|
Server : Apache System : Linux iad1-shared-b8-43 6.6.49-grsec-jammy+ #10 SMP Thu Sep 12 23:23:08 UTC 2024 x86_64 User : dh_edsupp ( 6597262) PHP Version : 8.2.26 Disable Function : NONE Directory : /lib/python3/dist-packages/nacl/__pycache__/ |
Upload File : |
o
�������aL/����������������������@���sp���d�dl�mZmZ�d�dlZd�dlmZ�d�dlmZ�d�dlm Z m
Z
m
Z
�G�dd��dej
e
�Z
G�dd ��d ej
e
�ZdS�)
�����)�ClassVar�OptionalN)�encoding)�
exceptions)�EncryptedMessage�
StringFixer�randomc���������������� ���@���s����e�Zd�ZU�dZejjZee �e
d<�ejj
Z
ee �e
d<�ejj
Zee �e
d<�ejjZee �e
d<�ejfdedejfdd �Zd
efd
d
�Zd
ejfdedee�dejd
efdd�Zd
ejfdedee�dejd
efdd�Zd
S�)� SecretBoxuS��
The SecretBox class encrypts and decrypts messages using the given secret
key.
The ciphertexts generated by :class:`~nacl.secret.Secretbox` include a 16
byte authenticator which is checked as part of the decryption. An invalid
authenticator will cause the decrypt function to raise an exception. The
authenticator is not a signature. Once you've decrypted the message you've
demonstrated the ability to create arbitrary valid message, so messages you
send are repudiable. For non-repudiable messages, sign them after
encryption.
Encryption is done using `XSalsa20-Poly1305`_, and there are no practical
limits on the number or size of messages (up to 2⁶⁴ messages, each up to 2⁶⁴
bytes).
.. _XSalsa20-Poly1305: https://doc.libsodium.org/secret-key_cryptography/secretbox#algorithm-details
:param key: The secret key used to encrypt and decrypt messages
:param encoder: The encoder class used to decode the given key
:cvar KEY_SIZE: The size that the key is required to be.
:cvar NONCE_SIZE: The size that the nonce is required to be.
:cvar MACBYTES: The size of the authentication MAC tag in bytes.
:cvar MESSAGEBYTES_MAX: The maximum size of a message which can be
safely encrypted with a single key/nonce
pair.
�KEY_SIZE�
NONCE_SIZE�MACBYTES�MESSAGEBYTES_MAX�key�encoderc�����������������C����F���|��|�}t|t�st�d��t|�|�jkr
t�d|�j���||�_d�S�)Nz'SecretBox must be created from 32 bytes�%The key must be exactly %s bytes long� �decode�
isinstance�bytes�exc� TypeError�lenr
����
ValueError�_key��selfr���r�����r
����-/usr/lib/python3/dist-packages/nacl/secret.py�__init__;���s���
�
zSecretBox.__init__�returnc�����������������C�������|�j�S��N�r����r
���r
���r
���r
���� __bytes__I�������zSecretBox.__bytes__N� plaintext�noncec�����������������C���sn���|du�r t�|�j�}t|�|�jkrt�d|�j���tj�|||�j�}|� |�}|� |�}t
�
|||� ||���S�)aL��
Encrypts the plaintext message using the given `nonce` (or generates
one randomly if omitted) and returns the ciphertext encoded with the
encoder.
.. warning:: It is **VITALLY** important that the nonce is a nonce,
i.e. it is a number used only once for any given key. If you fail
to do this, you compromise the privacy of the messages encrypted.
Give your nonces a different prefix, or have one side use an odd
counter and one an even counter. Just make sure they are different.
:param plaintext: [:class:`bytes`] The plaintext message to encrypt
:param nonce: [:class:`bytes`] The nonce to use in the encryption
:param encoder: The encoder to use to encode the ciphertext
:rtype: [:class:`nacl.utils.EncryptedMessage`]
N�'The nonce must be exactly %s bytes long)
r���r
���r���r���r����nacl�bindings�crypto_secretboxr����encoder����
_from_parts)r
���r'���r(���r����
ciphertext�
encoded_nonce�encoded_ciphertextr
���r
���r
����encryptL���s ���
��
�zSecretBox.encryptr/���c�����������������C���sb���|��|�}|du�r|d|�j��}||�jd��}t|�|�jkr&t�d|�j���tj�|||�j�}|S��a���
Decrypts the ciphertext using the `nonce` (explicitly, when passed as a
parameter or implicitly, when omitted, as part of the ciphertext) and
returns the plaintext message.
:param ciphertext: [:class:`bytes`] The encrypted message to decrypt
:param nonce: [:class:`bytes`] The nonce used when encrypting the
ciphertext
:param encoder: The encoder used to decode the ciphertext.
:rtype: [:class:`bytes`]
Nr)���) r���r
���r���r���r���r*���r+����crypto_secretbox_openr���)r
���r/���r(���r���r'���r
���r
���r
����decryptw���s���
��zSecretBox.decrypt)�__name__�
__module__�
__qualname__�__doc__r*���r+����crypto_secretbox_KEYBYTESr
���r����int�__annotations__�crypto_secretbox_NONCEBYTESr
����crypto_secretbox_MACBYTESr
����!crypto_secretbox_MESSAGEBYTES_MAXr
���r����
RawEncoderr����Encoderr ���r%���r���r���r2���r5���r
���r
���r
���r
���r ������sL���
�
����
�����
�.�����r ���c����������������
���@���s����e�Zd�ZdZejjZejjZ ejj
Z
ejj
Z
ejfdedejfdd�Zdefdd�Zd d
ejfd
ed
ed
ee�dejdef
dd�Zd d
ejfded
ed
ee�dejdef
dd�Zd
S�)�Aeadu���
The AEAD class encrypts and decrypts messages using the given secret key.
Unlike :class:`~nacl.secret.SecretBox`, AEAD supports authenticating
non-confidential data received alongside the message, such as a length
or type tag.
Like :class:`~nacl.secret.Secretbox`, this class provides authenticated
encryption. An inauthentic message will cause the decrypt function to raise
an exception.
Likewise, the authenticator should not be mistaken for a (public-key)
signature: recipients (with the ability to decrypt messages) are capable of
creating arbitrary valid message; in particular, this means AEAD messages
are repudiable. For non-repudiable messages, sign them after encryption.
The cryptosystem used is `XChacha20-Poly1305`_ as specified for
`standardization`_. There are `no practical limits`_ to how much can safely
be encrypted under a given key (up to 2⁶⁴ messages each containing up
to 2⁶⁴ bytes).
.. _standardization: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha
.. _XChacha20-Poly1305: https://doc.libsodium.org/secret-key_cryptography/aead#xchacha-20-poly1305
.. _no practical limits: https://doc.libsodium.org/secret-key_cryptography/aead#limitations
:param key: The secret key used to encrypt and decrypt messages
:param encoder: The encoder class used to decode the given key
:cvar KEY_SIZE: The size that the key is required to be.
:cvar NONCE_SIZE: The size that the nonce is required to be.
:cvar MACBYTES: The size of the authentication MAC tag in bytes.
:cvar MESSAGEBYTES_MAX: The maximum size of a message which can be
safely encrypted with a single key/nonce
pair.
r���r���c�����������������C���r���)Nz"AEAD must be created from 32 bytesr���r���r���r
���r
���r
���r �������s���
�
z
Aead.__init__r ���c�����������������C���r!���r"���r#���r$���r
���r
���r
���r%�������r&���zAead.__bytes__�����Nr'����aadr(���c�����������������C���sp���|du�r t�|�j�}t|�|�jkrt�d|�j���tj�||||�j�}|� |�}|� |�}t
�
|||� ||���S�)a@��
Encrypts the plaintext message using the given `nonce` (or generates
one randomly if omitted) and returns the ciphertext encoded with the
encoder.
.. warning:: It is vitally important for :param nonce: to be unique.
By default, it is generated randomly; [:class:`Aead`] uses XChacha20
for extended (192b) nonce size, so the risk of reusing random nonces
is negligible. It is *strongly recommended* to keep this behaviour,
as nonce reuse will compromise the privacy of encrypted messages.
Should implicit nonces be inadequate for your application, the
second best option is using split counters; e.g. if sending messages
encrypted under a shared key between 2 users, each user can use the
number of messages it sent so far, prefixed or suffixed with a 1bit
user id. Note that the counter must **never** be rolled back (due
to overflow, on-disk state being rolled back to an earlier backup,
...)
:param plaintext: [:class:`bytes`] The plaintext message to encrypt
:param nonce: [:class:`bytes`] The nonce to use in the encryption
:param encoder: The encoder to use to encode the ciphertext
:rtype: [:class:`nacl.utils.EncryptedMessage`]
Nr)���)
r���r
���r���r���r���r*���r+����*crypto_aead_xchacha20poly1305_ietf_encryptr���r-���r���r.���)r
���r'���rD���r(���r���r/���r0���r1���r
���r
���r
���r2�������s ���
�
�
�z
Aead.encryptr/���c�����������������C���sd���|��|�}|du�r|d|�j��}||�jd��}t|�|�jkr&t�d|�j���tj�||||�j�}|S�r3���) r���r
���r���r���r���r*���r+����*crypto_aead_xchacha20poly1305_ietf_decryptr���)r
���r/���rD���r(���r���r'���r
���r
���r
���r5�����s���
�
�z
Aead.decrypt)r6���r7���r8���r9���r*���r+����+crypto_aead_xchacha20poly1305_ietf_KEYBYTESr
����,crypto_aead_xchacha20poly1305_ietf_NPUBBYTESr
����)crypto_aead_xchacha20poly1305_ietf_ABYTESr
����3crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAXr
���r���r@���r���rA���r ���r%���r���r���r2���r5���r
���r
���r
���r
���rB�������sT����$���
������
�6������rB���)�typingr���r����
nacl.bindingsr*���r���r���r����
nacl.utilsr���r���r���� Encodabler ���rB���r
���r
���r
���r
����<module>���s���
�