def aead_chacha20poly1305_encrypt(key: bytes, nonce: bytes, aad: bytes,
msg: bytes) -> Tuple[bytes, bytes]:
keyblock0 = chacha20_block(key, 0, nonce)
mac_key = keyblock0[0:32]
ciphertext = chacha20_encrypt(key, 1, nonce, msg)
len, to_mac = padded_aad_msg(aad, ciphertext)
mac = poly1305_mac(to_mac, mac_key)
return ciphertext, mac
def aead_chacha20poly1305_encrypt(key: key_t, nonce: nonce_t, aad: vlbytes_t,
msg: vlbytes_t) -> Tuple[vlbytes_t, tag_t]:
keyblock0 = chacha20_block(key, uint32(0), nonce)
mac_key = keyblock0[0:32]
ciphertext = chacha20_encrypt(key, uint32(1), nonce, msg)
len, to_mac = padded_aad_msg(aad, ciphertext)
mac = poly1305_mac(to_mac, mac_key)
return ciphertext, mac
def aead_chacha20poly1305_decrypt(key: bytes, nonce: bytes, aad: bytes,
ciphertext: bytes, tag: bytes) -> bytes:
keyblock0 = chacha20_block(key, 0, nonce)
mac_key = keyblock0[0:32]
len, to_mac = padded_aad_msg(aad, ciphertext)
mac = poly1305_mac(to_mac, mac_key)
if mac == tag:
msg = chacha20_decrypt(key, 1, nonce, ciphertext)
return msg
else:
raise Error("mac failed")
def aead_chacha20poly1305_decrypt(key: key_t, nonce: bytes_t, aad: vlbytes_t,
ciphertext: vlbytes_t,
tag: tag_t) -> bytes_t:
keyblock0 = chacha20_block(key, uint32(0), nonce)
mac_key = keyblock0[0:32]
_, to_mac = padded_aad_msg(aad, ciphertext)
mac = poly1305_mac(to_mac, mac_key)
if mac == tag:
msg = chacha20_decrypt(key, uint32(1), nonce, ciphertext)
return msg
else:
fail("mac failed")
def poly1305_key_gen(key: bytes, nonce: bytes) -> bytes:
counter = 0
block = chacha20_block(key, counter, nonce)
return block[0:32]