ÿØÿà JFIF    ÿÛ „ !.%+&8&+/1555$;@;4?.451 4,$,44444444444414444444444444444444444444444444444444ÿÀ  á á" ÿÄ     ÿÄ ?    !1AQaq"2‘¡±ÁðBRbrÑá#‚’¢²3S CñÿÄ   ÿÄ !    !1QAa‘2ÿÚ   ? 5˜Z¯V¦cø)›t/? z¨±>Õ5€¶‹Á¤·¼z¼Ü¬+ñ®v¤¨_ˆR­BFn©—˜ý®ç̝P8gýt·ÉSTŦˆìät?þé¼íìN/Þa)ì–í6ô… Ï¿øÃj´¿KÇü]ÿ ªô¹-eKànëÕHTx}ýSÜ›ÿ ”7Ø×&µ<¦  ¥ÑO¶[Ù¯ä¨ÞÃÿ PZ-¬;#õ|•oaÿ ©CìÞz3˜öː/¤­ñTûIØ}š^ mÓ%ªxˆ¥ÉŸu=Z+ISe¿45™¼u;ú&WØ÷€æßQ™®{|íx*TC“#ZŠìZ§²‹ 6pv…³¿¡äª*áZÐ%ÒOáˆo"x«OHk w±æ+¬V(kMúŸ5Vö«$ ÁrÏbàb57/luR ¸ÑÛj Òµì`Ðœq­û žICÀÊ•©4€Âcà¨Ï€O´<èÐ:›ù(Ë^L8þ‘ÍÌ#¸Ð_Ì©ÙK(Öz 4¬û+¸;ü’V’84‘¬ÃŽ:[â‡ÔÌáõp¢~§ªlæ£ö{®G>J¼"°‡7¯ÆÉèßû ‹É‹§ÁòÃýâßî ^ƾÙõ‹×óH#«LP½ïX=xÑÍ$|W?•~• îëÔ©ª‹ {ÝT…Kÿ ”hûâá)J*ö˜–ÔU;iÇ€/ ÆþjóZ\ýwØ=Ìm ºèËL9 ýèÆð/¨’¥öo=nË.%Îì ŽÕ¯È|{Oj²ƒE6e/ßdÄõ²Ìâ1O®ò×TsəԸhOMýíMˆ¿¼H˜l²,7Â¥#MF/Úf°Ö½± ¸–dr‹NýÊ íjqx{œÉ ä-È ¦ øÄër¨q°ð †nцýÑÄÆ’mä…n<0È™;ÁÝá¯ÁZƒ7FÀmì­ É&9ˆîéi¶ùN§Y• ÃZãAâ?•‡©‰ , ó¾IŸŠc1 4â&y­&pŠ­6;M À 0¹qç»p.á …ŸÅáK@%6·y6ƒ‰3?”úºŽ‰éX5ªPT §µ!=Mž«Ú½‹ÅgÂSâÉaþÓoö–¯ÁÔìR>5éÿ üs¶ÆUcÌ kÇR ]ÿ ù¬¼«VŽ;Â|‡~¢¦”ÏÅ°æ {L™Õ°Óv¹ò¸írŽ¡×¢CÃ!íVÕ {¶»sŒNPg/ "uÕbkm²“$ďå¿é¹§°½æz¯6 †s¿!s–wÚÝ“™Œ °.ûj>·+™Òa…©Œ&rÝÎtÛë긪Ît’LAVp%c Úý[ÄzJ¾ÇàXXç@˜ó<êL]·T˜¾¥1Ó©V‡g´æ½¦Ý@¹óø!_@´ÞâSÁ —S3™•& ]@JHÚý©ZŽ €×æÔr»Áf!‡yÞ4Mv*èÓã_{‘åóUuљØ«Oïé*®EvÑ Œ÷‡U \"㪒ÍK+À 4“M¡ï:0¥5í!'<@î´”>Ç»&Z–ïCCV˜Ì5Šo&îhè.žû |ÓK©h$s6KìŒëã)¹hI¦GïOåóI;ììü#É$Š0…Ææ¥TØ.5­¾gn´ “ÂÖ\:hœ89G)J@„}œ:’Ò{/Š"¦_Æ×7Æ3VÇŠÊa]ÚŒÙ€Ä–=®uÁßâACZƒ§§£ Qnâ:«,×{tyø¬iÛcœÜÄ€H½ÄÍCk´÷šß .W'b¤Íåh]÷€=,Žv×cÚEÚHXJX¶îo¨FÒtèöŸ>ªª6[J®Fµ£sGÁeqõfe\íjÒÐïÄÐGˆe1Ø‹.Ø”‘Ëuø Y­ˆÜ ŽG|zùªüMpDnQWÄ”%JŠ™)â*p@Örš«ÕT2Ð%ˆG#ª„ ·¤!°ŸOTÂT¸aÚ%4&h™LµšØüÐ.F¿²ÐÞ_Ç‚¾ÅÃaÜ÷09Æ q€öy˜v‡85õN÷]¬äѼóS{°_MŽ¬úÔ#°Ç¸0åÞè2ëôPcvÆw9®ií1Ä8F™˜à‰´+‰Ik1òÝ7“Ñ×ÒsÝ\x‚h`ÞÑ`ó"|µEcý£n˜h`}GÞ !±ù²Ápü²ß6 0ïi󜵩SÈÇ7˜-ÕURO˜¦´f$ªž-Í6(œ}<„ éc øs]ŽŽ„*—¾ ìdŽ„)méª\¿êÎIg¾ØÞ~I#C/¼¼´EÁÈŽi8“©õådô·>euä ƒ'Ê×लR1ÉJE1ÐAát`t;ÇР%Ý<‡¥„ÍÆ`×Oyó)õiI€ñQaŸ4Ûù\áàaÃÔ¹HÃu¹*k€¦<„e S‡&õÏ B!ŽhüÞ`yj}mªf×\¿ Ç~æ­9‡û\՞Ǖg²1Žû5V7 !àöšm° c`ܬøÇìµÒ'P"?…´Ö,"§^•õŽ¨sÔ)6˜sæéÍR¼ ò|Sl”‹7 nPW Gòú÷½§O¯‡„l¡kSÞŒr½PÊ@æ¢pŽ-mÿ #Ÿ˜Àº¶Áä¦;ïÔæ$1££`“Õ>„—·ž)ßð³ñ#Ï Ô$¶œ‰ÊE‹À;÷º ¯«P:Ñ”8–IÊtpÞ3ª“>ê“þës4ò2OÏÕ­±zô†Õ§‰.÷ä¸;¿˜“'œ›žª}«Œ{ª±Ì 9ÔóÞÕ‡0 $íWV3Üì¬ —@kÝ4@¿r¼±½¬™›?øØæ´'Áé®CË3-g$˜ö‡×auÚi´Žp/êÛ æF›Ú2v‹ã¿¿,nB1̨ƃqÞa5͝@&Æû“él÷ \C²½UÍc ¯k×¢U ÖéQå™—-r wô ÞÏ<Ò=&=ÿ Ôê Òêˈt,i—;LîÜ á¸*ÚÃ1$êL•LÍ <É)ýÐà’ ;F™{ƒ™˜€&'}‚ãÄK`¡ÞT@I;®žZóè‚s’7®°›+§O­Åq©é»²9<Ô J ¼9O’HL»Ùïì¸rk¼Ž_ý‘TŸu[²ßÚŒ·ü÷B%¯E ŸÔX5êO´ Ç•€’I0 ÉJX` ñ¹õ%;µŸD‘«´€àwÒ™U ûئžÖö\×®×´8 ½‡ºÐÆÓ§?Àkmœ=;d5*@-ì0F Rªýš[Ü6âö̃ڸr*KA9· u*µæ£?U¸Âêí†8@¦X4 e-ò„0s{ HâUpU?¼mñRa°®a%Ð'tÉ×’\¾ÊÉ]t›h>·(Ë@R¼¡Ãt h}’O÷au<+nT…Ö…MӐ??Óe95 q>í/;&JSû °¯ÊéÞ øƒ*Ã2½Ài&:nôUl=¾¿5eˆ3”ñc|Ú2V”>„»&eE;«ÚäC p¢Û úy 9š[ŒÌx¼擼A&DåÒ¯ˆ¤ÀÌ;"˜ ÏQä¸åhÊ}Ûq«Û0WžÒ|»€ø®öCm5•\ÇÀ§Pe3£]0ÃàLDÉ‰1øªxjgwT‚÷¿LΨK‹›ùs—xˆÜ±µ kæ¸f‰‰ÜGk/LÛØ6d9ò¶ùA{ƒA3š/¬D¬khÓk‰`˜"㯒r¿±Óã jx‡°e}<Ñø\3y:'À•/h½Í€Ç4~g ?Û(¼]v‘ªlKÎâ~?O‚W%{Ì:“'©úNq¾›úo(X’¥¯ˆ nFê{Ç€ü?º'ë ø‹ì Þ09ŒÌç9Æ —ËC`j@ÓÄ(+a‹un¸#ÂꟋ{K`‘ÑÍÍ'à´»/Û,KW;Þ4²þð ï Nm|~fGÏ(…³Ã)«1ö­Õ ¥‡¨©ƒÃ™ü-s=à=U66Ï«Ýc蓦W¹íž®›nÔ%êÇìŒ<#Ü×84ån®Ð ÒåOC` ñânÑs‡¢ç 1õ%Îhì½Ã½® e:ݼUZo™`  ÅZŸŒÊ«ê1ÏÄo$q¹Þ€©ˆhÐÉä¯ñ[!…Ú˜àJ:x2$Íß&PåT£6ç— ‡Í*4Ýšçjÿ ‰É nófÐ ó(L5C•åÆ\rMÒ@ò }y-W}™üýVù—ú¢=Ù”c®‘< M ž ´Phr ¦©TD ‘ù.$´÷O‡‘V2Æò.=IUŒ=ž‡â¬i™aþÓåÙ?òUø'ØÖ•.~* šTŒ!•-×áºTâ®ä#õü'´ eýlYÅÓeÕKÂrT"CÚ@u!Óxƒ{š3€}1¿(r}%«nËamjÑ%ÑNEò v ˜à  σöK³,*º.àzù¨™Ó ÚçâU¦*¿ 9{%Ö¹ njûdaXöb) kÛƱûÓ\°M7ˆÂ=û›ç¿Ã‚­V»Cg–8ÙêE- j)k$º`Ã-ùEýeBÆÇ]c¡°ñty&Òd0nõ'¡W+ƒ*|–øµFa\GQªEAÔp5\Ǽ·¼Ç8·õ -â§Ú[ ‡ uZeÖ 3}×d'+¹:ð+K†Û®s!Ï$úe€<Û”x)1»a­¡LC]¸µík…ÚàA»AYº{†ªS[¦5HÒ7ù --,ísòDØ€èk ÞÀîÜ ò@â( ËNˆë›4ô½•/¦o‡€Û7 ê•ÆêòðÜy'Án½µ á˜ݦ ndeo…[ì¶Ê,¥R³Ä=À±—–ß;£™´ñSâ*g§”ïaið‘Jå~™ÓÞ ß³Õ¢»8x埒²52>AÊb&-÷\7´éÄù€T˜,w;3{ï˜k…à¹ÄqÀ«œ{€\ ˆ¾[´¨јr &Úé„Ívˆ±8†¿]|¬ņ4I×pÞS1ÈÖz‰#Ìv‡G!YNògñ:màTz¢Ý1ô©^O=~ë|5Bã™ç•¼µõ•bÆ@úÕS¬ÈŒ#¬zünrŸ û” Z²•ï›èðV"ÁHÚý©wÝ €7¼Ìu1hÑa3Éä û f$o¿É ™Ú›ÝçnpÒ3äÌ3†Í§,Äï]$‰/pê †«À¼¸e9­Æê_C]žƒ·ý·frÁN«, E=›Çq -‰öŒ:aÏ¿±í&£Í:-} 84‘ÿ eƒQÑeëSsuiA ³g㟥ú£?ÿ ʼn*”“÷aühe:ÊWa@ÒÞk±eØ] F Ô—r.åä˜ @ö¥ªZoÐýYL·¥S²G/‡ñ <~*ZÆ´è>JlòàÛƽÿ 窘ìGN¢:I®KšJp/`íIÁÀõ#Ä-€ö­šµŒoF4|ÆQØÆ@Ì|£Ô…¢À{9˜è½Üó›€ôYÒÎYsið;ís¤€à²ˆ‚4qÉVŒI$ ‰"° æµ8cXGjœˏ¡Aâý•ËÜ¢ûï e·çLx']á"oÅÎê3¯Ç—¹”ó0nå‚âg{Œñ> S´˜îè°g238‚ãköÝfÚd´6Ò€;ò÷±¢™¼›º ¢Æ'¥Ðx'e¬ç ]bÈÆV¢ó‹kýBO ðÊâ$Ÿ!×T 3Mýמ žìٍàÌü‘8÷€àæØ8æ©6‰©L´«…oãpð„~Çk‰!ñ;‹”ÛžÍ àž±z Ÿôû øŸÝužÏ;ÿ #|u6™Þ¬ÚˆÐõA4¶â|ôl|Ê2ŽÇ¤ÝÅÇY.<#Aí.k§hóF‚”Y; M½Ö4hŸ4&›­¿tès´%FìL¥£Ãk‰ÇT¤haÁ¤ÚxfÉ`ÑìË›>i 3t‚:,–+^÷´–{Û–Nxi"x‘Ûg î¨>¥Õ܁ùZH,2Û“:8xÊ¢Çí9.É-Ìâã-=çjwµS˜dütžçwýGòú®®ûº_ˆýx$–¡ãøO EÚÛÏ÷R„×w+3£Á£öUMyR²¹âŒ°š›¸Ñãò9§Ó_Dl+Ùßc›úšGÅÌc†Ž!Ko=¶.‘Îÿ c²(2®V mª.ÿ ¹B›¹å ù„öŸSV>™ü¯$y:G¢Z×àøúdî¹û­·ýÇ´:•c LÍõi_‹ö+ÎæGÊè>OŠ•äž´§Þ{X}¨1ÚTc›»Qþ•êô°t¿OP?eæ~É{5]•ÙR£r5†nZ\ã@ &îJõ ¾àC°þV>fé¥/ü5ñÊIº_é5 ;e­h<@ Ä&æÃëE%;X,ÒãÆÞ`Oò¦kŸm#˜!ÀyÄ¢| óLšò¥Ä` ¶R=|ÈCâh5ò3DˆïF†ðÒ#ÅìÛœ?¸yhBãœí ZxßÎÄhºRK„`Þödvײ™ÀÈÑÒgŒuY w³%†ƒÓzõ ÖÏp‚dH®¦A´ù§»ÓÇMæ~)ˆð‡û:ù&Ä •vGD´À n ݇¼Ö8Fö óáà£~Ë¥x`oK|Ä?fxiØü%pìR>éò+Û±éÎ>núlFŤ'tq8LZÏvÃ?„¡ß±È⽆¯³íü@x|PöUäèØã¡ð‚ŒAìÏ"vÍwóŸÍ{ ý0.z È•Ö{,N¡£¡ŸKÕÙž>Ýœþ ÍÀ°<×EA!Å‚D™IúOÍ¡>ôG}Â` ÍßkÜL™Ž Þð™ {IøF²¹òQ3&!ÃÂÞz.d&Ï-sH¸,Ôõ˜ŽP€ 77ˆÝ¼ÊëÜw =cÕ Ú,ØÐ5ÎYÐ)ì´öœgŒ[¤ßv㙑8心>h]§µháYš£²ºÑ.{Ï7Sð•?´~×SÃKýJÛ˜ ™Íäiúu<µX¶1õ^kâçIÑ£sZ4h>j*ÔšD:4­¿_ ÷¸ Õxæÿ ¸?Mù _•­ÊÐ ä ÷ý ÑwL œ­ïnTkÛUÍN©ë:¦fV ¶ÜÔÜMªÅâA½–¿R×TXš-%iTÊT•‡Ù‚JôϐZxWÑè‰f‰òG º ×Õû2aZ7OU3[“×AT–ÞŒ…-‘¤”Ì ì&(ˆ¿­•ƒkï’:ðY¦W‘ Å)“†‘˜³Åtcø˜ñTÂwÚÇ4|üLÇªí–v- qˆèU qPE.†â‘˜µ Æ,ÐÅs]8¾„oúÑ i>ÜxxÈó)ƒ ´æÁâØ$À‰vžŸf$Ž |ãw;ÀÁIJ»b` {¦Ó¤Ú$©YÀ‘n@Óïž«9J¼êG m¤ ܯ¹ÌW4€ÐÒÅÛ‡#褕Ÿn-?í|с¥÷Ú¹¬'´ÞÜ9ÓK `hê£SÄSà?7—Wí_´…óB›»:=Ãïq`<8ñÓŒÑlú2d¬ê³£hÖ[l|$vÝro~'R®‰§°ñmY ͧäP |PUª¹·:3Œ[Û{Xÿ ºâ@‚W–Äé u‚ ¯´*=íή.pûÒdt @G‰¬ s¸ ëÉücr ÞæѨÊ@>¤¢Ö±. Þ'¯°ÌME[YéïĵÂCå½ Ué©Áû'Ê9%eÔðNU”ë‘ÌsD3/®+UI˜9h.WC”빓$#:pz:YÓ ¿xž* ³$Í +$kñAŠ‹†¢ Uê>¸)_š¬÷©ßAÂÔb9ÇU ¯¾á•9¯ÏÏ÷O÷¼¼Fähal1‰3Ì[Ïr•´UCksNÐ] R‘¸¥H+§Šé†c©vÖÞ0iÓ76s†î!§=ß ¼~Ô'°Ãmäoäš³ªøi1úÉ)³yV8 CLÄØÁ‘WYïi€H6ÖÑiámø^ÈY´°Ñ7¥Û*—Ñ©L«Qƒï—Ùrÿ ›£Ð*š¸ˆL©ˆ$ˆ ÷¾D§9È®«qbqC)–ˆïv´çñsÑVT­Ø, <àïºÀO«Jý·õ àfPìð .wFšir´þ’2_Y *Æ€x\« ì€9š@ Ž|F⇥ˆkZ@hÖÄ0t¿-<“‹qµ¾*ZL¤Ú)&BJpÓF5=$„at*Zš$’ÑtdûÝRI1 2Ž‰$€$I$#‰SÞ’Hë¬ï;Á$¡t$’`<(ñÇt)$‡Ð.Êf¢X’Kt=Éé$‚ˆªè¢oÝëòI%Rgcª÷ŠyI%¡‰ÿ !ñ)´õ $¤ Ô’IIGÿÙ  j;ddlmZmZmZmZddlZddlmZm Z m Z m Z m Z m Z ddlmZmZmZmZmZmZmZmZmZddlmZddlmZmZmZmZmZm Z m!Z!m"Z"m#Z#dd l$m%Z%m&Z&m'Z'm(Z(dd l)m*Z*m+Z+m,Z,dd l-m.Z.m/Z/m0Z0m1Z1dd l2m3Z3gd Z4GddeZ5GddeZ6GddeZd.dZ7dZ8dZ9dZ:d/dZ;dZd/dZ?dZ@dZAdZBd ZCd!ZDd"ZEd#ZFd$ZGd%ZHd&ZId'ZJd0d(ZKd)ZLd*ZMd+ZNd,ZOd0d-ZPy)1)unicode_literalsdivisionabsolute_importprint_functionN) Certificate DHParametersECDomainParametersPrivateKeyInfoPublicKeyAlgorithm PublicKeyInfo) _CertificateBase _fingerprint _parse_pkcs12_PrivateKeyBase_PublicKeyBase_unwrap_private_key_infoparse_certificate parse_private parse_public)pretty_message) buffer_from_bytesbuffer_pointerbytes_from_bufferderefis_nullnewnullunwrapwrite_to_buffer) libcryptoLibcryptoConstlibcrypto_version_infohandle_openssl_error)AsymmetricKeyErrorIncompleteAsymmetricKeyErrorSignatureError) type_namestr_clsbyte_cls int_types)constant_compare)rdsa_sign dsa_verify ecdsa_sign ecdsa_verify generate_pairload_certificate load_pkcs12load_private_keyload_public_key parse_pkcs12 PrivateKey PublicKeyrsa_oaep_decryptrsa_oaep_encryptrsa_pkcs1v15_decryptrsa_pkcs1v15_encryptrsa_pkcs1v15_signrsa_pkcs1v15_verify rsa_pss_signrsa_pss_verifycHeZdZdZdZdZdZdZedZ edZ dZ y)r8zC Container for the OpenSSL representation of a private key Nc6||_||_t|_y)z :param evp_pkey: An OpenSSL EVP_PKEY value from loading/importing the key :param asn1: An asn1crypto.keys.PrivateKeyInfo object Nevp_pkeyasn1r"_libselfrErFs M/opt/nydus/tmp/pip-target-mjwu0ny1/lib/python/oscrypto/_openssl/asymmetric.py__init__zPrivateKey.__init__P!   c|j0tj|jt }t |}t |}tj|j|}t|t||}tj|}tdkrN|jdk(r?|j}d|dd<|j}t||t!|}tj"t t ||} t%| r tdt'| ||_|jS)z\ :return: A PublicKey object corresponding to this private key.  rsassa_pssrsa algorithmr) _public_keyr" i2d_PUBKEYrErrrr%rr loadr$rScopydumpr len d2i_PUBKEYrr9) rI buffer_size pubkey_bufferpubkey_pointer pubkey_length pubkey_datarF temp_asn1 temp_data pub_evp_pkeys rJ public_keyzPrivateKey.public_key]s     ##..t}}dfEK-k:M+M:N%00OM  /+M=IK %%k2D&,<1O IIK 6; +&{3%NN,  y9 #I $//}8UWdeL|$$Q'(t| } t| r tdt j@| }t|t jB| t6jDt jF| t}|dkr t|t|}t jF| t!|}|dkr t|t#||}tItKd tMd|d|d}|jO} t jP| t}|dkr t|t|}t jP| t!|}|dkr t|t#||} | rt jR|  tU tW fS#|rt j&||rt j(|wwxYw#| rt j4| wwxYw#| rt jR| wwxYw)aP Generates a public/private key pair :param algorithm: The key algorithm - "rsa", "dsa" or "ec" :param bit_size: An integer - used for "rsa" and "dsa". For "rsa" the value maye be 1024, 2048, 3072 or 4096. For "dsa" the value may be 1024, plus 2048 or 3072 if OpenSSL 1.0.0 or newer is available. :param curve: A unicode string - used for "ec" keys. Valid values include "secp256r1", "secp384r1" and "secp521r1". :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A 2-element tuple of (PublicKey, PrivateKey). The contents of each key may be saved by calling .asn1.dump(). )rRreczM algorithm must be one of "rsa", "dsa", "ec", not %s rR) zX bit_size must be one of 1024, 2048, 3072, 4096, not %s rr!rzG bit_size must be 1024, not %s )rrrzZ bit_size must be one of 1024, 2048, 3072, not %s r) secp256r1 secp384r1 secp521r1zt curve must be one of "secp256r1", "secp384r1", "secp521r1", not %s Nrz BIGNUM **s65537named)namevalue)rS parameters)rSrc),r ValueErrorrreprr$r"RSA_newrr%r BN_dec2bnrRSA_generate_key_exri2d_RSAPublicKeyrrri2d_RSAPrivateKeyRSA_freeBN_freeDSA_newDSA_generate_parameters_exDSA_generate_keyi2d_DSA_PUBKEYi2d_DSAPrivateKeyDSA_freer#NID_X9_62_prime256v1 NID_secp384r1 NID_secp521r1EC_KEY_new_by_curve_nameEC_KEY_generate_keyEC_KEY_set_asn1_flagOPENSSL_EC_NAMED_CURVEi2o_ECPublicKeyr r r rXi2d_ECPrivateKey EC_KEY_freer6r5)rSbit_sizecurverRexponentexponent_pointerresult buffer_lengthbufferpublic_key_bytesprivate_key_bytesrec_keycurve_idpublic_key_point_bytesrcs rJr2r2#s4011  O    E 378 8^X   e  !D (4 N "s#566 N " d  CD D^U  E# ,##%Cs|$Q'"9k: (()98DF  (./H223(DFSF  (%66sDFCMq $]3&}5F//^F5KLFz$V,0G %77TVDMq $]3&}5F00nV6LMFz$V, 1&- H ""3'!!(+ e  (##%Cs|$Q'99#xQRTXTZ\`\bdhdjkF  (//4F  (%44S$&AMq $]3&}5F--c>&3IJFz$V,0G %77TVDMq $]3&}5F00nV6LMFz$V, 1&- H ""3' d 2 .+@@+99+99 H 77AFv$Q'226:F  (  * *6>3X3X Y%55fdfEMq $]3&}5F..v~f7MNFz$V,%6v}%M "'/!%"4$##15 ( J *0 %66vtvFMq $]3&}5F//v8NOFz$V, 1&- H %%f- , -/?@Q/R SSA""3'!!(+H""3'n%%f-s';E9X6.E8Y* F?Z61Y'*ZZ!c t|tsttdt ||dkr t d|dkDr t d|dzdk7r t dd } t j}t|r tdt j||tjt}t|t j|t}|dkr t|t|}t j|t!|}|dkr t|t#||}t%j&||rt j(|SS#|rt j(|wwxYw) a` Generates DH parameters for use with Diffie-Hellman key exchange. Returns a structure in the format of DHParameter defined in PKCS#3, which is also used by the OpenSSL dhparam tool. THIS CAN BE VERY TIME CONSUMING! :param bit_size: The integer bit size of the parameters to generate. Must be between 512 and 4096, and divisible by 64. Recommended secure value as of early 2016 is 2048, with an absolute minimum of 1024. :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: An asn1crypto.algos.DHParameters object. Use oscrypto.asymmetric.dump_dh_parameters() to save to disk for usage with web servers. z= bit_size must be an integer, not %s iz-bit_size must be greater than or equal to 512rz+bit_size must be less than or equal to 4096@rz!bit_size must be a multiple of 64N) isinstancer, TypeErrorrr)rr"DH_newrr%DH_generate_parameters_exr#DH_GENERATOR_2r i2d_DHparamsrrrr rVDH_free)rdhrrrdh_params_bytess rJgenerate_dh_parametersrs]0 h *  h     #~HII$FGG"}<== B"     2;  #44R>C`C`bfbhiV$!..r46: 1   /"=1''N6,BC A:  (+FMB  1    b ! 2   b ! s %C+E))Fct|tr |}t|St|trt|}t|St|tr9t |d5}t|j }dddt|Sttdt|#1swYtSxYw)a Loads an x509 certificate into a Certificate object :param source: A byte string of file contents, a unicode string filename or an asn1crypto.x509.Certificate object :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A Certificate object rbNz source must be a byte string, unicode string or asn1crypto.x509.Certificate object, not %s ) rAsn1Certificater+rr*openreadrrr) _load_x509)source certificatefs rJr3r34s"&/* $ k ""! FH %'/  k "" FG $ &$ 1+AFFH5K  k ""  f       k ""s B++B>c|j}t|}tjt t |t |}t|r tdt||S)z Loads an ASN.1 object of an x509 certificate into a Certificate object :param certificate: An asn1crypto.x509.Certificate object :return: A Certificate object r) rXrr"d2i_X509rrrYrr%r)rrrrEs rJrr[sX   F v &F!!$&.*@#f+NHxQ x --rMct|tr |}t|S|Ot|tr|jd}t|tst t dt|t|tr&t|d5}|j}dddn.t|tst t dt|t||}t|S#1swY xYw)a Loads a private key into a PrivateKey object :param source: A byte string of file contents, a unicode string filename or an asn1crypto.keys.PrivateKeyInfo object :param password: A byte or unicode string to decrypt the private key file. Unicode strings will be encoded using UTF-8. Not used is the source is a PrivateKeyInfo object. :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type oscrypto.errors.AsymmetricKeyError - when the private key is incompatible with the OS crypto library OSError - when an error is returned by the OS crypto library :return: A PrivateKey object Nutf-8zP password must be a byte string, not %s rz source must be a byte string, unicode string or asn1crypto.keys.PrivateKeyInfo object, not %s ) rr r*encoder+rrr)rrr _load_key)rpasswordprivate_objectrs rJr5r5os.&.): ^ $$5  (G,#??73h1h' ! fg &fd#q$#FH-N&!  'vx8 ^ $$$#s C**C3c^t|tr|}nyt|tr t|}n]t|tr/t |d5}t|j }dddnttdt|jdk(rWtdkr.|jdk(rttd|j|jttdtd kr8|jd k(r)|j!}d |d d <|j#}n|j#}t%|}t'j(t+t-|t/|}t1|r t3d t5||S#1swYxYw)a3 Loads a public key into a PublicKey object :param source: A byte string of file contents, a unicode string filename or an asn1crypto.keys.PublicKeyInfo object :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type oscrypto.errors.AsymmetricKeyError - when the public key is incompatible with the OS crypto library OSError - when an error is returned by the OS crypto library :return: A PublicKey object rNz source must be a byte string, unicode string or asn1crypto.keys.PublicKeyInfo object, not %s rrsha2z OpenSSL 0.9.8 only supports DSA keys based on SHA1 (2048 bits or less) - this key is based on SHA2 and is %s bits z The DSA key does not contain the necessary p, q and g parameters and can not be used rOrQrRrSr)rr r+rr*rrrrr)rSr$rr&rr'rWrXrr"rZrrrYrr%r9)rrcrtemp_keydatarrEs rJr6r6s$&-( FH %!&) FG $ &$ 1%affh/J   f     u$ !D (Z-A-AV-K$^## &  ! ! ).~0 $)=)=)M??$-2k*}}  t $F##DFN6,BCINHxQ Xz **U s F""F,c|tdkr=|jdk(r.|jdk(rtt d|j t |j}t|}tjtt|t|}t|r tdt!||S)z Loads a private key into a PrivateKey object :param private_object: An asn1crypto.keys.PrivateKeyInfo object :return: A PrivateKey object rrrz OpenSSL 0.9.8 only supports DSA keys based on SHA1 (2048 bits or less) - this key is based on SHA2 and is %s bits r)r$rSrr&rrrrXrr"d2i_AutoPrivateKeyrrrYrr%r8)rrrrEs rJrrs$)A)AU)J~OgOgkqOq    # # "   &n 5 : : 3.0 :param evp_pkey: The EVP_PKEY of the Certificte or PublicKey to get the size of :return: An int of the number of bytes necessary for the key rO)r$r" EVP_PKEY_sizeEVP_PKEY_get_size)rEs rJ_evp_pkey_get_sizers.%&&x00  & &x 00rMc&t|ttfstt dt |t|t stt dt |d} t|j}t|}tj|j}tjt|||||}t|t|||rtj |SS#|rtj |wwxYw)a% Encrypts plaintext using an RSA public key or certificate :param certificate_or_public_key: A PublicKey, Certificate or PrivateKey object :param data: The byte string to encrypt :param padding: The padding mode to use :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the encrypted data certificate_or_public_key must be an instance of the Certificate or PublicKey class, not %s < data must be a byte string, not %s N)rrr9rrr)r+rrErr"EVP_PKEY_get1_RSARSA_public_encryptrYr%rr)rrpaddingrRr[rress rJrrs, /+y1I J  / 0     dH %  dO     C $()B)K)KL ";/))*C*L*LM**3t9dFCQS! -    s # 3   s # s &A7C66Dct|tsttdt |t|t sttdt |d} t |j}t|}tj|j}tjt|||||}t|t|||rtj|SS#|rtj|wwxYw)a Decrypts RSA ciphertext using a private key :param private_key: A PrivateKey object :param ciphertext: The ciphertext - a byte string :param padding: The padding mode to use :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the plaintext zY private_key must be an instance of the PrivateKey class, not %s zB ciphertext must be a byte string, not %s N)rr8rrr)r+rrErr"rRSA_private_decryptrYr%rr)rrrrRr[rrs rJrrs, k: .  k "     j( +  j !     C $()=)=> ";/))+*>*>?++C OZQTV]^S! -    s # 3   s # s A7C00D c|jdk7r-ttd|jjt ||||S)a Verifies an RSASSA-PKCS-v1.5 signature. When the hash_algorithm is "raw", the operation is identical to RSA public key decryption. That is: the data is not hashed and no ASN.1 structure with an algorithm identifier of the hash algorithm is placed in the encrypted byte string. :param certificate_or_public_key: A Certificate or PublicKey instance to verify the signature with :param signature: A byte string of the signature to verify :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha224", "sha256", "sha384", "sha512" or "raw" :raises: oscrypto.errors.SignatureError - when the signature is determined to be invalid ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library rRL The key specified is not an RSA public key, but %s rSrrupper_verifyr signaturerhash_algorithms rJr?r?<sS:!**e3  & / / 5 5 7     ,i~ NNrMc|j}|dk7r2|dk7r-ttd|jjt ||||dS)a Verifies an RSASSA-PSS signature. For the PSS padding the mask gen algorithm will be mgf1 using the same hash algorithm as the signature. The salt length with be the length of the hash algorithm, and the trailer field with be the standard 0xBC byte. :param certificate_or_public_key: A Certificate or PublicKey instance to verify the signature with :param signature: A byte string of the signature to verify :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha224", "sha256", "sha384" or "sha512" :raises: oscrypto.errors.SignatureError - when the signature is determined to be invalid ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library rRrQr Trsa_pss_paddingr )rrrrcp_algs rJrArAdsa4' 0 0F 6\1  & / / 5 5 7     ,i~_c ddrMc|jdk7r-ttd|jjt ||||S)a Verifies a DSA signature :param certificate_or_public_key: A Certificate or PublicKey instance to verify the signature with :param signature: A byte string of the signature to verify :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha224", "sha256", "sha384" or "sha512" :raises: oscrypto.errors.SignatureError - when the signature is determined to be invalid ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library rzK The key specified is not a DSA public key, but %s r r s rJr/r/sS.!**e3  & / / 5 5 7     ,i~ NNrMc|jdk7r-ttd|jjt ||||S)a Verifies an ECDSA signature :param certificate_or_public_key: A Certificate or PublicKey instance to verify the signature with :param signature: A byte string of the signature to verify :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha224", "sha256", "sha384" or "sha512" :raises: oscrypto.errors.SignatureError - when the signature is determined to be invalid ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library rzK The key specified is not an EC public key, but %s r r s rJr1r1sS.!**d2  & / / 5 5 7     ,i~ NNrMc t|ttfstt dt |t|t stt dt |t|t stt dt ||j}|dk(xs|dk(}tgd}|r|s|tdgz}||vr*d}|r|s|d z }tt d |t||s%|r#tt d |j|r|dk(rt||jd z kDr)tt d |jt|d} tj|j } t#| r t%dt'|j } t)| } tj*t||| | t,j.} t%| t1| | } t3|| s t5d | rtj6| yyd}d} d}d}d}d} t8dkrtj:}ntj<} tj>tj@tjBtjDtjFtjHd|}t8dkr|r|rtKtL||jO}tj|j } t#| r t%dt'|j } t)| }tj*t|||| t,jP}t%|tjR| |||t,jT}n|rtjV||tY}t%|tjZ||t|}t%|tj\||t||j }n|dk(rtKtL||jO}t)|}t_|}tj`tY|t|}t#|r t5dtjb|j }t#|r t%dtjd|t|||}n<|dk(r6tKtL||jO}t)|}t_|}tjftY|t|}t#|r t5dtjh|j }t#|r t%dtjj|t|||}nftmtd}tjn|||tY|j }t%|tq|}|rtjr|t,jtdt,jvt,jxtY}t%|t8dkrhtjr|t,jtt,jzt,j|zt,j~dtY}t%|tjZ||t|}t%|tj||t|}dkr t5dt%||r4t8dkrtj|ntj|| rtj6| |rtj||rtj||rtj||rtj|yy#| rtj6| wwxYw#|r4t8dkrtj|ntj|| rtj6| |rtj||rtj||rtj||rtj|wwxYw)aI Verifies an RSA, DSA or ECDSA signature :param certificate_or_public_key: A Certificate or PublicKey instance to verify the signature with :param signature: A byte string of the signature to verify :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha224", "sha256", "sha384" or "sha512" :param rsa_pss_padding: If the certificate_or_public_key is an RSA key, this enables PSS padding :raises: oscrypto.errors.SignatureError - when the signature is determined to be invalid ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library rzA signature must be a byte string, not %s rrRrQmd5sha1sha224sha256sha384sha512raw5"md5", "sha1", "sha224", "sha256", "sha384", "sha512", "raw"B hash_algorithm must be one of %s, not %s o PSS padding can only be used with RSA keys - the key provided is a %s key data must be 11 bytes shorter than the key size when hash_algorithm is "raw" - key size is %s bytes, but data is %s bytes long NrzSignature is invalidr!r!rrrEVP_PKEY_CTX **rPrr!)Grrr9rrr)r+rSrrrr rY byte_sizer"rrErr%rrRSA_public_decryptr#rrr-r(rr$EVP_MD_CTX_createEVP_MD_CTX_newEVP_md5EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512getattrhashlibdigestRSA_NO_PADDINGRSA_verify_PKCS1_PSSEVP_MD_CTX_FLAG_PSS_MDLENEVP_DigestInit_exrEVP_DigestUpdateEVP_VerifyFinalr d2i_DSA_SIGEVP_PKEY_get1_DSA DSA_do_verify d2i_ECDSA_SIGEVP_PKEY_get1_EC_KEYECDSA_do_verifyrEVP_DigestVerifyInitrEVP_PKEY_CTX_ctrl EVP_PKEY_RSAEVP_PKEY_CTRL_RSA_PADDINGRSA_PKCS1_PSS_PADDINGEVP_PKEY_OP_SIGNEVP_PKEY_OP_VERIFYEVP_PKEY_CTRL_RSA_PSS_SALTLENEVP_DigestVerifyFinalEVP_MD_CTX_destroyEVP_MD_CTX_freer DSA_SIG_freerECDSA_SIG_free)rrrrrr cp_is_rsavalid_hash_algorithmsvalid_hash_algorithms_errorrRr[decrypted_bufferdecrypted_lengthdecrypted_bytes evp_md_ctxrdsa_sigr ecdsa_sigevp_mdr5decoded_bufferdecoded_lengthrsignature_buffersignature_pointerevp_pkey_ctx_pointer_pointerevp_pkey_ctx_pointers rJr r s4 /+y1I J  / 0     i *  i     dH %  dO    ' 0 0F%96\#9I WXeW-22&]# _ '9 4 '  (        LLN    ^u, t90::R? ?^ *33D   (--.G.P.PQCs|$Q',-F-O-OPK0= (;;I 00    !!1 2/0@BRSO#D/:$%;<< ""3'J C CG FIR0 !F *"446J"113J$$&&********    "D (_9.9$?FFH112K2T2TU3<(+01J1S1ST !2;!?!*!=!= N""11 "%^444""<< 11*fdfM$S)00T3t9M$S)// N-66 59.9$?FFH#4Y#? $23C$D!#//8I3y>Z7#()?@@112K2T2TU3<(+--fc&k7CP49.9$?FFH#4Y#? $23C$D!%33DFr>sP8%   ! ! ' ' )     dN 33rMc|j}|dk7r(|dk7r#ttd|jt |||dS)a. Generates an RSASSA-PSS signature. For the PSS padding the mask gen algorithm will be mgf1 using the same hash algorithm as the signature. The salt length with be the length of the hash algorithm, and the trailer field with be the standard 0xBC byte. :param private_key: The PrivateKey to generate the signature with :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha224", "sha256", "sha384" or "sha512" :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the signature rRrQr`Trra)rrrpkey_algs rJr@r@ sV2$$H5X5  NN      dND IIrMc|jdk7r-ttd|jjt |||S)aA Generates a DSA signature :param private_key: The PrivateKey to generate the signature with :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha224", "sha256", "sha384" or "sha512" :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the signature rzL The key specified is not a DSA private key, but %s rarcs rJr.r./sP,%   ! ! ' ' )     dN 33rMc|jdk7r-ttd|jjt |||S)aD Generates an ECDSA signature :param private_key: The PrivateKey to generate the signature with :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha224", "sha256", "sha384" or "sha512" :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the signature rzL The key specified is not an EC private key, but %s rarcs rJr0r0PsP,$   ! ! ' ' )     dN 33rMc t|tsttdt |t|t sttdt ||j }|dk(xs|dk(}tgd}|dk(r|s|tdgz}||vr*d}|r|s|dz }ttd |t||s%|r#ttd |j|r|dk(rt||jd z kDr)ttd |jt|d } tj|j}t!|r t#dt%|j} t'| } tj(t||| |t*j,} t#| t/| | |rtj0|SSd } d }d } d }d }d } t2dkrtj4} ntj6} tj8tj:tj<tj>tj@tjBd|}t2dkr|r|rtEtF||jI}tj|j}t!|r t#dt%|j} t'| }tjJ||||t*jL}t#|t'| } tj(| || |t*jN} t#| n<|rt%|j} t'| } tQtd} tjR| |tU}t#|tjV| |t|}t#|tjX| | | |j}t#|t[| } n{|dk(rtEtF||jI}tj\|j} t!| r t#dtj^|t|| }t!|r t#dtj`|tU} t'| } tc| }tj`||} t#| n|dk(rtEtF||jI}tjd|j}t!|r t#dtjf|t||}t!|r t#dtjh|tU} t'| } tc| }tjh||} t#| nt%|j} t'| } tQtd| } tQtd}tjj| ||tU|j}t#|tm|}|rtjn|t*jpdt*jrt*jttU}t#|t2dkrhtjn|t*jpt*jvt*jxzt*jzdtU}t#|tjV| |t|}t#|tj|| | | }t#|t[| } t/  | r4t2dkrtj~| ntj| |rtj0|| rtj| |rtj||rtj||rtj|SS#|rtj0|wwxYw#| r4t2dkrtj~| ntj| |rtj0|| rtj| |rtj||rtj||rtj|wwxYw)a Generates an RSA, DSA or ECDSA signature :param private_key: The PrivateKey to generate the signature with :param data: A byte string of the data the signature is for :param hash_algorithm: A unicode string of "md5", "sha1", "sha224", "sha256", "sha384" or "sha512" :param rsa_pss_padding: If the private_key is an RSA key, this enables PSS padding :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the signature zO private_key must be an instance of PrivateKey, not %s rrRrQrrrr r!r"r#r$Nrr%rzunsigned int *rrzsize_t *r&r'r()Err8rrr)r+rSrrrr rYr)r"rrErr%rrRSA_private_encryptr#rrrr$r+r,r-r.r/r0r1r2r3r4r5RSA_padding_add_PKCS1_PSSr8r6rr9rr: EVP_SignFinalrr= DSA_do_sign i2d_DSA_SIGrr@ ECDSA_do_sign i2d_ECDSA_SIGEVP_DigestSignInitrrCrDrErFrGrHrIEVP_DigestSignFinalrKrLrrMrrN)rrrrre pkey_is_rsarPrQrRr[r[signature_lengthrUrrVrrWrXr5 em_bufferrr\r]r^s rJrbrbqs2 k: .  k "     dH %  dO    $$He#?x<'?K WX5eW-22&]#  '9 4 '  (      ?  NN     ~. t9{,,r1 1^ %%D   (--k.B.BCCs|$Q',[-A-ABK0= (<<D  00    !!1 2$%57GH""3'J C CG FId0 !F *"446J"113J$$&&********    "D (9.9$?FFH11+2F2FG3<(+01E1EF -k: 99"<< %S)#4[#A #,#@#@$"11 $ %%5601E1EF #4[#A #&y2B#C 11*fdfM$S)00T3t9M$S)--$$((  %S)#()9#: U"9.9$?FFH11+2F2FG3<(+#//F SI7#(+'33GTVD #4[#A $23C$D!#,#8#8BS#T $%56T!9.9$?FFH"77 8L8LM6?(+%33FCKP 9%(+'55iH #4[#A $23C$D!#,#:#:9FW#X $%56-[-A-ABK0= "9j+F +.y:K+L (..,$$ C ! %#)*F#G 11("//"<<"88F %S)*F2#55,&33&77.:[:[[&DD C)-,,Zs4yIC  %// =Wb>bB,e)NNrh)F)Q __future__rrrrr4_asn1rrr r r r r _asymmetricrrrrrrrrr_errorsr_ffirrrrrrrrr _libcryptor"r#r$r%errorsr&r'r(_typesr)r*r+r,utilr-__all__r8r9r2rr3rr5r6rr7r4r=r<r;r:rrrr?rAr/r1r r>r@r.r0rbrrrMrJrs'RR   %   `_UU<<# 2Q!Q!h!!>i"iXKT\@"F$#N.(5%pC+L0:;2:$zW0O,\0T. 1 5$p4$n%OP$eNODODP0f$4N#JL4B4BU0rM