@pairling/runtime-darwin-x64 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (159) hide show
  1. package/README.md +1 -1
  2. package/bin/pairling-connectd +0 -0
  3. package/manifest.json +4 -4
  4. package/package.json +3 -3
  5. package/python/bin/python3 +0 -0
  6. package/python/bin/python3.12 +0 -0
  7. package/python/lib/libpython3.12.dylib +0 -0
  8. package/python/lib/python3.12/lib-dynload/_crypt.cpython-312-darwin.so +0 -0
  9. package/python/lib/python3.12/lib-dynload/_dbm.cpython-312-darwin.so +0 -0
  10. package/python/lib/python3.12/site-packages/_cffi_backend.cpython-312-darwin.so +0 -0
  11. package/python/lib/python3.12/site-packages/cffi/__init__.py +14 -0
  12. package/python/lib/python3.12/site-packages/cffi/_cffi_errors.h +149 -0
  13. package/python/lib/python3.12/site-packages/cffi/_cffi_include.h +389 -0
  14. package/python/lib/python3.12/site-packages/cffi/_embedding.h +550 -0
  15. package/python/lib/python3.12/site-packages/cffi/_imp_emulation.py +83 -0
  16. package/python/lib/python3.12/site-packages/cffi/_shimmed_dist_utils.py +45 -0
  17. package/python/lib/python3.12/site-packages/cffi/api.py +967 -0
  18. package/python/lib/python3.12/site-packages/cffi/backend_ctypes.py +1121 -0
  19. package/python/lib/python3.12/site-packages/cffi/cffi_opcode.py +187 -0
  20. package/python/lib/python3.12/site-packages/cffi/commontypes.py +82 -0
  21. package/python/lib/python3.12/site-packages/cffi/cparser.py +1015 -0
  22. package/python/lib/python3.12/site-packages/cffi/error.py +31 -0
  23. package/python/lib/python3.12/site-packages/cffi/ffiplatform.py +113 -0
  24. package/python/lib/python3.12/site-packages/cffi/lock.py +30 -0
  25. package/python/lib/python3.12/site-packages/cffi/model.py +618 -0
  26. package/python/lib/python3.12/site-packages/cffi/parse_c_type.h +181 -0
  27. package/python/lib/python3.12/site-packages/cffi/pkgconfig.py +121 -0
  28. package/python/lib/python3.12/site-packages/cffi/recompiler.py +1598 -0
  29. package/python/lib/python3.12/site-packages/cffi/setuptools_ext.py +216 -0
  30. package/python/lib/python3.12/site-packages/cffi/vengine_cpy.py +1084 -0
  31. package/python/lib/python3.12/site-packages/cffi/vengine_gen.py +679 -0
  32. package/python/lib/python3.12/site-packages/cffi/verifier.py +306 -0
  33. package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/INSTALLER +1 -0
  34. package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/LICENSE +26 -0
  35. package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/METADATA +40 -0
  36. package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/RECORD +30 -0
  37. package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/WHEEL +5 -0
  38. package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/entry_points.txt +2 -0
  39. package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/top_level.txt +2 -0
  40. package/python/lib/python3.12/site-packages/cryptography/__about__.py +17 -0
  41. package/python/lib/python3.12/site-packages/cryptography/__init__.py +26 -0
  42. package/python/lib/python3.12/site-packages/cryptography/exceptions.py +52 -0
  43. package/python/lib/python3.12/site-packages/cryptography/fernet.py +224 -0
  44. package/python/lib/python3.12/site-packages/cryptography/hazmat/__init__.py +13 -0
  45. package/python/lib/python3.12/site-packages/cryptography/hazmat/_oid.py +348 -0
  46. package/python/lib/python3.12/site-packages/cryptography/hazmat/backends/__init__.py +13 -0
  47. package/python/lib/python3.12/site-packages/cryptography/hazmat/backends/openssl/__init__.py +9 -0
  48. package/python/lib/python3.12/site-packages/cryptography/hazmat/backends/openssl/backend.py +308 -0
  49. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/__init__.py +3 -0
  50. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi +37 -0
  51. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/_openssl.pyi +8 -0
  52. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/asn1.pyi +7 -0
  53. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/exceptions.pyi +17 -0
  54. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/ocsp.pyi +117 -0
  55. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi +75 -0
  56. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/aead.pyi +107 -0
  57. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/ciphers.pyi +38 -0
  58. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/cmac.pyi +18 -0
  59. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/dh.pyi +51 -0
  60. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/dsa.pyi +41 -0
  61. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/ec.pyi +52 -0
  62. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/ed25519.pyi +13 -0
  63. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/ed448.pyi +13 -0
  64. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/hashes.pyi +28 -0
  65. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/hmac.pyi +22 -0
  66. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/kdf.pyi +49 -0
  67. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/keys.pyi +34 -0
  68. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/poly1305.pyi +15 -0
  69. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/rsa.pyi +55 -0
  70. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/x25519.pyi +13 -0
  71. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/x448.pyi +13 -0
  72. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/pkcs12.pyi +52 -0
  73. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/pkcs7.pyi +50 -0
  74. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/test_support.pyi +23 -0
  75. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/x509.pyi +313 -0
  76. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust.abi3.so +0 -0
  77. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/openssl/__init__.py +3 -0
  78. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py +191 -0
  79. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/openssl/binding.py +122 -0
  80. package/python/lib/python3.12/site-packages/cryptography/hazmat/decrepit/__init__.py +5 -0
  81. package/python/lib/python3.12/site-packages/cryptography/hazmat/decrepit/ciphers/__init__.py +5 -0
  82. package/python/lib/python3.12/site-packages/cryptography/hazmat/decrepit/ciphers/algorithms.py +112 -0
  83. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/__init__.py +3 -0
  84. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/_asymmetric.py +19 -0
  85. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/_cipheralgorithm.py +60 -0
  86. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/_serialization.py +168 -0
  87. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/__init__.py +3 -0
  88. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/dh.py +147 -0
  89. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/dsa.py +167 -0
  90. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/ec.py +447 -0
  91. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/ed25519.py +129 -0
  92. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/ed448.py +131 -0
  93. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/padding.py +113 -0
  94. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py +277 -0
  95. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/types.py +111 -0
  96. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py +24 -0
  97. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py +122 -0
  98. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/x448.py +125 -0
  99. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/ciphers/__init__.py +27 -0
  100. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/ciphers/aead.py +23 -0
  101. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/ciphers/algorithms.py +183 -0
  102. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/ciphers/base.py +146 -0
  103. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/ciphers/modes.py +268 -0
  104. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/cmac.py +10 -0
  105. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/constant_time.py +14 -0
  106. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/hashes.py +246 -0
  107. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/hmac.py +13 -0
  108. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/__init__.py +23 -0
  109. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/argon2.py +13 -0
  110. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/concatkdf.py +125 -0
  111. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/hkdf.py +101 -0
  112. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/kbkdf.py +305 -0
  113. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/pbkdf2.py +62 -0
  114. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/scrypt.py +19 -0
  115. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/x963kdf.py +61 -0
  116. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/keywrap.py +177 -0
  117. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/padding.py +69 -0
  118. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/poly1305.py +11 -0
  119. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/serialization/__init__.py +65 -0
  120. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/serialization/base.py +14 -0
  121. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/serialization/pkcs12.py +176 -0
  122. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/serialization/pkcs7.py +411 -0
  123. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/serialization/ssh.py +1619 -0
  124. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/twofactor/__init__.py +9 -0
  125. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/twofactor/hotp.py +101 -0
  126. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/twofactor/totp.py +56 -0
  127. package/python/lib/python3.12/site-packages/cryptography/py.typed +0 -0
  128. package/python/lib/python3.12/site-packages/cryptography/utils.py +139 -0
  129. package/python/lib/python3.12/site-packages/cryptography/x509/__init__.py +270 -0
  130. package/python/lib/python3.12/site-packages/cryptography/x509/base.py +848 -0
  131. package/python/lib/python3.12/site-packages/cryptography/x509/certificate_transparency.py +35 -0
  132. package/python/lib/python3.12/site-packages/cryptography/x509/extensions.py +2528 -0
  133. package/python/lib/python3.12/site-packages/cryptography/x509/general_name.py +281 -0
  134. package/python/lib/python3.12/site-packages/cryptography/x509/name.py +477 -0
  135. package/python/lib/python3.12/site-packages/cryptography/x509/ocsp.py +379 -0
  136. package/python/lib/python3.12/site-packages/cryptography/x509/oid.py +37 -0
  137. package/python/lib/python3.12/site-packages/cryptography/x509/verification.py +34 -0
  138. package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/INSTALLER +1 -0
  139. package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/METADATA +139 -0
  140. package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/RECORD +106 -0
  141. package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/REQUESTED +0 -0
  142. package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/WHEEL +4 -0
  143. package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/licenses/LICENSE +3 -0
  144. package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/licenses/LICENSE.APACHE +202 -0
  145. package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/licenses/LICENSE.BSD +27 -0
  146. package/python/lib/python3.12/site-packages/pycparser/__init__.py +99 -0
  147. package/python/lib/python3.12/site-packages/pycparser/_ast_gen.py +355 -0
  148. package/python/lib/python3.12/site-packages/pycparser/_c_ast.cfg +195 -0
  149. package/python/lib/python3.12/site-packages/pycparser/ast_transforms.py +174 -0
  150. package/python/lib/python3.12/site-packages/pycparser/c_ast.py +1341 -0
  151. package/python/lib/python3.12/site-packages/pycparser/c_generator.py +573 -0
  152. package/python/lib/python3.12/site-packages/pycparser/c_lexer.py +706 -0
  153. package/python/lib/python3.12/site-packages/pycparser/c_parser.py +2376 -0
  154. package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/INSTALLER +1 -0
  155. package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/METADATA +244 -0
  156. package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/RECORD +14 -0
  157. package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/WHEEL +5 -0
  158. package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/licenses/LICENSE +27 -0
  159. package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/top_level.txt +1 -0
@@ -0,0 +1,308 @@
1
+ # This file is dual licensed under the terms of the Apache License, Version
2
+ # 2.0, and the BSD License. See the LICENSE file in the root of this repository
3
+ # for complete details.
4
+
5
+ from __future__ import annotations
6
+
7
+ from cryptography.hazmat.bindings._rust import openssl as rust_openssl
8
+ from cryptography.hazmat.bindings.openssl import binding
9
+ from cryptography.hazmat.primitives import hashes
10
+ from cryptography.hazmat.primitives._asymmetric import AsymmetricPadding
11
+ from cryptography.hazmat.primitives.asymmetric import ec
12
+ from cryptography.hazmat.primitives.asymmetric import utils as asym_utils
13
+ from cryptography.hazmat.primitives.asymmetric.padding import (
14
+ MGF1,
15
+ OAEP,
16
+ PSS,
17
+ PKCS1v15,
18
+ )
19
+ from cryptography.hazmat.primitives.ciphers import (
20
+ CipherAlgorithm,
21
+ )
22
+ from cryptography.hazmat.primitives.ciphers.algorithms import (
23
+ AES,
24
+ )
25
+ from cryptography.hazmat.primitives.ciphers.modes import (
26
+ CBC,
27
+ Mode,
28
+ )
29
+
30
+
31
+ class Backend:
32
+ """
33
+ OpenSSL API binding interfaces.
34
+ """
35
+
36
+ name = "openssl"
37
+
38
+ # TripleDES encryption is disallowed/deprecated throughout 2023 in
39
+ # FIPS 140-3. To keep it simple we denylist any use of TripleDES (TDEA).
40
+ _fips_ciphers = (AES,)
41
+ # Sometimes SHA1 is still permissible. That logic is contained
42
+ # within the various *_supported methods.
43
+ _fips_hashes = (
44
+ hashes.SHA224,
45
+ hashes.SHA256,
46
+ hashes.SHA384,
47
+ hashes.SHA512,
48
+ hashes.SHA512_224,
49
+ hashes.SHA512_256,
50
+ hashes.SHA3_224,
51
+ hashes.SHA3_256,
52
+ hashes.SHA3_384,
53
+ hashes.SHA3_512,
54
+ hashes.SHAKE128,
55
+ hashes.SHAKE256,
56
+ )
57
+ _fips_ecdh_curves = (
58
+ ec.SECP224R1,
59
+ ec.SECP256R1,
60
+ ec.SECP384R1,
61
+ ec.SECP521R1,
62
+ )
63
+ _fips_rsa_min_key_size = 2048
64
+ _fips_rsa_min_public_exponent = 65537
65
+ _fips_dsa_min_modulus = 1 << 2048
66
+ _fips_dh_min_key_size = 2048
67
+ _fips_dh_min_modulus = 1 << _fips_dh_min_key_size
68
+
69
+ def __init__(self) -> None:
70
+ self._binding = binding.Binding()
71
+ self._ffi = self._binding.ffi
72
+ self._lib = self._binding.lib
73
+ self._fips_enabled = rust_openssl.is_fips_enabled()
74
+
75
+ def __repr__(self) -> str:
76
+ return (
77
+ f"<OpenSSLBackend(version: {self.openssl_version_text()}, "
78
+ f"FIPS: {self._fips_enabled}, "
79
+ f"Legacy: {rust_openssl._legacy_provider_loaded})>"
80
+ )
81
+
82
+ def openssl_assert(self, ok: bool) -> None:
83
+ return binding._openssl_assert(ok)
84
+
85
+ def _enable_fips(self) -> None:
86
+ # This function enables FIPS mode for OpenSSL 3.0.0 on installs that
87
+ # have the FIPS provider installed properly.
88
+ rust_openssl.enable_fips(rust_openssl._providers)
89
+ assert rust_openssl.is_fips_enabled()
90
+ self._fips_enabled = rust_openssl.is_fips_enabled()
91
+
92
+ def openssl_version_text(self) -> str:
93
+ """
94
+ Friendly string name of the loaded OpenSSL library. This is not
95
+ necessarily the same version as it was compiled against.
96
+
97
+ Example: OpenSSL 3.2.1 30 Jan 2024
98
+ """
99
+ return rust_openssl.openssl_version_text()
100
+
101
+ def openssl_version_number(self) -> int:
102
+ return rust_openssl.openssl_version()
103
+
104
+ def hash_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
105
+ if self._fips_enabled and not isinstance(algorithm, self._fips_hashes):
106
+ return False
107
+
108
+ return rust_openssl.hashes.hash_supported(algorithm)
109
+
110
+ def signature_hash_supported(
111
+ self, algorithm: hashes.HashAlgorithm
112
+ ) -> bool:
113
+ # Dedicated check for hashing algorithm use in message digest for
114
+ # signatures, e.g. RSA PKCS#1 v1.5 SHA1 (sha1WithRSAEncryption).
115
+ if self._fips_enabled and isinstance(algorithm, hashes.SHA1):
116
+ return False
117
+ return self.hash_supported(algorithm)
118
+
119
+ def scrypt_supported(self) -> bool:
120
+ if self._fips_enabled:
121
+ return False
122
+ else:
123
+ return hasattr(rust_openssl.kdf.Scrypt, "derive")
124
+
125
+ def argon2_supported(self) -> bool:
126
+ if self._fips_enabled:
127
+ return False
128
+ else:
129
+ return hasattr(rust_openssl.kdf.Argon2id, "derive")
130
+
131
+ def hmac_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
132
+ # FIPS mode still allows SHA1 for HMAC
133
+ if self._fips_enabled and isinstance(algorithm, hashes.SHA1):
134
+ return True
135
+ if rust_openssl.CRYPTOGRAPHY_IS_AWSLC:
136
+ return isinstance(
137
+ algorithm,
138
+ (
139
+ hashes.SHA1,
140
+ hashes.SHA224,
141
+ hashes.SHA256,
142
+ hashes.SHA384,
143
+ hashes.SHA512,
144
+ hashes.SHA512_224,
145
+ hashes.SHA512_256,
146
+ ),
147
+ )
148
+ return self.hash_supported(algorithm)
149
+
150
+ def cipher_supported(self, cipher: CipherAlgorithm, mode: Mode) -> bool:
151
+ if self._fips_enabled:
152
+ # FIPS mode requires AES. TripleDES is disallowed/deprecated in
153
+ # FIPS 140-3.
154
+ if not isinstance(cipher, self._fips_ciphers):
155
+ return False
156
+
157
+ return rust_openssl.ciphers.cipher_supported(cipher, mode)
158
+
159
+ def pbkdf2_hmac_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
160
+ return self.hmac_supported(algorithm)
161
+
162
+ def _consume_errors(self) -> list[rust_openssl.OpenSSLError]:
163
+ return rust_openssl.capture_error_stack()
164
+
165
+ def _oaep_hash_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
166
+ if self._fips_enabled and isinstance(algorithm, hashes.SHA1):
167
+ return False
168
+
169
+ return isinstance(
170
+ algorithm,
171
+ (
172
+ hashes.SHA1,
173
+ hashes.SHA224,
174
+ hashes.SHA256,
175
+ hashes.SHA384,
176
+ hashes.SHA512,
177
+ ),
178
+ )
179
+
180
+ def rsa_padding_supported(self, padding: AsymmetricPadding) -> bool:
181
+ if isinstance(padding, PKCS1v15):
182
+ return True
183
+ elif isinstance(padding, PSS) and isinstance(padding._mgf, MGF1):
184
+ # FIPS 186-4 only allows salt length == digest length for PSS
185
+ # It is technically acceptable to set an explicit salt length
186
+ # equal to the digest length and this will incorrectly fail, but
187
+ # since we don't do that in the tests and this method is
188
+ # private, we'll ignore that until we need to do otherwise.
189
+ if (
190
+ self._fips_enabled
191
+ and padding._salt_length != PSS.DIGEST_LENGTH
192
+ ):
193
+ return False
194
+ return self.hash_supported(padding._mgf._algorithm)
195
+ elif isinstance(padding, OAEP) and isinstance(padding._mgf, MGF1):
196
+ return self._oaep_hash_supported(
197
+ padding._mgf._algorithm
198
+ ) and self._oaep_hash_supported(padding._algorithm)
199
+ else:
200
+ return False
201
+
202
+ def rsa_encryption_supported(self, padding: AsymmetricPadding) -> bool:
203
+ if self._fips_enabled and isinstance(padding, PKCS1v15):
204
+ return False
205
+ else:
206
+ return self.rsa_padding_supported(padding)
207
+
208
+ def dsa_supported(self) -> bool:
209
+ return (
210
+ not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL
211
+ and not self._fips_enabled
212
+ )
213
+
214
+ def dsa_hash_supported(self, algorithm: hashes.HashAlgorithm) -> bool:
215
+ if not self.dsa_supported():
216
+ return False
217
+ return self.signature_hash_supported(algorithm)
218
+
219
+ def cmac_algorithm_supported(self, algorithm) -> bool:
220
+ return self.cipher_supported(
221
+ algorithm, CBC(b"\x00" * algorithm.block_size)
222
+ )
223
+
224
+ def elliptic_curve_supported(self, curve: ec.EllipticCurve) -> bool:
225
+ if self._fips_enabled and not isinstance(
226
+ curve, self._fips_ecdh_curves
227
+ ):
228
+ return False
229
+
230
+ return rust_openssl.ec.curve_supported(curve)
231
+
232
+ def elliptic_curve_signature_algorithm_supported(
233
+ self,
234
+ signature_algorithm: ec.EllipticCurveSignatureAlgorithm,
235
+ curve: ec.EllipticCurve,
236
+ ) -> bool:
237
+ # We only support ECDSA right now.
238
+ if not isinstance(signature_algorithm, ec.ECDSA):
239
+ return False
240
+
241
+ return self.elliptic_curve_supported(curve) and (
242
+ isinstance(signature_algorithm.algorithm, asym_utils.Prehashed)
243
+ or self.hash_supported(signature_algorithm.algorithm)
244
+ )
245
+
246
+ def elliptic_curve_exchange_algorithm_supported(
247
+ self, algorithm: ec.ECDH, curve: ec.EllipticCurve
248
+ ) -> bool:
249
+ return self.elliptic_curve_supported(curve) and isinstance(
250
+ algorithm, ec.ECDH
251
+ )
252
+
253
+ def dh_supported(self) -> bool:
254
+ return (
255
+ not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL
256
+ and not rust_openssl.CRYPTOGRAPHY_IS_AWSLC
257
+ )
258
+
259
+ def dh_x942_serialization_supported(self) -> bool:
260
+ return self._lib.Cryptography_HAS_EVP_PKEY_DHX == 1
261
+
262
+ def x25519_supported(self) -> bool:
263
+ if self._fips_enabled:
264
+ return False
265
+ return True
266
+
267
+ def x448_supported(self) -> bool:
268
+ if self._fips_enabled:
269
+ return False
270
+ return (
271
+ not rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL
272
+ and not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL
273
+ and not rust_openssl.CRYPTOGRAPHY_IS_AWSLC
274
+ )
275
+
276
+ def ed25519_supported(self) -> bool:
277
+ if self._fips_enabled:
278
+ return False
279
+ return True
280
+
281
+ def ed448_supported(self) -> bool:
282
+ if self._fips_enabled:
283
+ return False
284
+ return (
285
+ not rust_openssl.CRYPTOGRAPHY_IS_LIBRESSL
286
+ and not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL
287
+ and not rust_openssl.CRYPTOGRAPHY_IS_AWSLC
288
+ )
289
+
290
+ def ecdsa_deterministic_supported(self) -> bool:
291
+ return (
292
+ rust_openssl.CRYPTOGRAPHY_OPENSSL_320_OR_GREATER
293
+ and not self._fips_enabled
294
+ )
295
+
296
+ def poly1305_supported(self) -> bool:
297
+ if self._fips_enabled:
298
+ return False
299
+ return True
300
+
301
+ def pkcs7_supported(self) -> bool:
302
+ return (
303
+ not rust_openssl.CRYPTOGRAPHY_IS_BORINGSSL
304
+ and not rust_openssl.CRYPTOGRAPHY_IS_AWSLC
305
+ )
306
+
307
+
308
+ backend = Backend()
@@ -0,0 +1,3 @@
1
+ # This file is dual licensed under the terms of the Apache License, Version
2
+ # 2.0, and the BSD License. See the LICENSE file in the root of this repository
3
+ # for complete details.
@@ -0,0 +1,37 @@
1
+ # This file is dual licensed under the terms of the Apache License, Version
2
+ # 2.0, and the BSD License. See the LICENSE file in the root of this repository
3
+ # for complete details.
4
+
5
+ import typing
6
+
7
+ from cryptography.hazmat.primitives import padding
8
+ from cryptography.utils import Buffer
9
+
10
+ class PKCS7PaddingContext(padding.PaddingContext):
11
+ def __init__(self, block_size: int) -> None: ...
12
+ def update(self, data: Buffer) -> bytes: ...
13
+ def finalize(self) -> bytes: ...
14
+
15
+ class ANSIX923PaddingContext(padding.PaddingContext):
16
+ def __init__(self, block_size: int) -> None: ...
17
+ def update(self, data: Buffer) -> bytes: ...
18
+ def finalize(self) -> bytes: ...
19
+
20
+ class PKCS7UnpaddingContext(padding.PaddingContext):
21
+ def __init__(self, block_size: int) -> None: ...
22
+ def update(self, data: Buffer) -> bytes: ...
23
+ def finalize(self) -> bytes: ...
24
+
25
+ class ANSIX923UnpaddingContext(padding.PaddingContext):
26
+ def __init__(self, block_size: int) -> None: ...
27
+ def update(self, data: Buffer) -> bytes: ...
28
+ def finalize(self) -> bytes: ...
29
+
30
+ class ObjectIdentifier:
31
+ def __init__(self, value: str) -> None: ...
32
+ @property
33
+ def dotted_string(self) -> str: ...
34
+ @property
35
+ def _name(self) -> str: ...
36
+
37
+ T = typing.TypeVar("T")
@@ -0,0 +1,8 @@
1
+ # This file is dual licensed under the terms of the Apache License, Version
2
+ # 2.0, and the BSD License. See the LICENSE file in the root of this repository
3
+ # for complete details.
4
+
5
+ import typing
6
+
7
+ lib = typing.Any
8
+ ffi = typing.Any
@@ -0,0 +1,7 @@
1
+ # This file is dual licensed under the terms of the Apache License, Version
2
+ # 2.0, and the BSD License. See the LICENSE file in the root of this repository
3
+ # for complete details.
4
+
5
+ def decode_dss_signature(signature: bytes) -> tuple[int, int]: ...
6
+ def encode_dss_signature(r: int, s: int) -> bytes: ...
7
+ def parse_spki_for_data(data: bytes) -> bytes: ...
@@ -0,0 +1,17 @@
1
+ # This file is dual licensed under the terms of the Apache License, Version
2
+ # 2.0, and the BSD License. See the LICENSE file in the root of this repository
3
+ # for complete details.
4
+
5
+ class _Reasons:
6
+ BACKEND_MISSING_INTERFACE: _Reasons
7
+ UNSUPPORTED_HASH: _Reasons
8
+ UNSUPPORTED_CIPHER: _Reasons
9
+ UNSUPPORTED_PADDING: _Reasons
10
+ UNSUPPORTED_MGF: _Reasons
11
+ UNSUPPORTED_PUBLIC_KEY_ALGORITHM: _Reasons
12
+ UNSUPPORTED_ELLIPTIC_CURVE: _Reasons
13
+ UNSUPPORTED_SERIALIZATION: _Reasons
14
+ UNSUPPORTED_X509: _Reasons
15
+ UNSUPPORTED_EXCHANGE_ALGORITHM: _Reasons
16
+ UNSUPPORTED_DIFFIE_HELLMAN: _Reasons
17
+ UNSUPPORTED_MAC: _Reasons
@@ -0,0 +1,117 @@
1
+ # This file is dual licensed under the terms of the Apache License, Version
2
+ # 2.0, and the BSD License. See the LICENSE file in the root of this repository
3
+ # for complete details.
4
+
5
+ import datetime
6
+ from collections.abc import Iterator
7
+
8
+ from cryptography import x509
9
+ from cryptography.hazmat.primitives import hashes, serialization
10
+ from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes
11
+ from cryptography.x509 import ocsp
12
+
13
+ class OCSPRequest:
14
+ @property
15
+ def issuer_key_hash(self) -> bytes: ...
16
+ @property
17
+ def issuer_name_hash(self) -> bytes: ...
18
+ @property
19
+ def hash_algorithm(self) -> hashes.HashAlgorithm: ...
20
+ @property
21
+ def serial_number(self) -> int: ...
22
+ def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
23
+ @property
24
+ def extensions(self) -> x509.Extensions: ...
25
+
26
+ class OCSPResponse:
27
+ @property
28
+ def responses(self) -> Iterator[OCSPSingleResponse]: ...
29
+ @property
30
+ def response_status(self) -> ocsp.OCSPResponseStatus: ...
31
+ @property
32
+ def signature_algorithm_oid(self) -> x509.ObjectIdentifier: ...
33
+ @property
34
+ def signature_hash_algorithm(
35
+ self,
36
+ ) -> hashes.HashAlgorithm | None: ...
37
+ @property
38
+ def signature(self) -> bytes: ...
39
+ @property
40
+ def tbs_response_bytes(self) -> bytes: ...
41
+ @property
42
+ def certificates(self) -> list[x509.Certificate]: ...
43
+ @property
44
+ def responder_key_hash(self) -> bytes | None: ...
45
+ @property
46
+ def responder_name(self) -> x509.Name | None: ...
47
+ @property
48
+ def produced_at(self) -> datetime.datetime: ...
49
+ @property
50
+ def produced_at_utc(self) -> datetime.datetime: ...
51
+ @property
52
+ def certificate_status(self) -> ocsp.OCSPCertStatus: ...
53
+ @property
54
+ def revocation_time(self) -> datetime.datetime | None: ...
55
+ @property
56
+ def revocation_time_utc(self) -> datetime.datetime | None: ...
57
+ @property
58
+ def revocation_reason(self) -> x509.ReasonFlags | None: ...
59
+ @property
60
+ def this_update(self) -> datetime.datetime: ...
61
+ @property
62
+ def this_update_utc(self) -> datetime.datetime: ...
63
+ @property
64
+ def next_update(self) -> datetime.datetime | None: ...
65
+ @property
66
+ def next_update_utc(self) -> datetime.datetime | None: ...
67
+ @property
68
+ def issuer_key_hash(self) -> bytes: ...
69
+ @property
70
+ def issuer_name_hash(self) -> bytes: ...
71
+ @property
72
+ def hash_algorithm(self) -> hashes.HashAlgorithm: ...
73
+ @property
74
+ def serial_number(self) -> int: ...
75
+ @property
76
+ def extensions(self) -> x509.Extensions: ...
77
+ @property
78
+ def single_extensions(self) -> x509.Extensions: ...
79
+ def public_bytes(self, encoding: serialization.Encoding) -> bytes: ...
80
+
81
+ class OCSPSingleResponse:
82
+ @property
83
+ def certificate_status(self) -> ocsp.OCSPCertStatus: ...
84
+ @property
85
+ def revocation_time(self) -> datetime.datetime | None: ...
86
+ @property
87
+ def revocation_time_utc(self) -> datetime.datetime | None: ...
88
+ @property
89
+ def revocation_reason(self) -> x509.ReasonFlags | None: ...
90
+ @property
91
+ def this_update(self) -> datetime.datetime: ...
92
+ @property
93
+ def this_update_utc(self) -> datetime.datetime: ...
94
+ @property
95
+ def next_update(self) -> datetime.datetime | None: ...
96
+ @property
97
+ def next_update_utc(self) -> datetime.datetime | None: ...
98
+ @property
99
+ def issuer_key_hash(self) -> bytes: ...
100
+ @property
101
+ def issuer_name_hash(self) -> bytes: ...
102
+ @property
103
+ def hash_algorithm(self) -> hashes.HashAlgorithm: ...
104
+ @property
105
+ def serial_number(self) -> int: ...
106
+
107
+ def load_der_ocsp_request(data: bytes) -> ocsp.OCSPRequest: ...
108
+ def load_der_ocsp_response(data: bytes) -> ocsp.OCSPResponse: ...
109
+ def create_ocsp_request(
110
+ builder: ocsp.OCSPRequestBuilder,
111
+ ) -> ocsp.OCSPRequest: ...
112
+ def create_ocsp_response(
113
+ status: ocsp.OCSPResponseStatus,
114
+ builder: ocsp.OCSPResponseBuilder | None,
115
+ private_key: PrivateKeyTypes | None,
116
+ hash_algorithm: hashes.HashAlgorithm | None,
117
+ ) -> ocsp.OCSPResponse: ...
@@ -0,0 +1,75 @@
1
+ # This file is dual licensed under the terms of the Apache License, Version
2
+ # 2.0, and the BSD License. See the LICENSE file in the root of this repository
3
+ # for complete details.
4
+
5
+ import typing
6
+
7
+ from cryptography.hazmat.bindings._rust.openssl import (
8
+ aead,
9
+ ciphers,
10
+ cmac,
11
+ dh,
12
+ dsa,
13
+ ec,
14
+ ed448,
15
+ ed25519,
16
+ hashes,
17
+ hmac,
18
+ kdf,
19
+ keys,
20
+ poly1305,
21
+ rsa,
22
+ x448,
23
+ x25519,
24
+ )
25
+
26
+ __all__ = [
27
+ "aead",
28
+ "ciphers",
29
+ "cmac",
30
+ "dh",
31
+ "dsa",
32
+ "ec",
33
+ "ed448",
34
+ "ed25519",
35
+ "hashes",
36
+ "hmac",
37
+ "kdf",
38
+ "keys",
39
+ "openssl_version",
40
+ "openssl_version_text",
41
+ "poly1305",
42
+ "raise_openssl_error",
43
+ "rsa",
44
+ "x448",
45
+ "x25519",
46
+ ]
47
+
48
+ CRYPTOGRAPHY_IS_LIBRESSL: bool
49
+ CRYPTOGRAPHY_IS_BORINGSSL: bool
50
+ CRYPTOGRAPHY_IS_AWSLC: bool
51
+ CRYPTOGRAPHY_OPENSSL_300_OR_GREATER: bool
52
+ CRYPTOGRAPHY_OPENSSL_309_OR_GREATER: bool
53
+ CRYPTOGRAPHY_OPENSSL_320_OR_GREATER: bool
54
+ CRYPTOGRAPHY_OPENSSL_330_OR_GREATER: bool
55
+ CRYPTOGRAPHY_OPENSSL_350_OR_GREATER: bool
56
+
57
+ class Providers: ...
58
+
59
+ _legacy_provider_loaded: bool
60
+ _providers: Providers
61
+
62
+ def openssl_version() -> int: ...
63
+ def openssl_version_text() -> str: ...
64
+ def raise_openssl_error() -> typing.NoReturn: ...
65
+ def capture_error_stack() -> list[OpenSSLError]: ...
66
+ def is_fips_enabled() -> bool: ...
67
+ def enable_fips(providers: Providers) -> None: ...
68
+
69
+ class OpenSSLError:
70
+ @property
71
+ def lib(self) -> int: ...
72
+ @property
73
+ def reason(self) -> int: ...
74
+ @property
75
+ def reason_text(self) -> bytes: ...
@@ -0,0 +1,107 @@
1
+ # This file is dual licensed under the terms of the Apache License, Version
2
+ # 2.0, and the BSD License. See the LICENSE file in the root of this repository
3
+ # for complete details.
4
+
5
+ from collections.abc import Sequence
6
+
7
+ from cryptography.utils import Buffer
8
+
9
+ class AESGCM:
10
+ def __init__(self, key: Buffer) -> None: ...
11
+ @staticmethod
12
+ def generate_key(bit_length: int) -> bytes: ...
13
+ def encrypt(
14
+ self,
15
+ nonce: Buffer,
16
+ data: Buffer,
17
+ associated_data: Buffer | None,
18
+ ) -> bytes: ...
19
+ def decrypt(
20
+ self,
21
+ nonce: Buffer,
22
+ data: Buffer,
23
+ associated_data: Buffer | None,
24
+ ) -> bytes: ...
25
+
26
+ class ChaCha20Poly1305:
27
+ def __init__(self, key: Buffer) -> None: ...
28
+ @staticmethod
29
+ def generate_key() -> bytes: ...
30
+ def encrypt(
31
+ self,
32
+ nonce: Buffer,
33
+ data: Buffer,
34
+ associated_data: Buffer | None,
35
+ ) -> bytes: ...
36
+ def decrypt(
37
+ self,
38
+ nonce: Buffer,
39
+ data: Buffer,
40
+ associated_data: Buffer | None,
41
+ ) -> bytes: ...
42
+
43
+ class AESCCM:
44
+ def __init__(self, key: Buffer, tag_length: int = 16) -> None: ...
45
+ @staticmethod
46
+ def generate_key(bit_length: int) -> bytes: ...
47
+ def encrypt(
48
+ self,
49
+ nonce: Buffer,
50
+ data: Buffer,
51
+ associated_data: Buffer | None,
52
+ ) -> bytes: ...
53
+ def decrypt(
54
+ self,
55
+ nonce: Buffer,
56
+ data: Buffer,
57
+ associated_data: Buffer | None,
58
+ ) -> bytes: ...
59
+
60
+ class AESSIV:
61
+ def __init__(self, key: Buffer) -> None: ...
62
+ @staticmethod
63
+ def generate_key(bit_length: int) -> bytes: ...
64
+ def encrypt(
65
+ self,
66
+ data: Buffer,
67
+ associated_data: Sequence[Buffer] | None,
68
+ ) -> bytes: ...
69
+ def decrypt(
70
+ self,
71
+ data: Buffer,
72
+ associated_data: Sequence[Buffer] | None,
73
+ ) -> bytes: ...
74
+
75
+ class AESOCB3:
76
+ def __init__(self, key: Buffer) -> None: ...
77
+ @staticmethod
78
+ def generate_key(bit_length: int) -> bytes: ...
79
+ def encrypt(
80
+ self,
81
+ nonce: Buffer,
82
+ data: Buffer,
83
+ associated_data: Buffer | None,
84
+ ) -> bytes: ...
85
+ def decrypt(
86
+ self,
87
+ nonce: Buffer,
88
+ data: Buffer,
89
+ associated_data: Buffer | None,
90
+ ) -> bytes: ...
91
+
92
+ class AESGCMSIV:
93
+ def __init__(self, key: Buffer) -> None: ...
94
+ @staticmethod
95
+ def generate_key(bit_length: int) -> bytes: ...
96
+ def encrypt(
97
+ self,
98
+ nonce: Buffer,
99
+ data: Buffer,
100
+ associated_data: Buffer | None,
101
+ ) -> bytes: ...
102
+ def decrypt(
103
+ self,
104
+ nonce: Buffer,
105
+ data: Buffer,
106
+ associated_data: Buffer | None,
107
+ ) -> bytes: ...