Skip to content
/ libsodium-xchacha20-siv Public

Deterministic/nonce-reuse resistant authenticated encryption scheme using XChaCha20, implemented on libsodium.

License

BSD-2-Clause license
27 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jedisct1/libsodium-xchacha20-siv

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits

src

src

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

XChaCha20-SIV

Deterministic/nonce-reuse resistant authenticated encryption scheme using XChaCha20, implemented on libsodium.

XChaCha20-Poly1305 XChaCha20-SIV
Key size 256 bits 256 bits (before expansion)
Authentication tag 128 bits 256 bits
Nonce 192 bits, mandatory Optional
Nonce reuse Can leak plaintext Only leaks message duplication
Speed Fast Slightly slower

Usage

int crypto_aead_det_xchacha20_encrypt_detached(
    unsigned char *c,
    unsigned char mac[crypto_aead_det_xchacha20_ABYTES],
    const unsigned char *m, size_t mlen,
    const unsigned char *ad, size_t adlen,
    const unsigned char *nonce,
    const unsigned char k[crypto_aead_det_xchacha20_KEYBYTES]);

Encrypt a message m of length mlen bytes using a key k, an optional nonce nonce (which can left to NULL), optionally authenticating additional data ad (if not NULL) of length adlen bytes in addition to the message itself. The IV acting as a MAC is stored into mac.

int crypto_aead_det_xchacha20_decrypt_detached(
    unsigned char *m,
    const unsigned char *c, size_t clen,
    const unsigned char mac[crypto_aead_det_xchacha20_ABYTES],
    const unsigned char *ad, size_t adlen,
    const unsigned char *nonce,
    const unsigned char k[crypto_aead_det_xchacha20_KEYBYTES]);

Decrypt a ciphertext c or length clen bytes using a key k, an optional nonce nonce (which can be left to NULL), optionally verifying additional data ad (if not NULL) of length adlen bytes in addition to the message itself, using the MAC mac.

The function returns -1 if the authentication tag didn't verify, and 0 on success, storing the decrypted message into m.

int crypto_aead_det_xchacha20_encrypt(unsigned char *c,
                                      const unsigned char *m, size_t mlen,
                                      const unsigned char *ad, size_t adlen,
                                      const unsigned char *nonce,
                                      const unsigned char  k[crypto_aead_det_xchacha20_KEYBYTES]);

Similar to encrypt_detached, but the ciphertext and MAC are concatenated.

c must be mlen + crypto_aead_det_xchacha20_ABYTES long.

int crypto_aead_det_xchacha20_decrypt(unsigned char *m,
                                      const unsigned char *c, size_t clen,
                                      const unsigned char *ad, size_t adlen,
                                      const unsigned char *nonce,
                                      const unsigned char k[crypto_aead_det_xchacha20_KEYBYTES]);

Similar to decrypt_detached, with the ciphertext and the MAC having been concatenated.

void crypto_aead_det_xchacha20_keygen(unsigned char k[crypto_aead_det_xchacha20_KEYBYTES]);

Create a 256-bit secret key.

About

Deterministic/nonce-reuse resistant authenticated encryption scheme using XChaCha20, implemented on libsodium.

Topics

crypto encryption siv libsodium chacha20 xchacha20 s2v

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

27 stars

Watchers

6 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages