U ֫[%@sddlmZmZmZddlmZddlmZm Z ddl m Z ddgZ e Ze Ze Ze Ze Ze Ze Ze ZddZdd Zd dZd d Z d dZ!ddZ"ddZ#ddZ$ddZ%dS))absolute_importdivisionprint_function) exceptions)ffilib)ensurecrypto_box_keypair crypto_boxcCs`tdt}tdt}t||}t|dkdtjdt |tddt |tddfS)zq Returns a randomly generated public and secret key. :rtype: (bytes(public_key), bytes(secret_key)) unsigned char[]rUnexpected library errorZraisingN) rnewcrypto_box_PUBLICKEYBYTEScrypto_box_SECRETKEYBYTESrr rexc RuntimeErrorbuffer)pkskrcr:/usr/lib/python3/dist-packages/nacl/bindings/crypto_box.pyr #s   cCstt|tdtdt|tkr*tdt dt }t dt }t |||}t|dkdtjdt|t ddt|t ddfS)a Returns a (public, secret) keypair deterministically generated from an input ``seed``. .. warning:: The seed **must** be high-entropy; therefore, its generator **must** be a cryptographic quality random function like, for example, :func:`~nacl.utils.random`. .. warning:: The seed **must** be protected and remain secret. Anyone who knows the seed is really in possession of the corresponding PrivateKey. :param seed: bytes :rtype: (bytes(public_key), bytes(secret_key)) zseed must be bytesr z Invalid seedr rr N)r isinstancebytes TypeErrorlencrypto_box_SEEDBYTESr ValueErrorrrrrrcrypto_box_seed_keypairrr)Zseedrrrrrrr7s      rcCst|tkrtdt|tkr,tdt|tkrBtddt|}tdt|}t ||t||||}t |dkdtj dt |t|td S) z Encrypts and returns a message ``message`` using the secret key ``sk``, public key ``pk``, and the nonce ``nonce``. :param message: bytes :param nonce: bytes :param pk: bytes :param sk: bytes :rtype: bytes Invalid nonce sizeInvalid public keyInvalid secret keyr rr r N)rcrypto_box_NONCEBYTESrrrrcrypto_box_ZEROBYTESrrrr rrrcrypto_box_BOXZEROBYTES)messagenoncerrpadded ciphertextrrrrr ]s       cCst|tkrtdt|tkr,tdt|tkrBtddt|}tdt|}t ||t||||}t |dkdtj dt |t|td S) a Decrypts and returns an encrypted message ``ciphertext``, using the secret key ``sk``, public key ``pk``, and the nonce ``nonce``. :param ciphertext: bytes :param nonce: bytes :param pk: bytes :param sk: bytes :rtype: bytes r r!r"r#r r/An error occurred trying to decrypt the messager N)rr$rrrrr&rrrcrypto_box_openr CryptoErrorrr%)r*r(rrr) plaintextresrrrr,|s        r,cCsnt|tkrtdt|tkr,tdtdt}t |||}t |dkdtj dt |tddS)a Computes and returns the shared key for the public key ``pk`` and the secret key ``sk``. This can be used to speed up operations where the same set of keys is going to be used multiple times. :param pk: bytes :param sk: bytes :rtype: bytes r!r"r rr r N) rrrrrrrcrypto_box_BEFORENMBYTESrcrypto_box_beforenmrrr)rrkrrrrr1s     r1cCst|tkrtdt|tkr,tddt|}tdt|}t ||t|||}t |dkdtj dt |t|t dS) z Encrypts and returns the message ``message`` using the shared key ``k`` and the nonce ``nonce``. :param message: bytes :param nonce: bytes :param k: bytes :rtype: bytes Invalid nonceInvalid shared keyr#r rr r N)rr$rrr0r%rrrcrypto_box_afternmrrrr&)r'r(r2r)r*rrrrr5s     r5cCst|tkrtdt|tkr,tddt|}tdt|}t ||t|||}t |dkdtj dt |t|t dS) z Decrypts and returns the encrypted message ``ciphertext``, using the shared key ``k`` and the nonce ``nonce``. :param ciphertext: bytes :param nonce: bytes :param k: bytes :rtype: bytes r3r4r#r rr+r N)rr$rrr0r&rrrcrypto_box_open_afternmrr-rr%)r*r(r2r)r.r/rrrr6s"      r6cCstt|tdtdtt|tdtdt|tkr>tdt|}t|}t d|}t ||||}t|dkdtj dt ||ddS) a Encrypts and returns a message ``message`` using an ephemeral secret key and the public key ``pk``. The ephemeral public key, which is embedded in the sealed box, is also used, in combination with ``pk``, to derive the nonce needed for the underlying box construct. :param message: bytes :param pk: bytes :rtype: bytes .. versionadded:: 1.2 zinput message must be bytesr public key must be bytesr!r rr N)rrrrrrrrcrypto_box_SEALBYTESrrrcrypto_box_sealrr)r'r_mlen_clenr*rrrrr9s&     r9cCstt|tdtdtt|tdtdtt|tdtdt|tkrRtdt|tkrhtdt|}|t }t d|}t |||||}t|dkd tjdt ||d d S) a Decrypts and returns an encrypted message ``ciphertext``, using the recipent's secret key ``sk`` and the sender's ephemeral public key embedded in the sealed box. The box contruct nonce is derived from the recipient's public key ``pk`` and the sender's public key. :param ciphertext: bytes :param pk: bytes :param sk: bytes :rtype: bytes .. versionadded:: 1.2 zinput ciphertext must be bytesr r7zsecret key must be bytesr!r"r rr+N)rrrrrrrrrr8rrrcrypto_box_seal_openr-r)r*rrr;r:r.r/rrrr<s0         r<N)&Z __future__rrrZnaclrrZ nacl._sodiumrrZnacl.exceptionsr__all__Zcrypto_box_secretkeybytesrZcrypto_box_publickeybytesrZcrypto_box_seedbytesrZcrypto_box_noncebytesr$Zcrypto_box_zerobytesr%Zcrypto_box_boxzerobytesr&Zcrypto_box_beforenmbytesr0Zcrypto_box_sealbytesr8r rr r,r1r5r6r9r<rrrrs*  &&