In [14]:
# from __future__ import division
# from .compat import compat26Str
import copy
import struct

try:
    # in Python 3 the native zip returns iterator
    from itertools import izip
except ImportError:
    izip = zip


class ChaCha(object):

    """Pure python implementation of ChaCha cipher"""

    constants = [0x61707865, 0x3320646E, 0x79622D32, 0x6B206574]

    @staticmethod
    def rotl32(v, c):
        """Rotate left a 32 bit integer v by c bits"""
        return ((v << c) & 0xFFFFFFFF) | (v >> (32 - c))

    @staticmethod
    def quarter_round(x, a, b, c, d):
        """Perform a ChaCha quarter round"""
        xa = x[a]
        xb = x[b]
        xc = x[c]
        xd = x[d]

        xa = (xa + xb) & 0xFFFFFFFF
        xd = xd ^ xa
        xd = (xd << 16) & 0xFFFFFFFF | (xd >> 16)

        xc = (xc + xd) & 0xFFFFFFFF
        xb = xb ^ xc
        xb = (xb << 12) & 0xFFFFFFFF | (xb >> 20)

        xa = (xa + xb) & 0xFFFFFFFF
        xd = xd ^ xa
        xd = (xd << 8) & 0xFFFFFFFF | (xd >> 24)

        xc = (xc + xd) & 0xFFFFFFFF
        xb = xb ^ xc
        xb = (xb << 7) & 0xFFFFFFFF | (xb >> 25)

        x[a] = xa
        x[b] = xb
        x[c] = xc
        x[d] = xd

    _round_mixup_box = [
        (0, 4, 8, 12),
        (1, 5, 9, 13),
        (2, 6, 10, 14),
        (3, 7, 11, 15),
        (0, 5, 10, 15),
        (1, 6, 11, 12),
        (2, 7, 8, 13),
        (3, 4, 9, 14),
    ]

    @classmethod
    def double_round(cls, x):
        """Perform two rounds of ChaCha cipher"""
        for a, b, c, d in cls._round_mixup_box:
            xa = x[a]
            xb = x[b]
            xc = x[c]
            xd = x[d]

            xa = (xa + xb) & 0xFFFFFFFF
            xd = xd ^ xa
            xd = (xd << 16) & 0xFFFFFFFF | (xd >> 16)

            xc = (xc + xd) & 0xFFFFFFFF
            xb = xb ^ xc
            xb = (xb << 12) & 0xFFFFFFFF | (xb >> 20)

            xa = (xa + xb) & 0xFFFFFFFF
            xd = xd ^ xa
            xd = (xd << 8) & 0xFFFFFFFF | (xd >> 24)

            xc = (xc + xd) & 0xFFFFFFFF
            xb = xb ^ xc
            xb = (xb << 7) & 0xFFFFFFFF | (xb >> 25)

            x[a] = xa
            x[b] = xb
            x[c] = xc
            x[d] = xd

    @staticmethod
    def chacha_block(key, counter, nonce, rounds):
        """Generate a state of a single block"""
        state = ChaCha.constants + key + [counter] + nonce

        working_state = state[:]
        dbl_round = ChaCha.double_round
        for _ in range(0, rounds // 2):
            dbl_round(working_state)

        return [
            (st + wrkSt) & 0xFFFFFFFF
            for st, wrkSt in izip(state, working_state)
        ]

    @staticmethod
    def word_to_bytearray(state):
        """Convert state to little endian bytestream"""
        return bytearray(struct.pack("<LLLLLLLLLLLLLLLL", *state))

    @staticmethod
    def _bytearray_to_words(data):
        """Convert a bytearray to array of word sized ints"""
        ret = []
        for i in range(0, len(data) // 4):
            ret.extend(struct.unpack("<L", data[i * 4 : (i + 1) * 4]))
        return ret

    def __init__(self, key, nonce, counter=0, rounds=20):
        """Set the initial state for the ChaCha cipher"""
        if len(key) != 32:
            raise ValueError("Key must be 256 bit long")
        if len(nonce) != 12:
            raise ValueError("Nonce must be 96 bit long")
        self.key = []
        self.nonce = []
        self.counter = counter
        self.rounds = rounds

        # convert bytearray key and nonce to little endian 32 bit unsigned ints
        self.key = ChaCha._bytearray_to_words(key)
        self.nonce = ChaCha._bytearray_to_words(nonce)

    def encrypt(self, plaintext):
        """Encrypt the data"""
        encrypted_message = bytearray()
        for i, block in enumerate(
            plaintext[i : i + 64] for i in range(0, len(plaintext), 64)
        ):
            key_stream = self.key_stream(i)
            encrypted_message += bytearray(
                x ^ y for x, y in izip(key_stream, block)
            )

        return encrypted_message

    def key_stream(self, counter):
        """receive the key stream for nth block"""
        key_stream = ChaCha.chacha_block(
            self.key, self.counter + counter, self.nonce, self.rounds
        )
        key_stream = ChaCha.word_to_bytearray(key_stream)
        return key_stream

    def decrypt(self, ciphertext):
        """Decrypt the data"""
        return self.encrypt(ciphertext)

In [32]:
from binascii import unhexlify, hexlify

key = unhexlify(
    "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"
)
nonce = unhexlify("000000090000004a00000000")
test = ChaCha(key, nonce, counter=1)

plaintext = unhexlify(
    "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e"
)

test.encrypt(plaintext):

# hexlify(test.test)

# for i in asdf:
#     print(i)
# dat=[0x11111111,0x01020304,0x9b8d6f43,0x01234567]
# asd123=ChaCha20.quarter_round(dat,0,1,2,3)
# for i in dat:
#     print(hex(i))
# # quarter_round()

# dat=[0x11111111,0x01020304,0x9b8d6f43,0x01234567]
# asd123=ChaCha.quarter_round(dat,0,1,2,3)
# for i in dat:
#     print(hex(i))
# # quarter_round()

SyntaxError: invalid syntax (<ipython-input-32-f5e5fa44ffec>, line 13)

In [None]:
# Copyright (c) 2015, Hubert Kario
#
# See the LICENSE file for legal information regarding use of this file.
"""Implementation of Poly1305 authenticator for RFC 7539"""

from .cryptomath import divceil


class Poly1305(object):

    """Poly1305 authenticator"""

    P = 0x3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB  # 2^130-5

    @staticmethod
    def le_bytes_to_num(data):
        """Convert a number from little endian byte format"""
        ret = 0
        for i in range(len(data) - 1, -1, -1):
            ret <<= 8
            ret += data[i]
        return ret

    @staticmethod
    def num_to_16_le_bytes(num):
        """Convert number to 16 bytes in little endian format"""
        ret = [0] * 16
        for i, _ in enumerate(ret):
            ret[i] = num & 0xFF
            num >>= 8
        return bytearray(ret)

    def __init__(self, key):
        """Set the authenticator key"""
        if len(key) != 32:
            raise ValueError("Key must be 256 bit long")
        self.acc = 0
        self.r = self.le_bytes_to_num(key[0:16])
        self.r &= 0x0FFFFFFC0FFFFFFC0FFFFFFC0FFFFFFF
        self.s = self.le_bytes_to_num(key[16:32])

    def create_tag(self, data):
        """Calculate authentication tag for data"""
        for i in range(0, divceil(len(data), 16)):
            n = self.le_bytes_to_num(data[i * 16 : (i + 1) * 16] + b"\x01")
            self.acc += n
            self.acc = (self.r * self.acc) % self.P
        self.acc += self.s
        return self.num_to_16_le_bytes(self.acc)

In [None]:
# Authors:
#   Trevor Perrin
#   Martin von Loewis - python 3 port
#   Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2
#
# See the LICENSE file for legal information regarding use of this file.

"""cryptomath module
This module has basic math/crypto code."""
from __future__ import print_function


def divceil(divident, divisor):
    """Integer division with rounding up"""
    quot, r = divmod(divident, divisor)
    return quot + int(bool(r))

In [None]:
# Copyright (c) 2015, Hubert Kario
# Author: Hubert Kario
# Author: Dusan Klinec (ph4r05)
#
# See the LICENSE file for legal information regarding use of this file.
"""Pure Python implementation of ChaCha20/Poly1305 AEAD cipher
Implementation that follows RFC 7539 and draft-ietf-tls-chacha20-poly1305-00
"""

from __future__ import division
from .chacha import ChaCha
from .poly1305 import Poly1305
from .compat import ct_compare_digest
import struct


class TagInvalidException(Exception):
    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)


class ChaCha20Poly1305(object):
    """Pure python implementation of ChaCha20/Poly1305 AEAD cipher"""

    def __init__(self, key, implementation="python"):
        """Set the initial state for the ChaCha20 AEAD"""
        if len(key) != 32:
            raise ValueError("Key must be 256 bit long")
        if implementation != "python":
            raise ValueError("Implementations other then python unsupported")

        self.isBlockCipher = False
        self.isAEAD = True
        self.nonceLength = 12
        self.tagLength = 16
        self.implementation = implementation
        self.name = "chacha20-poly1305"
        self.key = key

    @staticmethod
    def poly1305_key_gen(key, nonce):
        """Generate the key for the Poly1305 authenticator"""
        poly = ChaCha(key, nonce)
        return poly.encrypt(bytearray(32))

    @staticmethod
    def pad16(data):
        """Return padding for the Associated Authenticated Data"""
        if len(data) % 16 == 0:
            return bytearray(0)
        else:
            return bytearray(16 - (len(data) % 16))

    def encrypt(self, nonce, plaintext, associated_data=None):
        return self.seal(
            nonce,
            plaintext,
            associated_data if associated_data is not None else bytearray(0),
        )

    def decrypt(self, nonce, ciphertext, associated_data=None):
        return self.open(
            nonce,
            ciphertext,
            associated_data if associated_data is not None else bytearray(0),
        )

    def seal(self, nonce, plaintext, data):
        """
        Encrypts and authenticates plaintext using nonce and data. Returns the
        ciphertext, consisting of the encrypted plaintext and tag concatenated.
        """
        if len(nonce) != 12:
            raise ValueError("Nonce must be 96 bit large")

        otk = self.poly1305_key_gen(self.key, nonce)

        ciphertext = ChaCha(self.key, nonce, counter=1).encrypt(plaintext)

        mac_data = data + self.pad16(data)
        mac_data += ciphertext + self.pad16(ciphertext)
        mac_data += struct.pack("<Q", len(data))
        mac_data += struct.pack("<Q", len(ciphertext))
        tag = Poly1305(otk).create_tag(mac_data)

        return ciphertext + tag

    def open(self, nonce, ciphertext, data):
        """
        Decrypts and authenticates ciphertext using nonce and data. If the
        tag is valid, the plaintext is returned. If the tag is invalid,
        returns None.
        """
        if len(nonce) != 12:
            raise ValueError("Nonce must be 96 bit long")

        if len(ciphertext) < 16:
            return None

        expected_tag = ciphertext[-16:]
        ciphertext = ciphertext[:-16]

        otk = self.poly1305_key_gen(self.key, nonce)

        mac_data = data + self.pad16(data)
        mac_data += ciphertext + self.pad16(ciphertext)
        mac_data += struct.pack("<Q", len(data))
        mac_data += struct.pack("<Q", len(ciphertext))
        tag = Poly1305(otk).create_tag(mac_data)

        if not ct_compare_digest(tag, expected_tag):
            raise TagInvalidException

        return ChaCha(self.key, nonce, counter=1).decrypt(ciphertext)