crypto: move LN-related chacha20/poly1305 code into crypto.py

electrum/crypto.py

@@ -40,6 +40,8 @@ try:
 except:
     AES = None
 
+from Cryptodome.Cipher import ChaCha20_Poly1305, ChaCha20
+
 
 class InvalidPadding(Exception):
     pass
@@ -216,3 +218,22 @@ def hmac_oneshot(key: bytes, msg: bytes, digest) -> bytes:
         return hmac.digest(key, msg, digest)
     else:
         return hmac.new(key, msg, digest).digest()
+
+
+def chacha20_poly1305_encrypt(*, key: bytes, nonce: bytes, associated_data: bytes, data: bytes) -> bytes:
+    cipher = ChaCha20_Poly1305.new(key=key, nonce=nonce)
+    cipher.update(associated_data)
+    ciphertext, mac = cipher.encrypt_and_digest(plaintext=data)
+    return ciphertext + mac
+
+
+def chacha20_poly1305_decrypt(*, key: bytes, nonce: bytes, associated_data: bytes, data: bytes) -> bytes:
+    cipher = ChaCha20_Poly1305.new(key=key, nonce=nonce)
+    cipher.update(associated_data)
+    # raises ValueError if not valid (e.g. incorrect MAC)
+    return cipher.decrypt_and_verify(ciphertext=data[:-16], received_mac_tag=data[-16:])
+
+
+def chacha20_encrypt(*, key: bytes, nonce: bytes, data: bytes) -> bytes:
+    cipher = ChaCha20.new(key=key, nonce=nonce)
+    return cipher.encrypt(data)

electrum/lnonion.py

@@ -27,10 +27,8 @@ import hashlib
 from typing import Sequence, List, Tuple, NamedTuple, TYPE_CHECKING
 from enum import IntEnum, IntFlag
 
-from Cryptodome.Cipher import ChaCha20
-
 from . import ecc
-from .crypto import sha256, hmac_oneshot
+from .crypto import sha256, hmac_oneshot, chacha20_encrypt
 from .util import bh2u, profiler, xor_bytes, bfh
 from .lnutil import (get_ecdh, PaymentFailure, NUM_MAX_HOPS_IN_PAYMENT_PATH,
                      NUM_MAX_EDGES_IN_PAYMENT_PATH, ShortChannelID)
@@ -227,8 +225,9 @@ def generate_filler(key_type: bytes, num_hops: int, hop_size: int,
 
 
 def generate_cipher_stream(stream_key: bytes, num_bytes: int) -> bytes:
-    cipher = ChaCha20.new(key=stream_key, nonce=bytes(8))
+    return chacha20_encrypt(key=stream_key,
-    return cipher.encrypt(bytes(num_bytes))
+                            nonce=bytes(8),
+                            data=bytes(num_bytes))
 
 
 class ProcessedOnionPacket(NamedTuple):

electrum/lntransport.py

@@ -9,9 +9,7 @@ import hashlib
 import asyncio
 from asyncio import StreamReader, StreamWriter
 
-from Cryptodome.Cipher import ChaCha20_Poly1305
+from .crypto import sha256, hmac_oneshot, chacha20_poly1305_encrypt, chacha20_poly1305_decrypt
-
-from .crypto import sha256, hmac_oneshot
 from .lnutil import (get_ecdh, privkey_to_pubkey, LightningPeerConnectionClosed,
                      HandshakeFailed, LNPeerAddr)
 from . import ecc
@@ -41,17 +39,17 @@ def get_nonce_bytes(n):
 
 def aead_encrypt(key: bytes, nonce: int, associated_data: bytes, data: bytes) -> bytes:
     nonce_bytes = get_nonce_bytes(nonce)
-    cipher = ChaCha20_Poly1305.new(key=key, nonce=nonce_bytes)
+    return chacha20_poly1305_encrypt(key=key,
-    cipher.update(associated_data)
+                                     nonce=nonce_bytes,
-    ciphertext, mac = cipher.encrypt_and_digest(plaintext=data)
+                                     associated_data=associated_data,
-    return ciphertext + mac
+                                     data=data)
 
 def aead_decrypt(key: bytes, nonce: int, associated_data: bytes, data: bytes) -> bytes:
     nonce_bytes = get_nonce_bytes(nonce)
-    cipher = ChaCha20_Poly1305.new(key=key, nonce=nonce_bytes)
+    return chacha20_poly1305_decrypt(key=key,
-    cipher.update(associated_data)
+                                     nonce=nonce_bytes,
-    # raises ValueError if not valid (e.g. incorrect MAC)
+                                     associated_data=associated_data,
-    return cipher.decrypt_and_verify(ciphertext=data[:-16], received_mac_tag=data[-16:])
+                                     data=data)
 
 def get_bolt8_hkdf(salt, ikm):
     """RFC5869 HKDF instantiated in the specific form