3 K^|@sddlmZmZmZddlZddlZddlZddlZddlmZddl Z ddl m Z ddl m Z mZddlmZmZddlmZmZmZmZmZddlmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%dd l&m'Z'dd l(m)Z)dd l*m+Z+dd l,m-Z-dd l.m/Z/m0Z0m1Z1m2Z2ddl3m4Z4m5Z5m6Z6ddl7m8Z8m9Z9ddl:m;Z;mZ>m?Z?m@Z@ddlAmBZBmCZCmDZDmEZEmFZFmGZGmHZHmIZImJZJddlKmLZLddlMmNZNddlOmPZPmQZQddlRmSZSmTZTddlUmVZVmWZWddlXmYZYmZZZddl[m\Z\m]Z]ddl^m_Z_m`Z`maZambZbddlcmdZdddlemfZfmgZgddlhmiZimjZjmkZkmlZlmmZmddlnmoZompZpmqZqmrZrddlsmtZtmuZumvZvmwZwmxZxmyZymzZzm{Z{m|Z|dd l}m~Z~mZmZmZmZmZmZmZdd!lmZdd"lmZdd#lmZejd$d%d&gZGd'd(d(eZe jee jee jee jee jee jee je e jee je!e je#e je"e je%e jedjjje$Gd)d*d*eZGd+d,d,eZd-d.ZeZdS)/)absolute_importdivisionprint_functionN)contextmanager)range)utilsx509)UnsupportedAlgorithm_Reasons)INTEGERNULLSEQUENCE encode_derencode_der_integer) CMACBackend CipherBackendDERSerializationBackend DHBackend DSABackendEllipticCurveBackend HMACBackend HashBackendPBKDF2HMACBackendPEMSerializationBackend RSABackend ScryptBackend X509Backend)aead)_CipherContext) _CMACContext)_CRL_ENTRY_REASON_ENUM_TO_CODE) _DHParameters _DHPrivateKey _DHPublicKey_dh_params_dup)_DSAParameters_DSAPrivateKey _DSAPublicKey)_EllipticCurvePrivateKey_EllipticCurvePublicKey)_Ed25519PrivateKey_Ed25519PublicKey)_ED448_KEY_SIZE_Ed448PrivateKey_Ed448PublicKey) $_CRL_ENTRY_EXTENSION_ENCODE_HANDLERS_CRL_EXTENSION_ENCODE_HANDLERS_EXTENSION_ENCODE_HANDLERS)_OCSP_BASICRESP_EXTENSION_ENCODE_HANDLERS'_OCSP_REQUEST_EXTENSION_ENCODE_HANDLERS_encode_asn1_int_gc_encode_asn1_str_gc_encode_name_gc _txt2obj_gc) _HashContext) _HMACContext) _OCSPRequest _OCSPResponse)_POLY1305_KEY_SIZE_Poly1305Context)_RSAPrivateKey _RSAPublicKey)_X25519PrivateKey_X25519PublicKey)_X448PrivateKey_X448PublicKey) _Certificate_CertificateRevocationList_CertificateSigningRequest_RevokedCertificate)binding)hashes serialization)dsaeced25519ed448rsa)MGF1OAEPPKCS1v15PSS) AESARC4BlowfishCAST5CamelliaChaCha20IDEASEED TripleDES)CBCCFBCFB8CTRECBGCMOFBXTS)scrypt)ssh)ocsp _MemoryBIObioZchar_ptrc@s eZdZdS)_RC2N)__name__ __module__ __qualname__rnrnP/tmp/pip-unpacked-wheel-vvkwn1hz/cryptography/hazmat/backends/openssl/backend.pyrjbsrjc@sveZdZdZdZddZddZddZej d d Z d d Z d dZ ddZ ddZddZddZddZddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/d0Zdd2d3Zd4d5Zd6d7Z d8d9Z!d:d;Z"dd?Z$d@dAZ%dBdCZ&dDdEZ'dFdGZ(dHdIZ)dJdKZ*dLdMZ+dNdOZ,dPdQZ-dRdSZ.dTdUZ/dVdWZ0dXdYZ1dZd[Z2d\d]Z3d^d_Z4d`daZ5dbdcZ6dddeZ7dfdgZ8dhdiZ9djdkZ:dldmZ;dndoZdtduZ?dvdwZ@dxdyZAdzd{ZBd|d}ZCd~dZDddZEddZFddZGddZHddZIddZJddZKddZLddZMddZNddZOddZPddZQddZRddZSddZTddZUddZVddZWddZXddZYddZZddZ[ddZ\ddZ]ddZ^ddZ_ddZ`e ddZaddZbddZcddZdddZeddÄZfddńZgddDŽZhddɄZidd˄Zjdd̈́ZkddτZlddфZmddӄZnddՄZodddׄZpddلZqddۄZrdd݄Zsdd߄ZtddZuddZvddZwddZxddZyddZzddZ{ddZ|ddZ}ddZ~ddZddZddZddZddZddZddZej ddZddZej ddZdd Zd d Zd d Zd1S(Backendz) OpenSSL API binding interfaces. ZopensslcCs\tj|_|jj|_|jj|_i|_|j|j |jj g|_ |jj rX|j j |jjdS)N)rHBindingZ_bindingffi_ffilib_lib_cipher_registry_register_default_ciphersactivate_osrandom_engineZ EVP_PKEY_DH _dh_typesCryptography_HAS_EVP_PKEY_DHXappendZ EVP_PKEY_DHX)selfrnrnro__init__{s    zBackend.__init__cCstj|j|S)N)rHZ_openssl_assertru)r|okrnrnroopenssl_assertszBackend.openssl_assertcCsf|jjrb|jj}||jjkrb|jj||jj|jj}|j|dk|jj|}|j|dkdS)N) ruCryptography_HAS_ENGINEZENGINE_get_default_RANDrsr ZENGINE_unregister_RANDRAND_set_rand_methodr ENGINE_finish)r|eresrnrnroactivate_builtin_randoms    zBackend.activate_builtin_randomc cs|jj|jj}|j||jjk|jj|}|j|dkz |VWd|jj|}|j|dk|jj|}|j|dkXdS)Nr) ruZ ENGINE_by_idZCryptography_osrandom_engine_idrrsr Z ENGINE_initZ ENGINE_freer)r|rrrnrnro_get_osurandom_engines    zBackend._get_osurandom_enginec Cs`|jjr\|j|j }|jj|}|j|dkWdQRX|jj|jj}|j|dkdS)Nr) rurrrZENGINE_set_default_RANDrrrsr )r|rrrnrnrorxs  z Backend.activate_osrandom_enginecCs`|jjdd}|j2}|jj|dt|||jjd}|j|dkWdQRX|jj|j dS)Nzchar[]@sget_implementationrascii) rsnewrruZENGINE_ctrl_cmdlenr rstringdecode)r|bufrrrnrnroosrandom_engine_implementations   z&Backend.osrandom_engine_implementationcCs|jj|jj|jjjdS)z Friendly string name of the loaded OpenSSL library. This is not necessarily the same version as it was compiled against. Example: OpenSSL 1.0.1e 11 Feb 2013 r)rsrruZOpenSSL_versionOPENSSL_VERSIONr)r|rnrnroopenssl_version_textszBackend.openssl_version_textcCs |jjS)N)ruZOpenSSL_version_num)r|rnrnroopenssl_version_numberszBackend.openssl_version_numbercCs t|||S)N)r9)r|key algorithmrnrnrocreate_hmac_ctxszBackend.create_hmac_ctxcCsL|jdks|jdkr0dj|j|jdjd}n |jjd}|jj|}|S)Nblake2bblake2sz{}{}r)nameformat digest_sizeencoderuZEVP_get_digestbyname)r|rZalgevp_mdrnrnro_evp_md_from_algorithms  zBackend._evp_md_from_algorithmcCs |j|}|j||jjk|S)N)rrrsr )r|rrrnrnro_evp_md_non_null_from_algorithms z'Backend._evp_md_non_null_from_algorithmcCs|j|}||jjkS)N)rrsr )r|rrrnrnrohash_supporteds zBackend.hash_supportedcCs |j|S)N)r)r|rrnrnrohmac_supportedszBackend.hmac_supportedcCs t||S)N)r8)r|rrnrnrocreate_hash_ctxszBackend.create_hash_ctxc CsHy|jt|t|f}Wntk r.dSX||||}|jj|kS)NF)rvtypeKeyErrorrsr )r|ciphermodeadapter evp_cipherrnrnrocipher_supporteds  zBackend.cipher_supportedcCs0||f|jkrtdj||||j||f<dS)Nz"Duplicate registration for: {} {}.)rv ValueErrorr)r| cipher_clsmode_clsrrnrnroregister_cipher_adapters zBackend.register_cipher_adaptercCsnx,tttttttgD]}|jt|t dqWx(tttttgD]}|jt |t dq>Wx&ttttgD]}|jt |t dqfW|jt tt dx&ttttgD]}|jt |t dqWx&ttttgD]}|jt |t dqWx6tjttgttttgD]\}}|j||t dqW|jttdt d|jttdt d|jttdt d |jtttdS) Nz+{cipher.name}-{cipher.key_size}-{mode.name}zdes-ede3-{mode.name}zdes-ede3zbf-{mode.name}zseed-{mode.name}z{cipher.name}-{mode.name}Zrc4Zrc2Zchacha20)r]r`rarcr^r_rbrrTGetCipherByNamerXr\rVr[ itertoolsproductrWrZrUrrjrYrd_get_xts_cipher)r|rrrnrnrorws^   z!Backend._register_default_cipherscCst|||tjS)N)rZ_ENCRYPT)r|rrrnrnrocreate_symmetric_encryption_ctx7sz'Backend.create_symmetric_encryption_ctxcCst|||tjS)N)rZ_DECRYPT)r|rrrnrnrocreate_symmetric_decryption_ctx:sz'Backend.create_symmetric_decryption_ctxcCs |j|S)N)r)r|rrnrnropbkdf2_hmac_supported=szBackend.pbkdf2_hmac_supportedc Csh|jjd|}|j|}|jj|}|jj|t||t|||||} |j| dk|jj|ddS)Nzunsigned char[]r) rsrr from_bufferruZPKCS5_PBKDF2_HMACrrbuffer) r|rlengthsaltZ iterations key_materialrrkey_material_ptrrrnrnroderive_pbkdf2_hmac@s  zBackend.derive_pbkdf2_hmaccCs tj|jS)N)rH_consume_errorsru)r|rnrnrorRszBackend._consume_errorscCs||jjksttjs~|jj|}|jjd|}|jj||}|j |dkt j |jj |d|d}|jj |rz| }|S|jj|}|j ||jjk|jj|}|jj|t |dSdS)Nzunsigned char[]rbig)rsr AssertionErrorsixPY2ruZ BN_num_bytesrZ BN_bn2binrint from_bytesrZBN_is_negativeZ BN_bn2hexr OPENSSL_free)r|bnZ bn_num_bytesZbin_ptrZbin_lenvalZ hex_cdatahex_strrnrnro _bn_to_intUs     zBackend._bn_to_intNcCs|dks||jjkst|dkr(|jj}tjst|jt|jddd}|jj |t ||}|j ||jjk|St |j dddjd}|jjd}||d <|jj||}|j |d k|j |d |jjk|d SdS) a  Converts a python integer to a BIGNUM. The returned BIGNUM will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. Ng @rrLrz BIGNUM **r)rsr rrrto_bytesr bit_lengthruZ BN_bin2bnrrhexrstriprrZ BN_hex2bn)r|numrbinaryZbn_ptrZhex_numrrnrnro _int_to_bnks zBackend._int_to_bncCstj|||jj}|j||jjk|jj||jj}|j |}|jj||jj }|jj ||||jj}|j|dk|j |}t |||S)Nr)rOZ_verify_rsa_parametersruRSA_newrrsr gcRSA_freerBN_freeZRSA_generate_key_ex_rsa_cdata_to_evp_pkeyr>)r|public_exponentkey_size rsa_cdatarrevp_pkeyrnrnrogenerate_rsa_private_keys    z Backend.generate_rsa_private_keycCs|dko|d@dko|dkS)Nrrirn)r|rrrnrnro!generate_rsa_parameters_supportedsz)Backend.generate_rsa_parameters_supportedc CsRtj|j|j|j|j|j|j|jj |jj |j j }|j ||jjk|jj||j j}|j|j}|j|j}|j|j}|j|j}|j|j}|j|j}|j|jj } |j|jj } |j j|||} |j | dk|j j|| | |} |j | dk|j j||||} |j | dk|j j||jj} |j | dk|j|} t||| S)Nr)rOZ_check_private_key_componentspqddmp1dmq1iqmppublic_numbersrnrurrrsr rrrZRSA_set0_factors RSA_set0_keyZRSA_set0_crt_paramsZRSA_blinding_onrr>) r|numbersrrrrrrrrrrrrnrnroload_rsa_private_numberss<         z Backend.load_rsa_private_numberscCstj|j|j|jj}|j||jjk|jj ||jj }|j |j}|j |j}|jj ||||jj}|j|dk|j |}t|||S)Nr)rOZ_check_public_key_componentsrrrurrrsr rrrrrr?)r|rrrrrrrnrnroload_rsa_public_numberss    zBackend.load_rsa_public_numberscCs2|jj}|j||jjk|jj||jj}|S)N)ruZ EVP_PKEY_newrrsr r EVP_PKEY_free)r|rrnrnro_create_evp_pkey_gcs zBackend._create_evp_pkey_gccCs(|j}|jj||}|j|dk|S)Nr)rruZEVP_PKEY_set1_RSAr)r|rrrrnrnrorszBackend._rsa_cdata_to_evp_pkeycCsH|jj|}|jj|t|}|j||jjkt|jj||jj |S)z Return a _MemoryBIO namedtuple of (BIO, char*). The char* is the storage for the BIO and it must stay alive until the BIO is finished with. ) rsrruZBIO_new_mem_bufrrr rhrBIO_free)r|datadata_ptrrirnrnro _bytes_to_bios   zBackend._bytes_to_biocCsP|jj}|j||jjk|jj|}|j||jjk|jj||jj}|S)z. Creates an empty memory BIO. )ruZ BIO_s_memrrsr ZBIO_newrr)r|Z bio_methodrirnrnro_create_mem_bio_gcs   zBackend._create_mem_bio_gccCs\|jjd}|jj||}|j|dk|j|d|jjk|jj|d|dd}|S)zE Reads a memory BIO. This only works on memory BIOs. zchar **rN)rsrruZBIO_get_mem_datarr r)r|rirZbuf_lenbio_datarnrnro _read_mem_bios  zBackend._read_mem_biocCs|jj|}||jjkrT|jj|}|j||jjk|jj||jj}t |||S||jj kr|jj |}|j||jjk|jj||jj }t |||S||jjkr|jj|}|j||jjk|jj||jj}t|||S||jkr,|jj|}|j||jjk|jj||jj}t|||S|t|jddkrJt||S|t|jddkrht||S|t|jddkrt||S|t|jddkrt||StddS)zd Return the appropriate type of PrivateKey given an evp_pkey cdata pointer. EVP_PKEY_ED25519N EVP_PKEY_X448EVP_PKEY_X25519EVP_PKEY_ED448zUnsupported key type.)ru EVP_PKEY_id EVP_PKEY_RSAEVP_PKEY_get1_RSArrsr rrr> EVP_PKEY_DSAEVP_PKEY_get1_DSADSA_freer& EVP_PKEY_ECEVP_PKEY_get1_EC_KEY EC_KEY_freer(ryEVP_PKEY_get1_DHDH_freer"getattrr*rBr@r-r )r|rkey_typer dsa_cdataec_cdatadh_cdatarnrnro_evp_pkey_to_private_keys<                 z Backend._evp_pkey_to_private_keycCs|jj|}||jjkrT|jj|}|j||jjk|jj||jj}t |||S||jj kr|jj |}|j||jjk|jj||jj }t |||S||jjkr|jj|}|j||jjk|jj||jj}t|||S||jkr,|jj|}|j||jjk|jj||jj}t|||S|t|jddkrJt||S|t|jddkrht||S|t|jddkrt||S|t|jddkrt||StddS)zc Return the appropriate type of PublicKey given an evp_pkey cdata pointer. rNrrrzUnsupported key type.)rurrrrrsr rrr?rrrr'rrrr)ryrrr#rr+rCrAr.r )r|rrrrrrrnrnro_evp_pkey_to_public_key+s<                 zBackend._evp_pkey_to_public_keycCs6|jjr&t|tjtjtjtjtjfSt|tjSdS)N) ruZCryptography_HAS_RSA_OAEP_MD isinstancerISHA1SHA224SHA256SHA384SHA512)r|rrnrnro_oaep_hash_supportedVs zBackend._oaep_hash_supportedcCst|trdSt|tr2t|jtr2|j|jjSt|trt|jtr|j|jjo|j|jo|j dkpt |j dkp|j j dkSdSdS)NTrrF) r rRrSZ_mgfrPr _algorithmrQrZ_labelrruZCryptography_HAS_RSA_OAEP_LABEL)r|paddingrnrnrorsa_padding_supportedds   zBackend.rsa_padding_supportedcCs~|dkrtd|jj}|j||jjk|jj||jj}|jj|||jjd|jj|jj|jj}|j|dkt ||S)N z+Key size must be 1024 or 2048 or 3072 bits.rr)rrr) rruDSA_newrrsr rrZDSA_generate_parameters_exr%)r|rctxrrnrnrogenerate_dsa_parametersus  zBackend.generate_dsa_parameterscCsT|jj|j}|j||jjk|jj||jj}|jj||j |}t |||S)N) ruZ DSAparams_dupZ _dsa_cdatarrsr rrZDSA_generate_key_dsa_cdata_to_evp_pkeyr&)r| parametersrrrnrnrogenerate_dsa_private_keys   z Backend.generate_dsa_private_keycCs|j|}|j|S)N)rr)r|rrrnrnro'generate_dsa_private_key_and_parameterss z/Backend.generate_dsa_private_key_and_parameterscCsB|jj||||}|j|dk|jj|||}|j|dkdS)Nr)ru DSA_set0_pqgrZ DSA_set0_key)r|rrrgpub_keypriv_keyrrnrnro_dsa_cdata_set_valuesszBackend._dsa_cdata_set_valuesc Cstj||jj}|jj}|j||jjk|jj ||jj }|j |j }|j |j }|j |j}|j |jj}|j |j}|j|||||||j|} t||| S)N)rKZ_check_dsa_private_numbersrparameter_numbersrurrrsr rrrrrryxr!rr&) r|rr"rrrrrr rrnrnroload_dsa_private_numberss       z Backend.load_dsa_private_numbersc Cstj|j|jj}|j||jjk|jj||jj }|j |jj }|j |jj }|j |jj }|j |j}|jj}|j|||||||j|}t|||S)N)rK_check_dsa_parametersr"rurrrsr rrrrrrr#r!rr') r|rrrrrrr rrnrnroload_dsa_public_numberss    zBackend.load_dsa_public_numberscCstj||jj}|j||jjk|jj||jj}|j |j }|j |j }|j |j }|jj ||||}|j|dkt||S)Nr)rKr&rurrrsr rrrrrrrr%)r|rrrrrrrnrnroload_dsa_parameter_numberss     z"Backend.load_dsa_parameter_numberscCs(|j}|jj||}|j|dk|S)Nr)rruZEVP_PKEY_set1_DSAr)r|rrrrnrnrorszBackend._dsa_cdata_to_evp_pkeycCs |j|S)N)r)r|rrnrnrodsa_hash_supportedszBackend.dsa_hash_supportedcCsdS)NTrn)r|rrrrnrnrodsa_parameters_supportedsz Backend.dsa_parameters_supportedcCs|j|td|jS)N)rr] block_size)r|rrnrnrocmac_algorithm_supportedsz Backend.cmac_algorithm_supportedcCs t||S)N)r)r|rrnrnrocreate_cmac_ctxszBackend.create_cmac_ctxc st|tjstdt|tjtjfr8|dk rptdn8t|t j sNtdn"t|t j rpt|t j  rptdj||}jj}j|jjkjj|jj}jj|tjjj}j|dkjj|t|j}j|dk|j}jj||j}j|dkjj }j|jjkjj|fdd}j!|j"t#|jj$dd jj%||}j|dkjj&||j|}|d krȈj'} j| d j(jj)jj*td t+|S) NzBuilder type mismatch.z8algorithm must be None when signing via ed25519 or ed448z.Algorithm must be a registered hash algorithm.z5MD5 is not a supported hash algorithm for EC/DSA CSRsrcsjj|jjjjdS)NX509_EXTENSION_free)ruZsk_X509_EXTENSION_pop_freers addressof _original_lib)r$)r|rnrosz)Backend.create_x509_csr..F) extensionshandlersx509_objadd_funcrrzDigest too big for RSA key),r rZ CertificateSigningRequestBuilder TypeErrorrMEd25519PrivateKeyrNEd448PrivateKeyrrI HashAlgorithmMD5rO RSAPrivateKey_evp_md_x509_null_if_eddsaruZ X509_REQ_newrrsr r X509_REQ_freeZX509_REQ_set_versionVersionZv1valueZX509_REQ_set_subject_namer6 _subject_name public_keyZX509_REQ_set_pubkey _evp_pkeyZsk_X509_EXTENSION_new_null_create_x509_extensions _extensionsr1Zsk_X509_EXTENSION_insertZX509_REQ_add_extensionsZ X509_REQ_signr_lib_reason_match ERR_LIB_RSA RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEYrF) r|builder private_keyrrx509_reqrrBZ sk_extensionerrorsrn)r|rocreate_x509_csrsb           zBackend.create_x509_csrc Cst|tjstdt|tjtjfr8|dk rLtdnt|t j sLtdt|t j rnt|t j  rntd|j||}|jj}|jj|tjj}|jj||jj}|j|dk|jj|t||j}|j|dk|jj||jj}|j|dkt||j }|jj!||}|j|dk|j"|jj#||j$|j"|jj%||j&|j'|j(t)||jj*dd|jj+|t||j,}|j|dk|jj-||j|}|dkr|j.}|j|dj/|jj0|jj1td t2||S) NzBuilder type mismatch.z8algorithm must be None when signing via ed25519 or ed448z.Algorithm must be a registered hash algorithm.z8MD5 is only (reluctantly) supported for RSA certificatesrT)r3r4r5r6rrzDigest too big for RSA key)3r rZCertificateBuilderr7rMr8rNr9rrIr:r;rOr<r=ruZX509_newrsrbackend X509_freeZX509_set_version_versionr@rZX509_set_subject_namer6rAZX509_set_pubkeyZ _public_keyrCr4_serial_numberZX509_set_serialNumber_set_asn1_timeZX509_getm_notBeforeZ_not_valid_beforeZX509_getm_notAfterZ_not_valid_afterrDrEr1Z X509_add_extZX509_set_issuer_name _issuer_nameZ X509_signrrFrGrHrD) r|rIrJrrZ x509_certr serial_numberrLrnrnrocreate_x509_certificate4sd          zBackend.create_x509_certificatecCs(t|tjtjfr|jjS|j|SdS)N)r rMr8rNr9rsr r)r|rJrrnrnror=sz"Backend._evp_md_x509_null_if_eddsacCsL|jdkr|jdjd}n|jdjd}|jj||}|j|dkdS)Niz %Y%m%d%H%M%SZrz %y%m%d%H%M%SZr)yearstrftimerruZASN1_TIME_set_stringr)r| asn1_timetimeZasn1_strrrnrnrorRs  zBackend._set_asn1_timecCs>|jj}|j||jjk|jj||jj}|j|||S)N)ruZ ASN1_TIME_newrrsr rZASN1_TIME_freerR)r|rYrXrnrnro_create_asn1_times   zBackend._create_asn1_timec Cst|tjstdt|tjtjfr8|dk rLtdnt|t j sLtdt|t j rnt|t j  rntd|j||}|jj}|jj|tjj}|jj|d}|j|dk|jj|t||j}|j|dk|j|j}|jj||}|j|dk|j|j}|jj||}|j|dk|j|j t!||jj"ddxL|j#D]B} |jj$| j%} |j| |jj&k|jj'|| }|j|dkqHW|jj(||j)|}|dkr|j*} |j| dj+|jj,|jj-td t.||S) NzBuilder type mismatch.z8algorithm must be None when signing via ed25519 or ed448z.Algorithm must be a registered hash algorithm.z5MD5 is not a supported hash algorithm for EC/DSA CRLsrT)r3r4r5r6rrzDigest too big for RSA key)/r rZ CertificateRevocationListBuilderr7rMr8rNr9rrIr:r;rOr<r=ruZ X509_CRL_newrsrrN X509_CRL_freeZX509_CRL_set_versionrZX509_CRL_set_issuer_namer6rSrZ _last_updateZX509_CRL_set_lastUpdate _next_updateZX509_CRL_set_nextUpdaterDrEr0ZX509_CRL_add_extZ_revoked_certificatesZCryptography_X509_REVOKED_dupZ _x509_revokedr ZX509_CRL_add0_revokedZ X509_CRL_signrCrrFrGrHrE) r|rIrJrrx509_crlrZ last_update next_updateZ revoked_certZrevokedrLrnrnrocreate_x509_crlsb           zBackend.create_x509_crlc Cshxbt|D]V\}}|j||}|j||jjk|rF|jj||jj}||||} |j| dkq WdS)Nr) enumerate_create_x509_extensionrrsr rrur/) r|r3r4r5r6ri extensionZx509_extensionrrnrnrorDs  zBackend._create_x509_extensionscCs.t||jj}|jj|jj||jr&dnd|S)Nrr)r7oid dotted_stringruZX509_EXTENSION_create_by_OBJrsr critical)r|rdr@objrnrnro_create_raw_x509_extensionsz"Backend._create_raw_x509_extensionc Cst|jtjr(t||jj}|j||St|jtjrfttfdd|jD}t||}|j||St|jtj rt|tt }|j||Sy||j }Wn$t k rt dj|j YnX|||j}|jj|j jjd}tj||jjk|jj||jr dnd|SdS)NcSsg|]}ttt|jqSrn)rr rr@).0r$rnrnro sz2Backend._create_x509_extension..zExtension not supported: {}rrr)r r@rZUnrecognizedExtensionr5riZ TLSFeaturerr Z PrecertPoisonr rerNotImplementedErrorrruZ OBJ_txt2nidrfrrNr NID_undefZX509V3_EXT_i2drg)r|r4rdr@Zasn1rZ ext_structnidrnrnrorb s0     zBackend._create_x509_extensioncCst|tjstd|jj}|j||jjk|jj ||jj }t ||j }|jj ||}|j|dk|j|j}|jj||}|j|dk|j|jt||jjddt|d|S)NzBuilder type mismatch.rT)r3r4r5r6r)r rZRevokedCertificateBuilderr7ruZX509_REVOKED_newrrsr rZX509_REVOKED_freer4rQZX509_REVOKED_set_serialNumberrZZ_revocation_dateZX509_REVOKED_set_revocationDaterDrEr/ZX509_REVOKED_add_extrG)r|rIZ x509_revokedrTrZrev_daternrnrocreate_x509_revoked_certificate,s&    z'Backend.create_x509_revoked_certificatecCs|j|jj|j||S)N) _load_keyruZPEM_read_bio_PrivateKeyr)r|rpasswordrnrnroload_pem_private_keyEs zBackend.load_pem_private_keycCs|j|}|jj|j|jj|jj|jj}||jjkrR|jj||jj}|j|S|j |jj |j}|j |dk|jj |j|jj|jj|jj}||jjkr|jj||jj }|j|}t|||S|jdS)Nr)rruZPEM_read_bio_PUBKEYrirsr rrrr BIO_resetrZPEM_read_bio_RSAPublicKeyrrr?_handle_key_loading_error)r|rmem_biorrrrnrnroload_pem_public_keyMs       zBackend.load_pem_public_keycCs^|j|}|jj|j|jj|jj|jj}||jjkrR|jj||jj}t||S|j dS)N) rruZPEM_read_bio_DHparamsrirsr rrr!rt)r|rrurrnrnroload_pem_parametersfs   zBackend.load_pem_parameterscCs>|j|}|j||}|r$|j|S|j|jj|j||SdS)N)r"_evp_pkey_from_der_traditional_keyrrpruZd2i_PKCS8PrivateKey_bio)r|rrqrrrnrnroload_der_private_keyqs   zBackend.load_der_private_keycCsV|jj|j|jj}||jjkrF|jj||jj}|dk rBtd|S|jdSdS)Nz4Password was given but private key is not encrypted.) rud2i_PrivateKey_biorirsr rrr7r)r|rrqrrnrnrorxs z*Backend._evp_pkey_from_der_traditional_keycCs|j|}|jj|j|jj}||jjkrF|jj||jj}|j|S|j |jj |j}|j |dk|jj |j|jj}||jjkr|jj||jj }|j|}t|||S|jdS)Nr)rruZd2i_PUBKEY_biorirsr rrrrrsrZd2i_RSAPublicKey_biorrr?rt)r|rrurrrrnrnroload_der_public_keys      zBackend.load_der_public_keycCs|j|}|jj|j|jj}||jjkrF|jj||jj}t||S|jj r|j |jj |j}|j |dk|jj |j|jj}||jjkr|jj||jj}t||S|jdS)Nr)rruZd2i_DHparams_biorirsr rrr!rzrrsrZCryptography_d2i_DHxparams_biort)r|rrurrrnrnroload_der_parameterss      zBackend.load_der_parameterscCsb|j|}|jj|j|jj|jj|jj}||jjkrF|jtd|jj||jj }t ||S)NzwUnable to load certificate. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details.) rruZPEM_read_bio_X509rirsr rrrrOrD)r|rrurrnrnroload_pem_x509_certificates  z!Backend.load_pem_x509_certificatecCsV|j|}|jj|j|jj}||jjkr:|jtd|jj||jj }t ||S)NzUnable to load certificate) rruZ d2i_X509_biorirsr rrrrOrD)r|rrurrnrnroload_der_x509_certificates  z!Backend.load_der_x509_certificatecCsb|j|}|jj|j|jj|jj|jj}||jjkrF|jtd|jj||jj }t ||S)NzoUnable to load CRL. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details.) rruZPEM_read_bio_X509_CRLrirsr rrrr[rE)r|rrur^rnrnroload_pem_x509_crls  zBackend.load_pem_x509_crlcCsV|j|}|jj|j|jj}||jjkr:|jtd|jj||jj }t ||S)NzUnable to load CRL) rruZd2i_X509_CRL_biorirsr rrrr[rE)r|rrur^rnrnroload_der_x509_crls  zBackend.load_der_x509_crlcCsb|j|}|jj|j|jj|jj|jj}||jjkrF|jtd|jj||jj }t ||S)NzsUnable to load request. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details.) rruZPEM_read_bio_X509_REQrirsr rrrr>rF)r|rrurKrnrnroload_pem_x509_csrs  zBackend.load_pem_x509_csrcCsV|j|}|jj|j|jj}||jjkr:|jtd|jj||jj }t ||S)NzUnable to load request) rruZd2i_X509_REQ_biorirsr rrrr>rF)r|rrurKrnrnroload_der_x509_csrs  zBackend.load_der_x509_csrc Cs*|j|}|jjd}|dk rFtjd||jj|}||_t||_||j |jj |jj |j j d|}||jj kr|jdkr|j} |j| |jd krtdq|jd ksttdj|jdn|j|jj||j j}|dk o|jdkrtd |dk r|jdks"|dks"t||S) NzCRYPTOGRAPHY_PASSWORD_DATA *rqZCryptography_pem_password_cbrrz3Password was not given but private key is encryptedrzAPasswords longer than {} bytes are not supported by this backend.z4Password was given but private key is not encrypted.)rrsrr_check_byteslikerrqrrrir r0rur1errorrrr7rrrmaxsizertrrcalled) r|Zopenssl_read_funcZ convert_funcrrqruZuserdataZ password_ptrrrLrnrnrorp s@          zBackend._load_keycsj}|stdn|djjjjjsF|djjjjjrPtdn|djjjjjs|djjj jj rt dt j nLtfdd|Drtdn,|djjjjj jjfksttddS)NzCould not deserialize key data.rz Bad decrypt. Incorrect password?z0PEM data is encrypted with an unsupported cipherc3s"|]}|jjjjjVqdS)N)rFru ERR_LIB_EVPZ'EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM)rjr)r|rnro Xsz4Backend._handle_key_loading_error..z!Unsupported public key algorithm.)rrrFrurZEVP_R_BAD_DECRYPTZERR_LIB_PKCS12Z!PKCS12_R_PKCS12_CIPHERFINAL_ERRORZEVP_R_UNKNOWN_PBE_ALGORITHMZ ERR_LIB_PEMZPEM_R_UNSUPPORTED_ENCRYPTIONr r ZUNSUPPORTED_CIPHERanyrtZ ERR_LIB_ASN1r)r|rLrn)r|rort;s2       z!Backend._handle_key_loading_errorc Csy|j|}Wntk r*|jj}YnX|jj|}||jjkrz|j}|j||jjkpr|dj |jj |jj dS|j||jjk|jj |dSdS)NrFT) _elliptic_curve_to_nidr rurmZEC_GROUP_new_by_curve_namersr rrrFZ ERR_LIB_ECZEC_R_UNKNOWN_GROUPZ EC_GROUP_free)r|curve curve_nidgrouprLrnrnroelliptic_curve_supportedhs      z Backend.elliptic_curve_supportedcCst|tjsdS|j|S)NF)r rLZECDSAr)r|Zsignature_algorithmrrnrnro,elliptic_curve_signature_algorithm_supporteds z4Backend.elliptic_curve_signature_algorithm_supportedcCs\|j|rD|j|}|jj|}|j|dk|j|}t|||Stdj|j t j dS)z@ Generate a new private key on the named curve. rz#Backend object does not support {}.N) r_ec_key_new_by_curveruZEC_KEY_generate_keyr_ec_cdata_to_evp_pkeyr(r rrr UNSUPPORTED_ELLIPTIC_CURVE)r|rrrrrnrnro#generate_elliptic_curve_private_keys      z+Backend.generate_elliptic_curve_private_keycCsp|j}|j|j}|jj|j|j|jj}|jj ||}|j |dk|j ||j |j }|j|}t|||S)Nr)rrrrsrr private_valueru BN_clear_freeEC_KEY_set_private_keyr)_ec_key_set_public_key_affine_coordinatesr$r#rr()r|rpublicrrrrrnrnro#load_elliptic_curve_private_numberss  z+Backend.load_elliptic_curve_private_numberscCs4|j|j}|j||j|j}|j|}t|||S)N)rrrr$r#rr))r|rrrrnrnro"load_elliptic_curve_public_numberss   z*Backend.load_elliptic_curve_public_numbersc Cs|j|}|jj|}|j||jjk|jj|}|j||jjk|jj||jj}|j 6}|jj |||t ||}|dkr|j t dWdQRX|jj||}|j|dk|j|}t|||S)Nrz(Invalid public bytes for the given curve)rruEC_KEY_get0_grouprrsr EC_POINT_newr EC_POINT_free _tmp_bn_ctxZEC_POINT_oct2pointrrrEC_KEY_set_public_keyrr)) r|rZ point_bytesrrpointbn_ctxrrrnrnro load_elliptic_curve_public_bytess      z(Backend.load_elliptic_curve_public_bytescCsD|j|}|j|\}}|jj|}|j||jjk|jj||jj}|j |}|jj||jj }|j h}|jj ||||jj|jj|} |j| dk|jj |} |jj |} |||| | |} |j| dkWdQRX|jj||} |j| dk|j |} |jj| |jj } |jj|| } |j| dk|j|} t||| S)Nr)r _ec_key_determine_group_get_funcrurrrsr rrrrrZ EC_POINT_mulZ BN_CTX_getrrrr()r|rrrget_funcrrr@rrZbn_xZbn_yprivaterrnrnro!derive_elliptic_curve_private_keys.         z)Backend.derive_elliptic_curve_private_keycCs:|j|}|jj|}|j||jjk|jj||jjS)N)rruZEC_KEY_new_by_curve_namerrsr rr)r|rrrrnrnrors  zBackend._ec_key_new_by_curvecCsV|j|}|jj|j|jj}||jjkr:|jtd|jj||jj }t ||S)NzUnable to load OCSP request) rruZd2i_OCSP_REQUEST_biorirsr rrrOCSP_REQUEST_freer:)r|rrurequestrnrnroload_der_ocsp_requests  zBackend.load_der_ocsp_requestcCsV|j|}|jj|j|jj}||jjkr:|jtd|jj||jj }t ||S)NzUnable to load OCSP response) rruZd2i_OCSP_RESPONSE_biorirsr rrrOCSP_RESPONSE_freer;)r|rruresponsernrnroload_der_ocsp_responses  zBackend.load_der_ocsp_responsec Cs|jj}|j||jjk|jj||jj}|j\}}}|j|}|jj ||j |j }|j||jjk|jj ||}|j||jjk|j |j t||jjddt||S)NT)r3r4r5r6r)ruZOCSP_REQUEST_newrrsr rr_requestrOCSP_cert_to_id_x509ZOCSP_request_add0_idrDrEr3ZOCSP_REQUEST_add_extr:) r|rIZocsp_reqcertZissuerrrcertidZonereqrnrnrocreate_ocsp_requests"   zBackend.create_ocsp_requestcCs|jj}|j||jjk|jj||jj}|j|jj }|jj ||jj j |jj j }|j||jjk|jj||jj}|jjdkrd}n t|jj}|jjdkr|jj}n|j|jj}|jj} |jjdk r|j|jj} |j|jj} |jj|||jjj||| | } |j| |jjk|j||}|j\} } |jj}| tjjkrV||jjO}|jdk rx.|jD]$}|jj ||j } |j| dkqjW|j!|j"t#||jj$dd|jj%|| j |j&||jj|} | dkr|j'}|j|dj(|jj)|jj*t+d|S)NrT)r3r4r5r6rrz,responder_cert must be signed by private_keyr),ruZOCSP_BASICRESP_newrrsr rZOCSP_BASICRESP_freer _responserrZ_certrZ_issuerZOCSP_CERTID_freeZ_revocation_reasonr Z_revocation_timerZr]Z _this_updateZOCSP_basic_add1_statusZ _cert_statusr@r=Z _responder_idZ OCSP_NOCERTSrgZOCSPResponderEncodingHASHZOCSP_RESPID_KEYZ_certsZOCSP_basic_add1_certrDrEr2ZOCSP_BASICRESP_add_extZOCSP_basic_signrCrrFZ ERR_LIB_X509ZX509_R_KEY_VALUES_MISMATCHr)r|rIrJrbasicrrreasonZrev_timer_Z this_updaterZresponder_certZresponder_encodingflagsrrLrnrnro_create_ocsp_basic_responsest                   z#Backend._create_ocsp_basic_responsecCsb|tjjkr|j|||}n|jj}|jj|j|}|j ||jjk|jj ||jj }t ||S)N) rgZOCSPResponseStatusZ SUCCESSFULrrsr ruZOCSP_response_creater@rrrr;)r|Zresponse_statusrIrJrrZ ocsp_resprnrnrocreate_ocsp_responseks   zBackend.create_ocsp_responsecCs|j|ot|tjS)N)rr rLZECDH)r|rrrnrnro+elliptic_curve_exchange_algorithm_supported{s z3Backend.elliptic_curve_exchange_algorithm_supportedcCs(|j}|jj||}|j|dk|S)Nr)rruZEVP_PKEY_set1_EC_KEYr)r|rrrrnrnrorszBackend._ec_cdata_to_evp_pkeycCsNddd}|j|j|j}|jj|j}||jjkrJtdj|jtj |S)z/ Get the NID for a curve name. Z prime192v1Z prime256v1)Z secp192r1Z secp256r1z${} is not a supported elliptic curve) getrru OBJ_sn2nidrrmr rr r)r|rZ curve_aliases curve_namerrnrnrors  zBackend._elliptic_curve_to_nidc csX|jj}|j||jjk|jj||jj}|jj|z |VWd|jj|XdS)N) ruZ BN_CTX_newrrsr rZ BN_CTX_freeZ BN_CTX_startZ BN_CTX_end)r|rrnrnrors   zBackend._tmp_bn_ctxcCs|j||jjk|jjd}|j||jjk|jj|}|j||jjk|jj|}|j||jjk|jj|}|j||jjk||kr|jj r|jj }n|jj }|st ||fS)zu Given an EC_KEY determine the group and what function is required to get point coordinates. scharacteristic-two-field) rrsr rurrmrZEC_GROUP_method_ofZEC_METHOD_get_field_typeZCryptography_HAS_EC2MZ$EC_POINT_get_affine_coordinates_GF2mZ#EC_POINT_get_affine_coordinates_GFpr)r|rZ nid_two_fieldrmethodrnrrnrnrors     z(Backend._ec_key_determine_group_get_funccCst|dks|dkrtd|jj|j||jj}|jj|j||jj}|jj|||}|dkrp|jtd|S)zg Sets the public key point in the EC_KEY context to the affine x and y values. rz2Invalid EC key. Both x and y must be non-negative.rzInvalid EC key.)rrsrrrurZ(EC_KEY_set_public_key_affine_coordinatesr)r|rr$r#rrnrnrorsz1Backend._ec_key_set_public_key_affine_coordinatescCst|tjstd|tjjkr(td|tjjkr.) r6rsrruZ i2d_X509_NAMErr rr)r|rZ x509_namepprrn)r|rox509_name_bytesrs  zBackend.x509_name_bytescCsht|dkrtd|j}|jj||jj}tj|dk|jj||t|}tj|dkt ||S)N z%An X25519 public key is 32 bytes longr) rrrruZEVP_PKEY_set_type NID_X25519rNrZEVP_PKEY_set1_tls_encodedpointrA)r|rrrrnrnrox25519_load_public_bytes}s z Backend.x25519_load_public_bytesc Cst|dkrtdd}|jd<}||dd<||dd<|j|}tjj|j|jj }WdQRX|j ||jj k|jj ||jj }|j |jj ||jjkt||S)Nrz&An X25519 private key is 32 bytes longs0.0+en" 0rr)rr_zeroed_bytearrayrrNrurzrirsr rrrrrr@)r|rZ pkcs8_prefixbarirrnrnrox25519_load_private_bytess     z!Backend.x25519_load_private_bytescCs|jj||jj}|j||jjk|jj||jj}|jj|}|j|dk|jjd}|jj ||}|j|dk|j|d|jjk|jj|d|jj }|S)Nrz EVP_PKEY **r) ruZEVP_PKEY_CTX_new_idrsr rrZEVP_PKEY_CTX_freeZEVP_PKEY_keygen_initrZEVP_PKEY_keygenr)r|rnZ evp_pkey_ctxrZ evp_ppkeyrrnrnro_evp_pkey_keygen_gcs  zBackend._evp_pkey_keygen_gccCs|j|jj}t||S)N)rrurr@)r|rrnrnrox25519_generate_keyszBackend.x25519_generate_keycCs|jjS)N)ruZ#CRYPTOGRAPHY_OPENSSL_110_OR_GREATER)r|rnrnrox25519_supportedszBackend.x25519_supportedcCs`t|dkrtd|jj|jj|jj|t|}|j||jjk|jj||jj }t ||S)N8z#An X448 public key is 56 bytes long) rrruEVP_PKEY_new_raw_public_keyNID_X448rsr rrrrC)r|rrrnrnrox448_load_public_bytess zBackend.x448_load_public_bytescCslt|dkrtd|jj|}|jj|jj|jj|t|}|j||jjk|jj ||jj }t ||S)Nrz$An X448 private key is 56 bytes long) rrrsrruEVP_PKEY_new_raw_private_keyrr rrrrB)r|rrrrnrnrox448_load_private_bytess  zBackend.x448_load_private_bytescCs|j|jj}t||S)N)rrurrB)r|rrnrnrox448_generate_keyszBackend.x448_generate_keycCs |jj S)N)ru"CRYPTOGRAPHY_OPENSSL_LESS_THAN_111)r|rnrnrox448_supportedszBackend.x448_supportedcCs |jj S)N)ru#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B)r|rnrnroed25519_supportedszBackend.ed25519_supportedcCsntjd|t|tjkr"td|jj|jj|j j |t|}|j ||j j k|j j ||jj }t||S)Nrz&An Ed25519 public key is 32 bytes long)r _check_bytesrrM_ED25519_KEY_SIZErrur NID_ED25519rsr rrrr+)r|rrrnrnroed25519_load_public_bytess z!Backend.ed25519_load_public_bytescCszt|tjkrtdtjd||jj|}|jj |jj |jj |t|}|j ||jj k|jj ||jj}t||S)Nz'An Ed25519 private key is 32 bytes longr)rrMrrrrrsrrurrr rrrr*)r|rrrrnrnroed25519_load_private_bytess  z"Backend.ed25519_load_private_bytescCs|j|jj}t||S)N)rrurr*)r|rrnrnroed25519_generate_keyszBackend.ed25519_generate_keycCs |jj S)N)rur)r|rnrnroed448_supported szBackend.ed448_supportedcCsltjd|t|tkr td|jj|jj|jj |t|}|j ||jj k|jj ||jj }t ||S)Nrz$An Ed448 public key is 57 bytes long)rrrr,rrur NID_ED448rsr rrrr.)r|rrrnrnroed448_load_public_bytes s  zBackend.ed448_load_public_bytescCsxtjd|t|tkr td|jj|}|jj|jj |jj |t|}|j ||jj k|jj ||jj }t||S)Nrz%An Ed448 private key is 57 bytes long)rrrr,rrsrrurrr rrrr-)r|rrrrnrnroed448_load_private_bytes s   z Backend.ed448_load_private_bytescCs|j|jj}t||S)N)rrurr-)r|rrnrnroed448_generate_key! szBackend.ed448_generate_keyc Cs|jjd|}|jj|}|jj|t||t||||tj|| } | dkr|j} |jj s|j | dj |jj |jj p| dj |jj |jjd||d} tdj| |jj|ddS) Nzunsigned char[]rrirzJNot enough memory to derive key. These parameters require {} MB of memory.i)rsrrruZEVP_PBE_scryptrreZ _MEM_LIMITrrrrFrZERR_R_MALLOC_FAILUREZEVP_R_MEMORY_LIMIT_EXCEEDED MemoryErrorrr) r|rrrrrrrrrrLZ min_memoryrnrnro derive_scrypt% s(    zBackend.derive_scryptcCstj|}|jj||jjkS)N)rZ_aead_cipher_namerurrsr )r|r cipher_namernrnroaead_cipher_supportedD s zBackend.aead_cipher_supportedc cs&t|}z |VWd|j||XdS)z This method creates a bytearray, which we copy data into (hopefully also from a mutable buffer that can be dynamically erased!), and then zero when we're done. N) bytearray _zero_data)r|rrrnrnrorJ s zBackend._zeroed_bytearraycCsxt|D] }d||<q WdS)Nr)r)r|rrrcrnrnrorW szBackend._zero_datac csf|dkr|jjVnNt|}|jjd|d}|jj|||z |VWd|j|jjd||XdS)a This method takes bytes, which can be a bytestring or a mutable buffer like a bytearray, and yields a null-terminated version of that data. This is required because PKCS12_parse doesn't take a length with its password char * and ffi.from_buffer doesn't provide null termination. So, to support zeroing the data via bytearray we need to build this ridiculous construct that copies the memory, but zeroes it after use. Nzchar[]rz uint8_t *)rsr rrmemmovercast)r|rZdata_lenrrnrnro_zeroed_null_terminated_buf^ s   z#Backend._zeroed_null_terminated_bufc Cs|dk rtjd||j|}|jj|j|jj}||jjkrN|jt d|jj ||jj }|jj d}|jj d}|jj d}|j |}|jj|||||} WdQRX| dkr|jt dd} d} g} |d|jjkr|jj |d|jj} |j| } |d|jjkr6|jj |d|jj}t||} |d|jjkr|jj |d|jj}|jj|d}xTt|D]H}|jj||}|jj ||jj}|j||jjk| jt||qxW| | | fS)Nrqz!Could not deserialize PKCS12 dataz EVP_PKEY **zX509 **zCryptography_STACK_OF_X509 **rzInvalid password or PKCS12 data)rrrruZd2i_PKCS12_biorirsr rrrZ PKCS12_freerrZ PKCS12_parserrrOrDZ sk_X509_freeZ sk_X509_numrZ sk_X509_valuerr{)r|rrqriZp12Z evp_pkey_ptrZx509_ptrZ sk_x509_ptrZ password_bufrrrZadditional_certificatesrrZsk_x509rrcrnrnro%load_key_and_certificates_from_pkcs12u sF         z-Backend.load_key_and_certificates_from_pkcs12cCs |jjdkS)Nr)ruZCryptography_HAS_POLY1305)r|rnrnropoly1305_supported szBackend.poly1305_supportedcCs*tjd|t|tkr tdt||S)NrzA poly1305 key is 32 bytes long)rrrr<rr=)r|rrnrnrocreate_poly1305_ctx s  zBackend.create_poly1305_ctx)N)N)rkrlrm__doc__rr}rr contextlibrrrxrrrrrrrrrrrrwrrrrrrrrrrrrrrrrrrrrrrrr!r%r'r(rr)r*r-r.rMrUr=rRrZr`rDrirbrorrrvrwryrxr{r|r}r~rrrrrprtrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrrrrrnrnrnrorpfs      = "   ++ UYQ"    1- "  P _=5 0  "       . rpc@seZdZddZddZdS)rcCs ||_dS)N)_fmt)r|fmtrnrnror} szGetCipherByName.__init__cCs&|jj||dj}|jj|jdS)N)rrr)rrlowerrurr)r|rNrrr rnrnro__call__ szGetCipherByName.__call__N)rkrlrmr}rrnrnrnror srcCs"dj|jd}|jj|jdS)Nz aes-{}-xtsrr)rrrurr)rNrrr rnrnror sr) __future__rrrr collectionsrrrrZ six.movesrZ cryptographyrrZcryptography.exceptionsr r Zcryptography.hazmat._derr r r rrZ'cryptography.hazmat.backends.interfacesrrrrrrrrrrrrrZ$cryptography.hazmat.backends.opensslrZ,cryptography.hazmat.backends.openssl.ciphersrZ)cryptography.hazmat.backends.openssl.cmacrZ0cryptography.hazmat.backends.openssl.decode_asn1r Z'cryptography.hazmat.backends.openssl.dhr!r"r#r$Z(cryptography.hazmat.backends.openssl.dsar%r&r'Z'cryptography.hazmat.backends.openssl.ecr(r)Z,cryptography.hazmat.backends.openssl.ed25519r*r+Z*cryptography.hazmat.backends.openssl.ed448r,r-r.Z0cryptography.hazmat.backends.openssl.encode_asn1r/r0r1r2r3r4r5r6r7Z+cryptography.hazmat.backends.openssl.hashesr8Z)cryptography.hazmat.backends.openssl.hmacr9Z)cryptography.hazmat.backends.openssl.ocspr:r;Z-cryptography.hazmat.backends.openssl.poly1305r<r=Z(cryptography.hazmat.backends.openssl.rsar>r?Z+cryptography.hazmat.backends.openssl.x25519r@rAZ)cryptography.hazmat.backends.openssl.x448rBrCZ)cryptography.hazmat.backends.openssl.x509rDrErFrGZ$cryptography.hazmat.bindings.opensslrHZcryptography.hazmat.primitivesrIrJZ)cryptography.hazmat.primitives.asymmetricrKrLrMrNrOZ1cryptography.hazmat.primitives.asymmetric.paddingrPrQrRrSZ1cryptography.hazmat.primitives.ciphers.algorithmsrTrUrVrWrXrYrZr[r\Z,cryptography.hazmat.primitives.ciphers.modesr]r^r_r`rarbrcrdZ"cryptography.hazmat.primitives.kdfreZ,cryptography.hazmat.primitives.serializationrfZcryptography.x509rg namedtuplerhobjectrjZregister_interfaceZregister_interface_ifrqrtZCryptography_HAS_SCRYPTrprrrNrnrnrnros  <    ,   ,(    K