o 㕢h@sddlmZddlZddlZddlZddlZddlmZmZddl m Z ddl m Z ddl mZddlmZddlmZdd lmZmZdd lmZdd lmZdd lmZdd lmZmZmZm Z ddl!m"Z"ddl#m$Z$ddl%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1ddl2m3Z3m4Z4m5Z5m6Z6m7Z7m8Z8m9Z9m:Z:m;Z;ddlZ>m?Z?m@Z@mAZAeBdddgZCGdddZDGdddZEGdddZFd!dd ZGeEZHdS)") annotationsN)utilsx509)UnsupportedAlgorithm)aead)_CipherContext)openssl)binding)hashes serialization)AsymmetricPadding)ec)r)MGF1OAEPPSSPKCS1v15)PrivateKeyTypes)CipherAlgorithm) AESAES128AES256ARC4SM4CamelliaChaCha20 TripleDES_BlowfishInternal_CAST5Internal _IDEAInternal _SEEDInternal) CBCCFBCFB8CTRECBGCMOFBXTSMode)PBESPKCS12CertificatePKCS12KeyAndCertificatesPKCS12PrivateKeyTypes_PKCS12CATypes _MemoryBIObiochar_ptrc@s eZdZdS)_RC2N)__name__ __module__ __qualname__r5r5d/var/www/html/zoom/venv/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/backend.pyr1Gsr1c @seZdZUdZdZhdZded<efZe j e j e j e j e je je je je je je je jf ZejejejejfZdZdZdd>ZdZ de >Z!dd d Z"dddZ# ddddZ$dddZ%dddZ&dddZ'dd d!Z(dd"d#Z)dd$d%Z*dd&d'Z+dd(d)Z,dd*d+Z-dd0d1Z.dd2d3Z/dd4d5Z0dd7d8Z1dd9d:Z2dd;d<Z3dd>d?Z4ddBdCZ5ddGdHZ6dIdJZ7ddKdLZ8ddMdNZ9ddQdRZ:ddSdTZ;ddUdVZdd^d_Z?ddadbZ@ddedfZAddhdiZBddldmZCddpdqZDddsdtZEddudvZFddwdxZGddydzZHdd{d|ZIdd}d~ZJdddZKdddZLdddZMeNjOddZPdddZQdddZRdddZSdddZTdddZUdS)Backendz) OpenSSL API binding interfaces. r> aes-128-ccm aes-128-gcm aes-192-ccm aes-192-gcm aes-256-ccm aes-256-gcmztyping.ClassVar[set[bytes]] _fips_aeadiireturnNonecCs:t|_|jj|_|jj|_t|_ i|_ | dSN) r Binding_bindingffi_ffilib_lib rust_opensslis_fips_enabled _fips_enabled_cipher_registry_register_default_ciphersselfr5r5r6__init__}s     zBackend.__init__strcCsd||jtjS)Nz3)formatopenssl_version_textrKrI_legacy_provider_loadedrNr5r5r6__repr__s zBackend.__repr__Nokboolerrors&list[rust_openssl.OpenSSLError] | NonecCstj||dS)N)rX)r _openssl_assert)rOrVrXr5r5r6openssl_assertszBackend.openssl_assertcCs$|jts Jt|_dSrB)rD _enable_fipsrIrJrKrNr5r5r6r\s  zBackend._enable_fipscCs|j|j|jjdS)z Friendly string name of the loaded OpenSSL library. This is not necessarily the same version as it was compiled against. Example: OpenSSL 1.1.1d 10 Sep 2019 ascii)rFstringrHOpenSSL_versionOPENSSL_VERSIONdecoderNr5r5r6rSs zBackend.openssl_version_textintcCs |jSrB)rHOpenSSL_version_numrNr5r5r6openssl_version_number zBackend.openssl_version_number algorithmhashes.HashAlgorithmcCsB|jdvr|j|jdd}n|jd}|j|}|S)N)blake2bblake2sr])name digest_sizeencoderHEVP_get_digestbyname)rOrfalgevp_mdr5r5r6_evp_md_from_algorithms   zBackend._evp_md_from_algorithmcCs ||}|||jjk|SrB)rqr[rFNULLrOrfrpr5r5r6_evp_md_non_null_from_algorithms z'Backend._evp_md_non_null_from_algorithmcCs,|jr t||js dS||}||jjkSNF)rK isinstance _fips_hashesrqrFrrrsr5r5r6hash_supporteds  zBackend.hash_supportedcC |jr t|tjr dS||SrurKrvr SHA1rxrOrfr5r5r6signature_hash_supporteds z Backend.signature_hash_supportedcCs|jrdS|jjdkS)NFr?)rKrHCryptography_HAS_SCRYPTrNr5r5r6scrypt_supporteds zBackend.scrypt_supportedcCry)NTrzr|r5r5r6hmac_supporteds zBackend.hmac_supportedcipherrmoder(cCs^|jr t||js dSz |jt|t|f}Wn ty"YdSw||||}|jj|kSru)rKrv _fips_ciphersrLtypeKeyErrorrFrr)rOrradapter evp_cipherr5r5r6cipher_supporteds    zBackend.cipher_supportedcCs6||f|jvrtd|d|d||j||f<dS)NzDuplicate registration for:  .)rL ValueError)rO cipher_clsmode_clsrr5r5r6register_cipher_adapters zBackend.register_cipher_adaptercCstttfD]}ttttttt fD] }| ||t dqqtttttfD] }| t |t dq$ttttfD] }| t |t dq6| t tt d| ttdt |jjrXdnd| ttttttttt fD] }| t|t dqktjs~|jjsttttfD] }| t|t dqttttfD] }| t|t dqtttgttttgD] \}}| ||t d q| ttdt d | ttdt d dSdS) Nz+{cipher.name}-{cipher.key_size}-{mode.name}zdes-ede3-{mode.name}zdes-ede3chachachacha20zsm4-{mode.name}zbf-{mode.name}zseed-{mode.name}z{cipher.name}-{mode.name}rc4rc2) rrrr r#r$r&r!r"r%rGetCipherByNamerrrrrHCRYPTOGRAPHY_IS_LIBRESSLr'_get_xts_cipherrrIrT#CRYPTOGRAPHY_OPENSSL_300_OR_GREATERrr itertoolsproductrrrr1)rOrrr5r5r6rMs     z!Backend._register_default_ciphersrcCt|||tjSrB)r_ENCRYPTrOrrr5r5r6create_symmetric_encryption_ctx8z'Backend.create_symmetric_encryption_ctxcCrrB)r_DECRYPTrr5r5r6create_symmetric_decryption_ctx=rz'Backend.create_symmetric_decryption_ctxcCs ||SrB)rr|r5r5r6pbkdf2_hmac_supportedBrezBackend.pbkdf2_hmac_supportedlist[rust_openssl.OpenSSLError]cCstSrB)rIcapture_error_stackrNr5r5r6_consume_errorsEszBackend._consume_errorspublic_exponentkey_sizecCs|dko |d@dko |dkS)Nr?rir5)rOrrr5r5r6!generate_rsa_parameters_supportedHs  z)Backend.generate_rsa_parameters_supporteddatabytesr.cCsH|j|}|j|t|}|||jjkt|j||jj |S)z Return a _MemoryBIO namedtuple of (BIO, char*). The char* is the storage for the BIO and it must stay alive until the BIO is finished with. ) rF from_bufferrHBIO_new_mem_buflenr[rrr.gcBIO_free)rOrdata_ptrr/r5r5r6 _bytes_to_bioQs zBackend._bytes_to_biocCsP|j}|||jjk|j|}|||jjk|j||jj}|S)z. Creates an empty memory BIO. )rH BIO_s_memr[rFrrBIO_newrr)rO bio_methodr/r5r5r6_create_mem_bio_gc^s  zBackend._create_mem_bio_gccCs\|jd}|j||}||dk||d|jjk|j|d|dd}|S)zE Reads a memory BIO. This only works on memory BIOs. zchar **rN)rFnewrHBIO_get_mem_datar[rrbuffer)rOr/bufbuf_lenbio_datar5r5r6 _read_mem_biois zBackend._read_mem_biocCs4|jr t|tjr dSt|tjtjtjtjtjfSru)rKrvr r{SHA224SHA256SHA384SHA512r|r5r5r6_oaep_hash_supportedtszBackend._oaep_hash_supportedpaddingr cCst|trdSt|tr&t|jtr&|jrt|jjtjrdS| |jjSt|t r>t|jtr>| |jjo=| |jSdS)NTF) rvrr_mgfrrK _algorithmr r{rxrrrOrr5r5r6rsa_padding_supporteds   zBackend.rsa_padding_supportedcCs|jr t|tr dS||Sru)rKrvrrrr5r5r6rsa_encryption_supporteds z Backend.rsa_encryption_supportedcCs|jj o|j SrB)rHCRYPTOGRAPHY_IS_BORINGSSLrKrNr5r5r6 dsa_supportedszBackend.dsa_supportedcCs|sdS||Sru)rr}r|r5r5r6dsa_hash_supporteds zBackend.dsa_hash_supportedcCs||td|jS)N)rr block_sizer|r5r5r6cmac_algorithm_supportedsz Backend.cmac_algorithm_supportedcertx509.Certificate typing.AnycCsT|tjj}||}|j|j|jj }| ||jj k|j ||jj }|SrB) public_bytesr EncodingDERrrH d2i_X509_bior/rFrrr[r X509_free)rOrrmem_biorr5r5r6 _cert2ossls  zBackend._cert2osslx509_ptrcCs4|}|j||}||dkt||SNr?)rrH i2d_X509_bior[rload_der_x509_certificater)rOrr/resr5r5r6 _ossl2certszBackend._ossl2certkeyr,cCs\|tjjtjjt}||}|j |j |j j }| ||j j k|j ||jjSrB) private_bytesr rr PrivateFormatPKCS8 NoEncryptionrrHd2i_PrivateKey_bior/rFrrr[r EVP_PKEY_free)rOrrrevp_pkeyr5r5r6 _key2ossls zBackend._key2ossltyping.NoReturncs|std|djjjjs.|djjjjs.jjr2|djjjj r2tdt fdd|DrAtdtd|)Nz|Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.rz Bad decrypt. Incorrect password?c3s$|] }|jjjjVqdSrB)_lib_reason_matchrH ERR_LIB_EVP'EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM).0errorrNr5r6 s z4Backend._handle_key_loading_error..z!Unsupported public key algorithm.zCould not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).) rrrHrEVP_R_BAD_DECRYPTERR_LIB_PKCS12!PKCS12_R_PKCS12_CIPHERFINAL_ERRORCryptography_HAS_PROVIDERS ERR_LIB_PROVPROV_R_BAD_DECRYPTany)rOrXr5rNr6_handle_key_loading_errors:    z!Backend._handle_key_loading_errorcurveec.EllipticCurvecCs"|jr t||js dStj|Sru)rKrv_fips_ecdh_curvesrIr curve_supported)rOrr5r5r6elliptic_curve_supporteds  z Backend.elliptic_curve_supportedsignature_algorithm"ec.EllipticCurveSignatureAlgorithmcCs4t|tjsdS||ot|jtjp||jSru)rvr ECDSArrf asym_utils Prehashedrx)rOrrr5r5r6,elliptic_curve_signature_algorithm_supporteds   z4Backend.elliptic_curve_signature_algorithm_supportedec.ECDHcCs||o t|tjSrB)rrvr ECDH)rOrfrr5r5r6+elliptic_curve_exchange_algorithm_supported s z3Backend.elliptic_curve_exchange_algorithm_supportedcC |jj SrBrHrrNr5r5r6 dh_supportedrezBackend.dh_supportedcCs |jjdkSr)rHCryptography_HAS_EVP_PKEY_DHXrNr5r5r6dh_x942_serialization_supported z'Backend.dh_x942_serialization_supportedcC|jrdSdSNFTrKrNr5r5r6x25519_supportedzBackend.x25519_supportedcC|jrdS|jj o|jj SrurKrHrrrNr5r5r6x448_supported  zBackend.x448_supportedcCr r r rNr5r5r6ed25519_supported&r zBackend.ed25519_supportedcCrrurrNr5r5r6ed448_supported+rzBackend.ed448_supportedcCs t||SrB)r_aead_cipher_supported)rOrr5r5r6aead_cipher_supported3rzBackend.aead_cipher_supportedlengthcCst|D]}d||<qdS)Nr)range)rOrrir5r5r6 _zero_data6s  zBackend._zero_datac cs~|dur |jjVdSt|}|jd|d}|j|||z|VW||jd||dS||jd||w)a This method takes bytes, which can be a bytestring or a mutable buffer like a bytearray, and yields a null-terminated version of that data. This is required because PKCS12_parse doesn't take a length with its password char * and ffi.from_buffer doesn't provide null termination. So, to support zeroing the data via bytearray we need to build this ridiculous construct that copies the memory, but zeroes it after use. Nzchar[]r?z uint8_t *)rFrrrrmemmovercast)rOrdata_lenrr5r5r6_zeroed_null_terminated_buf=s 2z#Backend._zeroed_null_terminated_bufpassword bytes | NoneNtuple[PrivateKeyTypes | None, x509.Certificate | None, list[x509.Certificate]]cCs2|||}|j|jr|jjnddd|jDfS)NcSsg|]}|jqSr5) certificate)rrr5r5r6 _szABackend.load_key_and_certificates_from_pkcs12..) load_pkcs12rrr!additional_certs)rOrrpkcs12r5r5r6%load_key_and_certificates_from_pkcs12Ts z-Backend.load_key_and_certificates_from_pkcs12r+cCs|dur td|||}|j|j|jj}||jjkr'|t d|j ||jj }|j d}|j d}|j d}| |}|j|||||} Wdn1s\wY| dkrm|t dd} d} g} |d|jjkr|j |d|jj} tjjt|jd| d d } |d|jjkr|j |d|jj}||}d}|j||jj}||jjkr|j|}t||} |d|jjkr;|j |d|jj}|j|d}|jjs|jjrt|}ntt|}|D]@}|j ||}|!||jjk|j ||jj}||}d}|j||jj}||jjkr2|j|}| "t||qt#| | | S) Nrz!Could not deserialize PKCS12 dataz EVP_PKEY **zX509 **zCryptography_STACK_OF_X509 **rzInvalid password or PKCS12 data uintptr_tF)unsafe_skip_rsa_key_validation)$r_check_byteslikerrHd2i_PKCS12_bior/rFrrrrr PKCS12_freerr PKCS12_parserrIkeysprivate_key_from_ptrrbrrrX509_alias_get0r^r* sk_X509_free sk_X509_numrrrreversed sk_X509_valuer[appendr+)rOrrr/p12 evp_pkey_ptrr sk_x509_ptr password_bufrrradditional_certificatesrrcert_objrk maybe_namesk_x509numindicesr addl_cert addl_namer5r5r6r#bst                 zBackend.load_pkcs12rkPKCS12PrivateKeyTypes | Nonex509.Certificate | Nonecaslist[_PKCS12CATypes] | Noneencryption_algorithm(serialization.KeySerializationEncryptioncCsd}|dur td|t|tjrd}d}d} d} |jj} nt|tjrF|jj r2|jj }|jj }n|jj }|jj }d} d} |jj} |j }nst|tj r|jtjjurd}d}d} d} |j }|j} | tjuro|jj }|jj }n| tjur|jj s|td|jj }|jj }n| dusJ|jdur|jjstd||j} || |jjkn|jj} |jdur|j} ntd|dust|dkr|jj} n]|j} |j| |jj} g}|D]J}t|t r |j!}|"|j#}|dur|j$||jjd}n |j$||t|}||dkn|"|}|%||j&| |}t'|dkq|(|q}|(|A}|r9|"|n|jj}|durG|)|n|jj}|j*||||| ||| | d }||jjkrj|+}td |Wdn 1suwY|jjr| |jjkr|j,||d|jjd| | Wdn 1swY|||jjk|j||jj-}|.}|j/||}||dk|0|S) Nrkri Nr?z2PBESv2 is not supported by this version of OpenSSLzBSetting MAC algorithm is not supported by this version of OpenSSL.zUnsupported key encryption typez=Failed to create PKCS12 (does the key match the certificate?))1r _check_bytesrvr rrFrrBestAvailableEncryptionrHrNID_aes_256_cbc&NID_pbe_WithSHA1And3_Key_TripleDES_CBCr_KeySerializationEncryption_formatrPKCS12_key_cert_algorithmr)PBESv1SHA1And3KeyTripleDESCBCPBESv2SHA256AndAES256CBCr _hmac_hashCryptography_HAS_PKCS12_SET_MACrtr[ _kdf_roundsrrsk_X509_new_nullrr0r* friendly_namerr!X509_alias_set1r4 sk_X509_pushbackendrr PKCS12_createrPKCS12_set_macr+ri2d_PKCS12_bior)rOrkrrrCrErnid_certnid_key pkcs12_itermac_itermac_alg keycertalgr<ossl_cascaca_aliasossl_carr8name_buf ossl_cert ossl_pkeyr5rXr/r5r5r6(serialize_key_and_certificates_to_pkcs12s                      + z0Backend.serialize_key_and_certificates_to_pkcs12cCs*|jrdS|jjs |jjrdS|jjdkS)NFTr?)rKrHrrCryptography_HAS_POLY1305rNr5r5r6poly1305_supportedUs zBackend.poly1305_supportedcCrrBrrNr5r5r6pkcs7_supported`rezBackend.pkcs7_supported)r@rA)r@rQrB)rVrWrXrYr@rA)r@rb)rfrg)rfrgr@rW)r@rW)rrrr(r@rW)rrrr(r@r)r@r)rrbrrbr@rW)rrr@r.)r@r)rr r@rW)rrr@r)rrr@r)rr,r@r)rXrr@r)rrr@rW)rrrrr@rW)rfrrrr@rW)rrbr@rA)rrrrr@r )rrrrr@r+) rkrrrArrBrCrDrErFr@r)Vr2r3r4__doc__rkr>__annotations__rrr rrrr SHA512_224 SHA512_256SHA3_224SHA3_256SHA3_384SHA3_512SHAKE128SHAKE256rwr SECP224R1 SECP256R1 SECP384R1 SECP521R1r_fips_rsa_min_key_size_fips_rsa_min_public_exponent_fips_dsa_min_modulus_fips_dh_min_key_size_fips_dh_min_modulusrPrUr[r\rSrdrqrtrxr}rrrrrMrrrrrrrrrrrrrrrrrrrrrrrr rrrrr contextlibcontextmanagerrr&r#rjrlrmr5r5r5r6r7Ks              J               .              L ( r7c@s eZdZdddZdd d Zd S)rfmtrQcCs ||_dSrB)_fmt)rOrr5r5r6rPerezGetCipherByName.__init__rYr7rrrr(cCsd|jj||d}|j|d}||jjkr,|jjr,|j |jj|d|jj}| |S)N)rrr]) rrRlowerrHEVP_get_cipherbynamermrFrrCryptography_HAS_300_EVP_CIPHEREVP_CIPHER_fetchr)rOrYrr cipher_namerr5r5r6__call__hs zGetCipherByName.__call__N)rrQ)rYr7rrrr()r2r3r4rPrr5r5r5r6rds rrYrrcCs$d|jdd}|j|dS)Nzaes-z-xtsr])rrHrrm)rYrrrr5r5r6r}sr)rYr7rr)I __future__r collectionsrrtyping cryptographyrrcryptography.exceptionsr$cryptography.hazmat.backends.opensslr,cryptography.hazmat.backends.openssl.ciphersr"cryptography.hazmat.bindings._rustrrI$cryptography.hazmat.bindings.opensslr cryptography.hazmat.primitivesr r *cryptography.hazmat.primitives._asymmetricr )cryptography.hazmat.primitives.asymmetricr r1cryptography.hazmat.primitives.asymmetric.paddingrrrr/cryptography.hazmat.primitives.asymmetric.typesr&cryptography.hazmat.primitives.ciphersr1cryptography.hazmat.primitives.ciphers.algorithmsrrrrrrrrrrrr,cryptography.hazmat.primitives.ciphers.modesr r!r"r#r$r%r&r'r(3cryptography.hazmat.primitives.serialization.pkcs12r)r*r+r,r- namedtupler.r1r7rrrYr5r5r5r6sB           8,