3 L]4@sddlmZmZmZddlZddlmZddlmZddl m Z m Z m Z Gdddej e eZGdd d ej e eZGd d d ej e eZGd d d ej e eZdS))absolute_importdivisionprint_functionN)encoding) exceptions)EncryptedMessage StringFixerrandomc@sFeZdZdZejjZej fddZ ddZ ddZ dd Z d d Zd S) PublicKeya= The public key counterpart to an Curve25519 :class:`nacl.public.PrivateKey` for encrypting messages. :param public_key: [:class:`bytes`] Encoded Curve25519 public key :param encoder: A class that is able to decode the `public_key` :cvar SIZE: The size that the public key is required to be cCsH|j||_t|jts"tjdt|j|jkrDtjdj |jdS)Nz'PublicKey must be created from 32 bytesz-The public key must be exactly {0} bytes long) decode _public_key isinstancebytesexc TypeErrorlenSIZE ValueErrorformat)self public_keyencoderr//tmp/pip-install-wfra5znf/pynacl/nacl/public.py__init__$s   zPublicKey.__init__cCs|jS)N)r )rrrr __bytes__0szPublicKey.__bytes__cCs tt|S)N)hashr)rrrr__hash__3szPublicKey.__hash__cCs&t||jsdStjjt|t|S)NF)r __class__naclbindingsZ sodium_memcmpr)rotherrrr__eq__6s zPublicKey.__eq__cCs ||k S)Nr)rr!rrr__ne__;szPublicKey.__ne__N)__name__ __module__ __qualname____doc__rr Zcrypto_box_PUBLICKEYBYTESrr RawEncoderrrrr"r#rrrrr s  r c@sleZdZdZejjZejjZ e j fddZ e e j fddZddZdd Zd d Zd d Ze ddZdS) PrivateKeya{ Private key for decrypting messages using the Curve25519 algorithm. .. warning:: This **must** be protected and remain secret. Anyone who knows the value of your :class:`~nacl.public.PrivateKey` can decrypt any message encrypted by the corresponding :class:`~nacl.public.PublicKey` :param private_key: The private key used to decrypt messages :param encoder: The encoder class used to decode the given keys :cvar SIZE: The size that the private key is required to be :cvar SEED_SIZE: The size that the seed used to generate the private key is required to be cCsT|j|}t|to t||jks4tjdj|jtj j |}||_ t ||_ dS)Nz?PrivateKey must be created from a {0} bytes long raw secret key)r r rrrrrrrr Zcrypto_scalarmult_base _private_keyr r)r private_keyrZraw_public_keyrrrrSs    zPrivateKey.__init__cCsL|j|}t|to t||jks4tjdj|jtj j |\}}||S)ah Generate a PrivateKey using a deterministic construction starting from a caller-provided seed .. warning:: The seed **must** be high-entropy; therefore, its generator **must** be a cryptographic quality random function like, for example, :func:`~nacl.utils.random`. .. warning:: The seed **must** be protected and remain secret. Anyone who knows the seed is really in possession of the corresponding PrivateKey. :param seed: The seed used to generate the private key :rtype: :class:`~nacl.public.PrivateKey` z8PrivateKey seed must be a {0} bytes long binary sequence) r r rr SEED_SIZErrrrr Zcrypto_box_seed_keypair)clsseedrZraw_pkZraw_skrrr from_seedbs   zPrivateKey.from_seedcCs|jS)N)r*)rrrrrszPrivateKey.__bytes__cCstt|t|jfS)N)rtyperr)rrrrrszPrivateKey.__hash__cCst||jsdS|j|jkS)NF)r rr)rr!rrrr"s zPrivateKey.__eq__cCs ||k S)Nr)rr!rrrr#szPrivateKey.__ne__cCs|ttjtjdS)z~ Generates a random :class:`~nacl.public.PrivateKey` object :rtype: :class:`~nacl.public.PrivateKey` )r)r r)rrr()r-rrrgenerateszPrivateKey.generateN)r$r%r&r'rr Zcrypto_box_SECRETKEYBYTESrZcrypto_box_SEEDBYTESr,rr(r classmethodr/rrr"r#r1rrrrr)?sr)c@sbeZdZdZejjZddZddZ e e j fddZ de j fd d Zde j fd d Zd dZdS)Boxa/ The Box class boxes and unboxes messages between a pair of keys The ciphertexts generated by :class:`~nacl.public.Box` include a 16 byte authenticator which is checked as part of the decryption. An invalid authenticator will cause the decrypt function to raise an exception. The authenticator is not a signature. Once you've decrypted the message you've demonstrated the ability to create arbitrary valid message, so messages you send are repudiable. For non-repudiable messages, sign them after encryption. :param private_key: :class:`~nacl.public.PrivateKey` used to encrypt and decrypt messages :param public_key: :class:`~nacl.public.PublicKey` used to encrypt and decrypt messages :cvar NONCE_SIZE: The size that the nonce is required to be. cCsZ|rP|rPt|t s t|t r*tjdtjj|jt j d|jt j d|_ nd|_ dS)Nz5Box must be created from a PrivateKey and a PublicKey)r) r r)r rrrr Zcrypto_box_beforenmencoderr( _shared_key)rr+rrrrrs    z Box.__init__cCs|jS)N)r5)rrrrrsz Box.__bytes__cCs|dd}|j||_|S)N)r r5)r-encodedrZboxrrrr s  z Box.decodeNcCsn|dkrt|j}t||jkr0tjd|jtjj|||j}|j |}|j |}t j |||j ||S)a Encrypts the plaintext message using the given `nonce` (or generates one randomly if omitted) and returns the ciphertext encoded with the encoder. .. warning:: It is **VITALLY** important that the nonce is a nonce, i.e. it is a number used only once for any given key. If you fail to do this, you compromise the privacy of the messages encrypted. :param plaintext: [:class:`bytes`] The plaintext message to encrypt :param nonce: [:class:`bytes`] The nonce to use in the encryption :param encoder: The encoder to use to encode the ciphertext :rtype: [:class:`nacl.utils.EncryptedMessage`] Nz'The nonce must be exactly %s bytes long) r NONCE_SIZErrrrr Zcrypto_box_afternmr5r4rZ _from_parts)r plaintextnoncer ciphertextZ encoded_nonceencoded_ciphertextrrrencrypts    z Box.encryptcCsb|j|}|dkr.|d|j}||jd}t||jkrLtjd|jtjj|||j}|S)a Decrypts the ciphertext using the `nonce` (explicitly, when passed as a parameter or implicitly, when omitted, as part of the ciphertext) and returns the plaintext message. :param ciphertext: [:class:`bytes`] The encrypted message to decrypt :param nonce: [:class:`bytes`] The nonce used when encrypting the ciphertext :param encoder: The encoder used to decode the ciphertext. :rtype: [:class:`bytes`] Nz'The nonce must be exactly %s bytes long) r r7rrrrr Zcrypto_box_open_afternmr5)rr:r9rr8rrrdecrypts  z Box.decryptcCs|jS)a Returns the Curve25519 shared secret, that can then be used as a key in other symmetric ciphers. .. warning:: It is **VITALLY** important that you use a nonce with your symmetric cipher. If you fail to do this, you compromise the privacy of the messages encrypted. Ensure that the key length of your cipher is 32 bytes. :rtype: [:class:`bytes`] )r5)rrrr shared_key s zBox.shared_key)r$r%r&r'rr Zcrypto_box_NONCEBYTESr7rrr2rr(r r<r=r>rrrrr3s  % r3c@s<eZdZdZddZddZejfddZejfdd Z d S) SealedBoxak The SealedBox class boxes and unboxes messages addressed to a specified key-pair by using ephemeral sender's keypairs, whose private part will be discarded just after encrypting a single plaintext message. The ciphertexts generated by :class:`~nacl.public.SecretBox` include the public part of the ephemeral key before the :class:`~nacl.public.Box` ciphertext. :param public_key: :class:`~nacl.public.PublicKey` used to encrypt messages and derive nonces :param private_key: :class:`~nacl.public.PrivateKey` used to decrypt messages .. versionadded:: 1.2 cCs^t|tr"|jtjd|_d|_n8t|trP|jtjd|_|jjtjd|_n t j ddS)N)rz:SealedBox must be created from a PublicKey or a PrivateKey) r r r4rr(r r*r)rrr)rZ recipient_keyrrrr.s    zSealedBox.__init__cCs|jS)N)r )rrrrr=szSealedBox.__bytes__cCstjj||j}|j|}|S)ay Encrypts the plaintext message using a random-generated ephemeral keypair and returns a "composed ciphertext", containing both the public part of the keypair and the ciphertext proper, encoded with the encoder. The private part of the ephemeral key-pair will be scrubbed before returning the ciphertext, therefore, the sender will not be able to decrypt the generated ciphertext. :param plaintext: [:class:`bytes`] The plaintext message to encrypt :param encoder: The encoder to use to encode the ciphertext :return bytes: encoded ciphertext )rr Zcrypto_box_sealr r4)rr8rr:r;rrrr<@s  zSealedBox.encryptcCs"|j|}tjj||j|j}|S)ar Decrypts the ciphertext using the ephemeral public key enclosed in the ciphertext and the SealedBox private key, returning the plaintext message. :param ciphertext: [:class:`bytes`] The encrypted message to decrypt :param encoder: The encoder used to decode the ciphertext. :return bytes: The original plaintext )r rr Zcrypto_box_seal_openr r*)rr:rr8rrrr=Ys zSealedBox.decryptN) r$r%r&r'rrrr(r<r=rrrrr?s r?) __future__rrrZ nacl.bindingsrrrrZ nacl.utilsrrr Z Encodableobjectr r)r3r?rrrrs  (X