6abad20323
Due to SSL, the IETF version of chacha20poly1305 is going to be the one that's in libraries places. While the 12-byte nonce thing is a little weird, it has other benefits, like adding padding to the auth tag, which might help fend off certain attacks. But more importantly, since chacha20poly1305 in the IETF construction is lots of places, it would be useful to be able to build xchacha20poly1305 out of it. Fortunately it's very easy to make hchacha20 (either stand-alone, or out of the normal chacha20 block function), and then that can be composed with an existing library's chacha20poly1305. It looks a bit like this: xchacha20poly1305(input, key, nonce) { new_key = hchacha20(key, nonce) return chacha20poly1305(input, new_key, nonce + 16) } This is also an efficient way to do it, since it means hchacha20 must only be computed once. Unfortuantely, non-IETF xchacha20poly1305 means that you deprive virtually all other libraries that only support the more common IETF construction the ability the ability to interoperate with libsodium, through the simple construction. Rather, it forces everyone to reimplement the AEAD part. So, this commit adds a xchacha20poly1305 that uses the IETF construction with the padding. While we're at it, we redefine xchacha20poly1305 in terms of chacha20poly1305, which gives the same output, but computes one less hchacha20 and is generally a lot cleaner and simpler to understand. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> |
||
---|---|---|
builds | ||
contrib | ||
dist-build | ||
m4 | ||
msvc-scripts | ||
packaging/nuget | ||
src | ||
test | ||
.gitignore | ||
.travis.yml | ||
appveyor.yml | ||
AUTHORS | ||
autogen.sh | ||
ChangeLog | ||
configure.ac | ||
libsodium-uninstalled.pc.in | ||
libsodium.pc.in | ||
libsodium.sln | ||
libsodium.vcxproj | ||
libsodium.vcxproj.filters | ||
LICENSE | ||
logo.png | ||
Makefile.am | ||
README.markdown | ||
THANKS |
Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more.
It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further.
Its goal is to provide all of the core operations needed to build higher-level cryptographic tools.
Sodium supports a variety of compilers and operating systems, including Windows (with MingW or Visual Studio, x86 and x64), iOS and Android.
Documentation
The documentation is a work-in-progress, and is being written using Gitbook:
- libsodium documentation - online, requires Javascript.
- offline documentation in PDF, MOBI and ePUB formats.
Integrity Checking
The integrity checking instructions (including the signing key for libsodium) are available in the installation section of the documentation.
Community
A mailing-list is available to discuss libsodium.
In order to join, just send a random mail to sodium-subscribe
{at}
pureftpd
{dot} org
.