σ Ϋ_e[c@`sδddlmZmZmZddlZddlmZddlmZddl m Z m Z m Z dej e efd„ƒYZdej e efd „ƒYZd ej e efd „ƒYZd ej e efd „ƒYZdS(i(tabsolute_importtdivisiontprint_functionN(tencoding(t exceptions(tEncryptedMessaget StringFixertrandomt PublicKeycB`sMeZdZejjZejd„Z d„Z d„Z d„Z d„Z RS(s= The public key counterpart to an Curve25519 :class:`nacl.public.PrivateKey` for encrypting messages. :param public_key: [:class:`bytes`] Encoded Curve25519 public key :param encoder: A class that is able to decode the `public_key` :cvar SIZE: The size that the public key is required to be cC`sp|j|ƒ|_t|jtƒs6tjdƒ‚nt|jƒ|jkrltjdj |jƒƒ‚ndS(Ns'PublicKey must be created from 32 bytess-The public key must be exactly {0} bytes long( tdecodet _public_keyt isinstancetbytestexct TypeErrortlentSIZEt ValueErrortformat(tselft public_keytencoder((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyt__init__$scC`s|jS(N(R (R((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyt __bytes__0scC`stt|ƒƒS(N(thashR (R((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyt__hash__3scC`s5t||jƒstStjjt|ƒt|ƒƒS(N(R t __class__tFalsetnacltbindingst sodium_memcmpR (Rtother((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyt__eq__6scC`s ||k S(N((RR((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyt__ne__;s(t__name__t __module__t__doc__RRtcrypto_box_PUBLICKEYBYTESRRt RawEncoderRRRR R!(((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyRs     t PrivateKeycB`s}eZdZejjZejjZe j d„Z e e j d„ƒZ d„Zd„Zd„Zd„Ze d„ƒZRS(s{ Private key for decrypting messages using the Curve25519 algorithm. .. warning:: This **must** be protected and remain secret. Anyone who knows the value of your :class:`~nacl.public.PrivateKey` can decrypt any message encrypted by the corresponding :class:`~nacl.public.PublicKey` :param private_key: The private key used to decrypt messages :param encoder: The encoder class used to decode the given keys :cvar SIZE: The size that the private key is required to be :cvar SEED_SIZE: The size that the seed used to generate the private key is required to be cC`s|j|ƒ}t|tƒo0t|ƒ|jksQtjdj|jƒƒ‚ntj j |ƒ}||_ t |ƒ|_ dS(Ns?PrivateKey must be created from a {0} bytes long raw secret key(R R R RRR RRRRtcrypto_scalarmult_baset _private_keyRR(Rt private_keyRtraw_public_key((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyRSs  cC`ss|j|ƒ}t|tƒo0t|ƒ|jksQtjdj|jƒƒ‚ntj j |ƒ\}}||ƒS(sh Generate a PrivateKey using a deterministic construction starting from a caller-provided seed .. warning:: The seed **must** be high-entropy; therefore, its generator **must** be a cryptographic quality random function like, for example, :func:`~nacl.utils.random`. .. warning:: The seed **must** be protected and remain secret. Anyone who knows the seed is really in possession of the corresponding PrivateKey. :param seed: The seed used to generate the private key :rtype: :class:`~nacl.public.PrivateKey` s8PrivateKey seed must be a {0} bytes long binary sequence( R R R Rt SEED_SIZER RRRRtcrypto_box_seed_keypair(tclstseedRtraw_pktraw_sk((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyt from_seedbs $ cC`s|jS(N(R)(R((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyRscC`stt|ƒt|jƒfƒS(N(RttypeR R(R((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyR‚scC`s&t||jƒstS|j|jkS(N(R RRR(RR((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyR …scC`s ||k S(N((RR((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyR!ŠscC`s|ttjƒdtjƒS(s~ Generates a random :class:`~nacl.public.PrivateKey` object :rtype: :class:`~nacl.public.PrivateKey` R(RR'RRR&(R.((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pytgenerates(R"R#R$RRtcrypto_box_SECRETKEYBYTESRtcrypto_box_SEEDBYTESR,RR&Rt classmethodR2RRR R!R4(((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyR'?s      tBoxcB`sneZdZejjZd„Zd„Ze e j d„ƒZ de j d„Zde j d„Zd„ZRS(s/ The Box class boxes and unboxes messages between a pair of keys The ciphertexts generated by :class:`~nacl.public.Box` include a 16 byte authenticator which is checked as part of the decryption. An invalid authenticator will cause the decrypt function to raise an exception. The authenticator is not a signature. Once you've decrypted the message you've demonstrated the ability to create arbitrary valid message, so messages you send are repudiable. For non-repudiable messages, sign them after encryption. :param private_key: :class:`~nacl.public.PrivateKey` used to encrypt and decrypt messages :param public_key: :class:`~nacl.public.PublicKey` used to encrypt and decrypt messages :cvar NONCE_SIZE: The size that the nonce is required to be. cC`s„|rw|rwt|tƒ s,t|tƒ r>tjdƒ‚ntjj|jdt j ƒ|jdt j ƒƒ|_ n d|_ dS(Ns5Box must be created from a PrivateKey and a PublicKeyR( R R'RR RRRtcrypto_box_beforenmtencodeRR&t _shared_keytNone(RR*R((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyR­s  cC`s|jS(N(R;(R((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyRΊscC`s%|ddƒ}|j|ƒ|_|S(N(R<R R;(R.tencodedRtbox((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyR ½scC`s₯|dkrt|jƒ}nt|ƒ|jkrLtjd|jƒ‚ntjj|||j ƒ}|j |ƒ}|j |ƒ}t j |||j ||ƒƒS(s― Encrypts the plaintext message using the given `nonce` (or generates one randomly if omitted) and returns the ciphertext encoded with the encoder. .. warning:: It is **VITALLY** important that the nonce is a nonce, i.e. it is a number used only once for any given key. If you fail to do this, you compromise the privacy of the messages encrypted. :param plaintext: [:class:`bytes`] The plaintext message to encrypt :param nonce: [:class:`bytes`] The nonce to use in the encryption :param encoder: The encoder to use to encode the ciphertext :rtype: [:class:`nacl.utils.EncryptedMessage`] s'The nonce must be exactly %s bytes longN( R<Rt NONCE_SIZERR RRRtcrypto_box_afternmR;R:Rt _from_parts(Rt plaintexttnonceRt ciphertextt encoded_noncetencoded_ciphertext((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pytencryptΗs    cC`s…|j|ƒ}|dkr8||j }||j}nt|ƒ|jkrftjd|jƒ‚ntjj|||j ƒ}|S(sα Decrypts the ciphertext using the `nonce` (explicitly, when passed as a parameter or implicitly, when omitted, as part of the ciphertext) and returns the plaintext message. :param ciphertext: [:class:`bytes`] The encrypted message to decrypt :param nonce: [:class:`bytes`] The nonce used when encrypting the ciphertext :param encoder: The encoder used to decode the ciphertext. :rtype: [:class:`bytes`] s'The nonce must be exactly %s bytes longN( R R<R?RR RRRtcrypto_box_open_afternmR;(RRDRCRRB((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pytdecryptμs      cC`s|jS(s§ Returns the Curve25519 shared secret, that can then be used as a key in other symmetric ciphers. .. warning:: It is **VITALLY** important that you use a nonce with your symmetric cipher. If you fail to do this, you compromise the privacy of the messages encrypted. Ensure that the key length of your cipher is 32 bytes. :rtype: [:class:`bytes`] (R;(R((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyt shared_key s N(R"R#R$RRtcrypto_box_NONCEBYTESR?RRR7RR&R R<RGRIRJ(((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyR8—s   % t SealedBoxcB`s>eZdZd„Zd„Zejd„Zejd„ZRS(sk The SealedBox class boxes and unboxes messages addressed to a specified key-pair by using ephemeral sender's keypairs, whose private part will be discarded just after encrypting a single plaintext message. The ciphertexts generated by :class:`~nacl.public.SecretBox` include the public part of the ephemeral key before the :class:`~nacl.public.Box` ciphertext. :param public_key: :class:`~nacl.public.PublicKey` used to encrypt messages and derive nonces :param private_key: :class:`~nacl.public.PrivateKey` used to decrypt messages .. versionadded:: 1.2 cC`s‹t|tƒr3|jdtjƒ|_d|_nTt|tƒrx|jdtjƒ|_|j jdtjƒ|_nt j dƒ‚dS(NRs:SealedBox must be created from a PublicKey or a PrivateKey( R RR:RR&R R<R)R'RR R(Rt recipient_key((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyR.s    cC`s|jS(N(R (R((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyR=scC`s+tjj||jƒ}|j|ƒ}|S(sy Encrypts the plaintext message using a random-generated ephemeral keypair and returns a "composed ciphertext", containing both the public part of the keypair and the ciphertext proper, encoded with the encoder. The private part of the ephemeral key-pair will be scrubbed before returning the ciphertext, therefore, the sender will not be able to decrypt the generated ciphertext. :param plaintext: [:class:`bytes`] The plaintext message to encrypt :param encoder: The encoder to use to encode the ciphertext :return bytes: encoded ciphertext (RRtcrypto_box_sealR R:(RRBRRDRF((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyRG@s   cC`s1|j|ƒ}tjj||j|jƒ}|S(sr Decrypts the ciphertext using the ephemeral public key enclosed in the ciphertext and the SealedBox private key, returning the plaintext message. :param ciphertext: [:class:`bytes`] The encrypted message to decrypt :param encoder: The encoder used to decode the ciphertext. :return bytes: The original plaintext (R RRtcrypto_box_seal_openR R)(RRDRRB((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyRIYs   ( R"R#R$RRRR&RGRI(((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyRLs   (t __future__RRRt nacl.bindingsRRRR t nacl.utilsRRRt EncodabletobjectRR'R8RL(((s-/tmp/pip-install-KP2Jbq/pynacl/nacl/public.pyts (X„