Remove optional dependency on libnacl/libsodium

Now that the minimum supported version of OpenSSL in the Cryptograhy
package is new enough to include support for chacha20-poly1305 and
Edwards curves, AsyncSSH no longer needs to fall back to using libnacl
and libsodium.

Author: ronf

.github/workflows/run_tests.yml

@@ -66,11 +66,11 @@ jobs:
         if: ${{ runner.os == 'Linux' }}
         run: |
           sudo apt update
-          sudo apt install -y --no-install-recommends libnettle8 libsodium-dev libssl-dev libkrb5-dev ssh cmake ninja-build
+          sudo apt install -y --no-install-recommends libnettle8 libssl-dev libkrb5-dev ssh cmake ninja-build
 
       - name: Install macOS dependencies
         if: ${{ runner.os == 'macOS' }}
-        run: brew install nettle liboqs libsodium
+        run: brew install nettle liboqs
 
       - name: Install nettle (Windows)
         if: ${{ runner.os == 'Windows' }}

README.rst

@@ -160,12 +160,6 @@ functionality:
   if you want support for the OpenSSH post-quantum key exchange
   algorithms based on ML-KEM and SNTRUP.
 
-* Install libsodium from https://github.com/jedisct1/libsodium
-  and libnacl from https://pypi.python.org/pypi/libnacl if you have
-  a version of OpenSSL older than 1.1.1b installed and you want
-  support for Curve25519 key exchange, Ed25519 keys and certificates,
-  or the Chacha20-Poly1305 cipher.
-
 * Install libnettle from http://www.lysator.liu.se/~nisse/nettle/
   if you want support for UMAC cryptographic hashes.
 
@@ -182,28 +176,26 @@ easy to install any or all of these dependencies:
   | bcrypt
   | fido2
   | gssapi
-  | libnacl
   | pkcs11
   | pyOpenSSL
   | pywin32
 
-For example, to install bcrypt, fido2, gssapi, libnacl, pkcs11, and
-pyOpenSSL on UNIX, you can run:
+For example, to install bcrypt, fido2, gssapi, pkcs11, and pyOpenSSL
+on UNIX, you can run:
 
   ::
 
-    pip install 'asyncssh[bcrypt,fido2,gssapi,libnacl,pkcs11,pyOpenSSL]'
+    pip install 'asyncssh[bcrypt,fido2,gssapi,pkcs11,pyOpenSSL]'
 
-To install bcrypt, fido2, libnacl, pkcs11, pyOpenSSL, and pywin32 on
-Windows, you can run:
+To install bcrypt, fido2, pkcs11, pyOpenSSL, and pywin32 on Windows,
+you can run:
 
   ::
 
-    pip install 'asyncssh[bcrypt,fido2,libnacl,pkcs11,pyOpenSSL,pywin32]'
+    pip install 'asyncssh[bcrypt,fido2,pkcs11,pyOpenSSL,pywin32]'
 
-Note that you will still need to manually install the libsodium library
-listed above for libnacl to work correctly and/or libnettle for UMAC
-support. Unfortunately, since liboqs, libsodium, and libnettle are not
+Note that you will still need to manually install the libnettle library
+for UMAC support. Unfortunately, since liboqs and libnettle are not
 Python packages, they cannot be directly installed using pip.
 
 Installing the development branch

asyncssh/crypto/__init__.py

@@ -62,11 +62,11 @@
     'BasicCipher', 'ChachaCipher', 'CryptoKey', 'Curve25519DH', 'Curve448DH',
     'DH', 'DSAPrivateKey', 'DSAPublicKey', 'ECDH', 'ECDSAPrivateKey',
     'ECDSAPublicKey', 'EdDSAPrivateKey', 'EdDSAPublicKey', 'GCMCipher', 'PQDH',
-    'PyCAKey', 'RSAPrivateKey', 'RSAPublicKey', 'chacha_available',
-    'curve25519_available', 'curve448_available', 'X509Certificate',
-    'X509Name', 'X509NamePattern', 'ed25519_available', 'ed448_available',
-    'generate_x509_certificate', 'get_cipher_params', 'import_x509_certificate',
-    'lookup_ec_curve_by_params', 'mlkem_available', 'pbkdf2_hmac',
-    'register_cipher', 'sntrup_available', 'umac32', 'umac64', 'umac96',
-    'umac128'
+    'PyCAKey', 'RSAPrivateKey', 'RSAPublicKey', 'X509Certificate',
+    'X509Name', 'X509NamePattern', 'chacha_available', 'curve25519_available',
+    'curve448_available', 'ed25519_available', 'ed448_available',
+    'generate_x509_certificate', 'get_cipher_params',
+    'import_x509_certificate', 'lookup_ec_curve_by_params', 'mlkem_available',
+    'pbkdf2_hmac', 'register_cipher', 'sntrup_available', 'umac32', 'umac64',
+    'umac96', 'umac128'
 ]

asyncssh/crypto/chacha.py

@@ -20,7 +20,6 @@
 
 """Chacha20-Poly1305 symmetric encryption handler"""
 
-from ctypes import c_ulonglong, create_string_buffer
 from typing import Optional, Tuple
 
 from cryptography.exceptions import InvalidSignature
@@ -32,97 +31,39 @@
 from .cipher import register_cipher
 
 
-if backend.poly1305_supported():
-    _CTR_0 = (0).to_bytes(8, 'little')
-    _CTR_1 = (1).to_bytes(8, 'little')
+chacha_available = backend.poly1305_supported()
 
-    _POLY1305_KEYBYTES = 32
 
-    def chacha20(key: bytes, data: bytes, nonce: bytes, ctr: int) -> bytes:
-        """Encrypt/decrypt a block of data with the ChaCha20 cipher"""
+_CTR_0 = (0).to_bytes(8, 'little')
+_CTR_1 = (1).to_bytes(8, 'little')
 
-        return Cipher(ChaCha20(key, (_CTR_1 if ctr else _CTR_0) + nonce),
-                      mode=None).encryptor().update(data)
+_POLY1305_KEYBYTES = 32
 
-    def poly1305_key(key: bytes, nonce: bytes) -> bytes:
-        """Derive a Poly1305 key"""
+def chacha20(key: bytes, data: bytes, nonce: bytes, ctr: int) -> bytes:
+    """Encrypt/decrypt a block of data with the ChaCha20 cipher"""
 
-        return chacha20(key, _POLY1305_KEYBYTES * b'\0', nonce, 0)
+    return Cipher(ChaCha20(key, (_CTR_1 if ctr else _CTR_0) + nonce),
+                  mode=None).encryptor().update(data)
 
-    def poly1305(key: bytes, data: bytes, nonce: bytes) -> bytes:
-        """Compute a Poly1305 tag for a block of data"""
+def poly1305_key(key: bytes, nonce: bytes) -> bytes:
+    """Derive a Poly1305 key"""
 
-        return Poly1305.generate_tag(poly1305_key(key, nonce), data)
+    return chacha20(key, _POLY1305_KEYBYTES * b'\0', nonce, 0)
 
-    def poly1305_verify(key: bytes, data: bytes,
-                        nonce: bytes, tag: bytes) -> bool:
-        """Verify a Poly1305 tag for a block of data"""
+def poly1305(key: bytes, data: bytes, nonce: bytes) -> bytes:
+    """Compute a Poly1305 tag for a block of data"""
 
-        try:
-            Poly1305.verify_tag(poly1305_key(key, nonce), data, tag)
-            return True
-        except InvalidSignature:
-            return False
+    return Poly1305.generate_tag(poly1305_key(key, nonce), data)
 
-    chacha_available = True
-else: # pragma: no cover
-    try:
-        from libnacl import nacl
-
-        _chacha20 = nacl.crypto_stream_chacha20
-        _chacha20_xor_ic = nacl.crypto_stream_chacha20_xor_ic
-
-        _POLY1305_BYTES = nacl.crypto_onetimeauth_poly1305_bytes()
-        _POLY1305_KEYBYTES = nacl.crypto_onetimeauth_poly1305_keybytes()
-
-        _poly1305 = nacl.crypto_onetimeauth_poly1305
-        _poly1305_verify = nacl.crypto_onetimeauth_poly1305_verify
-
-        def chacha20(key: bytes, data: bytes, nonce: bytes, ctr: int) -> bytes:
-            """Encrypt/decrypt a block of data with the ChaCha20 cipher"""
-
-            datalen = len(data)
-            result = create_string_buffer(datalen)
-            ull_datalen = c_ulonglong(datalen)
-            ull_ctr = c_ulonglong(ctr)
-
-            _chacha20_xor_ic(result, data, ull_datalen, nonce, ull_ctr, key)
-
-            return result.raw
-
-        def poly1305_key(key: bytes, nonce: bytes) -> bytes:
-            """Derive a Poly1305 key"""
-
-            polykey = create_string_buffer(_POLY1305_KEYBYTES)
-            ull_polykeylen = c_ulonglong(_POLY1305_KEYBYTES)
+def poly1305_verify(key: bytes, data: bytes,
+                    nonce: bytes, tag: bytes) -> bool:
+    """Verify a Poly1305 tag for a block of data"""
 
-            _chacha20(polykey, ull_polykeylen, nonce, key)
-
-            return polykey.raw
-
-        def poly1305(key: bytes, data: bytes, nonce: bytes) -> bytes:
-            """Compute a Poly1305 tag for a block of data"""
-
-            tag = create_string_buffer(_POLY1305_BYTES)
-            ull_datalen = c_ulonglong(len(data))
-            polykey = poly1305_key(key, nonce)
-
-            _poly1305(tag, data, ull_datalen, polykey)
-
-            return tag.raw
-
-        def poly1305_verify(key: bytes, data: bytes,
-                            nonce: bytes, tag: bytes) -> bool:
-            """Verify a Poly1305 tag for a block of data"""
-
-            ull_datalen = c_ulonglong(len(data))
-            polykey = poly1305_key(key, nonce)
-
-            return _poly1305_verify(tag, data, ull_datalen, polykey) == 0
-
-        chacha_available = True
-    except (ImportError, OSError, AttributeError):
-        chacha_available = False
+    try:
+        Poly1305.verify_tag(poly1305_key(key, nonce), data, tag)
+        return True
+    except InvalidSignature:
+        return False
 
 
 class ChachaCipher: