Monocypher

Boring crypto that simply works
CRYPTO_IETF_CHACHA20(3MONOCYPHER) 3MONOCYPHER CRYPTO_IETF_CHACHA20(3MONOCYPHER)

NAME

IETF Chacha20 encryption functions #include <monocypher.h>
void
crypto_ietf_chacha20(uint8_t *cipher_text, const uint8_t *plain_text, size_t text_size, const uint8_t key[32], const uint8_t nonce[12]);
void
crypto_ietf_chacha20_ctr(uint8_t *cipher_text, const uint8_t *plain_text, size_t text_size, const uint8_t key[32], const uint8_t nonce[12], const uint32_t ctr);

DESCRIPTION

These functions provide an interface for the Chacha20 encryption primitive as specified by the IETF in RFC 8439. They are provided strictly for compatibility with existing systems or strict standards compliance. New programs are strongly encouraged to use crypto_xchacha20() instead.
Chacha20 is a low-level primitive. Consider using authenticated encryption, implemented by crypto_lock().
The crypto_ietf_chacha20() and crypto_ietf_chacha20_ctr() functions behave the same as crypto_chacha20 and crypto_chacha20_ctr, respectively, but use differently-sized nonce and counter values. The nonce encompasses 12 bytes and the counter is correspondingly reduced to 4 bytes. The short counter limits a single pair of key and nonce to 256 GiB of data. A nonce of 12 bytes is just barely too short to be safely chosen at random; use a message counter instead. RFC 8439 also permits linear feedback shift registers to generate nonces.

RETURN VALUES

crypto_ietf_chacha20() returns nothing. crypto_ietf_chacha20_ctr() functions return the next ctr to use with the same key and nonce values; this is always text_size divided by 64; plus one if there was a remainder.

SEE ALSO

crypto_chacha20(), crypto_lock(), crypto_wipe(), intro()

STANDARDS

These functions implement Chacha20 as described in RFC 8439.

HISTORY

crypto_ietf_chacha20() and crypto_ietf_chacha20_ctr() were added in Monocypher 3.0.0.
March 31, 2020 Linux 4.15.0-99-generic