def crypto_sign(m, sk): if len(sk) != crypto_sign_SECRETKEYBYTES: raise Exception('Secret key is {} bytes, expected {} bytes'.format(len(sk), crypto_sign_SECRETKEYBYTES)) buf = ffi.new('unsigned char[]', crypto_sign_BYTES + len(m)) smlen = ffi.new('unsigned long long *') lib.crypto_sign(buf, smlen, m, len(m), sk) return bytes(buf[0:smlen[0]])
def crypto_sign_open(sm, pk): if len(pk) != crypto_sign_PUBLICKEYBYTES: raise Exception('Public key is {} bytes, expected {} bytes'.format(len(pk), crypto_sign_PUBLICKEYBYTES)) buf = ffi.new('unsigned char[]', len(sm)) mlen = ffi.new('unsigned long long *') ret = lib.crypto_sign_open(buf, mlen, sm, len(sm), pk) if ret != 0: raise Exception('Failed to verify message with public key') return bytes(buf[0:mlen[0]])
def crypto_secretbox_easy(m, n, k): if len(n) != crypto_secretbox_NONCEBYTES: raise Exception('Nonce is {} bytes, expected {} bytes'.format(len(n), crypto_secretbox_NONCEBYTES)) if len(k) != crypto_secretbox_KEYBYTES: raise Exception('Key is {} bytes, expected {} bytes'.format(len(k), crypto_secretbox_KEYBYTES)) buf = ffi.new('unsigned char[]', crypto_secretbox_MACBYTES + len(m)) lib.crypto_secretbox_easy(buf, m, len(m), n, k) return bytes(buf)
def crypto_pwhash(outlen, passwd, salt, opslimit, memlimit): if len(salt) != crypto_pwhash_SALTBYTES: raise Exception('Salt is {} bytes, expected {} bytes'.format(len(salt), crypto_pwhash_SALTBYTES)) buf = ffi.new('unsigned char[]', outlen) ret = lib.crypto_pwhash_scryptsalsa208sha256(buf, len(buf), passwd, len(passwd), salt, opslimit, memlimit) if ret != 0: raise Exception('Failed to hash password') return bytes(buf)
def crypto_box_easy(m, n, pk, sk): if len(n) != crypto_box_NONCEBYTES: raise Exception('Nonce is {} bytes, expected {} bytes'.format(len(n), crypto_box_NONCEBYTES)) if len(pk) != crypto_box_PUBLICKEYBYTES: raise Exception('Public key is {} bytes, expected {} bytes'.format(len(pk), crypto_box_PUBLICKEYBYTES)) if len(sk) != crypto_box_SECRETKEYBYTES: raise Exception('Secret key is {} bytes, expected {} bytes'.format(len(sk), crypto_box_SECRETKEYBYTES)) buf = ffi.new('unsigned char[]', crypto_box_MACBYTES + len(m)) lib.crypto_box_easy(buf, m, len(m), n, pk, sk) return bytes(buf)
def crypto_secretbox_open_easy(c, n, k): if len(n) != crypto_secretbox_NONCEBYTES: raise Exception('Nonce is {} bytes, expected {} bytes'.format(len(n), crypto_secretbox_NONCEBYTES)) if len(k) != crypto_secretbox_KEYBYTES: raise Exception('Key is {} bytes, expected {} bytes'.format(len(k), crypto_secretbox_KEYBYTES)) buf = ffi.new('unsigned char[]', len(c) - crypto_secretbox_MACBYTES) ret = lib.crypto_secretbox_open_easy(buf, c, len(c), n, k) if ret != 0: raise Exception('Failed to verify ciphertext') return bytes(buf)
def crypto_box_open_easy(c, n, pk, sk): if len(n) != crypto_box_NONCEBYTES: raise Exception('Nonce is {} bytes, expected {} bytes'.format(len(n), crypto_box_NONCEBYTES)) if len(pk) != crypto_box_PUBLICKEYBYTES: raise Exception('Public key is {} bytes, expected {} bytes'.format(len(pk), crypto_box_PUBLICKEYBYTES)) if len(sk) != crypto_box_SECRETKEYBYTES: raise Exception('Secret key is {} bytes, expected {} bytes'.format(len(sk), crypto_box_SECRETKEYBYTES)) if len(c) < crypto_box_MACBYTES: raise Exception('Ciphertext is {} bytes, expected at least {} bytes'.format(len(c), crypto_box_MACBYTES)) buf = ffi.new('unsigned char[]', len(c) - crypto_box_MACBYTES) ret = lib.crypto_box_open_easy(buf, c, len(c), n, pk, sk) if ret != 0: raise Exception('Failed to verify ciphertext') return bytes(buf)
def crypto_sign_keypair(): pk = ffi.new('unsigned char[]', crypto_sign_PUBLICKEYBYTES) sk = ffi.new('unsigned char[]', crypto_sign_SECRETKEYBYTES) lib.crypto_sign_keypair(pk, sk) return (bytes(pk), bytes(sk))
def random_bytes(bytes_len): buf = ffi.new('uint8_t[]', bytes_len) lib.randombytes_buf(buf, bytes_len) return bytes(buf)