/<\c@`sddlmZmZmZddlZddlZddlZddlZddlmZddl Z ddl Z ddl m Z ddlmZmZddlmZmZddlmZmZmZmZmZmZmZmZmZmZmZm Z m!Z!ddl"m#Z#dd l$m%Z%dd l&m'Z'dd l(m)Z)m*Z*dd l+m,Z,m-Z-m.Z.m/Z/dd l0m1Z1m2Z2m3Z3ddl4m5Z5m6Z6ddl7m8Z8m9Z9ddl:m;Z;m<Z<m=Z=ddl>m?Z?m@Z@mAZAmBZBmCZCmDZDmEZEmFZFmGZGddlHmIZIddlJmKZKddlLmMZMmNZNddlOmPZPmQZQddlRmSZSmTZTddlUmVZVmWZWddlXmYZYmZZZddl[m\Z\m]Z]m^Z^m_Z_ddl`maZaddlbmcZcmdZdddlemfZfmgZgmhZhmiZiddljmkZkmlZlmmZmmnZnddlompZpmqZqmrZrmsZsmtZtmuZumvZvmwZwmxZxddlymzZzm{Z{m|Z|m}Z}m~Z~mZmZmZdd lmZdd!lmZdd"lmZejd#d$d%gZejeejeejeejeejeejeejeejeejeejeejeeje!ejeajjje d&efd'YZd(efd)YZd*ZeZdS(+i(tabsolute_importtdivisiontprint_functionN(tcontextmanager(trange(tutilstx509(tUnsupportedAlgorithmt_Reasons( t CMACBackendt CipherBackendtDERSerializationBackendt DHBackendt DSABackendtEllipticCurveBackendt HMACBackendt HashBackendtPBKDF2HMACBackendtPEMSerializationBackendt RSABackendt ScryptBackendt X509Backend(taead(t_CipherContext(t _CMACContext(t_CRL_ENTRY_REASON_ENUM_TO_CODEt _Integers(t _DHParameterst _DHPrivateKeyt _DHPublicKeyt_dh_params_dup(t_DSAParameterst_DSAPrivateKeyt _DSAPublicKey(t_EllipticCurvePrivateKeyt_EllipticCurvePublicKey(t_Ed25519PrivateKeyt_Ed25519PublicKey(t_ED448_KEY_SIZEt_Ed448PrivateKeyt_Ed448PublicKey( t$_CRL_ENTRY_EXTENSION_ENCODE_HANDLERSt_CRL_EXTENSION_ENCODE_HANDLERSt_EXTENSION_ENCODE_HANDLERSt)_OCSP_BASICRESP_EXTENSION_ENCODE_HANDLERSt'_OCSP_REQUEST_EXTENSION_ENCODE_HANDLERSt_encode_asn1_int_gct_encode_asn1_str_gct_encode_name_gct _txt2obj_gc(t _HashContext(t _HMACContext(t _OCSPRequestt _OCSPResponse(t_POLY1305_KEY_SIZEt_Poly1305Context(t_RSAPrivateKeyt _RSAPublicKey(t_X25519PrivateKeyt_X25519PublicKey(t_X448PrivateKeyt_X448PublicKey(t _Certificatet_CertificateRevocationListt_CertificateSigningRequestt_RevokedCertificate(tbinding(thashest serialization(tdsatected25519trsa(tMGF1tOAEPtPKCS1v15tPSS( tAEStARC4tBlowfishtCAST5tCamelliatChaCha20tIDEAtSEEDt TripleDES(tCBCtCFBtCFB8tCTRtECBtGCMtOFBtXTS(tscrypt(tssh(tocspt _MemoryBIOtbiotchar_ptrtBackendcB`seZdZdZdZdZdZejdZ dZ dZ dZ d Z d Zd Zd Zd ZdZdZdZdZdZdZdZdZdZdZdZddZdZdZ dZ!dZ"dZ#dZ$d Z%d!Z&d"Z'd#Z(d$Z)d%Z*d&Z+d'Z,d(Z-d)Z.d*Z/d+Z0d,Z1d-Z2d.Z3d/Z4d0Z5d1Z6d2Z7d3Z8d4Z9d5Z:d6Z;d7Z<d8Z=d9Z>d:Z?d;Z@d<ZAd=ZBd>ZCd?ZDd@ZEdAZFdBZGdCZHdDZIdEZJdFZKdGZLdHZMdIZNdJZOdKZPdLZQdMZRdNZSdOZTdPZUdQZVdRZWdSZXdTZYdUZZdVZ[dWZ\dXZ]dYZ^dZZ_ed[Z`d\Zad]Zbd^Zcd_Zdd`ZedaZfdbZgdcZhddZideZjdfZkdgZldhZmdiZnddjZodkZpdlZqdmZrdnZsdoZtdpZudqZvdrZwdsZxdtZyduZzdvZ{dwZ|dxZ}dyZ~dzZd{Zd|Zd}Zd~ZdZejdZdZejdZdZdZdZRS(s) OpenSSL API binding interfaces. topensslcC`stj|_|jj|_|jj|_i|_|j|j |jj g|_ |jj r|j j |jjndS(N(RBtBindingt_bindingtffit_ffitlibt_libt_cipher_registryt_register_default_cipherstactivate_osrandom_enginet EVP_PKEY_DHt _dh_typestCryptography_HAS_EVP_PKEY_DHXtappendt EVP_PKEY_DHX(tself((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt__init__ss    cC`stj|j|S(N(RBt_openssl_assertRk(Rttok((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytopenssl_assertscC`sy|jjru|jj}||jjkru|jj||jj|jj|}|j|dkqundS(Ni( RktCryptography_HAS_ENGINEtENGINE_get_default_RANDRitNULLtENGINE_unregister_RANDt RAND_cleanupt ENGINE_finishRx(Rttetres((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytactivate_builtin_randoms  cc`s|jj|jj}|j||jjk|jj|}|j|dkz |VWd|jj|}|j|dk|jj|}|j|dkXdS(Ni( Rkt ENGINE_by_idtCryptography_osrandom_engine_idRxRiR{t ENGINE_initt ENGINE_freeR~(RtRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt_get_osurandom_engines cC`sd|jjr`|j|j,}|jj|}|j|dkWdQX|jjndS(Ni(RkRyRRtENGINE_set_default_RANDRxR}(RtRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyRns   c C`s|jjdd}|jG}|jj|dt|||jjd}|j|dkWdQX|jj|j dS(Nschar[]i@tget_implementationitascii( RitnewRRktENGINE_ctrl_cmdtlenR{Rxtstringtdecode(RttbufRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytosrandom_engine_implementations cC`s+|jj|jj|jjjdS(s Friendly string name of the loaded OpenSSL library. This is not necessarily the same version as it was compiled against. Example: OpenSSL 1.0.1e 11 Feb 2013 R(RiRRktOpenSSL_versiontOPENSSL_VERSIONR(Rt((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytopenssl_version_texts cC`s |jjS(N(RktOpenSSL_version_num(Rt((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytopenssl_version_numberscC`st|||S(N(R3(Rttkeyt algorithm((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_hmac_ctxscC`sn|jdks|jdkrFdj|j|jdjd}n|jjd}|jj|}|S(Ntblake2btblake2ss{}{}iR(tnametformatt digest_sizetencodeRktEVP_get_digestbyname(RtRtalgtevp_md((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt_evp_md_from_algorithms cC`s,|j|}|j||jjk|S(N(RRxRiR{(RtRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt_evp_md_non_null_from_algorithmscC`s|j|}||jjkS(N(RRiR{(RtRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pythash_supportedscC`s |j|S(N(R(RtR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pythmac_supportedscC`s t||S(N(R2(RtR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_hash_ctxscC`sZy#|jt|t|f}Wntk r7tSX||||}|jj|kS(N(RlttypetKeyErrortFalseRiR{(Rttciphertmodetadaptert evp_cipher((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytcipher_supporteds # cC`sG||f|jkr0tdj||n||j||fR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytgenerate_dsa_private_keyxs cC`s|j|}|j|S(N(R?RE(RtRRD((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt'generate_dsa_private_key_and_parametersscC`s]|jj||||}|j|dk|jj|||}|j|dkdS(Ni(Rkt DSA_set0_pqgRxt DSA_set0_key(RtR(RRtgtpub_keytpriv_keyR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt_dsa_cdata_set_valuessc C`stj||jj}|jj}|j||jjk|jj ||jj }|j |j }|j |j }|j |j}|j |jj}|j |j}|j|||||||j|} t||| S(N(REt_check_dsa_private_numbersRtparameter_numbersRkR<RxRiR{RR RRRRItytxRLRCR ( RtRRNR(RRRIRJRKR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_dsa_private_numberss  c C`stj|j|jj}|j||jjk|jj||jj }|j |jj }|j |jj }|j |jj }|j |j}|jj}|j|||||||j|}t|||S(N(REt_check_dsa_parametersRNRkR<RxRiR{RR RRRRIRORLRCR!( RtRR(RRRIRJRKR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_dsa_public_numberss cC`stj||jj}|j||jjk|jj||jj}|j |j }|j |j }|j |j }|jj ||||}|j|dkt||S(Ni(RERRRkR<RxRiR{RR RRRRIRGR(RtRR(RRRIR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_dsa_parameter_numberss cC`s8|j}|jj||}|j|dk|S(Ni(RRktEVP_PKEY_set1_DSARx(RtR(RR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyRCs cC`s |j|S(N(R(RtR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytdsa_hash_supportedscC`stS(N(R5(RtRRRI((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytdsa_parameters_supportedscC`s|j|td|jS(Ns(RRVt block_size(RtR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytcmac_algorithm_supportedscC`s t||S(N(R(RtR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_cmac_ctxsc `sZt|tjs!tdnt|tjrUt|tj rUtdnj|}j j }j |j j kj j|j j}j j|tjjj}j |dkj j|t|j}j |dk|j}j j||j}j |dkj j}j |j j kj j|fd}jd|jdtd|dj jd t j j!||}j |dkj j"||j|}|d krMj#} j | d j$j j%j j&td nt'|S( Ns.Algorithm must be a registered hash algorithm.s5MD5 is not a supported hash algorithm for EC/DSA CSRsic`s(jj|jjjjdS(NtX509_EXTENSION_free(Rktsk_X509_EXTENSION_pop_freeRit addressoft _original_lib(RP(Rt(sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyts  t extensionsthandlerstx509_objtadd_funcRisDigest too big for RSA key((R.RCt HashAlgorithmt TypeErrortMD5RHt RSAPrivateKeyRRRkt X509_REQ_newRxRiR{Rt X509_REQ_freetX509_REQ_set_versionRtVersiontv1tvaluetX509_REQ_set_subject_nameR0t _subject_namet public_keytX509_REQ_set_pubkeyt _evp_pkeytsk_X509_EXTENSION_new_nullt_create_x509_extensionst _extensionsR+tsk_X509_EXTENSION_insertRtX509_REQ_add_extensionst X509_REQ_signRt_lib_reason_matcht ERR_LIB_RSAt RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEYR@( Rttbuildert private_keyRRtx509_reqRRpt sk_extensionterrors((RtsKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_x509_csrsT             c C`st|tjs!tdnt|tjsBtdnt|tjrvt|tj rvt dn|j |}|j j }|j j|tj j}|j j||jj}|j|dk|j j|t||j}|j|dk|j j||jj}|j|dkt||j}|j j||}|j|dk|j|j j||j |j|j j!||j"|j#d|j$dt%d|d|j j&d t'|j j(|t||j)}|j|dk|j j*||j|}|d kr|j+}|j|d j,|j j-|j j.t d nt/||S( NsBuilder type mismatch.s.Algorithm must be a registered hash algorithm.s=MD5 is not a supported hash algorithm for EC/DSA certificatesiR`RaRbRcRisDigest too big for RSA key(0R.RtCertificateBuilderReRCRdRfRHRgRRRktX509_newRiRtbackendt X509_freetX509_set_versiont_versionRmRxtX509_set_subject_nameR0RotX509_set_pubkeyt _public_keyRrR.t_serial_numbertX509_set_serialNumbert_set_asn1_timetX509_get_notBeforet_not_valid_beforetX509_get_notAftert_not_valid_afterRtRuR+t X509_add_extR5tX509_set_issuer_namet _issuer_namet X509_signRRyRzR{R>( RtR|R}RRt x509_certRt serial_numberR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_x509_certificatesZ            cC`sn|jdkr*|jdjd}n|jdjd}|jj||}|j|dkdS(Nis %Y%m%d%H%M%SZRs %y%m%d%H%M%SZi(tyeartstrftimeRRktASN1_TIME_set_stringRx(Rtt asn1_timettimetasn1_strR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyRqs cC`sW|jj}|j||jjk|jj||jj}|j|||S(N(Rkt ASN1_TIME_newRxRiR{RtASN1_TIME_freeR(RtRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt_create_asn1_timeys c C`st|tjs!tdnt|tjsBtdnt|tjrvt|tj rvt dn|j |}|j j }|j j|tj j}|j j|d}|j|dk|j j|t||j}|j|dk|j|j}|j j||}|j|dk|j|j}|j j||}|j|dk|jd|jdtd|d|j jd txg|j D]\} |j j!| j"} |j| |j j#k|j j$|| }|j|dkqW|j j%||j&|}|d kr|j'} |j| d j(|j j)|j j*t d nt+||S( NsBuilder type mismatch.s.Algorithm must be a registered hash algorithm.s5MD5 is not a supported hash algorithm for EC/DSA CRLsiR`RaRbRcRisDigest too big for RSA key(,R.Rt CertificateRevocationListBuilderReRCRdRfRHRgRRRkt X509_CRL_newRiRRt X509_CRL_freetX509_CRL_set_versionRxtX509_CRL_set_issuer_nameR0RRt _last_updatetX509_CRL_set_lastUpdatet _next_updatetX509_CRL_set_nextUpdateRtRuR*tX509_CRL_add_extR5t_revoked_certificatestCryptography_X509_REVOKED_dupt _x509_revokedR{tX509_CRL_add0_revokedt X509_CRL_signRrRRyRzR{R?( RtR|R}RRtx509_crlRt last_updatet next_updatet revoked_certtrevokedR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_x509_crlsX            c C`sxt|D]\}}|j||}|j||jjk|rh|jj||jj}n||||} |j| dkq WdS(Ni(t enumeratet_create_x509_extensionRxRiR{RRkR[( RtR`RaRbRcRtit extensiontx509_extensionR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyRts  cC`sCt||jj}|jj|jj||jr9dnd|S(Nii(R1toidt dotted_stringRktX509_EXTENSION_create_by_OBJRiR{tcritical(RtRRmtobj((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt_create_raw_x509_extensions c C`st|jtjr:t||jj}|j||St|jtjrtg|jD]}|j^q\j}t||}|j||St|jtj rt j j j}t||}|j||Sy||j }Wn)tk rtdj|j nX|||j}|jj|j jjd}tj||jjk|jj||jrdnd|SdS(NsExtension not supported: {}Rii(R.RmRtUnrecognizedExtensionR/Rt TLSFeatureRtdumpt PrecertPoisont asn1cryptotcoretNullRRtNotImplementedErrorRRkt OBJ_txt2nidRRRRxt NID_undeftX509V3_EXT_i2dR( RtRaRRmRPtasn1Rt ext_structtnid((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyRs,+   c C`st|tjs!tdn|jj}|j||jjk|jj ||jj }t ||j }|jj ||}|j|dk|j|j}|jj||}|j|dk|jd|jdtd|d|jjdtt|d|S(NsBuilder type mismatch.iR`RaRbRcR(R.RtRevokedCertificateBuilderReRktX509_REVOKED_newRxRiR{RtX509_REVOKED_freeR.RtX509_REVOKED_set_serialNumberRt_revocation_datetX509_REVOKED_set_revocationDateRtRuR)tX509_REVOKED_add_extR5RAR(RtR|t x509_revokedRRtrev_date((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_x509_revoked_certificates&     cC`s|j|jj|j||S(N(t _load_keyRktPEM_read_bio_PrivateKeyR+(RtR tpassword((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_pem_private_keys  cC`s5|j|}|jj|j|jj|jj|jj}||jjkry|jj||jj}|j|S|j |jj |j}|j |dk|jj |j|jj|jj|jj}||jjkr'|jj||jj }|j|}t|||S|jdS(Ni(RRktPEM_read_bio_PUBKEYRbRiR{RRR,Rt BIO_resetRxtPEM_read_bio_RSAPublicKeyRRR9t_handle_key_loading_error(RtR tmem_bioRRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_pem_public_keys  '   'cC`s|j|}|jj|j|jj|jj|jj}||jjkry|jj||jj}t||S|j dS(N( RRktPEM_read_bio_DHparamsRbRiR{RR%RR(RtR RR*((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_pem_parameters7s ' cC`sW|j|}|j||}|r4|j|S|j|jj|j||SdS(N(Rt"_evp_pkey_from_der_traditional_keyR+RRktd2i_PKCS8PrivateKey_bio(RtR RRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_der_private_keyBs  cC`s||jj|j|jj}||jjkrj|jj||jj}|dk rftdn|S|j dSdS(Ns4Password was given but private key is not encrypted.( Rktd2i_PrivateKey_bioRbRiR{RRRReR(RtRRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyRUs   cC`s|j|}|jj|j|jj}||jjkrg|jj||jj}|j|S|j |jj |j}|j |dk|jj |j|jj}||jjkr|jj||jj }|j|}t|||S|jdS(Ni(RRktd2i_PUBKEY_bioRbRiR{RRR,RRRxtd2i_RSAPublicKey_bioRRR9R(RtR RRRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_der_public_keycs   cC`s|j|}|jj|j|jj}||jjkrg|jj||jj}t||S|jj r|j |jj |j}|j |dk|jj |j|jj}||jjkr|jj||jj}t||Sn|jdS(Ni(RRktd2i_DHparams_bioRbRiR{RR%RRqRRRxtCryptography_d2i_DHxparams_bioR(RtR RR*R((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_der_parameterszs      cC`s|j|}|jj|j|jj|jj|jj}||jjkrj|jtdn|jj||jj }t ||S(NswUnable to load certificate. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details.( RRktPEM_read_bio_X509RbRiR{RRRRR>(RtR RR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_pem_x509_certificates '  cC`s|j|}|jj|j|jj}||jjkrX|jtdn|jj||jj }t ||S(NsUnable to load certificate( RRkt d2i_X509_bioRbRiR{RRRRR>(RtR RR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_der_x509_certificates cC`s|j|}|jj|j|jj|jj|jj}||jjkrj|jtdn|jj||jj }t ||S(NsoUnable to load CRL. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details.( RRktPEM_read_bio_X509_CRLRbRiR{RRRRR?(RtR RR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_pem_x509_crls '  cC`s|j|}|jj|j|jj}||jjkrX|jtdn|jj||jj }t ||S(NsUnable to load CRL( RRktd2i_X509_CRL_bioRbRiR{RRRRR?(RtR RR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_der_x509_crls cC`s|j|}|jj|j|jj|jj|jj}||jjkrj|jtdn|jj||jj }t ||S(NssUnable to load request. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details.( RRktPEM_read_bio_X509_REQRbRiR{RRRRiR@(RtR RR~((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_pem_x509_csrs '  cC`s|j|}|jj|j|jj}||jjkrX|jtdn|jj||jj }t ||S(NsUnable to load request( RRktd2i_X509_REQ_bioRbRiR{RRRRiR@(RtR RR~((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_der_x509_csrs c C`s|j|}|jjd}|dk rjtjd||jj|}||_t||_ n||j |jj |jj |j jd|}||jj kr6|jdkr)|j} |j| |jdkrtdq3|jdks ttdj|jd q6|jn|jj||j j}|dk r{|jdkr{td n|dk r|jd ks|dkst||S( NsCRYPTOGRAPHY_PASSWORD_DATA *RtCryptography_pem_password_cbiis3Password was not given but private key is encryptedisAPasswords longer than {} bytes are not supported by this backend.is4Password was given but private key is not encrypted.(RRiRRRt_check_byteslikeRRRRRbR{R]RkR^terrorRRxReRRRtmaxsizeRRRtcalled( Rttopenssl_read_funct convert_funcR RRtuserdatat password_ptrRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyRs@          c`s<j}|s!tdn|djjjjjse|djjjjjrttdn|djjjjjs|djjj jj rt dt j nktfd|Drtdn@|djjjjj jjfks,ttddS(NsCould not deserialize key data.is Bad decrypt. Incorrect password?s0PEM data is encrypted with an unsupported cipherc3`s-|]#}|jjjjjVqdS(N(RyRkt ERR_LIB_EVPt'EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM(t.0R(Rt(sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pys )ss!Unsupported public key algorithm.(RRRyRkRtEVP_R_BAD_DECRYPTtERR_LIB_PKCS12t!PKCS12_R_PKCS12_CIPHERFINAL_ERRORtEVP_R_UNKNOWN_PBE_ALGORITHMt ERR_LIB_PEMtPEM_R_UNSUPPORTED_ENCRYPTIONRRtUNSUPPORTED_CIPHERtanyRjt ERR_LIB_ASN1R(RtR((RtsKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyR s2           cC`sy|j|}Wntk r2|jj}nX|jj|}||jjkr|j}|j||jjkp|dj |jj |jj t S|j||jjk|jj |tSdS(Ni(t_elliptic_curve_to_nidRRkRtEC_GROUP_new_by_curve_nameRiR{RRxRyt ERR_LIB_ECtEC_R_UNKNOWN_GROUPRt EC_GROUP_freeR5(Rttcurvet curve_nidtgroupR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytelliptic_curve_supported9s     cC`s#t|tjstS|j|S(N(R.RFtECDSARR(Rttsignature_algorithmR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt,elliptic_curve_signature_algorithm_supportedPscC`s|j|rb|j|}|jj|}|j|dk|j|}t|||Stdj|j t j dS(s@ Generate a new private key on the named curve. is#Backend object does not support {}.N( Rt_ec_key_new_by_curveRktEC_KEY_generate_keyRxt_ec_cdata_to_evp_pkeyR"RRRRtUNSUPPORTED_ELLIPTIC_CURVE(RtRR)RR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt#generate_elliptic_curve_private_keyYscC`s|j}|j|j}|jj|j|j|jj}|jj ||}|j |dk|j ||j |j }|j|}t|||S(Ni(RRRRiRRt private_valueRkt BN_clear_freetEC_KEY_set_private_keyRxt)_ec_key_set_public_key_affine_coordinatesRPRORR"(RtRtpublicR)R"RR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt#load_elliptic_curve_private_numbersms  cC`sL|j|j}|j||j|j}|j|}t|||S(N(RRR%RPRORR#(RtRR)R((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt"load_elliptic_curve_public_numberss c C`s%|j|}|jj|}|j||jjk|jj|}|j||jjk|jj||jj}|j P}|jj |||t ||}|dkr|j t dnWdQX|jj||}|j|dk|j|}t|||S(Nis(Invalid public bytes for the given curve(RRktEC_KEY_get0_groupRxRiR{t EC_POINT_newRt EC_POINT_freet _tmp_bn_ctxtEC_POINT_oct2pointRRRtEC_KEY_set_public_keyRR#( RtRt point_bytesR)Rtpointtbn_ctxRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt load_elliptic_curve_public_bytess    c C`s|j|}|j|\}}|jj|}|j||jjk|jj||jj}|j |}|jj||jj }|j }|jj ||||jj|jj|} |j| dk|jj |} |jj |} |||| | |} |j| dkWdQX|jj||} |j| dk|j |} |jj| |jj } |jj|| } |j| dk|j|} t||| S(Ni(Rt _ec_key_determine_group_get_funcRkR*RxRiR{RR+RR#R,t EC_POINT_mult BN_CTX_getR.R$RR"(RtR"RR)tget_funcRR0RmR1Rtbn_xtbn_ytprivateR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt!derive_elliptic_curve_private_keys.cC`sS|j|}|jj|}|j||jjk|jj||jjS(N(RRktEC_KEY_new_by_curve_nameRxRiR{RR#(RtRRR)((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyRscC`s|j|}|jj|j|jj}||jjkrX|jtdn|jj||jj }t ||S(NsUnable to load OCSP request( RRktd2i_OCSP_REQUEST_bioRbRiR{RRRtOCSP_REQUEST_freeR4(RtR Rtrequest((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_der_ocsp_requests cC`s|j|}|jj|j|jj}||jjkrX|jtdn|jj||jj }t ||S(NsUnable to load OCSP response( RRktd2i_OCSP_RESPONSE_bioRbRiR{RRRtOCSP_RESPONSE_freeR5(RtR Rtresponse((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_der_ocsp_responses c C`s|jj}|j||jjk|jj||jj}|j\}}}|j|}|jj ||j |j }|j||jjk|jj ||}|j||jjk|j d|j dtd|d|jjdtt||S(NR`RaRbRcR(RktOCSP_REQUEST_newRxRiR{RR=t_requestRtOCSP_cert_to_idt_x509tOCSP_request_add0_idRtRuR-tOCSP_REQUEST_add_extR5R4( RtR|tocsp_reqtcerttissuerRRtcertidtonereq((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_ocsp_requests"    c C`s|jj}|j||jjk|jj||jj}|j|jj }|jj ||jj j |jj j }|j||jjk|jj||jj}|jjdkrd}nt|jj}|jjdkr|jj}n|j|jj}|jj} |jjdk rM|j|jj} n|j|jj} |jj|||jjj||| | } |j| |jjk|j|}|j\} } |jj}| tjjkr||jjO}n|jdk rHx?|jD]1}|jj ||j } |j| dkqWn|j!d|j"dt#d|d|jj$dt%|jj&|| j |j'||jj|} | dkr|j(}|j|dj)|jj*|jj+t,d n|S( NiiR`RaRbRcRis,responder_cert must be signed by private_key(-RktOCSP_BASICRESP_newRxRiR{RtOCSP_BASICRESP_freeRt _responseR7RFt_certRGt_issuertOCSP_CERTID_freet_revocation_reasonRRt_revocation_timeRRt _this_updatetOCSP_basic_add1_statust _cert_statusRmt _responder_idt OCSP_NOCERTSR`tOCSPResponderEncodingtHASHtOCSP_RESPID_KEYt_certstOCSP_basic_add1_certRtRuR,tOCSP_BASICRESP_add_extR5tOCSP_basic_signRrRRyt ERR_LIB_X509tX509_R_KEY_VALUES_MISMATCHR(RtR|R}RtbasicRRMtreasontrev_timeRt this_updateRtresponder_certtresponder_encodingtflagsRKR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt_create_ocsp_basic_responsest                cC`s|tjjkr*|j|||}n |jj}|jj|j|}|j ||jjk|jj ||jj }t ||S(N( R`tOCSPResponseStatust SUCCESSFULRmRiR{RktOCSP_response_createRmRxRRAR5(Rttresponse_statusR|R}RRft ocsp_resp((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_ocsp_response<s  cC`s|j|ot|tjS(N(RR.RFtECDH(RtRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt+elliptic_curve_exchange_algorithm_supportedLscC`s8|j}|jj||}|j|dk|S(Ni(RRktEVP_PKEY_set1_EC_KEYRx(RtR)RR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyRRs cC`s{idd6dd6}|j|j|j}|jj|j}||jjkrwtdj|jtj n|S(s/ Get the NID for a curve name. t prime192v1t secp192r1t prime256v1t secp256r1s${} is not a supported elliptic curve( tgetRRkt OBJ_sn2nidRRRRRR (RtRt curve_aliasest curve_nameR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyRXs cc`st|jj}|j||jjk|jj||jj}|jj|z |VWd|jj|XdS(N( Rkt BN_CTX_newRxRiR{Rt BN_CTX_freet BN_CTX_startt BN_CTX_end(RtR1((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyR,ls cC`s|j||jjk|jjd}|j||jjk|jj|}|j||jjk|jj|}|j||jjk|jj|}|j||jjk||kr|jj r|jj }n |jj }|st ||fS(su Given an EC_KEY determine the group and what function is required to get point coordinates. scharacteristic-two-field( RxRiR{RkR|RR)tEC_GROUP_method_oftEC_METHOD_get_field_typetCryptography_HAS_EC2Mt$EC_POINT_get_affine_coordinates_GF2mt#EC_POINT_get_affine_coordinates_GFpR(RtR>t nid_two_fieldRtmethodRR6((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyR3ws  cC`s|dks|dkr'tdn|jj|j||jj}|jj|j||jj}|jj|||}|dkr|jtdn|S(sg Sets the public key point in the EC_KEY context to the affine x and y values. is2Invalid EC key. Both x and y must be non-negative.isInvalid EC key.(RRiRRRkRt(EC_KEY_set_public_key_affine_coordinatesR(RtR>RPROR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyR%s $$  cC`st|tjs!tdn|tjjkrBtdn|tjjkrctdn|tjjkrtdnt|tjstdnt|tj rd}d}|j j }nct|tj r)|j jd}|j}t|}|d kr5td q5n td |j j|} |tjjkr|tjjkr|j j} |} q|tjjkst| |j jkr|j j} nE| |j jkr|j j} n$| |j jkst|j j} |} n|tjjkr|tjjkr\t|tj sLtd n|j| |S|tjjkstt|j j} |} n td |j } | | | ||||j j |j j } |j!| dk|j"| S(Ns2format must be an item from the PrivateFormat enums-X9.62 format is only valid for EC public keyss/raw format is invalid with this key or encodings/raw encoding is invalid with this key or formatsBEncryption algorithm must be a KeySerializationEncryption instancetis aes-256-cbcisBPasswords longer than 1023 bytes are not supported by this backendsUnsupported encryption typesDEncryption is not supported for DER encoded traditional OpenSSL keyss-encoding must be Encoding.PEM or Encoding.DERi(#R.RDt PrivateFormatRetEncodingtX962RtRawtKeySerializationEncryptiont NoEncryptionRiR{tBestAvailableEncryptionRktEVP_get_cipherbynameRRRtPEMtPKCS8tPEM_write_bio_PKCS8PrivateKeytTraditionalOpenSSLRRtPEM_write_bio_RSAPrivateKeyRtPEM_write_bio_DSAPrivateKeyR!tPEM_write_bio_ECPrivateKeytDERt"_private_key_bytes_traditional_derti2d_PKCS8PrivateKey_bioRRxR(RttencodingRtencryption_algorithmRtcdataRtpasslenRR't write_bioRRbR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt_private_key_bytess|                    cC`s||jjkr!|jj}nF||jjkrB|jj}n%|j||jjk|jj}|j}|||}|j|dk|j |S(Ni( RkRti2d_RSAPrivateKey_bioR!ti2d_ECPrivateKey_bioRxRti2d_DSAPrivateKey_bioRR(RtR'RRRbR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyRs  c C`st|tjs!tdn|tjjtjjfkrNtdn|tjjkrotdn|tjjkrtdn|tjj ks|tjj kr|tjj k s|tjj k rtdn|j |S|tjj krT|tjj kr'|j j}n$|tjjks?t|j j}|}n|tjjkr|j j||j jkst|tjj kr|j j}n$|tjjkst|j j}|}n td|j}|||}|j|dk|j|S(Ns/encoding must be an item from the Encoding enums-Point formats are not valid for this key types/raw format is invalid with this key or encodings/raw encoding is invalid with this key or formats1OpenSSH format must be used with OpenSSH encodings1format must be an item from the PublicFormat enumi(R.RDRRet PublicFormattUncompressedPointtCompressedPointRRtOpenSSHt_openssh_public_key_bytestSubjectPublicKeyInfoRRktPEM_write_bio_PUBKEYRRti2d_PUBKEY_biotPKCS1RRtPEM_write_bio_RSAPublicKeyti2d_RSAPublicKey_bioRRxR( RtRRRRRRRbR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt_public_key_bytessF     $    cC`st|tjrX|j}dtjtjdtj|j tj|j St|t j r|j}|j }dtjtjdtj|jtj|jtj|jtj|jSt|tjr0|jtjjtjj}dtjtjdtj|St|tjr|j}y5idtj6dtj6d tj6t|j}Wnt k rt!d nX|jtjj"tjj#}d |d tjtjd |tj|tj|St!d dS(Nsssh-rsa sssh-rsasssh-dss sssh-dsss ssh-ed25519 s ssh-ed25519tnistp256tnistp384tnistp521sZOnly SECP256R1, SECP384R1, and SECP521R1 curves are supported by the SSH public key formats ecdsa-sha2-t s3OpenSSH encoding is not supported for this key type($R.RHt RSAPublicKeyRtbase64t b64encodeR_t_ssh_write_stringt_ssh_write_mpintRRREt DSAPublicKeyRNRRRIRORGtEd25519PublicKeyt public_bytesRDRRRRFtEllipticCurvePublicKeyt SECP256R1t SECP384R1t SECP521R1RRRRRR(RtRRRNt raw_bytesR~R0((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyRQsH     <         cC`s+|tjjkr!tdn|jjd}|jj||jj||jj|tjj kr|d|jjkr|jj }q|jj }nR|tjj kr|d|jjkr|jj }q|jj}n td|j}|||}|j|dk|j|S(Ns!OpenSSH encoding is not supporteds BIGNUM **is/encoding must be an item from the Encoding enumi(RDRRReRiRRkt DH_get0_pqgR{RtPEM_write_bio_DHxparamstPEM_write_bio_DHparamsRtCryptography_i2d_DHxparams_bioti2d_DHparams_bioRRxR(RtRRRRRRbR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt_parameter_bytess*      cC`s|dkrtdn|dkr6tdn|jj}|j||jjk|jj||jj}|jj||||jj}|j|dkt ||S(Nis%DH key_size must be at least 512 bitsiisDH generator must be 2 or 5i(ii( RRktDH_newRxRiR{RR%tDH_generate_parameters_exR(Rtt generatorRtdh_param_cdataR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytgenerate_dh_parameterss   cC`s8|j}|jj||}|j|dk|S(Ni(RRktEVP_PKEY_set1_DHRx(RtR*RR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt_dh_cdata_to_evp_pkeys cC`sVt|j|}|jj|}|j|dk|j|}t|||S(Ni(Rt _dh_cdataRktDH_generate_keyRxRR(RtRDt dh_key_cdataRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytgenerate_dh_private_keys cC`s|j|j||S(N(RR(RtRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt&generate_dh_private_key_and_parameterssc C`s|jj}|jj}|j||jjk|jj||jj}|j |j }|j |j }|j dk r|j |j }n |jj}|j |jj}|j |j}|jj||||} |j| dk|jj|||} |j| dk|jjdd} |jj|| } |j| dk| ddkr|j dko| d|jjAdk rtdn|j|} t||| S(Nisint[]iis.DH private numbers did not pass safety checks.(RRNRkRRxRiR{RR%RRRIRRRORPt DH_set0_pqgt DH_set0_keyRtCryptography_DH_checktDH_NOT_SUITABLE_GENERATORRRR( RtRRNR*RRIRRJRKRtcodesR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_dh_private_numberss2    c C`s0|jj}|j||jjk|jj||jj}|j}|j|j }|j|j }|j dk r|j|j }n |jj}|j|j }|jj||||}|j|dk|jj|||jj}|j|dk|j|} t||| S(Ni(RkRRxRiR{RR%RNRRRIRRRORRRR( RtRR*RNRRIRRJRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_dh_public_numberss   cC`s|jj}|j||jjk|jj||jj}|j|j}|j|j }|j dk r|j|j }n |jj}|jj ||||}|j|dkt ||S(Ni(RkRRxRiR{RR%RRRIRRRR(RtRR*RRIRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytload_dh_parameter_numberss cC`s|jj}|j||jjk|jj||jj}|j|}|j|}|dk r|j|}n |jj}|jj ||||}|j|dk|jj dd}|jj ||}|j|dk|ddkS(Nisint[]i( RkRRxRiR{RR%RRRRR(RtRRIRR*RR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytdh_parameters_supported*s  cC`s|jjdkS(Ni(RkRq(Rt((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytdh_x942_serialization_supported@sc`st|}jjd}jj||}j|djjkjj|fd}j|dkjj|d|S(Nsunsigned char **ic`sjj|dS(Ni(RkR(tpointer(Rt(sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyR_IR( R0RiRRkt i2d_X509_NAMERxR{RR(RtRt x509_nametppR((RtsKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytx509_name_bytesCs cC`st|dkr!tdn|j}|jj||jj}tj|dk|jj||t|}tj|dkt ||S(Ni s%An X25519 public key is 32 bytes longi( RRRRktEVP_PKEY_set_typet NID_X25519RRxtEVP_PKEY_set1_tls_encodedpointR;(RtR RR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytx25519_load_public_bytesNs  cC`st|dkr!tdnd}|jdK}||dd+||d)|j|}tjj|j|jj }WdQX|j ||jj k|jj ||jj }|j |jj ||jjkt||S(Ni s&An X25519 private key is 32 bytes longs0.0+en" i0ii(RRt_zeroed_bytearrayRRRkRRbRiR{RxRRRRR:(RtR t pkcs8_prefixtbaRbR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytx25519_load_private_bytes]s  $cC`s|jj||jj}|j||jjk|jj||jj}|jj|}|j|dk|jjd}|jj ||}|j|dk|j|d|jjk|jj|d|jj }|S(Nis EVP_PKEY **i( RktEVP_PKEY_CTX_new_idRiR{RxRtEVP_PKEY_CTX_freetEVP_PKEY_keygen_initRtEVP_PKEY_keygenR(RtRt evp_pkey_ctxRt evp_ppkeyR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt_evp_pkey_keygen_gcscC`s"|j|jj}t||S(N(RRkRR:(RtR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytx25519_generate_keyscC`s |jjS(N(Rkt#CRYPTOGRAPHY_OPENSSL_110_OR_GREATER(Rt((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytx25519_supportedscC`st|dkr!tdn|jj|jj|jj|t|}|j||jjk|jj||jj }t ||S(Ni8s#An X448 public key is 56 bytes long( RRRktEVP_PKEY_new_raw_public_keytNID_X448RiR{RxRRR=(RtR R((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytx448_load_public_bytess $cC`st|dkr!tdn|jj|}|jj|jj|jj|t|}|j||jjk|jj ||jj }t ||S(Ni8s$An X448 private key is 56 bytes long( RRRiRRktEVP_PKEY_new_raw_private_keyRR{RxRRR<(RtR R R((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytx448_load_private_bytess $cC`s"|j|jj}t||S(N(RRkRR<(RtR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytx448_generate_keyscC`s |jj S(N(Rkt"CRYPTOGRAPHY_OPENSSL_LESS_THAN_111(Rt((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytx448_supportedscC`s |jj S(N(Rkt#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B(Rt((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyted25519_supportedscC`stjd|t|tjkr4tdn|jj|jj|j j |t|}|j ||j j k|j j ||jj }t||S(NR s&An Ed25519 public key is 32 bytes long(Rt _check_bytesRRGt_ED25519_KEY_SIZERRkRt NID_ED25519RiR{RxRRR%(RtR R((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyted25519_load_public_bytess $cC`st|tjkr$tdntjd||jj|}|jj |jj |jj |t|}|j ||jj k|jj ||jj}t||S(Ns'An Ed25519 private key is 32 bytes longR (RRGRRRRRiRRkRRR{RxRRR$(RtR R R((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyted25519_load_private_bytess $cC`s"|j|jj}t||S(N(RRkRR$(RtR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyted25519_generate_keyscC`s |jj S(N(RkR(Rt((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyted448_supportedscC`stjd|t|tkr1tdn|jj|jj|jj |t|}|j ||jj k|jj ||jj }t ||S(NR s$An Ed448 public key is 57 bytes long(RRRR&RRkRt NID_ED448RiR{RxRRR((RtR R((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyted448_load_public_bytess $cC`stjd|t|tkr1tdn|jj|}|jj|jj |jj |t|}|j ||jj k|jj ||jj }t||S(NR s%An Ed448 private key is 57 bytes long(RRRR&RRiRRkRRR{RxRRR'(RtR R R((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyted448_load_private_bytess $cC`s"|j|jj}t||S(N(RRkRR'(RtR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyted448_generate_keysc C`s|jjd|}|jj|}|jj|t||t||||tj|| } | dkr|j} |jj s|j | dj |jj |jj p| dj |jj |jjnd||d} tdj| n|jj|S( Nsunsigned char[]iiiiisJNot enough memory to derive key. These parameters require {} MB of memory.i(RiRRRktEVP_PBE_scryptRR^t _MEM_LIMITRRRxRyRtERR_R_MALLOC_FAILUREtEVP_R_MEMORY_LIMIT_EXCEEDEDt MemoryErrorRR( RtRRRRtrRRRRRt min_memory((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt derive_scrypts( !       cC`s+tj|}|jj||jjkS(N(Rt_aead_cipher_nameRkRRiR{(RtRt cipher_name((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytaead_cipher_supported scc`s-t|}z |VWd|j||XdS(s This method creates a bytearray, which we copy data into (hopefully also from a mutable buffer that can be dynamically erased!), and then zero when we're done. N(t bytearrayt _zero_data(RtRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyR s  cC`s%xt|D]}d||t sk_X509_freet sk_X509_numRt sk_X509_valueRxRr(RtR RRbtp12t evp_pkey_ptrtx509_ptrt sk_x509_ptrt password_bufRRKRtadditional_certificatesRRtsk_x509RR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt%load_key_and_certificates_from_pkcs12F sF     cC`s|jjdkS(Ni(RktCryptography_HAS_POLY1305(Rt((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytpoly1305_supportedt scC`s>tjd|t|tkr1tdnt||S(NRsA poly1305 key is 32 bytes long(RRRR6RR7(RtR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_poly1305_ctxw sN(t__name__t __module__t__doc__RRuRxRt contextlibRRRnRRRRRRRRRRRRmRRRRRRRRRRRRRRRRRR+R,R4R;R?RERFRLRQRSRTRCRVRWRYRZRRRRRRtRRRRRRRRRRRRRRRRRRRRR!R'R(R2R:RR?RCRORmRsRuRRR,R3R%RRRRRRRRRRRRRRRRRRRRRRRRRRRRRR R R RRRRRR*R,R-(((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyRd^s            9          "    + +              M S   K              1 -      "   P       _  = 5     0      "               . RcB`seZdZdZRS(cC`s ||_dS(N(t_fmt(Rttfmt((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyRu scC`s:|jjd|d|j}|jj|jdS(NRRR(R2RtlowerRkRR(RtRRRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyt__call__ s!(R.R/RuR5(((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyR s cC`s/dj|jd}|jj|jdS(Ns aes-{}-xtsiR(RRRkRR(RRRR((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyR s(t __future__RRRRt collectionsR1RRtasn1crypto.coreRRt six.movesRt cryptographyRRtcryptography.exceptionsRRt'cryptography.hazmat.backends.interfacesR R R R R RRRRRRRRt$cryptography.hazmat.backends.opensslRt,cryptography.hazmat.backends.openssl.ciphersRt)cryptography.hazmat.backends.openssl.cmacRt0cryptography.hazmat.backends.openssl.decode_asn1RRt'cryptography.hazmat.backends.openssl.dhRRRRt(cryptography.hazmat.backends.openssl.dsaRR R!t'cryptography.hazmat.backends.openssl.ecR"R#t,cryptography.hazmat.backends.openssl.ed25519R$R%t*cryptography.hazmat.backends.openssl.ed448R&R'R(t0cryptography.hazmat.backends.openssl.encode_asn1R)R*R+R,R-R.R/R0R1t+cryptography.hazmat.backends.openssl.hashesR2t)cryptography.hazmat.backends.openssl.hmacR3t)cryptography.hazmat.backends.openssl.ocspR4R5t-cryptography.hazmat.backends.openssl.poly1305R6R7t(cryptography.hazmat.backends.openssl.rsaR8R9t+cryptography.hazmat.backends.openssl.x25519R:R;t)cryptography.hazmat.backends.openssl.x448R<R=t)cryptography.hazmat.backends.openssl.x509R>R?R@RAt$cryptography.hazmat.bindings.opensslRBtcryptography.hazmat.primitivesRCRDt)cryptography.hazmat.primitives.asymmetricRERFRGRHt1cryptography.hazmat.primitives.asymmetric.paddingRIRJRKRLt1cryptography.hazmat.primitives.ciphers.algorithmsRMRNRORPRQRRRSRTRUt,cryptography.hazmat.primitives.ciphers.modesRVRWRXRYRZR[R\R]t"cryptography.hazmat.primitives.kdfR^t,cryptography.hazmat.primitives.serializationR_tcryptography.x509R`t namedtupleRatregister_interfacetregister_interface_ifRfRjtCryptography_HAS_SCRYPTtobjectRdRRR(((sKlib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.pyts      X"@"""@:            :