�S)NzUnable to load OCSP response)r�rsZd2i_OCSP_RESPONSE_biormrqr
r�r�r��OCSP_RESPONSE_freer?)r{r�rwZresponser|r|r}�load_der_ocsp_response�s
zBackend.load_der_ocsp_responsec	Cs�|j��}|�||jjk�|j�||jj�}|j\}}}|�|�}|j�	||j
|j
�}|�||jjk�|j�||�}|�||jjk�|j|j
t||jjdd�t||�S)NTr6)rsZOCSP_REQUEST_newr�rqr
r�r�Z_requestr��OCSP_cert_to_id�_x509ZOCSP_request_add0_idrHrIr5ZOCSP_REQUEST_add_extr>)	r{rMZocsp_req�certZissuerr�r��certidZonereqr|r|r}�create_ocsp_request�s*

��zBackend.create_ocsp_requestc	Cs|j��}|�||jjk�|j�||jj�}|�|jj	�}|j�
||jjj|jj
j�}|�||jjk�|j�||jj�}|jjdkr�d}nt|jj}|jjdkr�|jj}n|�|jj�}|jj}	|jjdk	r�|�|jj�}	|�|jj�}
|j�|||jjj|||
|	�}|�||jjk�|�||�}|j\}}
|jj}|
tjjk�rV||jjO}|jdk	�r�|jD]$}|j� ||j�}|�|dk��qh|j!|j"t#||jj$dd�|j�%||j|j&||jj|�}|dk�r�|�'�}|�|d�(|jj)|jj*��t+d��|S)Nr�r�Tr6rz,responder_cert must be signed by private_key),rsZOCSP_BASICRESP_newr�rqr
r�ZOCSP_BASICRESP_freer�Z	_responserr�Z_certr�Z_issuerZOCSP_CERTID_freeZ_revocation_reasonr"Z_revocation_timer\r^Z_this_updateZOCSP_basic_add1_statusZ_cert_statusrDrBZ
_responder_idZOCSP_NOCERTSrkZOCSPResponderEncodingZHASHZOCSP_RESPID_KEYZ_certsZOCSP_basic_add1_certrHrIr4ZOCSP_BASICRESP_add_extZOCSP_basic_signrGr�rJZERR_LIB_X509ZX509_R_KEY_VALUES_MISMATCHr�)r{rMrNr��basicr�r��reasonZrev_timer`Zthis_updater�Zresponder_certZresponder_encoding�flagsr�rPr|r|r}�_create_ocsp_basic_responses�
���
���	

��
��z#Backend._create_ocsp_basic_responsecCsb|tjjkr|�|||�}n|jj}|j�|j|�}|�	||jjk�|j�
||jj�}t||�Sro)
rkZOCSPResponseStatusZ
SUCCESSFULr�rqr
rsZOCSP_response_createrDr�r�r�r?)r{Zresponse_statusrMrNr�r�Z	ocsp_respr|r|r}�create_ocsp_responsebs��zBackend.create_ocsp_responsecCs|�|�ot|tj�Sro)r�rrPZECDH)r{r�r�r|r|r}�+elliptic_curve_exchange_algorithm_supportedrs

�z3Backend.elliptic_curve_exchange_algorithm_supportedcCs(|��}|j�||�}|�|dk�|Sr�)r�rsZEVP_PKEY_set1_EC_KEYr�)r{rr�r�r|r|r}r�xszBackend._ec_cdata_to_evp_pkeycCsNddd�}|�|j|j�}|j�|���}||jjkrJtd�|j�tj	��|S)z/
        Get the NID for a curve name.
        Z
prime192v1Z
prime256v1)Z	secp192r1Z	secp256r1z${} is not a supported elliptic curve)
�getr�rs�
OBJ_sn2nidr�rnr
r�rr�)r{r�Z
curve_aliases�
curve_namer�r|r|r}r�~s�
�zBackend._elliptic_curve_to_nidc	csX|j��}|�||jjk�|j�||jj�}|j�|�z
|VW5|j�|�XdSro)	rsZ
BN_CTX_newr�rqr
r�ZBN_CTX_freeZBN_CTX_startZ
BN_CTX_end)r{r�r|r|r}r��s

zBackend._tmp_bn_ctxcCs�|�||jjk�|j�d�}|�||jjk�|j�|�}|�||jjk�|j�|�}|�||jjk�|j�|�}|�||jjk�||kr�|jj	r�|jj
}n|jj}|s�t�||fS)zu
        Given an EC_KEY determine the group and what function is required to
        get point coordinates.
        scharacteristic-two-field)
r�rqr
rsr�rnr�ZEC_GROUP_method_ofZEC_METHOD_get_field_typeZCryptography_HAS_EC2MZ$EC_POINT_get_affine_coordinates_GF2mZ#EC_POINT_get_affine_coordinates_GFpr�)r{rZ
nid_two_fieldr��methodror�r|r|r}r��s
z(Backend._ec_key_determine_group_get_funccCst|dks|dkrtd��|j�|�|�|jj�}|j�|�|�|jj�}|j�|||�}|dkrp|��td��|S)zg
        Sets the public key point in the EC_KEY context to the affine x and y
        values.
        rz2Invalid EC key. Both x and y must be non-negative.r�zInvalid EC key.)r�rqr�r�rsr�Z(EC_KEY_set_public_key_affine_coordinatesr�)r{rr%r$r�r|r|r}r��s�z1Backend._ec_key_set_public_key_affine_coordinatescCs�t|tj�std��|tjjkr(td��|tjjkr<td��|tjjkrPtd��t|tj�sdtd��t|tj	�r�d}d}|j
j}n@t|tj�r�|j
�d�}|j}t|�}|d	kr�td
��ntd��|j
�|�}	|tjjk�rX|tjjkr�|j
j}
|}n`|tjjk�st�|	|j
jk�r |j
j}
n2|	|j
jk�r8|j
j}
n|	|j
jk�sJt�|j
j}
|}nf|tjjk�r�|tjjk�r�t|tj	��s�td��|�|	|�S|tjjk�s�t�|j
j}
|}ntd
��|� �}|
||||||j
j|j
j�}
|�!|
dk�|�"|�S)Nz2format must be an item from the PrivateFormat enumz-X9.62 format is only valid for EC public keys�/raw format is invalid with this key or encoding�/raw encoding is invalid with this key or formatzBEncryption algorithm must be a KeySerializationEncryption instance�rsaes-256-cbci�zBPasswords longer than 1023 bytes are not supported by this backendzUnsupported encryption typezDEncryption is not supported for DER encoded traditional OpenSSL keysz-encoding must be Encoding.PEM or Encoding.DERr�)#rrNZ
PrivateFormatr<�Encoding�X962r��RawZKeySerializationEncryptionZNoEncryptionrqr
ZBestAvailableEncryptionrs�EVP_get_cipherbynamerrr�r�PEMZPKCS8ZPEM_write_bio_PKCS8PrivateKeyZTraditionalOpenSSLr�rZPEM_write_bio_RSAPrivateKeyrZPEM_write_bio_DSAPrivateKeyrZPEM_write_bio_ECPrivateKey�DER�"_private_key_bytes_traditional_derZi2d_PKCS8PrivateKey_bior�r�r�)r{�encodingr�Zencryption_algorithmr��cdatarrZpasslenr�r
�	write_bior�rmr�r|r|r}�_private_key_bytes�s����
���

���	zBackend._private_key_bytescCsp||jjkr|jj}n0||jjkr,|jj}n|�||jjk�|jj}|��}|||�}|�|dk�|�	|�Sr�)
rsrZi2d_RSAPrivateKey_biorZi2d_ECPrivateKey_bior�rZi2d_DSAPrivateKey_bior�r�)r{r
r�r�rmr�r|r|r}r�,s


z*Backend._private_key_bytes_traditional_derc	Cslt|tj�std��|tjjtjjfkr0td��|tjjkrDtd��|tjjkrXtd��|tjj	ksp|tjj	kr�|tjj	k	s�|tjj	k	r�td��|�
|�S|tjjkr�|tjjkr�|j
j}n|tjjks�t�|j
j}|}nh|tjjk�r:|j
�|�|j
jk�st�|tjjk�r|j
j}n|tjjk�s,t�|j
j}|}ntd��|��}|||�}|�|dk�|�|�S)N�/encoding must be an item from the Encoding enumz-Point formats are not valid for this key typer�r�z1OpenSSH format must be used with OpenSSH encodingz1format must be an item from the PublicFormat enumr�)rrNr�r<�PublicFormat�UncompressedPointZCompressedPointr�r��OpenSSH�_openssh_public_key_bytesZSubjectPublicKeyInfor�rsZPEM_write_bio_PUBKEYr�r�Zi2d_PUBKEY_bioZPKCS1rrZPEM_write_bio_RSAPublicKeyZi2d_RSAPublicKey_bior�r�r�)	r{r�r�r�r�r�r�rmr�r|r|r}�_public_key_bytes:sT�
�
�
�
��


�
zBackend._public_key_bytescCs�t|tj�r@|��}dt�t�d�t�|j	�t�|j
��St|tj�r�|��}|j
}dt�t�d�t�|j�t�|j�t�|j�t�|j��St|tj�r�|�tjjtjj�}dt�t�d�t�|��St|tj��r~|��}z$tjdtjdtjd	it|j�}Wnt k
�r4t!d
��YnX|�tjj"tjj#�}d|dt�t�d|�t�|�t�|��St!d
��dS)Nsssh-rsa sssh-rsasssh-dss sssh-dsssssh-ed25519 sssh-ed25519snistp256snistp384snistp521zZOnly SECP256R1, SECP384R1, and SECP521R1 curves are supported by the SSH public key formatsecdsa-sha2-� z3OpenSSH encoding is not supported for this key type)$rrSZRSAPublicKeyr��base64Z	b64encoderjZ_ssh_write_stringZ_ssh_write_mpintr�r�rOZDSAPublicKeyr#r�r�rr$rQZEd25519PublicKeyZpublic_bytesrNr�r�r�rPZEllipticCurvePublicKeyZ	SECP256R1Z	SECP384R1Z	SECP521R1r�r�r�r�r�r�)r{r�r�r#Z	raw_bytesr�r�r|r|r}r�ws|
�
��
�
�
�
��
������
�����z!Backend._openssh_public_key_bytescCs�|tjjkrtd��|j�d�}|j�||jj||jj�|tjj	krj|d|jjkr`|jj
}q�|jj}n8|tjjkr�|d|jjkr�|jj
}q�|jj}ntd��|��}|||�}|�|dk�|�|�S)Nz!OpenSSH encoding is not supportedr�rr�r�)rNr�r�r<rqr�rsZDH_get0_pqgr
r�ZPEM_write_bio_DHxparamsZPEM_write_bio_DHparamsr�ZCryptography_i2d_DHxparams_bioZi2d_DHparams_bior�r�r�)r{r�r�r�r�r�rmr�r|r|r}�_parameter_bytes�s.��




zBackend._parameter_bytescCs||dkrtd��|dkr td��|j��}|�||jjk�|j�||jj�}|j�||||jj�}|�|dk�t	||�S)Nr�z%DH key_size must be at least 512 bits)r��zDH generator must be 2 or 5r�)
r�rs�DH_newr�rqr
r�r
ZDH_generate_parameters_exr#)r{�	generatorr�Zdh_param_cdatar�r|r|r}�generate_dh_parameters�s
�zBackend.generate_dh_parameterscCs(|��}|j�||�}|�|dk�|Sr�)r�rsZEVP_PKEY_set1_DHr�)r{rr�r�r|r|r}�_dh_cdata_to_evp_pkey�szBackend._dh_cdata_to_evp_pkeycCs<t|j|�}|j�|�}|�|dk�|�|�}t|||�Sr�)r&Z	_dh_cdatarsZDH_generate_keyr�r�r$)r{rZdh_key_cdatar�r�r|r|r}�generate_dh_private_key�s

zBackend.generate_dh_private_keycCs|�|�||��Sro)r�r�)r{r�r�r|r|r}�&generate_dh_private_key_and_parameters�s
�z.Backend.generate_dh_private_key_and_parameterscCs>|jj}|j��}|�||jjk�|j�||jj�}|�	|j
�}|�	|j�}|jdk	rf|�	|j�}n|jj}|�	|jj
�}|�	|j�}|j�||||�}	|�|	dk�|j�|||�}	|�|	dk�|j�dd�}
|j�||
�}	|�|	dk�|
ddk�r(|jdk�r |
d|jjAdk�s(td��|�|�}t|||�S)Nr��int[]rr�z.DH private numbers did not pass safety checks.)r�r#rsr�r�rqr
r�r
r�r�rr�r$r%�DH_set0_pqg�DH_set0_keyr��Cryptography_DH_checkZDH_NOT_SUITABLE_GENERATORr�r�r$)r{r�r#rr�rr�r r!r��codesr�r|r|r}�load_dh_private_numbers�s8


���
zBackend.load_dh_private_numbersc
Cs�|j��}|�||jjk�|j�||jj�}|j}|�|j	�}|�|j
�}|jdk	rd|�|j�}n|jj}|�|j�}|j�
||||�}|�|dk�|j�|||jj�}|�|dk�|�|�}	t|||	�Sr�)rsr�r�rqr
r�r
r#r�r�rr�r$r�r�r�r%)
r{r�rr#r�rr�r r�r�r|r|r}�load_dh_public_numbers#s 


zBackend.load_dh_public_numberscCs�|j��}|�||jjk�|j�||jj�}|�|j�}|�|j	�}|j
dk	r^|�|j
�}n|jj}|j�||||�}|�|dk�t||�Sr�)
rsr�r�rqr
r�r
r�r�rr�r�r#)r{r�rr�rr�r�r|r|r}�load_dh_parameter_numbers>s

z!Backend.load_dh_parameter_numberscCs�|j��}|�||jjk�|j�||jj�}|�|�}|�|�}|dk	rV|�|�}n|jj}|j�||||�}|�|dk�|j�	dd�}|j�
||�}|�|dk�|ddkS)Nr�r�r)rsr�r�rqr
r�r
r�r�r�r�)r{r�rr�rr�r�r|r|r}�dh_parameters_supportedPs


zBackend.dh_parameters_supportedcCs|jjdkSr�)rsrxrzr|r|r}�dh_x942_serialization_supportedfsz'Backend.dh_x942_serialization_supportedcsxt�|�}�j�d�}�j�||�}��|d�jjk��j�|�fdd��}��|dk��j�|d|�dd�S)Nzunsigned char **rcs�j�|d�S�Nr)rsr�)Zpointerrzr|r}r5or�z)Backend.x509_name_bytes.<locals>.<lambda>)	r8rqr�rsZ
i2d_X509_NAMEr�r
r�r�)r{r�Z	x509_nameZppr�r|rzr}�x509_name_bytesis

�zBackend.x509_name_bytescCsht|�dkrtd��|��}|j�||jj�}t�|dk�|j�||t|��}t�|dk�t	||�S)N� z%An X25519 public key is 32 bytes longr�)
r�r�r�rsZEVP_PKEY_set_type�
NID_X25519rRr�ZEVP_PKEY_set1_tls_encodedpointrE)r{r�r�r�r|r|r}�x25519_load_public_bytests�z Backend.x25519_load_public_bytesc	Cs�t|�dkrtd��d}|�d��<}||dd�<||dd�<|�|�}tj�|j|jj	�}W5QRX|�
||jj	k�|j�||jj�}|�
|j�
|�|jjk�t||�S)Nr�z&An X25519 private key is 32 bytes longs0.0+en" �0rr�)r�r��_zeroed_bytearrayr�rRrsr}rmrqr
r�r�r�rr�rD)r{r�Zpkcs8_prefix�barmr�r|r|r}�x25519_load_private_bytes�s
�z!Backend.x25519_load_private_bytescCs�|j�||jj�}|�||jjk�|j�||jj�}|j�|�}|�|dk�|j�d�}|j�	||�}|�|dk�|�|d|jjk�|j�|d|jj
�}|S)Nr��EVP_PKEY **r)rsZEVP_PKEY_CTX_new_idrqr
r�r�ZEVP_PKEY_CTX_freeZEVP_PKEY_keygen_initr�ZEVP_PKEY_keygenr�)r{roZevp_pkey_ctxr�Z	evp_ppkeyr�r|r|r}�_evp_pkey_keygen_gc�szBackend._evp_pkey_keygen_gccCs|�|jj�}t||�Sro)r�rsr�rDr�r|r|r}�x25519_generate_key�szBackend.x25519_generate_keycCs|jjSro)rsZ#CRYPTOGRAPHY_OPENSSL_110_OR_GREATERrzr|r|r}�x25519_supported�szBackend.x25519_supportedcCs`t|�dkrtd��|j�|jj|jj|t|��}|�||jjk�|j�||jj	�}t
||�S)N�8z#An X448 public key is 56 bytes long)r�r�rs�EVP_PKEY_new_raw_public_key�NID_X448rqr
r�r�r�rG�r{r�r�r|r|r}�x448_load_public_bytes�s�zBackend.x448_load_public_bytescCslt|�dkrtd��|j�|�}|j�|jj|jj|t|��}|�||jjk�|j�	||jj
�}t||�S)Nr�z$An X448 private key is 56 bytes long)r�r�rqr�rs�EVP_PKEY_new_raw_private_keyr�r
r�r�r�rF�r{r�r�r�r|r|r}�x448_load_private_bytes�s�zBackend.x448_load_private_bytescCs|�|jj�}t||�Sro)r�rsr�rFr�r|r|r}�x448_generate_key�szBackend.x448_generate_keycCs
|jjSro)rs�"CRYPTOGRAPHY_OPENSSL_LESS_THAN_111rzr|r|r}�x448_supported�szBackend.x448_supportedcCs
|jjSro�rsZ#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111Brzr|r|r}�ed25519_supported�szBackend.ed25519_supportedcCsnt�d|�t|�tjkr"td��|j�|jj|j	j
|t|��}|�||j	j
k�|j	�||jj
�}t||�S)Nr�z&An Ed25519 public key is 32 bytes long)r�_check_bytesr�rQ�_ED25519_KEY_SIZEr�rsr��NID_ED25519rqr
r�r�r�r-r�r|r|r}�ed25519_load_public_bytes�s�z!Backend.ed25519_load_public_bytescCszt|�tjkrtd��t�d|�|j�|�}|j�	|jj
|jj|t|��}|�||jjk�|j�
||jj�}t||�S)Nz'An Ed25519 private key is 32 bytes longr�)r�rQrr�rr�rqr�rsr�rr
r�r�r�r,r�r|r|r}�ed25519_load_private_bytes�s�z"Backend.ed25519_load_private_bytescCs|�|jj�}t||�Sro)r�rsrr,r�r|r|r}�ed25519_generate_key�szBackend.ed25519_generate_keycCs
|jjSror�rzr|r|r}�ed448_supported�szBackend.ed448_supportedcCslt�d|�t|�tkr td��|j�|jj|jj	|t|��}|�
||jj	k�|j�||jj�}t
||�S)Nr�z$An Ed448 public key is 57 bytes long)rrr�r.r�rsr��	NID_ED448rqr
r�r�r�r0r�r|r|r}�ed448_load_public_bytes�s�zBackend.ed448_load_public_bytescCsxt�d|�t|�tkr td��|j�|�}|j�|jj	|jj
|t|��}|�||jj
k�|j�||jj
�}t||�S)Nr�z%An Ed448 private key is 57 bytes long)rr�r�r.r�rqr�rsr�rr
r�r�r�r/r�r|r|r}�ed448_load_private_bytes
	s�z Backend.ed448_load_private_bytescCs|�|jj�}t||�Sro)r�rsrr/r�r|r|r}�ed448_generate_key	szBackend.ed448_generate_keycCs�|j�d|�}|j�|�}|j�|t|�|t|�|||tj||�
}	|	dkr�|��}
|jj	s�|�
|
d�|jj|jj
�p�|
d�|jj|jj��d||d}td�|���|j�|�dd�S)Nr�r�r�izJNot enough memory to derive key. These parameters require {} MB of memory.)rqr�r�rsZEVP_PBE_scryptr�riZ
_MEM_LIMITr�r�r�rJr�ZERR_R_MALLOC_FAILUREZEVP_R_MEMORY_LIMIT_EXCEEDED�MemoryErrorr�r�)r{r�r�r�r��rr�r�r�r�rPZ
min_memoryr|r|r}�
derive_scrypt	sD����
��zBackend.derive_scryptcCst�|�}|j�|�|jjkSro)rZ_aead_cipher_namersr�rqr
)r{r��cipher_namer|r|r}�aead_cipher_supported;	s
�zBackend.aead_cipher_supportedc
cs&t|�}z
|VW5|�||�XdS)z�
        This method creates a bytearray, which we copy data into (hopefully
        also from a mutable buffer that can be dynamically erased!), and then
        zero when we're done.
        N)�	bytearray�
_zero_data)r{r�r�r|r|r}r�A	s
zBackend._zeroed_bytearraycCst|�D]}d||<qdSr�r)r{r�r�rdr|r|r}rN	szBackend._zero_dataccsf|dkr|jjVnNt|�}|j�d|d�}|j�|||�z
|VW5|�|j�d|�|�XdS)a�
        This method takes bytes, which can be a bytestring or a mutable
        buffer like a bytearray, and yields a null-terminated version of that
        data. This is required because PKCS12_parse doesn't take a length with
        its password char * and ffi.from_buffer doesn't provide null
        termination. So, to support zeroing the data via bytearray we
        need to build this ridiculous construct that copies the memory, but
        zeroes it after use.
        Nr�r�z	uint8_t *)rqr
r�r�Zmemmover�cast)r{r�Zdata_lenr�r|r|r}�_zeroed_null_terminated_bufU	s
z#Backend._zeroed_null_terminated_bufc	Cs�|dk	rt�d|�|�|�}|j�|j|jj�}||jjkrN|��t	d��|j�
||jj�}|j�d�}|j�d�}|j�d�}|�
|��}|j�|||||�}	W5QRX|	dkr�|��t	d��d}
d}g}|d|jjk�r|j�
|d|jj�}
|�|
�}|d|jjk�r6|j�
|d|jj�}t||�}
|d|jjk�r�|j�
|d|jj�}|j�|d�}t|�D]H}|j�||�}|j�
||jj�}|�||jjk�|�t||���qv||
|fS)Nrrz!Could not deserialize PKCS12 datar�zX509 **zCryptography_STACK_OF_X509 **rzInvalid password or PKCS12 data)rr�r�rsZd2i_PKCS12_biormrqr
r�r�r�ZPKCS12_freer�rZPKCS12_parser�rrSrHZsk_X509_freeZsk_X509_numrZ
sk_X509_valuer�ry)r{r�rrrmZp12Zevp_pkey_ptrZx509_ptrZsk_x509_ptrZpassword_bufr�r�r�Zadditional_certificatesr�r	Zsk_x509r�rdr|r|r}�%load_key_and_certificates_from_pkcs12l	sP
�

z-Backend.load_key_and_certificates_from_pkcs12cCs|jjdkSr�)rsZCryptography_HAS_POLY1305rzr|r|r}�poly1305_supported�	szBackend.poly1305_supportedcCs*t�d|�t|�tkr td��t||�S)Nr�zA poly1305 key is 32 bytes long)rr�r�r@r�rA)r{r�r|r|r}�create_poly1305_ctx�	szBackend.create_poly1305_ctx)N)N)��__name__�
__module__�__qualname__�__doc__r�r~r�r��
contextlibrr�rvr�r�r�r�r�r�r�r�r�r�r�rur�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rrrrrrrr"r&r(r)rr*r+r-r.rQrXrBrUr\rarHrjrcrprsrxryr{rzr~rr�r�r�r�r�r�rqrur�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rrrrrr	r
rrrr�rrrrrr|r|r|r}rnas

	9"
++	UYQ"


1-	"

P

_=5
0"

.rnc@seZdZdd�Zdd�ZdS)r�cCs
||_dSro)�_fmt)r{Zfmtr|r|r}r~�	szGetCipherByName.__init__cCs&|jj||d���}|j�|�d��S)N)r�r�r�)rr��lowerrsr�r�)r{rRr�r�rr|r|r}�__call__�	szGetCipherByName.__call__N)rrrr~r r|r|r|r}r��	sr�cCs"d�|jd�}|j�|�d��S)Nz
aes-{}-xtsr�r�)r�r�rsr�r�)rRr�r�rr|r|r}r��	sr�)�Z
__future__rrrr��collectionsrr�rr�Z	six.movesrZcryptographyrr	Zcryptography.exceptionsr
rZcryptography.hazmat._derrr
rrrZ'cryptography.hazmat.backends.interfacesrrrrrrrrrrrrrZ$cryptography.hazmat.backends.opensslrZ,cryptography.hazmat.backends.openssl.ciphersrZ)cryptography.hazmat.backends.openssl.cmacr!Z0cryptography.hazmat.backends.openssl.decode_asn1r"Z'cryptography.hazmat.backends.openssl.dhr#r$r%r&Z(cryptography.hazmat.backends.openssl.dsar'r(r)Z'cryptography.hazmat.backends.openssl.ecr*r+Z,cryptography.hazmat.backends.openssl.ed25519r,r-Z*cryptography.hazmat.backends.openssl.ed448r.r/r0Z0cryptography.hazmat.backends.openssl.encode_asn1r1r2r3r4r5r6r7r8r9Z+cryptography.hazmat.backends.openssl.hashesr;Z)cryptography.hazmat.backends.openssl.hmacr=Z)cryptography.hazmat.backends.openssl.ocspr>r?Z-cryptography.hazmat.backends.openssl.poly1305r@rAZ(cryptography.hazmat.backends.openssl.rsarBrCZ+cryptography.hazmat.backends.openssl.x25519rDrEZ)cryptography.hazmat.backends.openssl.x448rFrGZ)cryptography.hazmat.backends.openssl.x509rHrIrJrKZ$cryptography.hazmat.bindings.opensslrLZcryptography.hazmat.primitivesrMrNZ)cryptography.hazmat.primitives.asymmetricrOrPrQrRrSZ1cryptography.hazmat.primitives.asymmetric.paddingrTrUrVrWZ1cryptography.hazmat.primitives.ciphers.algorithmsrXrYrZr[r\r]r^r_r`Z,cryptography.hazmat.primitives.ciphers.modesrarbrcrdrerfrgrhZ"cryptography.hazmat.primitives.kdfriZ,cryptography.hazmat.primitives.serializationrjZcryptography.x509rk�
namedtuplerlZregister_interfaceZregister_interface_ifrprrZCryptography_HAS_SCRYPT�objectrnr�r�rRr|r|r|r}�<module>s�<,,(
�*G	
@ Telegram