nacl.bindings¶

The nacl.bindings module exposes the low-level APIs provided by libsodium.

AEAD constructions¶

crypto_aead_chacha20poly1305_decrypt(ciphertext, aad, nonce, key)[source]¶

Decrypt the given ciphertext using the “legacy” construction described in draft-agl-tls-chacha20poly1305.

Parameters:	ciphertext (bytes) – authenticated ciphertext aad (bytes) – nonce (bytes) – key (bytes) –
Returns:	message
Return type:	bytes

crypto_aead_chacha20poly1305_encrypt(message, aad, nonce, key)[source]¶

Encrypt the given message using the “legacy” construction described in draft-agl-tls-chacha20poly1305.

Parameters:	message (bytes) – aad (bytes) – nonce (bytes) – key (bytes) –
Returns:	authenticated ciphertext
Return type:	bytes

crypto_aead_chacha20poly1305_ietf_decrypt(ciphertext, aad, nonce, key)[source]¶

Decrypt the given ciphertext using the IETF ratified chacha20poly1305 construction described in RFC7539.

Parameters:	ciphertext (bytes) – aad (bytes) – nonce (bytes) – key (bytes) –
Returns:	message
Return type:	bytes

crypto_aead_chacha20poly1305_ietf_encrypt(message, aad, nonce, key)[source]¶

Encrypt the given message using the IETF ratified chacha20poly1305 construction described in RFC7539.

Parameters:	message (bytes) – aad (bytes) – nonce (bytes) – key (bytes) –
Returns:	authenticated ciphertext
Return type:	bytes

crypto_aead_xchacha20poly1305_ietf_decrypt(ciphertext, aad, nonce, key)[source]¶

Decrypt the given ciphertext using the long-nonces xchacha20poly1305 construction.

Parameters:	ciphertext (bytes) – authenticated ciphertext aad (bytes) – nonce (bytes) – key (bytes) –
Returns:	message
Return type:	bytes

crypto_aead_xchacha20poly1305_ietf_encrypt(message, aad, nonce, key)[source]¶

Encrypt the given message using the long-nonces xchacha20poly1305 construction.

Parameters:	message (bytes) – aad (bytes) – nonce (bytes) – key (bytes) –
Returns:	authenticated ciphertext
Return type:	bytes

Key exchange¶

crypto_kx_keypair()[source]¶

Generate a keypair. This is a duplicate crypto_box_keypair, but is included for api consistency.

Returns:	(public_key, secret_key)
Return type:	(bytes, bytes)

crypto_kx_client_session_keys(client_public_key, client_secret_key, server_public_key)[source]¶

Generate session keys for the client.

Parameters:	client_public_key (bytes) – client_secret_key (bytes) – server_public_key (bytes) –
Returns:	(rx_key, tx_key)
Return type:	(bytes, bytes)

crypto_kx_server_session_keys(server_public_key, server_secret_key, client_public_key)[source]¶

Generate session keys for the server.

Parameters:	server_public_key (bytes) – server_secret_key (bytes) – client_public_key (bytes) –
Returns:	(rx_key, tx_key)
Return type:	(bytes, bytes)

Utilities¶

sodium_add(a, b)[source]¶

Given a couple of same-sized byte sequences, interpreted as the little-endian representation of two unsigned integers, compute the modular addition of the represented values, in constant time for a given common length of the byte sequences.

Parameters:	a (bytes) – input bytes buffer b (bytes) – input bytes buffer
Returns:	a byte-sequence representing, as a little-endian big integer, the integer value of `(to_int(a) + to_int(b)) mod 2^(8*len(a))`
Return type:	bytes

sodium_increment(inp)[source]¶

Increment the value of a byte-sequence interpreted as the little-endian representation of a unsigned big integer.

Parameters:	inp (bytes) – input bytes buffer
Returns:	a byte-sequence representing, as a little-endian unsigned big integer, the value `to_int(inp)` incremented by one.
Return type:	bytes

sodium_memcmp(inp1, inp2)[source]¶: Compare contents of two memory regions in constant time

sodium_pad(s, blocksize)[source]¶

Pad the input bytearray s to a multiple of blocksize using the ISO/IEC 7816-4 algorithm

Parameters:	s (bytes) – input bytes string blocksize (int) –
Returns:	padded string
Return type:	bytes

sodium_unpad(s, blocksize)[source]¶

Remove ISO/IEC 7816-4 padding from the input byte array s

Parameters:	s (bytes) – input bytes string blocksize (int) –
Returns:	unpadded string
Return type:	bytes