BwgddlmZmZmZmZddlZddlZddlZddlZddl m Z m Z m Z mZmZmZmZmZmZmZmZmZmZmZmZddlmZmZmZmZmZm Z m!Z!m"Z"m#Z#ddl$m%Z%ddl&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6ddl7m8Z8dd l9m:Z:dd l;mZ>dd l?m@Z@mAZAmBZBmCZCdd lDmEZEmFZFmGZGmHZHmIZImJZJdd lKmLZLejZNeNdeNdfZOe8ZPePdk(rddlQmRZRmSZSmTZTmUZUmVZVddlWmXZYmZZ[m\Z\m]Z^m_Z`nddlambZbmcZcmTZTmdZdmeZegdZfgdZgGddZhGddeheZiGddeheZjGddeheZ dJdZkdZldKdZmd ZndJd!Zod"Zpd#Zqd$Zrd%Zsd&Ztd'Zud(Zvd)Zwd*Zxd+ZydLd,Zzd-Z{dKd.Z|d/Z}dKd0Z~dKd1Zd2Zd3Zd4Zd5Z_dMd6ZdMd7ZdMd8Zd9Zd:Zd;Zd<Z]dMd=ZdMd>ZdMd?ZdMd@ZdMdAZdMdBZdMdCZdMdDZdMdEZdFZdGZdHZdIZy)N)unicode_literalsdivisionabsolute_importprint_functionN) Certificate DHParameters DSAParams DSASignatureECDomainParameters ECPrivateKeyIntegerint_from_bytes int_to_bytesPrivateKeyAlgorithmPrivateKeyInfoPublicKeyAlgorithm PublicKeyInfo RSAPrivateKey RSAPublicKey) _CertificateBase _fingerprint _parse_pkcs12_PrivateKeyBase_PublicKeyBase_unwrap_private_key_infoparse_certificate parse_private parse_public)pretty_message)buffer_from_bytesbuffer_from_unicode byte_arraybytes_from_buffercastderefnativenewnull pointer_setsizeofstruct struct_bytesstruct_from_bufferunwrapwrite_to_buffer)backend) fill_width)AsymmetricKeyErrorIncompleteAsymmetricKeyErrorSignatureError) type_namestr_clsbyte_cls int_types)add_pkcs1v15_signature_paddingadd_pss_paddingraw_rsa_private_cryptraw_rsa_public_crypt!remove_pkcs1v15_signature_paddingverify_pss_padding)constant_compare winlegacy)advapi32 Advapi32Const handle_erroropen_context_handleclose_context_handle)ec_generate_pairec_compute_public_key_pointec_public_key_info ecdsa_sign ecdsa_verify)bcrypt BcryptConstrEopen_alg_handleclose_alg_handle)rdsa_sign dsa_verifyrKrL generate_pairload_certificate load_pkcs12load_private_keyload_public_key parse_pkcs12 PrivateKey PublicKeyrsa_oaep_decryptrsa_oaep_encryptrsa_pkcs1v15_decryptrsa_pkcs1v15_encryptrsa_pkcs1v15_signrsa_pkcs1v15_verify rsa_pss_signrsa_pss_verify(r %)+/5;=CGIOSYaegkmqiii iiiii%i3i7i9i=iKiQi[i]iaigioiui{iiiiiiiiiiiiiiiiiiiiii i ii#i-i3i9i;iAiKiQiWiYi_ieiiikiwiiiiiiiiiiiiiiiiiiiiiiiii)i+i5i7i;i=iGiUiYi[i_imiqisiwiiiiiiiiiiiiiiiiiiii iiii%i'i-i?iCiEiIiOiUi]iciiiiiiiiiiiiiiiiiiiiii i iiiii'i)i/iQiWi]ieiwiiiiiiiiiiiiiiiiiiiiii iiii#i+i/i=iAiGiIiMiSiUi[ieiyiiiiiiiiiiiiiiiiiii iii'i7iEiKiOiQiUiWiaimisiyiiiiiiiiiiiiiiiiiiii!i#i'i)i3i?iAiQiSiYi]i_iiiqiiiiiiiiiiiiiiiii i i i# i% i+ i/ i5 iC iI iM iO iU iY i_ ik iq iw i i i i i i i i i i i i i i i i i i! i1 i9 i= iI iW ia ic ig io iu i{ i i i i i i i i i i i i i i i i i i i i i i i i i# i) i- i? iG iQ iW i] ie io i{ i i i i i i i i i i i i i i i i i i i% i/ i1 iA i[ i_ ia im is iw i i i i i i i i i i i i i i i i i i i i i i! i+ i- i= i? iO iU ii iy i i i i i i i i i i i i i i i i i i i i i iii!i'i/i5i;iKiWiYi]ikiqiui}iiiiiiiiiiiiiiii i ii%i)i1iCiGiMiOiSiYi[igikiiiiiiiiiiiiiiiiiiii!i%i+i9i=i?iQiiisiyi{iiiiiiiiiiiiiiiiii ii'i-i9iEiGiYi_iciiioiiiiiiiiiiiiiiiii iii#i)i+i1i7iAiGiSi_iqisiyi}iiiiiiiiiiiiii ii'i-i7iCiEiIiOiWi]igiiimi{iiiiiiiiiiiiiiiiiiii!i/i3i;iEiMiYikioiqiuiiiiiiiiiiiii iiii%i)i+i7i=iAiCiIi_ieigiki}iiiiiiiiiiiiiii iiiiii%i3i9i=iEiOiUiiimioiuiiiiiiiiiiiiiiiiiii ii#i'i3iAi]iciwi{iiiiiiiiiiiiiiiiiiii5i7i;iCiIiMiUigiqiwi}iiiiiiiiiiiiiiiiiiiiii1i3iEiIiQi[iyiiiiiiiiiiiiiiiiiii!i#i-i/i5i?iMiQiiiki{i}iiiiiiiiiiiiiiiiii#i%i/i1i7i;iAiGiOiUiYieikisiiiiiiiiiiiii iii'i+i-i3i=iEiKiOiUisiiiiiiiiiiiii ii!i#i5i9i?iAiKiSi]iciiiqiui{i}iiiiiiiiiiiiiiiiii iii%i+i/i=iIiMiOimiqiiiiiiiiiiiiiiiii iii9iIiKiQigiui{iiiiiiiiiiiiiiii i i i' i) i- i3 iG iM iQ i_ ic ie ii iw i} i i i i i i i i i i i i i i !i!i5!iA!iI!iO!iY!i[!i_!is!i}!i!i!i!i!i!i!i!i!i!i!i!i!i!i!i!i!i"i "i"i"i!"i%"i+"i1"i9"iK"iO"ic"ig"is"iu"i"i"i"i"i"i"i"i"i"i"i"i"i"i"i#i #i #i'#i)#i/#i3#i5#iE#iQ#iS#iY#ic#ik#i#i#i#i#i#i#i#i#i#i#i#i#i#i#i#i$i $i$i$i)$i=$iA$iC$iM$i_$ig$ik$iy$i}$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i%i%i%i%i'%i1%i=%iC%iK%iO%is%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i&i &i&i&i'&i)&i5&i;&i?&iK&iS&iY&ie&ii&io&i{&i&i&i&i&i&i&i&i&i&i&i&i&i&i&i'i'i5'i7'iM'iS'iU'i_'ik'im'is'iw'i'i'i'i'i'i'i'i'i'i'i'i'i'i(i(i (i(i(i(i!(i1(i=(i?(iI(iQ(i[(i](ia(ig(iu(i(i(i(i(i(i(i(i(i(i(i(i(i)i)i)i!)i#)i?)iG)i])ie)ii)io)iu)i)i)i)i)i)i)i)i)i)i)i)i)i)i)i)i*i*i*i%*i/*iO*iU*i_*ie*ik*im*is*i*i*i*i*i*i*i*i*i*i*i*i*i*i*i+i'+i1+i3+i=+i?+iK+iO+iU+ii+im+io+i{+i+i+i+i+i+i+i+i+i+i+i+i+i+i ,i,i,i#,i/,i5,i9,iA,iW,iY,ii,iw,i,i,i,i,i,i,i,i,i,i,i,i,i,i,i,i-i-i-i;-iC-iI-iM-ia-ie-iq-i-i-i-i-i-i-i-i-i-i-i.i.i.i .i.i.i%.i-.i3.i7.i9.i?.iW.i[.io.iy.i.i.i.i.i.i.i.i.i.i.i.i.i.i.i.i/i /i /i/i'/i)/iA/iE/iK/iM/iQ/iW/io/iu/i}/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i0i 0i#0i)0i70i;0iU0iY0i[0ig0iq0iy0i}0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i1i 1i1i!1i'1i-1i91iC1iE1iK1i]1ia1ig1im1is1i1i1i1i1i1i1i1i1i1i1i1i1i1i 2i2i2i2i)2i52iY2i]2ic2ik2io2iu2iw2i{2i2i2i2i2i2i2i2i2i2i2i2i2i2i2i2i3i%3i+3i/3i53iA3iG3i[3i_3ig3ik3is3iy3i3i3i3i3i3i3i3i3i3i3i3i3i4i4i4i4i4i74iE4iU4iW4ic4ii4im4i4i4i4i4i4i4i4i4i4i4i4i4i4i 5i5i5i-5i35i;5iA5iQ5ie5io5iq5iw5i{5i}5i5i5i5i5i5i5i5i5i5i5i5i5i5i5i6i6i6i#6i16i56i76i;6iM6iO6iS6iY6ia6ik6im6i6i6i6i6i6i6i6i6i6i6i6i7i7i7i7i?7iE7iI7iO7i]7ia7iu7i7i7i7i7i7i7i7i7i7i7i7i8i 8i!8i38i58iA8iG8iK8iS8iW8i_8ie8io8iq8i}8i8i8i8i8i8i8i8i8i8i8i8i8i8i9i9i#9i%9i)9i/9i=9iA9iM9i[9ik9iy9i}9i9i9i9i9i9i9i9i9i9i9i9i9i9i9i9i9i9i:i:i:i:i':i+:i1:iK:iQ:i[:ic:ig:im:iy:i:i:i:i:i:i:i:i:i:i:i:i;i;i;i!;i#;i-;i9;iE;iS;iY;i_;iq;i{;i;i;i;i;i;i;i;i;i;i;i;i;i;i;i;i;i;i<i <i<i<i<i)<i5<iC<iO<iS<i[<ie<ik<iq<i<i<i<i<i<i<i<i<i<i<i<i<i=i =i=i=i=i!=i-=i3=i7=i?=iC=io=is=iu=iy=i{=i=i=i=i=i=i=i=i=i=i=i=i=i>i >i>i>i>i#>i)>i/>i3>iA>iW>ic>ie>iw>i>i>i>i>i>i>i>i>i>i>i>i>i>i>i>i ?i ?i7?i;?i=?iA?iY?i_?ie?ig?iy?i}?i?i?i?i?i?i?i?i?i?i?i?i@i!@i%@i+@i1@i?@iC@iE@i]@ia@ig@im@i@i@i@i@i@i@i@i@i@i@i@i@i Ai AiAiAi!Ai3Ai5Ai;Ai?AiYAieAikAiwAi{AiAiAiAiAiAiAiAiAiAiAiBiBiBiBi#Bi)Bi/BiCBiSBiUBi[BiaBisBi}BiBiBiBiBiBiBiBiBiBiBiBiBiBiCiCiCi%Ci'Ci3Ci7Ci9CiOCiWCiiCiCiCiCiCiCiCiCiCiCiCiCiCiCiCiCiCi Di DiDi#Di)Di;Di?DiEDiKDiQDiSDiYDieDioDiDiDiDiDiDiDiDiDiDiDiDiDiDiEiEiEi+Ei1EiAEiIEiSEiUEiaEiwEi}EiEiEiEiEiEiEiEc(eZdZdZdZdZdZdZdZy)_WinKeyNc`||_||_tdk(r t|_yt |_y)z :param key_handle: A CNG BCRYPT_KEY_HANDLE value (Vista and newer) or an HCRYPTKEY (XP and 2003) from loading/importing the key :param asn1: An asn1crypto object for the concrete type rBN) key_handleasn1_backendrC_librMselfrrs O/var/www/horilla/myenv/lib/python3.12/site-packages/oscrypto/_win/asymmetric.py__init__z_WinKey.__init__s(% { " DIDIcX|jrftdk(r&|jj|j}n%|jj |j}t |d|_|j r%tdk(rt|j d|_d|_y)NrB)rrrCryptDestroyKeyBCryptDestroyKeyrEcontext_handlerG)rress r__del__z_WinKey.__del__s} ??;&ii//@ii00A  "DO   8{#: !4!4 5"&D  r) __name__ __module__ __qualname__rr ex_key_handlerrrrrrrvs$JNM D$ rrc:eZdZdZdZdZedZedZy)rYzM Container for the OS crypto library representation of a private key Nc2tj|||y)z :param key_handle: A CNG BCRYPT_KEY_HANDLE value (Vista and newer) or an HCRYPTKEY (XP and 2003) from loading/importing the key :param asn1: An asn1crypto.keys.PrivateKeyInfo object Nrrrs rrzPrivateKey.__init__ z40rc `tdk(r[|jdk(rFt|j}t dt ||j |_|jS|jdk(r|jdd}ttd|dtt|dj|jd jj|d jd }t||_|jS|jd j}ttd d it|d|ddd }t||_|jSt!|j|j"|j$\}}t||_|jS)z\ :return: A PublicKey object corresponding to this private key. rBecNdsaprivate_key_algorithm parameters algorithmrg private_keypr public_keyrrsamoduluspublic_exponentrr)rr(_pure_python_ec_compute_public_key_pointrrZrJcurve _public_keyrrrpowr'parsedrWr_bcrypt_key_handle_to_asn1bit_sizer)r pub_pointparamspub_asn1r_s rrzPrivateKey.public_keys { "~~%DTYYO #,T3EiQUQ[Q[3\#] JI5( #:;LI(!3%*&,5"#*#s ** -077>>s **+# * $38#< &=188(!3#U5"#/#))#4+12C+D0# *$38#< 5T^^T]]TXTcTcdKHa.x8D rcp|jt|jt|_|jS)aY Creates a fingerprint that can be compared with a public key to see if the two form a pair. This fingerprint is not compatible with fingerprints generated by any other software. :return: A byte string that is a sha256 hash of selected components (based on the key type) )rrrVrs r fingerprintzPrivateKey.fingerprints0    $ ,TYY8H ID    r) rrr__doc__rrpropertyrrrrrrYrYs<K 1. . `!!rrYceZdZdZdZy)rZzL Container for the OS crypto library representation of a public key c2tj|||y)z :param key_handle: A CNG BCRYPT_KEY_HANDLE value (Vista and newer) or an HCRYPTKEY (XP and 2003) from loading/importing the key :param asn1: An asn1crypto.keys.PublicKeyInfo object Nrrs rrzPublicKey.__init__rrN)rrrrrrrrrZrZs  1rrZc>eZdZdZdZdZdZedZedZ y)rzM Container for the OS crypto library representation of a certificate Nc2tj|||y)z :param key_handle: A CNG BCRYPT_KEY_HANDLE value (Vista and newer) or an HCRYPTKEY (XP and 2003) from loading/importing the certificate :param asn1: An asn1crypto.x509.Certificate object Nrrs rrzCertificate.__init__rrcr|j t|jdd|_|jS)zh :return: The PublicKey object for the public key this certificate contains tbs_certificatesubject_public_key_info)rrWrrs rrzCertificate.public_keys9    #.tyy9J/KLe/fgD rcJ|jd|_|jjtddgvr|jdj}|jdj }|dk(rt }n9|dk(rt}n-|dk(rt}n!|dk(rt}nttd | |||jd j|jd j|d |_|jS|jS#t$rY|jSwxYw) zT :return: A boolean - if the certificate is self-signed Fyesmaybesignature_algorithmrsassa_pkcs1v15 rsassa_pssrecdsaz Unable to verify the signature of the certificate since it uses the unsupported algorithm %s signature_valuerT) _self_signedr self_signedsetsignature_algo hash_algor`rbrRrLOSErrorr r'dumpr5)rrr verify_funcs rrzCertificate.self_signed*s0    $ %D yy$$UG,<(==!%+@!A!P!P II&;<FF !%66"5K#|3"0K#u,",K#w.".K!.' #  "34;; "3499;!  )-D%   t   '   s/AD D"!D") rrrrrrrrrrrrrrr s@KL 1  )!)!rrc|tgdvrttdt||dk(r-|tgdvrttdt||dk(rbtdks t dk(r#|d k7r}ttd t||tgd vrPttd t||d k(r-|tgdvrttdt|t dk(r7|d k(r&t |\}}td|td|fSt||St|||S)aB Generates a public/private key pair :param algorithm: The key algorithm - "rsa", "dsa" or "ec" :param bit_size: An integer - used for "rsa" and "dsa". For "rsa" the value maye be 1024, 2048, 3072 or 4096. For "dsa" the value may be 1024, plus 2048 or 3072 if on Windows 8 or newer. :param curve: A unicode string - used for "ec" keys. Valid values include "secp256r1", "secp384r1" and "secp521r1". :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A 2-element tuple of (PublicKey, PrivateKey). The contents of each key may be saved by calling .asn1.dump(). )rrrzM algorithm must be one of "rsa", "dsa", "ec", not %s r) zX bit_size must be one of 1024, 2048, 3072, 4096, not %s rrrBrzG bit_size must be 1024, not %s )rrrzZ bit_size must be one of 1024, 2048, 3072, not %s r secp256r1 secp384r1 secp521r1zd curve must be one of "secp256r1", "secp384r1", "secp521r1", not %s N) r ValueErrorr repr_win_version_infor_pure_python_ec_generate_pairrZrY_advapi32_generate_pair_bcrypt_generate_pair)rrrpub_info priv_infos rrSrSWss4011  O    E 378 8^X   e  v %[)@4 N "s#566 N " d  CD D^U  ;  "?"F HidH-z$ /JK K&y(;;$Y%@@rc|dk(rd}nd}ttd}tj|ttj dt|}t |t|}t|}tj|ttj d||}t |tt||}t|} tt| } t||| d} |dk(rt|| | \} } | | fSttd}tj|ttjdt|}t |t|}t|}tj|ttjd||}t |t||| d}t||| \} } | | fS)ao Accepts an key handle and exports it to ASN.1 :param algorithm: The key algorithm - "rsa" or "dsa" :param bit_size: An integer - only used when algorithm is "rsa" :param key_handle: The handle to export :return: A 2-element tuple of asn1crypto.keys.PrivateKeyInfo and asn1crypto.keys.PublicKeyInfo r RSABLOBHEADER DSSBLOBHEADERDWORD *rN)r(rCCryptExportKeyr)rDPRIVATEKEYBLOBrEr&r!r.r/r+r$ _advapi32_interpret_rsa_key_blob PUBLICKEYBLOB _advapi32_interpret_dsa_key_blob)rrr struct_typeout_lenr buffer_lengthbuffer_blob_struct_pointer blob_struct struct_size private_blob public_info private_infopublic_out_lenpublic_buffer_length public_buffer public_blobs r_advapi32_key_handle_to_asn1rs$E% % (I&G  ! ! $$    C'NM .G  ! ! $$   C,X{GL,-K;/K$Wm<[\JLE$DX{\h$i! \@  &&7Xy1%%  F  ' ' F    S$^4)*>? %%  F  ' '     S' 7KL[\Z $DX{\h$i! \  &&rcD|dk(r!tj}tj}n tj}tj}d}d} t |d}t td}|dztjz}tj||||}t|t|}t|||\} } t| t| f|r t||rtj |SS#|r t||rtj |wwxYw)a Generates a public/private key pair using CryptoAPI :param algorithm: The key algorithm - "rsa" or "dsa" :param bit_size: An integer - used for "rsa" and "dsa". For "rsa" the value maye be 1024, 2048, 3072 or 4096. For "dsa" the value may be 1024. :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A 2-element tuple of (PublicKey, PrivateKey). The contents of each key may be saved by calling .asn1.dump(). rNF verify_only HCRYPTKEY *)rDMS_ENH_RSA_AES_PROV CALG_RSA_SIGNMS_ENH_DSS_DH_PROV CALG_DSS_SIGNrFr(rCCRYPT_EXPORTABLE CryptGenKeyrEr/rrWrVrGr) rrprovider algorithm_idrrkey_handle_pointerflagsrrrs rrrs *E 44$22  33$22 NJ1,X5I =9R=#A#AA""><HZ[S./ $@HV`$a! \ ,.>|.LM   0   $ $Z 0    0   $ $Z 0 s BC88'Dc D|dk(r#d}tj}tj}nR|dk(r+|dkDrd}nd}tj}tj}n"d}tj }tj }ttd}tj|t|td |d }t|t|}t|} tj|t|| ||d }t|tt|| } t| } t!t| } t#| || d } |dk(rt%d | | }n5|dk(r#|dkDrt'd d | | }nt'd d | | }n t)d | | }ttd}tj|t|td |d }t|t|}t|}tj|t||||d }t|tt||}t|}t!t|} t#||| d }|dk(rt%d||}||fS|dk(r)|dkDrt'dd ||}||fSt'dd ||}||fSt)d||}||fS)au Accepts an key handle and exports it to ASN.1 :param algorithm: The key algorithm - "rsa", "dsa" or "ec" :param bit_size: An integer - only used when algorithm is "dsa" :param key_handle: The handle to export :return: A 2-element tuple of asn1crypto.keys.PrivateKeyInfo and asn1crypto.keys.PublicKeyInfo rBCRYPT_RSAKEY_BLOBrrBCRYPT_DSA_KEY_BLOB_V2BCRYPT_DSA_KEY_BLOBBCRYPT_ECCKEY_BLOBULONG *rNprivaterrApublic)rNBCRYPT_RSAFULLPRIVATE_BLOBBCRYPT_RSAPUBLIC_BLOBBCRYPT_DSA_PRIVATE_BLOBBCRYPT_DSA_PUBLIC_BLOBBCRYPT_ECCPRIVATE_BLOBBCRYPT_ECCPUBLIC_BLOBr(rMBCryptExportKeyr)rEr&r!r.r/r+r$_bcrypt_interpret_rsa_key_blob_bcrypt_interpret_dsa_key_blob_bcrypt_interpret_ec_key_blob)rrrrprivate_blob_typepublic_blob_typeprivate_out_lenrprivate_buffer_lengthprivate_bufferprivate_blob_struct_pointerprivate_blob_structr rrrrrpublic_blob_struct_pointerpublic_blob_structrrs rrr3s$E* 'BB&<< e  d?2K/K'??&==+ '>>&<<&),O  TV5FPQSbde fC!/2&'<=N     C"4V[."Y !<=!45K$^5JKKLYLE4Y@SUab e  d?8AGZ\hiK8AGZ\hiK3I?RT`a +N  TV5EtvqR`bc dC 0%&:;M     C!3FK!W :;!34K#M3GHVKE3H>PR]^   $$ e  d?7!EWYdeJ  $$ 8!EWYdeJ  $$38=OQ\]  $$rcb|dk(rtj}nR|dk(rtj}n?**:7I8UVWS./ **:q9S" $I 8Q!7FXq)'aa(89  Z ( ML  Z ( s'C E321E32E33Fctd}|dz }|dzdk(r|dz }|dz}|dzdk(r|dk\rd}n|dk\rd}n|dk\rd}n|d k\rd }n|d k\rd }tD]a}tjd|dz }t|||}|dk(s||dz k(r7t|dz D]}t|d|}||dz k(s`y y)u An implementation of Miller–Rabin for checking if a number is prime. :param bit_size: An integer of the number of bits in the prime number :param n: An integer, the prime number :return: A boolean rrAriiRrcii&rdirFT)rangerandom randranger)rnrskraxs rrYrY<s A AA a%1* Q a a%1*4  S  S  S  S  1X    QA & 1aL 6Q!a%Z q1u AAq! AAEz    rc F|dz}|dz}|}||z}||z}||z}||z} | |z} |jj} t|d|ddd} t|||ddd} t|||ddd}t|||ddd}t||| ddd}t|| | ddd}t|| | |zddd}tt ddit | | dd }t d | | || ||||d }tdtddi|d }||fS) a Takes a CryptoAPI RSA private key blob and converts it into the ASN.1 structures for the public and private keys :param bit_size: The integer bit size of the key :param blob_struct: An instance of the advapi32.RSAPUBKEY struct :param blob: A byte string of the binary data after the header :return: A 2-element tuple of (asn1crypto.keys.PublicKeyInfo, asn1crypto.keys.PrivateKeyInfo) rNrrNrrrr two-prime versionrrprivate_exponentprime1prime2 exponent1 exponent2 coefficientrqrr) rsapubkeypubexprrrrrrr)rr bloblen1len2 prime1_offset prime2_offsetexponent1_offsetexponent2_offsetcoefficient_offsetprivate_exponent_offsetrrrsrtrurvrwrrpublic_key_inforsa_private_keyprivate_key_infos rrrjs& q=D r>DM!D(M$t+'$.)D0047!++22OT!M24R489G D}=ddC DF D/?@2F GFt$45EFttLMIt$45GH2NOI &89P!QRVTVRV!WXK%d+BCZ]aCa&bcgegcg&hi#' )  #.$  %O$*," % O&!4 6 " ' ' - ..rc d}|dz}|}||z}||z}|}t|d|ddd} t|||ddd} t|||ddd} t||||zddd} t||||zddd} ttdt| | | ddt | d }t dt dt| | | ddt | d }||fS) a Takes a CryptoAPI DSS private key blob and converts it into the ASN.1 structures for the public and private keys :param bit_size: The integer bit size of the key :param public_blob: A byte string of the binary data after the public key header :param private_blob: A byte string of the binary data after the private key header :return: A 2-element tuple of (asn1crypto.keys.PublicKeyInfo, asn1crypto.keys.PrivateKeyInfo) rNrNrnrrr`rrrrx)rrrr rrr)rrrr|r}q_offsetg_offsetx_offsety_offsetrr`rrlyrrs rrrsH& D q=DH$H$HH|Ah/"56A|HX6tt<=A|HX6tt<=A|HX_=ddCDA{8HtO#C)=)=>&)<< %(:: (+==+.@@-0BB"47I"I]= AB]3C DE"4(89I#JK "4(89K#LM $T*<=T%UV )$/FG^atGt*uv'". 0""& )  %8U:&+      N    rc Jtt|j}|dk(rLttt|j }|}||z}||z}t|d|} t|||} n|dk(rutt|j } tt|j} | } | | z}||z}||z}||z}t|| |}t|||} t|||} ntdt|z|dk(r>t|||}ttdt| || ddt|d S|d k(rBt||||z}tdtdt| || ddt|d Stt!d t|) an Take a CNG BCRYPT_DSA_KEY_BLOB or BCRYPT_DSA_KEY_BLOB_V2 and converts it into an ASN.1 structure :param key_type: A unicode string of "private" or "public" :param version: An integer - 1 or 2, indicating the blob is BCRYPT_DSA_KEY_BLOB or BCRYPT_DSA_KEY_BLOB_V2 :param blob_struct: An instance of BCRYPT_DSA_KEY_BLOB or BCRYPT_DSA_KEY_BLOB_V2 :param blob: A byte string of the binary data contained after the struct :return: An asn1crypto.keys.PrivateKeyInfo or asn1crypto.keys.PublicKeyInfo object, based on the key_type param rArrzversion must be 1 or 2, not %sr,rrrrr+rxr)r'rcbKeyrr8r` cbSeedLength cbGroupSizerrrrr rrrr )rrqr r{key_byte_lengthr`r public_offsetprivate_offsetrrseed_byte_lengthgroup_byte_lengthrp_offsetr,r+s rr5r5Cs.S+"3"34O!| 6(KMM: ;" ?2 &8 4(+ , 47 8 A!#{'?'?@"3 (?(?@#//o- ?2 &8 42 3 42 3 47 89DMIJJ8]> BC+"')-"&/    Y  n^o5U!VW%8"'):&#7+     N    rc rtt|j}tt|j}tj dtj dtjdtjdtjdtjdi|}d|d|dzz}|dk(r%ttdtd | d |d S|d k(rGt||dz|dz}tdt!dtd | d t#d||ddSt%t'dt)|)a Take a CNG BCRYPT_ECCKEY_BLOB and converts it into an ASN.1 structure :param key_type: A unicode string of "private" or "public" :param blob_struct: An instance of BCRYPT_ECCKEY_BLOB :param blob: A byte string of the binary data contained after the struct :return: An asn1crypto.keys.PrivateKeyInfo or asn1crypto.keys.PublicKeyInfo object, based on the key_type param rrrrrr,rnamed)namevaluerrr+rc ecPrivkeyVer1)rqrrrxr)r'rdwMagicrrNBCRYPT_ECDSA_PRIVATE_P256_MAGICBCRYPT_ECDSA_PRIVATE_P384_MAGICBCRYPT_ECDSA_PRIVATE_P521_MAGICBCRYPT_ECDSA_PUBLIC_P256_MAGICBCRYPT_ECDSA_PUBLIC_P384_MAGICBCRYPT_ECDSA_PUBLIC_P521_MAGICrrr rrrr rr r)rr r{magicrrr,r+s rr6r6sf$ 3 ++ ,ES+"3"34O 33[33[33[22K22K22K    EtAo12 2F8+!0 -!    Y  o&9/A:M!NO%8!0 :&(*&$)   "  N    rcRt|tr|}nyt|tr t|}n]t|tr/t |d5}t|j }dddnttdt|ttS#1swYxYw)a Loads an x509 certificate into a Certificate object :param source: A byte string of file contents or a unicode string filename :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A Certificate object r\Nz source must be a byte string, unicode string or asn1crypto.x509.Certificate object, not %s ) rRAsn1Certificater8rr7openreadrSr r6 _load_keyr)source certificatefs rrTrTs &/* FH %'/ FG $ &$  61+AFFH5K 6 6  f      [+ .. 6 6 BB&c|}t|tr|dd}|j}d}|dk(rK|j\}}|dk7rt t d|t gdvrt t d|d k(r|jtt d |jd kDrJtd ks td k(r8t t d|jj|j|jdk(r#|jdk(rt t dtd k(r|dk(r |d|St|||St||||S)a Loads a certificate, public key or private key into a Certificate, PublicKey or PrivateKey object :param key_object: An asn1crypto.x509.Certificate, asn1crypto.keys.PublicKeyInfo or asn1crypto.keys.PrivateKeyInfo object :param container: The class of the object to hold the key_handle :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type oscrypto.errors.AsymmetricKeyError - when the key is incompatible with the OS crypto library OSError - when an error is returned by the OS crypto library :return: A PrivateKey, PublicKey or Certificate object, based on container rrNrrzR Windows only supports EC keys using named curves rz Windows only supports EC keys using the named curves secp256r1, secp384r1 and secp521r1 rz The DSA key does not contain the necessary p, q and g parameters and can not be used rrrBz Windows XP, 2003, Vista, 7 and Server 2008 only support DSA keys based on SHA1 (1024 bits or less) - this key is based on %s and is %s bits rsha1a Windows only supports 2048 bit DSA keys based on SHA2 - this key is 2048 bits and based on SHA1, a non-standard combination that is usually generated by old versions of OpenSSL )rRrrrr3r rrr4rrrupper_advapi32_load_key_bcrypt_load_key) key_object containerkey_infoalgo curve_name curve_types rrr s,H*o./01JK   DJ t|!) J  $^&  S!HI I$^&      %.~0     %+xIH   D | u} , 44 33NJ-,X8xCWX$Xx>#D) =9%%   I F    S./ :z2 . 5=+HheTG)'2I$'-$@ !))G % C  #)*?#@F     $ $Z 0   0 s C?E/Fc|dk(rtj}ntj}|dk(r&d}|rtj}n#tj}nd}tj }t td}t|}||_ tj|_ d|_ ||_ t t|} t| } || _|j} | dz} | dz} |dk(rt td }t|}| |_|dk(r[|d j"}tj$|_|d j(|_t-|d j(d | ddd}n1|dj"}tj.|_|d j(|_t-|d j(d | ddd}|t-|dj(d | dddz }|t-|dj(d | dddz }|t-|dj(d | dddz }|t-|dj(d | dddz }|t-|dj(d | dddz }|t-|dj(d | dddz }|| _nSt td}t|}| |_|dk(rStj2|_|ddj(}t-|d j"j(d | ddd}nRtj4|_|ddj(}t-|dj"j(d dddd}|| _t-|dd | ddd}|t-|dd ddddz }|t-|dd | dddz }||z }t td }t|}d!|_|t;|z }t;| |zS)"a Generates a blob for importing a key to CryptoAPI :param key_info: An asn1crypto.keys.PublicKeyInfo or asn1crypto.keys.PrivateKeyInfo object :param key_type: A unicode string of "public" or "private" :param algo: A unicode string of "rsa" or "dsa" :param signing: If the key handle is for signing - may only be False for rsa keys :return: A byte string of a blob to pass to advapi32.CryptImportKey() r,rrr BLOBHEADERrrNr RSAPUBKEYrrrF)signedwidthNrnrrsrtrurvrwrr DSSPUBKEYrrrrrr`rDSSSEEDl)rDrrr CALG_RSA_KEYXrr,rCr/bTypeCUR_BLOB_VERSIONbVersionreservedaiKeyAlgpublickeystrucrbitlenrRSA1rr'rzrRSA2ryDSS1DSS2 dsspubkeycounterr-)rrrr blob_typerr"blob_header_pointer blob_headerr r rr|r}pubkey_pointerpubkeyparsed_key_info blob_datarkey_datadssseed_pointerdssseeds rrrs)*8!// !00  u}% (66L(66L% $22  <8,-K!K(99KK'K ;7,-K!,K  H q=D r>D u}+6'  x &|4;;O(--FL+,=>EEFM$_Y%?%F%Fu\`abfdfbfgI&}5<EEFM$_Y%?%F%Fu\`abfdfbfgI oh&?&F&Fu\`abfdfbfg gI oh&?&F&Fu\`abfdfbfg gI ok&B&I&IRW_cdeigieij jI ok&B&I&IRW_cdeigieij jI om&D&K&KTYaefgkikgkl lI o6H&I&P&PY^fjklpnplpq qI &  +6'  x (--FLk*<8??F#H\$:$A$A$H$HQV^bcdhfhdhiH(--FL56|DKKF#H]$;$B$B$I$IRW_abcgegcghH &  U$G"M \&+e2FttLL \&+e4H2NN X  95)$\/22 + ,y 88rc d}d}t|trdnd}|j}|dk(rd} |dk(r|jdn|}tj tj tjtjtjd|} t| }|dk(r|dk(r4tj} tj} |d j} d } d }ntj} tj} |d j} t!| d j"}t!| d j"}t!| dj"}t!| dj"}t!| dj"}t!| dj"}t%|} t%|}t!| dj"}t!| dj"}t't(d}t+|}| |_|j.|_t%||_t%||_| |_||_t;||z|z}|dk(r|zz }|t=| z }|t=|z }|t=| z }|t=t%|z }n[|dk(r|dk(r2tj>} |d jj"}|dd}nRtj@} tC|d j"}t!|d jj"}|dd}t!|}t!|dj"}t!|dj"}t!|dj"} |j.dkDr t%| }!nd}!tEt%|t%|t%|}"t=||"}t=||"}t=||"}t=| |!} d}#d|!z}$|j.dkDr|dk(rtjF} ntjH} t't(d }t+|}| |_%|"|_&tjN|_(tjR|_*|!|_+|!|_,t[|#|_.t;|}||$| z|z|z|zz }|dk(r5|t=|!z }n$|dk(rtj^} ntj`} t't(d!}t+|}| |_%|"|_&t[|#|_.t[|$|_1t[| |_2t;||z|z|z}|dk(r|t=|!z }nz|dk(rt|dk(r'tjf} |d ji\}%}&natjj} |d jd }|r|ji\}%}&nd }%d }&t!|d jd j"}t't(d"}t+|}tjltjntjptjrtjttjvd#||f} d$d%d&d'|}"t!|%}'t!|&}(t=|'|"}'t=|(|"}(| |_%|"|_&t;||'z|(z}|dk(r|t=|"z }tyt(d(})t)jz|t} |)t%|tj~}*t|*t+|)}||||r t|SS#|r t|wwxYw))a Loads a certificate, public key or private key into a Certificate, PublicKey or PrivateKey object via CNG :param key_object: An asn1crypto.x509.Certificate, asn1crypto.keys.PublicKeyInfo or asn1crypto.keys.PrivateKeyInfo object :param key_info: An asn1crypto.keys.PublicKeyInfo or asn1crypto.keys.PrivateKeyInfo object :param container: The class of the object to hold the key_handle :param curve_name: None or a unicode string of the curve name for an EC key :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type oscrypto.errors.AsymmetricKeyError - when the key is incompatible with the OS crypto library OSError - when an error is returned by the OS crypto library :return: A PrivateKey, PublicKey or Certificate object, based on container Nr,r+rrrrA)rrrrrrrrrsrtrurvrwrrrrr&rrrrrrr`rrsr'r(r)))r,r)r,r)r,r)r+r)r+r)r+r 0BrrB)BrRrrrrNrCrDrErFrGrOr.BCRYPT_RSAPUBLIC_MAGICrr-BCRYPT_RSAFULLPRIVATE_MAGICrr'rr,rMr/Magicr BitLengthrrrrr-r2r0r/rmaxBCRYPT_DSA_PUBLIC_MAGIC_V2BCRYPT_DSA_PRIVATE_MAGIC_V2rrDSA_HASH_ALGORITHM_SHA256 hashAlgorithm DSA_FIPS186_3standardVersionrrr#CountBCRYPT_DSA_PUBLIC_MAGICBCRYPT_DSA_PRIVATE_MAGICSeedr`r2 to_coordsr1rrrrrrr(BCryptImportKeyPairr)BCRYPT_NO_KEY_VALIDATIONrErP)+rrrrrKrrr alg_selectorrJrr parsed_key prime1_size prime2_sizersrtrurvrwrrrrr r r{rr private_bytes public_bytesrrr`q_len key_widthcountseedrlrx_bytesy_bytesr#rs+ rrrsB:JJ%h >xIH   D |@),0DLx~~a(d 3333$@@$@@$@@    %\2 5=8#'== #::%l3::   'BB #??%m4;; %j&:&A&AB%j&:&A&AB(K)@)G)GH (K)@)G)GH *:m+D+K+KL #/ ;M0N0U0U#V !&k !&k *:6G+H+O+OPO":i#8#?#?@G"(1E"F  !45K %K $,$5$5K !&)/&:K #$'LK !#.K #.K  34FPD9$' 9k:: 9k:: ; << #3S\BB U]8#'>> %l3::AA !+.|<'?? 5h? MTT ,Xm-D-K-K-R-R S !"9:<H' 3LVC[//0AVC[//0AVC[//0A  4'AC -s1vs1v>I%lI>L1i(A1i(A1e$A EU?D  4'x''BBE'CCE&,V5M&N#$%89 &+ #$- !-8,Q,Q ).9.G.G ++0 (*/ '$.u$5 !#$78q1 q(<77y(J}e<> %m4;;LI %//1DAqAA ,Xm-D-K-KM-Z-a-a b "(1E"F  !45K*5)S)S)4)S)S)4)S)S*5*U*U*5*U*U*5*U*U $&E  I #1oG"1oG )4G )4G"'K  )K  34w>HD9$ =)<< )>?((  F    I  0 0  S./ Z0  Z ( : Z ( s ]]<<^ ct|tr|}n|Ot|tr|jd}t|tst t dt|t|tr&t|d5}|j}dddn.t|tst t dt|t||}t|tS#1swY%xYw)a Loads a private key into a PrivateKey object :param source: A byte string of file contents, a unicode string filename or an asn1crypto.keys.PrivateKeyInfo object :param password: A byte or unicode string to decrypt the private key file. Unicode strings will be encoded using UTF-8. Not used is the source is a PrivateKeyInfo object. :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type oscrypto.errors.AsymmetricKeyError - when the private key is incompatible with the OS crypto library OSError - when an error is returned by the OS crypto library :return: A PrivateKey object Nutf-8zP password must be a byte string, not %s r\z source must be a byte string, unicode string or asn1crypto.keys.PrivateKeyInfo object, not %s ) rRrr7encoder8rSr r6rrrrrY)rpasswordprivate_objectrs rrVrVs.&.)  (G,#??73h1h' ! fg &fd# "q " "FH-N&!  'vx8 ^Z 00 " "s C%%C.cRt|tr|}nyt|tr t|}n]t|tr/t |d5}t|j }dddnttdtttS#1swYxYw)a3 Loads a public key into a PublicKey object :param source: A byte string of file contents, a unicode string filename or an asn1crypto.keys.PublicKeyInfo object :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type oscrypto.errors.AsymmetricKeyError - when the public key is incompatible with the OS crypto library OSError - when an error is returned by the OS crypto library :return: A PublicKey object r\Nz source must be a byte string, unicode string or asn1crypto.keys.PublicKeyInfo object, not %s ) rRrr8rr7rrrSr r6rrZ)rrrs rrWrW9s$&-( FH %!&) FG $ &$  01%affh/J 0 0  j !     Z ++ 0 0rc$t||tS)a Parses a PKCS#12 ANS.1 DER-encoded structure and extracts certs and keys :param data: A byte string of a DER-encoded PKCS#12 file :param password: A byte string of the password to any encrypted data :raises: ValueError - when any of the parameters are of the wrong type or value OSError - when an error is returned by one of the OS decryption functions :return: A three-element tuple of: 1. An asn1crypto.keys.PrivateKeyInfo object 2. An asn1crypto.x509.Certificate object 3. A list of zero or more asn1crypto.x509.Certificate objects that are "extra" certificates, possibly intermediates from the cert chain )rrV)datars rrXrXas, x)9 ::rcj|Ot|tr|jd}t|tst t dt |t|tr&t|d5}|j}dddn.t|tst t dt |t||\}}}d}d}|rt|t}|rt|jt}|Dcgc]}t|jt} }||| fS#1swYwxYwcc}w)a Loads a .p12 or .pfx file into a PrivateKey object and one or more Certificates objects :param source: A byte string of file contents or a unicode string filename :param password: A byte or unicode string to decrypt the PKCS12 file. Unicode strings will be encoded using UTF-8. :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type oscrypto.errors.AsymmetricKeyError - when a contained key is incompatible with the OS crypto library OSError - when an error is returned by the OS crypto library :return: A three-element tuple containing (PrivateKey, Certificate, [Certificate, ...]) NrzH password must be a byte string, not %s r\zR source must be a byte string or a unicode string, not %s )rRr7rr8rSr r6rrrXrrYrr) rrrr cert_infoextra_certs_infokeycertinfo extra_certss rrUrUzs/, h (w/H(H-N(#  &'" &$  1VVXF   )  f     -9,J)Hi) C D*---{;GWXt9T__k:XKX { ##1  ,Ys.D$4' 0 0F 6\1EFF ,i~_c ddrcR|jdk7r tdt||||S)a Verifies a DSA signature :param certificate_or_public_key: A Certificate or PublicKey instance to verify the signature with :param signature: A byte string of the signature to verify :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384" or "sha512" :raises: oscrypto.errors.SignatureError - when the signature is determined to be invalid ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library rz)The key specified is not a DSA public keyr%r's rrRrRs0.!**e3DEE ,i~ NNrcR|jdk7r tdt||||S)a Verifies an ECDSA signature :param certificate_or_public_key: A Certificate or PublicKey instance to verify the signature with :param signature: A byte string of the signature to verify :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384" or "sha512" :raises: oscrypto.errors.SignatureError - when the signature is determined to be invalid ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library rz)The key specified is not an EC public keyr%r's rrLrL s0.!**d2DEE ,i~ NNrc Zt|ttfstt dt |t|t stt dt |t|t stt dt ||j}|dk(xs|dk(}tgd}|r|s|tdgz}||vr*d}|r|s|d z }tt d |t||s'|d ur#tt d |j|dk(rDt||jd z kDr)tt d|jt|tdk(r,|jdk(rt||||St!|||||St#|||||S)a( Verifies an RSA, DSA or ECDSA signature :param certificate_or_public_key: A Certificate or PublicKey instance to verify the signature with :param signature: A byte string of the signature to verify :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw" :param rsa_pss_padding: If PSS padding should be used for RSA keys :raises: oscrypto.errors.SignatureError - when the signature is determined to be invalid ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library certificate_or_public_key must be an instance of the Certificate or PublicKey class, not %s zA signature must be a byte string, not %s < data must be a byte string, not %s rrmd5rsha256sha384sha512raw+"md5", "sha1", "sha256", "sha384", "sha512", "raw"B hash_algorithm must be one of %s, not %s Fu PSS padding may only be used with RSA keys - signing via a %s key was requested rfz data must be 11 bytes shorter than the key size when hash_algorithm is "raw" - key size is %s bytes, but data is %s bytes long rBr)rRrrZrSr r6r8rrrrrrrZr_pure_python_ecdsa_verify_advapi32_verify_bcrypt_verify) r(r)rr*r-r. cp_is_rsavalid_hash_algorithmsvalid_hash_algorithms_errors rr&r&5 s4 /+y1I J  / 0     i *  i     dH %  dO    ' 0 0F%96\#9I MNeW-22&S# _ '9 4 '  (      5  LLN     t90::R? ?^ *33D  ; $ . .$ 6,-F SWYgh h 99dN\kll 3YnVe ffrc|j}|dk(xs|dk(}|rM|rKddddddj|d }t||}|j} t ||| ||s t d y |r@|d k(r;t||} t |j| } t| |s t y d } tjtjtjtjtjd |} t!t"d}t#j$|j&| t)d |}t+|t-|} t#j.| |t1|d }t+||dk(r= t3j4|j7}t1|dz}||d |d |z}|d d d}t#j<| |t1||j>t)d }t+|| rt#j@| y y #t$r t d wxYw#tt8t:f$r t d wxYw#| rt#j@| wwxYw)a6 Verifies an RSA, DSA or ECDSA signature via CryptoAPI :param certificate_or_public_key: A Certificate or PublicKey instance to verify the signature with :param signature: A byte string of the signature to verify :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw" :param rsa_pss_padding: If PSS padding should be used for RSA keys :raises: oscrypto.errors.SignatureError - when the signature is determined to be invalid ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library rrrrrrMrsha224r6r7r8rSignature is invalidNr9r4 HCRYPTHASH *rrrn)!rgetr=rr?r5r>rZr@rrDCALG_MD5 CALG_SHA1 CALG_SHA_256 CALG_SHA_384 CALG_SHA_512r(rCCryptCreateHashrr)rEr/ CryptHashDatarr loadto_p1363 OverflowErrorrSCryptVerifySignatureWrCryptDestroyHash)r(r)rr*r-r algo_is_rsa hash_lengthdecrypted_signaturekey_sizepadded_plaintext plaintext hash_handlealg_idhash_handle_pointerrhalf_lenreversed_signatures rr?r? s4 % . .D%-74<#7K  #na 33LiX,55!.+xObc !78 8~./0I9U 99:S:]:]_opI#It4 l"5 K43 ))!++#00#00#00   "(N;&& % 4 4  F    S01 $$[$D 1ES 5= =(--i8AAC y>Q.%hi09Yh3GG 'tt_,,    N % 0 0 F   S   % %k 2 s 9 !78 8 9N y9 =$%;<< =$   % %k 2 s2<,H-CIk(}|r t7d tA|y #t0t2t4f$r t7d wxYw) a0 Verifies an RSA, DSA or ECDSA signature via CNG :param certificate_or_public_key: A Certificate or PublicKey instance to verify the signature with :param signature: A byte string of the signature to verify :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw" :param rsa_pss_padding: If PSS padding should be used for RSA keys :raises: oscrypto.errors.SignatureError - when the signature is determined to be invalid ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library r9r4rrrBCRYPT_PSS_PADDING_INFO wchar_t *BCRYPT_PKCS1_PADDING_INFOvoid *rHN)!rNBCRYPT_MD5_ALGORITHMBCRYPT_SHA1_ALGORITHMBCRYPT_SHA256_ALGORITHMBCRYPT_SHA384_ALGORITHMBCRYPT_SHA512_ALGORITHMgetattrhashlibdigestr)rBCRYPT_PAD_PSSr,rMr/r"r%pszAlgIdrcbSaltBCRYPT_PAD_PKCS1r rRrSrrTrSr5BCryptVerifySignaturerSTATUS_INVALID_SIGNATURESTATUS_INVALID_PARAMETERrE)r(r)rr*r-rn hash_constant padding_infor$r.rApadding_info_struct_pointerpadding_info_struct hash_bufferrfailures rr@r@ s43355!99!99!99    2.1$7>>@6L E & 0 0F%96\#9I ..E*09R*S '"()D"E -m? KKrch|j}|dk(xs|dk(}|r'|dk(r"t|j|}t||S|r>|r>  #na &nk;CWCWY]^ $[+>>%.E*A    KC3 ))!++#00#00#00   "(N;&&  & &  F    S01 $$[$D 1ESh *%%   & & F F    Sg #M2%%   & & F     S"7E'N;" 5=6{a'HHI& )::F",,V499;F   % %k 2 ;  % %k 2 s -GJJ1c >|dk(r|}nutjtjtjtjtj d|}t t||j}t}d}|j}|dk(xs|dk(} | r|r_dddd d d|} tj}ttd } t| } t} t!td | | _| | _natj&}ttd } t| } |dk(rt| _n!t} t!td | | _t!td| }|dk(r2|j(dkDr#|t+ddgvrt-t/dt1td}tj2|j4||t7|td||}t9|t;|}t=|}| rt!td }tj2|j4||t7|||||}t9|t?|t;|}| s#tAjB|jE}|S)a Generates an RSA, DSA or ECDSA signature via CNG :param private_key: The PrivateKey to generate the signature with :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw" :param rsa_pss_padding: If PSS padding should be used for RSA keys :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the signature r9r4rrrrrrrrMrcrdrerfrrr5rz~ Windows does not support sha1 signatures with DSA keys based on sha224, sha256 or sha512 r)#rNrgrhrirjrkrlrmrnr)rror,rMr/r"r%rprqrrrrrr r(BCryptSignHashrrrEr&r!r$r rr)rrr*r-rnrvrwr$rrrXrxryrzrr buffer_lenr[r)s rrr s23355!99!99!99    2.1$7>>@6L E$$He#?x<'?K    K ..E*09R*S '"()D"E -mr?utilr@getwindowsversion_gwvrr _advapi32rCrDrErFrG_ecdsarHrrIrrJrKrrLr>_cngrMrNrOrP__all__rXrrYrZrSrrrrrarYrrr4r5r6rTrrrrrVrWrXrUr`rbrRr&r?r@r_rarQrrrrrrrrrr^r]r\r[rrrrs>RR  "   %$UU<<$s!Wd1g& 9 {kk[Z 6A H))XT!/T!n11$I!'+I!XMA`U'p11hb%J=H@a)H+\D/N:/zR jX vD N#/LMI`Tnd9Ne)P51p%,P;2:$zODeDO:O:_gDk3\Vr4BJB4848ULpw3tvr1Nh6;rE5P0Ff(5VE5P50-,L0Dr