Repository files navigation

RFC7539 is an IETF specification for an authenticated encryption algorithm that will beincorporated into TLSv1.3. It is comprised of a stream cipher (ChaCha20) and a MAC (Poly1305), bothwritten by Daniel J. Bernstein. The C implementations for both of these primitives are taken fromthe NSS library (the reason being that openSSL has license incompatibilities and also requires theopenSSL headers which is more overhead than we need to implement these fairly basic primitives).The NSS code has been slightly modified to account for the 96 bit nonce and 32 bit counterspecified in the RFC.

pip install rfc7539

git clone https://github.com/AntonKueltz/rfc7539.gitcd rfc7539python setup.py install

Takes a key, nonce, plaintext and additional data and returns a ciphertext and MAC.

defencrypt_and_tag(key:bytes,nonce:bytes,plaintext:bytes,aad:bytes)-> (bytes,bytes)

Takes a key, nonce, ciphertext, MAC and additional data and returns a plaintext.

defverify_and_decrypt(key:bytes,nonce:bytes,ciphertext:bytes,mac:bytes,aad:bytes)->bytes

You should use the authenticated encryption mode unless you really need to use one of the primitivesby itself:

fromrfc7539importaeadfromosimporturandomkey=urandom(32)# key is 32 bytesnonce=b'thisisanonce'# nonce is 12 bytes (DO NOT REUSE A NONCE WITH THE SAME KEY)message=b'Some message to be encrypted'additional_data=b'Some additional data'# this will not be encrypted but will be verified for integrity# encryptionciphertext,mac=aead.encrypt_and_tag(key,nonce,message,additional_data)# decryption (which yields plaintext == message)plaintext=aead.verify_and_decrypt(key,nonce,ciphertext,mac,additional_data)

Note that all operations in this package work on bytes. You'll need to call e.g.encode() on stringsbefore passing them as arguments.