The ChaCha20-Poly1305 AEAD construction¶
This is a composition of the ChaCha20 stream cipher and the Poly1305 polynomial MAC to form an AEAD. It’s specified for use in TLS in the form of RFC7539.
It uses a 256-bit key and a 96-bit nonce.
This is a one-shot interface.
Functions¶
-
void
cf_chacha20poly1305_encrypt
(const uint8_t key[32], const uint8_t nonce[12], const uint8_t *header, size_t nheader, const uint8_t *plaintext, size_t nbytes, uint8_t *ciphertext, uint8_t tag[16])¶ ChaCha20-Poly1305 authenticated encryption.
Parameters: - key – key material.
- nonce – per-message nonce.
- header – header buffer.
- nheader – number of header bytes.
- plaintext – plaintext bytes to be encrypted.
- nbytes – number of plaintext/ciphertext bytes.
- ciphertext – ciphertext output buffer, nbytes in length.
- tag – authentication tag output buffer.
-
int
cf_chacha20poly1305_decrypt
(const uint8_t key[32], const uint8_t nonce[12], const uint8_t *header, size_t nheader, const uint8_t *ciphertext, size_t nbytes, const uint8_t tag[16], uint8_t *plaintext)¶ ChaCha20-Poly1305 authenticated decryption.
Returns: 0 on success, non-zero on error. Plaintext is zeroed on error.
Parameters: - key – key material.
- nonce – per-message nonce.
- header – header buffer.
- nheader – number of header bytes.
- ciphertext – ciphertext bytes to be decrypted.
- nbytes – number of plaintext/ciphertext bytes.
- plaintext – plaintext output buffer, nbytes in length.
- tag – authentication tag output buffer.