def aead_chacha20poly1305_encrypt(key: bytes, nonce: bytes, aad: bytes, msg: bytes) -> Tuple[bytes, bytes]: keyblock0 = chacha20_block(key, 0, nonce) mac_key = keyblock0[0:32] ciphertext = chacha20_encrypt(key, 1, nonce, msg) len, to_mac = padded_aad_msg(aad, ciphertext) mac = poly1305_mac(to_mac, mac_key) return ciphertext, mac
def aead_chacha20poly1305_encrypt(key: key_t, nonce: nonce_t, aad: vlbytes_t, msg: vlbytes_t) -> Tuple[vlbytes_t, tag_t]: keyblock0 = chacha20_block(key, uint32(0), nonce) mac_key = keyblock0[0:32] ciphertext = chacha20_encrypt(key, uint32(1), nonce, msg) len, to_mac = padded_aad_msg(aad, ciphertext) mac = poly1305_mac(to_mac, mac_key) return ciphertext, mac
def chacha20_aead_decrypt(aad: bytes, key: bytes, nonce: bytes, ciphertext: bytes): otk = poly1305_key_gen(key, nonce) plaintext = chacha20_encrypt(key, 1, nonce, ciphertext) mac_data = aad + pad16(aad) mac_data += ciphertext + pad16(ciphertext) mac_data += num_to_8_le_bytes(len(aad)) mac_data += num_to_8_le_bytes(len(ciphertext)) tag = poly1305_mac(mac_data, otk) return (plaintext, tag)