crypto_ietf_chacha20,
crypto_ietf_chacha20_ctr —
IETF Chacha20 encryption functions
#include
<monocypher.h>
void
crypto_ietf_chacha20(
uint8_t
*cipher_text,
const uint8_t
*plain_text,
size_t text_size,
const uint8_t key[32],
const uint8_t nonce[12]);
void
crypto_ietf_chacha20_ctr(
uint8_t
*cipher_text,
const uint8_t
*plain_text,
size_t text_size,
const uint8_t key[32],
const uint8_t nonce[12],
const uint32_t ctr);
These functions provide an interface for the Chacha20 encryption primitive as
specified by the IETF in RFC 8439. They are provided strictly for
compatibility with existing systems or strict standards compliance. New
programs are strongly encouraged to use
crypto_xchacha20(3monocypher)
instead.
Chacha20 is a low-level primitive. Consider using authenticated encryption,
implemented by
crypto_lock(3monocypher).
The
crypto_ietf_chacha20() and
crypto_ietf_chacha20_ctr() functions behave the
same as
crypto_chacha20 and
crypto_chacha20_ctr,
respectively, but use differently-sized nonce and counter values. The nonce
encompasses 12 bytes and the counter is correspondingly reduced to 4 bytes.
The short counter limits a single pair of key and nonce to 256 GiB of data. A
nonce of 12 bytes is
just barely too short to be
safely chosen at random; use a message counter instead. RFC 8439 also permits
linear feedback shift registers to generate nonces.
crypto_ietf_chacha20() returns nothing.
crypto_ietf_chacha20_ctr() functions return the
next
ctr to use with the same key and nonce
values; this is always
text_size divided by
64; plus one if there was a remainder.
crypto_chacha20(3monocypher),
crypto_lock(3monocypher),
crypto_wipe(3monocypher),
intro(3monocypher)
These functions implement Chacha20 as described in RFC 8439.
crypto_ietf_chacha20() and
crypto_ietf_chacha20_ctr() were added in
Monocypher 3.0.0.