Description
[X]Salsa20, [X]Chacha20 are additions to the ChaCha20/Poly1305 proposal
as posted by Chris Zimman on 20-July-2016, and accepted at 8th, August
2016. Salsa [1] (ESTREAM finalist) and Chacha [2] (CEASAR contestant)
differ slightly in their round function and both are widely used. The
X* versions differ in their handling of nonces.
Added xchacha20, renamed chacha20 to chacha20_ietf, and added instead
the original chacha20. These 3 mechanism only differ in their size and
handling of their nonce. The original chacha20 is 64+64bits, the ietf
version as originally called chacha20 in the adopted Zimman proposal)
is 96+32 bits, and xchacha20 as introduced by libsodium is 128+64
bits. This has an impact on how safe random nonces are and how much
data can be encrypted with one key/nonce pair. New
CK_*CHACHA20*_PARAMS are introduced to handle these differences.
Furthermore for completeness Salsa20/XSalsa20 has also been
introduced, the two again only differing in their nonce size and use
affecting the safety of random nonces.
[1] https://cr.yp.to/snuffle.html
[2] https://cr.yp.to/chacha.html
