海运的博客

ietf版chacha20 nonce为12字节，openssl_encrypt传递iv参数最低16字节，将nonce前面以\0补充到16字节。

<?php
$key = hash('sha256', "pass", true);
$nonce = random_bytes(12);
$msg = "message";
$cipher_str = openssl_encrypt($msg, 'chacha20', $key, OPENSSL_NO_PADDING, "\0\0\0\0".$nonce);
echo "cipher hex: " . bin2hex($cipher_str) . PHP_EOL;
$plain_str = openssl_decrypt($cipher_str, 'chacha20', $key, OPENSSL_NO_PADDING, "\0\0\0\0".$nonce);
echo "plain text: ".$plain_str.PHP_EOL;

ChaCha20和XChaCha20，NewUnauthenticatedCipher传入nonce值为12字节时使用ChaCha20，24字节时使用XChaCha20加密方法：

package main

import (
        "crypto/sha256"
        "fmt"
        "io"
        "crypto/rand"
        //"encoding/hex"
        "golang.org/x/crypto/chacha20"
)

func main() {

        pass := "Hello"
        msg := []byte("Pass")
        //msg, _ := hex.DecodeString("e07a6838")

        key := sha256.Sum256([]byte(pass))

        //nonce := make([]byte, chacha20.NonceSize)
        nonce := make([]byte, chacha20.NonceSizeX)
        if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
                panic(err.Error())
        }

        cip, _ := chacha20.NewUnauthenticatedCipher(key[:], nonce)
        ciphertext := make([]byte, len(msg))
        plaintext  := make([]byte, len(msg))
        cip.XORKeyStream(ciphertext, msg)

        cip2, _ := chacha20.NewUnauthenticatedCipher(key[:], nonce)
        cip2.XORKeyStream(plaintext, ciphertext)

        fmt.Printf("Message:\t%s\n", msg)
        fmt.Printf("Passphrase:\t%s\n", pass)
        fmt.Printf("Key:\t%x\n", key)
        fmt.Printf("Nonce:\t%x\n", nonce)
        fmt.Printf("Cipher stream:\t%x\n", ciphertext)
        fmt.Printf("Plain text:\t%s\n", plaintext)

}

XChaCha20-Poly1305和ChaCha20-Poly1305加密，分别调用NewX和New初始化，nonce同上ChaCha20和XChaCha20的大小。

package main

import (
        "crypto/rand"
        "crypto/sha256"
        "fmt"
        "golang.org/x/crypto/chacha20poly1305"
        "io"
)

func main() {

        pass := "Hello"
        msg := "Pass"

        key := sha256.Sum256([]byte(pass))
        //aead, _ := chacha20poly1305.NewX(key[:])
        aead, _ := chacha20poly1305.New(key[:])

        //nonce := make([]byte, chacha20poly1305.NonceSizeX)
        nonce := make([]byte, chacha20poly1305.NonceSize)
        if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
                panic(err.Error())
        }

        ciphertext := aead.Seal(nil, nonce, []byte(msg), nil)
        plaintext, _ := aead.Open(nil, nonce, ciphertext, nil)

        fmt.Printf("Message:\t%s\n", msg)
        fmt.Printf("Passphrase:\t%s\n", pass)
        fmt.Printf("Key:\t%x\n", key)
        fmt.Printf("Nonce:\t%x\n", nonce)
        fmt.Printf("Cipher stream:\t%x\n", ciphertext)
        fmt.Printf("Plain text:\t%s\n", plaintext)

}