U q`&@sddlmZmZmZddlmZddlmZm Z ddl m Z ddgZ e Ze Ze Ze Ze Ze Ze Ze ZddZdd Zd dZd d Z d dZ!ddZ"ddZ#ddZ$ddZ%dS))absolute_importdivisionprint_function) exceptions)ffilib)ensurecrypto_box_keypair crypto_boxcCs`tdt}tdt}t||}t|dkdtjdt |tddt |tddfS)zq Returns a randomly generated public and secret key. :rtype: (bytes(public_key), bytes(secret_key)) unsigned char[]rUnexpected library errorZraisingN) rnewcrypto_box_PUBLICKEYBYTEScrypto_box_SECRETKEYBYTESrr rexc RuntimeErrorbuffer)pkskrcr?/tmp/pip-target-nv4zd3e_/lib/python/nacl/bindings/crypto_box.pyr #s   cCstt|tdtdt|tkr*tdt dt }t dt }t |||}t|dkdtjdt|t ddt|t ddfS)a Returns a (public, secret) keypair deterministically generated from an input ``seed``. .. warning:: The seed **must** be high-entropy; therefore, its generator **must** be a cryptographic quality random function like, for example, :func:`~nacl.utils.random`. .. warning:: The seed **must** be protected and remain secret. Anyone who knows the seed is really in possession of the corresponding PrivateKey. :param seed: bytes :rtype: (bytes(public_key), bytes(secret_key)) zseed must be bytesr z Invalid seedr rr N)r isinstancebytes TypeErrorlencrypto_box_SEEDBYTESr ValueErrorrrrrrcrypto_box_seed_keypairrr)seedrrrrrrr7s      rcCst|tkrtdt|tkr,tdt|tkrBtddt|}tdt|}t ||t||||}t |dkdtj dt |t|td S) z Encrypts and returns a message ``message`` using the secret key ``sk``, public key ``pk``, and the nonce ``nonce``. :param message: bytes :param nonce: bytes :param pk: bytes :param sk: bytes :rtype: bytes Invalid nonce sizeInvalid public keyInvalid secret keyr rr r N)rcrypto_box_NONCEBYTESrrrrcrypto_box_ZEROBYTESrrrr rrrcrypto_box_BOXZEROBYTES)messagenoncerrpadded ciphertextrrrrr ]s       cCst|tkrtdt|tkr,tdt|tkrBtddt|}tdt|}t ||t||||}t |dkdtj dt |t|td S) a Decrypts and returns an encrypted message ``ciphertext``, using the secret key ``sk``, public key ``pk``, and the nonce ``nonce``. :param ciphertext: bytes :param nonce: bytes :param pk: bytes :param sk: bytes :rtype: bytes r!r"r#r$r r/An error occurred trying to decrypt the messager N)rr%rrrrr'rrrcrypto_box_openr CryptoErrorrr&)r+r)rrr* plaintextresrrrr-|s        r-cCsnt|tkrtdt|tkr,tdtdt}t |||}t |dkdtj dt |tddS)a Computes and returns the shared key for the public key ``pk`` and the secret key ``sk``. This can be used to speed up operations where the same set of keys is going to be used multiple times. :param pk: bytes :param sk: bytes :rtype: bytes r"r#r rr r N) rrrrrrrcrypto_box_BEFORENMBYTESrcrypto_box_beforenmrrr)rrkrrrrr2s     r2cCst|tkrtdt|tkr,tddt|}tdt|}t ||t|||}t |dkdtj dt |t|t dS) z Encrypts and returns the message ``message`` using the shared key ``k`` and the nonce ``nonce``. :param message: bytes :param nonce: bytes :param k: bytes :rtype: bytes Invalid nonceInvalid shared keyr$r rr r N)rr%rrr1r&rrrcrypto_box_afternmrrrr')r(r)r3r*r+rrrrr6s     r6cCst|tkrtdt|tkr,tddt|}tdt|}t ||t|||}t |dkdtj dt |t|t dS) z Decrypts and returns the encrypted message ``ciphertext``, using the shared key ``k`` and the nonce ``nonce``. :param ciphertext: bytes :param nonce: bytes :param k: bytes :rtype: bytes r4r5r$r rr,r N)rr%rrr1r'rrrcrypto_box_open_afternmrr.rr&)r+r)r3r*r/r0rrrr7s"      r7cCstt|tdtdtt|tdtdt|tkr>tdt|}t|}t d|}t ||||}t|dkdtj dt ||ddS) a Encrypts and returns a message ``message`` using an ephemeral secret key and the public key ``pk``. The ephemeral public key, which is embedded in the sealed box, is also used, in combination with ``pk``, to derive the nonce needed for the underlying box construct. :param message: bytes :param pk: bytes :rtype: bytes .. versionadded:: 1.2 zinput message must be bytesr public key must be bytesr"r rr N)rrrrrrrrcrypto_box_SEALBYTESrrrcrypto_box_sealrr)r(r_mlen_clenr+rrrrr:s&     r:cCstt|tdtdtt|tdtdtt|tdtdt|tkrRtdt|tkrhtdt|}t|t kd t tjd|t }t dt d |}t|||||}t|d kd tjdt ||d d S) a Decrypts and returns an encrypted message ``ciphertext``, using the recipent's secret key ``sk`` and the sender's ephemeral public key embedded in the sealed box. The box contruct nonce is derived from the recipient's public key ``pk`` and the sender's public key. :param ciphertext: bytes :param pk: bytes :param sk: bytes :rtype: bytes .. versionadded:: 1.2 zinput ciphertext must be bytesr r8zsecret key must be bytesr"r#z)Input cyphertext must be at least {} longr rr,N)rrrrrrrrrr9formatrrmaxrcrypto_box_seal_openr.r)r+rrr<r;r/r0rrrr@s<        r@N)& __future__rrrZnaclrrZ nacl._sodiumrrZnacl.exceptionsr__all__Zcrypto_box_secretkeybytesrZcrypto_box_publickeybytesrZcrypto_box_seedbytesrZcrypto_box_noncebytesr%Zcrypto_box_zerobytesr&Zcrypto_box_boxzerobytesr'Zcrypto_box_beforenmbytesr1Zcrypto_box_sealbytesr9r rr r-r2r6r7r:r@rrrrs*  &&