# Copyright 2013-2018 Donald Stufft and individual contributors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. from typing import ByteString, Optional, Tuple, cast from nacl import exceptions as exc from nacl._sodium import ffi, lib from nacl.exceptions import ensure crypto_secretstream_xchacha20poly1305_ABYTES: int = ( lib.crypto_secretstream_xchacha20poly1305_abytes() ) crypto_secretstream_xchacha20poly1305_HEADERBYTES: int = ( lib.crypto_secretstream_xchacha20poly1305_headerbytes() ) crypto_secretstream_xchacha20poly1305_KEYBYTES: int = ( lib.crypto_secretstream_xchacha20poly1305_keybytes() ) crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX: int = ( lib.crypto_secretstream_xchacha20poly1305_messagebytes_max() ) crypto_secretstream_xchacha20poly1305_STATEBYTES: int = ( lib.crypto_secretstream_xchacha20poly1305_statebytes() ) crypto_secretstream_xchacha20poly1305_TAG_MESSAGE: int = ( lib.crypto_secretstream_xchacha20poly1305_tag_message() ) crypto_secretstream_xchacha20poly1305_TAG_PUSH: int = ( lib.crypto_secretstream_xchacha20poly1305_tag_push() ) crypto_secretstream_xchacha20poly1305_TAG_REKEY: int = ( lib.crypto_secretstream_xchacha20poly1305_tag_rekey() ) crypto_secretstream_xchacha20poly1305_TAG_FINAL: int = ( lib.crypto_secretstream_xchacha20poly1305_tag_final() ) def crypto_secretstream_xchacha20poly1305_keygen() -> bytes: """ Generate a key for use with :func:`.crypto_secretstream_xchacha20poly1305_init_push`. """ keybuf = ffi.new( "unsigned char[]", crypto_secretstream_xchacha20poly1305_KEYBYTES, ) lib.crypto_secretstream_xchacha20poly1305_keygen(keybuf) return ffi.buffer(keybuf)[:] class crypto_secretstream_xchacha20poly1305_state: """ An object wrapping the crypto_secretstream_xchacha20poly1305 state. """ __slots__ = ["statebuf", "rawbuf", "tagbuf"] def __init__(self) -> None: """Initialize a clean state object.""" self.statebuf: ByteString = ffi.new( "unsigned char[]", crypto_secretstream_xchacha20poly1305_STATEBYTES, ) self.rawbuf: Optional[ByteString] = None self.tagbuf: Optional[ByteString] = None def crypto_secretstream_xchacha20poly1305_init_push( state: crypto_secretstream_xchacha20poly1305_state, key: bytes ) -> bytes: """ Initialize a crypto_secretstream_xchacha20poly1305 encryption buffer. :param state: a secretstream state object :type state: crypto_secretstream_xchacha20poly1305_state :param key: must be :data:`.crypto_secretstream_xchacha20poly1305_KEYBYTES` long :type key: bytes :return: header :rtype: bytes """ ensure( isinstance(state, crypto_secretstream_xchacha20poly1305_state), "State must be a crypto_secretstream_xchacha20poly1305_state object", raising=exc.TypeError, ) ensure( isinstance(key, bytes), "Key must be a bytes sequence", raising=exc.TypeError, ) ensure( len(key) == crypto_secretstream_xchacha20poly1305_KEYBYTES, "Invalid key length", raising=exc.ValueError, ) headerbuf = ffi.new( "unsigned char []", crypto_secretstream_xchacha20poly1305_HEADERBYTES, ) rc = lib.crypto_secretstream_xchacha20poly1305_init_push( state.statebuf, headerbuf, key ) ensure(rc == 0, "Unexpected failure", raising=exc.RuntimeError) return ffi.buffer(headerbuf)[:] def crypto_secretstream_xchacha20poly1305_push( state: crypto_secretstream_xchacha20poly1305_state, m: bytes, ad: Optional[bytes] = None, tag: int = crypto_secretstream_xchacha20poly1305_TAG_MESSAGE, ) -> bytes: """ Add an encrypted message to the secret stream. :param state: a secretstream state object :type state: crypto_secretstream_xchacha20poly1305_state :param m: the message to encrypt, the maximum length of an individual message is :data:`.crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX`. :type m: bytes :param ad: additional data to include in the authentication tag :type ad: bytes or None :param tag: the message tag, usually :data:`.crypto_secretstream_xchacha20poly1305_TAG_MESSAGE` or :data:`.crypto_secretstream_xchacha20poly1305_TAG_FINAL`. :type tag: int :return: ciphertext :rtype: bytes """ ensure( isinstance(state, crypto_secretstream_xchacha20poly1305_state), "State must be a crypto_secretstream_xchacha20poly1305_state object", raising=exc.TypeError, ) ensure(isinstance(m, bytes), "Message is not bytes", raising=exc.TypeError) ensure( len(m) <= crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX, "Message is too long", raising=exc.ValueError, ) ensure( ad is None or isinstance(ad, bytes), "Additional data must be bytes or None", raising=exc.TypeError, ) clen = len(m) + crypto_secretstream_xchacha20poly1305_ABYTES if state.rawbuf is None or len(state.rawbuf) < clen: state.rawbuf = ffi.new("unsigned char[]", clen) if ad is None: ad = ffi.NULL adlen = 0 else: adlen = len(ad) rc = lib.crypto_secretstream_xchacha20poly1305_push( state.statebuf, state.rawbuf, ffi.NULL, m, len(m), ad, adlen, tag, ) ensure(rc == 0, "Unexpected failure", raising=exc.RuntimeError) return ffi.buffer(state.rawbuf, clen)[:] def crypto_secretstream_xchacha20poly1305_init_pull( state: crypto_secretstream_xchacha20poly1305_state, header: bytes, key: bytes, ) -> None: """ Initialize a crypto_secretstream_xchacha20poly1305 decryption buffer. :param state: a secretstream state object :type state: crypto_secretstream_xchacha20poly1305_state :param header: must be :data:`.crypto_secretstream_xchacha20poly1305_HEADERBYTES` long :type header: bytes :param key: must be :data:`.crypto_secretstream_xchacha20poly1305_KEYBYTES` long :type key: bytes """ ensure( isinstance(state, crypto_secretstream_xchacha20poly1305_state), "State must be a crypto_secretstream_xchacha20poly1305_state object", raising=exc.TypeError, ) ensure( isinstance(header, bytes), "Header must be a bytes sequence", raising=exc.TypeError, ) ensure( len(header) == crypto_secretstream_xchacha20poly1305_HEADERBYTES, "Invalid header length", raising=exc.ValueError, ) ensure( isinstance(key, bytes), "Key must be a bytes sequence", raising=exc.TypeError, ) ensure( len(key) == crypto_secretstream_xchacha20poly1305_KEYBYTES, "Invalid key length", raising=exc.ValueError, ) if state.tagbuf is None: state.tagbuf = ffi.new("unsigned char *") rc = lib.crypto_secretstream_xchacha20poly1305_init_pull( state.statebuf, header, key ) ensure(rc == 0, "Unexpected failure", raising=exc.RuntimeError) def crypto_secretstream_xchacha20poly1305_pull( state: crypto_secretstream_xchacha20poly1305_state, c: bytes, ad: Optional[bytes] = None, ) -> Tuple[bytes, int]: """ Read a decrypted message from the secret stream. :param state: a secretstream state object :type state: crypto_secretstream_xchacha20poly1305_state :param c: the ciphertext to decrypt, the maximum length of an individual ciphertext is :data:`.crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX` + :data:`.crypto_secretstream_xchacha20poly1305_ABYTES`. :type c: bytes :param ad: additional data to include in the authentication tag :type ad: bytes or None :return: (message, tag) :rtype: (bytes, int) """ ensure( isinstance(state, crypto_secretstream_xchacha20poly1305_state), "State must be a crypto_secretstream_xchacha20poly1305_state object", raising=exc.TypeError, ) ensure( state.tagbuf is not None, ( "State must be initialized using " "crypto_secretstream_xchacha20poly1305_init_pull" ), raising=exc.ValueError, ) ensure( isinstance(c, bytes), "Ciphertext is not bytes", raising=exc.TypeError, ) ensure( len(c) >= crypto_secretstream_xchacha20poly1305_ABYTES, "Ciphertext is too short", raising=exc.ValueError, ) ensure( len(c) <= ( crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX + crypto_secretstream_xchacha20poly1305_ABYTES ), "Ciphertext is too long", raising=exc.ValueError, ) ensure( ad is None or isinstance(ad, bytes), "Additional data must be bytes or None", raising=exc.TypeError, ) mlen = len(c) - crypto_secretstream_xchacha20poly1305_ABYTES if state.rawbuf is None or len(state.rawbuf) < mlen: state.rawbuf = ffi.new("unsigned char[]", mlen) if ad is None: ad = ffi.NULL adlen = 0 else: adlen = len(ad) rc = lib.crypto_secretstream_xchacha20poly1305_pull( state.statebuf, state.rawbuf, ffi.NULL, state.tagbuf, c, len(c), ad, adlen, ) ensure(rc == 0, "Unexpected failure", raising=exc.RuntimeError) # Cast safety: we `ensure` above that `state.tagbuf is not None`. return ( ffi.buffer(state.rawbuf, mlen)[:], int(cast(bytes, state.tagbuf)[0]), ) def crypto_secretstream_xchacha20poly1305_rekey( state: crypto_secretstream_xchacha20poly1305_state, ) -> None: """ Explicitly change the encryption key in the stream. Normally the stream is re-keyed as needed or an explicit ``tag`` of :data:`.crypto_secretstream_xchacha20poly1305_TAG_REKEY` is added to a message to ensure forward secrecy, but this method can be used instead if the re-keying is controlled without adding the tag. :param state: a secretstream state object :type state: crypto_secretstream_xchacha20poly1305_state """ ensure( isinstance(state, crypto_secretstream_xchacha20poly1305_state), "State must be a crypto_secretstream_xchacha20poly1305_state object", raising=exc.TypeError, ) lib.crypto_secretstream_xchacha20poly1305_rekey(state.statebuf)