3 setupChachastate, chacha_setblock, chacha_setiv, chacha_encrypt, chacha_encrypt2, hchacha, ccpoly_encrypt, ccpoly_decrypt \- chacha encryption
12 void setupChachastate(Chachastate *s, uchar key[], ulong keylen, uchar *iv, ulong ivlen, int rounds)
15 void chacha_encrypt(uchar *data, ulong len, Chachastate *s)
18 void chacha_encrypt2(uchar *src, uchar *dst, ulong len, Chachastate *s)
21 void chacha_setblock(Chachastate *s, u64int blockno)
24 void chacha_setiv(Chachastate *s, uchar *iv);
27 void hchacha(uchar h[32], uchar *key, ulong keylen, uchar nonce[16], int rounds);
30 void ccpoly_encrypt(uchar *dat, ulong ndat, uchar *aad, ulong naad, uchar tag[16], Chachastate *cs);
33 int ccpoly_decrypt(uchar *dat, ulong ndat, uchar *aad, ulong naad, uchar tag[16], Chachastate *cs);
36 Chacha is D J Berstein's symmetric stream cipher, as modified by RFC7539. It supports
37 keys of 256 bits (128 bits is supported here for special purposes). It has an underlying block size of 64 bytes
42 takes a reference to a
48 bytes, which should normally be
58 .BR XChachaIVlen =24 ;
59 set to all zeros if the
64 (set to the default of 20 if the argument is zero).
65 With a key length of 256 bits (32 bytes), a nonce of 96 bits (12 bytes)
68 the function implements the Chacha20 encryption function of RFC7539.
80 can be any byte length.
81 Encryption and decryption are the same operation given the same starting state
85 is similar, but encrypts
95 sets the Chacha block counter for the next encryption to
97 allowing seeking in an encrypted stream.
100 sets the the initialization vector (nonce) to
104 is a key expansion function that takes a 128 or 256-bit key
105 and a 128-bit nonce and produces a new 256-bit key.
110 implement authenticated encryption with associated data (AEAD)
111 using Chacha cipher and Poly1305 message authentication code
112 as specified in RFC7539.
113 These routines require a
115 that has been setup with a new (per key unique) initialization
116 vector (nonce) on each invocation. The referenced data
118 is in-place encrypted or decrypted.
120 produces a 16 byte authentication
126 returning zero on success or negative on a mismatch.
129 arguments refer to the additional authenticated data
130 that is included in the
132 calculation, but not encrypted.