bindings/py/pypcp/context.py

#
#    This file is part of Pretty Curved Privacy (pcp1).
#
#    Copyright (C) 2013-2015 T. von Dein.
#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
#    You can contact me by mail: <tlinden AT cpan DOT org>.
#

from pypcp.dll import *
from pypcp.stream import *

class Context(object):
    """
    A libpcp context object, required for all operations.
    """
    def __init__(self):
        """
        Create a new instance:
        
        >>> ctx = Context()
        """
        self._ctx = libpcp.ptx_new()
        self._sk = None

    def __del__(self):
        """
        Destructor, automatically called
        """
        libpcp.ptx_clean(self._ctx)

    def throw(self, E=None, msg=None):
        """
        Used internally to propagate libpcp errors.

        Throw libpcp error:
        >>> ctx.throw(IOError, "additional message")

        Throw pure python exception:
        >>> ctx.throw(None, "pypcp error")
        """
        # forward libpcp generated exceptions
        pcpmsg = ''

        if self._ctx.pcp_errset == 1:
            pcpmsg = ffi.string(self._ctx.pcp_err)

        if E:
            if msg:
                pcpmsg = "%s: %s" % (msg, pcpmsg)
            raise E(pcpmsg)
        else:
            raise RuntimeError(msg)

    def addkey(self, Key):
        """
        Add a secret key to the contect. Required for encryption
        and signing operations. If you don't add a secret key to
        the context, anonymous encryption will be done.

        >>> key = Key(owner="alicia")
        >>> ctx.addkey(key)
        """
        self._sk = Key._sk

    def pubkeycount(self):
        """
        Return the number of public keys known.
        """
        return libpcp.pcphash_countpub(self._ctx)

    def recipients(self, *recipients):
        """
        Add one or more public keys. Required for encryption
        and signing operations.

        >>> keyfile = open("bobby.pub", "r")
        >>> bobby = PublicKey(encoded=keyfile).read()
        >>> ctx.recipients(bobby)
        """
        for key in recipients:
            libpcp.pcphash_add(self._ctx, key._pk, key._pk.type)

    def encrypt(self, source=None, sign=False, passphrase=None, armor=False):
        """
        Encrypt a file or a string.

        Args:
        - 'source' can be a file handle (returned by open())
          or a python string containing the data to be encrypted
        - 'sign': if set to True, append a signature to encrypted output
        - 'passphrase': If set, do symmetric encryption (self mode)
        - 'armor': if set to True, encode the output using Z85

        Returns:
        returns the encrypted result.

        Encrypt asymmetrically:
        >>> seca = Key(encoded=alicesec, 'a')                # import keys
        >>> secb = Key(encoded=bobsec, 'b')
        >>> puba = PublicKey(encoded=alicepub)
        >>> pubb = PublicKey(encoded=bobpub)
        >>>
        >>> ctxA = Context()                                 # 2 contexts, one for sender, one for recipient
        >>> ctxA.addkey(seca)
        >>> ctxA.recipients(pubb)
        >>> ctxB = Context()
        >>> ctxB.addkey(secb)
        >>> ctxB.recipients(puba)
        >>>
        >>> encrypted = ctxA.encrypt(source='hello world')   # encrypt alice => bob
        >>> decrypted = ctxB.decrypt(source=encrypted)       # decrypt bob <= alice

        Encrypt symmetrically:
        >>> ctx = Context()
        >>> encrypted = ctx.encrypt(source='hello world', passphrase='x')
        >>> decrypted = ctx.decrypt(source=encrypted, passphrase='x')

        """
        anon = 0
        dosign = 0
        instream = None
        outstream = None
        sk = self._sk
        
        if source:
            instream = Stream(source)
        else:
            self.throw(None, "source argument required")

        outstream = Stream()
        
        if armor:
            # enable z85 encoding
            libpcp.ps_armor(outstream._stream, PCP_BLOCK_SIZE/2)
            libpcp.ps_print(outstream._stream, PCP_ENFILE_HEADER)

        if self.pubkeycount() > 0:
            # asymmetric

            if not self._sk:
                # no secret key known, anonymous mode
                anon = 1
                sk = libpcp.pcpkey_new()
                
            if sign:
                dosign = 1

            size = libpcp.pcp_encrypt_stream(self._ctx, instream._stream, outstream._stream,
                                             sk, self._ctx.pcppubkey_hash, dosign, anon)
            if size <= 0:
                self.throw(IOError, "failed to encrypt")

        else:
            # symmetric
            salt = ffi.new("byte[]", PBP_COMPAT_SALT)
            symkey = libpcp.pcp_scrypt(self._ctx, passphrase, len(passphrase), salt, 90)
            size =  libpcp.pcp_encrypt_stream_sym(self._ctx, instream._stream,
                                                  outstream._stream, symkey, 0, ffi.NULL)
            if size <= 0:
                self.throw(IOError, "failed to encrypt")


        if armor:
            # finish z85 encoding
            libpcp.ps_finish(outstream._stream);
            libpcp.ps_unarmor(outstream._stream);
            libpcp.ps_print(outstream._stream, PCP_ENFILE_FOOTER)

        # return the raw buffer contents, wether encoded or not
        return ffi.buffer(libpcp.buffer_get_remainder(outstream._stream.b),
                          libpcp.buffer_size(outstream._stream.b))[:]


    def decrypt(self, source=None, verify=False, passphrase=None):
        """
        Decrypt a file or string

        Args:
        - 'source' can be a file handle (returned by open())
          or a python string containing the data to be encrypted
        - 'verify': if set to True, verify a signature, if present
        - 'passphrase': If set, do symmetric encryption (self mode)

        Returns:
        returns the decrypted result.

        For usage example see encrypt().
        """
        doverify = 0
        doanon = 0
        instream = None
        outstream = None

        if verify:
            doverify = 1

        if source:
            instream = Stream(source)
        else:
            self.throw(RuntimeError, "source argument required")

        libpcp.ps_setdetermine(instream._stream, PCP_BLOCK_SIZE/2)
        outstream = Stream()

        # determine input type
        head = ffi.new("byte *")
        got = libpcp.ps_read(instream._stream, head, 1)

        if got <= 0:
            self.throw(IOError, "failed to read from input stream")

        if head[0] == PCP_SYM_CIPHER:
            # symmetric
            salt = ffi.new("byte[]", PBP_COMPAT_SALT)
            symkey = libpcp.pcp_scrypt(self._ctx, passphrase, len(passphrase), salt, 90)
            size = libpcp.pcp_decrypt_stream(self._ctx, instream._stream,
                                             outstream._stream, ffi.NULL,
                                             symkey, doverify, 0)
            if size <= 0:
                self.throw(IOError, "failed to decrypt")
        else:
            # asymmetric
            if not self._sk:
                self.throw(None, "no secret key associated with current context")

            if head[0] == PCP_ASYM_CIPHER_ANON:
                doanon = 1
            if head[0] == PCP_ASYM_CIPHER_SIG:
                doverify

            size = libpcp.pcp_decrypt_stream(self._ctx, instream._stream,
                                             outstream._stream, self._sk,
                                             ffi.NULL, doverify, doanon)
            if size <= 0:
                self.throw(IOError, "failed to decrypt")

        # return the raw buffer contents
        return ffi.buffer(libpcp.buffer_get_remainder(outstream._stream.b),
                          libpcp.buffer_size(outstream._stream.b))[:]
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`#`
			`# This file is part of Pretty Curved Privacy (pcp1).`
			`#`
			`# Copyright (C) 2013-2015 T. von Dein.`
			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`#`
			`# You can contact me by mail: <tlinden AT cpan DOT org>.`
			`#`

started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`from pypcp.dll import *`
			`from pypcp.stream import *`

			`class Context(object):`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`"""`
			`A libpcp context object, required for all operations.`
			`"""`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`def __init__(self):`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`"""`
			`Create a new instance:`

			`>>> ctx = Context()`
			`"""`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`self._ctx = libpcp.ptx_new()`
			`self._sk = None`

			`def __del__(self):`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`"""`
			`Destructor, automatically called`
			`"""`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`libpcp.ptx_clean(self._ctx)`

			`def throw(self, E=None, msg=None):`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`"""`
			`Used internally to propagate libpcp errors.`

			`Throw libpcp error:`
			`>>> ctx.throw(IOError, "additional message")`

			`Throw pure python exception:`
			`>>> ctx.throw(None, "pypcp error")`
			`"""`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`# forward libpcp generated exceptions`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`pcpmsg = ''`

			`if self._ctx.pcp_errset == 1:`
			`pcpmsg = ffi.string(self._ctx.pcp_err)`

started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`if E:`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`if msg:`
			`pcpmsg = "%s: %s" % (msg, pcpmsg)`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`raise E(pcpmsg)`
			`else:`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`raise RuntimeError(msg)`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00
			`def addkey(self, Key):`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`"""`
			`Add a secret key to the contect. Required for encryption`
			`and signing operations. If you don't add a secret key to`
			`the context, anonymous encryption will be done.`

			`>>> key = Key(owner="alicia")`
			`>>> ctx.addkey(key)`
			`"""`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`self._sk = Key._sk`

			`def pubkeycount(self):`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`"""`
			`Return the number of public keys known.`
			`"""`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`return libpcp.pcphash_countpub(self._ctx)`

			`def recipients(self, *recipients):`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`"""`
			`Add one or more public keys. Required for encryption`
			`and signing operations.`

			`>>> keyfile = open("bobby.pub", "r")`
			`>>> bobby = PublicKey(encoded=keyfile).read()`
			`>>> ctx.recipients(bobby)`
			`"""`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`for key in recipients:`
			`libpcp.pcphash_add(self._ctx, key._pk, key._pk.type)`

py: added asym en/decryption, fine tuned test script 2014-12-23 20:13:52 +01:00			`def encrypt(self, source=None, sign=False, passphrase=None, armor=False):`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`"""`
			`Encrypt a file or a string.`

			`Args:`
			`- 'source' can be a file handle (returned by open())`
			`or a python string containing the data to be encrypted`
			`- 'sign': if set to True, append a signature to encrypted output`
			`- 'passphrase': If set, do symmetric encryption (self mode)`
			`- 'armor': if set to True, encode the output using Z85`

			`Returns:`
			`returns the encrypted result.`

			`Encrypt asymmetrically:`
			`>>> seca = Key(encoded=alicesec, 'a') # import keys`
			`>>> secb = Key(encoded=bobsec, 'b')`
			`>>> puba = PublicKey(encoded=alicepub)`
			`>>> pubb = PublicKey(encoded=bobpub)`
			`>>>`
			`>>> ctxA = Context() # 2 contexts, one for sender, one for recipient`
			`>>> ctxA.addkey(seca)`
			`>>> ctxA.recipients(pubb)`
			`>>> ctxB = Context()`
			`>>> ctxB.addkey(secb)`
			`>>> ctxB.recipients(puba)`
			`>>>`
			`>>> encrypted = ctxA.encrypt(source='hello world') # encrypt alice => bob`
			`>>> decrypted = ctxB.decrypt(source=encrypted) # decrypt bob <= alice`

			`Encrypt symmetrically:`
			`>>> ctx = Context()`
			`>>> encrypted = ctx.encrypt(source='hello world', passphrase='x')`
			`>>> decrypted = ctx.decrypt(source=encrypted, passphrase='x')`

			`"""`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`anon = 0`
pypcp: started with decrypt 2014-12-22 19:48:36 +01:00			`dosign = 0`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`instream = None`
			`outstream = None`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`sk = self._sk`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00
py: added asym en/decryption, fine tuned test script 2014-12-23 20:13:52 +01:00			`if source:`
			`instream = Stream(source)`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`else:`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`self.throw(None, "source argument required")`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00
			`outstream = Stream()`
pypcp: started with decrypt 2014-12-22 19:48:36 +01:00
			`if armor:`
			`# enable z85 encoding`
			`libpcp.ps_armor(outstream._stream, PCP_BLOCK_SIZE/2)`
			`libpcp.ps_print(outstream._stream, PCP_ENFILE_HEADER)`

started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`if self.pubkeycount() > 0:`
pypcp: started with decrypt 2014-12-22 19:48:36 +01:00			`# asymmetric`

started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`if not self._sk:`
pypcp: started with decrypt 2014-12-22 19:48:36 +01:00			`# no secret key known, anonymous mode`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`anon = 1`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`sk = libpcp.pcpkey_new()`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00
			`if sign:`
			`dosign = 1`

			`size = libpcp.pcp_encrypt_stream(self._ctx, instream._stream, outstream._stream,`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`sk, self._ctx.pcppubkey_hash, dosign, anon)`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`if size <= 0:`
			`self.throw(IOError, "failed to encrypt")`

			`else:`
			`# symmetric`
			`salt = ffi.new("byte[]", PBP_COMPAT_SALT)`
pypcp: started with decrypt 2014-12-22 19:48:36 +01:00			`symkey = libpcp.pcp_scrypt(self._ctx, passphrase, len(passphrase), salt, 90)`
			`size = libpcp.pcp_encrypt_stream_sym(self._ctx, instream._stream,`
			`outstream._stream, symkey, 0, ffi.NULL)`
started with py crypto, enhanced raw.py generation, better autoconf integration 2014-12-22 16:22:52 +01:00			`if size <= 0:`
			`self.throw(IOError, "failed to encrypt")`

pypcp: started with decrypt 2014-12-22 19:48:36 +01:00
			`if armor:`
			`# finish z85 encoding`
			`libpcp.ps_finish(outstream._stream);`
			`libpcp.ps_unarmor(outstream._stream);`
			`libpcp.ps_print(outstream._stream, PCP_ENFILE_FOOTER)`

			`# return the raw buffer contents, wether encoded or not`
			`return ffi.buffer(libpcp.buffer_get_remainder(outstream._stream.b),`
			`libpcp.buffer_size(outstream._stream.b))[:]`



py: added asym en/decryption, fine tuned test script 2014-12-23 20:13:52 +01:00			`def decrypt(self, source=None, verify=False, passphrase=None):`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`"""`
			`Decrypt a file or string`

			`Args:`
			`- 'source' can be a file handle (returned by open())`
			`or a python string containing the data to be encrypted`
			`- 'verify': if set to True, verify a signature, if present`
			`- 'passphrase': If set, do symmetric encryption (self mode)`

			`Returns:`
			`returns the decrypted result.`

			`For usage example see encrypt().`
			`"""`
pypcp: started with decrypt 2014-12-22 19:48:36 +01:00			`doverify = 0`
py: added asym en/decryption, fine tuned test script 2014-12-23 20:13:52 +01:00			`doanon = 0`
pypcp: started with decrypt 2014-12-22 19:48:36 +01:00			`instream = None`
			`outstream = None`

			`if verify:`
			`doverify = 1`

py: added asym en/decryption, fine tuned test script 2014-12-23 20:13:52 +01:00			`if source:`
			`instream = Stream(source)`
pypcp: started with decrypt 2014-12-22 19:48:36 +01:00			`else:`
py: added asym en/decryption, fine tuned test script 2014-12-23 20:13:52 +01:00			`self.throw(RuntimeError, "source argument required")`
pypcp: started with decrypt 2014-12-22 19:48:36 +01:00
			`libpcp.ps_setdetermine(instream._stream, PCP_BLOCK_SIZE/2)`
			`outstream = Stream()`

			`# determine input type`
			`head = ffi.new("byte *")`
			`got = libpcp.ps_read(instream._stream, head, 1)`

			`if got <= 0:`
			`self.throw(IOError, "failed to read from input stream")`

			`if head[0] == PCP_SYM_CIPHER:`
			`# symmetric`
			`salt = ffi.new("byte[]", PBP_COMPAT_SALT)`
			`symkey = libpcp.pcp_scrypt(self._ctx, passphrase, len(passphrase), salt, 90)`
			`size = libpcp.pcp_decrypt_stream(self._ctx, instream._stream,`
			`outstream._stream, ffi.NULL,`
			`symkey, doverify, 0)`
			`if size <= 0:`
			`self.throw(IOError, "failed to decrypt")`
			`else:`
			`# asymmetric`
py: added asym en/decryption, fine tuned test script 2014-12-23 20:13:52 +01:00			`if not self._sk:`
py: added doc, unittests, anonymous encryption mode 2014-12-24 11:17:03 +01:00			`self.throw(None, "no secret key associated with current context")`
py: added asym en/decryption, fine tuned test script 2014-12-23 20:13:52 +01:00
			`if head[0] == PCP_ASYM_CIPHER_ANON:`
			`doanon = 1`
			`if head[0] == PCP_ASYM_CIPHER_SIG:`
			`doverify`

			`size = libpcp.pcp_decrypt_stream(self._ctx, instream._stream,`
			`outstream._stream, self._sk,`
			`ffi.NULL, doverify, doanon)`
			`if size <= 0:`
			`self.throw(IOError, "failed to decrypt")`
pypcp: started with decrypt 2014-12-22 19:48:36 +01:00
			`# return the raw buffer contents`
			`return ffi.buffer(libpcp.buffer_get_remainder(outstream._stream.b),`
			`libpcp.buffer_size(outstream._stream.b))[:]`