The NORX AEAD cipher

This is an implementation of NORX32-4-1 with a one-shot interface. NORX is a CAESAR candidate with a core similar to ChaCha20 and a sponge structure like Keccak.

This is NORX v2.0. It is not compatible with earlier versions.

NORX32 uses a 128-bit key. Each encryption requires a 64-bit nonce. An encryption processes one sequence of additional data (‘header’), followed by encryption of the plaintext, followed by processing a second sequence of additional data (‘trailer’). It outputs a 128-bit tag.

Functions

void cf_norx32_encrypt(const uint8_t key[16], const uint8_t nonce[8], const uint8_t *header, size_t nheader, const uint8_t *plaintext, size_t nbytes, const uint8_t *trailer, size_t ntrailer, uint8_t *ciphertext, uint8_t tag[16])

NORX32-4-1 one-shot encryption interface.

Parameters:
  • key – key material.
  • nonce – per-message nonce.
  • header – header buffer.
  • nheader – number of header bytes.
  • plaintext – plaintext bytes to be encrypted.
  • nbytes – number of plaintext/ciphertext bytes.
  • trailer – trailer buffer.
  • ntrailer – number of trailer bytes.
  • ciphertext – ciphertext output buffer, nbytes in length.
  • tag – authentication tag output buffer.
int cf_norx32_decrypt(const uint8_t key[16], const uint8_t nonce[8], const uint8_t *header, size_t nheader, const uint8_t *ciphertext, size_t nbytes, const uint8_t *trailer, size_t ntrailer, const uint8_t tag[16], uint8_t *plaintext)

NORX32-4-1 one-shot decryption interface.

Returns:

0 on success, non-zero on error. Plaintext is zeroed on error.
Parameters:
  • key – key material.
  • nonce – per-message nonce.
  • header – header buffer.
  • nheader – number of header bytes.
  • ciphertext – ciphertext bytes to be decrypted.
  • nbytes – number of plaintext/ciphertext bytes.
  • trailer – trailer buffer.
  • ntrailer – number of trailer bytes.
  • plaintext – plaintext output buffer, nbytes in length.
  • tag – authentication tag output buffer.