RFC 7539 ChaCha20/Poly1305 AEAD construction

This library contains a pure PHP implementation of the RFC 7539 ChaCha20/Poly1305 AEAD construction.

Usage:

Remember that a nonce must not be used more than once for a particular key

The library contains both one-shot functions for small amounts of data, and methods for processing streams of information without consuming large amounts of memory.

One-shot functions

// Encrypt and produce a ciphertext and tag.
list($ciphertext, $tag) = \ChaCha20Poly1305\encrypt($key, $nonce, $aad, $plaintext);

// Decrypt and produce a plaintext, throw an exception if the tag is invalid.
$plaintext = \ChaCha20Poly1305\decrypt($key, $nonce, $aad, $plaintext, $tag);

// Verify without decryption, return true/false depending the tag being valid.
$valid = \ChaCha20Poly1305\verify($key, $nonce, $aad, $plaintext, $tag);

The Context object maintains the current state of all of the moving parts so they can be used for streaming. A separate context is needed for each stream.

Stream methods

$cipher = new \ChaCha20Poly1305\Cipher;
$encCtx = $cipher->init($key, $nonce);

$cipher->aad($encCtx, $additionalData);
$cipher->aad($encCtx, $moreData);

$ciphertext = $cipher->encrypt($encCtx, $plaintext);
$ciphertext .= $cipher->encrypt($encCtx, $morePlaintext);

$tag = $cipher->finish($encCtx);

// Or

$cipher = new \ChaCha20Poly1305\Cipher;
$decCtx = $cipher->init($key, $nonce);

$cipher->aad($decCtx, $additionalData);
$cipher->aad($decCtx, $moreData);

// Could also $cipher->verify() to skip decryption overhead.
$plaintext = $cipher->decrypt($decCtx, $ciphertext);
$plaintext .= $cipher->decrypt($decCtx, $moreCiphertext);

try {
    $cipher->finish($decCtx, $tag);
}
catch (\ChaCha20Poly1305\AuthenticationException $e) {
    // Tag was not valid
}