def hydro_secretbox_decrypt(c, mid, ctx, key):
assert (type(ctx) == str) and (len(ctx) == h.hydro_kdf_CONTEXTBYTES)
assert (type(c) == bytes)
clen = len(c)
if clen <= h.hydro_secretbox_HEADERBYTES:
return None
buf = ffi.new('uint8_t[]', clen - h.hydro_secretbox_HEADERBYTES)
if h.hydro_secretbox_decrypt(buf, c, clen, mid, ctx.encode('utf8'), key) != 0:
return None
return bytes(buf)
def hydro_hash_hash(outlen, d, ctx, key=None):
assert (type(ctx) == str) and (len(ctx) == h.hydro_kdf_CONTEXTBYTES)
assert (outlen >= h.hydro_hash_BYTES_MIN) and (outlen <= h.hydro_hash_BYTES_MAX)
dlen = len(d)
buf = ffi.new('uint8_t[]', outlen)
if key is None:
key = ffi.NULL
if h.hydro_hash_hash(buf, outlen, d, dlen, ctx, key) == -1:
return None
return bytes(buf)
def hydro_secretbox_encrypt(m, mid, ctx, key):
assert (type(ctx) == str) and (len(ctx) == h.hydro_kdf_CONTEXTBYTES)
if type(m) == str: m = m.encode('utf-8')
assert (type(m) == bytes)
mlen = len(m)
if not mlen:
return bytes(0)
buf = ffi.new('uint8_t[]', mlen + h.hydro_secretbox_HEADERBYTES)
h.hydro_secretbox_encrypt(buf, m, mlen, mid, ctx.encode('utf8'), key)
return bytes(buf)
def hydro_pwhash_deterministic(pw,
ctx,
master_key,
ops_limit=10000,
mem_limit=0,
threads=1):
buf = ffi.new('uint8_t[]', 32)
pwlen = len(pw)
h.hydro_pwhash_deterministic(buf, 32, pw.encode('utf8'), pwlen,
ctx.encode('utf8'), master_key, ops_limit,
mem_limit, threads)
return bytes(buf)
def hydro_kx_kk_2(pkt1, client_pubkey, server_kp):
pkt2 = ffi.new('uint8_t[]', h.hydro_kx_KK_PACKET2BYTES)
session_kp_server = ffi.new('hydro_kx_session_keypair *')
if (h.hydro_kx_kk_2(session_kp_server, pkt2, pkt1, client_pubkey, server_kp) != 0):
return (None, None)
return (session_kp_server, bytes(pkt2))
def hydro_kx_kk_1(st_client, server_pubkey, client_kp):
pkt1 = ffi.new('uint8_t[]', h.hydro_kx_KK_PACKET1BYTES)
if (h.hydro_kx_kk_1(st_client, pkt1, server_pubkey, client_kp) != 0):
return None
return bytes(pkt1)
def hydro_kx_keygen_deterministic(seed):
pair = ffi.new('hydro_kx_keypair *')
h.hydro_kx_keygen_deterministic(pair, seed)
return pair
def hydro_kx_keygen():
pair = ffi.new('hydro_kx_keypair *')
h.hydro_kx_keygen(pair)
return pair
def __init__(self, ctx):
"""Creates a hydro_sign_state object with (required) ctx"""
assert (type(ctx) == str) and (len(ctx) == h.hydro_kdf_CONTEXTBYTES)
self.st = ffi.new('hydro_sign_state *')
h.hydro_sign_init(self.st, ctx.encode('utf8'))
def hydro_random_buf(ct):
assert ct > 0
buf = ffi.new('uint8_t[]', ct)
h.hydro_random_buf(buf, ct)
return bytes(buf)
def __init__(self, psk=None):
self.psk = psk
self.st = ffi.new('hydro_kx_state *')
def hydro_secretbox_keygen():
buf = ffi.new('uint8_t[]', h.hydro_secretbox_KEYBYTES)
h.hydro_secretbox_keygen(buf)
return bytes(buf)
def hydro_kdf_derive_from_key(subkey_len, id, ctx, master_key):
assert ((subkey_len >= h.hydro_kdf_BYTES_MIN) and (subkey_len <= h.hydro_kdf_BYTES_MAX))
assert (type(ctx) == str) and (len(ctx) == h.hydro_kdf_CONTEXTBYTES)
buf = ffi.new('uint8_t[]', subkey_len)
h.hydro_kdf_derive_from_key(buf, subkey_len, id, ctx.encode('utf8'), master_key)
return bytes(buf)
def hydro_kdf_master_keygen():
buf = ffi.new('uint8_t[]', h.hydro_kdf_KEYBYTES)
h.hydro_kdf_keygen(buf)
return bytes(buf)
def final(self):
"""use secret key to generate a signature"""
buf = ffi.new('uint8_t[]', h.hydro_hash_BYTES)
h.hydro_hash_final(self.st, buf, h.hydro_hash_BYTES)
return bytes(buf)
def __init__(self, ctx, key):
"""Creates a hydro_hash_state object with ctx and key (both required)"""
assert (type(ctx) == str) and (len(ctx) == h.hydro_kdf_CONTEXTBYTES)
assert len(key) == h.hydro_hash_KEYBYTES
self.st = ffi.new('struct hydro_hash_state *')
h.hydro_hash_init(self.st, ctx.encode('utf8'), key)
def hydro_random_buf_deterministic(ct, seed):
assert ct > 0
assert len(seed) == h.hydro_random_SEEDBYTES
buf = ffi.new('uint8_t[]', ct)
h.hydro_random_buf_deterministic(buf, ct, seed)
return bytes(buf)
def hydro_kx_kk_3(st_client, pkt2, client_kp):
session_kp_client = ffi.new('hydro_kx_session_keypair *')
if (h.hydro_kx_kk_3(st_client, session_kp_client, pkt2, client_kp) != 0):
return None
return session_kp_client
def __init__(self):
self.st = ffi.new('hydro_kx_state *')
def hydro_sign_create(m, ctx, secret_key):
assert (type(ctx) == str) and (len(ctx) == h.hydro_kdf_CONTEXTBYTES)
buf = ffi.new('uint8_t[]', h.hydro_sign_BYTES)
mlen = len(m)
h.hydro_sign_create(buf, m, mlen, ctx, secret_key)
return bytes(buf)
def hydro_pwhash_keygen():
buf = ffi.new('uint8_t[]', h.hydro_pwhash_MASTERKEYBYTES)
h.hydro_pwhash_keygen(buf)
return bytes(buf)
def hydro_secretbox_probe_create(c, ctx, key):
assert (type(ctx) == str) and (len(ctx) == h.hydro_kdf_CONTEXTBYTES)
clen = len(c)
buf = ffi.new('uint8_t[]', h.hydro_secretbox_PROBEBYTES)
h.hydro_secretbox_probe_create(buf, c, clen, ctx.encode('utf8'), key)
return bytes(buf)
