323 lines
10 KiB
Python
323 lines
10 KiB
Python
# Copyright 2013-2018 Donald Stufft and individual contributors
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
|
|
from nacl import exceptions as exc
|
|
from nacl._sodium import ffi, lib
|
|
from nacl.exceptions import ensure
|
|
|
|
|
|
crypto_secretstream_xchacha20poly1305_ABYTES = \
|
|
lib.crypto_secretstream_xchacha20poly1305_abytes()
|
|
crypto_secretstream_xchacha20poly1305_HEADERBYTES = \
|
|
lib.crypto_secretstream_xchacha20poly1305_headerbytes()
|
|
crypto_secretstream_xchacha20poly1305_KEYBYTES = \
|
|
lib.crypto_secretstream_xchacha20poly1305_keybytes()
|
|
crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX = \
|
|
lib.crypto_secretstream_xchacha20poly1305_messagebytes_max()
|
|
crypto_secretstream_xchacha20poly1305_STATEBYTES = \
|
|
lib.crypto_secretstream_xchacha20poly1305_statebytes()
|
|
|
|
|
|
crypto_secretstream_xchacha20poly1305_TAG_MESSAGE = \
|
|
lib.crypto_secretstream_xchacha20poly1305_tag_message()
|
|
crypto_secretstream_xchacha20poly1305_TAG_PUSH = \
|
|
lib.crypto_secretstream_xchacha20poly1305_tag_push()
|
|
crypto_secretstream_xchacha20poly1305_TAG_REKEY = \
|
|
lib.crypto_secretstream_xchacha20poly1305_tag_rekey()
|
|
crypto_secretstream_xchacha20poly1305_TAG_FINAL = \
|
|
lib.crypto_secretstream_xchacha20poly1305_tag_final()
|
|
|
|
|
|
def crypto_secretstream_xchacha20poly1305_keygen():
|
|
"""
|
|
Generate a key for use with
|
|
:func:`.crypto_secretstream_xchacha20poly1305_init_push`.
|
|
|
|
"""
|
|
keybuf = ffi.new(
|
|
"unsigned char[]",
|
|
crypto_secretstream_xchacha20poly1305_KEYBYTES,
|
|
)
|
|
lib.crypto_secretstream_xchacha20poly1305_keygen(keybuf)
|
|
return ffi.buffer(keybuf)[:]
|
|
|
|
|
|
class crypto_secretstream_xchacha20poly1305_state(object):
|
|
"""
|
|
An object wrapping the crypto_secretstream_xchacha20poly1305 state.
|
|
|
|
"""
|
|
__slots__ = ['statebuf', 'rawbuf', 'tagbuf']
|
|
|
|
def __init__(self):
|
|
""" Initialize a clean state object."""
|
|
self.statebuf = ffi.new(
|
|
"unsigned char[]",
|
|
crypto_secretstream_xchacha20poly1305_STATEBYTES,
|
|
)
|
|
|
|
self.rawbuf = None
|
|
self.tagbuf = None
|
|
|
|
|
|
def crypto_secretstream_xchacha20poly1305_init_push(state, key):
|
|
"""
|
|
Initialize a crypto_secretstream_xchacha20poly1305 encryption buffer.
|
|
|
|
:param state: a secretstream state object
|
|
:type state: crypto_secretstream_xchacha20poly1305_state
|
|
:param key: must be
|
|
:data:`.crypto_secretstream_xchacha20poly1305_KEYBYTES` long
|
|
:type key: bytes
|
|
:return: header
|
|
:rtype: bytes
|
|
|
|
"""
|
|
ensure(
|
|
isinstance(state, crypto_secretstream_xchacha20poly1305_state),
|
|
'State must be a crypto_secretstream_xchacha20poly1305_state object',
|
|
raising=exc.TypeError,
|
|
)
|
|
ensure(
|
|
isinstance(key, bytes),
|
|
'Key must be a bytes sequence',
|
|
raising=exc.TypeError,
|
|
)
|
|
ensure(
|
|
len(key) == crypto_secretstream_xchacha20poly1305_KEYBYTES,
|
|
'Invalid key length',
|
|
raising=exc.ValueError,
|
|
)
|
|
|
|
headerbuf = ffi.new(
|
|
"unsigned char []",
|
|
crypto_secretstream_xchacha20poly1305_HEADERBYTES,
|
|
)
|
|
|
|
rc = lib.crypto_secretstream_xchacha20poly1305_init_push(
|
|
state.statebuf, headerbuf, key)
|
|
ensure(rc == 0, 'Unexpected failure', raising=exc.RuntimeError)
|
|
|
|
return ffi.buffer(headerbuf)[:]
|
|
|
|
|
|
def crypto_secretstream_xchacha20poly1305_push(
|
|
state,
|
|
m,
|
|
ad=None,
|
|
tag=crypto_secretstream_xchacha20poly1305_TAG_MESSAGE,
|
|
):
|
|
"""
|
|
Add an encrypted message to the secret stream.
|
|
|
|
:param state: a secretstream state object
|
|
:type state: crypto_secretstream_xchacha20poly1305_state
|
|
:param m: the message to encrypt, the maximum length of an individual
|
|
message is
|
|
:data:`.crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX`.
|
|
:type m: bytes
|
|
:param ad: additional data to include in the authentication tag
|
|
:type ad: bytes or None
|
|
:param tag: the message tag, usually
|
|
:data:`.crypto_secretstream_xchacha20poly1305_TAG_MESSAGE` or
|
|
:data:`.crypto_secretstream_xchacha20poly1305_TAG_FINAL`.
|
|
:type tag: int
|
|
:return: ciphertext
|
|
:rtype: bytes
|
|
|
|
"""
|
|
ensure(
|
|
isinstance(state, crypto_secretstream_xchacha20poly1305_state),
|
|
'State must be a crypto_secretstream_xchacha20poly1305_state object',
|
|
raising=exc.TypeError,
|
|
)
|
|
ensure(isinstance(m, bytes), 'Message is not bytes', raising=exc.TypeError)
|
|
ensure(
|
|
len(m) <= crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX,
|
|
'Message is too long',
|
|
raising=exc.ValueError,
|
|
)
|
|
ensure(
|
|
ad is None or isinstance(ad, bytes),
|
|
'Additional data must be bytes or None',
|
|
raising=exc.TypeError,
|
|
)
|
|
|
|
clen = len(m) + crypto_secretstream_xchacha20poly1305_ABYTES
|
|
if state.rawbuf is None or len(state.rawbuf) < clen:
|
|
state.rawbuf = ffi.new('unsigned char[]', clen)
|
|
|
|
if ad is None:
|
|
ad = ffi.NULL
|
|
adlen = 0
|
|
else:
|
|
adlen = len(ad)
|
|
|
|
rc = lib.crypto_secretstream_xchacha20poly1305_push(
|
|
state.statebuf,
|
|
state.rawbuf, ffi.NULL,
|
|
m, len(m),
|
|
ad, adlen,
|
|
tag,
|
|
)
|
|
ensure(rc == 0, 'Unexpected failure', raising=exc.RuntimeError)
|
|
|
|
return ffi.buffer(state.rawbuf, clen)[:]
|
|
|
|
|
|
def crypto_secretstream_xchacha20poly1305_init_pull(state, header, key):
|
|
"""
|
|
Initialize a crypto_secretstream_xchacha20poly1305 decryption buffer.
|
|
|
|
:param state: a secretstream state object
|
|
:type state: crypto_secretstream_xchacha20poly1305_state
|
|
:param header: must be
|
|
:data:`.crypto_secretstream_xchacha20poly1305_HEADERBYTES` long
|
|
:type header: bytes
|
|
:param key: must be
|
|
:data:`.crypto_secretstream_xchacha20poly1305_KEYBYTES` long
|
|
:type key: bytes
|
|
|
|
"""
|
|
ensure(
|
|
isinstance(state, crypto_secretstream_xchacha20poly1305_state),
|
|
'State must be a crypto_secretstream_xchacha20poly1305_state object',
|
|
raising=exc.TypeError,
|
|
)
|
|
ensure(
|
|
isinstance(header, bytes),
|
|
'Header must be a bytes sequence',
|
|
raising=exc.TypeError,
|
|
)
|
|
ensure(
|
|
len(header) == crypto_secretstream_xchacha20poly1305_HEADERBYTES,
|
|
'Invalid header length',
|
|
raising=exc.ValueError,
|
|
)
|
|
ensure(
|
|
isinstance(key, bytes),
|
|
'Key must be a bytes sequence',
|
|
raising=exc.TypeError,
|
|
)
|
|
ensure(
|
|
len(key) == crypto_secretstream_xchacha20poly1305_KEYBYTES,
|
|
'Invalid key length',
|
|
raising=exc.ValueError,
|
|
)
|
|
|
|
if state.tagbuf is None:
|
|
state.tagbuf = ffi.new('unsigned char *')
|
|
|
|
rc = lib.crypto_secretstream_xchacha20poly1305_init_pull(
|
|
state.statebuf, header, key)
|
|
ensure(rc == 0, 'Unexpected failure', raising=exc.RuntimeError)
|
|
|
|
|
|
def crypto_secretstream_xchacha20poly1305_pull(state, c, ad=None):
|
|
"""
|
|
Read a decrypted message from the secret stream.
|
|
|
|
:param state: a secretstream state object
|
|
:type state: crypto_secretstream_xchacha20poly1305_state
|
|
:param c: the ciphertext to decrypt, the maximum length of an individual
|
|
ciphertext is
|
|
:data:`.crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX` +
|
|
:data:`.crypto_secretstream_xchacha20poly1305_ABYTES`.
|
|
:type c: bytes
|
|
:param ad: additional data to include in the authentication tag
|
|
:type ad: bytes or None
|
|
:return: (message, tag)
|
|
:rtype: (bytes, int)
|
|
|
|
"""
|
|
ensure(
|
|
isinstance(state, crypto_secretstream_xchacha20poly1305_state),
|
|
'State must be a crypto_secretstream_xchacha20poly1305_state object',
|
|
raising=exc.TypeError,
|
|
)
|
|
ensure(
|
|
state.tagbuf is not None,
|
|
(
|
|
'State must be initialized using '
|
|
'crypto_secretstream_xchacha20poly1305_init_pull'
|
|
),
|
|
raising=exc.ValueError,
|
|
)
|
|
ensure(
|
|
isinstance(c, bytes),
|
|
'Ciphertext is not bytes',
|
|
raising=exc.TypeError,
|
|
)
|
|
ensure(
|
|
len(c) > crypto_secretstream_xchacha20poly1305_ABYTES,
|
|
'Ciphertext is too short',
|
|
raising=exc.ValueError,
|
|
)
|
|
ensure(
|
|
len(c) <= (
|
|
crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX +
|
|
crypto_secretstream_xchacha20poly1305_ABYTES
|
|
),
|
|
'Ciphertext is too long',
|
|
raising=exc.ValueError,
|
|
)
|
|
ensure(
|
|
ad is None or isinstance(ad, bytes),
|
|
'Additional data must be bytes or None',
|
|
raising=exc.TypeError,
|
|
)
|
|
|
|
mlen = len(c) - crypto_secretstream_xchacha20poly1305_ABYTES
|
|
if state.rawbuf is None or len(state.rawbuf) < mlen:
|
|
state.rawbuf = ffi.new('unsigned char[]', mlen)
|
|
|
|
if ad is None:
|
|
ad = ffi.NULL
|
|
adlen = 0
|
|
else:
|
|
adlen = len(ad)
|
|
|
|
rc = lib.crypto_secretstream_xchacha20poly1305_pull(
|
|
state.statebuf,
|
|
state.rawbuf, ffi.NULL,
|
|
state.tagbuf,
|
|
c, len(c),
|
|
ad, adlen,
|
|
)
|
|
ensure(rc == 0, 'Unexpected failure', raising=exc.RuntimeError)
|
|
|
|
return (ffi.buffer(state.rawbuf, mlen)[:], int(state.tagbuf[0]))
|
|
|
|
|
|
def crypto_secretstream_xchacha20poly1305_rekey(state):
|
|
"""
|
|
Explicitly change the encryption key in the stream.
|
|
|
|
Normally the stream is re-keyed as needed or an explicit ``tag`` of
|
|
:data:`.crypto_secretstream_xchacha20poly1305_TAG_REKEY` is added to a
|
|
message to ensure forward secrecy, but this method can be used instead
|
|
if the re-keying is controlled without adding the tag.
|
|
|
|
:param state: a secretstream state object
|
|
:type state: crypto_secretstream_xchacha20poly1305_state
|
|
|
|
"""
|
|
ensure(
|
|
isinstance(state, crypto_secretstream_xchacha20poly1305_state),
|
|
'State must be a crypto_secretstream_xchacha20poly1305_state object',
|
|
raising=exc.TypeError,
|
|
)
|
|
lib.crypto_secretstream_xchacha20poly1305_rekey(state.statebuf)
|