y;Yc@`s=ddlmZmZmZddlZddlZddlZddlZddlZddl Z ddlm Z ddl Z ddl m Z mZddlmZmZddlmZmZmZmZmZmZmZmZmZmZmZmZmZddl m!Z!m"Z"ddl#m$Z$dd l%m&Z&m'Z'm(Z(dd l)m*Z*m+Z+m,Z,dd l-m.Z.m/Z/dd l0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7dd l8m9Z9ddl:m;Z;ddl<m=Z=m>Z>ddl?m@Z@mAZAmBZBmCZCddlDmEZFddlGmHZHddlImJZJmKZKddlLmMZMmNZNmOZOddlPmQZQmRZRmSZSmTZTddlUmVZVmWZWmXZXmYZYmZZZm[Z[m\Z\m]Z]ddl^m_Z_m`Z`maZambZbmcZcmdZdmeZeejfdddgZgdehfdYZieHjjdddd Zke jlee jlee jlee jlee jlee jlee jlee jlee jlee jlee jlee jlee jmeHjnjojped!ehfd"YZqd#ehfd$YZreqZsdS(%i(tabsolute_importtdivisiontprint_functionN(tcontextmanager(tutilstx509(tUnsupportedAlgorithmt_Reasons( t CMACBackendt CipherBackendtDERSerializationBackendt DHBackendt DSABackendtEllipticCurveBackendt HMACBackendt HashBackendtPBKDF2HMACBackendtPEMSerializationBackendt RSABackendt ScryptBackendt X509Backend(t_AESCTRCipherContextt_CipherContext(t _CMACContext(t _DHParameterst _DHPrivateKeyt _DHPublicKey(t_DSAParameterst_DSAPrivateKeyt _DSAPublicKey(t_EllipticCurvePrivateKeyt_EllipticCurvePublicKey(t$_CRL_ENTRY_EXTENSION_ENCODE_HANDLERSt_CRL_EXTENSION_ENCODE_HANDLERSt_EXTENSION_ENCODE_HANDLERSt_encode_asn1_int_gct_encode_asn1_str_gct_encode_name_gct _txt2obj_gc(t _HashContext(t _HMACContext(t_RSAPrivateKeyt _RSAPublicKey(t _Certificatet_CertificateRevocationListt_CertificateSigningRequestt_RevokedCertificate(tffi(tbinding(thashest serialization(tdsatectrsa(tMGF1tOAEPtPKCS1v15tPSS(tAEStARC4tBlowfishtCAST5tCamelliatIDEAtSEEDt TripleDES(tCBCtCFBtCFB8tCTRtECBtGCMtOFBt _MemoryBIOtbiotchar_ptrt_PasswordUserdatacB`seZdZRS(cC`s||_d|_d|_dS(Ni(tpasswordtcalledtNonet exception(tselfRM((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt__init__Fs  (t__name__t __module__RR(((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRLEssint (char *, int, int, void *)tnametCryptography_pem_password_cbcC`stj|}|jd7_|js:td|_dSt|j|krtj||}|j|t|j*t|jStdj |d|_dSdS(s A pem_password_cb function pointer that copied the password to OpenSSL as required and returns the number of bytes copied. typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); Useful for decrypting PKCS8 files and so on. The userdata pointer must point to a cffi handle of a _PasswordUserdata instance. is4Password was not given but private key is encrypted.isBPasswords longer than {0} bytes are not supported by this backend.iN( t_ffit from_handleRNRMt TypeErrorRPtlentbuffert ValueErrortformat(tbuftsizetwritingtuserdata_handletudtpw_buf((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt_pem_password_cbLs   tBackendcB`s}eZdZdZdZdZdZejdZ dZ dZ dZ d Z d Zd Zd Zd ZdZdZdZdZdZdZdZdZdZdZdadZdZdZdZ dZ!dZ"dZ#dZ$d Z%d!Z&d"Z'd#Z(d$Z)d%Z*d&Z+d'Z,d(Z-d)Z.d*Z/d+Z0d,Z1d-Z2d.Z3d/Z4d0Z5d1Z6d2Z7d3Z8d4Z9d5Z:d6Z;d7Z<d8Z=d9Z>d:Z?d;Z@d<ZAd=ZBd>ZCd?ZDd@ZEdAZFdBZGdCZHdDZIdEZJdFZKdGZLdHZMdIZNdJZOdKZPdLZQdMZRdNZSdOZTdPZUedQZVdRZWdSZXdTZYdUZZdVZ[dWZ\dXZ]dYZ^dZZ_d[Z`d\Zad]Zbd^Zcd_Zdd`ZeRS(bs) OpenSSL API binding interfaces. topensslcC`stj|_|jj|_|jj|_|jjd}|j|dki|_ |j |j t j d|_dS(Ntutf8onlyii(R0tBindingt_bindingR/RWtlibt_libt ASN1_STRING_set_default_mask_asctopenssl_assertt_cipher_registryt_register_default_cipherstactivate_osrandom_enginetsystmaxsizet_scrypt_mem_limit(RQtres((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRRs   cC`stj|j|S(N(R0t_openssl_assertRk(RQtok((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRmscC`sj|jj}||jjkrf|jj||jj|jj|}|j|dkndS(Ni(RktENGINE_get_default_RANDRWtNULLtENGINE_unregister_RANDt RAND_cleanupt ENGINE_finishRm(RQteRt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytactivate_builtin_randoms  cc`s|jj|jj}|j||jjk|jj|}|j|dkz |VWd|jj|}|j|dk|jj |}|j|dkXdS(Ni( Rkt ENGINE_by_idRit_osrandom_engine_idRmRWRxt ENGINE_initt ENGINE_freeR{(RQR|Rt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt_get_osurandom_engines cC`sU|j|j,}|jj|}|j|dkWdQX|jjdS(Ni(R}RRktENGINE_set_default_RANDRmRz(RQR|Rt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRps  c C`s|jjdd}|jG}|jj|dt|||jjd}|j|dkWdQX|jj|j dS(Nschar[]i@tget_implementationitascii( RWtnewRRktENGINE_ctrl_cmdRZRxRmtstringtdecode(RQR^R|Rt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytosrandom_engine_implementations cC`s+|jj|jj|jjjdS(s Friendly string name of the loaded OpenSSL library. This is not necessarily the same version as it was compiled against. Example: OpenSSL 1.0.1e 11 Feb 2013 R(RWRRktOpenSSL_versiontOPENSSL_VERSIONR(RQ((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytopenssl_version_texts cC`st|||S(N(R((RQtkeyt algorithm((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_hmac_ctxscC`s\|jdks|jdkrFdj|j|jdjd}n|jjd}|S(Ntblake2btblake2ss{0}{1}iR(RUR]t digest_sizetencode(RQRtalg((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt_build_openssl_digest_names  cC`s1|j|}|jj|}||jjkS(N(RRktEVP_get_digestbynameRWRx(RQRRUtdigest((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pythash_supportedscC`s |j|S(N(R(RQR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pythmac_supportedscC`s t||S(N(R'(RQR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_hash_ctxscC`s@|j||rtSt|tr8t|tr8tStSdS(N(t_evp_cipher_supportedtTruet isinstanceRER:tFalse(RQtciphertmode((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytcipher_supporteds cC`sZy#|jt|t|f}Wntk r7tSX||||}|jj|kS(N(RnttypetKeyErrorRRWRx(RQRRtadaptert evp_cipher((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRs # cC`sG||f|jkr0tdj||n||j||fRAR<R@t itertoolstproductR=R?R;RRO(RQRR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRosP"    cC`s[t|trAt|trA|j|| rAt|||St|||tjSdS(N(RRER:RRRt_ENCRYPT(RQRR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_symmetric_encryption_ctx6scC`s[t|trAt|trA|j|| rAt|||St|||tjSdS(N(RRER:RRRt_DECRYPT(RQRR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_symmetric_decryption_ctx?scC`s |j|S(N(R(RQR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytpbkdf2_hmac_supportedHsc C`s|jjd|}|jj|jjd}|j||jjk|jj|t ||t |||||}|j|dk|jj |S(Nsunsigned char[]Ri( RWRRkRRURRmRxtPKCS5_PBKDF2_HMACRZR[( RQRtlengthtsaltt iterationst key_materialR^tevp_mdRt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytderive_pbkdf2_hmacKs     cC`stj|jS(N(R0t_consume_errorsRk(RQ((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyR^scC`s||jjksttjr|jj|}|jjd|}|jj||}|j |dkt j |jj || dS|jj |}|j ||jjk|jj|}|jj|t |dSdS(Nsunsigned char[]itbigi(RWRxtAssertionErrortsixtPY3Rkt BN_num_bytesRt BN_bn2binRmtintt from_bytesR[t BN_bn2hexRt OPENSSL_free(RQtbnt bn_num_bytestbin_ptrtbin_lent hex_cdatathex_str((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt _bn_to_intas  cC`sC|d ks$||jjks$t|d kr?|jj}ntjr|jt|jddd}|j j |t ||}|j ||jjk|St |jdjdjdpd}|jjd}||d <|j j||}|j |d k|j |d |jjk|d Sd S( s  Converts a python integer to a BIGNUM. The returned BIGNUM will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. g @iRtLt0xRt0s BIGNUM **iN(RORWRxRRRtto_bytesRt bit_lengthRkt BN_bin2bnRZRmthextrstriptlstripRRt BN_hex2bn(RQtnumRtbinarytbn_ptrthex_numRt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt _int_to_bnts$  &- cC`stj|||jj}|j||jjk|jj||jj}|j |}|jj||jj }|jj ||||jj}|j|dk|j |}t |||S(Ni(R5t_verify_rsa_parametersRktRSA_newRmRWRxtgctRSA_freeRtBN_freetRSA_generate_key_ext_rsa_cdata_to_evp_pkeyR)(RQtpublic_exponenttkey_sizet rsa_cdataRRttevp_pkey((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytgenerate_rsa_private_keys cC`s&|dko%|d@dko%|dkS(Niiii((RQRR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt!generate_rsa_parameters_supportedsc C`stj|j|j|j|j|j|j|jj |jj |j j }|j ||jjk|jj||j j}|j|j}|j|j}|j|j}|j|j}|j|j}|j|j}|j|jj } |j|jj } |j j|||} |j | dk|j j|| | |} |j | dk|j j||||} |j | dk|j j||jj} |j | dk|j|} t||| S(Ni(R5t_check_private_key_componentstptqtdtdmp1tdmq1tiqmptpublic_numbersR|tnRkRRmRWRxRRRtRSA_set0_factorst RSA_set0_keytRSA_set0_crt_paramstRSA_blinding_onRR)( RQtnumbersRRRRRRRR|RRtR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_rsa_private_numberss<  cC`stj|j|j|jj}|j||jjk|jj ||jj }|j |j}|j |j}|jj ||||jj}|j|dk|j |}t|||S(Ni(R5t_check_public_key_componentsR|RRkRRmRWRxRRRRRR*(RQRRR|RRtR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_rsa_public_numberss!cC`sG|jj}|j||jjk|jj||jj}|S(N(Rkt EVP_PKEY_newRmRWRxRt EVP_PKEY_free(RQR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt_create_evp_pkey_gcscC`s8|j}|jj||}|j|dk|S(Ni(RRktEVP_PKEY_set1_RSARm(RQRRRt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRs cC`sk|jjd|}|jj|t|}|j||jjkt|jj||jj |S(s Return a _MemoryBIO namedtuple of (BIO, char*). The char* is the storage for the BIO and it must stay alive until the BIO is finished with. schar[]( RWRRktBIO_new_mem_bufRZRmRxRIRtBIO_free(RQtdatat data_char_pRJ((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt _bytes_to_bios  cC`sr|jj}|j||jjk|jj|}|j||jjk|jj||jj}|S(s. Creates an empty memory BIO. (Rkt BIO_s_memRmRWRxtBIO_newRR(RQt bio_methodRJ((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt_create_mem_bio_gcs cC`su|jjd}|jj||}|j|dk|j|d|jjk|jj|d|}|S(sE Reads a memory BIO. This only works on memory BIOs. schar **i(RWRRktBIO_get_mem_dataRmRxR[(RQRJR^tbuf_lentbio_data((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt _read_mem_bios cC`sl|jj|}||jjkrz|jj|}|j||jjk|jj||jj}t |||S||jj kr|jj |}|j||jjk|jj||jj }t |||S|jjdkr\||jjkr\|jj|}|j||jjk|jj||jj}t|||StddS(sd Return the appropriate type of PrivateKey given an evp_pkey cdata pointer. isUnsupported key type.N(Rkt EVP_PKEY_idt EVP_PKEY_RSAtEVP_PKEY_get1_RSARmRWRxRRR)t EVP_PKEY_DSAtEVP_PKEY_get1_DSAtDSA_freeRtCryptography_HAS_ECt EVP_PKEY_ECtEVP_PKEY_get1_EC_KEYt EC_KEY_freeRR(RQRtkey_typeRt dsa_cdatatec_cdata((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt_evp_pkey_to_private_key s$cC`sl|jj|}||jjkrz|jj|}|j||jjk|jj||jj}t |||S||jj kr|jj |}|j||jjk|jj||jj }t |||S|jjdkr\||jjkr\|jj|}|j||jjk|jj||jj}t|||StddS(sc Return the appropriate type of PublicKey given an evp_pkey cdata pointer. isUnsupported key type.N(RkR R R RmRWRxRRR*R RRRRRRRRR(RQRRRRR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt_evp_pkey_to_public_key$s$cC`std|}t|fS(s Generate a pem_password_cb function pointer that copied the password to OpenSSL as required and returns the number of bytes copied. typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); Useful for decrypting PKCS8 files and so on. Returns a tuple of (cdata function pointer, userdata). RM(RLRd(RQRMtuserdata((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRd?scC`sK|jjr7t|tjtjtjtjtjfSt|tjSdS(N( RktCryptography_HAS_RSA_OAEP_MDRR1tSHA1tSHA224tSHA256tSHA384tSHA512(RQR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt_oaep_hash_supportedSs  cC`s-|jjr|j|St|tjSdS(N(RktCryptography_HAS_MGF1_MDRRR1R(RQR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt_pss_mgf1_hash_supportedas  cC`st|trtSt|trGt|jtrG|j|jjSt|trt|jtr|j |jjo|j |jSt SdS(N( RR8RR9t_mgfR6R"t _algorithmR7R R(RQtpadding((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytrsa_padding_supportedgs!!cC`s|dkrtdn|jj}|j||jjk|jj||jj}|jj|||jjd|jj|jj|jj}|j|dkt ||S(Niii s+Key size must be 1024 or 2048 or 3072 bits.ii(iii ( R\RktDSA_newRmRWRxRRtDSA_generate_parameters_exR(RQRtctxRt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytgenerate_dsa_parametersts  !cC`sx|jj|j}|j||jjk|jj||jj}|jj||j |}t |||S(N( Rkt DSAparams_dupt _dsa_cdataRmRWRxRRtDSA_generate_keyt_dsa_cdata_to_evp_pkeyR(RQt parametersR)R((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytgenerate_dsa_private_keys cC`s|j|}|j|S(N(R*R0(RQRR/((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt'generate_dsa_private_key_and_parametersscC`s]|jj||||}|j|dk|jj|||}|j|dkdS(Ni(Rkt DSA_set0_pqgRmt DSA_set0_key(RQRRRtgtpub_keytpriv_keyRt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt_dsa_cdata_set_valuessc C`stj||jj}|jj}|j||jjk|jj ||jj }|j |j }|j |j }|j |j}|j |jj}|j |j}|j|||||||j|} t||| S(N(R3t_check_dsa_private_numbersRtparameter_numbersRkR'RmRWRxRRRRRR4tytxR7R.R( RQRR9RRRR4R5R6R((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_dsa_private_numberss  c C`stj|j|jj}|j||jjk|jj||jj }|j |jj }|j |jj }|j |jj }|j |j}|jj}|j|||||||j|}t|||S(N(R3t_check_dsa_parametersR9RkR'RmRWRxRRRRRR4R:R7R.R( RQRRRRR4R5R6R((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_dsa_public_numberss cC`stj||jj}|j||jjk|jj||jj}|j |j }|j |j }|j |j }|jj ||||}|j|dkt||S(Ni(R3R=RkR'RmRWRxRRRRRR4R2R(RQRRRRR4Rt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_dsa_parameter_numberss cC`s8|j}|jj||}|j|dk|S(Ni(RRktEVP_PKEY_set1_DSARm(RQRRRt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyR.s cC`s |j|S(N(R(RQR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytdsa_hash_supportedscC`stS(N(R(RQRRR4((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytdsa_parameters_supportedscC`s/|jjdko.|j|td|jS(Nit(RktCryptography_HAS_CMACRRBt block_size(RQR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytcmac_algorithm_supportedscC`s t||S(N(R(RQR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_cmac_ctxsc C`st|tjs!tdn|jjrlt|trKtdnt|trltdqln|jj |j j d}|j ||j jk|jj}|j ||j jk|j j||jj}|jj|tjjj}|j |dk|jj|t||j}|j |dk|j}|jj||j}|j |dk|jj}|j ||j jk|j j||jj}|jd|j dt!d|d |jj"d t#|jj$||}|j |dk|jj%||j|}|d kr|j&} |j | d d|jj'k|j | d d |jj(kt)d nt*||S(Ns.Algorithm must be a registered hash algorithm.saCertificate signing requests aren't implemented for DSA keys on OpenSSL versions less than 1.0.1.s`Certificate signing requests aren't implemented for EC keys on OpenSSL versions less than 1.0.1.Rit extensionsthandlerstx509_objtadd_funcRiisDigest too big for RSA key(+RR1t HashAlgorithmRYRkt"CRYPTOGRAPHY_OPENSSL_LESS_THAN_101RtNotImplementedErrorRRRURRmRWRxt X509_REQ_newRt X509_REQ_freetX509_REQ_set_versionRtVersiontv1tvaluetX509_REQ_set_subject_nameR%t _subject_namet public_keytX509_REQ_set_pubkeyt _evp_pkeytsk_X509_EXTENSION_new_nulltsk_X509_EXTENSION_freet_create_x509_extensionst _extensionsR"tsk_X509_EXTENSION_insertRtX509_REQ_add_extensionst X509_REQ_signRt ERR_LIB_RSAt RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEYR\R-( RQtbuildert private_keyRRtx509_reqRtRWt sk_extensionterrors((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_x509_csrsZ             !c C`sRt|tjs!tdnt|tjsBtdn|jjrt|trlt dnt|t rt dqn|jj |j j d}|j||jjk|jj}|jj|tjj}|jj||jj}|j|dk|jj|t||j}|j|dk|jj||jj}|j|dkt||j}|jj ||}|j|dk|jj!|jj"|t#j$|j%j&}||jjkr |j'n|jj!|jj(|t#j$|j)j&}||jjkr\|j'n|j*d|j+dt,d |d |jj-d t.|jj/|t||j0}|j|dk|jj1||j|}|d krE|j2}|j|d d|jj3k|j|d d |jj4kt5dnt6||S(NsBuilder type mismatch.s.Algorithm must be a registered hash algorithm.s[Certificate signatures aren't implemented for DSA keys on OpenSSL versions less than 1.0.1.sZCertificate signatures aren't implemented for EC keys on OpenSSL versions less than 1.0.1.RiRHRIRJRKRiisDigest too big for RSA key(7RRtCertificateBuilderRYR1RLRkRMRRNRRRURRmRWRxtX509_newRtbackendt X509_freetX509_set_versiont_versionRTtX509_set_subject_nameR%RVtX509_set_pubkeyt _public_keyRYR#t_serial_numbertX509_set_serialNumbert ASN1_TIME_settX509_get_notBeforetcalendarttimegmt_not_valid_beforet timetuplet_raise_time_set_errortX509_get_notAftert_not_valid_afterR\R]R"t X509_add_extRtX509_set_issuer_namet _issuer_namet X509_signRRaRbR\R+( RQRcRdRRt x509_certRtt serial_numberRg((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_x509_certificate-sn                !cC`s^|j}|j|dd|jjk|j|dd|jjktddS(NiiisVInvalid time. This error can occur if you set a time too far in the future on Windows.(RRmRkt ERR_LIB_ASN1tASN1_R_ERROR_GETTING_TIMER\(RQRg((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRzs  !c C`st|tjs!tdnt|tjsBtdn|jjrt|trlt dnt|t rt dqn|jj |j j d}|j||jjk|jj}|jj|tjj}|jj|d}|j|dk|jj|t||j}|j|dk|jj|jjtj|jj}|j||jjk|jj||jj}|jj||}|j|dk|jj|jjtj|j j}|j||jjk|jj||jj}|jj!||}|j|dk|j"d|j#dt$d |d |jj%d t&xg|j'D]\} |jj(| j)} |j| |jjk|jj*|| }|j|dkqW|jj+||j,|}|d kr{|j-} |j| d d|jj.k|j| d d |jj/kt0dnt1||S(NsBuilder type mismatch.s.Algorithm must be a registered hash algorithm.sSCRL signatures aren't implemented for DSA keys on OpenSSL versions less than 1.0.1.sRCRL signatures aren't implemented for EC keys on OpenSSL versions less than 1.0.1.RiRHRIRJRKRiisDigest too big for RSA key(2RRt CertificateRevocationListBuilderRYR1RLRkRMRRNRRRURRmRWRxt X509_CRL_newRRkt X509_CRL_freetX509_CRL_set_versiontX509_CRL_set_issuer_nameR%RRtRvRwt _last_updateRytASN1_TIME_freetX509_CRL_set_lastUpdatet _next_updatetX509_CRL_set_nextUpdateR\R]R!tX509_CRL_add_extRt_revoked_certificatestCryptography_X509_REVOKED_dupt _x509_revokedtX509_CRL_add0_revokedt X509_CRL_signRYRRaRbR\R,( RQRcRdRRtx509_crlRtt last_updatet next_updatet revoked_certtrevokedRg((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_x509_crlsl     $ $        !c C`sxt|D]\}}|j||}|j||jjk|rh|jj||jj}n||||} |j| dkq WdS(Ni(t enumeratet_create_x509_extensionRmRWRxRRktX509_EXTENSION_free( RQRHRIRJRKRtit extensiontx509_extensionRt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyR\s  cC`s.t|jtjr|t||jj}t||jjt|jj}|j j |j j ||j rrdnd|Sy||j}Wn)tk rtdj|jnX|||j}|j j|jjjd}tj||j jk|j j||j r dnd|SdS(NiisExtension not supported: {0}R(RRTRtUnrecognizedExtensionR&toidt dotted_stringR$RZRktX509_EXTENSION_create_by_OBJRWRxtcriticalRRNR]t OBJ_txt2nidRRkRmt NID_undeftX509V3_EXT_i2d(RQRIRtobjRTRt ext_structtnid((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRs(!     c C`sht|tjs!tdn|jj}|j||jjk|jj ||jj }t ||j }|jj ||}|j|dk|jj|jjtj|jj}|j||jjk|jj ||jj}|jj||}|j|dk|jd|jdtd|d|jjdtt|d|S(NsBuilder type mismatch.iRHRIRJRKR(RRtRevokedCertificateBuilderRYRktX509_REVOKED_newRmRWRxRtX509_REVOKED_freeR#RrtX509_REVOKED_set_serialNumberRtRvRwt_revocation_dateRyRtX509_REVOKED_set_revocationDateR\R]R tX509_REVOKED_add_extRR.RO(RQRct x509_revokedRRttrev_date((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytcreate_x509_revoked_certificates.       cC`s|j|jj|j||S(N(t _load_keyRktPEM_read_bio_PrivateKeyR(RQRRM((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_pem_private_key8s  cC`s5|j|}|jj|j|jj|jj|jj}||jjkry|jj||jj}|j|S|j |jj |j}|j |dk|jj |j|jj|jj|jj}||jjkr'|jj||jj }|j|}t|||S|jdS(Ni(RRktPEM_read_bio_PUBKEYRJRWRxRRRRt BIO_resetRmtPEM_read_bio_RSAPublicKeyRRR*t_handle_key_loading_error(RQRtmem_bioRRtR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_pem_public_key@s  '   'cC`sW|j|}|j||}|r4|j|S|j|jj|j||SdS(N(Rt"_evp_pkey_from_der_traditional_keyRRRktd2i_PKCS8PrivateKey_bio(RQRRMRR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_der_private_keyYs  cC`s||jj|j|jj}||jjkrj|jj||jj}|dk rftdn|S|j dSdS(Ns4Password was given but private key is not encrypted.( Rktd2i_PrivateKey_bioRJRWRxRRRORYR(RQRRMR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRls   cC`s|j|}|jj|j|jj}||jjkrg|jj||jj}|j|S|j |jj |j}|j |dk|jj |j|jj}||jjkr|jj||jj }|j|}t|||S|jdS(Ni(RRktd2i_PUBKEY_bioRJRWRxRRRRRRmtd2i_RSAPublicKey_bioRRR*R(RQRRRRtR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_der_public_keyzs   cC`s|j|}|jj|j|jj|jj|jj}||jjkrj|jtdn|jj||jj }t ||S(NsUnable to load certificate( RRktPEM_read_bio_X509RJRWRxRR\RRlR+(RQRRR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_pem_x509_certificates ' cC`s|j|}|jj|j|jj}||jjkrX|jtdn|jj||jj }t ||S(NsUnable to load certificate( RRkt d2i_X509_bioRJRWRxRR\RRlR+(RQRRR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_der_x509_certificates cC`s|j|}|jj|j|jj|jj|jj}||jjkrj|jtdn|jj||jj }t ||S(NsUnable to load CRL( RRktPEM_read_bio_X509_CRLRJRWRxRR\RRR,(RQRRR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_pem_x509_crls ' cC`s|j|}|jj|j|jj}||jjkrX|jtdn|jj||jj }t ||S(NsUnable to load CRL( RRktd2i_X509_CRL_bioRJRWRxRR\RRR,(RQRRR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_der_x509_crls cC`s|j|}|jj|j|jj|jj|jj}||jjkrj|jtdn|jj||jj }t ||S(NsUnable to load request( RRktPEM_read_bio_X509_REQRJRWRxRR\RRPR-(RQRRRe((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_pem_x509_csrs ' cC`s|j|}|jj|j|jj}||jjkrX|jtdn|jj||jj }t ||S(NsUnable to load request( RRktd2i_X509_REQ_bioRJRWRxRR\RRPR-(RQRRRe((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_der_x509_csrs c C`s#|j|}|j|\}}|jj|}||j|jj||} | |jjkr|jdk r|j} |j | |jq|j n|jj | |j j } |dk r|jdkrtdn|dk r|jdks|dkst|| S(Nis4Password was given but private key is not encrypted.i(RRdRWt new_handleRJRxRPRORRmRRRkRRNRYR( RQtopenssl_read_funct convert_funcRRMRt password_cbRRaRRg((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRs*       c`s[j}|s!tdn6|ddjjjjjjfjjjjjjffkrtdn|ddjj jj jj fjjjj jj ffkrtdtjnrtfd|DrtdtjnA|ddjjjj jjfksKttddS(NsCould not unserialize key data.iis Bad decrypt. Incorrect password?s0PEM data is encrypted with an unsupported cipherc3`s:|]0}|djjjjjjfkVqdS(iN(Rkt ERR_LIB_EVPtEVP_F_EVP_PKCS82PKEYt'EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM(t.0terror(RQ(sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pys ss!Unsupported public key algorithm.(RR\RkRtEVP_F_EVP_DECRYPTFINAL_EXtEVP_R_BAD_DECRYPTtERR_LIB_PKCS12tPKCS12_F_PKCS12_PBE_CRYPTt!PKCS12_R_PKCS12_CIPHERFINAL_ERRORt ERR_LIB_PEMtPEM_F_PEM_GET_EVP_CIPHER_INFOtPEM_R_UNSUPPORTED_ENCRYPTIONtEVP_F_EVP_PBE_CIPHERINITtEVP_R_UNKNOWN_PBE_ALGORITHMRRtUNSUPPORTED_CIPHERtanyt UNSUPPORTED_PUBLIC_KEY_ALGORITHMRR(RQRg((RQsP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRs@                  cC`s|jjdkrtSy|j|}Wntk rH|jj}nX|jj|}||jjkr|j }|j ||jjkp|dd|jj |jj |jj fktS|j ||jjk|jj|tSdS(Nii(RkRRt_elliptic_curve_to_nidRRtEC_GROUP_new_by_curve_nameRWRxRRmt ERR_LIB_ECtEC_F_EC_GROUP_NEW_BY_CURVE_NAMEtEC_R_UNKNOWN_GROUPt EC_GROUP_freeR(RQtcurvet curve_nidR)Rg((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytelliptic_curve_supported0s&     cC`s9|jjdkrtSt|tjs,tS|j|S(Ni(RkRRRR4tECDSAR(RQtsignature_algorithmR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt,elliptic_curve_signature_algorithm_supportedKs cC`s|j|r|j|}|jj|}|j||jjk|jj||jj}|jj |}|j|dk|jj |}|j|dk|j |}t |||St dj|jtjdS(s@ Generate a new private key on the named curve. is$Backend object does not support {0}.N(RRRktEC_KEY_new_by_curve_nameRmRWRxRRtEC_KEY_generate_keytEC_KEY_check_keyt_ec_cdata_to_evp_pkeyRRR]RURtUNSUPPORTED_ELLIPTIC_CURVE(RQRRRRtR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt#generate_elliptic_curve_private_keyWscC`s|j}|j|j}|jj|}|j||jjk|jj||jj }|j ||j |j }|jj ||j|j}|j|dk|j|}t|||S(Ni(RRRRkRRmRWRxRRt)_ec_key_set_public_key_affine_coordinatesR;R:tEC_KEY_set_private_keyRt private_valueRR(RQRtpublicRRRtR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt#load_elliptic_curve_private_numbersrs  cC`s|j|j}|jj|}|j||jjk|jj||jj}|j ||j |j }|j |}t |||S(N(RRRkRRmRWRxRRRR;R:RR(RQRRRR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt"load_elliptic_curve_public_numberssc C`s|j|}|jj|}|j||jjk|jj||jj}|j|\}}}|jj |}|j||jjk|jj||jj }|j |} |jj| |jj } |j } |jj||| |jj|jj| } |j| dk|jj| } |jj| } |||| | | } |j| dkWdQX|jj||} |j| dk|jj||j |} |j| dk|j|}t|||S(Ni(RRkRRmRWRxRRt%_ec_key_determine_group_get_set_funcst EC_POINT_newt EC_POINT_freeRRt _tmp_bn_ctxt EC_POINT_mult BN_CTX_gettEC_KEY_set_public_keyRRR(RQRRRRtset_functget_functgrouptpointRTtbn_ctxRttbn_xtbn_yR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt!derive_elliptic_curve_private_keys2 cC`s1|j|o0|jjdko0t|tjS(Ni(RRktCryptography_HAS_ECDHRR4tECDH(RQRR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt+elliptic_curve_exchange_algorithm_supportedscC`s8|j}|jj||}|j|dk|S(Ni(RRktEVP_PKEY_set1_EC_KEYRm(RQRRRt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRs cC`s{idd6dd6}|j|j|j}|jj|j}||jjkrwtdj|jtj n|S(s/ Get the NID for a curve name. t prime192v1t secp192r1t prime256v1t secp256r1s%{0} is not a supported elliptic curve( tgetRURkt OBJ_sn2nidRRRR]RR(RQRt curve_aliasest curve_nameR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRs cc`st|jj}|j||jjk|jj||jj}|jj|z |VWd|jj|XdS(N( Rkt BN_CTX_newRmRWRxRt BN_CTX_freet BN_CTX_startt BN_CTX_end(RQR ((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRs cC`s/|j||jjk|jjd}|j||jjk|jj|}|j||jjk|jj|}|j||jjk|jj|}|j||jjk||kr|jj r|jj }|jj }n|jj }|jj }|r|s"t|||fS(sy Given an EC_KEY determine the group and what methods are required to get/set point coordinates. scharacteristic-two-field(RmRWRxRkRRtEC_KEY_get0_grouptEC_GROUP_method_oftEC_METHOD_get_field_typetCryptography_HAS_EC2Mt$EC_POINT_set_affine_coordinates_GF2mt$EC_POINT_get_affine_coordinates_GF2mt#EC_POINT_set_affine_coordinates_GFpt#EC_POINT_get_affine_coordinates_GFpR(RQR)t nid_two_fieldR tmethodRRR ((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRs    c C`s|dks|dkr'tdn|j|\}}}|jj|}|j||jjk|jj||jj}|j |}|j |} |j } |jj | } |jj | } ||||| | } | dkr|j tdn|||| | | } |j| dk|jj || } | dkrx|j tdn|jj | | } | dkr|j tdnWdQX|jj||} |j| dk|jj|} | dkr|j tdn|S( s This is a port of EC_KEY_set_public_key_affine_coordinates that was added in 1.0.1. Sets the public key point in the EC_KEY context to the affine x and y values. is2Invalid EC key. Both x and y must be non-negative.isEC point not on curvesInvalid EC Key X point.sInvalid EC Key Y point.NsInvalid EC key.(R\RRkRRmRWRxRRRRRRtBN_cmpRR(RQR)R;R:RR R R R RR tcheck_xtcheck_yRt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRsB          cC`st|tjs!tdnt|tjsBtdnt|tjrod}d}|jj}nct|tjr|j j d}|j }t |}|dkrt dqn t d|j j|} |tjjkr|tjjkr|j j} |} qJ|tjjks5t| |j jkrV|j j} n]| |j jkrw|j j} n<|j jd kst| |j jkst|j j} |} n|tjjkr>|tjjkrt|tjst d n|j| |S|tjjks)t|j j} |} n td |j} | | | ||||jj|jj} |j | d k|j!| S( Ns2format must be an item from the PrivateFormat enumsBEncryption algorithm must be a KeySerializationEncryption instancetis aes-256-cbcisBPasswords longer than 1023 bytes are not supported by this backendsUnsupported encryption typeisDEncryption is not supported for DER encoded traditional OpenSSL keyss/encoding must be an item from the Encoding enum("RR2t PrivateFormatRYtKeySerializationEncryptiont NoEncryptionRWRxtBestAvailableEncryptionRktEVP_get_cipherbynameRMRZR\R tEncodingtPEMtPKCS8tPEM_write_bio_PKCS8PrivateKeytTraditionalOpenSSLRR tPEM_write_bio_RSAPrivateKeyR tPEM_write_bio_DSAPrivateKeyRRtPEM_write_bio_ECPrivateKeytDERt"_private_key_bytes_traditional_derti2d_PKCS8PrivateKey_bioRRmR (RQtencodingR]tencryption_algorithmRtcdataRMtpasslenRRt write_bioRRJRt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt_private_key_bytes;sr                    cC`s||jjkr!|jj}nX|jjdkrT||jjkrT|jj}n%|j||jjk|jj}|j }|||}|j|dk|j |S(Ni( RkR ti2d_RSAPrivateKey_bioRRti2d_ECPrivateKey_bioRmR ti2d_DSAPrivateKey_bioRR (RQRR@RBRJRt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyR<s  c C`st|tjs!tdn|tjjksE|tjjkr|tjjk si|tjjk rxtdn|j|S|tjjkr|tjj kr|j j }n$|tjj kst |j j}|}n|tjjkri|j j||j jkst |tjj kr<|j j}n$|tjj ksTt |j j}|}n td|j}|||}|j|dk|j|S(Ns/encoding must be an item from the Encoding enums1OpenSSH format must be used with OpenSSH encodings1format must be an item from the PublicFormat enumi(RR2R3RYt PublicFormattOpenSSHR\t_openssh_public_key_bytestSubjectPublicKeyInfoR4RktPEM_write_bio_PUBKEYR;Rti2d_PUBKEY_biotPKCS1R R tPEM_write_bio_RSAPublicKeyti2d_RSAPublicKey_bioRRmR ( RQR>R]RRR@RBRJRt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt_public_key_bytess8    $    cC`st|tjrX|j}dtjtjdtj|j tj|j St|t j r|j}|j }dtjtjdtj|jtj|jtj|jtj|jSt|tjst|j}y5idtj6dtj6dtj6t|j}Wntk rQtdnXd |d tjtjd |tj|tj|jSdS( Nsssh-rsa sssh-rsasssh-dss sssh-dsstnistp256tnistp384tnistp521sZOnly SECP256R1, SECP384R1, and SECP521R1 curves are supported by the SSH public key formats ecdsa-sha2-t (RR5t RSAPublicKeyRtbase64t b64encodeR2t_ssh_write_stringt_ssh_write_mpintR|RR3t DSAPublicKeyR9RRR4R:R4tEllipticCurvePublicKeyRt SECP256R1t SECP384R1t SECP521R1RRRR\t encode_point(RQRRR9R((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRIs2     <      cC`s|dkrtdn|dkr6tdn|jj}|j||jjk|jj||jj}|jj||||jj}|j|dkt ||S(Nis%DH key_size must be at least 512 bitsiisDH generator must be 2 or 5i(ii( R\RktDH_newRmRWRxRtDH_freetDH_generate_parameters_exR(RQt generatorRtdh_param_cdataRt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytgenerate_dh_parameterss   cC`s{|jj|j}|j||jjk|jj||jj}|jj|}|j|dkt ||S(Ni( Rkt DHparams_dupt _dh_cdataRmRWRxRRatDH_generate_keyR(RQR/t dh_key_cdataRt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytgenerate_dh_private_keys cC`s|j|j||S(N(RjRe(RQRcR((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt&generate_dh_private_key_and_parameters sc C`sb|jj}|jj}|j||jjk|jj||jj}|j |j }|j |j }|j |jj }|j |j }|jj|||jj|}|j|dk|jj|||}|j|dk|jjdd} |jj|| }|j|dk| ddkrUtdnt||S(Nisint[]is.DH private numbers did not pass safety checks.(RR9RkR`RmRWRxRRaRRR4R:R;t DH_set0_pqgt DH_set0_keyRtDH_checkR\R( RQRR9tdh_cdataRR4R5R6Rttcodes((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_dh_private_numberss$ !cC`s|jj}|j||jjk|jj||jj}|j}|j|j }|j|j }|j|j }|jj |||jj|}|j|dk|jj |||jj}|j|dkt||S(Ni(RkR`RmRWRxRRaR9RRR4R:RlRmR(RQRRoR9RR4R5Rt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_dh_public_numbers,s !cC`s|jj}|j||jjk|jj||jj}|j|j}|j|j }|jj |||jj|}|j|dkt ||S(Ni( RkR`RmRWRxRRaRRR4RlR(RQRRoRR4Rt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytload_dh_parameter_numbers?s!cC`s|jj}|j||jjk|jj||jj}|j|}|j|}|jj|||jj|}|j|dk|jj dd}|jj ||}|j|dk|ddkS(Nisint[]i( RkR`RmRWRxRRaRRlRRn(RQRR4RoRtRp((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytdh_parameters_supportedLs!c`st|}jjd}jj||}j|djjkjj|fd}j|dkjj|d|S(Nsunsigned char **ic`sjj|dS(Ni(RkR(tpointer(RQ(sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytcs( R%RWRRkt i2d_X509_NAMERmRxRR[(RQRUt x509_nametppRt((RQsP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytx509_name_bytes]s c C`su|jjd|}|jj|t||t|||||j|| }|j|dk|jj|S(Nsunsigned char[]i(RWRRktEVP_PBE_scryptRZRsRmR[( RQRRRRtrRR^Rt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt derive_scrypths  !N(fRSRTt__doc__RURRRmR}t contextlibRRRpRRRRRRRRRRRoRRRRRRRORRRRRRRRRR RRRdR R"R&R*R0R1R7R<R>R?R.RARBRFRGRhRRzRR\RRRRRRRRRRRRRRRRRRRRRRRRRRRRCR<RPRIReRjRkRqRrRsRtRzR}(((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyReos           3        "                    L ^ X         " ;    '     8 R  , &      RcB`seZdZdZRS(cC`s ||_dS(N(t_fmt(RQtfmt((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRRsscC`s:|jjd|d|j}|jj|jdS(NRRR(RR]tlowerRkR2R(RQRkRRt cipher_name((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyt__call__vs!(RSRTRRR(((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pyRrs (tt __future__RRRRVRvt collectionsRRRqRRt cryptographyRRtcryptography.exceptionsRRt'cryptography.hazmat.backends.interfacesRR R R R R RRRRRRRt,cryptography.hazmat.backends.openssl.ciphersRRt)cryptography.hazmat.backends.openssl.cmacRt'cryptography.hazmat.backends.openssl.dhRRRt(cryptography.hazmat.backends.openssl.dsaRRRt'cryptography.hazmat.backends.openssl.ecRRt0cryptography.hazmat.backends.openssl.encode_asn1R R!R"R#R$R%R&t+cryptography.hazmat.backends.openssl.hashesR't)cryptography.hazmat.backends.openssl.hmacR(t(cryptography.hazmat.backends.openssl.rsaR)R*t)cryptography.hazmat.backends.openssl.x509R+R,R-R.t%cryptography.hazmat.bindings._opensslR/RWt$cryptography.hazmat.bindings.opensslR0tcryptography.hazmat.primitivesR1R2t)cryptography.hazmat.primitives.asymmetricR3R4R5t1cryptography.hazmat.primitives.asymmetric.paddingR6R7R8R9t1cryptography.hazmat.primitives.ciphers.algorithmsR:R;R<R=R>R?R@RAt,cryptography.hazmat.primitives.ciphers.modesRBRCRDRERFRGRHt namedtupleRItobjectRLt ffi_callbackRdtregister_interfacetregister_interface_ifRhRjtCryptography_HAS_SCRYPTReRRk(((sP/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/backend.pytsn       X4"":4 "            :