Python pysodium.randombytes函数代码示例

def randrange(n):
    a = (n.bit_length() + 7) // 8  # number of bytes to store n
    b = 8 * a - n.bit_length()     # number of shifts to have good bit number
    r = int.from_bytes(randombytes(a), byteorder='big') >> b
    while r >= n:
        r = int.from_bytes(randombytes(a), byteorder='big') >> b
    return r

def _3user():
    eA = nacl.randombytes(nacl.crypto_scalarmult_curve25519_BYTES)
    pA = nacl.crypto_scalarmult_curve25519_base(eA)
    print "A public:    \t%s\nA exp:    \t%s" % (b85encode(pA), b85encode(eA))

    eB = nacl.randombytes(nacl.crypto_scalarmult_curve25519_BYTES)
    pB = nacl.crypto_scalarmult_curve25519_base(eB)
    print "B public:    \t%s\nB exp:    \t%s" % (b85encode(pB), b85encode(eB))

    eC = nacl.randombytes(nacl.crypto_scalarmult_curve25519_BYTES)
    pC = nacl.crypto_scalarmult_curve25519_base(eC)
    print "C public:    \t%s\nC exp:    \t%s" % (b85encode(pC), b85encode(eC))

    print
    pAB = nacl.crypto_scalarmult_curve25519(eB, pA)
    print "public AB", b85encode(pAB)
    pBA = nacl.crypto_scalarmult_curve25519(eA, pB)
    print "public BA", b85encode(pBA)
    pCA = nacl.crypto_scalarmult_curve25519(eA, pC)
    print "public CA", b85encode(pCA)

    print
    key = nacl.crypto_scalarmult_curve25519(eB, pCA)
    print "key:    \t%s" % (b85encode(key))
    key = nacl.crypto_scalarmult_curve25519(eC, pBA)
    print "key:    \t%s" % (b85encode(key))
    key = nacl.crypto_scalarmult_curve25519(eC, pAB)
    print "key:    \t%s" % (b85encode(key))

    def send(self,plain):
        # update context
        if self.peer_pub != (b'\0' * nacl.crypto_scalarmult_curve25519_BYTES):
            # calculate a new incoming key, and finish that DH, start a new for
            # outgoing keys.
            # only do this directly after receiving a packet, not on later sends
            # without receiving any acks before, we reset peer_pub to signal, that
            # an incoming request has been already once processed like this.
            self.e_in = nacl.randombytes(nacl.crypto_scalarmult_curve25519_BYTES)
            self.in_prev = self.in_k
            self.in_k = nacl.crypto_scalarmult_curve25519(self.e_in, self.peer_pub)
            self.peer_pub = (b'\0' * nacl.crypto_scalarmult_curve25519_BYTES)

            # generate e_out
            self.e_out = nacl.randombytes(nacl.crypto_scalarmult_curve25519_BYTES)

        elif self.out_k == (b'\0' * nacl.crypto_secretbox_KEYBYTES):
            # only for the very first packet necessary
            # we explicitly need to generate e_out
            self.e_out = nacl.randombytes(nacl.crypto_scalarmult_curve25519_BYTES)
        #else: # axolotlize
        #    print 'axolotl!'
        #    self.out_k = nacl.crypto_generichash(self.out_k,
        #                                         nacl.crypto_scalarmult_curve25519(self.me_id.cs, self.peer_id.cp),
        #                                         nacl.crypto_scalarmult_curve25519_BYTES)

        # compose packet
        dh1 = nacl.crypto_scalarmult_curve25519_base(self.e_out)
        dh2 = (nacl.crypto_scalarmult_curve25519_base(self.e_in)
               if self.e_in != (b'\0' * nacl.crypto_scalarmult_curve25519_BYTES)
               else (b'\0' * nacl.crypto_scalarmult_curve25519_BYTES))
        plain = b''.join((dh1, dh2, plain))

        # encrypt the whole packet
        return self.encrypt(plain)

    def encrypt(self,plain):
        if self.out_k == (b'\0' * nacl.crypto_scalarmult_curve25519_BYTES):
            # encrypt using public key
            nonce = nacl.randombytes(nacl.crypto_box_NONCEBYTES)
            cipher= nacl.crypto_box(plain, nonce, self.peer_id.cp, self.me_id.cs)
        else:
            # encrypt using chaining mode
            nonce = nacl.randombytes(nacl.crypto_secretbox_NONCEBYTES)
            cipher = nacl.crypto_secretbox(plain, nonce, self.out_k)

        return cipher, nonce

def make_keypair():
    public_key, private_key = pysodium.crypto_sign_keypair()
    print 'Do you wish to encrypt the private key under a password? (y/n)'
    answer = raw_input().lower()
    if answer not in ['y', 'n']: raise SystemExit('Invalid answer')
    if answer == 'y':
        salt = pysodium.randombytes(pysodium.crypto_pwhash_SALTBYTES)
        key = hash_password(prompt_for_new_password(), salt)
        nonce = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES)
        cyphertext = pysodium.crypto_secretbox(private_key, nonce, key)
        private_key = b'y'  + salt + nonce + cyphertext
    else:
        private_key = b'n' + private_key

    return base64.b64encode(private_key), base64.b64encode(public_key)

def _2user():
    # 1st user
    exp1 = nacl.randombytes(nacl.crypto_scalarmult_curve25519_BYTES)
    public1 = nacl.crypto_scalarmult_curve25519_base(exp1)
    # print "public1:    \t%s\nexp1:    \t%s" % (b85encode(public1), b85encode(exp1))
    print
    # 2nd user
    exp2 = nacl.randombytes(nacl.crypto_scalarmult_curve25519_BYTES)
    public2 = nacl.crypto_scalarmult_curve25519_base(exp2)
    key = nacl.crypto_scalarmult_curve25519(exp2, public1)
    print "key:    \t%s" % (b85encode(key))
    # print "public2:    \t%s\nkey:    \t%s" % (b85encode(public2), b85encode(key))
    print
    # 1st user completing DH
    key = nacl.crypto_scalarmult_curve25519(exp1, public2)
    print "key:    \t%s" % (b85encode(key))

 def savesecretekey(self, ext, key):
     fname = get_sk_filename(self.basedir, self.name, ext)
     k = pbp.getkey(nacl.crypto_secretbox_KEYBYTES, empty=True, text="Master" if ext == "mk" else "Subkey")
     nonce = nacl.randombytes(nacl.crypto_secretbox_NONCEBYTES)
     with open(fname, "w") as fd:
         fd.write(nonce)
         fd.write(nacl.crypto_secretbox(key, nonce, k))

def dh2_handler(peer):
    # provides a high level interface to receive a DH key exchange
    # request peer contains the public component generated by the peer
    # when initiating an DH exchange
    exp = nacl.randombytes(nacl.crypto_scalarmult_curve25519_BYTES)
    public = nacl.crypto_scalarmult_curve25519_base(exp)
    secret = nacl.crypto_scalarmult_curve25519(exp, b85decode(peer))
    return (public, secret)

def encrypt(plaintext, password):
    """Encrypts the given plaintext using libsodium secretbox, key is generated using scryptsalsa208sha256 with a random salt and nonce (we can not guarantee the incrementing anyway). Note that any str objects are assumed to be in utf-8."""
    salt = pysodium.randombytes(pysodium.crypto_pwhash_scryptsalsa208sha256_SALTBYTES)
    memlimit = pysodium.crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE
    opslimit = pysodium.crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE
    if isinstance(password, str): password = password.encode("utf-8")
    key = pysodium.crypto_pwhash_scryptsalsa208sha256(pysodium.crypto_secretbox_KEYBYTES, password, salt, memlimit, opslimit)
    nonce = pysodium.randombytes(pysodium.crypto_secretbox_NONCEBYTES)
    if isinstance(plaintext, str): plaintext = plaintext.encode("utf-8")
    cyphertext = pysodium.crypto_secretbox(plaintext, nonce, key)
    data = (1).to_bytes(1, "little")
    data += memlimit.to_bytes(4, "little")
    data += opslimit.to_bytes(4, "little")
    data += salt
    data += nonce
    data += cyphertext
    return base64.b64encode(data)

def encrypt_handler(infile=None, outfile=None, recipient=None, self=None, basedir=None):
    # provides a high level function to do encryption of files
    # infile specifies the filename of the input file,
    #        if '-' or not specified it uses stdin
    # outfile specifies the filename of the output file, if not specified
    #         it uses the same filename with '.pbp' appended
    # recipient specifies the name of the recipient for using public key crypto
    # self specifies the sender for signing the message using pk crypto
    # basedir provides a root for the keystores needed for pk crypto
    # if both self and recipient is specified pk crypto is used, otherwise symmetric
    # this function also handles buffering.
    fd = inputfd(infile)
    outfd = outputfd(outfile or (infile+'.pbp' if infile not in [None,'-'] else '-'))

    if recipient and self:
        # let's do public key encryption
        key = nacl.randombytes(nacl.crypto_secretbox_KEYBYTES)
        me = publickey.Identity(self, basedir=basedir)
        size = struct.pack('>H',len(recipient))
        # write out encrypted message key (nonce, c(key+recplen)) for each recipient
        for r in recipient:
            r = publickey.Identity(r, basedir=basedir, publicOnly=True)
            nonce = nacl.randombytes(nacl.crypto_box_NONCEBYTES)
            outfd.write(nonce)
            outfd.write(nacl.crypto_box(key+size, nonce, r.cp, me.cs))
        me.clear()
    else:
        # let's do symmetric crypto
        key = getkey(nacl.crypto_secretbox_KEYBYTES)

    buf = fd.read(BLOCK_SIZE)
    if buf:
        nonce, cipher = encrypt(buf, k=key)
        outfd.write(nonce)
        outfd.write(cipher)
        buf = fd.read(BLOCK_SIZE)
        while buf:
            nonce = inc_nonce(nonce)
            nonce, cipher = encrypt(buf, k=key, nonce=nonce)
            outfd.write(cipher)
            buf = fd.read(BLOCK_SIZE)
    clearmem(key)
    key=None

    if fd != sys.stdin: fd.close()
    if outfd != sys.stdout: outfd.close()

 def test_crypto_box_open_detached(self):
     pk, sk = pysodium.crypto_box_keypair()
     n = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES)
     c, mac = pysodium.crypto_box_detached("howdy", n, pk, sk)
     r = pysodium.crypto_box_open_detached(c, mac, n, pk, sk)
     self.assertEqual(r, b"howdy")
     changed = "\0"*len(c)
     self.assertRaises(ValueError, pysodium.crypto_box_open_detached,changed, mac, n, pk, sk)

 def savesecretekey(self, ext, key):
     fname = get_sk_filename(self.basedir, self.name, ext)
     k = getkey(nacl.crypto_secretbox_KEYBYTES,
                empty=True,
                text='Master' if ext == 'mk' else 'Subkey')
     nonce = nacl.randombytes(nacl.crypto_secretbox_NONCEBYTES)
     with open(fname,'wb') as fd:
         fd.write(nonce)
         fd.write(nacl.crypto_secretbox(key, nonce, k))

    def test_AsymCrypto_With_Seeded_Keypair(self):
        msg     = b"correct horse battery staple"
        nonce   = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES)
        pk, sk = pysodium.crypto_box_seed_keypair(b"\x00" * pysodium.crypto_box_SEEDBYTES)

        c = pysodium.crypto_box(msg, nonce, pk, sk)
        m = pysodium.crypto_box_open(c, nonce, pk, sk)

        self.assertEqual(msg, m)

    def test_AsymCrypto_With_Seeded_Keypair(self):
        msg     = "correct horse battery staple"
        nonce   = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES)
        pk, sk = pysodium.crypto_box_seed_keypair("howdy")

        c = pysodium.crypto_box_easy(msg, nonce, pk, sk)
        m = pysodium.crypto_box_open_easy(c, nonce, pk, sk)
        
        self.assertEqual(msg, m)

def encrypt_message(identity, payload):
    version = 1
    nonce = pysodium.randombytes(pysodium.crypto_secretbox_NONCEBYTES)
    pubkeyhash, encryption_key = expand_handle(identity.handle)
    if not validate_pubkey(identity.pk, pubkeyhash):
        raise PubkeyError()
    decrypted = generate_innerbox(identity.pk, identity.sk, payload, version)
    encrypted = pysodium.crypto_secretbox(decrypted, nonce, encryption_key)
    return outer_pack.pack(version, nonce, encrypted)