public.py 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423
  1. # Copyright 2013 Donald Stufft and individual contributors
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. # See the License for the specific language governing permissions and
  13. # limitations under the License.
  14. from typing import ClassVar, Generic, Optional, Type, TypeVar
  15. import nacl.bindings
  16. from nacl import encoding
  17. from nacl import exceptions as exc
  18. from nacl.encoding import Encoder
  19. from nacl.utils import EncryptedMessage, StringFixer, random
  20. class PublicKey(encoding.Encodable, StringFixer):
  21. """
  22. The public key counterpart to an Curve25519 :class:`nacl.public.PrivateKey`
  23. for encrypting messages.
  24. :param public_key: [:class:`bytes`] Encoded Curve25519 public key
  25. :param encoder: A class that is able to decode the `public_key`
  26. :cvar SIZE: The size that the public key is required to be
  27. """
  28. SIZE: ClassVar[int] = nacl.bindings.crypto_box_PUBLICKEYBYTES
  29. def __init__(
  30. self,
  31. public_key: bytes,
  32. encoder: encoding.Encoder = encoding.RawEncoder,
  33. ):
  34. self._public_key = encoder.decode(public_key)
  35. if not isinstance(self._public_key, bytes):
  36. raise exc.TypeError("PublicKey must be created from 32 bytes")
  37. if len(self._public_key) != self.SIZE:
  38. raise exc.ValueError(
  39. "The public key must be exactly {} bytes long".format(
  40. self.SIZE
  41. )
  42. )
  43. def __bytes__(self) -> bytes:
  44. return self._public_key
  45. def __hash__(self) -> int:
  46. return hash(bytes(self))
  47. def __eq__(self, other: object) -> bool:
  48. if not isinstance(other, self.__class__):
  49. return False
  50. return nacl.bindings.sodium_memcmp(bytes(self), bytes(other))
  51. def __ne__(self, other: object) -> bool:
  52. return not (self == other)
  53. class PrivateKey(encoding.Encodable, StringFixer):
  54. """
  55. Private key for decrypting messages using the Curve25519 algorithm.
  56. .. warning:: This **must** be protected and remain secret. Anyone who
  57. knows the value of your :class:`~nacl.public.PrivateKey` can decrypt
  58. any message encrypted by the corresponding
  59. :class:`~nacl.public.PublicKey`
  60. :param private_key: The private key used to decrypt messages
  61. :param encoder: The encoder class used to decode the given keys
  62. :cvar SIZE: The size that the private key is required to be
  63. :cvar SEED_SIZE: The size that the seed used to generate the
  64. private key is required to be
  65. """
  66. SIZE: ClassVar[int] = nacl.bindings.crypto_box_SECRETKEYBYTES
  67. SEED_SIZE: ClassVar[int] = nacl.bindings.crypto_box_SEEDBYTES
  68. def __init__(
  69. self,
  70. private_key: bytes,
  71. encoder: encoding.Encoder = encoding.RawEncoder,
  72. ):
  73. # Decode the secret_key
  74. private_key = encoder.decode(private_key)
  75. # verify the given secret key type and size are correct
  76. if not (
  77. isinstance(private_key, bytes) and len(private_key) == self.SIZE
  78. ):
  79. raise exc.TypeError(
  80. (
  81. "PrivateKey must be created from a {} "
  82. "bytes long raw secret key"
  83. ).format(self.SIZE)
  84. )
  85. raw_public_key = nacl.bindings.crypto_scalarmult_base(private_key)
  86. self._private_key = private_key
  87. self.public_key = PublicKey(raw_public_key)
  88. @classmethod
  89. def from_seed(
  90. cls,
  91. seed: bytes,
  92. encoder: encoding.Encoder = encoding.RawEncoder,
  93. ) -> "PrivateKey":
  94. """
  95. Generate a PrivateKey using a deterministic construction
  96. starting from a caller-provided seed
  97. .. warning:: The seed **must** be high-entropy; therefore,
  98. its generator **must** be a cryptographic quality
  99. random function like, for example, :func:`~nacl.utils.random`.
  100. .. warning:: The seed **must** be protected and remain secret.
  101. Anyone who knows the seed is really in possession of
  102. the corresponding PrivateKey.
  103. :param seed: The seed used to generate the private key
  104. :rtype: :class:`~nacl.public.PrivateKey`
  105. """
  106. # decode the seed
  107. seed = encoder.decode(seed)
  108. # Verify the given seed type and size are correct
  109. if not (isinstance(seed, bytes) and len(seed) == cls.SEED_SIZE):
  110. raise exc.TypeError(
  111. (
  112. "PrivateKey seed must be a {} bytes long "
  113. "binary sequence"
  114. ).format(cls.SEED_SIZE)
  115. )
  116. # generate a raw keypair from the given seed
  117. raw_pk, raw_sk = nacl.bindings.crypto_box_seed_keypair(seed)
  118. # construct a instance from the raw secret key
  119. return cls(raw_sk)
  120. def __bytes__(self) -> bytes:
  121. return self._private_key
  122. def __hash__(self) -> int:
  123. return hash((type(self), bytes(self.public_key)))
  124. def __eq__(self, other: object) -> bool:
  125. if not isinstance(other, self.__class__):
  126. return False
  127. return self.public_key == other.public_key
  128. def __ne__(self, other: object) -> bool:
  129. return not (self == other)
  130. @classmethod
  131. def generate(cls) -> "PrivateKey":
  132. """
  133. Generates a random :class:`~nacl.public.PrivateKey` object
  134. :rtype: :class:`~nacl.public.PrivateKey`
  135. """
  136. return cls(random(PrivateKey.SIZE), encoder=encoding.RawEncoder)
  137. _Box = TypeVar("_Box", bound="Box")
  138. class Box(encoding.Encodable, StringFixer):
  139. """
  140. The Box class boxes and unboxes messages between a pair of keys
  141. The ciphertexts generated by :class:`~nacl.public.Box` include a 16
  142. byte authenticator which is checked as part of the decryption. An invalid
  143. authenticator will cause the decrypt function to raise an exception. The
  144. authenticator is not a signature. Once you've decrypted the message you've
  145. demonstrated the ability to create arbitrary valid message, so messages you
  146. send are repudiable. For non-repudiable messages, sign them after
  147. encryption.
  148. :param private_key: :class:`~nacl.public.PrivateKey` used to encrypt and
  149. decrypt messages
  150. :param public_key: :class:`~nacl.public.PublicKey` used to encrypt and
  151. decrypt messages
  152. :cvar NONCE_SIZE: The size that the nonce is required to be.
  153. """
  154. NONCE_SIZE: ClassVar[int] = nacl.bindings.crypto_box_NONCEBYTES
  155. _shared_key: bytes
  156. def __init__(self, private_key: PrivateKey, public_key: PublicKey):
  157. if not isinstance(private_key, PrivateKey) or not isinstance(
  158. public_key, PublicKey
  159. ):
  160. raise exc.TypeError(
  161. "Box must be created from a PrivateKey and a PublicKey"
  162. )
  163. self._shared_key = nacl.bindings.crypto_box_beforenm(
  164. public_key.encode(encoder=encoding.RawEncoder),
  165. private_key.encode(encoder=encoding.RawEncoder),
  166. )
  167. def __bytes__(self) -> bytes:
  168. return self._shared_key
  169. @classmethod
  170. def decode(
  171. cls: Type[_Box], encoded: bytes, encoder: Encoder = encoding.RawEncoder
  172. ) -> _Box:
  173. """
  174. Alternative constructor. Creates a Box from an existing Box's shared key.
  175. """
  176. # Create an empty box
  177. box: _Box = cls.__new__(cls)
  178. # Assign our decoded value to the shared key of the box
  179. box._shared_key = encoder.decode(encoded)
  180. return box
  181. def encrypt(
  182. self,
  183. plaintext: bytes,
  184. nonce: Optional[bytes] = None,
  185. encoder: encoding.Encoder = encoding.RawEncoder,
  186. ) -> EncryptedMessage:
  187. """
  188. Encrypts the plaintext message using the given `nonce` (or generates
  189. one randomly if omitted) and returns the ciphertext encoded with the
  190. encoder.
  191. .. warning:: It is **VITALLY** important that the nonce is a nonce,
  192. i.e. it is a number used only once for any given key. If you fail
  193. to do this, you compromise the privacy of the messages encrypted.
  194. :param plaintext: [:class:`bytes`] The plaintext message to encrypt
  195. :param nonce: [:class:`bytes`] The nonce to use in the encryption
  196. :param encoder: The encoder to use to encode the ciphertext
  197. :rtype: [:class:`nacl.utils.EncryptedMessage`]
  198. """
  199. if nonce is None:
  200. nonce = random(self.NONCE_SIZE)
  201. if len(nonce) != self.NONCE_SIZE:
  202. raise exc.ValueError(
  203. "The nonce must be exactly %s bytes long" % self.NONCE_SIZE
  204. )
  205. ciphertext = nacl.bindings.crypto_box_afternm(
  206. plaintext,
  207. nonce,
  208. self._shared_key,
  209. )
  210. encoded_nonce = encoder.encode(nonce)
  211. encoded_ciphertext = encoder.encode(ciphertext)
  212. return EncryptedMessage._from_parts(
  213. encoded_nonce,
  214. encoded_ciphertext,
  215. encoder.encode(nonce + ciphertext),
  216. )
  217. def decrypt(
  218. self,
  219. ciphertext: bytes,
  220. nonce: Optional[bytes] = None,
  221. encoder: encoding.Encoder = encoding.RawEncoder,
  222. ) -> bytes:
  223. """
  224. Decrypts the ciphertext using the `nonce` (explicitly, when passed as a
  225. parameter or implicitly, when omitted, as part of the ciphertext) and
  226. returns the plaintext message.
  227. :param ciphertext: [:class:`bytes`] The encrypted message to decrypt
  228. :param nonce: [:class:`bytes`] The nonce used when encrypting the
  229. ciphertext
  230. :param encoder: The encoder used to decode the ciphertext.
  231. :rtype: [:class:`bytes`]
  232. """
  233. # Decode our ciphertext
  234. ciphertext = encoder.decode(ciphertext)
  235. if nonce is None:
  236. # If we were given the nonce and ciphertext combined, split them.
  237. nonce = ciphertext[: self.NONCE_SIZE]
  238. ciphertext = ciphertext[self.NONCE_SIZE :]
  239. if len(nonce) != self.NONCE_SIZE:
  240. raise exc.ValueError(
  241. "The nonce must be exactly %s bytes long" % self.NONCE_SIZE
  242. )
  243. plaintext = nacl.bindings.crypto_box_open_afternm(
  244. ciphertext,
  245. nonce,
  246. self._shared_key,
  247. )
  248. return plaintext
  249. def shared_key(self) -> bytes:
  250. """
  251. Returns the Curve25519 shared secret, that can then be used as a key in
  252. other symmetric ciphers.
  253. .. warning:: It is **VITALLY** important that you use a nonce with your
  254. symmetric cipher. If you fail to do this, you compromise the
  255. privacy of the messages encrypted. Ensure that the key length of
  256. your cipher is 32 bytes.
  257. :rtype: [:class:`bytes`]
  258. """
  259. return self._shared_key
  260. _Key = TypeVar("_Key", PublicKey, PrivateKey)
  261. class SealedBox(Generic[_Key], encoding.Encodable, StringFixer):
  262. """
  263. The SealedBox class boxes and unboxes messages addressed to
  264. a specified key-pair by using ephemeral sender's keypairs,
  265. whose private part will be discarded just after encrypting
  266. a single plaintext message.
  267. The ciphertexts generated by :class:`~nacl.public.SecretBox` include
  268. the public part of the ephemeral key before the :class:`~nacl.public.Box`
  269. ciphertext.
  270. :param recipient_key: a :class:`~nacl.public.PublicKey` used to encrypt
  271. messages and derive nonces, or a :class:`~nacl.public.PrivateKey` used
  272. to decrypt messages.
  273. .. versionadded:: 1.2
  274. """
  275. _public_key: bytes
  276. _private_key: Optional[bytes]
  277. def __init__(self, recipient_key: _Key):
  278. if isinstance(recipient_key, PublicKey):
  279. self._public_key = recipient_key.encode(
  280. encoder=encoding.RawEncoder
  281. )
  282. self._private_key = None
  283. elif isinstance(recipient_key, PrivateKey):
  284. self._private_key = recipient_key.encode(
  285. encoder=encoding.RawEncoder
  286. )
  287. self._public_key = recipient_key.public_key.encode(
  288. encoder=encoding.RawEncoder
  289. )
  290. else:
  291. raise exc.TypeError(
  292. "SealedBox must be created from a PublicKey or a PrivateKey"
  293. )
  294. def __bytes__(self) -> bytes:
  295. return self._public_key
  296. def encrypt(
  297. self,
  298. plaintext: bytes,
  299. encoder: encoding.Encoder = encoding.RawEncoder,
  300. ) -> bytes:
  301. """
  302. Encrypts the plaintext message using a random-generated ephemeral
  303. keypair and returns a "composed ciphertext", containing both
  304. the public part of the keypair and the ciphertext proper,
  305. encoded with the encoder.
  306. The private part of the ephemeral key-pair will be scrubbed before
  307. returning the ciphertext, therefore, the sender will not be able to
  308. decrypt the generated ciphertext.
  309. :param plaintext: [:class:`bytes`] The plaintext message to encrypt
  310. :param encoder: The encoder to use to encode the ciphertext
  311. :return bytes: encoded ciphertext
  312. """
  313. ciphertext = nacl.bindings.crypto_box_seal(plaintext, self._public_key)
  314. encoded_ciphertext = encoder.encode(ciphertext)
  315. return encoded_ciphertext
  316. def decrypt(
  317. self: "SealedBox[PrivateKey]",
  318. ciphertext: bytes,
  319. encoder: encoding.Encoder = encoding.RawEncoder,
  320. ) -> bytes:
  321. """
  322. Decrypts the ciphertext using the ephemeral public key enclosed
  323. in the ciphertext and the SealedBox private key, returning
  324. the plaintext message.
  325. :param ciphertext: [:class:`bytes`] The encrypted message to decrypt
  326. :param encoder: The encoder used to decode the ciphertext.
  327. :return bytes: The original plaintext
  328. :raises TypeError: if this SealedBox was created with a
  329. :class:`~nacl.public.PublicKey` rather than a
  330. :class:`~nacl.public.PrivateKey`.
  331. """
  332. # Decode our ciphertext
  333. ciphertext = encoder.decode(ciphertext)
  334. if self._private_key is None:
  335. raise TypeError(
  336. "SealedBoxes created with a public key cannot decrypt"
  337. )
  338. plaintext = nacl.bindings.crypto_box_seal_open(
  339. ciphertext,
  340. self._public_key,
  341. self._private_key,
  342. )
  343. return plaintext