hgddlZddlZddlZddlZddlZddlmZddlmZmZddl m Z m Z ddl m Z ddlmZddlmZddlmZmZmZmZdd lmZmZmZdd lmZmZdd lmZm Z m!Z!dd l"m#Z#m$Z$dd l%m&Z&ddl'm(Z(ddl)m*Z*m+Z+ddl,m-Z-m.Z.ddl/m0Z0m1Z1ddl2m3Z4ddl5m6Z6ddl7m8Z8m9Z9ddl:m;Z;ddlZ>m?Z?m@Z@mAZAmBZBmCZCmDZDddlEmFZFmGZGmHZHmIZIddlJmKZKmLZLddlMmNZNmOZOddlPmQZQmRZRmSZSmTZTmUZUmVZVmWZWmXZXmYZYmZZZm[Z[m\Z\ddl]m^Z^m_Z_m`Z`maZambZbmcZcmdZdmeZemfZfddlgmhZhddlimjZjddlkmlZlmmZmmnZnmoZompZpejqdd d!gZrGd"d#ZsGd$d%ZtGd&d'Zud(etd)eQfd*ZvetZwdS)+N)contextmanager)utilsx509)UnsupportedAlgorithm_Reasons)aead)_CipherContext _CMACContext)_dh_params_dup _DHParameters _DHPrivateKey _DHPublicKey)_DSAParameters_DSAPrivateKey _DSAPublicKey)_EllipticCurvePrivateKey_EllipticCurvePublicKey)_ED448_KEY_SIZE_Ed448PrivateKey_Ed448PublicKey)_Ed25519PrivateKey_Ed25519PublicKey _HashContext _HMACContext)_POLY1305_KEY_SIZE_Poly1305Context)_RSAPrivateKey _RSAPublicKey)_X448PrivateKey_X448PublicKey)openssl)binding)hashes serialization)AsymmetricPadding)dhdsaeced448ed25519rsax448x25519)MGF1OAEPPSSPKCS1v15)PrivateKeyTypesPublicKeyTypes)BlockCipherAlgorithmCipherAlgorithm) AESAES128AES256ARC4SM4CamelliaChaCha20 TripleDES_BlowfishInternal_CAST5Internal _IDEAInternal _SEEDInternal) CBCCFBCFB8CTRECBGCMOFBXTSMode)scrypt)ssh)PBESPKCS12CertificatePKCS12KeyAndCertificatesPKCS12PrivateKeyTypes_PKCS12CATypes _MemoryBIObiochar_ptrceZdZdS)_RC2N)__name__ __module__ __qualname__h/var/www/html/Sam_Eipo/venv/lib/python3.11/site-packages/cryptography/hazmat/backends/openssl/backend.pyrYrY{sDr^rYc eZdZdZdZhdZefZej ej ej ej ej ejejejejejejejf ZejejejejfZdZdZddzZdZdezZ dd Z!de"fd Z# dd e$d e%j&e%j'e(j)ddfd Z*de$fdZ+ddZ,ddZ-e.j/dZ0ddZ1de"fdZ2de"fdZ3de4fdZ5de6dej7de8fdZ9dej7fdZ:dej7fdZ;dej7de$fdZdej7de$fdZ?dej7dej@fdZAd eBd!eCde$fd"ZDdd#ZEdd$ZFd eBd!eCdeGfd%ZHd eBd!eCdeGfd&ZIdej7de$fd'ZJdej7d(e4d)e6d*e4d+e6de6f d,ZKde%j'e(j)fd-ZLde4fd.ZMdd/e4fd0ZNd1e4d2e4deOjPfd3ZQd1e4d2e4de$fd4ZRd5eOjSd6e$deOjPfd7ZTd5eOjUdeOjVfd8ZWd9ZXd:ZYd;e6deZfd<Z[d=Z\de6fd>Z]d6e$de^fd?Z_de`fd@Zadej7de$fdAZbdBecde$fdCZddBecde$fdDZed2e4defjgfdEZhdFefjgdefjifdGZjd2e4defjifdHZk ddIZld5efjmdefjifdJZnd5efjodefjpfdKZqd5efjrdefjgfdLZsdMZtde$fdNZudej7de$fdOZvde$fdPZwdexdeyfdQZzd;e6dRe%j&e6d6e$de^fdSZ{d;e6de`fdTZ|d;e6de}j~fdUZd;e6dRe%j&e6d6e$de^fdVZdWZd;e6de`fdXZd;e6de}j~fdYZdZejde%jfd[Zd\e%jdejfd]Zdd^Zde^fd_Zde%jfd`Zdaejde$fdbZdcejdaejde$fddZdaejdejfdeZd5ejdejfdfZd5ejdejfdgZdaejdhe6dejfdiZdje4daejdejfdkZdaejfdlZdme4fdnZdejdaejde$fdoZdpZdaejde4fdqZe/drZdse4dte4ddfduZdvejdwejdxejde6fdyZde6fdzZde6fd{Zdvejdwejde6fd|Zde$fd}Zd~e4d2e4de}j~fdZdZdFe}j~de}jfdZd~e4d2e4de}jfdZd5e}jde}jfdZd5e}jde}jfdZd5e}jde}j~fdZ dde4de4de%j&e4de$fdZde$fdZd;e6dejfdZd;e6dejfdZdZdejfdZde$fdZd;e6dejfdZd;e6dejfdZdejfdZde$fdZde$fdZd;e6dejfdZd;e6dejfdZdejfdZde$fdZd;e6dejfdZd;e6dejfdZdejfdZd+e6d)e6d(e4de4de4de4de6fdZde$fdZd(e4ddfdZe.j/dZd;e6dRe%j&e6de%je%j&e^e%j&eje%j'ejffdZd;e6dRe%j&e6defdZde%j&e6de%j&edZe%j&ejde%j&e%j'edxejde6f dZde$fdZde6defdZde$fdZd;e6de%j'ejfdZd;e6de%j'ejfdZde%j'ejfdZdS)Backendz) OpenSSL API binding interfaces. r$> aes-128-ccm aes-128-gcm aes-192-ccm aes-192-gcm aes-256-ccm aes-256-gcmireturnNctj|_|jj|_|jj|_||_i|_ | |jr'|jj rtj dtn||jjg|_|jjr&|j|jjdSdS)Nz)formatopenssl_version_textrsrm_legacy_provider_loadedrs r___repr__zBackend.__repr__s7DKK  % % ' '   M 1   r^okerrorsc:tj|j||S)N)r)r%_openssl_assertrq)rrrs r_openssl_assertzBackend.openssl_asserts &ty"VDDDDr^c|jjr%|j|jj}n|j}|dkr|jt|SNr)rqCryptography_HAS_300_FIPS&EVP_default_properties_is_fips_enabledroNULL FIPS_modeERR_clear_errorbool)rmodes r_rrzBackend._is_fips_enabledsm 9 . )9CC DD9&&((D 199 I % % ' ' 'Dzzr^c|j|sJ||_dSN)rm _enable_fipsrrrsrs r_rzBackend._enable_fipssJ ""$$$$$&&&&&!2244r^c|jjr|j}||jjkr|j||j|jj}||dk|j|}||dkdSdSdSNri) rqrvENGINE_get_default_RANDrorENGINE_unregister_RANDRAND_set_rand_methodr ENGINE_finishreress r_activate_builtin_randomzBackend.activate_builtin_randoms 9 7 . 1133ADIN"" 00333i44TY^DD##C1H---i--a00##C1H----- . .#"r^c#K|j|jj}|||jjk|j|}||dk |V|j|}||dk|j|}||dkdS#|j|}||dk|j|}||dkwxYwr) rq ENGINE_by_idCryptography_osrandom_engine_idrror ENGINE_init ENGINE_freerrs r__get_osurandom_enginezBackend._get_osurandom_engines? I " "49#L M M A/000i##A&& C1H%%% *GGG)''**C   q ) ) ))))!,,C   q ) ) ) ) ) )''**C   q ) ) ))))!,,C   q ) ) ) )s >C**A(Ec|jjr||5}|j|}||dkdddn #1swxYwY|j|jj}||dkdSdSr) rqrvrrENGINE_set_default_RANDrrrorrs r_rzz Backend.activate_osrandom_engine s 9 7 *  ( ( * * *++-- .i77::##C1H--- . . . . . . . . . . . . . . . )00@@C   q ) ) ) ) ) * *s4A55A9<A9c |jdd}|5}|j|dt |||jjd}||dkdddn #1swxYwY|j| dS)Nchar[]@sget_implementationrascii) ronewrrqENGINE_ctrl_cmdlenrrstringdecode)rbufrrs r_osrandom_engine_implementationz&Backend.osrandom_engine_implementationsimmHb))  ' ' ) ) )Q)++(#c((CC   a ( ( (  ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) y$$++G444sAB  BBc|j|j|jjdS)z Friendly string name of the loaded OpenSSL library. This is not necessarily the same version as it was compiled against. Example: OpenSSL 1.1.1d 10 Sep 2019 r)rorrqOpenSSL_versionOPENSSL_VERSIONrrs r_rzBackend.openssl_version_textsAy I % %di&? @ @  &// r^c4|jSr)rqOpenSSL_version_numrs r_openssl_version_numberzBackend.openssl_version_number*sy,,...r^key algorithmc$t|||Srr)rrrs r_create_hmac_ctxzBackend.create_hmac_ctx-sD#y111r^c|jdks |jdkr7d|j|jdzd}n|jd}|j|}|S)Nblake2bblake2sz{}{}r)namer digest_sizeencoderqEVP_get_digestbyname)rralgevp_mds r__evp_md_from_algorithmzBackend._evp_md_from_algorithm2s~ >Y & &).I*E*E-- 5 9fWoo C.''00C//44 r^cv||}|||jjk|Sr)rrrorrrrs r__evp_md_non_null_from_algorithmz'Backend._evp_md_non_null_from_algorithm=s7,,Y77 Fdin4555 r^c|jrt||jsdS||}||jjkSNF)rs isinstance _fips_hashesrrorrs r_hash_supportedzBackend.hash_supportedBsH   jDj(2333r^c tttfD]U}ttt t tttfD]&}| ||td'Vttt t tfD]+}| t|td,tttt fD]+}| t|td,| tt td| ttdtd| tt t"t tt ttfD]+}| t$|td,|jjs |jjs]ttt t fD]+}| t.|td,ttt t fD]+}| t0|td,t3jt6t8gtt tt gD])\}}| ||td*| t:tdtd | t<tdtd dSdS) Nz+{cipher.name}-{cipher.key_size}-{mode.name}zdes-ede3-{mode.name}zdes-ede3chacha20zsm4-{mode.name}zbf-{mode.name}zseed-{mode.name}z{cipher.name}-{mode.name}rc4rc2)r9r:r;rErHrIrKrFrGrJrGetCipherByNamer>r@r?rrL_get_xts_cipherr=rmrrq#CRYPTOGRAPHY_OPENSSL_300_OR_GREATERrArD itertoolsproductrBrCr<rY)rrrs r_ruz!Backend._register_default_ciphers{sA/  J #sCdC@  ,,#E c3S1  H  ( ( MNN     c4-  H  ( (8_5K%L%L     $$ sOJ77    $$ d4jj/*"="=    $$S#???c3S1  H  ( (X/@AA     M 1 9@ !#sC0  ,,%#$455 !#sC0  ,,!#$677 )2(9/c3$))  $ H,,#$?@@  ( (d4jj/%"8"8     ( (d4jj/%"8"8     ;  r^c:t|||tjSr)r _ENCRYPTrrrs r_create_symmetric_encryption_ctxz'Backend.create_symmetric_encryption_ctxdFD.2IJJJr^c:t|||tjSr)r _DECRYPTrs r_create_symmetric_decryption_ctxz'Backend.create_symmetric_decryption_ctxrr^c,||Sr)rrs r_pbkdf2_hmac_supportedzBackend.pbkdf2_hmac_supporteds""9---r^lengthsalt iterations key_materialc |jd|}||}|j|}|j|t ||t |||||} || dk|j|ddS)Nunsigned char[]ri) rorr from_bufferrqPKCS5_PBKDF2_HMACrrbuffer) rrrrrrrrkey_material_ptrrs r_derive_pbkdf2_hmaczBackend.derive_pbkdf2_hmacsimm-v6655i@@900>>i))      II        C1H%%%y$$QQQ''r^c(tjSr) rust_opensslcapture_error_stackrs r__consume_errorszBackend._consume_errorss/111r^c||jjksJ||j| |j|}|jd|}|j||}||dkt |j |d|d}|S)Nrrbig) rorrrqBN_is_negative BN_num_bytesr BN_bn2binint from_bytesr)rbn bn_num_bytesbin_ptrbin_lenvals r_ _bn_to_intzBackend._bn_to_intsTY^####  8 8 < <<===y--b11 )-- 1<@@)%%b'22 GqL)))nnTY--g66xx@%HH r^numcX|||jjksJ| |jj}|t|dz dzd}|j|t||}|||jjk|S)a  Converts a python integer to a BIGNUM. The returned BIGNUM will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. Ng @rir) rorto_bytesr bit_lengthrq BN_bin2bnrr)rrrbinarybn_ptrs r_ _int_to_bnzBackend._int_to_bnszR49>1111 :Bc#.."2"2S"81"<==uEE$$VS[["== Fdin4555 r^public_exponentkey_sizec2tj|||j}|||jjk|j||jj}| |}|j||jj }|j ||||jj}||dk| |}t|||dS)NriTunsafe_skip_rsa_key_validation)r._verify_rsa_parametersrqRSA_newrrorgcRSA_freer#BN_freeRSA_generate_key_ex_rsa_cdata_to_evp_pkeyr )rr$r% rsa_cdatarrevp_pkeys r_generate_rsa_private_keyz Backend.generate_rsa_private_keys "?H===I%%''  I7888ILLDI,>?? ___ - - Y\\"di/ 0 0i++ xTY^   C1H%%%..y99 )Xd    r^c,|dko|dzdko|dkS)Nririr])rr$r%s r_!generate_rsa_parameters_supportedz)Backend.generate_rsa_parameters_supporteds/ q  !#q( C r^numbersr(c tj|j|j|j|j|j|j|jj |jj |j }| ||jjk|j||j j}||j}||j}||j}||j}||j}||j} ||jj } ||jj } |j |||} | | dk|j || | |} | | dk|j |||| } | | dk||} t/||| |S)Nrir')r._check_private_key_componentspqddmp1dmq1iqmppublic_numbersrnrqr*rrorr+r,r#RSA_set0_factors RSA_set0_keyRSA_set0_crt_paramsr/r )rr6r(r0r9r:r;r<r=r>rr@rr1s r_load_rsa_private_numbersz Backend.load_rsa_private_numbers$s ) I I I L L L  " $  " $ I%%''  I7888ILLDI,>?? OOGI & & OOGI & & OOGI & &w|,,w|,,w|,, OOG24 5 5 OOG24 5 5i((Aq99 C1H%%%i$$Y1a88 C1H%%%i++ItT4HH C1H%%%..y99   +I     r^c6tj|j|j|j}|||jjk|j ||jj }| |j}| |j}|j ||||jj}||dk| |}t|||Sr)r._check_public_key_componentsrr@rqr*rrorr+r,r#rBr/r!)rr6r0rr@rr1s r_load_rsa_public_numberszBackend.load_rsa_public_numbersMs (GI>>>I%%''  I7888ILLDI,>?? OOGI & & OOGI & &i$$Y1dinEE C1H%%%..y99T9h777r^c|j}|||jjk|j||jj}|Sr)rq EVP_PKEY_newrrorr+ EVP_PKEY_freerr1s r__create_evp_pkey_gczBackend._create_evp_pkey_gc\sQ9))++ H 67779<<$)*ABBr^c|}|j||}||dk|Sr)rLrqEVP_PKEY_set1_RSAr)rr0r1rs r_r/zBackend._rsa_cdata_to_evp_pkeybG++--i))(I>> C1H%%%r^datac2|j|}|j|t |}|||jjkt|j||jj |S)z Return a _MemoryBIO namedtuple of (BIO, char*). The char* is the storage for the BIO and it must stay alive until the BIO is finished with. ) rorrqBIO_new_mem_bufrrrrUr+BIO_free)rrPdata_ptrrVs r_ _bytes_to_biozBackend._bytes_to_biohsx9((..i''#d))<< C49>1222$),,sDI,>??JJJr^cB|j}|||jjk|j|}|||jjk|j||jj}|S)z. Creates an empty memory BIO. )rq BIO_s_memrrorBIO_newr+rS)r bio_methodrVs r__create_mem_bio_gczBackend._create_mem_bio_gcusY((**  J$).8999i ++ C49>1222ill3 233 r^cF|jd}|j||}||dk||d|jjk|j|d|dd}|S)zE Reads a memory BIO. This only works on memory BIOs. zchar **rN)rorrqBIO_get_mem_datarrr)rrVrbuf_lenbio_datas r_ _read_mem_biozBackend._read_mem_biosimmI&&),,S#66 GaK((( CFdin45559##CFG44QQQ7r^c|j|}||jjkru|j|}|||jjk|j||jj}t||||S||jj kr|jj s|jj s|jj s|j|}|||jjk|j||jj}|}|j||}||dk|||d|S||jjkrs|j|}|||jjk|j||jj}t+|||S||jjkrs|j|}|||jjk|j||jj}t3|||S||jvrs|j|} || |jjk|j| |jj} t;|| |S|t=|jddkrt?||S|t=|jddkrtA||S||jj!krEtDj#$tK|j&d|S|t=|jddkrtO||StQd ) zd Return the appropriate type of PrivateKey given an evp_pkey cdata pointer. r'riN)passwordr(EVP_PKEY_ED25519 EVP_PKEY_X448 uintptr_tEVP_PKEY_ED448Unsupported key type.))rq EVP_PKEY_id EVP_PKEY_RSAEVP_PKEY_get1_RSArrorr+r,r EVP_PKEY_RSA_PSSCRYPTOGRAPHY_IS_LIBRESSLCRYPTOGRAPHY_IS_BORINGSSL#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111ErZi2d_RSAPrivateKey_bioload_der_private_keyr_ EVP_PKEY_DSAEVP_PKEY_get1_DSADSA_freer EVP_PKEY_ECEVP_PKEY_get1_EC_KEY EC_KEY_freerr|EVP_PKEY_get1_DHDH_freergetattrrr"EVP_PKEY_X25519r r0private_key_from_ptrrcastrr) rr1r(key_typer0rVr dsa_cdataec_cdatadh_cdatas r__evp_pkey_to_private_keyz Backend._evp_pkey_to_private_keys9((22 ty- - - 33H==I    TY^ ; < < < Y 0BCCI!/M    2 2 2I6 3I7 3IA 3 33H==I    TY^ ; < < < Y 0BCCI))++C)11#yAAC   q ) ) ),,""3''/M-  / / / 33H==I    TY^ ; < < < Y 0BCCI!$ 8<< < . . .y55h??H   DIN : ; ; ;y||Hdi.CDDH+D(HEE E  ' 'y11(;;H   DIN : ; ; ;y||Hdi.?@@H x:: : ,>EE E E%dH55 5 OTBB B B"422 2 2 2 2&;;DINN;99:: ,?? ?r^c2|j|}||jjkrs|j|}|||jjk|j||jj}t|||S||jj kr|jj s|jj s|jj s|j|}|||jjk|j||jj}|}|j||}||dk|||S||jjkrs|j|}|||jjk|j||jj}t+|||S||jjkr|j|}||jjkr$|}t3d||j||jj}t7|||S||jvrs|j|} || |jjk|j| |jj} t?|| |S|tA|jddkrtC||S|tA|jddkrtE||S||jj#krEtHj%&tO|j(d|S|tA|jddkrtS||StUd) zc Return the appropriate type of PublicKey given an evp_pkey cdata pointer. rizUnable to load EC keyrbNrcrdrerf)+rqrgrhrirrorr+r,r!rjrkrlrmrZi2d_RSAPublicKey_bioload_der_public_keyr_rprqrrrrsrtrrrurr|rvrwrrxrr#ryr r0public_key_from_ptrrr{rr) rr1r|r0rVrr}r~rrs r__evp_pkey_to_public_keyzBackend._evp_pkey_to_public_keys 9((22 ty- - - 33H==I    TY^ ; < < < Y 0BCCI y(;; ;  2 2 2I6 3I7 3IA 3  33H==I    TY^ ; < < < Y 0BCCI))++C)00i@@C   q ) ) )++D,>,>s,C,CDD D / / / 33H==I    TY^ ; < < < Y 0BCCI y(;; ; . . .y55h??H49>))--// !8&AAAy||Hdi.CDDH*48DD D  ' 'y11(;;H   DIN : ; ; ;y||Hdi.?@@Hh99 9 ,>EE E E$T844 4 OTBB B B!$11 1 2 2 2&::DINN;99:: ,?? ?r^c|jrt|tjrdSt|tjtjtjtjtjfSr)rsrr&rSHA224SHA256SHA384SHA512rs r__oaep_hash_supportedzBackend._oaep_hash_supportedsX   *Y "D"D 5          r^paddingct|trdSt|trft|jtrL|jr&t|jjtjrdS| |jjSt|trSt|jtr9| |jjo| |jSdS)NTF) rr4r3_mgfr1rs _algorithmr&rrr2rrrs r_rsa_padding_supportedzBackend.rsa_padding_supporteds gx ( ( 4  % % *W\4*H*H ! Dj ''' Dt**7<+BCCC  & & :glD+I+I ,, '@++G,>?? @5r^ch|jrt|trdS||Sr)rsrr4rrs r_rsa_encryption_supportedz Backend.rsa_encryption_supported0s7   7*Wh"?"? 75--g66 6r^c |dvrtd|j}|||jjk|j||jj}|j|||jjd|jj|jj|jj}||dkt||S)N)irhi iz0Key size must be 1024, 2048, 3072, or 4096 bits.rri) rrqDSA_newrrorr+rrDSA_generate_parameters_exr)rr%ctxrs r_generate_dsa_parameterszBackend.generate_dsa_parameters6s 3 3 3B i!! C49>1222ill3 233i22   IN IN IN IN   C1H%%%dC(((r^ parameterscP|j|j}|||jjk|j||jj}|j|| |}t|||Sr) rq DSAparams_dup _dsa_cdatarrorr+rrDSA_generate_key_dsa_cdata_to_evp_pkeyr)rrrr1s r_generate_dsa_private_keyz Backend.generate_dsa_private_keyNsi%%  !   C49>1222ill3 233 ""3'''..s33dC222r^cV||}||Sr)rr)rr%rs r_'generate_dsa_private_key_and_parametersz/Backend.generate_dsa_private_key_and_parameters[s+11(;; ,,Z888r^c|j||||}||dk|j|||}||dkdSr)rq DSA_set0_pqgr DSA_set0_key)rr}r9r:gpub_keypriv_keyrs r__dsa_cdata_set_valueszBackend._dsa_cdata_set_valuesasni$$Y1a88 C1H%%%i$$YBB C1H%%%%%r^ctj||jj}|j}|||jjk|j ||jj }| |j }| |j }| |j}| |jj}| |j}|||||||||} t'||| Sr)r*_check_dsa_private_numbersr?parameter_numbersrqrrrorr+rrr#r9r:ryxrrr) rr6rr}r9r:rrrr1s r_load_dsa_private_numbersz Backend.load_dsa_private_numbersis &w///#2DI%%''  I7888ILLDI,>?? OO-/ 0 0 OO-/ 0 0 OO-/ 0 0//'"8":;;??79-- ""9aAwIII..y99dIx888r^c|tj|j|j}|||jjk|j||jj }| |jj }| |jj }| |jj }| |j}|jj}|||||||||}t#|||Sr)r*_check_dsa_parametersrrqrrrorr+rrr#r9r:rrrrr) rr6r}r9r:rrrr1s r_load_dsa_public_numberszBackend.load_dsa_public_numbers~s !'";<<<I%%''  I7888ILLDI,>?? OOG57 8 8 OOG57 8 8 OOG57 8 8//'),,9> ""9aAwIII..y99T9h777r^ctj||j}|||jjk|j||jj}| |j }| |j }| |j }|j ||||}||dkt||Sr)r*rrqrrrorr+rrr#r9r:rrr)rr6r}r9r:rrs r_load_dsa_parameter_numbersz"Backend.load_dsa_parameter_numberss !'***I%%''  I7888ILLDI,>?? OOGI & & OOGI & & OOGI & &i$$Y1a88 C1H%%%dI...r^c|}|j||}||dk|Sr)rLrqEVP_PKEY_set1_DSAr)rr}r1rs r_rzBackend._dsa_cdata_to_evp_pkeyrOr^c|j Sr)rsrs r_ dsa_supportedzBackend.dsa_supporteds%%%r^cX|sdS||Sr)rrrs r_dsa_hash_supportedzBackend.dsa_hash_supporteds/!!## 5,,Y777r^cX||td|jzS)N)rrE block_sizers r_cmac_algorithm_supportedz Backend.cmac_algorithm_supporteds/$$ s7Y%99::   r^c"t||Srr rs r_create_cmac_ctxzBackend.create_cmac_ctxsD),,,r^racF||jj|||Sr) _load_keyrqPEM_read_bio_PrivateKey)rrPrar(s r_load_pem_private_keyzBackend.load_pem_private_keys+ ~~ I -   *    r^c||}|jd}|j|j|jj|j|jjd|}||jjkr:|j ||jj }| |S| |j |j}||dk|j|j|jj|j|jjd|}||jjkrK|j ||jj}||}t%|||S|dS)NCRYPTOGRAPHY_PASSWORD_DATA *Cryptography_pem_password_cbri)rUrorrqPEM_read_bio_PUBKEYrVr addressof _original_libr+rJrr BIO_resetrPEM_read_bio_RSAPublicKeyr,r/r!_handle_key_loading_error)rrPmem_biouserdatar1rr0s r_load_pem_public_keyzBackend.load_pem_public_keys$$T**9==!?@@900 K IN I   ')G       ty~ % %y||Hdi.EFFH//99 9  " " ")%%gk22C   q ) ) ) ;;   ##I+-K IDIN** ILLDI4FGG 66yAA$T9h???..00000r^cb||}|j|j|jj|jj|jj}||jjkr5|j||jj}t||S| dSr) rUrqPEM_read_bio_DHparamsrVrorr+rwr r)rrPrrs r_load_pem_parameterszBackend.load_pem_parameterss$$T**922 K   ty~ % %y||Hdi.?@@H x00 0  * * , , , , ,r^c||}|||}|r|||S||jj|||Sr)rU"_evp_pkey_from_der_traditional_keyrrrqd2i_PKCS8PrivateKey_bio)rrPrar(r^rs r_rozBackend.load_der_private_keys{%%d++55hII  003  >> 1.  r^c|j|j|jj}||jjkr8|j||jj}|td|S|dS)N4Password was given but private key is not encrypted.) rqd2i_PrivateKey_biorVrorr+rJ TypeErrorr)rr^rars r_rz*Backend._evp_pkey_from_der_traditional_keysi**8<HH $). ),,sDI$;<JJ ty~ % %y||Hdi.?@@H x00 0 Y 4 5  " " ")%%gk22C   q ) ) )y227; OOH49>))9<<$)2CDD$T8444 &&(((((r^certc\|tjj}||}|j|j|jj }| ||jj k|j ||jj }|Sr) public_bytesr'EncodingDERrUrq d2i_X509_biorVrorrr+ X509_free)rrrPrrs r_ _cert2osslzBackend._cert2osslKs  !7!;<<$$T**y%%gk49>BB DDIN2333y||D$)"566 r^x509_ptrc|}|j||}||dkt j||Sr)rZrq i2d_X509_biorrload_der_x509_certificater_)rrrVrs r_ _ossl2certzBackend._ossl2certSsa%%''i$$S(33 C1H%%%-d.@.@.E.EFFFr^cv|j|j|jdkrtddS)NrizKeys do not correspond)rq EVP_PKEY_cmp _evp_pkeyr)rkey1key2s r__check_keys_correspondzBackend._check_keys_correspondYs; 9 ! !$.$. A AQ F F566 6 G Fr^cp||}|jd}|Jtjd||j|}||_t||_||j |jj |j |j j d|}||jj kr|jdkre||jdkrt!d|jdksJt#d|jd z ||j||j j}||jdkrt!d | |jd ks|J|||S) Nrrarrz3Password was not given but private key is encryptedzAPasswords longer than {} bytes are not supported by this backend.rir)rUrorr_check_byteslikerrarrrVrrrqrerrorrrrrmaxsizerr+rJcalledr) ropenssl_read_funcrPrar(rr password_ptrr1s r_rzBackend._load_key]s$$T**9==!?@@    ":x 8 8 8900::L ,H !(mmHO$$ K IN I   ')G       ty~ % %~""$$&&&>R''#M$>R////$++16(2BQ2F+G+G ..0009<<$)*ABB  HOq$8$8F   X_%9%9   ,, 4   r^c}|std|djjjjsl|djjjjs<jjr?|djj jj rtdtfd|Drtdtd|)Nz|Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.rz Bad decrypt. Incorrect password?c3lK|].}|jjjjV/dSr)_lib_reason_matchrq ERR_LIB_EVP'EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM).0rrs r_ z4Backend._handle_key_loading_error..sY    # # % A        r^z!Unsupported public key algorithm.zCould not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).) rrrrqrEVP_R_BAD_DECRYPTERR_LIB_PKCS12!PKCS12_R_PKCS12_CIPHERFINAL_ERRORCryptography_HAS_PROVIDERS ERR_LIB_PROVPROV_R_BAD_DECRYPTany)rrs` r_rz!Backend._handle_key_loading_errorsE%%'')   1I ' ' %ty'B  " ay** ( ; "  4" 1I//I*I0"  ?@@ @            @AA A4  r^curvecf ||}n#t$r|jj}YnwxYw|j|}||jjkr|dS|||jjk|j |dS)NFT) _elliptic_curve_to_nidrrq NID_undefEC_GROUP_new_by_curve_namerorrr EC_GROUP_free)rr  curve_nidgroups r_elliptic_curve_supportedz Backend.elliptic_curve_supporteds ,33E::II# , , , +III , 44Y?? DIN " "  " " "5    TY-@ @ A A A I # #E * * *4s 11signature_algorithmcdt|tjsdS||Sr)rr+ECDSAr)rrr s r_,elliptic_curve_signature_algorithm_supportedz4Backend.elliptic_curve_signature_algorithm_supporteds2 -rx88 5,,U333r^cN||rn||}|j|}||dk||}t |||Std|jdtj )z@ Generate a new private key on the named curve. riz Backend object does not support .) r_ec_key_new_by_curverqEC_KEY_generate_keyr_ec_cdata_to_evp_pkeyrrrrUNSUPPORTED_ELLIPTIC_CURVE)rr r~rr1s r_#generate_elliptic_curve_private_keyz+Backend.generate_elliptic_curve_private_keys  ( ( / / 0077H)//99C   q ) ) )11(;;H+D(HEE E&@5:@@@3 r^c |j}||j}|j||j|jj}|j ||}|dkr#| td| 5}| ||j|j||j|}|||jjkt&j|}|||jjk|j|} || |jjk|j| |jj} |j|| ||jj|jj|}||dk|j||| |dkrtd dddn #1swxYwY||} t5||| S)NriInvalid EC key.r)r?rr ror+r# private_valuerq BN_clear_freeEC_KEY_set_private_keyrr _tmp_bn_ctx)_ec_key_set_public_key_affine_coordinatesrrEC_KEY_get0_grouprrbackendEC_KEY_get0_public_key EC_POINT_new EC_POINT_free EC_POINT_mul EC_POINT_cmprr) rr6publicr~r!rbn_ctxr set_pointcomputed_pointr1s r_#load_elliptic_curve_private_numbersz+Backend.load_elliptic_curve_private_numberss',,V\:: OOG1 2 2DI4K  i..xGG !88  " " ".// /      46  : :&(FHf    I//99E    7 8 8 8 ;;HEEI    TY^ ; < < <!Y33E::N   $). @ A A A!Y\\ 7N)((   C   q ) ) ) &&9nf !!2333 5 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4B--h77'hAAAs7FII Ic||j}|5}|||j|j|dddn #1swxYwY||}t|||Sr)rr r$r%rrrr)rr6r~r.r1s r_"load_elliptic_curve_public_numbersz*Backend.load_elliptic_curve_public_numbers$s,,W];;      6  : :')WY                  --h77&tXx@@@s#AA"%A" point_bytesc  ||}|j|}|||jjk|j|}|||jjk|j||jj}| 5}|j |||t||}|dkr#| td dddn #1swxYwY|j||}||dk||}t!|||S)Nriz(Invalid public bytes for the given curve)rrqr&rrorr)r+r*r$EC_POINT_oct2pointrrrEC_KEY_set_public_keyrr) rr r4r~rpointr.rr1s r_ load_elliptic_curve_public_bytesz(Backend.load_elliptic_curve_public_bytes0s,,U33 ++H55 ETY^3444 &&u-- ETY^3444 UDI$;<<      M6)..uk3{+;+;VCaxx$$&&& !KLLL  M M M M M M M M M M M M M M Mi--h>> C1H%%%--h77&tXx@@@s AD++D/2D/r!c V||}|j|}|||jjk|j|}|||jjk|j||jj}| |}|j||jj }| 5}|j ||||jj|jj|}||dk|j |} |j |} |j||| | |}|dkr#|t!d dddn #1swxYwY|j||}||dk| |} |j| |jj } |j|| }||dk||} t)||| S)Nriz'Unable to derive key from private_value)rrqr&rrorr)r+r*r#r"r$r+ BN_CTX_getEC_POINT_get_affine_coordinatesrrr7r#rr) rr!r r~rr8valuer.rbn_xbn_yprivater1s r_!derive_elliptic_curve_private_keyz)Backend.derive_elliptic_curve_private_keyFs,,U33 ++H55 ETY^3444 &&u-- ETY^3444 UDI$;<< .. UDI$;<<      L6)((ueTY^TY^VC   q ) ) )9''//D9''//D);;udD&Caxx$$&&& !JKKK L L L L L L L L L L L L L L L i--h>> C1H%%%//-00),,w (?@@i..xAA C1H%%%--h77'hAAAsCGGGcV||}||Sr)r _ec_key_new_by_curve_nid)rr rs r_rzBackend._ec_key_new_by_curveps)//66 ,,Y777r^rc|j|}|||jjk|j||jjSr)rqEC_KEY_new_by_curve_namerrorr+ru)rrr~s r_rCz Backend._ec_key_new_by_curve_nidtsO955i@@ H 6777y||Hdi&;<<> I(():):)<)<==  + + +&:AAA3 r^c#|K|j}|||jjk|j||jj}|j| |V|j|dS#|j|wxYwr) rq BN_CTX_newrrorr+ BN_CTX_free BN_CTX_start BN_CTX_end)rr.s r_r$zBackend._tmp_bn_ctxs%%'' Fdin4555fdi&;<< v&&& )LLL I  ( ( ( ( (DI  ( ( ( (s ?BB;rrcP|dks|dkrtd|j|||jj}|j|||jj}|j|}|||jjk|j |}|||jjk|j||jj }|j |||||}|dkr#| td|j ||}||dkdS)zg Sets the public key point in the EC_KEY context to the affine x and y values. rz2Invalid EC key. Both x and y must be non-negative.rir N)rror+r#rqr-r&rrr)r*EC_POINT_set_affine_coordinatesrr7)rr~rrr.rr8rs r_r%z1Backend._ec_key_set_public_key_affine_coordinatessy q55AEED  ILL++TY-> ? ? ILL++TY-> ? ? ++H55 ETY^3444 &&u-- ETY^3444 UDI$;<<i77 5!Q   !88  " " ".// /i--h>> C1H%%%%%r^encodingrencryption_algorithmc<t|tjstdt|tjstdt|tjstdt|tjrd}nt|tjr*|j}t|dkrtdnQt|tj r(|j |cxurtjj ur nn|j}ntd|tjjurf|tjjur |jj}n/|tjjur |jj}ntd||||S|tjjur|jr)t|tjstd |j|} |tjjur}| |jjkr |jj}nI| |jjkr |jj}n,| |jjkr |jj}ntd ||||S|tjjur|rtd | |jjkr |jj}nI| |jjkr |jj}n,| |jjkr |jj }ntd |!||Std |tjj ur8|tjjurtEj#|||Std td)N/encoding must be an item from the Encoding enumz2format must be an item from the PrivateFormat enumzBEncryption algorithm must be a KeySerializationEncryption instancer^izBPasswords longer than 1023 bytes are not supported by this backendzUnsupported encryption typezUnsupported encoding for PKCS8zCEncrypted traditional OpenSSL format is not supported in FIPS mode.z+Unsupported key type for TraditionalOpenSSLzDEncryption is not supported for DER encoded traditional OpenSSL keysz+Unsupported encoding for TraditionalOpenSSLz=OpenSSH private key format can only be used with PEM encodingformat is invalid with this key)$rr'rr PrivateFormatKeySerializationEncryption NoEncryptionBestAvailableEncryptionrarr_KeySerializationEncryption_formatOpenSSHPKCS8PEMrqPEM_write_bio_PKCS8PrivateKeyri2d_PKCS8PrivateKey_bio_private_key_bytes_via_bioTraditionalOpenSSLrsrgrhPEM_write_bio_RSAPrivateKeyrpPEM_write_bio_DSAPrivateKeyrsPEM_write_bio_ECPrivateKeyrni2d_ECPrivateKey_bioi2d_DSAPrivateKey_bio_bio_func_outputrO_serialize_ssh_private_key) rr\rr]rr1cdatara write_bior|s r__private_key_byteszBackend._private_key_bytess(M$:;; OMNN N&-"=>> D  -"J     *M,F G G <HH  -"G   <,4H8}}t## #$ $m&O   <%,3333*233333,4HH:;; ; ]06 6 6=1555 IC ]3777 I=  !ABBB228X  ]0C C C! *$m&@++ !.y,,X66H=1555ty555 $ EII!777 $ EII!666 $ DII$E66uh=1555$3ty555 $ ?II!666 $ >II!777 $ ?II$E,,Y>>>JKK K ]08 8 8=15555#7% :;;;r^c |s |jj}n|jd}|||||t ||jj|jjS)Ns aes-256-cbc)rorrqEVP_get_cipherbynamersr)rrvr1rars r_rlz"Backend._private_key_bytes_via_bioBsj HJJ77GGJ$$     MM IN IN   r^c|}||g|R}||dk||Sr)rZrr_)rrvargsrVrs r_rszBackend._bio_func_outputUsV%%''i#d### C1H%%%!!#&&&r^ct|tjstdt|tjstd|tjjure|tjjur |jj}n/|tjj ur |jj }ntd| ||S|tjj ur|j|}||jjkrtd|tjjur |jj}n/|tjj ur |jj}ntd| ||S|tjjur6|tjjurt'j|Stdtd)Nr_z1format must be an item from the PublicFormat enumz8SubjectPublicKeyInfo works only with PEM or DER encodingz+PKCS1 format is supported only for RSA keysz)PKCS1 works only with PEM or DER encodingz1OpenSSH format must be used with OpenSSH encodingr`)rr'rr PublicFormatSubjectPublicKeyInforirqPEM_write_bio_PUBKEYri2d_PUBKEY_biorrsPKCS1rgrhPEM_write_bio_RSAPublicKeyrrgrOserialize_ssh_public_key)rr\rrr1rurvr|s r__public_key_byteszBackend._public_key_bytes[s(M$:;; OMNN N&-"<== C  ]/D D D=1555 I: ]3777 I4  N((H== = ]/5 5 5y,,X66H49111 !NOOO=1555 I@ ]3777 I:  !LMMM((E:: : ]/7 7 7=19993C888C  :;;;r^c|jj Srrqrlrs r_ dh_supportedzBackend.dh_supported9666r^ generatorc$|tjkr,tdtj|dvrtd|j}|||jjk|j ||jj }|j ||||jj}|dkr$| }td|t||S)Nz$DH key_size must be at least {} bits)zDH generator must be 2 or 5riz Unable to generate DH parameters)r)_MIN_MODULUS_SIZErrrqDH_newrrorr+rwDH_generate_parameters_exrr )rrr%dh_param_cdatarrs r_generate_dh_parameterszBackend.generate_dh_parameterss b* * *6==(  F " ":;; ;))++ Ndin<===ndi6GHHi11 Hi   !88))++F?HH HT>222r^c|}|j||}||dk|Sr)rLrqEVP_PKEY_set1_DHr)rrr1rs r__dh_cdata_to_evp_pkeyzBackend._dh_cdata_to_evp_pkeysG++--i((8<< C1H%%%r^ct|j|}|j|}||dk||}t |||Sr)r _dh_cdatarqDH_generate_keyrrr)rr dh_key_cdatarr1s r_generate_dh_private_keyzBackend.generate_dh_private_keyso&  $  i'' 55 C1H%%%--l;;T<:::r^cT||||Sr)rr)rrr%s r_&generate_dh_private_key_and_parametersz.Backend.generate_dh_private_key_and_parameterss/++  ' ' 8 < <   r^cP|jj}|j}|||jjk|j||jj}| |j }| |j }|j | |j }n |jj}| |jj }| |j}|j||||} || dk|j|||} || dk|jdd} |j|| } || dk| ddkr3|j dkr| d|jjz dkst)d||} t-||| S)Nriint[]rrz.DH private numbers did not pass safety checks.)r?rrqrrrorr+rwr#r9rr:rr DH_set0_pqg DH_set0_keyrDH_checkDH_NOT_SUITABLE_GENERATORrrr) rr6rrr9rr:rrrcodesr1s r_load_dh_private_numberszBackend.load_dh_private_numberss$2D9##%% H 67779<<$)*;<< OO-/ 0 0 OO-/ 0 0   * 1 344AA A//'"8":;;??79--i##HaA66 C1H%%%i##Hgx@@ C1H%%% gq))i  511 C1H%%% 8q==  1 $ $a49>>!CCMNN N--h77T8X666r^c|j}|||jjk|j||jj}|j}||j }||j }|j ||j }n |jj}||j }|j ||||}||dk|j|||jj}||dk||} t!||| Sr)rqrrrorr+rwrr#r9rr:rrrrr) rr6rrr9rr:rrr1s r_load_dh_public_numberszBackend.load_dh_public_numberssJ9##%% H 67779<<$)*;<<#5 OO-/ 0 0 OO-/ 0 0   * 1 344AA A//'),,i##HaA66 C1H%%%i##Hgty~FF C1H%%%--h77D(H555r^c|j}|||jjk|j||jj}||j}||j }|j ||j }n |jj}|j ||||}||dkt||Sr) rqrrrorr+rwr#r9rr:rr )rr6rr9rr:rs r_load_dh_parameter_numbersz!Backend.load_dh_parameter_numberss9##%% H 67779<<$)*;<< OOGI & & OOGI & & 9  **AA Ai##HaA66 C1H%%%T8,,,r^r9rr:c|j}|||jjk|j||jj}||}||}|||}n |jj}|j||||}||dk|j dd}|j ||}||dk|ddkS)Nrirr) rqrrrorr+rwr#rrr)rr9rr:rrrs r_dh_parameters_supportedzBackend.dh_parameters_supported+s9##%% H 67779<<$)*;<< OOA   OOA   =""AA Ai##HaA66 C1H%%% gq))i  511 C1H%%%Qx1}r^c"|jjdkSr)rqr}rs r_dh_x942_serialization_supportedz'Backend.dh_x942_serialization_supportedCsy6!;;r^c@tj|Sr)r r0from_public_bytesrrPs r_x25519_load_public_bytesz Backend.x25519_load_public_bytesFs"44T:::r^c@tj|Sr)r r0from_private_bytesrs r_x25519_load_private_bytesz!Backend.x25519_load_private_bytesIs"55d;;;r^c|j||jj}|||jjk|j||jj}|j|}||dk|jd}|j ||}||dk||d|jjk|j|d|jj }|S)Nri EVP_PKEY **r) rqEVP_PKEY_CTX_new_idrorrr+EVP_PKEY_CTX_freeEVP_PKEY_keygen_initrEVP_PKEY_keygenrJ)rnid evp_pkey_ctxr evp_ppkeyr1s r__evp_pkey_keygen_gczBackend._evp_pkey_keygen_gcNsy44S$).II  LDIN:;;;y||L$)2MNN i,,\:: C1H%%%IMM-00 i'' i@@ C1H%%% IaLDIN:;;;9<< ! di.EFFr^c>tjSr)r r0 generate_keyrs r_x25519_generate_keyzBackend.x25519_generate_key[s"//111r^c.|jrdS|jj Sr)rsrq#CRYPTOGRAPHY_LIBRESSL_LESS_THAN_370rs r_x25519_supportedzBackend.x25519_supported^s   59@@@r^crt|dkrtd|j|jj|jj|t|}|||jjk|j||jj }t||S)N8z#An X448 public key is 56 bytes long) rrrqEVP_PKEY_new_raw_public_keyNID_X448rorrr+rJr#rrPr1s r_x448_load_public_byteszBackend.x448_load_public_bytescs t99??BCC C988 I  c$ii   H 67779<<$)*ABBdH---r^ct|dkrtd|j|}|j|jj|jj|t|}|||jjk|j ||jj }t||S)Nrz$An X448 private key is 56 bytes long) rrrorrqEVP_PKEY_new_raw_private_keyrrrr+rJr"rrPrTr1s r_x448_load_private_byteszBackend.x448_load_private_bytesns t99??CDD D9((..999 I  #d))   H 67779<<$)*ABBtX...r^c`||jj}t||Sr)rrqrr"rKs r_x448_generate_keyzBackend.x448_generate_keyzs*++DI,>??tX...r^cH|jrdS|jj o |jj Sr)rsrqrkrlrs r_x448_supportedzBackend.x448_supported~s2   5 2 2 8I77 r^c,|jrdS|jjSr)rsrq CRYPTOGRAPHY_HAS_WORKING_ED25519rs r_ed25519_supportedzBackend.ed25519_supporteds   5y99r^ctjd|t|tjkrt d|j|jj|j j |t|}| ||j j k|j ||jj }t||S)NrPz&An Ed25519 public key is 32 bytes long)r _check_bytesrr-_ED25519_KEY_SIZErrqr NID_ED25519rorrr+rJrrs r_ed25519_load_public_bytesz!Backend.ed25519_load_public_bytess 64((( t991 1 1EFF F988 I !49>4T   H 67779<<$)*ABB x000r^ct|tjkrtdt jd||j|}|j |jj |jj |t|}| ||jj k|j ||jj}t||S)Nz'An Ed25519 private key is 32 bytes longrP)rr-rrrrrorrqrrrrr+rJrrs r_ed25519_load_private_bytesz"Backend.ed25519_load_private_bytess t991 1 1FGG G vt,,,9((..999 I !49>8SYY   H 67779<<$)*ABB!$111r^c`||jj}t||Sr)rrqrrrKs r_ed25519_generate_keyzBackend.ed25519_generate_keys*++DI,ABB!$111r^cH|jrdS|jj o |jj Sr)rsrq#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111Brlrs r_ed448_supportedzBackend.ed448_supporteds2   5 = = 8I77 r^ctjd|t|tkrt d|j|jj|jj |t|}| ||jj k|j ||jj }t||S)NrPz$An Ed448 public key is 57 bytes long)rrrrrrqr NID_ED448rorrr+rJrrs r_ed448_load_public_byteszBackend.ed448_load_public_bytess 64((( t99 ' 'CDD D988 I s4yy   H 67779<<$)*ABBtX...r^ctjd|t|tkrt d|j|}|j|jj |jj |t|}| ||jj k|j ||jj }t||S)NrPz%An Ed448 private key is 57 bytes long)rrrrrrorrqrrrrr+rJrrs r_ed448_load_private_bytesz Backend.ed448_load_private_bytess vt,,, t99 ' 'DEE E9((..999 I 3t99   H 67779<<$)*ABBh///r^c`||jj}t||Sr)rrqrrrKs r_ed448_generate_keyzBackend.ed448_generate_keys*++DI,?@@h///r^r@rc |jd|}|j|}|j|t ||t ||||t j|| } | dkrB|} d|z|zdz} td | | |j |ddS)NrriizJNot enough memory to derive key. These parameters require {} MB of memory.) rorrrqEVP_PBE_scryptrrN _MEM_LIMITr MemoryErrorrr) rrrrr@rr9rr rr min_memorys r_ derive_scryptzBackend.derive_scryptsimm-v66900>>i&&      II        !88))++Fq11J$$*F:$6$6  y$$QQQ''r^ctj|}|jr ||jvrdS|dr|jjdkS|j||jj kS)NFs-sivri) r_aead_cipher_namers _fips_aeadendswithrqrryror)rr cipher_names r_aead_cipher_supportedzBackend.aead_cipher_supportedsy,V44   +T_"D"D5    ( ( 9@AE E ..{;;ty~M r^c4t|D]}d||<dSr)range)rrPris r_ _zero_datazBackend._zero_datas.v  ADGG  r^c#K||jjVdSt|}|jd|dz}|j||| |V||jd||dS#||jd||wxYw)a This method takes bytes, which can be a bytestring or a mutable buffer like a bytearray, and yields a null-terminated version of that data. This is required because PKCS12_parse doesn't take a length with its password char * and ffi.from_buffer doesn't provide null termination. So, to support zeroing the data via bytearray we need to build this ridiculous construct that copies the memory, but zeroes it after use. Nrriz uint8_t *)rorrrmemmoverr{)rrPdata_lenrs r__zeroed_null_terminated_bufz#Backend._zeroed_null_terminated_bufs <). 4yyH)--(Q,77C I  c4 2 2 2 L  {C @ @(KKKKK {C @ @(KKKKs B1Cc|||}|j|jr |jjndd|jDfS)Ncg|] }|j Sr]) certificate)rrs r_ zABackend.load_key_and_certificates_from_pkcs12..0s B B B$T  B B Br^) load_pkcs12rrradditional_certs)rrPrapkcs12s r_%load_key_and_certificates_from_pkcs12z-Backend.load_key_and_certificates_from_pkcs12%sP!!$11 J'-{ ?? ?"$ ?din , ,y||LOTY5LMMH//0C A;$). ( (9<< TY-@AADt,,HD224HHJTY^++y'' 33$Xt44D q>TY^ + +ill;q>493IJJG)'' A77C  = /96 / **"5::..  y..w::##DDIN$:;;;y||D$)*=>> OOD11  !Y66tTY^LL // $ 0 0 < >(3##Gty~$=>>>>).#/;2> >?? ? ;#c((a--inGGi0022Gill7DI,BCCGH 1 1b"344 2!/H"oobn==G'"i77#TY^R#i77#Xs8}}''q1111"oob11G(((i,,Wg>>&&sax0000  - -h 7 7! <11$77 859MDOOD111ty~ ?"}HH#y~Hi--                  * 9 ty~-- (( IN3! ! ! ! ! ! ! ! ! ! ! ! ! ! ! F C49>1222ill3 566%%''i&&sC00 C!G$$$!!#&&&s8>QAO=1 Q=P QP A QQ!Qc4|jrdS|jjdkSr)rsrqCryptography_HAS_POLY1305rs r_poly1305_supportedzBackend.poly1305_supported s"   5y2a77r^ctjd|t|tkrt dt ||S)NrzA poly1305 key is 32 bytes long)rrrrrr)rrs r_create_poly1305_ctxzBackend.create_poly1305_ctx" sF uc*** s88) ) )>?? ?c***r^c|jj Srrrs r_pkcs7_supportedzBackend.pkcs7_supported) rr^ctjd|||}|j|j|jj|jj|jj}||jjkr#|td|j ||jj }| |SNrPzUnable to parse PKCS7 data) rrrUrqPEM_read_bio_PKCS7rVrorrrr+ PKCS7_free_load_pkcs7_certificatesrrPrVp7s r_load_pem_pkcs7_certificatesz#Backend.load_pem_pkcs7_certificates, s 64(((  && Y ) ) GTY^TY^TY^       " " "9:: : Y\\"di2 3 3,,R000r^ctjd|||}|j|j|jj}||jjkr#|td|j ||jj }| |Sr@) rrrUrq d2i_PKCS7_biorVrorrrr+rBrCrDs r_load_der_pkcs7_certificatesz#Backend.load_der_pkcs7_certificates; s 64(((  && Y $ $SWdin = =     " " "9:: : Y\\"di2 3 3,,R000r^cR|j|j}|||jjk||jjkr-t d|tj |j j j }|j |}g}t|D]j}|j||}|||jjk||}||k|S)NzNOnly basic signed structures are currently supported. NID for this data was {})rq OBJ_obj2nidrrrNID_pkcs7_signedrrrUNSUPPORTED_SERIALIZATIONr;signrr rr rorrr~) rrErrrcertsrrrs r_rCz Backend._load_pkcs7_certificatesH s i##BG,, C49#66777 $), , ,&((.s 2  $).i##G,,s  A9**7A66D     6 7 7 7??4((D LL     r^)rjNr)rZr[r\__doc__rrr9rr&rrrr SHA512_224 SHA512_256SHA3_224SHA3_256SHA3_384SHA3_512SHAKE128SHAKE256rr+ SECP224R1 SECP256R1 SECP384R1 SECP521R1rG_fips_rsa_min_key_size_fips_rsa_min_public_exponent_fips_dsa_min_modulus_fips_dh_min_key_size_fips_dh_min_modulusrstrrrtypingOptionalListr  OpenSSLErrorrrrrr contextlibrrrzrrrrbytes HashAlgorithmrrrrrrrr HashContextrr8rMrrrur rrrr rrr#r. RSAPrivateKeyr2r5RSAPrivateNumbersrDRSAPublicNumbers RSAPublicKeyrGrLr/rUrUrZr_r5rr6rrr(rrr* DSAParametersr DSAPrivateKeyrrrDSAPrivateNumbersrDSAPublicNumbers DSAPublicKeyrDSAParameterNumbersrrrrrr7r rrrr) DHParametersrrorrrr CertificateAnyrrrrNoReturnr EllipticCurverEllipticCurveSignatureAlgorithmrEllipticCurvePrivateKeyrEllipticCurvePrivateNumbersr1EllipticCurvePublicNumbersEllipticCurvePublicKeyr3r9rArrCrHrIrr r$r%r'rrarbrwrlrsr}rrrr DHPrivateKeyrrDHPrivateNumbersrDHPublicNumbers DHPublicKeyrDHParameterNumbersrrrr0X25519PublicKeyrX25519PrivateKeyrrrrr/ X448PublicKeyrX448PrivateKeyrrrrr-Ed25519PublicKeyrEd25519PrivateKeyrrrr,Ed448PublicKeyrEd448PrivateKeyrrrrrrTuplerrRrrSrTr7r:rr<r>rFrIrCr]r^r_raras| D JFM      L     "$)!I  55::::, #    KOEE E L,E FGE  EEEE $    5555 . . . .***& * * * *55555 c    /////22%+%92 2222 0D    9M ((<(((((.-. ....:$:::: .(<.....---  ---- , ,d ,t , , , ,>>>>BBBBHK%K-1K KKKK K%K-1K KKKK .v/C.....('(( (  (  ( ((((02\-F!G2222     c" " .1     . " .1     ' &' )-'   ' ' ' ' R 8+ 8  8 8 8 8  K% KJ K K K K    E    F@8<F@ F@F@F@F@P9@>9@9@9@9@v  f.B  t     ->4&70A7d7777 ))8I))))0 3+ 3  3 3 3 399 9999 & &&&&9,9 9999*8+8 8888&/./ ////  &t&&&&8F,@8T8888  T    -)=-,----    /%(  )-       (1(1.(1(1(1(1T - -"/ - - - -/%()-   4   11.1111.))"/))))$t/FJG6:G$2BGGGG 77772 2 2 2 2 h,6?,,,,\b.>4 4? 4 4  4 4 4 4% #,2B52B #2B2B2B2Bh A4 A " A A A AA%A49A "AAAA,(B (B)+)9(B #(B(B(B(BT8"*:8888=#====    )+)9        B,<"))^)& &  &  &&&&Bx<(x<+x<,F x< x<x<x<xr?r@rArBrCrD,cryptography.hazmat.primitives.ciphers.modesrErFrGrHrIrJrKrLrM"cryptography.hazmat.primitives.kdfrN,cryptography.hazmat.primitives.serializationrO3cryptography.hazmat.primitives.serialization.pkcs12rPrQrRrSrT namedtuplerUrYrarrr'r]r^r_rs  %%%%%%$$$$$$$$BBBBBBBB555555GGGGGGBBBBBB   EDDDDDBBBBBBGFFFFF888888@@@@@@@@HHHHHH                                                                       655555<<<<<<$[ #L5*2E F F         \#\#\#\#\#\#\#\#~F2JWJcJJJJ '))r^