1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-24 04:25:10 -07:00
A modern, portable, easy to use crypto library.
Go to file
Jason A. Donenfeld 6abad20323 xchacha20poly1305: optimize and be compatible with ietf chacha20poly1305 (#461)
Due to SSL, the IETF version of chacha20poly1305 is going to be the one
that's in libraries places. While the 12-byte nonce thing is a little
weird, it has other benefits, like adding padding to the auth tag, which
might help fend off certain attacks.

But more importantly, since chacha20poly1305 in the IETF construction is
lots of places, it would be useful to be able to build xchacha20poly1305
out of it. Fortunately it's very easy to make hchacha20 (either
stand-alone, or out of the normal chacha20 block function), and then
that can be composed with an existing library's chacha20poly1305. It
looks a bit like this:

    xchacha20poly1305(input, key, nonce) {
        new_key = hchacha20(key, nonce)
        return chacha20poly1305(input, new_key, nonce + 16)
    }

This is also an efficient way to do it, since it means hchacha20 must
only be computed once.

Unfortuantely, non-IETF xchacha20poly1305 means that you deprive
virtually all other libraries that only support the more common
IETF construction the ability the ability to interoperate with
libsodium, through the simple construction. Rather, it forces
everyone to reimplement the AEAD part.

So, this commit adds a xchacha20poly1305 that uses the IETF construction
with the padding.

While we're at it, we redefine xchacha20poly1305 in terms of
chacha20poly1305, which gives the same output, but computes one less
hchacha20 and is generally a lot cleaner and simpler to understand.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-12-24 02:17:33 +01:00
builds Reintroduce 27a2756479 2016-07-24 19:54:07 +02:00
contrib Trim spaces 2016-10-05 15:42:02 +02:00
dist-build js: measuring make check time is not useful, especially not in a web browser 2016-10-30 01:25:32 +02:00
m4 Import ax_pthread.m4 2016-04-19 00:27:35 +02:00
msvc-scripts Version bump (not released yet) 2016-06-30 18:48:16 +02:00
packaging/nuget https 2016-04-12 01:27:22 +02:00
src xchacha20poly1305: optimize and be compatible with ietf chacha20poly1305 (#461) 2016-12-24 02:17:33 +01:00
test Add dist-build/nativeclient-x86-64.sh 2016-04-29 21:55:06 +02:00
.gitignore Forgot to ignore libsodium-uninstalled.pc 2016-06-04 07:09:36 +02:00
.travis.yml Update Coverity Scan token 2016-11-09 17:58:45 +01:00
appveyor.yml Update appveyor version 2016-04-04 21:40:26 +02:00
AUTHORS Add crypto_core/curve25519 2016-03-16 14:48:05 +01:00
autogen.sh pkg-config is not required 2015-12-25 11:51:19 +01:00
ChangeLog Update ChangeLog 2016-06-29 17:13:11 +02:00
configure.ac Check if atomic operations are supported 2016-12-16 16:37:12 +01:00
libsodium-uninstalled.pc.in Update description 2016-03-17 12:33:46 +01:00
libsodium.pc.in Update description 2016-03-17 12:33:46 +01:00
libsodium.sln Retarget the top solution to Visual Studio 2015 2015-11-01 08:29:49 -08:00
libsodium.vcxproj Add blake2b-compress-avx2.c to the top-level Visual Studio solution 2016-03-17 16:37:37 +01:00
libsodium.vcxproj.filters Add blake2b-compress-avx2.c to the top-level Visual Studio solution 2016-03-17 16:37:37 +01:00
LICENSE Add license title 2016-06-30 14:18:36 +01:00
logo.png Larger logo, less prominent saltcellar 2016-04-19 02:16:50 +02:00
Makefile.am SUBDIRS << "contrib" 2016-10-05 15:46:02 +02:00
README.markdown Link text = "installation" only 2016-03-17 23:27:08 +01:00
THANKS THANKS << Scott Arciszewski 2015-11-28 16:15:25 +01:00

Build Status Windows build status Coverity Scan Build Status

libsodium

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more.

It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further.

Its goal is to provide all of the core operations needed to build higher-level cryptographic tools.

Sodium supports a variety of compilers and operating systems, including Windows (with MingW or Visual Studio, x86 and x64), iOS and Android.

Documentation

The documentation is a work-in-progress, and is being written using Gitbook:

Integrity Checking

The integrity checking instructions (including the signing key for libsodium) are available in the installation section of the documentation.

Community

A mailing-list is available to discuss libsodium.

In order to join, just send a random mail to sodium-subscribe {at} pureftpd {dot} org.

License

ISC license.