o 4¬Wc“•ã@sºddlZddlZddlZddlZddlZddlmZddlmZmZddl m Z m Z ddl m Z ddlmZddlmZddlmZmZmZmZdd lmZmZmZdd lmZmZdd lmZm Z dd l!m"Z"m#Z#m$Z$dd l%m&Z&ddl'm(Z(ddl)m*Z*m+Z+ddl,m-Z-m.Z.ddl/m0Z0m1Z1ddl2m3Z3m4Z4ddl5mZ6ddl7m8Z8ddl9m:Z:m;Z;ddlm?Z?m@Z@mAZAmBZBmCZCmDZDmEZEmFZFddlGmHZHmIZImJZJmKZKddlLmMZMmNZNmOZOddlPmQZQmRZRddlSmTZTmUZUmVZVmWZWmXZXmYZYmZZZm[Z[m\Z\m]Z]m^Z^m_Z_ddl`maZambZbmcZcmdZdmeZemfZfmgZgmhZhmiZiddljmkZkddllmmZmmnZnddlompZpmqZqmrZrmsZsmtZte ud d!d"g¡ZvGd#d$„d$ƒZwGd%d&„d&ƒZxGd'd(„d(ƒZyd)exd*eTfd+d,„ZzexƒZ{dS)-éN)Úcontextmanager)ÚutilsÚx509)ÚUnsupportedAlgorithmÚ_Reasons)Úaead)Ú_CipherContext©Ú _CMACContext)Ú _DHParametersÚ _DHPrivateKeyÚ _DHPublicKeyÚ_dh_params_dup)Ú_DSAParametersÚ_DSAPrivateKeyÚ _DSAPublicKey)Ú_EllipticCurvePrivateKeyÚ_EllipticCurvePublicKey)Ú_Ed25519PrivateKeyÚ_Ed25519PublicKey)Ú_ED448_KEY_SIZEÚ_Ed448PrivateKeyÚ_Ed448PublicKey©Ú _HashContext©Ú _HMACContext)Ú_POLY1305_KEY_SIZEÚ_Poly1305Context)Ú_RSAPrivateKeyÚ _RSAPublicKey)Ú_X25519PrivateKeyÚ_X25519PublicKey)Ú_X448PrivateKeyÚ_X448PublicKey)r)Úbinding)ÚhashesÚ serialization)ÚAsymmetricPadding)ÚdhÚdsaÚecÚed25519Úed448ÚrsaÚx25519Úx448)ÚMGF1ÚOAEPÚPKCS1v15ÚPSS)Ú#CERTIFICATE_ISSUER_PUBLIC_KEY_TYPESÚPRIVATE_KEY_TYPESÚPUBLIC_KEY_TYPES)ÚBlockCipherAlgorithmÚCipherAlgorithm) ÚAESÚAES128ÚAES256ÚARC4ÚCamelliaÚChaCha20ÚSM4Ú TripleDESÚ_BlowfishInternalÚ_CAST5InternalÚ _IDEAInternalÚ _SEEDInternal) ÚCBCÚCFBÚCFB8ÚCTRÚECBÚGCMÚModeÚOFBÚXTS)Úscrypt)Úpkcs7Ússh)ÚPBESÚPKCS12CertificateÚPKCS12KeyAndCertificatesÚ_ALLOWED_PKCS12_TYPESÚ_PKCS12_CAS_TYPESÚ _MemoryBIOÚbioZchar_ptrc@s eZdZdS)Ú_RC2N)Ú__name__Ú __module__Ú __qualname__©r]r]úND:\Flask\env\Lib\site-packages\cryptography/hazmat/backends/openssl/backend.pyrYƒsrYc@s@ eZdZdZdZhd£ZefZej ej ej ej ej ejejejejejejejf ZejejejejfZdZdZdd>ZdZde>Z dd„Z!d e"fd d „Z# dEd e$de%j&e%j'e(j)d d fdd„Z*d e$fdd„Z+dFdd„Z,dFdd„Z-e.j/dd„ƒZ0dFdd„Z1d e"fdd„Z2d e"fdd„Z3d e4fdd „Z5d!e6d"ej7d e8fd#d$„Z9d"ej7fd%d&„Z:d"ej7fd'd(„Z;d"ej7d e$fd)d*„Zd"ej7d e$fd/d0„Z?d"ej7d ej@fd1d2„ZAd3eBd4eCd e$fd5d6„ZDd7d8„ZEdFd9d:„ZFd3eBd4eCd eGfd;d<„ZHd3eBd4eCd eGfd=d>„ZId"ej7d e$fd?d@„ZJd"ej7dAe4dBe6dCe4dDe6d e6f dEdF„ZKd e%j'e(j)fdGdH„ZLd e%j'e(jMfdIdJ„ZNd e4fdKdL„ZOdEdMe4fdNdO„ZPdPe4dQe4d eQjRfdRdS„ZSdPe4dQe4d e$fdTdU„ZTdVeQjUd eQjRfdWdX„ZVdVeQjWd eQjXfdYdZ„ZYd[d\„ZZd]d^„Z[d_e6fd`da„Z\dbdc„Z]d e6fddde„Z^d e_fdfdg„Z`d eafdhdi„Zbd"ej7d e$fdjdk„Zcdledd e$fdmdn„ZedQe4d efjgfdodp„Zhdqefjgd efjifdrds„ZjdQe4d efjifdtdu„Zkdvdw„ZldVefjmd efjifdxdy„ZndVefjod efjpfdzd{„ZqdVefjrd efjgfd|d}„Zsd~d„Ztd e$fd€d„Zud"ej7d e$fd‚dƒ„Zvd e$fd„d…„Zwd"exd eyfd†d‡„Zzd_e6dˆe%j&e6d e_fd‰dŠ„Z{d_e6d eafd‹dŒ„Z|d_e6d e}j~fddŽ„Zd_e6dˆe%j&e6d e_fdd„Z€d‘d’„Zd_e6d eafd“d”„Z‚d_e6d e}j~fd•d–„Zƒd—e„j…d e%j†fd˜d™„Z‡dše%j†d e„j…fd›dœ„Zˆde„j‰d e%j†fdždŸ„ZŠd e%j†d e„j‰fd¡d¢„Z‹d£e„jŒd e%j†fd¤d¥„Zd¦e%j†d e„jŒfd§d¨„ZŽd£e„jŒd©ed e$fdªd«„Zde„j‰d e$fd¬d­„Z‘d®d¯„Z’d°d±„Z“d e%j”fd²d³„Z•d´ej–d e$fdµd¶„Z—d·ej˜d´ej–d e$fd¸d¹„Z™d´ej–d ejšfdºd»„Z›dVejœd ejšfd¼d½„ZdVejžd ejŸfd¾d¿„Z d´ej–dÀe6d ejŸfdÁd„Z¡dÃe4d´ej–d ejšfdÄdÅ„Z¢d´ej–fdÆdÇ„Z£dÈe4fdÉdÊ„Z¤d"ej¥d´ej–d e$fdËdÌ„Z¦dÍd΄Z§d´ej–d e4fdÏdЄZ¨e/dÑdÒ„ƒZ©dÓdÔ„ZªdÕe4dÖe4fd×dØ„Z«dÙe¬j­dÚe¬j®dÛe¬j¯d e6fdÜdÝ„Z°dÞdß„Z±dàdá„Z²dÙe¬j­dÚe¬j³d e6fdâdã„Z´d e$fdädå„Zµdæe4dQe4d e}j~fdçdè„Z¶dédê„Z·dqe}j~d e}j¸fdëdì„Z¹dæe4dQe4d e}j¸fdídî„ZºdVe}j»d e}j¸fdïdð„Z¼dVe}j½d e}j¾fdñdò„Z¿dVe}jÀd e}j~fdódô„ZÁ dEdõe4döe4d÷e%j&e4d e$fdødù„ZÂd e$fdúdû„ZÃd_e6d eÄjÅfdüdý„ZÆd_e6d eÄjÇfdþdÿ„ZÈdd„ZÉd eÄjÇfdd„ZÊd e$fdd„ZËd_e6d eÌjÍfdd„ZÎd_e6d eÌjÏfdd „ZÐd eÌjÏfd d „ZÑd e$fd d „ZÒd e$fdd„ZÓd_e6d eÔjÕfdd„ZÖd_e6d eÔj×fdd„ZØd eÔj×fdd„ZÙd e$fdd„ZÚd_e6d eÛjÜfdd„ZÝd_e6d eÛjÞfdd„Zßd eÛjÞfdd„ZàdDe6dBe6dAe4de4de4dõe4d e6fd d!„Zád e$fd"d#„Zâe.j/dAe4d e%jãeäfd$d%„ƒZådAe4d d fd&d'„Zæe.j/d(d)„ƒZçd_e6dˆe%j&e6d e%jèe%j&e_e%j&e„j…e%j'e„j…ffd*d+„Zéd_e6dˆe%j&e6d eêfd,d-„Zëd.e%j&e6d!e%j&eìd—e%j&e„j…d/e%j&e%j'eídÛe¬j¯d e6f d0d1„Zîd e$fd2d3„Zïd!e6d eðfd4d5„Zñd e$fd6d7„Zòd_e6d e%j'e„j…fd8d9„Zód_e6d e%j'e„j…fd:d;„Zôd<d=„Zõd>e%j'e„j…dÙe¬j­fd?d@„ZödAe÷jødÙe¬j­dBe%j'e÷jùd e6fdCdD„Zúd S(GÚBackendz) OpenSSL API binding interfaces. Zopenssl>s aes-192-gcms aes-192-ccms aes-256-ccms aes-256-gcms aes-128-ccms aes-128-gcméiécCsŒt ¡|_|jj|_|jj|_d|_| ¡|_ i|_ |  ¡|j r,|jj r,t  dt¡n| ¡|jjg|_|jjrD|j |jj¡dSdS)NFz)ÚformatÚopenssl_version_textrirtr]r]r^Ú__repr__Ís ÿzBackend.__repr__NÚokÚerrorscCstj|j||dS)N)r|)r%Z_openssl_assertrf)rur{r|r]r]r^Úopenssl_assertÒszBackend.openssl_assertcCsH|jjr |j |jj¡}n t|jddd„ƒƒ}|dkr |j ¡t|ƒS)NZ FIPS_modecSsdS©Nrr]r]r]r]r^Úßsz*Backend._is_fips_enabled..r)rfZCryptography_HAS_300_FIPSZ&EVP_default_properties_is_fips_enabledrdÚNULLÚgetattrZERR_clear_errorÚbool)ruÚmoder]r]r^rhÙsÿ zBackend._is_fips_enabledcCs$|j ¡| ¡s J‚| ¡|_dS©N)rbÚ _enable_fipsrhrirtr]r]r^r…æs  zBackend._enable_fipscCsn|jjr3|j ¡}||jjkr5|j |¡|j |jj¡}| |dk¡|j |¡}| |dk¡dSdSdS©Nra) rfrlZENGINE_get_default_RANDrdr€ZENGINE_unregister_RANDÚRAND_set_rand_methodr}Ú ENGINE_finish©ruÚeÚresr]r]r^Úactivate_builtin_randomís    özBackend.activate_builtin_randomc cs¶|j |jj¡}| ||jjk¡|j |¡}| |dk¡z |VW|j |¡}| |dk¡|j |¡}| |dk¡dS|j |¡}| |dk¡|j |¡}| |dk¡wr†) rfZ ENGINE_by_idZCryptography_osrandom_engine_idr}rdr€Z ENGINE_initZ ENGINE_freerˆr‰r]r]r^Ú_get_osurandom_engineús€    ü zBackend._get_osurandom_enginecCsx|jjr:| ¡| ¡}|j |¡}| |dk¡Wdƒn1s$wY|j |jj¡}| |dk¡dSdSr†) rfrlrŒrZENGINE_set_default_RANDr}r‡rdr€r‰r]r]r^rps  ý÷z Backend.activate_osrandom_enginec Cst|j dd¡}| ¡}|j |dt|ƒ||jjd¡}| |dk¡Wdƒn1s,wY|j |¡  d¡S)Núchar[]é@sget_implementationrÚascii) rdÚnewrrfZENGINE_ctrl_cmdÚlenr€r}ÚstringÚdecode)ruÚbufrŠr‹r]r]r^Úosrandom_engine_implementations ÿüz&Backend.osrandom_engine_implementationcCs|j |j |jj¡¡ d¡S)zÀ Friendly string name of the loaded OpenSSL library. This is not necessarily the same version as it was compiled against. Example: OpenSSL 1.1.1d 10 Sep 2019 r)rdr“rfZOpenSSL_versionÚOPENSSL_VERSIONr”rtr]r]r^ry#s ÿþzBackend.openssl_version_textcCs |j ¡Sr„)rfZOpenSSL_version_numrtr]r]r^Úopenssl_version_number.ó zBackend.openssl_version_numberÚkeyÚ algorithmcCs t|||ƒSr„r)ruršr›r]r]r^Úcreate_hmac_ctx1ó zBackend.create_hmac_ctxcCsL|jdks |jdkrd |j|jd¡ d¡}n|j d¡}|j |¡}|S)NÚblake2bÚblake2sz{}{}ér)ÚnamerxÚ digest_sizeÚencoderfZEVP_get_digestbyname)rur›ÚalgÚevp_mdr]r]r^Ú_evp_md_from_algorithm6s ÿþ  zBackend._evp_md_from_algorithmcCs | |¡}| ||jjk¡|Sr„)r¦r}rdr€©rur›r¥r]r]r^Ú_evp_md_non_null_from_algorithmAs z'Backend._evp_md_non_null_from_algorithmcCs,|jr t||jƒs dS| |¡}||jjkS©NF)riÚ isinstanceÚ _fips_hashesr¦rdr€r§r]r]r^Úhash_supportedFs  zBackend.hash_supportedcCó |jr t|tjƒr dS| |¡Sr©©rirªr&ÚSHA1r¬©rur›r]r]r^Úsignature_hash_supportedMs z Backend.signature_hash_supportedcCó|jrdS|jjdkS©NFra)rirfZCryptography_HAS_SCRYPTrtr]r]r^Úscrypt_supportedVs zBackend.scrypt_supportedcCr­)NTr®r°r]r]r^Úhmac_supported\s zBackend.hmac_supportedcCó t||ƒSr„rr°r]r]r^Úcreate_hash_ctxcs zBackend.create_hash_ctxÚcipherrƒcCs^|jr t||jƒs dSz |jt|ƒt|ƒf}Wn ty"YdSw||||ƒ}|jj|kSr©)rirªÚ _fips_ciphersrjÚtypeÚKeyErrorrdr€)rur¸rƒÚadapterÚ evp_cipherr]r]r^Úcipher_supportedhs  ÿ  zBackend.cipher_supportedcCs0||f|jvrtd ||¡ƒ‚||j||f<dS)Nz"Duplicate registration for: {} {}.)rjÚ ValueErrorrx)ruÚ cipher_clsÚmode_clsr¼r]r]r^Úregister_cipher_adaptervsÿÿzBackend.register_cipher_adaptercCsŒtttfD]}ttttttt fD] }|  ||t dƒ¡qqtttttfD] }|  t |t dƒ¡q$ttttfD] }|  t |t dƒ¡q6|  t tt dƒ¡ttttfD] }|  t|t dƒ¡qQttttfD] }|  t|t dƒ¡qct ttgttttg¡D] \}}|  ||t dƒ¡q{|  ttdƒt dƒ¡|  ttdƒt dƒ¡|  ttdƒt d ƒ¡|  ttt¡tttttfD] }|  t|t d ƒ¡q¸dS) Nz+{cipher.name}-{cipher.key_size}-{mode.name}zdes-ede3-{mode.name}zdes-ede3zbf-{mode.name}zseed-{mode.name}z{cipher.name}-{mode.name}Zrc4Zrc2Zchacha20zsm4-{mode.name})r:r;r<rFrIrJrMrGrHrKrÂÚGetCipherByNamer>rArBrEÚ itertoolsÚproductrCrDr=rºrYr?rNÚ_get_xts_cipherr@)rurÀrÁr]r]r^rksfÿýÿý ÿ ÿ ÿ ÿ  þýÿ ÿÿz!Backend._register_default_cipherscCót|||tjƒSr„)rZ_ENCRYPT©rur¸rƒr]r]r^Úcreate_symmetric_encryption_ctx³óz'Backend.create_symmetric_encryption_ctxcCrÇr„)rZ_DECRYPTrÈr]r]r^Úcreate_symmetric_decryption_ctx¸rÊz'Backend.create_symmetric_decryption_ctxcCs | |¡Sr„)rµr°r]r]r^Úpbkdf2_hmac_supported½r™zBackend.pbkdf2_hmac_supportedÚlengthÚsaltÚ iterationsÚ key_materialc Csh|j d|¡}| |¡}|j |¡}|j |t|ƒ|t|ƒ||||¡} | | dk¡|j |¡dd…S)Núunsigned char[]ra) rdr‘r¨Ú from_bufferrfZPKCS5_PBKDF2_HMACr’r}Úbuffer) rur›rÍrÎrÏrÐr•r¥Úkey_material_ptrr‹r]r]r^Úderive_pbkdf2_hmacÀs  ø zBackend.derive_pbkdf2_hmaccCó t |j¡Sr„)r%Ú_consume_errorsrfrtr]r]r^r×Øó zBackend._consume_errorscCrÖr„)r%Ú_consume_errors_with_textrfrtr]r]r^rÙÛrz!Backend._consume_errors_with_textcCsz||jjksJ‚| |j |¡ ¡|j |¡}|j d|¡}|j ||¡}| |dk¡t  |j  |¡d|…d¡}|S)NrÑrÚbig) rdr€r}rfZBN_is_negativeZ BN_num_bytesr‘Z BN_bn2binÚintÚ from_bytesrÓ)ruÚbnZ bn_num_bytesZbin_ptrZbin_lenÚvalr]r]r^Ú _bn_to_intàs zBackend._bn_to_intÚnumcCsn|dus ||jjks J‚|dur|jj}| t| ¡ddƒd¡}|j |t|ƒ|¡}| ||jjk¡|S)a  Converts a python integer to a BIGNUM. The returned BIGNUM will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. Ng @rarÚ) rdr€Úto_bytesrÛÚ bit_lengthrfZ BN_bin2bnr’r})ruràrÝÚbinaryZbn_ptrr]r]r^Ú _int_to_bnìszBackend._int_to_bnÚpublic_exponentÚkey_sizecCs”t ||¡|j ¡}| ||jjk¡|j ||jj¡}|  |¡}|j ||jj ¡}|j  ||||jj¡}| |dk¡|  |¡}t ||||jƒSr†)r.Z_verify_rsa_parametersrfÚRSA_newr}rdr€ÚgcÚRSA_freeräÚBN_freeZRSA_generate_key_exÚ_rsa_cdata_to_evp_pkeyrrg)ruråræÚ rsa_cdatarÝr‹Úevp_pkeyr]r]r^Úgenerate_rsa_private_keyýs    ÿ  ÿz Backend.generate_rsa_private_keycCs|dko |d@dko |dkS)Nérarir])rurårær]r]r^Ú!generate_rsa_parameters_supporteds  ÿýz)Backend.generate_rsa_parameters_supportedÚnumbersc Cs6t |j|j|j|j|j|j|jj |jj ¡|j   ¡}|  ||jjk¡|j ||j j¡}| |j¡}| |j¡}| |j¡}| |j¡}| |j¡}| |j¡}| |jj ¡} | |jj ¡} |j  |||¡} |  | dk¡|j  || | |¡} |  | dk¡|j  ||||¡} |  | dk¡| |¡} t||| |jƒSr†)r.Z_check_private_key_componentsÚpÚqÚdÚdmp1Údmq1ÚiqmpÚpublic_numbersrŠÚnrfrçr}rdr€rèréräZRSA_set0_factorsÚ RSA_set0_keyZRSA_set0_crt_paramsrërrg) rurñrìròrórôrõrör÷rŠrùr‹rír]r]r^Úload_rsa_private_numberss>ø         ÿz Backend.load_rsa_private_numberscCst |j|j¡|j ¡}| ||jjk¡|j  ||jj ¡}|  |j¡}|  |j¡}|j  ||||jj¡}| |dk¡|  |¡}t|||ƒSr†)r.Z_check_public_key_componentsrŠrùrfrçr}rdr€rèrérärúrër )rurñrìrŠrùr‹rír]r]r^Úload_rsa_public_numbers@s     zBackend.load_rsa_public_numberscCs2|j ¡}| ||jjk¡|j ||jj¡}|Sr„)rfZ EVP_PKEY_newr}rdr€rèÚ EVP_PKEY_free©rurír]r]r^Ú_create_evp_pkey_gcOs zBackend._create_evp_pkey_gccCó(| ¡}|j ||¡}| |dk¡|Sr†)rÿrfZEVP_PKEY_set1_RSAr})rurìrír‹r]r]r^rëUózBackend._rsa_cdata_to_evp_pkeyÚdatacCsH|j |¡}|j |t|ƒ¡}| ||jjk¡t|j ||jj ¡|ƒS)z® Return a _MemoryBIO namedtuple of (BIO, char*). The char* is the storage for the BIO and it must stay alive until the BIO is finished with. ) rdrÒrfZBIO_new_mem_bufr’r}r€rWrèÚBIO_free)rurÚdata_ptrrXr]r]r^Ú _bytes_to_bio[s zBackend._bytes_to_biocCsP|j ¡}| ||jjk¡|j |¡}| ||jjk¡|j ||jj¡}|S)z. Creates an empty memory BIO. )rfZ BIO_s_memr}rdr€ZBIO_newrèr)ruZ bio_methodrXr]r]r^Ú_create_mem_bio_gchs  zBackend._create_mem_bio_gccCs\|j d¡}|j ||¡}| |dk¡| |d|jjk¡|j |d|¡dd…}|S)zE Reads a memory BIO. This only works on memory BIOs. zchar **rN)rdr‘rfZBIO_get_mem_datar}r€rÓ)rurXr•Úbuf_lenÚbio_datar]r]r^Ú _read_mem_bioss zBackend._read_mem_bioc Cs6|j |¡}||jjkr,|j |¡}| ||jjk¡|j ||jj¡}t ||||j ƒS||jj krr|jj sr|jj sr|jjsr|j |¡}| ||jjk¡|j ||jj¡}| ¡}|j ||¡}| |dk¡|j| |¡ddS||jjkr–|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS||jjkrº|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS||jvrÝ|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS|t|jddƒkrët ||ƒS|t|jddƒkrùt!||ƒS|t|jddƒkrt"||ƒS|t|jddƒkrt#||ƒSt$dƒ‚) zd Return the appropriate type of PrivateKey given an evp_pkey cdata pointer. raN)ÚpasswordÚEVP_PKEY_ED25519Ú EVP_PKEY_X448ÚEVP_PKEY_X25519ÚEVP_PKEY_ED448úUnsupported key type.)%rfÚ EVP_PKEY_idÚ EVP_PKEY_RSAÚEVP_PKEY_get1_RSAr}rdr€rèrérrgÚEVP_PKEY_RSA_PSSÚCRYPTOGRAPHY_IS_LIBRESSLÚCRYPTOGRAPHY_IS_BORINGSSLÚ#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111ErÚi2d_RSAPrivateKey_bioÚload_der_private_keyr Ú EVP_PKEY_DSAÚEVP_PKEY_get1_DSAÚDSA_freerÚ EVP_PKEY_ECÚEVP_PKEY_get1_EC_KEYÚ EC_KEY_freerrqÚEVP_PKEY_get1_DHÚDH_freer rrr#r!rr) ruríÚkey_typerìrXr‹Ú dsa_cdataÚec_cdataÚdh_cdatar]r]r^Ú_evp_pkey_to_private_key~sb    ÿ ÿþýü  ÿ             z Backend._evp_pkey_to_private_keyc Cs:|j |¡}||jjkr*|j |¡}| ||jjk¡|j ||jj¡}t |||ƒS||jj krn|jj sn|jj sn|jj sn|j |¡}| ||jjk¡|j ||jj¡}| ¡}|j ||¡}| |dk¡| | |¡¡S||jjkr’|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS||jjkr¼|j |¡}||jjkr­| ¡}td|ƒ‚|j ||jj¡}t|||ƒS||jvrß|j |¡} | | |jjk¡|j | |jj¡} t|| |ƒS|t |jddƒkrít!||ƒS|t |jddƒkrût"||ƒS|t |jddƒkr t#||ƒS|t |jddƒkrt$||ƒSt%dƒ‚) zc Return the appropriate type of PublicKey given an evp_pkey cdata pointer. razUnable to load EC keyr Nr r rr)&rfrrrr}rdr€rèrér rrrrrÚi2d_RSAPublicKey_bioÚload_der_public_keyr rrrrrrrÙr¿rrrqrr r rrr$r"rr) rurír!rìrXr‹r"r#r|r$r]r]r^Ú_evp_pkey_to_public_key¾s^     ÿþýü                zBackend._evp_pkey_to_public_keycCst|tjtjtjtjtjfƒSr„)rªr&r¯ÚSHA224ÚSHA256ÚSHA384ÚSHA512r°r]r]r^Ú_oaep_hash_supportedøsûþzBackend._oaep_hash_supportedÚpaddingcCs€t|tƒrdSt|tƒr&t|jtƒr&|jrt|jjtjƒrdS|  |jj¡St|t ƒr>t|jtƒr>|  |jj¡o=|  |j¡SdS)NTF) rªr3r4Z_mgfr1riÚ _algorithmr&r¯r¬r2r-)rur.r]r]r^Úrsa_padding_supporteds  ÿÿ þzBackend.rsa_padding_supportedc Cs~|dvrtdƒ‚|j ¡}| ||jjk¡|j ||jj¡}|j |||jjd|jj|jj|jj¡}| |dk¡t ||ƒS)N)ir`i iz0Key size must be 1024, 2048, 3072, or 4096 bits.rra) r¿rfÚDSA_newr}rdr€rèrZDSA_generate_parameters_exr)ruræÚctxr‹r]r]r^Úgenerate_dsa_parameterss$ÿ ù zBackend.generate_dsa_parametersÚ parameterscCsT|j |j¡}| ||jjk¡|j ||jj¡}|j |¡|  |¡}t |||ƒSr„) rfZ DSAparams_dupZ _dsa_cdatar}rdr€rèrZDSA_generate_keyÚ_dsa_cdata_to_evp_pkeyr)rur4r2rír]r]r^Úgenerate_dsa_private_key/sÿ   z Backend.generate_dsa_private_keycCó| |¡}| |¡Sr„)r3r6)rurær4r]r]r^Ú'generate_dsa_private_key_and_parameters<s  z/Backend.generate_dsa_private_key_and_parameterscCsB|j ||||¡}| |dk¡|j |||¡}| |dk¡dSr†)rfÚ DSA_set0_pqgr}Z DSA_set0_key)rur"ròróÚgÚpub_keyÚpriv_keyr‹r]r]r^Ú_dsa_cdata_set_valuesBszBackend._dsa_cdata_set_valuesc Cs¨t |¡|jj}|j ¡}| ||jjk¡|j  ||jj ¡}|  |j ¡}|  |j ¡}|  |j¡}|  |jj¡}|  |j¡}| ||||||¡| |¡} t||| ƒSr„)r*Z_check_dsa_private_numbersrøÚparameter_numbersrfr1r}rdr€rèrräròrór:ÚyÚxr=r5r) rurñr>r"ròrór:r;r<rír]r]r^Úload_dsa_private_numbersHs        z Backend.load_dsa_private_numbersc Cs¢t |j¡|j ¡}| ||jjk¡|j ||jj ¡}|  |jj ¡}|  |jj ¡}|  |jj ¡}|  |j¡}|jj}| ||||||¡| |¡}t|||ƒSr„)r*Ú_check_dsa_parametersr>rfr1r}rdr€rèrräròrór:r?r=r5r) rurñr"ròrór:r;r<rír]r]r^Úload_dsa_public_numbers]s     zBackend.load_dsa_public_numberscCs†t |¡|j ¡}| ||jjk¡|j ||jj¡}|  |j ¡}|  |j ¡}|  |j ¡}|j  ||||¡}| |dk¡t||ƒSr†)r*rBrfr1r}rdr€rèrräròrór:r9r)rurñr"ròrór:r‹r]r]r^Úload_dsa_parameter_numbersps      z"Backend.load_dsa_parameter_numberscCrr†)rÿrfZEVP_PKEY_set1_DSAr})rur"rír‹r]r]r^r5€rzBackend._dsa_cdata_to_evp_pkeycCs|j Sr„)rirtr]r]r^Ú dsa_supported†szBackend.dsa_supportedcCs| ¡sdS| |¡Sr©)rEr±r°r]r]r^Údsa_hash_supported‰s zBackend.dsa_hash_supportedcCs| |td|jƒ¡S)Nó)r¾rFÚ block_sizer°r]r]r^Úcmac_algorithm_supportedŽsÿz Backend.cmac_algorithm_supportedcCr¶r„r r°r]r]r^Úcreate_cmac_ctx“r™zBackend.create_cmac_ctxr cCs| |jj|j||¡Sr„)Ú _load_keyrfZPEM_read_bio_PrivateKeyr%)rurr r]r]r^Úload_pem_private_key–s üzBackend.load_pem_private_keycCsî| |¡}|j d¡}|j |j|jj|j |jjd¡|¡}||jjkr2|j  ||jj ¡}|  |¡S|  ¡|j  |j¡}| |dk¡|j |j|jj|j |jjd¡|¡}||jjkrq|j  ||jj¡}| |¡}t|||ƒS| ¡dS)NúCRYPTOGRAPHY_PASSWORD_DATA *ÚCryptography_pem_password_cbra)rrdr‘rfZPEM_read_bio_PUBKEYrXr€Ú addressofÚ _original_librèrýr(r×Ú BIO_resetr}ZPEM_read_bio_RSAPublicKeyrérër Ú_handle_key_loading_error)rurÚmem_bioÚuserdatarír‹rìr]r]r^Úload_pem_public_key s:  ÿú  ÿú    zBackend.load_pem_public_keycCs^| |¡}|j |j|jj|jj|jj¡}||jjkr)|j ||jj¡}t||ƒS|  ¡dSr„) rrfZPEM_read_bio_DHparamsrXrdr€rèr r rR)rurrSr$r]r]r^Úload_pem_parametersÊs ÿ   zBackend.load_pem_parameterscCs:| |¡}| ||¡}|r| |¡S| |jj|j||¡Sr„)rÚ"_evp_pkey_from_der_traditional_keyr%rKrfZd2i_PKCS8PrivateKey_bio)rurr rršr]r]r^rÖs   üzBackend.load_der_private_keycCsZ|j |j|jj¡}||jjkr'| ¡|j ||jj¡}|dur%tdƒ‚|S| ¡dS)Nú4Password was given but private key is not encrypted.) rfÚd2i_PrivateKey_biorXrdr€r×rèrýÚ TypeError)rurr ršr]r]r^rWës ÿz*Backend._evp_pkey_from_der_traditional_keycCs¾| |¡}|j |j|jj¡}||jjkr#|j ||jj¡}| |¡S|  ¡|j  |j¡}|  |dk¡|j  |j|jj¡}||jjkrY|j ||jj ¡}| |¡}t|||ƒS| ¡dSr†)rrfZd2i_PUBKEY_biorXrdr€rèrýr(r×rQr}Zd2i_RSAPublicKey_biorérër rR)rurrSrír‹rìr]r]r^r'þs    ÿ    zBackend.load_der_public_keycCsº| |¡}|j |j|jj¡}||jjkr#|j ||jj¡}t||ƒS|jj rW|  ¡|j  |j¡}|  |dk¡|j  |j|jj¡}||jjkrW|j ||jj¡}t||ƒS| ¡dSr†)rrfZd2i_DHparams_biorXrdr€rèr r rrr×rQr}ZCryptography_d2i_DHxparams_biorR)rurrSr$r‹r]r]r^Úload_der_parameterss    ÿ   zBackend.load_der_parametersÚcertcCóT| tjj¡}| |¡}|j |j|jj ¡}|  ||jj k¡|j  ||jj ¡}|Sr„) Ú public_bytesr'ÚEncodingÚDERrrfZ d2i_X509_biorXrdr€r}rèÚ X509_free)rur\rrSrr]r]r^Ú _cert2ossl)ó  zBackend._cert2osslrcCó4| ¡}|j ||¡}| |dk¡t | |¡¡Sr†)rrfZ i2d_X509_bior}Ú rust_x509Zload_der_x509_certificater )rurrXr‹r]r]r^Ú _ossl2cert1szBackend._ossl2certÚcsrcCr]r„) r^r'r_r`rrfZd2i_X509_REQ_biorXrdr€r}rèZ X509_REQ_free)rurgrrSÚx509_reqr]r]r^Ú _csr2ossl7rczBackend._csr2osslrhcCrdr†)rrfZi2d_X509_REQ_bior}reZload_der_x509_csrr )rurhrXr‹r]r]r^Ú _ossl2csr?ózBackend._ossl2csrÚcrlcCr]r„) r^r'r_r`rrfZd2i_X509_CRL_biorXrdr€r}rèZ X509_CRL_free)rurlrrSÚx509_crlr]r]r^Ú _crl2osslGrczBackend._crl2osslrmcCrdr†)rrfZi2d_X509_CRL_bior}reZload_der_x509_crlr )rurmrXr‹r]r]r^Ú _ossl2crlOrkzBackend._ossl2crlÚ public_keycCsJt|tttfƒs tdƒ‚| |¡}|j ||j¡}|dkr#|  ¡dSdS)NzGExpecting one of DSAPublicKey, RSAPublicKey, or EllipticCurvePublicKey.raFT) rªrr rrZrnrfZX509_CRL_verifyÚ _evp_pkeyr×)rurlrprmr‹r]r]r^Ú_crl_is_signature_validWs ýþÿ zBackend._crl_is_signature_validcCs`| |¡}|j |¡}| ||jjk¡|j ||jj¡}|j ||¡}|dkr.|  ¡dSdS)NraFT) rirfZX509_REQ_get_pubkeyr}rdr€rèrýZX509_REQ_verifyr×)rurgrhÚpkeyr‹r]r]r^Ú_csr_is_signature_validqs  zBackend._csr_is_signature_validcCs"|j |j|j¡dkrtdƒ‚dS)NrazKeys do not correspond)rfZ EVP_PKEY_cmprqr¿)ruÚkey1Úkey2r]r]r^Ú_check_keys_correspond€sÿzBackend._check_keys_correspondc Cs| |¡}|j d¡}|dur#t d|¡|j |¡}||_t|ƒ|_||j |jj |j  |j j d¡|ƒ}||jj kra|jdkr]| ¡|jdkrLtdƒ‚|jdksSJ‚td |jd ¡ƒ‚| ¡| ¡|j ||j j¡}|dur{|jdkr{td ƒ‚|dur„|jd ksŠ|dusŠJ‚||ƒS) NrMr rNréÿÿÿÿz3Password was not given but private key is encryptedéþÿÿÿzAPasswords longer than {} bytes are not supported by this backend.rarX)rrdr‘rÚ_check_byteslikerÒr r’rÍrXr€rOrfrPÚerrorr×rZr¿rxÚmaxsizerRrèrýÚcalled) ruZopenssl_read_funcZ convert_funcrr rSrTZ password_ptrrír]r]r^rK„sR     ÿú  ÿ þÿÿÿþzBackend._load_keycsžˆ ¡}|s tdƒ‚|d ˆjjˆjj¡s2|d ˆjjˆjj¡s2ˆjjr6|d ˆjj ˆjj ¡r6tdƒ‚t ‡fdd„|DƒƒrEtdƒ‚t   |¡}td|ƒ‚)Nz|Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.rz Bad decrypt. Incorrect password?c3s$|] }| ˆjjˆjj¡VqdSr„)Ú_lib_reason_matchrfÚ ERR_LIB_EVPZ'EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM)Ú.0r{rtr]r^Ú Õs€üþ ÿz4Backend._handle_key_loading_error..z!Unsupported public key algorithm.zÊCould not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).)r×r¿r~rfrZEVP_R_BAD_DECRYPTZERR_LIB_PKCS12Z!PKCS12_R_PKCS12_CIPHERFINAL_ERRORZCryptography_HAS_PROVIDERSZ ERR_LIB_PROVZPROV_R_BAD_DECRYPTÚanyr%Z_errors_with_text)rur|Zerrors_with_textr]rtr^rR¹s>ÿ ÿÿþü ÷ þö û ûz!Backend._handle_key_loading_errorÚcurvecCspz| |¡}Wn ty|jj}Ynw|j |¡}||jjkr'| ¡dS| ||jjk¡|j  |¡dS)NFT) Ú_elliptic_curve_to_nidrrfÚ NID_undefZEC_GROUP_new_by_curve_namerdr€r×r}Z EC_GROUP_free)rurƒÚ curve_nidÚgroupr]r]r^Úelliptic_curve_supportedès  ÿ   z Backend.elliptic_curve_supportedÚsignature_algorithmcCst|tjƒsdS| |¡Sr©)rªr+ZECDSArˆ)rur‰rƒr]r]r^Ú,elliptic_curve_signature_algorithm_supportedøs  z4Backend.elliptic_curve_signature_algorithm_supportedcCsX| |¡r"| |¡}|j |¡}| |dk¡| |¡}t|||ƒStd |j ¡t j ƒ‚)z@ Generate a new private key on the named curve. raz#Backend object does not support {}.) rˆÚ_ec_key_new_by_curverfZEC_KEY_generate_keyr}Ú_ec_cdata_to_evp_pkeyrrrxr¡rÚUNSUPPORTED_ELLIPTIC_CURVE)rurƒr#r‹rír]r]r^Ú#generate_elliptic_curve_private_keys      þz+Backend.generate_elliptic_curve_private_keycCsz|j}| |j¡}|j | |j¡|jj¡}|j  ||¡}|dkr)|  ¡t dƒ‚|  ||j |j¡| |¡}t|||ƒS)NraúInvalid EC key.)rør‹rƒrdrèräÚ private_valuerfÚ BN_clear_freeÚEC_KEY_set_private_keyr×r¿Ú)_ec_key_set_public_key_affine_coordinatesr@r?rŒr)rurñÚpublicr#rr‹rír]r]r^Ú#load_elliptic_curve_private_numberss ÿ ÿ  z+Backend.load_elliptic_curve_private_numberscCs4| |j¡}| ||j|j¡| |¡}t|||ƒSr„)r‹rƒr“r@r?rŒr)rurñr#rír]r]r^Ú"load_elliptic_curve_public_numbers0s  ÿ  z*Backend.load_elliptic_curve_public_numbersÚ point_bytesc Csâ| |¡}|j |¡}| ||jjk¡|j |¡}| ||jjk¡|j ||jj¡}|  ¡ }|j  |||t |ƒ|¡}|dkrI|  ¡t dƒ‚Wdƒn1sSwY|j ||¡}| |dk¡| |¡}t|||ƒS)Nraz(Invalid public bytes for the given curve)r‹rfÚEC_KEY_get0_groupr}rdr€Ú EC_POINT_newrèÚ EC_POINT_freeÚ _tmp_bn_ctxZEC_POINT_oct2pointr’r×r¿ÚEC_KEY_set_public_keyrŒr) rurƒr—r#r‡ÚpointÚbn_ctxr‹rír]r]r^Ú load_elliptic_curve_public_bytes;s&    ÿþü  z(Backend.load_elliptic_curve_public_bytesrc Csb| |¡}| |¡\}}|j |¡}| ||jjk¡|j ||jj¡}|  |¡}|j ||jj ¡}|  ¡>}|j  ||||jj|jj|¡} | | dk¡|j  |¡} |j  |¡} |||| | |ƒ} | dkrm| ¡tdƒ‚Wdƒn1swwY|j ||¡} | | dk¡|  |¡} |j | |jj ¡} |j || ¡} | | dk¡| |¡} t||| ƒS)Nraz'Unable to derive key from private_value)r‹Ú _ec_key_determine_group_get_funcrfr™r}rdr€rèršrär‘r›Z EC_POINT_mulZ BN_CTX_getr×r¿rœr’rŒr)rurrƒr#Úget_funcr‡rÚvalueržr‹Zbn_xZbn_yÚprivaterír]r]r^Ú!derive_elliptic_curve_private_keyQs8    ÿ  þö   z)Backend.derive_elliptic_curve_private_keycCr7r„)r„Ú_ec_key_new_by_curve_nid)rurƒr†r]r]r^r‹xs  zBackend._ec_key_new_by_curver†cCs0|j |¡}| ||jjk¡|j ||jj¡Sr„)rfZEC_KEY_new_by_curve_namer}rdr€rèr)rur†r#r]r]r^r¥|s z Backend._ec_key_new_by_curve_nidcCs,|jr t||jƒs dS| |¡ot|tjƒSr©)rirªÚ_fips_ecdh_curvesrˆr+ÚECDH)rur›rƒr]r]r^Ú+elliptic_curve_exchange_algorithm_supportedsÿ ÿz3Backend.elliptic_curve_exchange_algorithm_supportedcCrr†)rÿrfZEVP_PKEY_set1_EC_KEYr})rur#rír‹r]r]r^rŒrzBackend._ec_cdata_to_evp_pkeycCsNdddœ}| |j|j¡}|j | ¡¡}||jjkr%td |j¡tj ƒ‚|S)z/ Get the NID for a curve name. Z prime192v1Z prime256v1)Z secp192r1Z secp256r1z${} is not a supported elliptic curve) Úgetr¡rfÚ OBJ_sn2nidr£r…rrxrr)rurƒZ curve_aliasesZ curve_namer†r]r]r^r„“s   þzBackend._elliptic_curve_to_nidc csd|j ¡}| ||jjk¡|j ||jj¡}|j |¡z |VW|j |¡dS|j |¡wr„) rfZ BN_CTX_newr}rdr€rèZ BN_CTX_freeZ BN_CTX_startZ BN_CTX_end)ruržr]r]r^r›¤s€  zBackend._tmp_bn_ctxcCs¼| ||jjk¡|j d¡}| ||jjk¡|j |¡}| ||jjk¡|j |¡}| ||jjk¡|j |¡}| ||jjk¡||krR|jj rR|jj }n|jj }|sZJ‚||fS)zu Given an EC_KEY determine the group and what function is required to get point coordinates. scharacteristic-two-field) r}rdr€rfrªr…r˜ZEC_GROUP_method_ofZEC_METHOD_get_field_typeZCryptography_HAS_EC2MZ$EC_POINT_get_affine_coordinates_GF2mZ#EC_POINT_get_affine_coordinates_GFp)rur2Z nid_two_fieldr‡ÚmethodÚnidr¡r]r]r^r ¯s     z(Backend._ec_key_determine_group_get_funcr@r?cCst|dks|dkr tdƒ‚|j | |¡|jj¡}|j | |¡|jj¡}|j |||¡}|dkr8| ¡tdƒ‚dS)zg Sets the public key point in the EC_KEY context to the affine x and y values. rz2Invalid EC key. Both x and y must be non-negative.rarN)r¿rdrèrärfrêZ(EC_KEY_set_public_key_affine_coordinatesr×)rur2r@r?r‹r]r]r^r“Ësÿþz1Backend._ec_key_set_public_key_affine_coordinatesÚencodingrxÚencryption_algorithmc CsNt|tjƒs tdƒ‚t|tjƒstdƒ‚t|tjƒstdƒ‚t|tjƒr'd}n4t|tjƒr;|j}t |ƒdkr:t dƒ‚n t|tj ƒrW|j |urNtjj urWnt dƒ‚|j}nt dƒ‚|tjjur‚|tjjurl|jj}n|tjjurw|jj}nt dƒ‚| |||¡S|tjjur |jr–t|tjƒs–t d ƒ‚|j |¡} |tjjurÎ| |jjkr­|jj}n| |jjkr¸|jj}n| |jjkrÃ|jj}nt d ƒ‚| |||¡S|tjjur|rÛt d ƒ‚| |jjkræ|jj}n| |jjkrñ|jj}n| |jjkrü|jj }nt d ƒ‚| !||¡St d ƒ‚|tjj ur#|tjjurt" #|||¡St d ƒ‚t dƒ‚)Nú/encoding must be an item from the Encoding enumz2format must be an item from the PrivateFormat enumzBEncryption algorithm must be a KeySerializationEncryption instanceóiÿzBPasswords longer than 1023 bytes are not supported by this backendzUnsupported encryption typezUnsupported encoding for PKCS8zCEncrypted traditional OpenSSL format is not supported in FIPS mode.z+Unsupported key type for TraditionalOpenSSLzDEncryption is not supported for DER encoded traditional OpenSSL keysz+Unsupported encoding for TraditionalOpenSSLz=OpenSSH private key format can only be used with PEM encodingúformat is invalid with this key)$rªr'r_rZÚ PrivateFormatÚKeySerializationEncryptionÚ NoEncryptionÚBestAvailableEncryptionr r’r¿Ú_KeySerializationEncryptionÚ_formatÚOpenSSHZPKCS8ÚPEMrfZPEM_write_bio_PKCS8PrivateKeyr`Zi2d_PKCS8PrivateKey_bioÚ_private_key_bytes_via_bioZTraditionalOpenSSLrirrZPEM_write_bio_RSAPrivateKeyrZPEM_write_bio_DSAPrivateKeyrZPEM_write_bio_ECPrivateKeyrZi2d_ECPrivateKey_bioZi2d_DSAPrivateKey_bioÚ_bio_func_outputrQZ_serialize_ssh_private_key) rur­rxr®ršríÚcdatar Ú write_bior!r]r]r^Ú_private_key_bytesÝs´  ÿÿÿ ÿ ÿÿÿÿûú þ     ÿÿÿ        ÿÿÿ      ÿ ÿÿzBackend._private_key_bytesc Cs<|s|jj}n|j d¡}| ||||t|ƒ|jj|jj¡S)Ns aes-256-cbc)rdr€rfÚEVP_get_cipherbynamer»r’)rur½rír r½r]r]r^rºWs  ùz"Backend._private_key_bytes_via_biocGs0| ¡}||g|¢RŽ}| |dk¡| |¡Sr†)rr}r )rur½ÚargsrXr‹r]r]r^r»hs zBackend._bio_func_outputcCst|tjƒs tdƒ‚t|tjƒstdƒ‚|tjjur:|tjjur%|jj}n|tjj ur0|jj }nt dƒ‚|  ||¡S|tjj urp|j |¡}||jjkrPt dƒ‚|tjjur[|jj}n|tjj urf|jj}nt dƒ‚|  ||¡S|tjjur…|tjjurt |¡St dƒ‚t dƒ‚)Nr¯z1format must be an item from the PublicFormat enumz8SubjectPublicKeyInfo works only with PEM or DER encodingz+PKCS1 format is supported only for RSA keysz)PKCS1 works only with PEM or DER encodingz1OpenSSH format must be used with OpenSSH encodingr±)rªr'r_rZÚ PublicFormatZSubjectPublicKeyInfor¹rfZPEM_write_bio_PUBKEYr`Zi2d_PUBKEY_bior¿r»ZPKCS1rrZPEM_write_bio_RSAPublicKeyr&r¸rQZserialize_ssh_public_key)rur­rxršrír¼r½r!r]r]r^Ú_public_key_bytesns@  ÿ     ÿ            ÿzBackend._public_key_bytescCó |jj Sr„©rfrrtr]r]r^Ú dh_supported¥r™zBackend.dh_supportedÚ generatorcCs†|tjkr td tj¡ƒ‚|dvrtdƒ‚|j ¡}| ||jjk¡|j  ||jj ¡}|j  ||||jj¡}| |dk¡t ||ƒS)Nz$DH key_size must be at least {} bits)éézDH generator must be 2 or 5ra) r)Z_MIN_MODULUS_SIZEr¿rxrfÚDH_newr}rdr€rèr ZDH_generate_parameters_exr )rurÆræZdh_param_cdatar‹r]r]r^Úgenerate_dh_parameters¨s ÿÿ  ÿ zBackend.generate_dh_parameterscCrr†)rÿrfZEVP_PKEY_set1_DHr})rur$rír‹r]r]r^Ú_dh_cdata_to_evp_pkeyÀrzBackend._dh_cdata_to_evp_pkeycCs<t|j|ƒ}|j |¡}| |dk¡| |¡}t|||ƒSr†)rZ _dh_cdatarfZDH_generate_keyr}rËr )rur4Z dh_key_cdatar‹rír]r]r^Úgenerate_dh_private_keyÆsÿ   zBackend.generate_dh_private_keycCs| | ||¡¡Sr„)rÌrÊ)rurÆrær]r]r^Ú&generate_dh_private_key_and_parametersÔs ÿz.Backend.generate_dh_private_key_and_parametersc Cs8|jj}|j ¡}| ||jjk¡|j ||jj¡}|  |j ¡}|  |j ¡}|j dur3|  |j ¡}n|jj}|  |jj ¡}|  |j¡}|j ||||¡} | | dk¡|j |||¡} | | dk¡|j dd¡} |j || ¡} | | dk¡| ddkr‘|j dkr| d|jjAdks‘tdƒ‚| |¡} t||| ƒS)Nraúint[]rrÇz.DH private numbers did not pass safety checks.)rør>rfrÉr}rdr€rèr räròr:rór?r@Ú DH_set0_pqgÚ DH_set0_keyr‘ÚCryptography_DH_checkZDH_NOT_SUITABLE_GENERATORr¿rËr ) rurñr>r$ròr:rór;r<r‹Úcodesrír]r]r^Úload_dh_private_numbersÛs4      ÿþ  zBackend.load_dh_private_numbersc CsÐ|j ¡}| ||jjk¡|j ||jj¡}|j}| |j ¡}| |j ¡}|j dur2| |j ¡}n|jj}| |j ¡}|j  ||||¡}| |dk¡|j |||jj¡}| |dk¡| |¡} t||| ƒSr†)rfrÉr}rdr€rèr r>räròr:rór?rÏrÐrËr ) rurñr$r>ròr:rór;r‹rír]r]r^Úload_dh_public_numbers s       zBackend.load_dh_public_numberscCs|j ¡}| ||jjk¡|j ||jj¡}| |j¡}| |j ¡}|j dur/| |j ¡}n|jj}|j  ||||¡}| |dk¡t ||ƒSr†) rfrÉr}rdr€rèr räròr:rórÏr )rurñr$ròr:rór‹r]r]r^Úload_dh_parameter_numbers(s     z!Backend.load_dh_parameter_numbersròr:rócCs´|j ¡}| ||jjk¡|j ||jj¡}| |¡}| |¡}|dur+| |¡}n|jj}|j ||||¡}| |dk¡|j  dd¡}|j  ||¡}| |dk¡|ddkS)NrarÎr) rfrÉr}rdr€rèr rärÏr‘rÑ)ruròr:rór$r‹rÒr]r]r^Údh_parameters_supported<s     zBackend.dh_parameters_supportedcCs |jjdkSr†)rfrrrtr]r]r^Údh_x942_serialization_supportedTrØz'Backend.dh_x942_serialization_supportedcCsht|ƒdkr tdƒ‚| ¡}|j ||jj¡}| |dk¡|j ||t|ƒ¡}| |dk¡t||ƒS)Né z%An X25519 public key is 32 bytes longra) r’r¿rÿrfZEVP_PKEY_set_typeÚ NID_X25519r}ZEVP_PKEY_set1_tls_encodedpointr")rurrír‹r]r]r^Úx25519_load_public_bytesWs  ÿ z Backend.x25519_load_public_bytescCsÀt|ƒdkr tdƒ‚d}| d¡#}||dd…<||dd…<| |¡}|j |j|jj¡}Wdƒn1s7wY|  ||jjk¡|j  ||jj ¡}|  |j  |¡|jj k¡t||ƒS)NrØz&An X25519 private key is 32 bytes longs0.0+en" é0ré)r’r¿Ú_zeroed_bytearrayrrfrYrXrdr€r}rèrýrr r!)rurZ pkcs8_prefixÚbarXrír]r]r^Úx25519_load_private_bytesfs     üÿ z!Backend.x25519_load_private_bytescCs¨|j ||jj¡}| ||jjk¡|j ||jj¡}|j |¡}| |dk¡|j d¡}|j  ||¡}| |dk¡| |d|jjk¡|j |d|jj ¡}|S)Nraú EVP_PKEY **r) rfZEVP_PKEY_CTX_new_idrdr€r}rèZEVP_PKEY_CTX_freeZEVP_PKEY_keygen_initr‘ZEVP_PKEY_keygenrý)rur¬Z evp_pkey_ctxr‹Z evp_ppkeyrír]r]r^Ú_evp_pkey_keygen_gcŠs  zBackend._evp_pkey_keygen_gccCó| |jj¡}t||ƒSr„)rárfrÙr!rþr]r]r^Úx25519_generate_key—ó zBackend.x25519_generate_keycCó|jrdS|jj Sr©)rirfrrtr]r]r^Úx25519_supported›ó zBackend.x25519_supportedcCs`t|ƒdkr tdƒ‚|j |jj|jj|t|ƒ¡}| ||jjk¡|j ||jj ¡}t ||ƒS)Né8z#An X448 public key is 56 bytes long) r’r¿rfÚEVP_PKEY_new_raw_public_keyÚNID_X448rdr€r}rèrýr$©rurrír]r]r^Úx448_load_public_bytes s ÿ zBackend.x448_load_public_bytescCslt|ƒdkr tdƒ‚|j |¡}|j |jj|jj|t|ƒ¡}| ||jjk¡|j  ||jj ¡}t ||ƒS)Nrèz$An X448 private key is 56 bytes long) r’r¿rdrÒrfÚEVP_PKEY_new_raw_private_keyrêr€r}rèrýr#©rurrrír]r]r^Úx448_load_private_bytes«s  ÿ zBackend.x448_load_private_bytescCrâr„)rárfrêr#rþr]r]r^Úx448_generate_key·räzBackend.x448_generate_keycCó|jrdS|jj o|jj Sr©)rirfZ"CRYPTOGRAPHY_OPENSSL_LESS_THAN_111rrtr]r]r^Úx448_supported»ó  þzBackend.x448_supportedcCrår©)rirfÚ#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111Brtr]r]r^Úed25519_supportedÃrçzBackend.ed25519_supportedcCsnt d|¡t|ƒtjkrtdƒ‚|j |jj|j j |t|ƒ¡}|  ||j j k¡|j   ||jj ¡}t||ƒS)Nrz&An Ed25519 public key is 32 bytes long)rÚ _check_bytesr’r,Ú_ED25519_KEY_SIZEr¿rfréÚ NID_ED25519rdr€r}rèrýrrër]r]r^Úed25519_load_public_bytesÈs ÿ z!Backend.ed25519_load_public_bytescCszt|ƒtjkr tdƒ‚t d|¡|j |¡}|j  |jj |jj |t|ƒ¡}|  ||jj k¡|j  ||jj¡}t||ƒS)Nz'An Ed25519 private key is 32 bytes longr)r’r,r÷r¿rrzrdrÒrfrírør€r}rèrýrrîr]r]r^Úed25519_load_private_bytesØs  ÿ z"Backend.ed25519_load_private_bytescCrâr„)rárfrørrþr]r]r^Úed25519_generate_keyèräzBackend.ed25519_generate_keycCrñr©)rirfrôrrtr]r]r^Úed448_supportedìrózBackend.ed448_supportedcCslt d|¡t|ƒtkrtdƒ‚|j |jj|jj |t|ƒ¡}|  ||jj k¡|j  ||jj ¡}t ||ƒS)Nrz$An Ed448 public key is 57 bytes long)rrör’rr¿rfréÚ NID_ED448rdr€r}rèrýrrër]r]r^Úed448_load_public_bytesôs  ÿ zBackend.ed448_load_public_bytescCsxt d|¡t|ƒtkrtdƒ‚|j |¡}|j |jj |jj |t|ƒ¡}|  ||jj k¡|j  ||jj ¡}t||ƒS)Nrz%An Ed448 private key is 57 bytes long)rrzr’rr¿rdrÒrfrírýr€r}rèrýrrîr]r]r^Úed448_load_private_bytess   ÿ z Backend.ed448_load_private_bytescCrâr„)rárfrýrrþr]r]r^Úed448_generate_keyräzBackend.ed448_generate_keyrùÚrc Cs†|j d|¡}|j |¡}|j |t|ƒ|t|ƒ|||tj||¡ } | dkr9| ¡} d||d} t d  | ¡| ƒ‚|j  |¡dd…S)NrÑraé€izJNot enough memory to derive key. These parameters require {} MB of memory.) rdr‘rÒrfZEVP_PBE_scryptr’rOZ _MEM_LIMITrÙÚ MemoryErrorrxrÓ) rurÐrÎrÍrùrròr•rÔr‹r|Z min_memoryr]r]r^Ú derive_scrypts. ö ýzBackend.derive_scryptcCsHt |¡}|jr||jvrdS| d¡r|jjdkS|j |¡|jj kS)NFs-sivra) rZ_aead_cipher_nameriÚ _fips_aeadÚendswithrfÚ#CRYPTOGRAPHY_OPENSSL_300_OR_GREATERr¿rdr€)rur¸Ú cipher_namer]r]r^Úaead_cipher_supported6s   ÿzBackend.aead_cipher_supportedc cs2t|ƒ}z |VW| ||¡dS| ||¡w)zÁ This method creates a bytearray, which we copy data into (hopefully also from a mutable buffer that can be dynamically erased!), and then zero when we're done. N)Ú bytearrayÚ _zero_data)rurÍrÞr]r]r^rÝDs €zBackend._zeroed_bytearraycCst|ƒD]}d||<qdSr~)Úrange)rurrÍÚir]r]r^r Qs  ÿzBackend._zero_datac cs~|dur |jjVdSt|ƒ}|j d|d¡}|j |||¡z|VW| |j d|¡|¡dS| |j d|¡|¡w)aâ This method takes bytes, which can be a bytestring or a mutable buffer like a bytearray, and yields a null-terminated version of that data. This is required because PKCS12_parse doesn't take a length with its password char * and ffi.from_buffer doesn't provide null termination. So, to support zeroing the data via bytearray we need to build this ridiculous construct that copies the memory, but zeroes it after use. NrŽraz uint8_t *)rdr€r’r‘Úmemmover Úcast)rurÚdata_lenr•r]r]r^Ú_zeroed_null_terminated_bufXs€ 2z#Backend._zeroed_null_terminated_bufcCs2| ||¡}|j|jr|jjnddd„|jDƒfS)NcSsg|]}|j‘qSr])Ú certificate©r€r\r]r]r^Ú zszABackend.load_key_and_certificates_from_pkcs12..)Ú load_pkcs12ršr\rZadditional_certs)rurr Zpkcs12r]r]r^Ú%load_key_and_certificates_from_pkcs12os ýz-Backend.load_key_and_certificates_from_pkcs12cCs~|dur t d|¡| |¡}|j |j|jj¡}||jjkr'| ¡t dƒ‚|j  ||jj ¡}|j  d¡}|j  d¡}|j  d¡}|  |¡}|j |||||¡} Wdƒn1s\wY|jjri| ¡| dkru| ¡t dƒ‚d} d} g} |d|jjkr“|j  |d|jj¡} | | ¡} |d|jjkrÇ|j  |d|jj¡}| |¡}d}|j ||jj¡}||jjkrÂ|j |¡}t||ƒ} |d|jjkr9|j  |d|jj¡}|j |d¡}|jjsë|jjrðt|ƒ}ntt|ƒƒ}|D]@}|j ||¡}| ||jjk¡|j  ||jj¡}| |¡}d}|j ||jj¡}||jjkr0|j |¡}|  t||ƒ¡qøt | | | ƒS)Nr z!Could not deserialize PKCS12 dataràzX509 **zCryptography_STACK_OF_X509 **rzInvalid password or PKCS12 data)!rrzrrfZd2i_PKCS12_biorXrdr€r×r¿rèÚ PKCS12_freer‘rZ PKCS12_parseZ#CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340rýr%rarfZX509_alias_get0r“rSÚ sk_X509_freeÚ sk_X509_numrrr ÚreversedÚ sk_X509_valuer}rsrT)rurr rXÚp12Z evp_pkey_ptrZx509_ptrZ sk_x509_ptrÚ password_bufr‹r\ršZadditional_certificatesrírZcert_objr¡Z maybe_nameÚsk_x509ràÚindicesr Z addl_certZ addl_namer]r]r^r}sr        ÿÿ     ÿþ    ÿ zBackend.load_pkcs12r¡ÚcascCs‚d}|dur t d|¡t|tjƒrd}d}d} d} |jj} nšt|tjƒrF|jj r2|jj }|jj }n|jj }|jj }d} d} |jj} |j }nst|tj ƒrµ|jtjjurµd}d}d} d} |j }|j} | tjuro|jj }|jj }n| tjur…|jj s|tdƒ‚|jj }|jj }n| dus‹J‚|jdur¨|jjs˜tdƒ‚| |j¡} | | |jjk¡n|jj} |jdur´|j} ntdƒ‚|dusÃt|ƒdkrÈ|jj} nb|j ¡} |j | |jj¡} g}|D]O}t|t ƒr|j!}| "|j#¡}| $|¡}|j %||d¡}| |dk¡Wdƒn 1s wYn| "|¡}| &|¡|j '| |¡}t( |dk¡qÚ| $|¡`}| $|¡0}|r>| "|¡n|jj}|durK|j)}n|jj}|j *||||| ||| | d¡ }Wdƒn 1siwY|jjrˆ| |jjkrˆ|j +||d|jjd| | ¡Wdƒn 1s“wY| ||jjk¡|j ||jj,¡}| -¡}|j .||¡}| |dk¡| /|¡S) Nr¡rxri Nraz2PBESv2 is not supported by this version of OpenSSLzBSetting MAC algorithm is not supported by this version of OpenSSL.zUnsupported key encryption type)0rrörªr'r´rdr€rµrfrZNID_aes_256_cbcZ&NID_pbe_WithSHA1And3_Key_TripleDES_CBCr r¶r·r²ZPKCS12Z_key_cert_algorithmrRZPBESv1SHA1And3KeyTripleDESCBCZPBESv2SHA256AndAES256CBCrZ _hmac_hashZCryptography_HAS_PKCS12_SET_MACr¨r}Z _kdf_roundsr¿r’Úsk_X509_new_nullrèrrSZ friendly_namerbrrZX509_alias_set1rsÚ sk_X509_pushÚbackendrqZ PKCS12_createZPKCS12_set_macrrZi2d_PKCS12_bior )rur¡ršr\r r®r Znid_certZnid_keyZ pkcs12_iterZmac_iterZmac_algZ keycertalgrZossl_casÚcaZca_aliasZossl_caZ ca_name_bufr‹rZname_bufÚ ossl_certrírrXr]r]r^Ú(serialize_key_and_certificates_to_pkcs12Êsö   ÿ ÿÿÿü    ÿ   ÿÿ €    ÿÿú€     öùÿ þù€ç# z0Backend.serialize_key_and_certificates_to_pkcs12cCr²r³)rirfZCryptography_HAS_POLY1305rtr]r]r^Úpoly1305_supportedg s zBackend.poly1305_supportedcCs*t d|¡t|ƒtkrtdƒ‚t||ƒS)NršzA poly1305 key is 32 bytes long)rrzr’rr¿r)ruršr]r]r^Úcreate_poly1305_ctxl s   zBackend.create_poly1305_ctxcCrÃr„rÄrtr]r]r^Úpkcs7_supporteds r™zBackend.pkcs7_supportedcCsnt d|¡| |¡}|j |j|jj|jj|jj¡}||jjkr)| ¡t dƒ‚|j  ||jj ¡}|  |¡S©NrzUnable to parse PKCS7 data) rrörrfZPEM_read_bio_PKCS7rXrdr€r×r¿rèÚ PKCS7_freeÚ_load_pkcs7_certificates©rurrXÚp7r]r]r^Úload_pem_pkcs7_certificatesv s  ÿ  z#Backend.load_pem_pkcs7_certificatescCsbt d|¡| |¡}|j |j|jj¡}||jjkr#| ¡t dƒ‚|j  ||jj ¡}|  |¡Sr*) rrörrfZ d2i_PKCS7_biorXrdr€r×r¿rèr+r,r-r]r]r^Úload_der_pkcs7_certificates… s    z#Backend.load_der_pkcs7_certificatesc CsÊ|j |j¡}| ||jjk¡||jjkrtd |¡tj ƒ‚|j j j }|j  |¡}g}t|ƒD]2}|j ||¡}| ||jjk¡|j |¡}| |dk¡|j ||jj¡}| |¡} | | ¡q0|S)NzNOnly basic signed structures are currently supported. NID for this data was {}ra)rfZ OBJ_obj2nidrºr}r…ZNID_pkcs7_signedrrxrZUNSUPPORTED_SERIALIZATIONrôÚsignr\rr rrdr€Z X509_up_refrèrarfrs) rur.r¬rràÚcertsr rr‹r\r]r]r^r,’ s( ý      z Backend._load_pkcs7_certificatesr2c Cs"t|ƒ}|rtdd„|Dƒƒstdƒ‚|tjjtjjfvr!tdƒ‚|j ¡}|j   ||jj ¡}g}|D]}|  |¡}|  |¡|j ||¡}| |dk¡q3|j |j j|j j||j j|jj¡}| ¡} |tjjurv|j | ||j jd¡}n|tjjus~J‚|j | |¡}| |dk¡| | ¡S)Ncss|] }t|tjƒVqdSr„)rªrÚ Certificaterr]r]r^r² s€  ÿz7Backend.pkcs7_serialize_certificates..z.certs must be a list of certs with length >= 1z/encoding must DER or PEM from the Encoding enumrar)ÚlistÚallrZr'r_r¹r`rfr!rdrèrrbrsr"r}Ú PKCS7_signr€Ú PKCS7_PARTIALrÚPEM_write_bio_PKCS7_streamÚ i2d_PKCS7_bior ) rur2r­Zcerts_skÚ ossl_certsr\r%r‹r.Úbio_outr]r]r^Úpkcs7_serialize_certificates¬ sD ÿþ   û  ÿ z$Backend.pkcs7_serialize_certificatesÚbuilderÚoptionscCs´|jdusJ‚| |j¡}|jj}d}t|jƒdkr|jj}n.|j ¡}|j  ||jj ¡}g}|jD]} |  | ¡} |  | ¡|j  || ¡} | | dk¡q2tjj|vr_||jjO}||jjO}|j |jj|jj||jj|¡} | | |jjk¡|j  | |jj¡} d} tjj|vr| |jjO} n tjj|vrœ| |jjO} tjj|vr¨| |jjO} |jD]#\}}}|  |¡} | |¡}|j | | |j|| ¡}| ||jjk¡q«|D]}|tjjurà||jj O}qÑ|tjj!urì||jj"O}qÑ| #¡}|t$j%j&ur|j '|| |j(|¡} nK|t$j%j)ur%|j *| |j(|¡} | | dk¡|j +|| |j(|¡} n)|t$j%j,us.J‚|j *| |j(|¡} | | dk¡|jj-rG| .¡|j /|| ¡} | | dk¡| 0|¡S)Nrra)1Ú_datarrfr7r’Z_additional_certsrdr€r!rèrrbrsr"r}rPÚ PKCS7OptionsZDetachedSignatureZPKCS7_DETACHEDr6r+ZNoCapabilitiesZPKCS7_NOSMIMECAPZ NoAttributesZ PKCS7_NOATTRZNoCertsZ PKCS7_NOCERTSZ_signersr¨ZPKCS7_sign_add_signerrqÚTextZ PKCS7_TEXTÚBinaryZ PKCS7_BINARYrr'r_ZSMIMEZSMIME_write_PKCS7rXr¹Z PKCS7_finalr8r`rr×r9r )rur=r­r>rXZ init_flagsZ final_flagsr2r:r\r%r‹r.Z signer_flagsrZ private_keyZhash_algorithmÚmdZ p7signerinfoÚoptionr;r]r]r^Ú pkcs7_signÛ sŠ         û       û   € ÿ ÿ  zBackend.pkcs7_signr„)rwN)ûrZr[r\Ú__doc__r¡rr:r¹r&r)r*r+r,Z SHA512_224Z SHA512_256ZSHA3_224ZSHA3_256ZSHA3_384ZSHA3_512ZSHAKE128ZSHAKE256r«r+Z SECP224R1Z SECP256R1Z SECP384R1Z SECP521R1r¦Z_fips_rsa_min_key_sizeZ_fips_rsa_min_public_exponentZ_fips_dsa_min_modulusZ_fips_dh_min_key_sizeZ_fips_dh_min_modulusrvÚstrrzr‚ÚtypingÚOptionalÚListr%Z _OpenSSLErrorr}rhr…rŒÚ contextlibrrrpr–ryrÛr˜ÚbytesZ HashAlgorithmrrœr¦r¨r¬r±r´rµZ HashContextr·r9rLr¾rÂrkrrÉrËrÌrÕr×Z_OpenSSLErrorWithTextrÙrßrär.Z RSAPrivateKeyrîrðZRSAPrivateNumbersrûZRSAPublicNumbersZ RSAPublicKeyrürÿrërrr r6r%r7r(r-r(r0r*Z DSAParametersr3Z DSAPrivateKeyr6r8r=ZDSAPrivateNumbersrAZDSAPublicNumbersZ DSAPublicKeyrCZDSAParameterNumbersrDr5rErFrIr8r rJrLrUr)Z DHParametersrVrrWr'r[rr3ÚAnyrbrfZCertificateSigningRequestrirjZCertificateRevocationListrnror5rrrtrwrKÚNoReturnrRZ EllipticCurverˆZEllipticCurveSignatureAlgorithmrŠZEllipticCurvePrivateKeyrŽZEllipticCurvePrivateNumbersr•ZEllipticCurvePublicNumbersZEllipticCurvePublicKeyr–rŸr¤r‹r¥r§r¨rŒr„r›r r“r'r_r²r³r¾rºr»rÁrÂrÅrÊrËZ DHPrivateKeyrÌrÍZDHPrivateNumbersrÓZDHPublicNumbersZ DHPublicKeyrÔZDHParameterNumbersrÕrÖr×r/ZX25519PublicKeyrÚZX25519PrivateKeyrßrárãrær0Z X448PublicKeyrìZX448PrivateKeyrïrðròrõr,ZEd25519PublicKeyrùZEd25519PrivateKeyrúrûrür-ZEd448PublicKeyrþZEd448PrivateKeyrÿrrr ÚIteratorr rÝr rÚTuplerrTrrUrVr&r'rr(r)r/r0r,r<rPZPKCS7SignatureBuilderr@rEr]r]r]r^r_‡s~ ôüýþý ü      ÿÿ þ ÿ þ ÿ þ 4ÿÿ þÿÿ þþýüûú ù  þ ÿÿ þÿÿ þ ÿ þ$ÿ þ   @: ÿ þ ÿ þÿ þÿ þÿ þÿÿ þ * ÿÿ þÿ þÿ þþý üÿ þ5/þý ü ÿ þÿ þÿ þ ÿÿ þÿÿ þ'ÿÿ þ   þýü øzþý ù7ÿÿ þÿ þÿÿ þÿ þ0ÿ þÿ þÿÿÿÿ þÿ þ $   ÿþÿþ þýüûúùø# ÿÿ  þÿþÿÿþMþý üûúùÿ þÿ þ  þý/þý üûr_c@s0eZdZdefdd„Zdededefdd„Zd S) rÃÚfmtcCs ||_dSr„)Ú_fmt)rurQr]r]r^rv? r™zGetCipherByName.__init__r#r¸rƒcCsd|jj||d ¡}|j | d¡¡}||jjkr,|jjr,|j  |jj| d¡|jj¡}|  ¡|S)N)r¸rƒr) rRrxÚlowerrfr¿r£rdr€ZCryptography_HAS_300_EVP_CIPHERZEVP_CIPHER_fetchr×)rur#r¸rƒrr½r]r]r^Ú__call__B sÿ ÿþýzGetCipherByName.__call__N) rZr[r\rGrvr_r9rLrTr]r]r]r^rÃ> srÃr#r¸cCs"d |jd¡}|j | d¡¡S)Nz aes-{}-xtsrÇr)rxrærfr¿r£)r#r¸rƒrr]r]r^rÆW srÆ)|Ú collectionsrKrÄrHrmrZ cryptographyrrZcryptography.exceptionsrrZ$cryptography.hazmat.backends.opensslrZ,cryptography.hazmat.backends.openssl.ciphersrZ)cryptography.hazmat.backends.openssl.cmacr Z'cryptography.hazmat.backends.openssl.dhr r r rZ(cryptography.hazmat.backends.openssl.dsarrrZ'cryptography.hazmat.backends.openssl.ecrrZ,cryptography.hazmat.backends.openssl.ed25519rrZ*cryptography.hazmat.backends.openssl.ed448rrrZ+cryptography.hazmat.backends.openssl.hashesrZ)cryptography.hazmat.backends.openssl.hmacrZ-cryptography.hazmat.backends.openssl.poly1305rrZ(cryptography.hazmat.backends.openssl.rsarr Z+cryptography.hazmat.backends.openssl.x25519r!r"Z)cryptography.hazmat.backends.openssl.x448r#r$Z"cryptography.hazmat.bindings._rustreZ$cryptography.hazmat.bindings.opensslr%Zcryptography.hazmat.primitivesr&r'Z*cryptography.hazmat.primitives._asymmetricr(Z)cryptography.hazmat.primitives.asymmetricr)r*r+r,r-r.r/r0Z1cryptography.hazmat.primitives.asymmetric.paddingr1r2r3r4Z/cryptography.hazmat.primitives.asymmetric.typesr5r6r7Z&cryptography.hazmat.primitives.ciphersr8r9Z1cryptography.hazmat.primitives.ciphers.algorithmsr:r;r<r=r>r?r@rArBrCrDrEZ,cryptography.hazmat.primitives.ciphers.modesrFrGrHrIrJrKrLrMrNZ"cryptography.hazmat.primitives.kdfrOZ,cryptography.hazmat.primitives.serializationrPrQZ3cryptography.hazmat.primitives.serialization.pkcs12rRrSrTrUrVÚ namedtuplerWrYr_rÃrÆr#r]r]r]r^Úsx         ( 8,  J