Designers
---------
-- **Chacha20:** Daniel J. Bernstein.
+- **ChaCha20:** Daniel J. Bernstein.
- **Poly1305:** Daniel J. Bernstein.
- **Blake2:** Jean-Philippe Aumasson, Christian Winnerlein, Samuel Neves,
and Zooko Wilcox-O'Hearn
Implementors
------------
-- **Chacha20:** Loup Vaillant, implemented from spec.
+- **ChaCha20:** Loup Vaillant, implemented from spec.
- **Poly1305:** Loup Vaillant, implemented from spec.
- **Blake2b:** Loup Vaillant, implemented from spec.
- **Argon2i:** Loup Vaillant, implemented from spec.
Features
--------
-- [Authenticated Encryption][AEAD] with XChacha20 and Poly1305
+- [Authenticated Encryption][AEAD] with XChaCha20 and Poly1305
(RFC 8439).
- [Hashing][HASH] with Blake2b.
- [Password Hashing][PWH] with Argon2i.
.\"
.\" Copyright (c) 2017-2019 Loup Vaillant
.\" Copyright (c) 2018 Michael Savage
-.\" Copyright (c) 2017, 2019-2020 Fabio Scotoni
+.\" Copyright (c) 2017, 2019-2021 Fabio Scotoni
.\" All rights reserved.
.\"
.\"
.\"
.\" ----------------------------------------------------------------------------
.\"
-.\" Written in 2017-2020 by Loup Vaillant, Michael Savage and Fabio Scotoni
+.\" Written in 2017-2021 by Loup Vaillant, Michael Savage and Fabio Scotoni
.\"
.\" To the extent possible under law, the author(s) have dedicated all copyright
.\" and related neighboring rights to this software to the public domain
.\" with this software. If not, see
.\" <https://creativecommons.org/publicdomain/zero/1.0/>
.\"
-.Dd March 31, 2020
+.Dd June 11, 2021
.Dt CRYPTO_CHACHA20 3MONOCYPHER
.Os
.Sh NAME
.Nm crypto_chacha20_ctr ,
.Nm crypto_xchacha20 ,
.Nm crypto_xchacha20_ctr
-.Nd Chacha20 and XChacha20 encryption functions
+.Nd ChaCha20 and XChaCha20 encryption functions
.Sh SYNOPSIS
.In monocypher.h
.Ft void
.Fa "uint64_t ctr"
.Fc
.Sh DESCRIPTION
-These functions provide an interface for the Chacha20 encryption
+These functions provide an interface for the ChaCha20 encryption
primitive.
.Pp
-Chacha20 is a low-level primitive.
+ChaCha20 is a low-level primitive.
Consider using authenticated encryption, implemented by
.Xr crypto_lock 3monocypher .
.Pp
.Dv NULL ,
in which case it will be interpreted as an all zero input.
.Fa cipher_text
-will then contain the raw Chacha20 stream.
+will then contain the raw ChaCha20 stream.
.It Fa cipher_text
The encrypted message.
.It Fa text_size
non-overlapping.
.Pp
.Fn crypto_chacha20
-performs a Chacha20 operation.
+performs a ChaCha20 operation.
It uses an 8-byte nonce, which is too small to be selected at random.
Use a message counter as a nonce instead.
.Pp
.Fn crypto_xchacha20
-performs an XChacha20 operation.
+performs an XChaCha20 operation.
It uses a 24-byte nonce, which is large enough to be selected at random.
.Pp
.Fn crypto_xchacha20
.Fn crypto_chacha20_ctr
and
.Fn crypto_xchacha20_ctr
-perform a Chacha20 or XChacha20 encryption, respectively,
+perform a ChaCha20 or XChaCha20 encryption, respectively,
starting the stream at the block
.Fa ctr
(which is the byte
.Xr crypto_wipe 3monocypher ,
.Xr intro 3monocypher
.Sh STANDARDS
-These functions implement Chacha20 and XChacha20.
-Chacha20 is described in:
+These functions implement ChaCha20 and XChaCha20.
+ChaCha20 is described in:
.Rs
.%A Daniel J. Bernstein
.%J SASC 2008 \(en The State of the Art of Stream Ciphers
.%T ChaCha, a variant of Salsa20
.Re
The nonce and counter sizes were modified in RFC 8439.
-XChacha20 derives from Chacha20 the same way XSalsa20 derives from
+XChaCha20 derives from ChaCha20 the same way XSalsa20 derives from
Salsa20, and benefits from the same security reduction (proven secure
-as long as Chacha20 itself is secure).
+as long as ChaCha20 itself is secure).
.Sh HISTORY
.Fn crypto_chacha20 ,
.Fn crypto_chacha20_ctr ,
that were deprecated in Monocypher 3.0.0.
.Sh SECURITY CONSIDERATIONS
.Ss Encrypted does not mean secure
-Chacha20 only protects against eavesdropping, not forgeries.
+ChaCha20 only protects against eavesdropping, not forgeries.
Most applications need protection against forgeries to be properly
secure.
To ensure the integrity of a message, use Blake2b in keyed mode, or
Use
.Xr crypto_wipe 3monocypher
to erase secrets you no longer need.
-For Chacha20, this means the key and in some cases the
+For ChaCha20, this means the key and in some cases the
plain text itself.
.\"
.\" Copyright (c) 2017-2019 Loup Vaillant
.\" Copyright (c) 2017-2018 Michael Savage
-.\" Copyright (c) 2019-2020 Fabio Scotoni
+.\" Copyright (c) 2019-2021 Fabio Scotoni
.\" All rights reserved.
.\"
.\"
.\"
.\" ----------------------------------------------------------------------------
.\"
-.\" Written in 2017-2020 by Loup Vaillant, Michael Savage and Fabio Scotoni
+.\" Written in 2017-2021 by Loup Vaillant, Michael Savage and Fabio Scotoni
.\"
.\" To the extent possible under law, the author(s) have dedicated all copyright
.\" and related neighboring rights to this software to the public domain
.\" with this software. If not, see
.\" <https://creativecommons.org/publicdomain/zero/1.0/>
.\"
-.Dd March 2, 2020
+.Dd June 11, 2021
.Dt CRYPTO_HCHACHA20 3MONOCYPHER
.Os
.Sh NAME
.Nm crypto_hchacha20
-.Nd HChacha20 special-purpose hashing
+.Nd HChaCha20 special-purpose hashing
.Sh SYNOPSIS
.In monocypher.h
.Ft void
.Fn crypto_hchacha20
provides a not-so-cryptographic hash.
It may be used for some specific purposes, such as X25519 key
-derivation, or XChacha20 initialisation.
+derivation, or XChaCha20 initialisation.
If in doubt, do not use directly.
Use
.Xr crypto_blake2b 3monocypher
A sufficiently random key, such as the output of
.Xr crypto_x25519 3monocypher .
.It Fa in
-The space reserved for the Chacha20 nonce and counter.
+The space reserved for the ChaCha20 nonce and counter.
It does not have to be random.
.It Fa out
A cryptographically secure random number
.Xr crypto_key_exchange 3monocypher ,
.Xr intro 3monocypher
.Sh STANDARDS
-This function implements HChacha20.
-HChacha20 derives from Chacha20 the same way HSalsa20 derives from
+This function implements HChaCha20.
+HChaCha20 derives from ChaCha20 the same way HSalsa20 derives from
Salsa20.
.Sh HISTORY
The
.\"
.\" ----------------------------------------------------------------------------
.\"
-.\" Copyright (c) 2019-2020 Fabio Scotoni
+.\" Copyright (c) 2019-2021 Fabio Scotoni
.\" All rights reserved.
.\"
.\"
.\"
.\" ----------------------------------------------------------------------------
.\"
-.\" Written in 2019-2020 by Fabio Scotoni
+.\" Written in 2019-2021 by Fabio Scotoni
.\"
.\" To the extent possible under law, the author(s) have dedicated all copyright
.\" and related neighboring rights to this software to the public domain
.\" with this software. If not, see
.\" <https://creativecommons.org/publicdomain/zero/1.0/>
.\"
-.Dd March 31, 2020
+.Dd June 11, 2021
.Dt CRYPTO_IETF_CHACHA20 3MONOCYPHER
.Os
.Sh NAME
.Nm crypto_ietf_chacha20 ,
.Nm crypto_ietf_chacha20_ctr
-.Nd IETF Chacha20 encryption functions
+.Nd IETF ChaCha20 encryption functions
.Sh SYNOPSIS
.In monocypher.h
.Ft void
.Fa "const uint32_t ctr"
.Fc
.Sh DESCRIPTION
-These functions provide an interface for the Chacha20 encryption
+These functions provide an interface for the ChaCha20 encryption
primitive as specified by the IETF in RFC 8439.
They are provided strictly for compatibility with existing systems
or strict standards compliance.
.Xr crypto_xchacha20 3monocypher
instead.
.Pp
-Chacha20 is a low-level primitive.
+ChaCha20 is a low-level primitive.
Consider using authenticated encryption, implemented by
.Xr crypto_lock 3monocypher .
.Pp
.Xr crypto_wipe 3monocypher ,
.Xr intro 3monocypher
.Sh STANDARDS
-These functions implement Chacha20 as described in RFC 8439.
+These functions implement ChaCha20 as described in RFC 8439.
.Sh HISTORY
.Fn crypto_ietf_chacha20
and
.\"
.\" Copyright (c) 2017-2019 Loup Vaillant
.\" Copyright (c) 2018 Michael Savage
-.\" Copyright (c) 2017, 2020 Fabio Scotoni
+.\" Copyright (c) 2017, 2020-2021 Fabio Scotoni
.\" All rights reserved.
.\"
.\"
.\"
.\" ----------------------------------------------------------------------------
.\"
-.\" Written in 2017-2020 by Loup Vaillant, Michael Savage and Fabio Scotoni
+.\" Written in 2017-2021 by Loup Vaillant, Michael Savage and Fabio Scotoni
.\"
.\" To the extent possible under law, the author(s) have dedicated all copyright
.\" and related neighboring rights to this software to the public domain
.\" with this software. If not, see
.\" <https://creativecommons.org/publicdomain/zero/1.0/>
.\"
-.Dd March 31, 2020
+.Dd June 11, 2021
.Dt CRYPTO_BLAKE2B 3MONOCYPHER
.Os
.Sh NAME
.Fc
.Sh DESCRIPTION
BLAKE2b is a fast cryptographically secure hash, based on the ideas of
-Chacha20.
+ChaCha20.
It is faster than MD5, yet just as secure as SHA-3.
.Pp
Note that BLAKE2b itself is not suitable for hashing passwords and
.\"
.\" Copyright (c) 2017-2021 Loup Vaillant
.\" Copyright (c) 2017-2018 Michael Savage
-.\" Copyright (c) 2017, 2019-2020 Fabio Scotoni
+.\" Copyright (c) 2017, 2019-2021 Fabio Scotoni
.\" Copyright (c) 2020 Richard Walmsley
.\" All rights reserved.
.\"
.\" with this software. If not, see
.\" <https://creativecommons.org/publicdomain/zero/1.0/>
.\"
-.Dd June 6, 2021
+.Dd June 11, 2021
.Dt CRYPTO_KEY_EXCHANGE 3MONOCYPHER
.Os
.Sh NAME
.Sh STANDARDS
These functions implement X25519, described in RFC 7748.
.Fn crypto_key_exchange
-uses HChacha20 as well.
+uses HChaCha20 as well.
.Sh HISTORY
The
.Fn crypto_key_exchange
.\"
.\" Copyright (c) 2017-2019 Loup Vaillant
.\" Copyright (c) 2017-2018 Michael Savage
-.\" Copyright (c) 2017, 2019-2020 Fabio Scotoni
+.\" Copyright (c) 2017, 2019-2021 Fabio Scotoni
.\" All rights reserved.
.\"
.\"
.\"
.\" ----------------------------------------------------------------------------
.\"
-.\" Written in 2017-2020 by Loup Vaillant, Michael Savage and Fabio Scotoni
+.\" Written in 2017-2021 by Loup Vaillant, Michael Savage and Fabio Scotoni
.\"
.\" To the extent possible under law, the author(s) have dedicated all copyright
.\" and related neighboring rights to this software to the public domain
.\" with this software. If not, see
.\" <https://creativecommons.org/publicdomain/zero/1.0/>
.\"
-.Dd February 29, 2020
+.Dd June 11, 2021
.Dt CRYPTO_LOCK 3MONOCYPHER
.Os
.Sh NAME
.Xr crypto_wipe 3monocypher ,
.Xr intro 3monocypher
.Sh STANDARDS
-These functions implement RFC 8439, with XChacha20 instead of Chacha20.
-XChacha20 derives from Chacha20 the same way XSalsa20 derives from
+These functions implement RFC 8439, with XChaCha20 instead of ChaCha20.
+XChaCha20 derives from ChaCha20 the same way XSalsa20 derives from
Salsa20, and benefits from the same security reduction (proven secure
-as long as Chacha20 itself is secure).
+as long as ChaCha20 itself is secure).
.Sh HISTORY
The
.Fn crypto_lock
.Fn crypto_unlock_aead
were introduced in Monocypher 1.1.0.
In Monocypher 2.0.0, the underlying algorithms for these functions were
-changed from a custom XChacha20/Poly1305 construction to an
-implementation of RFC 7539 (now RFC 8439) with XChacha20 instead of
-Chacha20.
+changed from a custom XChaCha20/Poly1305 construction to an
+implementation of RFC 7539 (now RFC 8439) with XChaCha20 instead of
+ChaCha20.
The
.Fn crypto_lock_encrypt
and
.\"
.\" ----------------------------------------------------------------------------
.\"
-.\" Copyright (c) 2019 Fabio Scotoni
+.\" Copyright (c) 2019, 2021 Fabio Scotoni
.\" All rights reserved.
.\"
.\"
.\"
.\" ----------------------------------------------------------------------------
.\"
-.\" Written in 2019 by Fabio Scotoni
+.\" Written in 2019 and 2021 by Fabio Scotoni
.\"
.\" To the extent possible under law, the author(s) have dedicated all copyright
.\" and related neighboring rights to this software to the public domain
.\" with this software. If not, see
.\" <https://creativecommons.org/publicdomain/zero/1.0/>
.\"
-.Dd December 2, 2019
+.Dd June 11, 2021
.Dt CRYPTO_CHACHA20_ENCRYPT 3MONOCYPHER
.Os
.Sh NAME
.Nm crypto_chacha20_x_init ,
.Nm crypto_chacha20_stream ,
.Nm crypto_chacha20_set_ctr
-.Nd deprecated Chacha20 and XChacha20 encryption functions
+.Nd deprecated ChaCha20 and XChaCha20 encryption functions
.Sh SYNOPSIS
.In monocypher.h
.Ft void
.Fa "uint64_t ctr"
.Fc
.Sh DESCRIPTION
-These functions provided an incremental interface for the Chacha20
+These functions provided an incremental interface for the ChaCha20
cipher.
They are deprecated in favor of
.Xr crypto_chacha20 3monocypher ,
This means that input ciphertexts or plaintexts
whose lengths are not exactly multiples of 64 bytes
advance the counter, even though there is theoretically some space left
-in a Chacha20 block.
+in a ChaCha20 block.
New applications should design their code so that either
the protocl is not reliant on the counter covering the entire text
(e.g. by cutting input into independent chunks) or
inputs are always such that their lengths are multiples of 64 bytes
(e.g. by buffering input until 64 bytes have been obtained).
.Pp
-To obtain the raw Chacha20 stream previously provided by
+To obtain the raw ChaCha20 stream previously provided by
.Fn crypto_chacha20_stream ,
pass
.Dv NULL
.\"
.\" Copyright (c) 2017-2021 Loup Vaillant
.\" Copyright (c) 2018 Michael Savage
-.\" Copyright (c) 2017, 2019-2020 Fabio Scotoni
+.\" Copyright (c) 2017, 2019-2021 Fabio Scotoni
.\" All rights reserved.
.\"
.\"
.\" with this software. If not, see
.\" <https://creativecommons.org/publicdomain/zero/1.0/>
.\"
-.Dd June 6, 2021
+.Dd June 11, 2021
.Dt INTRO 3MONOCYPHER
.Os
.Sh NAME
.Xr crypto_lock 3monocypher
and
.Xr crypto_unlock 3monocypher
-use the Chacha20 cipher and the Poly1305 one-time authenticator.
+use the ChaCha20 cipher and the Poly1305 one-time authenticator.
.Pp
-Chacha20 is a stream cipher based on a cryptographic hash function.
+ChaCha20 is a stream cipher based on a cryptographic hash function.
It runs efficiently on a wide variety of hardware, and unlike AES
naturally runs in constant time on all hardware.
.Pp
projects / Monocypher.git / commitdiff