U af@s#ddlmZmZmZmZddlZddlZddlZddlZddl m Z m Z m Z mZmZmZmZmZmZmZmZmZmZmZmZddlmZmZmZmZmZm Z m!Z!m"Z"m#Z#ddl$m%Z%ddl&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6ddl7m8Z8dd l9m:Z:dd l;mZ>dd l?m@Z@mAZAmBZBmCZCdd lDmEZEmFZFmGZGmHZHmIZImJZJdd lKmLZLeMZNeNdeNdfZOe8ZPePdkrddlQmRZRmSZSmTZTmUZUmVZVddlWmXZYmZZ[m\Z\m]Z^m_Z`nddlambZbmcZcmTZTmdZdmeZedddddddddddddd d!d"d#d$d%d&d'gZfdd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;dd?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^d_d`dadbdcdddedfdgdhdidjdkdldmdndodpdqdrdsdtdudvdwdxdydzd{d|d}d~ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd d d d d ddddddddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^d_d`dadbdcdddedfdgdhdidjdkdldmdndodpdqdrdsdtdudvdwdxdydzd{d|d}d~dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddÐdĐdŐdƐdǐdȐdɐdʐdːd̐d͐dΐdϐdАdѐdҐdӐdԐdՐd֐dאdؐdِdڐdېdܐdݐdސdߐdddddddddddddddddddddddddddddddddddddddddd d d d d ddddddddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^d_d`dadbdcdddedfdgdhdidjdkdldmdndodpdqdrdsdtdudvdwdxdydzd{d|d}d~dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddÐdĐdŐdƐdǐdȐdɐdʐdːd̐d͐dΐdϐdАdѐdҐdӐdԐdՐd֐dאdؐdِdڐdېdܐdݐdސdߐdddddddddddddddddddddddddddddddddddddddddd d d d d ddddddddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^d_d`dadbdcdddedfdgdhdidjdkdldmdndodpdqdrdsdtdudvdwdxdydzd{d|d}d~dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddÐdĐdŐdƐdǐdȐdɐdʐdːd̐d͐dΐdϐdАdѐdҐdӐdԐdՐd֐dאdؐdِdڐdېdܐdݐdސdߐdddddddddddddddddddddddddddddddddddddddddd d d d d ddddddddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^d_d`dadbdcdddedfdgdhdidjdkdldmdndodpdqdrdsdtdudvdwdxdydzd{d|d}d~dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddÐdĐdŐdƐdǐdȐdɐdʐdːd̐d͐dΐdϐdАdѐdҐdӐdԐdՐd֐dאdؐdِdڐdېdܐdݐdސdߐdddddddddddddddddddddddddddddddddddddddddd d d d d ddddddddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^d_d`dadbdcdddedfdgdhdidjdkdldmdndodpdqdrdsdtdudvdwdxdydzd{d|d}d~dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddÐdĐdŐdƐdǐdȐdɐdʐdːd̐d͐dΐdϐdАdѐdҐdӐdԐdՐd֐dאdؐdِdڐdېdܐdݐdސdߐdddddddddddddddddddddddddddddddddddddddddd d d d d ddddddddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^d_d`dadbdcdddedfdgdhdidjdkdldmdndodpdqdrdsdtdudvdwdxdydzd{d|d}d~dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddÐdĐdŐdƐdǐdȐdɐdʐdːd̐d͐dΐdϐdАdѐdҐdӐdԐdՐd֐dאdؐdِdڐdېdܐdݐdސdߐdddddddddddddddddddddddddddddddddddddddddd d d d d ddddddddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^d_d`dadbdcdddedfdgdhdidjdkdldmdndodpdqdrdsdtdudvdwdxdydzd{d|d}d~dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddÐdĐdŐdƐdǐdȐdɐdʐdːd̐d͐dΐdϐdАdѐdҐdӐdԐdՐd֐dאdؐdِdڐdېdܐdݐdސdߐdddddddddddddddddddddddddddddddddddddddddd d d d d ddddddddddddddddddd d!d"d#d$d%d&gZgGd'd(d(ZhGd)ddeheZiGd*ddeheZjGd+ddeheZ dvd,dZkd-d.Zldwd/d0Zmd1d2Zndxd3d4Zod5d6Zpd7d8Zqd9d:Zrd;d<Zsd=d>Ztd?d@ZudAdBZvdCdZwdDdEZxdFdGZydydIdJZzdKdLZ{dzdMdZ|dNdZ}d{dOdZ~d|dPdZdQd%ZdRd'ZdSdZdTdZ_d}dVdWZd~dXdYZddZd[Zd\d$Zd]d&Zd^dZd_dZ]dd`daZddbdcZddddeZddfdgZddhdiZddjdkZddldmZddndoZddpdqZdrd#Zdsd"Zdtd!Zdud ZdS()unicode_literalsdivisionabsolute_importprint_functionN) Certificate DHParameters DSAParams DSASignatureECDomainParameters ECPrivateKeyIntegerint_from_bytes int_to_bytesPrivateKeyAlgorithmPrivateKeyInfoPublicKeyAlgorithm PublicKeyInfo RSAPrivateKey RSAPublicKey) _CertificateBase _fingerprint _parse_pkcs12_PrivateKeyBase_PublicKeyBase_unwrap_private_key_infoparse_certificate parse_private parse_public)pretty_message)buffer_from_bytesbuffer_from_unicode byte_arraybytes_from_buffercastderefnativenewnull pointer_setsizeofstruct struct_bytesstruct_from_bufferunwrapwrite_to_buffer)backend) fill_width)AsymmetricKeyErrorIncompleteAsymmetricKeyErrorSignatureError) type_namestr_clsbyte_cls int_types)add_pkcs1v15_signature_paddingadd_pss_paddingraw_rsa_private_cryptraw_rsa_public_crypt!remove_pkcs1v15_signature_paddingverify_pss_padding)constant_compare winlegacy)advapi32 Advapi32Const handle_erroropen_context_handleclose_context_handle)ec_generate_pairec_compute_public_key_pointec_public_key_info ecdsa_sign ecdsa_verify)bcrypt BcryptConstrDopen_alg_handleclose_alg_handlerdsa_sign dsa_verifyrJrK generate_pairload_certificate load_pkcs12load_private_keyload_public_key parse_pkcs12 PrivateKey PublicKeyrsa_oaep_decryptrsa_oaep_encryptrsa_pkcs1v15_decryptrsa_pkcs1v15_encryptrsa_pkcs1v15_signrsa_pkcs1v15_verify rsa_pss_signrsa_pss_verify %)+/5;=CGIOSYaegkmqiii iiiii%i3i7i9i=iKiQi[i]iaigioiui{iiiiiiiiiiiiiiiiiiiiii i ii#i-i3i9i;iAiKiQiWiYi_ieiiikiwiiiiiiiiiiiiiiiiiiiiiiiii)i+i5i7i;i=iGiUiYi[i_imiqisiwiiiiiiiiiiiiiiiiiiii iiii%i'i-i?iCiEiIiOiUi]iciiiiiiiiiiiiiiiiiiiiii i iiiii'i)i/iQiWi]ieiwiiiiiiiiiiiiiiiiiiiiii iiii#i+i/i=iAiGiIiMiSiUi[ieiyiiiiiiiiiiiiiiiiiii iii'i7iEiKiOiQiUiWiaimisiyiiiiiiiiiiiiiiiiiiii!i#i'i)i3i?iAiQiSiYi]i_iiiqiiiiiiiiiiiiiiiii i i i# i% i+ i/ i5 iC iI iM iO iU iY i_ ik iq iw i i i i i i i i i i i i i i i i i i! i1 i9 i= iI iW ia ic ig io iu i{ i i i i i i i i i i i i i i i i i i i i i i i i i# i) i- i? iG iQ iW i] ie io i{ i i i i i i i i i i i i i i i i i i i% i/ i1 iA i[ i_ ia im is iw i i i i i i i i i i i i i i i i i i i i i i! i+ i- i= i? iO iU ii iy i i i i i i i i i i i i i i i i i i i i i iii!i'i/i5i;iKiWiYi]ikiqiui}iiiiiiiiiiiiiiii i ii%i)i1iCiGiMiOiSiYi[igikiiiiiiiiiiiiiiiiiiii!i%i+i9i=i?iQiiisiyi{iiiiiiiiiiiiiiiiii ii'i-i9iEiGiYi_iciiioiiiiiiiiiiiiiiiii iii#i)i+i1i7iAiGiSi_iqisiyi}iiiiiiiiiiiiii ii'i-i7iCiEiIiOiWi]igiiimi{iiiiiiiiiiiiiiiiiiii!i/i3i;iEiMiYikioiqiuiiiiiiiiiiiii iiii%i)i+i7i=iAiCiIi_ieigiki}iiiiiiiiiiiiiii iiiiii%i3i9i=iEiOiUiiimioiuiiiiiiiiiiiiiiiiiii ii#i'i3iAi]iciwi{iiiiiiiiiiiiiiiiiiii5i7i;iCiIiMiUigiqiwi}iiiiiiiiiiiiiiiiiiiiii1i3iEiIiQi[iyiiiiiiiiiiiiiiiiiii!i#i-i/i5i?iMiQiiiki{i}iiiiiiiiiiiiiiiiii#i%i/i1i7i;iAiGiOiUiYieikisiiiiiiiiiiiii iii'i+i-i3i=iEiKiOiUisiiiiiiiiiiiii ii!i#i5i9i?iAiKiSi]iciiiqiui{i}iiiiiiiiiiiiiiiiii iii%i+i/i=iIiMiOimiqiiiiiiiiiiiiiiiii iii9iIiKiQigiui{iiiiiiiiiiiiiiii i i i' i) i- i3 iG iM iQ i_ ic ie ii iw i} i i i i i i i i i i i i i i !i!i5!iA!iI!iO!iY!i[!i_!is!i}!i!i!i!i!i!i!i!i!i!i!i!i!i!i!i!i!i"i "i"i"i!"i%"i+"i1"i9"iK"iO"ic"ig"is"iu"i"i"i"i"i"i"i"i"i"i"i"i"i"i"i#i #i #i'#i)#i/#i3#i5#iE#iQ#iS#iY#ic#ik#i#i#i#i#i#i#i#i#i#i#i#i#i#i#i#i$i $i$i$i)$i=$iA$iC$iM$i_$ig$ik$iy$i}$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i$i%i%i%i%i'%i1%i=%iC%iK%iO%is%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i%i&i &i&i&i'&i)&i5&i;&i?&iK&iS&iY&ie&ii&io&i{&i&i&i&i&i&i&i&i&i&i&i&i&i&i&i'i'i5'i7'iM'iS'iU'i_'ik'im'is'iw'i'i'i'i'i'i'i'i'i'i'i'i'i'i(i(i (i(i(i(i!(i1(i=(i?(iI(iQ(i[(i](ia(ig(iu(i(i(i(i(i(i(i(i(i(i(i(i(i)i)i)i!)i#)i?)iG)i])ie)ii)io)iu)i)i)i)i)i)i)i)i)i)i)i)i)i)i)i)i*i*i*i%*i/*iO*iU*i_*ie*ik*im*is*i*i*i*i*i*i*i*i*i*i*i*i*i*i*i+i'+i1+i3+i=+i?+iK+iO+iU+ii+im+io+i{+i+i+i+i+i+i+i+i+i+i+i+i+i+i ,i,i,i#,i/,i5,i9,iA,iW,iY,ii,iw,i,i,i,i,i,i,i,i,i,i,i,i,i,i,i,i-i-i-i;-iC-iI-iM-ia-ie-iq-i-i-i-i-i-i-i-i-i-i-i.i.i.i .i.i.i%.i-.i3.i7.i9.i?.iW.i[.io.iy.i.i.i.i.i.i.i.i.i.i.i.i.i.i.i.i/i /i /i/i'/i)/iA/iE/iK/iM/iQ/iW/io/iu/i}/i/i/i/i/i/i/i/i/i/i/i/i/i/i/i0i 0i#0i)0i70i;0iU0iY0i[0ig0iq0iy0i}0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i0i1i 1i1i!1i'1i-1i91iC1iE1iK1i]1ia1ig1im1is1i1i1i1i1i1i1i1i1i1i1i1i1i1i 2i2i2i2i)2i52iY2i]2ic2ik2io2iu2iw2i{2i2i2i2i2i2i2i2i2i2i2i2i2i2i2i2i3i%3i+3i/3i53iA3iG3i[3i_3ig3ik3is3iy3i3i3i3i3i3i3i3i3i3i3i3i3i4i4i4i4i4i74iE4iU4iW4ic4ii4im4i4i4i4i4i4i4i4i4i4i4i4i4i4i 5i5i5i-5i35i;5iA5iQ5ie5io5iq5iw5i{5i}5i5i5i5i5i5i5i5i5i5i5i5i5i5i5i6i6i6i#6i16i56i76i;6iM6iO6iS6iY6ia6ik6im6i6i6i6i6i6i6i6i6i6i6i6i7i7i7i7i?7iE7iI7iO7i]7ia7iu7i7i7i7i7i7i7i7i7i7i7i7i8i 8i!8i38i58iA8iG8iK8iS8iW8i_8ie8io8iq8i}8i8i8i8i8i8i8i8i8i8i8i8i8i8i9i9i#9i%9i)9i/9i=9iA9iM9i[9ik9iy9i}9i9i9i9i9i9i9i9i9i9i9i9i9i9i9i9i9i9i:i:i:i:i':i+:i1:iK:iQ:i[:ic:ig:im:iy:i:i:i:i:i:i:i:i:i:i:i:i;i;i;i!;i#;i-;i9;iE;iS;iY;i_;iq;i{;i;i;i;i;i;i;i;i;i;i;i;i;i;i;i;i;i;i<i <i<i<i<i)<i5<iC<iO<iS<i[<ie<ik<iq<i<i<i<i<i<i<i<i<i<i<i<i<i=i =i=i=i=i!=i-=i3=i7=i?=iC=io=is=iu=iy=i{=i=i=i=i=i=i=i=i=i=i=i=i=i>i >i>i>i>i#>i)>i/>i3>iA>iW>ic>ie>iw>i>i>i>i>i>i>i>i>i>i>i>i>i>i>i>i ?i ?i7?i;?i=?iA?iY?i_?ie?ig?iy?i}?i?i?i?i?i?i?i?i?i?i?i?i@i!@i%@i+@i1@i?@iC@iE@i]@ia@ig@im@i@i@i@i@i@i@i@i@i@i@i@i@i Ai AiAiAi!Ai3Ai5Ai;Ai?AiYAieAikAiwAi{AiAiAiAiAiAiAiAiAiAiAiBiBiBiBi#Bi)Bi/BiCBiSBiUBi[BiaBisBi}BiBiBiBiBiBiBiBiBiBiBiBiBiBiCiCiCi%Ci'Ci3Ci7Ci9CiOCiWCiiCiCiCiCiCiCiCiCiCiCiCiCiCiCiCiCiCi Di DiDi#Di)Di;Di?DiEDiKDiQDiSDiYDieDioDiDiDiDiDiDiDiDiDiDiDiDiDiDiEiEiEi+Ei1EiAEiIEiSEiUEiaEiwEi}EiEiEiEiEiEiEiEc@s,eZdZdZdZdZdZddZddZdS)_WinKeyNcCs&||_||_tdkrt|_nt|_dS)z :param key_handle: A CNG BCRYPT_KEY_HANDLE value (Vista and newer) or an HCRYPTKEY (XP and 2003) from loading/importing the key :param asn1: An asn1crypto object for the concrete type rAN) key_handleasn1_backendrB_librLselfrrrI/opt/nydus/tmp/pip-target-53d1vnqk/lib/python/oscrypto/_win/asymmetric.py__init__s z_WinKey.__init__cCsb|jr:tdkr|j|j}n|j|j}t|d|_|jrXtdkrXt|jd|_d|_dS)NrA)rrrCryptDestroyKeyBCryptDestroyKeyrDcontext_handlerF)rresrrr__del__s z_WinKey.__del__) __name__ __module__ __qualname__rr ex_key_handlerrrrrrrrvs rc@s4eZdZdZdZddZeddZeddZdS) rXzM Container for the OS crypto library representation of a private key NcCst|||dS)z :param key_handle: A CNG BCRYPT_KEY_HANDLE value (Vista and newer) or an HCRYPTKEY (XP and 2003) from loading/importing the key :param asn1: An asn1crypto.keys.PrivateKeyInfo object Nrrrrrrrs zPrivateKey.__init__cCstdkr|jdkr2t|j}tdt||j|_q|jdkr|jdd}tt d|dt t |dj |jd j j |d j d }t||_q|jd j }tt d d it|d|ddd }t||_n t|j|j|j\}}t||_|jS)z\ :return: A PublicKey object corresponding to this private key. rAecNdsaprivate_key_algorithm parameters algorithmrg private_keypr public_keyrrsamoduluspublic_exponentrr)rr(_pure_python_ec_compute_public_key_pointrrYrIcurve _public_keyrrr powr&parsedrVr_bcrypt_key_handle_to_asn1bit_sizer)rZ pub_pointparamsZpub_asn1r_rrrrsB        zPrivateKey.public_keycCs|jdkrt|jt|_|jS)aY Creates a fingerprint that can be compared with a public key to see if the two form a pair. This fingerprint is not compatible with fingerprints generated by any other software. :return: A byte string that is a sha256 hash of selected components (based on the key type) N)rrrUrrrr fingerprints zPrivateKey.fingerprint) rrr__doc__rrpropertyrrrrrrrXs  0c@seZdZdZddZdS)rYzL Container for the OS crypto library representation of a public key cCst|||dS)z :param key_handle: A CNG BCRYPT_KEY_HANDLE value (Vista and newer) or an HCRYPTKEY (XP and 2003) from loading/importing the key :param asn1: An asn1crypto.keys.PublicKeyInfo object Nrrrrrrs zPublicKey.__init__N)rrrrrrrrrrYsc@s8eZdZdZdZdZddZeddZeddZ dS) rzM Container for the OS crypto library representation of a certificate NcCst|||dS)z :param key_handle: A CNG BCRYPT_KEY_HANDLE value (Vista and newer) or an HCRYPTKEY (XP and 2003) from loading/importing the certificate :param asn1: An asn1crypto.x509.Certificate object Nrrrrrrs zCertificate.__init__cCs$|jdkrt|jdd|_|jS)zh :return: The PublicKey object for the public key this certificate contains Ntbs_certificatesubject_public_key_info)rrVrrrrrrs zCertificate.public_keycCs|jdkrd|_|jjtddgkr|jdj}|jdj}|dkrJt}n8|dkrXt}n*|dkrft}n|d krtt }nt t d |z*|||jd j |jd  |d |_Wntk rYnX|jS)zT :return: A boolean - if the certificate is self-signed NFyesmaybeZsignature_algorithmZrsassa_pkcs1v15 rsassa_pssrZecdsaz Unable to verify the signature of the certificate since it uses the unsupported algorithm %s Zsignature_valuerT) _self_signedr self_signedsetsignature_algo hash_algor_rarQrKOSErrorrr&dumpr4)rrrZ verify_funcrrrr*s8      zCertificate.self_signed) rrrrrrrrrrrrrrr s  cCs(|tdddgkr$ttdt||dkrT|tddddgkrttd t|n|dkrtd ksltd kr|dkrttd t|q|tdddgkrttd t|n,|dkr|tdddgkrttdt|td kr|dkrt|\}}td|td|fSt ||St |||SdS)aB Generates a public/private key pair :param algorithm: The key algorithm - "rsa", "dsa" or "ec" :param bit_size: An integer - used for "rsa" and "dsa". For "rsa" the value maye be 1024, 2048, 3072 or 4096. For "dsa" the value may be 1024, plus 2048 or 3072 if on Windows 8 or newer. :param curve: A unicode string - used for "ec" keys. Valid values include "secp256r1", "secp384r1" and "secp521r1". :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A 2-element tuple of (PublicKey, PrivateKey). The contents of each key may be saved by calling .asn1.dump(). rrrzM algorithm must be one of "rsa", "dsa", "ec", not %s i zX bit_size must be one of 1024, 2048, 3072, 4096, not %s rrAzG bit_size must be 1024, not %s zZ bit_size must be one of 1024, 2048, 3072, not %s secp256r1 secp384r1 secp521r1zd curve must be one of "secp256r1", "secp384r1", "secp521r1", not %s N) r ValueErrorrrepr_win_version_infor_pure_python_ec_generate_pairrYrX_advapi32_generate_pair_bcrypt_generate_pair)rrrZpub_infoZ priv_inforrrrRWsF    cCs>|dkrd}nd}ttd}t|ttjdt|}t|t|}t|}t|ttjd||}t|t t||}t |} t t| } t ||| d} |dkrt || | \} } n~ttd}t|ttjdt|}t|t|}t|}t|ttjd||}t|t ||| d}t||| \} } | | fS)ao Accepts an key handle and exports it to ASN.1 :param algorithm: The key algorithm - "rsa" or "dsa" :param bit_size: An integer - only used when algorithm is "rsa" :param key_handle: The handle to export :return: A 2-element tuple of asn1crypto.keys.PrivateKeyInfo and asn1crypto.keys.PublicKeyInfo r RSABLOBHEADER DSSBLOBHEADERDWORD *rN)r'rBZCryptExportKeyr(rCPRIVATEKEYBLOBrDr%r r-r.r*r# _advapi32_interpret_rsa_key_blob PUBLICKEYBLOB _advapi32_interpret_dsa_key_blob)rrr struct_typeout_lenr buffer_lengthbuffer_blob_struct_pointer blob_struct struct_size private_blob public_info private_infopublic_out_lenpublic_buffer_length public_buffer public_blobrrr_advapi32_key_handle_to_asn1sl    rc Cs|dkrtj}tj}n tj}tj}d}d}zht|dd}t td}|d>tj B}t ||||}t |t |}t|||\} } t| t| fWS|rt||rt|XdS)a Generates a public/private key pair using CryptoAPI :param algorithm: The key algorithm - "rsa" or "dsa" :param bit_size: An integer - used for "rsa" and "dsa". For "rsa" the value maye be 1024, 2048, 3072 or 4096. For "dsa" the value may be 1024. :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A 2-element tuple of (PublicKey, PrivateKey). The contents of each key may be saved by calling .asn1.dump(). rNFZ verify_only HCRYPTKEY *)rCMS_ENH_RSA_AES_PROV CALG_RSA_SIGNMS_ENH_DSS_DH_PROV CALG_DSS_SIGNrFrBrrEr'ZCRYPT_EXPORTABLEZ CryptGenKeyrDr.rrVrU) rrprovider algorithm_idrrkey_handle_pointerflagsrrrrrrrs(  rc Cs |dkrd}tj}tj}n8|dkrB|dkr0d}nd}tj}tj}nd}tj}tj}ttd}t |t |t d |d }t |t |}t |} t |t || ||d }t |tt|| } t| } tt| } t| || d } |dkrtd | | }n@|dkr(|dkrtd d | | }ntd d | | }n td | | }ttd}t |t |t d |d }t |t |}t |}t |t ||||d }t |tt||}t|}tt|} t||| d }|dkrtd||}n@|dkr |dkrtdd ||}ntdd ||}n td||}||fS)au Accepts an key handle and exports it to ASN.1 :param algorithm: The key algorithm - "rsa", "dsa" or "ec" :param bit_size: An integer - only used when algorithm is "dsa" :param key_handle: The handle to export :return: A 2-element tuple of asn1crypto.keys.PrivateKeyInfo and asn1crypto.keys.PublicKeyInfo rBCRYPT_RSAKEY_BLOBrrBCRYPT_DSA_KEY_BLOB_V2BCRYPT_DSA_KEY_BLOBBCRYPT_ECCKEY_BLOBULONG *rNprivaterr@public)rMBCRYPT_RSAFULLPRIVATE_BLOBBCRYPT_RSAPUBLIC_BLOBBCRYPT_DSA_PRIVATE_BLOBBCRYPT_DSA_PUBLIC_BLOBBCRYPT_ECCPRIVATE_BLOBBCRYPT_ECCPUBLIC_BLOBr'rLZBCryptExportKeyr(rDr%r r-r.r*r#_bcrypt_interpret_rsa_key_blob_bcrypt_interpret_dsa_key_blob_bcrypt_interpret_ec_key_blob)rrrrZprivate_blob_typeZpublic_blob_typeZprivate_out_lenrZprivate_buffer_lengthZprivate_bufferZprivate_blob_struct_pointerZprivate_blob_structrrrrrrZpublic_blob_struct_pointerZpublic_blob_structrrrrrr3s               rc Cs|dkrtj}n6|dkr tj}n&tjtjtjd|}dddd|}d}zZt|}t td}t |||d }t |t |}t |d }t |t|||\}} W5|rt|Xt|t| fS) aL Generates a public/private key pair using CNG :param algorithm: The key algorithm - "rsa", "dsa" or "ec" :param bit_size: An integer - used for "rsa" and "dsa". For "rsa" the value maye be 1024, 2048, 3072 or 4096. For "dsa" the value may be 1024, plus 2048 or 3072 if on Windows 8 or newer. :param curve: A unicode string - used for "ec" keys. Valid values include "secp256r1", "secp384r1" and "secp521r1". :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A 2-element tuple of (PublicKey, PrivateKey). The contents of each key may be saved by calling .asn1.dump(). rrrrrirNBCRYPT_KEY_HANDLE *r)rMBCRYPT_RSA_ALGORITHMBCRYPT_DSA_ALGORITHMBCRYPT_ECDSA_P256_ALGORITHMBCRYPT_ECDSA_P384_ALGORITHMBCRYPT_ECDSA_P521_ALGORITHMrLrrNr'ZBCryptGenerateKeyPairrDr.ZBCryptFinalizeKeyPairrrVrU) rrr alg_constantr alg_handlerrrrrrrrs:   rc Cs|t|tsttdt||dkr,td|dkrr?r@rArBr=public_key_inforsa_private_keyprivate_key_inforrrrjs\  rc Csd}|d}|}||}||}|}t|d|ddd} t|||ddd} t|||ddd} t||||ddd} t||||ddd} ttdt| | | ddt| d }tdtdt| | | ddt| d }||fS) a Takes a CryptoAPI DSS private key blob and converts it into the ASN.1 structures for the public and private keys :param bit_size: The integer bit size of the key :param public_blob: A byte string of the binary data after the public key header :param private_blob: A byte string of the binary data after the private key header :return: A 2-element tuple of (asn1crypto.keys.PublicKeyInfo, asn1crypto.keys.PrivateKeyInfo) rrNr9rrr-rrrrC)rrrr r rr)rrrrGrHq_offsetg_offsetZx_offsetZy_offsetrr-rr8yrOrQrrrrsF  rc Cshtt|j}tt|j}|}t|d|}t||||}|dkrhttddit||ddS|dkrRtt|j}tt|j } ||} | |} | | } | | } | | }||}t|| | }t|| | }t|| | }t|| |}t|||}t||||}t d||||||||d }t dt ddi|d St td t|d S) a Take a CNG BCRYPT_RSAFULLPRIVATE_BLOB and converts it into an ASN.1 structure :param key_type: A unicode string of "private" or "public" :param blob_struct: An instance of BCRYPT_RSAKEY_BLOB :param blob: A byte string of the binary data contained after the struct :return: An asn1crypto.keys.PrivateKeyInfo or asn1crypto.keys.PublicKeyInfo object, based on the key_type param rr rrrrrr:r;rCM key_type must be one of "public", "private", not %s N)r&int cbPublicExp cbModulusrrrrcbPrime1cbPrime2rrrrrr)key_typerrFZpublic_exponent_byte_lengthZmodulus_byte_lengthZmodulus_offsetrrZprime1_byte_lengthZprime2_byte_lengthrIrJrKrLrMrNr>r?r@rArBr=rPrrrrsl       rc Cstt|j}|dkrZttt|j}|}||}||}t|d|} t|||} n|dkrtt|j} tt|j} | } | | }||}||}||}t|| |}t|||} t|||} ntdt ||dkr"t|||}t t dt | || ddt |d S|d krjt||||}tdtdt | || ddt |d Sttd t |d S)an Take a CNG BCRYPT_DSA_KEY_BLOB or BCRYPT_DSA_KEY_BLOB_V2 and converts it into an ASN.1 structure :param key_type: A unicode string of "private" or "public" :param version: An integer - 1 or 2, indicating the blob is BCRYPT_DSA_KEY_BLOB or BCRYPT_DSA_KEY_BLOB_V2 :param blob_struct: An instance of BCRYPT_DSA_KEY_BLOB or BCRYPT_DSA_KEY_BLOB_V2 :param blob: A byte string of the binary data contained after the struct :return: An asn1crypto.keys.PrivateKeyInfo or asn1crypto.keys.PublicKeyInfo object, based on the key_type param r@rrzversion must be 1 or 2, not %sr rrSrrrrCrWN)r&rXcbKeyrr7r- cbSeedLength cbGroupSizerrrrr r rrr)r]r<rrFkey_byte_lengthr-rUZ public_offsetZprivate_offsetrrZseed_byte_lengthZgroup_byte_lengthrTp_offsetr rrrrrCsf     rc Cstt|j}tt|j}tjdtjdtjdtjdtj dtj di|}d|d|d}|dkrt t dt d |d d |d S|d krt||d|d}tdtdt d |d d td||ddSttdt|dS)a Take a CNG BCRYPT_ECCKEY_BLOB and converts it into an ASN.1 structure :param key_type: A unicode string of "private" or "public" :param blob_struct: An instance of BCRYPT_ECCKEY_BLOB :param blob: A byte string of the binary data contained after the struct :return: An asn1crypto.keys.PrivateKeyInfo or asn1crypto.keys.PublicKeyInfo object, based on the key_type param rrrrrr rnamed)namevaluerrrrbZ ecPrivkeyVer1)r<rrrCrWN)r&rXdwMagicr^rMBCRYPT_ECDSA_PRIVATE_P256_MAGICBCRYPT_ECDSA_PRIVATE_P384_MAGICBCRYPT_ECDSA_PRIVATE_P521_MAGICBCRYPT_ECDSA_PUBLIC_P256_MAGICBCRYPT_ECDSA_PUBLIC_P384_MAGICBCRYPT_ECDSA_PUBLIC_P521_MAGICrrr rrrr rrr)r]rrFmagicrarr rrrrrsd    rc Csnt|tr|}nTt|tr$t|}n@t|trRt|d}t|}W5QRXnttdt |t |t S)a Loads an x509 certificate into a Certificate object :param source: A byte string of file contents or a unicode string filename :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A Certificate object r*z source must be a byte string, unicode string or asn1crypto.x509.Certificate object, not %s ) r"Asn1Certificater7rr6openreadr#rr5 _load_keyr)sourceZ certificatefrrrrSs     cCs|}t|tr|dd}|j}d}|dkrj|j\}}|dkrJttd|tddd gkrttd nt|d kr|jdkrttd nT|j d krt dkst dkrttd|j |j n |j dkr|jdkrttdt dkr|dkr|d|St |||St||||S)a Loads a certificate, public key or private key into a Certificate, PublicKey or PrivateKey object :param key_object: An asn1crypto.x509.Certificate, asn1crypto.keys.PublicKeyInfo or asn1crypto.keys.PrivateKeyInfo object :param container: The class of the object to hold the key_handle :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type oscrypto.errors.AsymmetricKeyError - when the key is incompatible with the OS crypto library OSError - when an error is returned by the OS crypto library :return: A PrivateKey, PublicKey or Certificate object, based on container rrNrrdzR Windows only supports EC keys using named curves rrrz Windows only supports EC keys using the named curves secp256r1, secp384r1 and secp521r1 rz The DSA key does not contain the necessary p, q and g parameters and can not be used rrrAz Windows XP, 2003, Vista, 7 and Server 2008 only support DSA keys based on SHA1 (1024 bits or less) - this key is based on %s and is %s bits rsha1a Windows only supports 2048 bit DSA keys based on SHA2 - this key is 2048 bits and based on SHA1, a non-standard combination that is usually generated by old versions of OpenSSL )r"rorrr2rrrr3rrrupper_advapi32_load_key_bcrypt_load_key) key_object containerkey_infoalgo curve_nameZ curve_typerrrrr sF        rrcCsLt|trdnd}|j}|dkr$d}|dks4|dkrr?r@rArBr=Z DSSPUBKEYrrrrRrr-rZDSSSEEDl)rCrrrZ CALG_RSA_KEYXrr+rBr.ZbTypeZCUR_BLOB_VERSIONZbVersionreservedZaiKeyAlgZpublickeystrucrZbitlenrZRSA1rnr&rErZRSA2rDZDSS1ZDSS2Z dsspubkeycounterr,)r{r]r|r~ blob_typerrZblob_header_pointerZ blob_headerrrrrGrHZpubkey_pointerZpubkeyZparsed_key_infoZ blob_datarZkey_dataZdssseed_pointerZdssseedrrrrs|       "  """"""   "     rc+ Csfd}d}t|trdnd}|j}|dkr,d}z"|dkrB|jdn|}tjtjtjtj tj d|} t | }|dkr|dkrtj } tj } |d j} d } d }nztj} tj} |d j} t| d j}t| d j}t| dj}t| dj}t| dj}t| dj}t|} t|}t| dj}t| dj}ttd}t|}| |_|j|_t||_t||_| |_||_t|||}|dkr |||7}|t|| 7}|t||7}|t|| 7}|t|t|7}n2|dkr|dkrtj } |d jj}|dd}n0tj!} t"|d j}t|d jj}|dd}t|}t|dj}t|dj}t|dj} |jdkrt| }!nd}!t#t|t|t|}"t||"}t||"}t||"}t| |!} d}#d|!}$|jdkrx|dkrtj$} ntj%} ttd }t|}| |_&|"|_'tj(|_)tj*|_+|!|_,|!|_-t.|#|_/t|}||$| |||7}|dkr|t||!7}n|dkrtj0} ntj1} ttd!}t|}| |_&|"|_'t.|#|_/t.|$|_2t.| |_3t||||}|dkr |t||!7}n|dkr |dkr(tj4} |d 5\}%}&nDtj6} |d jd }|rP|5\}%}&nd }%d }&t|d jd j}ttd"}t|}tj7tj8tj9tj:tj;tj|t?| |)|t|tj@}*tA|*t|)}|||WS|r`t|XdS))a Loads a certificate, public key or private key into a Certificate, PublicKey or PrivateKey object via CNG :param key_object: An asn1crypto.x509.Certificate, asn1crypto.keys.PublicKeyInfo or asn1crypto.keys.PrivateKeyInfo object :param key_info: An asn1crypto.keys.PublicKeyInfo or asn1crypto.keys.PrivateKeyInfo object :param container: The class of the object to hold the key_handle :param curve_name: None or a unicode string of the curve name for an EC key :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type oscrypto.errors.AsymmetricKeyError - when the key is incompatible with the OS crypto library OSError - when an error is returned by the OS crypto library :return: A PrivateKey, PublicKey or Certificate object, based on container Nr rrrrr@)rrrrrrrrr>r?r@rArBr=rrrrrrrrrr-rrRsrrr))r r)r r)r r)rr)rr)rr 0Brr)Br"rrrOrrMrrrrrrNr ZBCRYPT_RSAPUBLIC_MAGICrr ZBCRYPT_RSAFULLPRIVATE_MAGICrr&rr+rLr.ZMagicrZ BitLengthrYrZr[r\r,r1r r rmaxZBCRYPT_DSA_PUBLIC_MAGIC_V2ZBCRYPT_DSA_PRIVATE_MAGIC_V2rgr^ZDSA_HASH_ALGORITHM_SHA256Z hashAlgorithmZ DSA_FIPS186_3ZstandardVersionr_r`r"ZCountZBCRYPT_DSA_PUBLIC_MAGICZBCRYPT_DSA_PRIVATE_MAGICZSeedr-rZ to_coordsrrkrlrmrhrirjr'ZBCryptImportKeyPairr(ZBCRYPT_NO_KEY_VALIDATIONrD)+ryr{rzr}rrr]r|Z alg_selectorrrrnZ parsed_keyZ prime1_sizeZ prime2_sizer>r?r@rArBr=rrrrrFrrZ private_bytesZ public_bytesrrr-Zq_lenZ key_widthcountseedr8rVZx_bytesZy_bytesrrrrrrxs:                                      rxc Cst|tr|}n|dk rHt|tr,|d}t|tsHttdt|t|trrt|d}| }W5QRXnt|tsttdt|t ||}t |t S)a Loads a private key into a PrivateKey object :param source: A byte string of file contents, a unicode string filename or an asn1crypto.keys.PrivateKeyInfo object :param password: A byte or unicode string to decrypt the private key file. Unicode strings will be encoded using UTF-8. Not used is the source is a PrivateKeyInfo object. :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type oscrypto.errors.AsymmetricKeyError - when the private key is incompatible with the OS crypto library OSError - when an error is returned by the OS crypto library :return: A PrivateKey object Nutf-8zP password must be a byte string, not %s r*z source must be a byte string, unicode string or asn1crypto.keys.PrivateKeyInfo object, not %s ) r"rr6encoder7r#rr5rprqrrrrX)rspasswordZprivate_objectrtrrrrUs(        c Csnt|tr|}nTt|tr$t|}n@t|trRt|d}t|}W5QRXnttdt |t |t S)a3 Loads a public key into a PublicKey object :param source: A byte string of file contents, a unicode string filename or an asn1crypto.keys.PublicKeyInfo object :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type oscrypto.errors.AsymmetricKeyError - when the public key is incompatible with the OS crypto library OSError - when an error is returned by the OS crypto library :return: A PublicKey object r*z source must be a byte string, unicode string or asn1crypto.keys.PublicKeyInfo object, not %s ) r"rr7rr6rprqr#rr5rrrY)rsrrtrrrrV9s     cCs t||tS)a Parses a PKCS#12 ANS.1 DER-encoded structure and extracts certs and keys :param data: A byte string of a DER-encoded PKCS#12 file :param password: A byte string of the password to any encrypted data :raises: ValueError - when any of the parameters are of the wrong type or value OSError - when an error is returned by one of the OS decryption functions :return: A three-element tuple of: 1. An asn1crypto.keys.PrivateKeyInfo object 2. An asn1crypto.x509.Certificate object 3. A list of zero or more asn1crypto.x509.Certificate objects that are "extra" certificates, possibly intermediates from the cert chain )rrU)datarrrrrWasc Cs|dk r8t|tr|d}t|ts8ttdt|t|trbt|d}|}W5QRXnt|ts~ttdt|t ||\}}}d}d}|rt |t }|rt |j t }dd|D}|||fS)a Loads a .p12 or .pfx file into a PrivateKey object and one or more Certificates objects :param source: A byte string of file contents or a unicode string filename :param password: A byte or unicode string to decrypt the PKCS12 file. Unicode strings will be encoded using UTF-8. :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type oscrypto.errors.AsymmetricKeyError - when a contained key is incompatible with the OS crypto library OSError - when an error is returned by the OS crypto library :return: A three-element tuple containing (PrivateKey, Certificate, [Certificate, ...]) NrzH password must be a byte string, not %s r*zR source must be a byte string or a unicode string, not %s cSsg|]}t|jtqSr)rrrr).0inforrr szload_pkcs12..)r"r6rr7r#rr5rprqrWrrrXrr) rsrrtr{Z cert_infoZextra_certs_infokeycertZ extra_certsrrrrTzs2        cCs |jdkrtdt||||S)a Verifies an RSASSA-PKCS-v1.5 signature. When the hash_algorithm is "raw", the operation is identical to RSA public key decryption. That is: the data is not hashed and no ASN.1 structure with an algorithm identifier of the hash algorithm is placed in the encrypted byte string. :param certificate_or_public_key: A Certificate or PublicKey instance to verify the signature with :param signature: A byte string of the signature to verify :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw" :raises: oscrypto.errors.SignatureError - when the signature is determined to be invalid ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library r*The key specified is not an RSA public keyrr_verifycertificate_or_public_key signaturerhash_algorithmrrrr_s cCs0|j}|dkr|dkrtdt||||ddS)a Verifies an RSASSA-PSS signature. For the PSS padding the mask gen algorithm will be mgf1 using the same hash algorithm as the signature. The salt length with be the length of the hash algorithm, and the trailer field with be the standard 0xBC byte. :param certificate_or_public_key: A Certificate or PublicKey instance to verify the signature with :param signature: A byte string of the signature to verify :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384" or "sha512" :raises: oscrypto.errors.SignatureError - when the signature is determined to be invalid ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library rrrTrsa_pss_paddingr)rrrrcp_algrrrrascCs |jdkrtdt||||S)a Verifies a DSA signature :param certificate_or_public_key: A Certificate or PublicKey instance to verify the signature with :param signature: A byte string of the signature to verify :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384" or "sha512" :raises: oscrypto.errors.SignatureError - when the signature is determined to be invalid ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library rz)The key specified is not a DSA public keyrrrrrrQs cCs |jdkrtdt||||S)a Verifies an ECDSA signature :param certificate_or_public_key: A Certificate or PublicKey instance to verify the signature with :param signature: A byte string of the signature to verify :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384" or "sha512" :raises: oscrypto.errors.SignatureError - when the signature is determined to be invalid ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library rz)The key specified is not an EC public keyrrrrrrK s Fc Cs\t|ttfs ttdt|t|tsr4r=r(r?rrBCryptDestroyHashrCCALG_MD5 CALG_SHA1 CALG_SHA_256 CALG_SHA_384 CALG_SHA_512r'CryptCreateHashrr(rDr. CryptHashDatarr loadto_p1363 OverflowErrorr#ZCryptVerifySignatureWr)rrrrrr| algo_is_rsa hash_lengthZdecrypted_signatureZkey_sizeZpadded_plaintext plaintext hash_handlealg_idhash_handle_pointerrhalf_lenZreversed_signaturerrrr s          rc Csz|dkr|}n0tjtjtjtjtjd|}tt||}t }d}|j } | dkp\| dk} | r|rtj }t t d} t| } t|} tt d| | _t|| _n@tj}t t d} t| } |dkrt | _nt|} tt d| | _tt d | }n8zt|}Wn$tttfk r$td YnXt |j||t||t||}|tjk}|p^|tjk}|rntd t |d S) a0 Verifies an RSA, DSA or ECDSA signature via CNG :param certificate_or_public_key: A Certificate or PublicKey instance to verify the signature with :param signature: A byte string of the signature to verify :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw" :param rsa_pss_padding: If PSS padding should be used for RSA keys :raises: oscrypto.errors.SignatureError - when the signature is determined to be invalid ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library rrrrrBCRYPT_PSS_PADDING_INFO wchar_t *BCRYPT_PKCS1_PADDING_INFOvoid *rN)!rMBCRYPT_MD5_ALGORITHMBCRYPT_SHA1_ALGORITHMBCRYPT_SHA256_ALGORITHMBCRYPT_SHA384_ALGORITHMBCRYPT_SHA512_ALGORITHMgetattrhashlibdigestr(rBCRYPT_PAD_PSSr+rLr.r!r$pszAlgIdrcbSaltBCRYPT_PAD_PKCS1r rrrrr#r4ZBCryptVerifySignaturerZSTATUS_INVALID_SIGNATUREZSTATUS_INVALID_PARAMETERrD)rrrrrr hash_constant padding_inforrrpadding_info_struct_pointerpadding_info_struct hash_bufferrZfailurerrrr sb     rcCs|jdkrtdt|||S)aL Generates an RSASSA-PKCS-v1.5 signature. When the hash_algorithm is "raw", the operation is identical to RSA private key encryption. That is: the data is not hashed and no ASN.1 structure with an algorithm identifier of the hash algorithm is placed in the encrypted byte string. :param private_key: The PrivateKey to generate the signature with :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw" :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the signature r+The key specified is not an RSA private keyrr_signrrrrrrr^^ s cCs.|j}|dkr|dkrtdt|||ddS)a$ Generates an RSASSA-PSS signature. For the PSS padding the mask gen algorithm will be mgf1 using the same hash algorithm as the signature. The salt length with be the length of the hash algorithm, and the trailer field with be the standard 0xBC byte. :param private_key: The PrivateKey to generate the signature with :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384" or "sha512" :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the signature rrrTrr)rrrpkey_algrrrr` scCs|jdkrtdt|||S)a7 Generates a DSA signature :param private_key: The PrivateKey to generate the signature with :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384" or "sha512" :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the signature rz*The key specified is not a DSA private keyrrrrrrP s cCs|jdkrtdt|||S)a: Generates an ECDSA signature :param private_key: The PrivateKey to generate the signature with :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384" or "sha512" :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the signature rz*The key specified is not an EC private keyrrrrrrJ s cCs8t|tsttdt|t|ts8ttdt||j}|dkpL|dk}tddddd g}|jdkr||s||td gO}||krd }|r|s|d 7}ttd |t ||s|dk rttd| |d krt ||j dkrttd|j t |t dkr*|jdkrt|||St||||St||||S)a Generates an RSA, DSA or ECDSA signature :param private_key: The PrivateKey to generate the signature with :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw" :param rsa_pss_padding: If PSS padding should be used for RSA keys :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the signature zO private_key must be an instance of PrivateKey, not %s rrrrrurrrrrrrFrrez data must be 11 bytes shorter than the key size when hash_algorithm is "raw" - key size is %s bytes, but data is %s bytes long rAr)r"rXr#rr5r7rrrrrvrr(r_pure_python_ecdsa_sign_advapi32_sign _bcrypt_sign)rrrrr pkey_is_rsarrrrrr sR      rc Cs|j}|dkp|dk}|r8|dkr8t|j|}t||S|rr|rrdddddd |d }t|||j|}t||S|jd kr|d krttd d}z&t j t j t jt jt jd|} tt d} t |j| td | } t| t| }t ||t|d } t| tt d} t |t jtd t| } t| t| } t| }t |t jtd || } t| t|t| }|ddd}|d krt|d}||d|d|}t| }|WS|rt |XdS)a Generates an RSA, DSA or ECDSA signature via CryptoAPI :param private_key: The PrivateKey to generate the signature with :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw" :param rsa_pss_padding: If PSS padding should be used for RSA keys :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the signature rrrrRrrrrrrrrzO Windows does not support md5 signatures with DSA keys Nrrrr9r)!rr9r(r;rr:rrrrBrrCrrrrrr'rrr(rDr.rrZCryptSignHashWZ AT_SIGNATUREr%r r#r from_p1363r)rrrrr|rZ padded_datarrrrrrrrrrrrrr0 s        rc Cs|dkr|}n0tjtjtjtjtjd|}tt||}t }d}|j }|dkp\|dk} | r|rdddd d d|} tj }t t d } t| } t|} tt d | | _| | _n@tj}t t d } t| } |dkrt | _nt|} tt d | | _tt d| }|dkr0|jdkr0|tddgkr0ttdtt d}t |j||t|t d||}t|t|}t|}| rtt d| }t |j||t|||||}t|t|t|}| st !|"}|S)a Generates an RSA, DSA or ECDSA signature via CNG :param private_key: The PrivateKey to generate the signature with :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw" :param rsa_pss_padding: If PSS padding should be used for RSA keys :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the signature rrrrrrrRrrrrrrrrrrruz~ Windows does not support sha1 signatures with DSA keys based on sha224, sha256 or sha512 r)#rMrrrrrrrrr(rrr+rLr.r!r$rrrrrrrr'ZBCryptSignHashrrrDr%r r#r rr)rrrrrrrrrrrrrrrr buffer_lenr)rrrrr s    (    rcCsxt|ttfs ttdt|t|tsutilr?getwindowsversionZ_gwvrrZ _advapi32rBrCrDrErFZ_ecdsarGrrHrrIrJrrKrZ_cngrLrMrNrO__all__r&rrXrYrRrrrrr.r'rrrrrrSrrrwrrxrUrVrWrTr_rarQrrrr^r`rPrrrrrrrrrr]r\r[rZrrrrsD, H     ,WLP X4 e@ d . G = U [ G & P Wg i8 (= " "  bnY ! !  Xzy49H3+H