def crypto_sign(m, sk):
if len(sk) != crypto_sign_SECRETKEYBYTES:
raise Exception('Secret key is {} bytes, expected {} bytes'.format(len(sk), crypto_sign_SECRETKEYBYTES))
buf = ffi.new('unsigned char[]', crypto_sign_BYTES + len(m))
smlen = ffi.new('unsigned long long *')
lib.crypto_sign(buf, smlen, m, len(m), sk)
return bytes(buf[0:smlen[0]])
def crypto_sign_open(sm, pk):
if len(pk) != crypto_sign_PUBLICKEYBYTES:
raise Exception('Public key is {} bytes, expected {} bytes'.format(len(pk), crypto_sign_PUBLICKEYBYTES))
buf = ffi.new('unsigned char[]', len(sm))
mlen = ffi.new('unsigned long long *')
ret = lib.crypto_sign_open(buf, mlen, sm, len(sm), pk)
if ret != 0:
raise Exception('Failed to verify message with public key')
return bytes(buf[0:mlen[0]])
def crypto_secretbox_easy(m, n, k):
if len(n) != crypto_secretbox_NONCEBYTES:
raise Exception('Nonce is {} bytes, expected {} bytes'.format(len(n), crypto_secretbox_NONCEBYTES))
if len(k) != crypto_secretbox_KEYBYTES:
raise Exception('Key is {} bytes, expected {} bytes'.format(len(k), crypto_secretbox_KEYBYTES))
buf = ffi.new('unsigned char[]', crypto_secretbox_MACBYTES + len(m))
lib.crypto_secretbox_easy(buf, m, len(m), n, k)
return bytes(buf)
def crypto_pwhash(outlen, passwd, salt, opslimit, memlimit):
if len(salt) != crypto_pwhash_SALTBYTES:
raise Exception('Salt is {} bytes, expected {} bytes'.format(len(salt), crypto_pwhash_SALTBYTES))
buf = ffi.new('unsigned char[]', outlen)
ret = lib.crypto_pwhash_scryptsalsa208sha256(buf, len(buf), passwd, len(passwd), salt, opslimit, memlimit)
if ret != 0:
raise Exception('Failed to hash password')
return bytes(buf)
def crypto_box_easy(m, n, pk, sk):
if len(n) != crypto_box_NONCEBYTES:
raise Exception('Nonce is {} bytes, expected {} bytes'.format(len(n), crypto_box_NONCEBYTES))
if len(pk) != crypto_box_PUBLICKEYBYTES:
raise Exception('Public key is {} bytes, expected {} bytes'.format(len(pk), crypto_box_PUBLICKEYBYTES))
if len(sk) != crypto_box_SECRETKEYBYTES:
raise Exception('Secret key is {} bytes, expected {} bytes'.format(len(sk), crypto_box_SECRETKEYBYTES))
buf = ffi.new('unsigned char[]', crypto_box_MACBYTES + len(m))
lib.crypto_box_easy(buf, m, len(m), n, pk, sk)
return bytes(buf)
def crypto_secretbox_open_easy(c, n, k):
if len(n) != crypto_secretbox_NONCEBYTES:
raise Exception('Nonce is {} bytes, expected {} bytes'.format(len(n), crypto_secretbox_NONCEBYTES))
if len(k) != crypto_secretbox_KEYBYTES:
raise Exception('Key is {} bytes, expected {} bytes'.format(len(k), crypto_secretbox_KEYBYTES))
buf = ffi.new('unsigned char[]', len(c) - crypto_secretbox_MACBYTES)
ret = lib.crypto_secretbox_open_easy(buf, c, len(c), n, k)
if ret != 0:
raise Exception('Failed to verify ciphertext')
return bytes(buf)
def crypto_box_open_easy(c, n, pk, sk):
if len(n) != crypto_box_NONCEBYTES:
raise Exception('Nonce is {} bytes, expected {} bytes'.format(len(n), crypto_box_NONCEBYTES))
if len(pk) != crypto_box_PUBLICKEYBYTES:
raise Exception('Public key is {} bytes, expected {} bytes'.format(len(pk), crypto_box_PUBLICKEYBYTES))
if len(sk) != crypto_box_SECRETKEYBYTES:
raise Exception('Secret key is {} bytes, expected {} bytes'.format(len(sk), crypto_box_SECRETKEYBYTES))
if len(c) < crypto_box_MACBYTES:
raise Exception('Ciphertext is {} bytes, expected at least {} bytes'.format(len(c), crypto_box_MACBYTES))
buf = ffi.new('unsigned char[]', len(c) - crypto_box_MACBYTES)
ret = lib.crypto_box_open_easy(buf, c, len(c), n, pk, sk)
if ret != 0:
raise Exception('Failed to verify ciphertext')
return bytes(buf)
def crypto_sign_keypair():
pk = ffi.new('unsigned char[]', crypto_sign_PUBLICKEYBYTES)
sk = ffi.new('unsigned char[]', crypto_sign_SECRETKEYBYTES)
lib.crypto_sign_keypair(pk, sk)
return (bytes(pk), bytes(sk))
def random_bytes(bytes_len):
buf = ffi.new('uint8_t[]', bytes_len)
lib.randombytes_buf(buf, bytes_len)
return bytes(buf)
