Source code for nacl.public

from __future__ import absolute_import
from __future__ import division

from . import six

from . import nacl, encoding
from .exceptions import CryptoError
from .utils import EncryptedMessage, random


class PublicKey(encoding.Encodable, six.StringFixer, object):
    """
    The public key counterpart to an Curve25519 :class:`nacl.public.PrivateKey`
    for encrypting messages.

    :param public_key: [:class:`bytes`] Encoded Curve25519 public key
    :param encoder: A class that is able to decode the `public_key`

    :cvar SIZE: The size that the public key is required to be
    """

    SIZE = nacl.lib.crypto_box_PUBLICKEYBYTES

    def __init__(self, public_key, encoder=encoding.RawEncoder):
        self._public_key = encoder.decode(public_key)

        if len(self._public_key) != self.SIZE:
            raise ValueError("The public key must be exactly %s bytes long" %
                             self.SIZE)

    def __bytes__(self):
        return self._public_key


class PrivateKey(encoding.Encodable, six.StringFixer, object):
    """
    Private key for decrypting messages using the Curve25519 algorithm.

    .. warning:: This **must** be protected and remain secret. Anyone who
        knows the value of your :class:`~nacl.public.PrivateKey` can decrypt
        any message encrypted by the corresponding
        :class:`~nacl.public.PublicKey`

    :param private_key: The private key used to decrypt messages
    :param encoder: The encoder class used to decode the given keys

    :cvar SIZE: The size that the private key is required to be
    """

    SIZE = nacl.lib.crypto_box_SECRETKEYBYTES

    def __init__(self, private_key, encoder=encoding.RawEncoder):
        # Decode the secret_key
        private_key = encoder.decode(private_key)

        # Verify that our seed is the proper size
        if len(private_key) != self.SIZE:
            raise ValueError(
                "The secret key must be exactly %d bytes long" % self.SIZE)

        pk = nacl.ffi.new("unsigned char[]", PublicKey.SIZE)

        if not nacl.lib.crypto_scalarmult_curve25519_base(pk, private_key):
            raise CryptoError("Failed to generate a key pair")

        _pkey = nacl.ffi.buffer(pk, nacl.lib.crypto_box_PUBLICKEYBYTES)[:]

        self._private_key = private_key
        self.public_key = PublicKey(_pkey)

    def __bytes__(self):
        return self._private_key

    @classmethod
    def generate(cls):
        """
        Generates a random :class:`~nacl.public.PrivateKey` object

        :rtype: :class:`~nacl.public.PrivateKey`
        """
        return cls(random(PrivateKey.SIZE), encoder=encoding.RawEncoder)


class Box(encoding.Encodable, six.StringFixer, object):
    """
    The Box class boxes and unboxes messages between a pair of keys

    The ciphertexts generated by :class:`~nacl.public.Box` include a 16
    byte authenticator which is checked as part of the decryption. An invalid
    authenticator will cause the decrypt function to raise an exception. The
    authenticator is not a signature. Once you've decrypted the message you've
    demonstrated the ability to create arbitrary valid message, so messages you
    send are repudiable. For non-repudiable messages, sign them after
    encryption.

    :param private_key: :class:`~nacl.public.PrivateKey` used to encrypt and
        decrypt messages
    :param public_key: :class:`~nacl.public.PublicKey` used to encrypt and
        decrypt messages

    :cvar NONCE_SIZE: The size that the nonce is required to be.
    """

    NONCE_SIZE = nacl.lib.crypto_box_NONCEBYTES

    def __init__(self, private_key, public_key):
        if private_key and public_key:
            _shared_key_size = nacl.lib.crypto_box_BEFORENMBYTES
            _shared_key = nacl.ffi.new("unsigned char[]", _shared_key_size)

            if not nacl.lib.crypto_box_beforenm(
                        _shared_key,
                        public_key.encode(encoder=encoding.RawEncoder),
                        private_key.encode(encoder=encoding.RawEncoder),
                    ):
                raise CryptoError("Failed to derive shared key")

            self._shared_key = nacl.ffi.buffer(_shared_key, _shared_key_size)[:]
        else:
            self._shared_key = None

    def __bytes__(self):
        return self._shared_key

    @classmethod
    def decode(cls, encoded, encoder=encoding.RawEncoder):
        # Create an empty box
        box = cls(None, None)

        # Assign our decoded value to the shared key of the box
        box._shared_key = encoder.decode(encoded)

        return box

    def encrypt(self, plaintext, nonce, encoder=encoding.RawEncoder):
        """
        Encrypts the plaintext message using the given `nonce` and returns
        the ciphertext encoded with the encoder.

        .. warning:: It is **VITALLY** important that the nonce is a nonce,
            i.e. it is a number used only once for any given key. If you fail
            to do this, you compromise the privacy of the messages encrypted.

        :param plaintext: [:class:`bytes`] The plaintext message to encrypt
        :param nonce: [:class:`bytes`] The nonce to use in the encryption
        :param encoder: The encoder to use to encode the ciphertext
        :rtype: [:class:`nacl.utils.EncryptedMessage`]
        """
        if len(nonce) != self.NONCE_SIZE:
            raise ValueError("The nonce must be exactly %s bytes long" %
                             self.NONCE_SIZE)

        padded = b"\x00" * nacl.lib.crypto_box_ZEROBYTES + plaintext
        ciphertext = nacl.ffi.new("unsigned char[]", len(padded))

        if not nacl.lib.crypto_box_afternm(
                    ciphertext,
                    padded,
                    len(padded),
                    nonce,
                    self._shared_key,
                ):
            raise CryptoError("Encryption failed")

        box_zeros = nacl.lib.crypto_box_BOXZEROBYTES
        ciphertext = nacl.ffi.buffer(ciphertext, len(padded))[box_zeros:]

        encoded_nonce = encoder.encode(nonce)
        encoded_ciphertext = encoder.encode(ciphertext)

        return EncryptedMessage._from_parts(
                    encoded_nonce,
                    encoded_ciphertext,
                    encoder.encode(nonce + ciphertext),
                )

    def decrypt(self, ciphertext, nonce=None, encoder=encoding.RawEncoder):
        """
        Decrypts the ciphertext using the given nonce and returns the
        plaintext message.

        :param ciphertext: [:class:`bytes`] The encrypted message to decrypt
        :param nonce: [:class:`bytes`] The nonce used when encrypting the
            ciphertext
        :param encoder: The encoder used to decode the ciphertext.
        :rtype: [:class:`bytes`]
        """
        # Decode our ciphertext
        ciphertext = encoder.decode(ciphertext)

        if nonce is None:
            # If we were given the nonce and ciphertext combined, split them.
            nonce = ciphertext[:self.NONCE_SIZE]
            ciphertext = ciphertext[self.NONCE_SIZE:]

        if len(nonce) != self.NONCE_SIZE:
            raise ValueError("The nonce must be exactly %s bytes long" %
                             self.NONCE_SIZE)

        padded = b"\x00" * nacl.lib.crypto_box_BOXZEROBYTES + ciphertext
        plaintext = nacl.ffi.new("unsigned char[]", len(padded))

        if not nacl.lib.crypto_box_open_afternm(
                    plaintext,
                    padded,
                    len(padded),
                    nonce,
                    self._shared_key,
                ):
            raise CryptoError(
                        "Decryption failed. Ciphertext failed verification")

        box_zeros = nacl.lib.crypto_box_ZEROBYTES
        plaintext = nacl.ffi.buffer(plaintext, len(padded))[box_zeros:]

        return plaintext