pynacl

Python wrapper for http://nacl.cace-project.eu/
git clone https://code.literati.org/pynacl.git
Log | Files | Refs | README

nacl.i (23563B)


      1 %module nacl
      2 
      3  /*
      4    Copyright 2011 Sean R. Lynch <seanl@literati.org>
      5 
      6    Licensed under the Apache License, Version 2.0 (the "License");
      7    you may not use this file except in compliance with the License.
      8    You may obtain a copy of the License at
      9 
     10        http://www.apache.org/licenses/LICENSE-2.0
     11 
     12    Unless required by applicable law or agreed to in writing, software
     13    distributed under the License is distributed on an "AS IS" BASIS,
     14    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     15    See the License for the specific language governing permissions and
     16    limitations under the License.
     17  */
     18 
     19 %{
     20   #include "crypto_box.h"
     21   #include "crypto_sign.h"
     22   #include "crypto_scalarmult_curve25519.h"
     23   #include "crypto_secretbox.h"
     24   #include "crypto_stream.h"
     25   #include "crypto_auth.h"
     26   #include "crypto_onetimeauth.h"
     27   #include "crypto_hash.h"
     28   #include "crypto_hash_sha256.h"
     29   #include "crypto_hash_sha512.h"
     30   #include "crypto_uint32.h"
     31   #include "randombytes.h"
     32 
     33   typedef struct {
     34     crypto_uint32 v[32];
     35   } fe25519;
     36 
     37   typedef struct {
     38     crypto_uint32 v[32];
     39   } sc25519;
     40 
     41   typedef struct {
     42     fe25519 x;
     43     fe25519 y;
     44     fe25519 z;
     45     fe25519 t;
     46   } ge25519;
     47 
     48   #define sc25519_from32bytes crypto_sign_edwards25519sha512batch_sc25519_from32bytes
     49   #define ge25519_pack crypto_sign_edwards25519sha512batch_ge25519_pack
     50   #define ge25519_scalarmult_base crypto_sign_edwards25519sha512batch_ge25519_scalarmult_base
     51 
     52   void ge25519_pack(unsigned char r[32], const ge25519 *p);
     53   void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s);
     54   void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]);
     55 
     56   int crypto_sign_keypair_fromseed(unsigned char *pk,
     57                                    unsigned char *sk,
     58                                    const unsigned char *seed,
     59                                    unsigned long long seedlen) {
     60     sc25519 scsk;
     61     ge25519 gepk;
     62 
     63     crypto_hash_sha512(sk, seed, seedlen);
     64 
     65     sk[0] &= 248;
     66     sk[31] &= 127;
     67     sk[31] |= 64;
     68 
     69     sc25519_from32bytes(&scsk, sk);
     70 
     71     ge25519_scalarmult_base(&gepk, &scsk);
     72     ge25519_pack(pk, &gepk);
     73     return 0;
     74   }
     75 
     76   #if PY_MAJOR_VERSION > 2
     77   #define MAKEINT PyLong_AsUnsignedLongLong
     78   #else
     79   #define MAKEINT PyInt_AsUnsignedLongLongMask
     80   #endif
     81 
     82 %}
     83 
     84 %include <typemaps.i>
     85 
     86 %typemap(in) (const unsigned char *m, unsigned long long mlen) {
     87   if (!PyBytes_Check($input)) {
     88     PyErr_SetString(PyExc_ValueError, "Expecting a string");
     89     SWIG_fail;
     90   }
     91   $1 = (unsigned char *)PyBytes_AS_STRING($input);
     92   $2 = PyBytes_GET_SIZE($input);
     93 }
     94 
     95 %typemap(in, numinputs=0) unsigned char [ANY] {
     96   $result = PyBytes_FromStringAndSize(NULL, $1_dim0);
     97   $1 = (unsigned char *)PyBytes_AS_STRING($result);
     98 }
     99 
    100 // For some reason [ANY] doesn't work for multi-argument typemaps.
    101 %typemap(in, numinputs=0) (unsigned char pk[crypto_sign_PUBLICKEYBYTES],
    102                            unsigned char sk[crypto_sign_SECRETKEYBYTES])
    103                           (PyObject *temp1, PyObject *temp2),
    104                           (unsigned char pk[crypto_box_PUBLICKEYBYTES],
    105                            unsigned char sk[crypto_box_SECRETKEYBYTES])
    106                           (PyObject *temp1, PyObject *temp2) {
    107   temp1 = PyBytes_FromStringAndSize(NULL, $1_dim0);
    108   $1 = (unsigned char *)PyBytes_AS_STRING(temp1);
    109   temp2 = PyBytes_FromStringAndSize(NULL, $2_dim0);
    110   $2 = (unsigned char *)PyBytes_AS_STRING(temp2);
    111   $result = PyTuple_Pack(2, temp1, temp2);
    112   Py_DECREF(temp1);
    113   Py_DECREF(temp2);
    114 }
    115 
    116 %typemap(in) (const unsigned char *seed, unsigned long long seedlen) {
    117   if (!PyBytes_Check($input)) {
    118     PyErr_SetString(PyExc_ValueError, "Expecting a string");
    119     SWIG_fail;
    120   }
    121   $1 = (unsigned char *)PyBytes_AS_STRING($input);
    122   $2 = (unsigned long long)PyBytes_GET_SIZE($input);
    123 }
    124 
    125 %typemap(in) const unsigned char [ANY] {
    126   if (!PyBytes_Check($input)) {
    127     PyErr_SetString(PyExc_ValueError, "Expecting a string");
    128     SWIG_fail;
    129   }
    130   if (PyBytes_GET_SIZE($input) != $1_dim0) {
    131     PyErr_Format(PyExc_ValueError, "Expecting a string of length %d", $1_dim0);
    132     SWIG_fail;
    133   }
    134   $1 = (unsigned char *)PyBytes_AS_STRING($input);
    135 }
    136 
    137 %typemap(in)
    138   (unsigned char *sm, unsigned long long *smlen,
    139    const unsigned char *m, unsigned long long mlen)
    140      (unsigned long long temp) {
    141   if (!PyBytes_Check($input)) {
    142     PyErr_SetString(PyExc_ValueError, "Expecting a string");
    143     SWIG_fail;
    144   }
    145   $4 = PyBytes_GET_SIZE($input);
    146   $result = PyBytes_FromStringAndSize(NULL, $4 + crypto_sign_BYTES);
    147   $1 = (unsigned char *)PyBytes_AS_STRING($result);
    148   $2 = &temp;
    149   $3 = (unsigned char *)PyBytes_AS_STRING($input);
    150 }
    151 
    152 %typemap(in)
    153   (unsigned char *m, unsigned long long *mlen,
    154    const unsigned char *sm, unsigned long long smlen)
    155   (unsigned long long temp) {
    156   if (!PyBytes_Check($input)) {
    157     PyErr_SetString(PyExc_ValueError, "Expecting a string");
    158     SWIG_fail;
    159   }
    160   $4 = PyBytes_GET_SIZE($input);
    161   $result = PyBytes_FromStringAndSize(NULL, $4);
    162   $1 = (unsigned char *)PyBytes_AS_STRING($result);
    163   $2 = &temp;
    164   $3 = (unsigned char *)PyBytes_AS_STRING($input);
    165 }
    166 
    167 %typemap(argout) (unsigned char *sm, unsigned long long *smlen),
    168   (unsigned char *m, unsigned long long *mlen) {
    169   _PyBytes_Resize(&$result, *$2);
    170 }
    171 
    172 %typemap(in) (unsigned char *buffer, unsigned long long bytes),
    173              (unsigned char *c, unsigned long long clen) {
    174   $2 = MAKEINT($input);
    175   if ($2 == -1 && PyErr_Occurred() != NULL) {
    176     SWIG_fail;
    177   }
    178   $result = PyBytes_FromStringAndSize(NULL, $2);
    179   $1 = (unsigned char *)PyBytes_AS_STRING($result);
    180 }
    181 
    182 %typemap(in) (unsigned char *c, const unsigned char *in,
    183               unsigned long long clen) {
    184   if (!PyBytes_Check($input)) {
    185     PyErr_SetString(PyExc_ValueError, "Expecting a string");
    186     SWIG_fail;
    187   }
    188   $3 = PyBytes_GET_SIZE($input);
    189   $result = PyBytes_FromStringAndSize(NULL, $3);
    190   $1 = (unsigned char *)PyBytes_AS_STRING($result);
    191   $2 = (unsigned char *)PyBytes_AS_STRING($input);
    192 }
    193 
    194 %typemap(out) int {
    195   if ($1 != 0) {
    196     PyErr_Format(PyExc_ValueError, "Operation failed with error %d", $1);
    197     SWIG_fail;
    198   }
    199 }
    200 
    201 %typemap(out) void randombytes {}
    202 
    203 /**
    204  * crypto_box typemaps. The dimensions on the arrays indicate padding.
    205  */
    206 %typemap(in) (unsigned char out[crypto_box_BOXZEROBYTES],
    207               const unsigned char in[crypto_box_ZEROBYTES],
    208               unsigned long long mlen),
    209    (unsigned char out[crypto_box_ZEROBYTES],
    210     const unsigned char in[crypto_box_BOXZEROBYTES],
    211     unsigned long long mlen),
    212    (unsigned char out[crypto_secretbox_BOXZEROBYTES],
    213     const unsigned char in[crypto_secretbox_ZEROBYTES],
    214     unsigned long long mlen),
    215    (unsigned char out[crypto_secretbox_ZEROBYTES],
    216     const unsigned char in[crypto_secretbox_BOXZEROBYTES],
    217     unsigned long long mlen) {
    218   if (!PyBytes_Check($input)) {
    219     PyErr_SetString(PyExc_ValueError, "Expecting a string");
    220     SWIG_fail;
    221   }
    222   $3 = PyBytes_GET_SIZE($input) + $2_dim0;
    223   // Need to pad the beginning
    224   $1 = (unsigned char *)calloc($3 + $1_dim0, sizeof(unsigned char));
    225   $2 = (unsigned char *)calloc($3 + $2_dim0, sizeof(unsigned char));
    226   memcpy(&$2[$2_dim0], PyBytes_AS_STRING($input), $3);
    227 }
    228 
    229 %typemap(argout) (unsigned char out[crypto_box_BOXZEROBYTES],
    230                   const unsigned char in [crypto_box_ZEROBYTES],
    231                   unsigned long long mlen),
    232    (unsigned char out[crypto_box_ZEROBYTES],
    233     const unsigned char in[crypto_box_BOXZEROBYTES],
    234     unsigned long long mlen),
    235    (unsigned char out[crypto_secretbox_BOXZEROBYTES],
    236     const unsigned char in[crypto_secretbox_ZEROBYTES],
    237     unsigned long long mlen),
    238    (unsigned char out[crypto_secretbox_ZEROBYTES],
    239     const unsigned char in[crypto_secretbox_BOXZEROBYTES],
    240     unsigned long long mlen) {
    241   $result = PyBytes_FromStringAndSize((char *)&$1[$1_dim0], $3 - $1_dim0);
    242   free($1);
    243   free($2);
    244 }
    245 
    246 /**
    247  * Auth typemaps
    248  */
    249 %typemap(out) int crypto_auth_verify, int crypto_onetimeauth_verify {
    250   if ($1 == 0) {
    251     $result = Py_True;
    252   } else {
    253     $result = Py_False;
    254   }
    255   Py_INCREF($result);
    256 }
    257 
    258 
    259 /**
    260  * Utilities
    261  */
    262 %feature("docstring") {
    263 randombytes(length) -> random bytestring
    264 
    265 Produces a random bytestring of the desired length, by reading from
    266 /dev/urandom.
    267 }
    268 void randombytes(unsigned char *buffer, unsigned long long bytes);
    269 
    270 /**
    271  * Hash stuff
    272  */
    273 %constant int crypto_hash_sha256_BYTES;
    274 %constant char *crypto_hash_sha256_IMPLEMENTATION;
    275 %constant char *crypto_hash_sha256_VERSION;
    276 %constant int crypto_hash_sha512_BYTES;
    277 %constant char *crypto_hash_sha512_IMPLEMENTATION;
    278 %constant char *crypto_hash_sha512_VERSION;
    279 
    280 %feature("docstring") {
    281 crypto_hash_sha256(string) -> hash
    282 
    283 Produces the 32-byte-long SHA256 hash of the input bytestring.
    284 }
    285 int crypto_hash_sha256(unsigned char hash[32], const unsigned char *m,
    286                        unsigned long long mlen);
    287 %feature("docstring") {
    288 crypto_hash_sha512(string) -> hash
    289 
    290 Produces the 64-byte-long SHA512 hash of the input bytestring.
    291 }
    292 int crypto_hash_sha512(unsigned char hash[64], const unsigned char *m,
    293                        unsigned long long mlen);
    294 
    295 
    296 /**
    297  * Authenticated public-key encryption
    298  */
    299 %constant int crypto_box_PUBLICKEYBYTES;
    300 %constant int crypto_box_SECRETKEYBYTES;
    301 %constant int crypto_box_BEFORENMBYTES;
    302 %constant int crypto_box_NONCEBYTES;
    303 %constant int crypto_box_ZEROBYTES;
    304 %constant int crypto_box_BOXZEROBYTES;
    305 %constant char *crypto_box_PRIMITIVE;
    306 %constant char *crypto_box_IMPLEMENTATION;
    307 %constant char *crypto_box_VERSION;
    308 
    309 %feature("docstring") {
    310 crypto_box(message, nonce, their_pubkey, my_privkey) -> encrypted
    311 
    312 Encrypts+authenticates a message by combining a public and a private key
    313 to generate a shared secret. Takes a unique nonce (a bytestring of
    314 length nacl.crypto_box_NONCEBYTES) and two keys (as bytestrings of
    315 length nacl.crypto_box_PUBLICKEYBYTES and crypto_box_SECRETKEYBYTES),
    316 returns a boxed message (also a bytestring).
    317 }
    318 int crypto_box(unsigned char out[crypto_box_BOXZEROBYTES],
    319                const unsigned char in[crypto_box_ZEROBYTES],
    320                unsigned long long mlen,
    321                const unsigned char n[crypto_box_NONCEBYTES],
    322                const unsigned char pk[crypto_box_PUBLICKEYBYTES],
    323                const unsigned char sk[crypto_box_SECRETKEYBYTES]);
    324 %feature("docstring") {
    325 crypto_box_open(encrypted, nonce, their_pubkey, my_privkey) -> message
    326 
    327 Decrypts+authenticates a boxed message from crypto_box(). Takes a unique
    328 nonce (a bytestring of length nacl.crypto_box_NONCEBYTES) and two keys
    329 (as bytestrings of length nacl.crypto_box_PUBLICKEYBYTES and
    330 crypto_box_SECRETKEYBYTES), returns the decrypted message (also a
    331 bytestring). If authentication fails, ValueError is raised.
    332 }
    333 int crypto_box_open(unsigned char out[crypto_box_ZEROBYTES],
    334                     const unsigned char in[crypto_box_BOXZEROBYTES],
    335                     unsigned long long mlen,
    336                     const unsigned char n[crypto_box_NONCEBYTES],
    337                     const unsigned char pk[crypto_box_PUBLICKEYBYTES],
    338                     const unsigned char sk[crypto_box_SECRETKEYBYTES]);
    339 %feature("docstring") {
    340 crypto_box_keypair() -> (pubkey, privkey)
    341 
    342 Creates a keypair by reading /dev/urandom. Returns a tuple of bytestrings.
    343 'pubkey' is the public key, of length  nacl.crypto_box_PUBLICKEYBYTES, and
    344 'privkey' is the secret key, of length nacl.crypto_box_SECRETKEYBYTES.
    345 }
    346 int crypto_box_keypair(unsigned char pk[crypto_box_PUBLICKEYBYTES],
    347                        unsigned char sk[crypto_box_SECRETKEYBYTES]);
    348 %feature("docstring") {
    349 crypto_box_beforenm(pubkey, privkey) -> precomputed 'K' value
    350 
    351 Precomputes the non-message-specific shared key. This can be used to
    352 amortize multiple crypto_box() calls for the same sender/receiver pair.
    353 Pass the generated K value into crypto_box_afternm() or
    354 crypto_box_open_afternm().
    355 }
    356 int crypto_box_beforenm(unsigned char k[crypto_box_BEFORENMBYTES],
    357                         const unsigned char pk[crypto_box_PUBLICKEYBYTES],
    358                         const unsigned char sk[crypto_box_PUBLICKEYBYTES]);
    359 %feature("docstring") {
    360 crypto_box_afternm(message, nonce, K) -> encrypted
    361 
    362 Like crypto_box(), but uses the precomputed K value from crypto_box_beforenm().
    363 }
    364 int crypto_box_afternm(unsigned char out[crypto_box_BOXZEROBYTES],
    365                        const unsigned char in[crypto_box_ZEROBYTES],
    366                        unsigned long long mlen,
    367                        const unsigned char n[crypto_box_NONCEBYTES],
    368                        const unsigned char k[crypto_box_BEFORENMBYTES]);
    369 %feature("docstring") {
    370 crypto_box_open_afternm(encrypted, nonce, K) -> message
    371 
    372 Like crypto_box_open(), but uses the precomputed K value from
    373 crypto_box_beforenm().
    374 }
    375 int crypto_box_open_afternm(unsigned char out[crypto_box_ZEROBYTES],
    376                             const unsigned char in[crypto_box_BOXZEROBYTES],
    377                             unsigned long long mlen,
    378                             const unsigned char n[crypto_box_NONCEBYTES],
    379                             const unsigned char k[crypto_box_BEFORENMBYTES]);
    380 
    381 
    382 /**
    383  * Scalar multiplication
    384  */
    385 %constant int crypto_scalarmult_curve25519_BYTES;
    386 %constant int crypto_scalarmult_curve25519_SCALARBYTES;
    387 %constant char *crypto_scalarmult_curve25519_IMPLEMENTATION;
    388 %constant char *crypto_scalarmult_curve25519_VERSION;
    389 
    390 %feature("docstring") {
    391 crypto_scalarmult_curve25519(scalar, element) -> element
    392 
    393 Performs Curve25519 multiplication of a scalar (a bytestring of length
    394 crypto_scalarmult_curve25519_SCALARBYTES) and a group element (a
    395 bytestring of length crypto_scalarmult_curve25519_BYTES), resulting in
    396 another group element (again a bytestring). This is a one-way function:
    397 it is hard to derive the scalar from the output group element (CDH: the
    398 Computational Diffie-Hellman Problem). All strings represent at least
    399 one group element.
    400 }
    401 int crypto_scalarmult_curve25519(unsigned char
    402                                    q[crypto_scalarmult_curve25519_BYTES],
    403                                  const unsigned char
    404                                    n[crypto_scalarmult_curve25519_SCALARBYTES],
    405                                  const unsigned char
    406                                    p[crypto_scalarmult_curve25519_BYTES]);
    407 %feature("docstring") {
    408 crypto_scalarmult_curve25519_base(scalar) -> element
    409 
    410 Like crypto_scalarmult_curve25519(), but uses a standard "base" group
    411 element (a generator). The scalar is a bytestring of length
    412 crypto_scalarmult_curve25519_SCALARBYTES, and the output group element
    413 is a bytestring of length crypto_scalarmult_curve25519_BYTES.
    414 }
    415 int crypto_scalarmult_curve25519_base(unsigned char
    416                                         q[crypto_scalarmult_curve25519_BYTES],
    417                                       const unsigned char
    418                                         n[crypto_scalarmult_curve25519_SCALARBYTES]);
    419 
    420 
    421 /**
    422  * Signatures
    423  */
    424 %constant int crypto_sign_BYTES;
    425 %constant int crypto_sign_PUBLICKEYBYTES;
    426 %constant int crypto_sign_SECRETKEYBYTES;
    427 %constant char *crypto_sign_PRIMITIVE;
    428 %constant char *crypto_sign_IMPLEMENTATION;
    429 %constant char *crypto_sign_VERSION;
    430 
    431 %feature("docstring") {
    432 crypto_sign_keypair_fromseed(seed) -> (verifying_key, signing_key)
    433 
    434 Generate a signature keypair from a secret seed. The verifying key will
    435 be a bytestring of length crypto_sign_PUBLICKEYBYTES, and the signing
    436 key will be of length crypto_sign_SECRETKEYBYTES. The seed can be a
    437 bytestring of any length, but must have at least
    438 crypto_sign_SECRETKEYBYTES of entropy to be secure.
    439 }
    440 int crypto_sign_keypair_fromseed(unsigned char pk[crypto_sign_PUBLICKEYBYTES],
    441                                  unsigned char sk[crypto_sign_SECRETKEYBYTES],
    442                                  const unsigned char *seed,
    443                                  unsigned long long seedlen); // Custom
    444 %feature("docstring") {
    445 crypto_sign_keypair() -> (verifying_key, signing_key)
    446 
    447 Generate a signature keypair by reading /dev/urandom. The verifying key
    448 will be a bytestring of length crypto_sign_PUBLICKEYBYTES, and the
    449 signing key will be of length crypto_sign_SECRETKEYBYTES.
    450 }
    451 int crypto_sign_keypair(unsigned char pk[crypto_sign_PUBLICKEYBYTES],
    452                         unsigned char sk[crypto_sign_SECRETKEYBYTES]);
    453 %feature("docstring") {
    454 crypto_sign(message, signing_key) -> signed_message
    455 
    456 Sign a message, using a private signing key (a bytestring of length
    457 crypto_sign_SECRETKEYBYTES). The message can be a bytestring of any
    458 length. The signed_message will be a bytestring that includes both the
    459 message and the signature.
    460 }
    461 int crypto_sign(unsigned char *sm, unsigned long long *smlen,
    462                 const unsigned char *m, unsigned long long mlen,
    463                 const unsigned char sk[crypto_sign_SECRETKEYBYTES]);
    464 %feature("docstring") {
    465 crypto_sign_open(signed_message, verifying_key) -> message
    466 
    467 Verify a signed message, using a public verifying key (a bytestring of
    468 length crypto_sign_PUBLICKEYBYTES). If the signature was correct, the
    469 message is returned. If not, ValueError is raised.
    470 }
    471 int crypto_sign_open(unsigned char *m, unsigned long long *mlen,
    472                      const unsigned char *sm, unsigned long long smlen,
    473                      const unsigned char pk[crypto_sign_PUBLICKEYBYTES]);
    474 
    475 
    476 /**
    477  * Authenticated secret-key encryption
    478  */
    479 %constant int crypto_secretbox_KEYBYTES;
    480 %constant int crypto_secretbox_NONCEBYTES;
    481 %constant int crypto_secretbox_ZEROBYTES;
    482 %constant int crypto_secretbox_BOXZEROBYTES;
    483 %constant char *crypto_secretbox_PRIMITIVE;
    484 %constant char *crypto_secretbox_IMPLEMENTATION;
    485 %constant char *crypto_secretbox_VERSION;
    486 
    487 %feature("docstring") {
    488 crypto_secretbox(message, nonce, key) -> encrypted
    489 
    490 Encrypts+authenticates a message using a (symmetric) secret key. Takes a
    491 unique nonce (a bytestring of length nacl.crypto_secretbox_NONCEBYTES)
    492 and one shared key (a bytestring of length
    493 nacl.crypto_secretbox_KEYBYTES), returns a boxed message (also a
    494 bytestring).
    495 }
    496 int crypto_secretbox(unsigned char out[crypto_secretbox_BOXZEROBYTES],
    497                      const unsigned char in[crypto_secretbox_ZEROBYTES],
    498                      unsigned long long mlen,
    499                      const unsigned char n[crypto_secretbox_NONCEBYTES],
    500                      const unsigned char k[crypto_secretbox_KEYBYTES]);
    501 %feature("docstring") {
    502 crypto_secretbox_open(encrypted, nonce, key) -> message
    503 
    504 Decrypts+authenticates a boxed message from crypto_secretbox(). Takes a
    505 unique nonce (a bytestring of length nacl.crypto_secretbox_NONCEBYTES)
    506 and a key (bytestring of length nacl.crypto_secretbox_KEYBYTES), returns
    507 the decrypted message (also a bytestring). If authentication fails,
    508 ValueError is raised.
    509 }
    510 int crypto_secretbox_open(unsigned char out[crypto_secretbox_ZEROBYTES],
    511                           const unsigned char in[crypto_secretbox_BOXZEROBYTES],
    512                           unsigned long long mlen,
    513                           const unsigned char n[crypto_secretbox_NONCEBYTES],
    514                           const unsigned char k[crypto_secretbox_KEYBYTES]);
    515 
    516 
    517 /**
    518  * Secret-key encryption
    519  */
    520 %constant int crypto_stream_KEYBYTES;
    521 %constant int crypto_stream_NONCEBYTES;
    522 %constant char *crypto_stream_PRIMITIVE;
    523 %constant char *crypto_stream_IMPLEMENTATION;
    524 %constant char *crypto_stream_VERSION;
    525 
    526 %feature("docstring") {
    527 crypto_stream(length, nonce, key) -> keystream
    528 
    529 Generate a pseudo-random stream, given a unique nonce and secret key.
    530 This is a PRF (Pseudo-Random Function). The stream is a bytestring of
    531 'length' bytes, the nonce is a bytestring of length
    532 crypto_stream_NONCEBYTES, and the key is a bytestring of length
    533 crypto_stream_KEYBYTES.
    534 }
    535 int crypto_stream(unsigned char *c, unsigned long long clen,
    536                   const unsigned char n[crypto_stream_NONCEBYTES],
    537                   const unsigned char k[crypto_stream_KEYBYTES]);
    538 %feature("docstring") {
    539 crypto_stream_xor(message, nonce, key) -> encrypted
    540 
    541 Encrypts a message by XORing with the pseudo-random stream generated by
    542 crypto_stream(), given a unique nonce and secret key. Does not provide
    543 message authentication. Both the input message and the encrypted output
    544 are bytestrings (of equal length). The nonce is a bytestring of length
    545 crypto_stream_NONCEBYTES, and the key is a bytestring of length
    546 crypto_stream_KEYBYTES.
    547 }
    548 int crypto_stream_xor(unsigned char *c, const unsigned char *in,
    549                       unsigned long long clen,
    550                       const unsigned char n[crypto_stream_NONCEBYTES],
    551                       const unsigned char k[crypto_stream_KEYBYTES]);
    552 
    553 
    554 /**
    555  * Authentication
    556  */
    557 %constant int crypto_auth_BYTES;
    558 %constant int crypto_auth_KEYBYTES;
    559 %constant char *crypto_auth_PRIMITIVE;
    560 %constant char *crypto_auth_IMPLEMENTATION;
    561 %constant char *crypto_auth_VERSION;
    562 
    563 %feature("docstring") {
    564 crypto_auth(message, key) -> authenticator
    565 
    566 Produces a message authentication code for the given message and secret
    567 key, to be passed into crypto_auth_verify(). The key is a bytestring of
    568 length crypto_auth_KEYBYTES, and the authenticator is a bytestring of
    569 length crypto_auth_BYTES. It is safe to use the same key for multiple
    570 messages.
    571 }
    572 int crypto_auth(unsigned char a[crypto_auth_BYTES], const unsigned char *m,
    573                 unsigned long long mlen,
    574                 const unsigned char k[crypto_auth_KEYBYTES]);
    575 %feature("docstring") {
    576 crypto_auth_verify(authenticator, message, key) -> None
    577 
    578 Verifies the authenticator created by crypto_auth(), raising ValueError
    579 if authentication fails (i.e. the message or authenticator differs from
    580 what was given to crypto_auth()). The key is a bytestring of length
    581 crypto_auth_KEYBYTES, and the authenticator is a bytestring of length
    582 crypto_auth_BYTES.
    583 }
    584 int crypto_auth_verify(const unsigned char a[crypto_auth_BYTES],
    585                        const unsigned char *m, unsigned long long mlen,
    586                        const unsigned char k[crypto_auth_KEYBYTES]);
    587 
    588 
    589 /**
    590  * One-time authentication
    591  */
    592 %constant int crypto_onetimeauth_BYTES;
    593 %constant int crypto_onetimeauth_KEYBYTES;
    594 %constant char *crypto_onetimeauth_PRIMITIVE;
    595 %constant char *crypto_onetimeauth_IMPLEMENTATION;
    596 %constant char *crypto_onetimeauth_VERSION;
    597 
    598 %feature("docstring") {
    599 crypto_onetimeauth(message, key) -> authenticator
    600 
    601 Produces a message authentication code for a message and secret key, to
    602 be passed into crypto_onetimeauth_verify(). The key must *only* be used
    603 for a single message: authenticators for two messages under the same key
    604 should be expected to reveal enough information to allow forgeries of
    605 authenticators on other messages. This is generally 3x faster than the
    606 safer crypto_auth() function, and meant primarily for use inside
    607 crypto_box().
    608 
    609 The key is a bytestring of length crypto_onetimeauth_KEYBYTES, and the
    610 authenticator is a bytestring of length crypto_onetimeauth_BYTES.
    611 }
    612 int crypto_onetimeauth(unsigned char a[crypto_onetimeauth_BYTES],
    613                        const unsigned char *m, unsigned long long mlen,
    614                        const unsigned char k[crypto_onetimeauth_KEYBYTES]);
    615 %feature("docstring") {
    616 crypto_onetimeauth_verify(authenticator, message, key) -> None
    617 
    618 Verifies the authenticator created by crypto_onetimeauth(), raising
    619 ValueError if authentication fails (i.e. the message or authenticator
    620 differs from what was given to crypto_auth()). The key is a bytestring
    621 of length crypto_onetimeauth_KEYBYTES, and the authenticator is a
    622 bytestring of length crypto_onetimeauth_BYTES.
    623 }
    624 int crypto_onetimeauth_verify(const unsigned char a[crypto_onetimeauth_BYTES],
    625                               const unsigned char *m, unsigned long long mlen,
    626                               const unsigned char k[crypto_onetimeauth_KEYBYTES]);