baking-bad · hoh · Sep 19, 2024
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -57,7 +57,6 @@ netstruct = ">=1.1.2"
 notebook = ">=6.5,<7"
 ply = ">=3.11"
 py-ecc = ">=7.0.0"
-pysodium = ">=0.7.10"
 python-dateutil = ">=2.8.2"
 requests = ">=2.28.2"
 simplejson = ">=3.17.6"
@@ -66,6 +65,7 @@ tabulate = ">=0.9.0"
 testcontainers = ">=3.7.0,<4.8.0"
 tqdm = ">=4.62.3"
 simple-bson = ">=0.0.3"
+libnacl = "^2.1.0"
 
 [tool.poetry.dev-dependencies]
 black = "*"

diff --git a/requirements.dev.txt b/requirements.dev.txt
@@ -100,7 +100,7 @@ pure-eval==0.2.3 ; python_full_version >= "3.8.1" and python_version < "3.13"
 py-ecc==7.0.1 ; python_full_version >= "3.8.1" and python_version < "3.13"
 pycparser==2.22 ; python_full_version >= "3.8.1" and python_version < "3.13"
 pygments==2.18.0 ; python_full_version >= "3.8.1" and python_version < "3.13"
-pysodium==0.7.18 ; python_full_version >= "3.8.1" and python_version < "3.13"
+libnacl==2.1.0 ; python_full_version >= "3.8.1" and python_version < "3.13"
 pytest-cov==5.0.0 ; python_full_version >= "3.8.1" and python_version < "3.13"
 pytest-xdist==3.6.1 ; python_full_version >= "3.8.1" and python_version < "3.13"
 pytest==8.3.2 ; python_full_version >= "3.8.1" and python_version < "3.13"

diff --git a/requirements.slim.txt b/requirements.slim.txt
@@ -30,7 +30,7 @@ pkgutil-resolve-name==1.3.10 ; python_full_version >= "3.8.1" and python_version
 ply==3.11 ; python_full_version >= "3.8.1" and python_version < "3.13"
 py-ecc==7.0.1 ; python_full_version >= "3.8.1" and python_version < "3.13"
 pycparser==2.22 ; python_full_version >= "3.8.1" and python_version < "3.13"
-pysodium==0.7.18 ; python_full_version >= "3.8.1" and python_version < "3.13"
+libnacl==2.1.0 ; python_full_version >= "3.8.1" and python_version < "3.13"
 python-dateutil==2.9.0.post0 ; python_full_version >= "3.8.1" and python_version < "3.13"
 pywin32==306 ; python_full_version >= "3.8.1" and python_version < "3.13" and sys_platform == "win32"
 referencing==0.35.1 ; python_full_version >= "3.8.1" and python_version < "3.13"

diff --git a/requirements.txt b/requirements.txt
@@ -84,7 +84,7 @@ pure-eval==0.2.3 ; python_full_version >= "3.8.1" and python_version < "3.13"
 py-ecc==7.0.1 ; python_full_version >= "3.8.1" and python_version < "3.13"
 pycparser==2.22 ; python_full_version >= "3.8.1" and python_version < "3.13"
 pygments==2.18.0 ; python_full_version >= "3.8.1" and python_version < "3.13"
-pysodium==0.7.18 ; python_full_version >= "3.8.1" and python_version < "3.13"
+libnacl==2.1.0 ; python_full_version >= "3.8.1" and python_version < "3.13"
 python-dateutil==2.9.0.post0 ; python_full_version >= "3.8.1" and python_version < "3.13"
 python-json-logger==2.0.7 ; python_full_version >= "3.8.1" and python_version < "3.13"
 pywin32==306 ; python_full_version >= "3.8.1" and python_version < "3.13" and sys_platform == "win32"

diff --git a/src/pytezos/crypto/key.py b/src/pytezos/crypto/key.py
@@ -44,7 +44,7 @@ class CryptoExtraFallback:
  def __getattr__(self, item):
  raise ImportError(
  "Please, install packages libsodium-dev, and libgmp-dev, "
- "and Python libraries pysodium, coincurve, and fastecdsa"
+ "and Python libraries libnacl, coincurve, and fastecdsa"
  )
 
  def __call__(self, *args, **kwargs):
@@ -57,13 +57,13 @@ def __call__(self, *args, **kwargs):
  import fastecdsa.ecdsa # type: ignore
  import fastecdsa.encoding.sec1 # type: ignore
  import fastecdsa.keys # type: ignore
- import pysodium # type: ignore
+ import libnacl # type: ignore
  from coincurve import ecdsa # type: ignore
  from fastecdsa.encoding.util import bytes_to_int # type: ignore
 except ImportError as e:
  coincurve = CryptoExtraFallback() # type: ignore
  ecdsa = CryptoExtraFallback() # type: ignore
- pysodium = CryptoExtraFallback()
+ libnacl = CryptoExtraFallback()
  fastecdsa = CryptoExtraFallback()
  bytes_to_int = CryptoExtraFallback()
  __crypto__ = False
@@ -148,9 +148,9 @@ def from_secret_exponent(
  if curve == b'ed':
  # Dealing with secret exponent or seed?
  if len(secret_exponent) == 64:
- public_point = pysodium.crypto_sign_sk_to_pk(sk=secret_exponent)
+ public_point = libnacl.crypto_sign_ed25519_sk_to_pk(sk=secret_exponent)
  else:
- public_point, secret_exponent = pysodium.crypto_sign_seed_keypair(seed=secret_exponent)
+ public_point, secret_exponent = libnacl.crypto_sign_seed_keypair(seed=secret_exponent)
  # Secp256k1
  elif curve == b'sp':
  sk = coincurve.PrivateKey(secret_exponent)
@@ -218,7 +218,7 @@ def from_encoded_key(
  iterations=32768,
  dklen=32,
  )
- encoded_key = pysodium.crypto_secretbox_open(
+ encoded_key = libnacl.crypto_secretbox_open(
  c=encrypted_sk,
  nonce=b'\000' * 24,
  k=encryption_key,
@@ -291,7 +291,7 @@ def from_mnemonic(
  seed = Mnemonic.to_seed(mnemonic, passphrase=email + passphrase)
 
  if curve == b'ed':
- _, secret_exponent = pysodium.crypto_sign_seed_keypair(seed=seed[:32])
+ _, secret_exponent = libnacl.crypto_sign_seed_keypair(seed=seed[:32])
  elif curve == b'sp':
  secret_exponent = seed[:32]
  elif curve == b'p2':
@@ -379,7 +379,7 @@ def secret_key(
  raise ValueError("Secret key is undefined")
 
  if self.curve == b'ed' and ed25519_seed:
- key = pysodium.crypto_sign_sk_to_seed(self.secret_exponent)
+ key = libnacl.crypto_sign_ed25519_sk_to_seed(self.secret_exponent)
  else:
  key = self.secret_exponent
 
@@ -390,15 +390,15 @@ def secret_key(
  passphrase = passphrase.encode()
  assert isinstance(passphrase, bytes), f'expected bytes or str, got {type(passphrase).__name__}'
 
- salt = pysodium.randombytes(8)
+ salt = libnacl.randombytes(8)
  encryption_key = hashlib.pbkdf2_hmac(
  hash_name="sha512",
  password=passphrase,
  salt=salt,
  iterations=32768,
  dklen=32,
  )
- encrypted_sk = pysodium.crypto_secretbox(msg=key, nonce=b'\000' * 24, k=encryption_key)
+ encrypted_sk = libnacl.crypto_secretbox(msg=key, nonce=b'\000' * 24, k=encryption_key)
  key = salt + encrypted_sk # we have to combine salt and encrypted key in order to decrypt later
  prefix = self.curve + b'esk'
  else:
@@ -442,8 +442,8 @@ def sign(self, message: Union[str, bytes], generic: bool = False):
 
  # Ed25519
  if self.curve == b"ed":
- digest = pysodium.crypto_generichash(encoded_message)
- signature = pysodium.crypto_sign_detached(digest, self.secret_exponent)
+ digest = libnacl.crypto_generichash(encoded_message)
+ signature = libnacl.crypto_sign_detached(digest, self.secret_exponent)
  # Secp256k1
  elif self.curve == b"sp":
  pk = coincurve.PrivateKey(self.secret_exponent)
@@ -486,9 +486,9 @@ def verify(self, signature: Union[str, bytes], message: Union[str, bytes]) -> bo
 
  # Ed25519
  if self.curve == b"ed":
- digest = pysodium.crypto_generichash(encoded_message)
+ digest = libnacl.crypto_generichash(encoded_message)
  try:
- pysodium.crypto_sign_verify_detached(decoded_signature, digest, self.public_point)
+ libnacl.crypto_sign_verify_detached(decoded_signature, digest, self.public_point)
  except ValueError as exc:
  raise ValueError('Signature is invalid.') from exc
  # Secp256k1

diff --git a/tests/unit_tests/test_crypto/test_crypto.py b/tests/unit_tests/test_crypto/test_crypto.py
@@ -157,7 +157,7 @@ def test_encrypted_keys(self, sk, passphrase, salt, pk):
  key = Key.from_encoded_key(sk, passphrase=passphrase)
  self.assertEqual(pk, key.public_key())
 
- with patch('pytezos.crypto.key.pysodium.randombytes', return_value=salt):
+ with patch('pytezos.crypto.key.libnacl.randombytes', return_value=salt):
  self.assertEqual(sk, key.secret_key(passphrase))
 
  @parameterized.expand(