include AEAD
val authenticate_encrypt : key:key -> nonce:Cstruct.t -> ?adata:Cstruct.t -> Cstruct.t -> Cstruct.t
authenticate_encrypt ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
, and appends an authentication tag computed over the encrypted msg
, using key
, nonce
, and adata
.
- raises Invalid_argument
if
nonce
is not of the right size.
val authenticate_decrypt : key:key -> nonce:Cstruct.t -> ?adata:Cstruct.t -> Cstruct.t -> Cstruct.t option
authenticate_decrypt ~key ~nonce ~adata msg
splits msg
into encrypted data and authentication tag, computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
- raises Invalid_argument
if
nonce
is not of the right size.
crypt ~key ~nonce ~ctr data
generates a ChaCha20 key stream using the key
, and nonce
. The ctr
defaults to 0. The generated key stream is of the same length as data
, and the output is the XOR of the key stream and data
. This implements, depending on the size of the nonce
(8 or 12 bytes) both the original specification (where the counter is 8 byte, same as the nonce) and the IETF RFC 8439 specification (where nonce is 12 bytes, and counter 4 bytes).
- raises Invalid_argument
if invalid parameters are provided. Valid parameters are:
key
must be 32 bytes andnonce
12 bytes for the IETF mode (and counter fit into 32 bits), orkey
must be either 16 bytes or 32 bytes andnonce
8 bytes.