Should support any buffer objects, not just bytes
covert-encryption opened this issue · comments
Use ffi.from_buffer(...)
for conversions, so that bytearray
, memoryview
and other things work too, instead of checking that the arguments are bytes
instances.
I would also prefer being able to give output buffers to low level functions, for instance I had to do this hack to enable encryption without creating a new buffer. It works even in place, if ciphertext
and message
are the same buffer:
from nacl._sodium import ffi, lib
def encrypt_into(ciphertext, message, aad, nonce, key):
mlen = len(message)
clen = ffi.new("unsigned long long *")
ciphertext = ffi.from_buffer(ciphertext)
message = ffi.from_buffer(message)
if aad:
_aad = ffi.from_buffer(aad)
aalen = len(aad)
else:
_aad = ffi.NULL
aalen = 0
return lib.crypto_aead_chacha20poly1305_ietf_encrypt(
ciphertext, clen, message, mlen, _aad, aalen, ffi.NULL, nonce, key
)
While for most things it does not matter if copies are made and new buffers are being allocated, stream ciphers can be much faster with proper buffer management.
Yes, this library predates from_buffer
in cffi
, but it should use it. pyca/cryptography
switched long ago but no one has done the work on pynacl
yet.
I couldn't find any way to use pynacl to encrypt large files as all the public API takes is bytes
. It's a pretty big limitation.