pynacl icon indicating copy to clipboard operation
pynacl copied to clipboard
verified publisher icon pyca

Should support any buffer objects, not just bytes

Open covert-encryption opened this issue 4 years ago • 2 comments

Use ffi.from_buffer(...) for conversions, so that bytearray, memoryview and other things work too, instead of checking that the arguments are bytes instances.

I would also prefer being able to give output buffers to low level functions, for instance I had to do this hack to enable encryption without creating a new buffer. It works even in place, if ciphertext and message are the same buffer:

from nacl._sodium import ffi, lib

def encrypt_into(ciphertext, message, aad, nonce, key):
  mlen = len(message)
  clen = ffi.new("unsigned long long *")
  ciphertext = ffi.from_buffer(ciphertext)
  message = ffi.from_buffer(message)
  if aad:
    _aad = ffi.from_buffer(aad)
    aalen = len(aad)
  else:
    _aad = ffi.NULL
    aalen = 0

  return lib.crypto_aead_chacha20poly1305_ietf_encrypt(
    ciphertext, clen, message, mlen, _aad, aalen, ffi.NULL, nonce, key
  )

While for most things it does not matter if copies are made and new buffers are being allocated, stream ciphers can be much faster with proper buffer management.

covert-encryption avatar Nov 21 '21 18:11 covert-encryption

Yes, this library predates from_buffer in cffi, but it should use it. pyca/cryptography switched long ago but no one has done the work on pynacl yet.

reaperhulk avatar Nov 28 '21 21:11 reaperhulk

I couldn't find any way to use pynacl to encrypt large files as all the public API takes is bytes. It's a pretty big limitation.

bendem avatar Feb 20 '23 14:02 bendem