mix
/
kea_for_miners
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
9.7 MiB
Tree: a81be736b8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a81be736b8'
${ noResults }
kea_for_miners/venv/lib/python3.5/site-packages/nacl/secret.py

127 lines
4.9 KiB
Raw Normal View History

initial commit
7 years ago
 
  1. # Copyright 2013 Donald Stufft and individual contributors
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. # See the License for the specific language governing permissions and
  13. # limitations under the License.
  14. 

  15. from __future__ import absolute_import, division, print_function
  16. 

  17. import nacl.bindings
  18. from nacl import encoding
  19. from nacl import exceptions as exc
  20. from nacl.utils import EncryptedMessage, StringFixer, random
  21. 

  22. 

  23. class SecretBox(encoding.Encodable, StringFixer, object):
  24.     """

  25.     The SecretBox class encrypts and decrypts messages using the given secret
  26.     key.
  27. 

  28.     The ciphertexts generated by :class:`~nacl.secret.Secretbox` include a 16
  29.     byte authenticator which is checked as part of the decryption. An invalid
  30.     authenticator will cause the decrypt function to raise an exception. The
  31.     authenticator is not a signature. Once you've decrypted the message you've
  32.     demonstrated the ability to create arbitrary valid message, so messages you
  33.     send are repudiable. For non-repudiable messages, sign them after
  34.     encryption.
  35. 

  36.     :param key: The secret key used to encrypt and decrypt messages
  37.     :param encoder: The encoder class used to decode the given key
  38. 

  39.     :cvar KEY_SIZE: The size that the key is required to be.
  40.     :cvar NONCE_SIZE: The size that the nonce is required to be.
  41.     """

  42. 

  43.     KEY_SIZE = nacl.bindings.crypto_secretbox_KEYBYTES
  44.     NONCE_SIZE = nacl.bindings.crypto_secretbox_NONCEBYTES
  45. 

  46.     def __init__(self, key, encoder=encoding.RawEncoder):
  47.         key = encoder.decode(key)
  48.         if not isinstance(key, bytes):
  49.             raise exc.TypeError("SecretBox must be created from 32 bytes")
  50. 

  51.         if len(key) != self.KEY_SIZE:
  52.             raise exc.ValueError(
  53.                 "The key must be exactly %s bytes long" %
  54.                 self.KEY_SIZE,
  55.             )
  56. 

  57.         self._key = key
  58. 

  59.     def __bytes__(self):
  60.         return self._key
  61. 

  62.     def encrypt(self, plaintext, nonce=None, encoder=encoding.RawEncoder):
  63.         """

  64.         Encrypts the plaintext message using the given `nonce` (or generates
  65.         one randomly if omitted) and returns the ciphertext encoded with the
  66.         encoder.
  67. 

  68.         .. warning:: It is **VITALLY** important that the nonce is a nonce,
  69.             i.e. it is a number used only once for any given key. If you fail
  70.             to do this, you compromise the privacy of the messages encrypted.
  71.             Give your nonces a different prefix, or have one side use an odd
  72.             counter and one an even counter. Just make sure they are different.
  73. 

  74.         :param plaintext: [:class:`bytes`] The plaintext message to encrypt
  75.         :param nonce: [:class:`bytes`] The nonce to use in the encryption
  76.         :param encoder: The encoder to use to encode the ciphertext
  77.         :rtype: [:class:`nacl.utils.EncryptedMessage`]
  78.         """

  79.         if nonce is None:
  80.             nonce = random(self.NONCE_SIZE)
  81. 

  82.         if len(nonce) != self.NONCE_SIZE:
  83.             raise exc.ValueError(
  84.                 "The nonce must be exactly %s bytes long" % self.NONCE_SIZE,
  85.             )
  86. 

  87.         ciphertext = nacl.bindings.crypto_secretbox(plaintext,
  88.                                                     nonce, self._key)
  89. 

  90.         encoded_nonce = encoder.encode(nonce)
  91.         encoded_ciphertext = encoder.encode(ciphertext)
  92. 

  93.         return EncryptedMessage._from_parts(
  94.             encoded_nonce,
  95.             encoded_ciphertext,
  96.             encoder.encode(nonce + ciphertext),
  97.         )
  98. 

  99.     def decrypt(self, ciphertext, nonce=None, encoder=encoding.RawEncoder):
  100.         """

  101.         Decrypts the ciphertext using the `nonce` (explicitly, when passed as a
  102.         parameter or implicitly, when omitted, as part of the ciphertext) and
  103.         returns the plaintext message.
  104. 

  105.         :param ciphertext: [:class:`bytes`] The encrypted message to decrypt
  106.         :param nonce: [:class:`bytes`] The nonce used when encrypting the
  107.             ciphertext
  108.         :param encoder: The encoder used to decode the ciphertext.
  109.         :rtype: [:class:`bytes`]
  110.         """

  111.         # Decode our ciphertext
  112.         ciphertext = encoder.decode(ciphertext)
  113. 

  114.         if nonce is None:
  115.             # If we were given the nonce and ciphertext combined, split them.
  116.             nonce = ciphertext[:self.NONCE_SIZE]
  117.             ciphertext = ciphertext[self.NONCE_SIZE:]
  118. 

  119.         if len(nonce) != self.NONCE_SIZE:
  120.             raise exc.ValueError(
  121.                 "The nonce must be exactly %s bytes long" % self.NONCE_SIZE,
  122.             )
  123. 

  124.         plaintext = nacl.bindings.crypto_secretbox_open(ciphertext,
  125.                                                         nonce, self._key)
  126. 

  127.         return plaintext

Powered by TurnKey Linux.