Add support for XChaCha and XChaChaPoly1305 #18
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a resubmit of haskell-crypto#365. Since the parent project is now defunct, I rebased them onto the master branch of this fork. The original PR description is included below.
This PR adds support for the extended nonce variants of ChaCha and ChaChaPoly1305, as implemented in libsodium (among others), and specified in this RFC draft: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha-03. Like haskell-crypto#364, I'm submitting this PR because I'd like to have this functionality in another project of mine that depends on cryptonite.
Since the only difference with the "base" cipher lies in the way the initial state is generated, the only change(s) in the Haskell API are a couple new initialisation functions & associated types. I considered overloading the existing initialize functions and branching on the length of the nonce, but I figured keeping them separate would be cleaner.
This addition did require a number of additions at the C level, though (mainly to implement the extra HChaCha primitive). I haven't written any "serious" C in a while, so some extra attention would be appreciated there. Obviously, comments on other aspects of the implementation are also more than welcome.
Thanks a lot!