358 lines
11 KiB
Python
358 lines
11 KiB
Python
# Copyright 2013-2018 Donald Stufft and individual contributors
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
from typing import ByteString, Optional, Tuple, cast
|
|
|
|
from nacl import exceptions as exc
|
|
from nacl._sodium import ffi, lib
|
|
from nacl.exceptions import ensure
|
|
|
|
|
|
crypto_secretstream_xchacha20poly1305_ABYTES: int = (
|
|
lib.crypto_secretstream_xchacha20poly1305_abytes()
|
|
)
|
|
crypto_secretstream_xchacha20poly1305_HEADERBYTES: int = (
|
|
lib.crypto_secretstream_xchacha20poly1305_headerbytes()
|
|
)
|
|
crypto_secretstream_xchacha20poly1305_KEYBYTES: int = (
|
|
lib.crypto_secretstream_xchacha20poly1305_keybytes()
|
|
)
|
|
crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX: int = (
|
|
lib.crypto_secretstream_xchacha20poly1305_messagebytes_max()
|
|
)
|
|
crypto_secretstream_xchacha20poly1305_STATEBYTES: int = (
|
|
lib.crypto_secretstream_xchacha20poly1305_statebytes()
|
|
)
|
|
|
|
|
|
crypto_secretstream_xchacha20poly1305_TAG_MESSAGE: int = (
|
|
lib.crypto_secretstream_xchacha20poly1305_tag_message()
|
|
)
|
|
crypto_secretstream_xchacha20poly1305_TAG_PUSH: int = (
|
|
lib.crypto_secretstream_xchacha20poly1305_tag_push()
|
|
)
|
|
crypto_secretstream_xchacha20poly1305_TAG_REKEY: int = (
|
|
lib.crypto_secretstream_xchacha20poly1305_tag_rekey()
|
|
)
|
|
crypto_secretstream_xchacha20poly1305_TAG_FINAL: int = (
|
|
lib.crypto_secretstream_xchacha20poly1305_tag_final()
|
|
)
|
|
|
|
|
|
def crypto_secretstream_xchacha20poly1305_keygen() -> bytes:
|
|
"""
|
|
Generate a key for use with
|
|
:func:`.crypto_secretstream_xchacha20poly1305_init_push`.
|
|
|
|
"""
|
|
keybuf = ffi.new(
|
|
"unsigned char[]",
|
|
crypto_secretstream_xchacha20poly1305_KEYBYTES,
|
|
)
|
|
lib.crypto_secretstream_xchacha20poly1305_keygen(keybuf)
|
|
return ffi.buffer(keybuf)[:]
|
|
|
|
|
|
class crypto_secretstream_xchacha20poly1305_state:
|
|
"""
|
|
An object wrapping the crypto_secretstream_xchacha20poly1305 state.
|
|
|
|
"""
|
|
|
|
__slots__ = ["statebuf", "rawbuf", "tagbuf"]
|
|
|
|
def __init__(self) -> None:
|
|
"""Initialize a clean state object."""
|
|
self.statebuf: ByteString = ffi.new(
|
|
"unsigned char[]",
|
|
crypto_secretstream_xchacha20poly1305_STATEBYTES,
|
|
)
|
|
|
|
self.rawbuf: Optional[ByteString] = None
|
|
self.tagbuf: Optional[ByteString] = None
|
|
|
|
|
|
def crypto_secretstream_xchacha20poly1305_init_push(
|
|
state: crypto_secretstream_xchacha20poly1305_state, key: bytes
|
|
) -> bytes:
|
|
"""
|
|
Initialize a crypto_secretstream_xchacha20poly1305 encryption buffer.
|
|
|
|
:param state: a secretstream state object
|
|
:type state: crypto_secretstream_xchacha20poly1305_state
|
|
:param key: must be
|
|
:data:`.crypto_secretstream_xchacha20poly1305_KEYBYTES` long
|
|
:type key: bytes
|
|
:return: header
|
|
:rtype: bytes
|
|
|
|
"""
|
|
ensure(
|
|
isinstance(state, crypto_secretstream_xchacha20poly1305_state),
|
|
"State must be a crypto_secretstream_xchacha20poly1305_state object",
|
|
raising=exc.TypeError,
|
|
)
|
|
ensure(
|
|
isinstance(key, bytes),
|
|
"Key must be a bytes sequence",
|
|
raising=exc.TypeError,
|
|
)
|
|
ensure(
|
|
len(key) == crypto_secretstream_xchacha20poly1305_KEYBYTES,
|
|
"Invalid key length",
|
|
raising=exc.ValueError,
|
|
)
|
|
|
|
headerbuf = ffi.new(
|
|
"unsigned char []",
|
|
crypto_secretstream_xchacha20poly1305_HEADERBYTES,
|
|
)
|
|
|
|
rc = lib.crypto_secretstream_xchacha20poly1305_init_push(
|
|
state.statebuf, headerbuf, key
|
|
)
|
|
ensure(rc == 0, "Unexpected failure", raising=exc.RuntimeError)
|
|
|
|
return ffi.buffer(headerbuf)[:]
|
|
|
|
|
|
def crypto_secretstream_xchacha20poly1305_push(
|
|
state: crypto_secretstream_xchacha20poly1305_state,
|
|
m: bytes,
|
|
ad: Optional[bytes] = None,
|
|
tag: int = crypto_secretstream_xchacha20poly1305_TAG_MESSAGE,
|
|
) -> bytes:
|
|
"""
|
|
Add an encrypted message to the secret stream.
|
|
|
|
:param state: a secretstream state object
|
|
:type state: crypto_secretstream_xchacha20poly1305_state
|
|
:param m: the message to encrypt, the maximum length of an individual
|
|
message is
|
|
:data:`.crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX`.
|
|
:type m: bytes
|
|
:param ad: additional data to include in the authentication tag
|
|
:type ad: bytes or None
|
|
:param tag: the message tag, usually
|
|
:data:`.crypto_secretstream_xchacha20poly1305_TAG_MESSAGE` or
|
|
:data:`.crypto_secretstream_xchacha20poly1305_TAG_FINAL`.
|
|
:type tag: int
|
|
:return: ciphertext
|
|
:rtype: bytes
|
|
|
|
"""
|
|
ensure(
|
|
isinstance(state, crypto_secretstream_xchacha20poly1305_state),
|
|
"State must be a crypto_secretstream_xchacha20poly1305_state object",
|
|
raising=exc.TypeError,
|
|
)
|
|
ensure(isinstance(m, bytes), "Message is not bytes", raising=exc.TypeError)
|
|
ensure(
|
|
len(m) <= crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX,
|
|
"Message is too long",
|
|
raising=exc.ValueError,
|
|
)
|
|
ensure(
|
|
ad is None or isinstance(ad, bytes),
|
|
"Additional data must be bytes or None",
|
|
raising=exc.TypeError,
|
|
)
|
|
|
|
clen = len(m) + crypto_secretstream_xchacha20poly1305_ABYTES
|
|
if state.rawbuf is None or len(state.rawbuf) < clen:
|
|
state.rawbuf = ffi.new("unsigned char[]", clen)
|
|
|
|
if ad is None:
|
|
ad = ffi.NULL
|
|
adlen = 0
|
|
else:
|
|
adlen = len(ad)
|
|
|
|
rc = lib.crypto_secretstream_xchacha20poly1305_push(
|
|
state.statebuf,
|
|
state.rawbuf,
|
|
ffi.NULL,
|
|
m,
|
|
len(m),
|
|
ad,
|
|
adlen,
|
|
tag,
|
|
)
|
|
ensure(rc == 0, "Unexpected failure", raising=exc.RuntimeError)
|
|
|
|
return ffi.buffer(state.rawbuf, clen)[:]
|
|
|
|
|
|
def crypto_secretstream_xchacha20poly1305_init_pull(
|
|
state: crypto_secretstream_xchacha20poly1305_state,
|
|
header: bytes,
|
|
key: bytes,
|
|
) -> None:
|
|
"""
|
|
Initialize a crypto_secretstream_xchacha20poly1305 decryption buffer.
|
|
|
|
:param state: a secretstream state object
|
|
:type state: crypto_secretstream_xchacha20poly1305_state
|
|
:param header: must be
|
|
:data:`.crypto_secretstream_xchacha20poly1305_HEADERBYTES` long
|
|
:type header: bytes
|
|
:param key: must be
|
|
:data:`.crypto_secretstream_xchacha20poly1305_KEYBYTES` long
|
|
:type key: bytes
|
|
|
|
"""
|
|
ensure(
|
|
isinstance(state, crypto_secretstream_xchacha20poly1305_state),
|
|
"State must be a crypto_secretstream_xchacha20poly1305_state object",
|
|
raising=exc.TypeError,
|
|
)
|
|
ensure(
|
|
isinstance(header, bytes),
|
|
"Header must be a bytes sequence",
|
|
raising=exc.TypeError,
|
|
)
|
|
ensure(
|
|
len(header) == crypto_secretstream_xchacha20poly1305_HEADERBYTES,
|
|
"Invalid header length",
|
|
raising=exc.ValueError,
|
|
)
|
|
ensure(
|
|
isinstance(key, bytes),
|
|
"Key must be a bytes sequence",
|
|
raising=exc.TypeError,
|
|
)
|
|
ensure(
|
|
len(key) == crypto_secretstream_xchacha20poly1305_KEYBYTES,
|
|
"Invalid key length",
|
|
raising=exc.ValueError,
|
|
)
|
|
|
|
if state.tagbuf is None:
|
|
state.tagbuf = ffi.new("unsigned char *")
|
|
|
|
rc = lib.crypto_secretstream_xchacha20poly1305_init_pull(
|
|
state.statebuf, header, key
|
|
)
|
|
ensure(rc == 0, "Unexpected failure", raising=exc.RuntimeError)
|
|
|
|
|
|
def crypto_secretstream_xchacha20poly1305_pull(
|
|
state: crypto_secretstream_xchacha20poly1305_state,
|
|
c: bytes,
|
|
ad: Optional[bytes] = None,
|
|
) -> Tuple[bytes, int]:
|
|
"""
|
|
Read a decrypted message from the secret stream.
|
|
|
|
:param state: a secretstream state object
|
|
:type state: crypto_secretstream_xchacha20poly1305_state
|
|
:param c: the ciphertext to decrypt, the maximum length of an individual
|
|
ciphertext is
|
|
:data:`.crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX` +
|
|
:data:`.crypto_secretstream_xchacha20poly1305_ABYTES`.
|
|
:type c: bytes
|
|
:param ad: additional data to include in the authentication tag
|
|
:type ad: bytes or None
|
|
:return: (message, tag)
|
|
:rtype: (bytes, int)
|
|
|
|
"""
|
|
ensure(
|
|
isinstance(state, crypto_secretstream_xchacha20poly1305_state),
|
|
"State must be a crypto_secretstream_xchacha20poly1305_state object",
|
|
raising=exc.TypeError,
|
|
)
|
|
ensure(
|
|
state.tagbuf is not None,
|
|
(
|
|
"State must be initialized using "
|
|
"crypto_secretstream_xchacha20poly1305_init_pull"
|
|
),
|
|
raising=exc.ValueError,
|
|
)
|
|
ensure(
|
|
isinstance(c, bytes),
|
|
"Ciphertext is not bytes",
|
|
raising=exc.TypeError,
|
|
)
|
|
ensure(
|
|
len(c) >= crypto_secretstream_xchacha20poly1305_ABYTES,
|
|
"Ciphertext is too short",
|
|
raising=exc.ValueError,
|
|
)
|
|
ensure(
|
|
len(c)
|
|
<= (
|
|
crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX
|
|
+ crypto_secretstream_xchacha20poly1305_ABYTES
|
|
),
|
|
"Ciphertext is too long",
|
|
raising=exc.ValueError,
|
|
)
|
|
ensure(
|
|
ad is None or isinstance(ad, bytes),
|
|
"Additional data must be bytes or None",
|
|
raising=exc.TypeError,
|
|
)
|
|
|
|
mlen = len(c) - crypto_secretstream_xchacha20poly1305_ABYTES
|
|
if state.rawbuf is None or len(state.rawbuf) < mlen:
|
|
state.rawbuf = ffi.new("unsigned char[]", mlen)
|
|
|
|
if ad is None:
|
|
ad = ffi.NULL
|
|
adlen = 0
|
|
else:
|
|
adlen = len(ad)
|
|
|
|
rc = lib.crypto_secretstream_xchacha20poly1305_pull(
|
|
state.statebuf,
|
|
state.rawbuf,
|
|
ffi.NULL,
|
|
state.tagbuf,
|
|
c,
|
|
len(c),
|
|
ad,
|
|
adlen,
|
|
)
|
|
ensure(rc == 0, "Unexpected failure", raising=exc.RuntimeError)
|
|
|
|
# Cast safety: we `ensure` above that `state.tagbuf is not None`.
|
|
return (
|
|
ffi.buffer(state.rawbuf, mlen)[:],
|
|
int(cast(bytes, state.tagbuf)[0]),
|
|
)
|
|
|
|
|
|
def crypto_secretstream_xchacha20poly1305_rekey(
|
|
state: crypto_secretstream_xchacha20poly1305_state,
|
|
) -> None:
|
|
"""
|
|
Explicitly change the encryption key in the stream.
|
|
|
|
Normally the stream is re-keyed as needed or an explicit ``tag`` of
|
|
:data:`.crypto_secretstream_xchacha20poly1305_TAG_REKEY` is added to a
|
|
message to ensure forward secrecy, but this method can be used instead
|
|
if the re-keying is controlled without adding the tag.
|
|
|
|
:param state: a secretstream state object
|
|
:type state: crypto_secretstream_xchacha20poly1305_state
|
|
|
|
"""
|
|
ensure(
|
|
isinstance(state, crypto_secretstream_xchacha20poly1305_state),
|
|
"State must be a crypto_secretstream_xchacha20poly1305_state object",
|
|
raising=exc.TypeError,
|
|
)
|
|
lib.crypto_secretstream_xchacha20poly1305_rekey(state.statebuf)
|