package mirage-crypto
Library
Module
Module type
Parameter
Class
Class type
The ChaCha20 cipher proposed by D.J. Bernstein.
include AEAD
val of_secret : Cstruct.t -> key
of_secret secret
constructs the encryption key corresponding to secret
.
Authenticated encryption and decryption with inline tag
val authenticate_encrypt :
key:key ->
nonce:Cstruct.t ->
?adata:Cstruct.t ->
Cstruct.t ->
Cstruct.t
authenticate_encrypt ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
, and appends an authentication tag computed over the encrypted msg
, using key
, nonce
, and adata
.
val authenticate_decrypt :
key:key ->
nonce:Cstruct.t ->
?adata:Cstruct.t ->
Cstruct.t ->
Cstruct.t option
authenticate_decrypt ~key ~nonce ~adata msg
splits msg
into encrypted data and authentication tag, computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
Authenticated encryption and decryption with tag provided separately
val authenticate_encrypt_tag :
key:key ->
nonce:Cstruct.t ->
?adata:Cstruct.t ->
Cstruct.t ->
Cstruct.t * Cstruct.t
authenticate_encrypt_tag ~key ~nonce ~adata msg
encrypts msg
with key
and nonce
. The computed authentication tag is returned separately as second part of the tuple.
val authenticate_decrypt_tag :
key:key ->
nonce:Cstruct.t ->
?adata:Cstruct.t ->
tag:Cstruct.t ->
Cstruct.t ->
Cstruct.t option
authenticate_decrypt ~key ~nonce ~adata ~tag msg
computes the authentication tag using key
, nonce
, and adata
, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.
val crypt : key:key -> nonce:Cstruct.t -> ?ctr:int64 -> Cstruct.t -> Cstruct.t
crypt ~key ~nonce ~ctr data
generates a ChaCha20 key stream using the key
, and nonce
. The ctr
defaults to 0. The generated key stream is of the same length as data
, and the output is the XOR of the key stream and data
. This implements, depending on the size of the nonce
(8 or 12 bytes) both the original specification (where the counter is 8 byte, same as the nonce) and the IETF RFC 8439 specification (where nonce is 12 bytes, and counter 4 bytes).