o c/@sddlZddlmZmZddlmZddlmZejr!ddl m Z ddd Z dd d Z Gdd d ej Zd efddZGdddejZGdddejZdS)N)UnsupportedAlgorithm_Reasons) serialization)dh)BackendbackendrcCs|j}|j}||}|||jk|||j}|jrD|d}| ||j||j| |d}| ||j||j}||dk|SN BIGNUM **r) _lib_ffi DHparams_dupopenssl_assertNULLgcDH_freeCRYPTOGRAPHY_IS_LIBRESSLnew DH_get0_pqgBN_dup DH_set0_pqg)dh_cdatarlibffi param_cdataqq_dupresrT/opt/certbot/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/dh.py_dh_params_dups  r return _DHParameterscCst||}t||SN)r r")rrrrrr_dh_cdata_to_parameters!s  r$c@sPeZdZdddZdejfddZdejfdd Zd e j d e j de fd d Z dS)r"rrcCs||_||_dSr#)_backend _dh_cdata)selfrrrrr__init__'s z_DHParameters.__init__r!cCs|jjd}|jjd}|jjd}|jj|j||||j|d|jjjk|j|d|jjjk|d|jjjkrFd}n|j|d}t j |j|d|j|d|dS)Nr rpgr) r%r rr rr&rr _bn_to_intrDHParameterNumbers)r'r*r+rq_valrrrparameter_numbers+sz_DHParameters.parameter_numberscCs |j|Sr#)r%generate_dh_private_keyr'rrrgenerate_private_key=s z"_DHParameters.generate_private_keyencodingformatcCs&|tjjur td|tjjurtd|jj d}|jj |j |jjj ||jjj |d|jjj kr@|jj js@tdtj|tjjur[|d|jjj krU|jj j}n%|jj j}n|tjjurv|d|jjj krp|jj j}n |jj j}ntd|j}|||j }|j|dk|j|S)Nz!OpenSSH encoding is not supportedz%Only PKCS3 serialization is supportedr r'DH X9.42 serialization is not supportedz/encoding must be an item from the Encoding enumr )rEncodingOpenSSH TypeErrorParameterFormatPKCS3 ValueErrorr%r rr rr&rCryptography_HAS_EVP_PKEY_DHXrrUNSUPPORTED_SERIALIZATIONPEMPEM_write_bio_DHxparamsPEM_write_bio_DHparamsDERi2d_DHxparams_bioi2d_DHparams_bio_create_mem_bio_gcr _read_mem_bio)r'r3r4r write_biobiorrrrparameter_bytes@s:           z_DHParameters.parameter_bytesNrr)__name__ __module__ __qualname__r(rr-r/ DHPrivateKeyr2rr6r9bytesrHrrrrr"&s cCsL|jd}|j|||jj|jj||d|jjk|j|dS)Nr r)r rr rrr BN_num_bits)rrr*rrr_get_dh_num_bitsks rPc@seZdZdddZedefddZdejfdd Z d ej de fd d Z d e ddfddZdej fddZdejfddZdejdejdejde fddZdS) _DHPrivateKeyrrcCs&||_||_||_|jj||_dSr#)r%r& _evp_pkeyr DH_size_key_size_bytesr'rrevp_pkeyrrrr(sz_DHPrivateKey.__init__r!cCt|j|jSr#)rPr%r&r1rrrkey_sizeysz_DHPrivateKey.key_sizecCsT|jjd}|jjd}|jjd}|jj|j||||j|d|jjjk|j|d|jjjk|d|jjjkrFd}n|j|d}|jjd}|jjd}|jj |j|||j|d|jjjk|j|d|jjjkt j t j t j |j|d|j|d|d|j|dd|j|ddS)Nr rr)r/y)public_numbersx)r%r rr rr&rrr, DH_get0_keyrDHPrivateNumbersDHPublicNumbersr-)r'r*r+rr.pub_keypriv_keyrrrprivate_numbers}s2z_DHPrivateKey.private_numberspeer_public_keycCsTt|ts td|jj|j|jjj}|j ||jjjk|jj ||jjj }|jj |}|j |dk|jj ||j}||dk|jjd}|jj||jjj|}||dk|j |ddk|jjd|d}|jj|||}|j |dk|jj||ddd}|jt|}|dkrd||}|S)Nz%peer_public_key must be a DHPublicKeyr zsize_t *rzunsigned char[]) isinstance _DHPublicKeyr8r%r EVP_PKEY_CTX_newrRr rrrEVP_PKEY_CTX_freeEVP_PKEY_derive_initEVP_PKEY_derive_set_peer_exchange_assertrEVP_PKEY_derivebufferrTlen)r'rdctxrkeylenbufkeypadrrrexchanges6    z_DHPrivateKey.exchangeokNcCs|s |j}td|dS)NzError computing shared key.)r%_consume_errors_with_textr;)r'rverrors_with_textrrrrls z_DHPrivateKey._exchange_assertcCst|j|j}|jjd}|jj|j||jjj|j|d|jjjk|jj |d}|j||jjjk|jj |||jjj}|j|dk|j |}t |j||Sr) r r&r%r rr r^rrr DH_set0_key_dh_cdata_to_evp_pkeyrg)r'rra pub_key_duprrVrrr public_keys  z_DHPrivateKey.public_keycCrXr#r$r&r%r1rrr parametersz_DHPrivateKey.parametersr3r4encryption_algorithmcCs|tjjur td|jjjs6|jjd}|jj |j |jjj ||jjj |d|jjj kr6t dt j|j|||||j|j S)Nz0DH private keys support only PKCS8 serializationr rr5)r PrivateFormatPKCS8r;r%r r<r rrr&rrrr=_private_key_bytesrR)r'r3r4rrrrr private_bytess2  z_DHPrivateKey.private_bytesrI)rJrKrLr(propertyintrYrr_rc DHPublicKeyrNruboolrlr| DHParametersr~rr6rKeySerializationEncryptionrrrrrrQrs$ $rQc@sbeZdZdddZedefddZdejfdd Z dej fd d Z d e j d e jdefddZdS)rgrrcCs&||_||_||_t|j|j|_dSr#)r%r&rRrP_key_size_bitsrUrrrr(rWz_DHPublicKey.__init__r!cCs|jSr#)rr1rrrrYsz_DHPublicKey.key_sizecCs|jjd}|jjd}|jjd}|jj|j||||j|d|jjjk|j|d|jjjk|d|jjjkrFd}n|j|d}|jjd}|jj |j||jjj|j|d|jjjkt j t j |j|d|j|d|d|j|ddS)Nr rr)rZ) r%r rr rr&rrr,r^rr`r-)r'r*r+rr.rarrrr\s,z_DHPublicKey.public_numberscCrXr#r}r1rrrr~rz_DHPublicKey.parametersr3r4cCs|tjjur td|jjjs6|jjd}|jj |j |jjj ||jjj |d|jjj kr6t dt j|j||||jdS)Nz>DH public keys support only SubjectPublicKeyInfo serializationr rr5)r PublicFormatSubjectPublicKeyInfor;r%r r<r rrr&rrrr=_public_key_bytesrR)r'r3r4rrrr public_bytes"s(   z_DHPublicKey.public_bytesNrI)rJrKrLr(rrrYrr`r\rr~rr6rrNrrrrrrgs rgrI)rrr!r")typingcryptography.exceptionsrrcryptography.hazmat.primitivesr)cryptography.hazmat.primitives.asymmetricr TYPE_CHECKING,cryptography.hazmat.backends.openssl.backendrr r$rr"rrPrMrQrrgrrrrs     E