ChaCha20 Poly1305 implementation based on this repo, test vectors are from this ietf draft and boringssl. Note there are 2 versions of the chacha20/poly1305 aead, an earlier draft and a modified version with a longer nonce, shorter counter and different tag generation. This is the more recent version, boringssl implemented the older version which is also included.
By default in node it attempts to use native bindings and falls back to using the pure js implimentation. In the browser it defaults to the pure js one. To use the pure js one in node
var chacha = require('chacha');
var cipher = chacha.createCipher(key, nonce); var decipher = chacha.createDecipher(key, nonce);
Create a cipher object by passing it a 256 bit key and 96 bit nonce, API is identical to crypto.createCipheriv()/createDecipheriv in node >= 11 with a gcm mode, in other words, e.g.
cipher.setAAD(nonencrypteddata);// must be called before data var tag = cipher.getAuthTag();// must be called after finish or end decipher.setAAD(nonencrypteddata);// must be called before data decipher.setAuthTag(tag);// must be called before data
decipher with throw if you don't set a tag or the tag doesn't match. See the node docs for more info (the iv length for gcm is also 96 bit fyi).
var cipher = chacha.chacha(key, nonce);
The API is identical to a cipher/decipher object in node >= 10. Encryption and decryption are the same.
var hmac = chacha.createHmac(key);
API is identical to an hmac in node, so it's a stream with update and digest methods.
A variant version of the aead that is compatible with boringssl.
var cipher = new chacha.AeadLegacy(key, nonce); var decipher = new chacha.AeadLegacy(key, nonce, true);
The third parameter is whether it should decipher, otherwise identical to createCipher/createDecipher. Doesn't implement variable length tags.