{ "classes": [ { "constants": [], "types": [], "name": "@eryx/crypto/chacha20", "tags": [], "functions": [ { "source": { "path": "", "line": 45 }, "is_method": false, "signature": "chacha20.encrypt(\n key: buffer, -- 32-byte ChaCha20 key.\n nonce: buffer, -- 12-byte nonce.\n data: buffer -- Plaintext to encrypt.\n) → (\n buffer -- Ciphertext (same length as input). \n)", "owner": "chacha20", "desc": "Encrypts `data` with ChaCha20 (unauthenticated stream cipher).\n\nThe output is the same length as the input. A given (key, nonce) pair\nmust never be reused; generate a fresh random nonce per message.\n\nFor authenticated encryption, use [[poly1305_encrypt]] instead.\n", "tags": [], "name": "encrypt", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Ciphertext (same length as input). " } ], "params": [ { "lua_type": "buffer", "name": "key", "desc": "32-byte ChaCha20 key." }, { "lua_type": "buffer", "name": "nonce", "desc": "12-byte nonce." }, { "lua_type": "buffer", "name": "data", "desc": "Plaintext to encrypt." } ] }, { "source": { "path": "", "line": 60 }, "is_method": false, "signature": "chacha20.decrypt(\n key: buffer, -- 32-byte ChaCha20 key.\n nonce: buffer, -- 12-byte nonce.\n data: buffer -- Ciphertext to decrypt.\n) → (\n buffer -- Plaintext (same length as input). \n)", "owner": "chacha20", "desc": "Decrypts ChaCha20 ciphertext (unauthenticated).\n\nChaCha20 decryption is identical to encryption; this function is\nprovided for API symmetry.\n", "tags": [], "name": "decrypt", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Plaintext (same length as input). " } ], "params": [ { "lua_type": "buffer", "name": "key", "desc": "32-byte ChaCha20 key." }, { "lua_type": "buffer", "name": "nonce", "desc": "12-byte nonce." }, { "lua_type": "buffer", "name": "data", "desc": "Ciphertext to decrypt." } ] }, { "source": { "path": "", "line": 86 }, "is_method": false, "signature": "chacha20.encryptPoly1305(\n key: buffer, -- 32-byte ChaCha20 key.\n nonce: buffer, -- 12-byte nonce.\n data: buffer, -- Plaintext to encrypt.\n aad: buffer? -- Additional authenticated data (not encrypted).\n) → (\n buffer, -- Ciphertext.\n buffer -- 16-byte Poly1305 authentication tag. \n)", "owner": "chacha20", "desc": "Encrypts `data` with ChaCha20-Poly1305 (authenticated encryption).\n\nReturns the ciphertext and a 16-byte Poly1305 authentication tag\nseparately. The tag covers the ciphertext and any additional\nauthenticated data (`aad`).\n\nThis is the recommended variant when you need both confidentiality\nand integrity.\n\n```luau\nlocal ct, tag = chacha20.poly1305_encrypt(key, nonce, plain, aad)\nlocal pt = chacha20.poly1305_decrypt(key, nonce, ct, tag, aad)\n```\n", "tags": [], "name": "encryptPoly1305", "return_str": "(buffer, buffer)", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Ciphertext." }, { "lua_type": "buffer", "desc": "16-byte Poly1305 authentication tag. " } ], "params": [ { "lua_type": "buffer", "name": "key", "desc": "32-byte ChaCha20 key." }, { "lua_type": "buffer", "name": "nonce", "desc": "12-byte nonce." }, { "lua_type": "buffer", "name": "data", "desc": "Plaintext to encrypt." }, { "lua_type": "buffer?", "name": "aad", "desc": "Additional authenticated data (not encrypted)." } ] }, { "source": { "path": "", "line": 103 }, "is_method": false, "signature": "chacha20.decryptPoly1305(\n key: buffer, -- 32-byte ChaCha20 key.\n nonce: buffer, -- 12-byte nonce - must match the value used during encryption.\n ct: buffer, -- Ciphertext.\n tag: buffer, -- 16-byte Poly1305 authentication tag.\n aad: buffer? -- Additional authenticated data (must match encryption).\n) → (\n buffer -- Plaintext. \n)", "owner": "chacha20", "desc": "Decrypts ChaCha20-Poly1305 ciphertext and verifies the tag.\n\nRaises an error if the authentication tag does not match (data\nhas been tampered with, or wrong key/nonce/aad was used).\n", "tags": [], "name": "decryptPoly1305", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Plaintext. " } ], "params": [ { "lua_type": "buffer", "name": "key", "desc": "32-byte ChaCha20 key." }, { "lua_type": "buffer", "name": "nonce", "desc": "12-byte nonce - must match the value used during encryption." }, { "lua_type": "buffer", "name": "ct", "desc": "Ciphertext." }, { "lua_type": "buffer", "name": "tag", "desc": "16-byte Poly1305 authentication tag." }, { "lua_type": "buffer?", "name": "aad", "desc": "Additional authenticated data (must match encryption)." } ] } ], "properties": [], "source": { "path": "", "line": 0 }, "desc": "ChaCha20 stream cipher and ChaCha20-Poly1305 AEAD.\n\nChaCha20 is a fast, secure stream cipher designed by Daniel J.\nBernstein. It is widely used in TLS 1.3 and WireGuard as an\nalternative to AES when hardware AES acceleration is unavailable.\n\n- **ChaCha20 (stream)** - symmetric stream cipher; keystream is XOR'd\n with the plaintext. No authentication; pair with an HMAC if you need\n it, or use the Poly1305 variant.\n- **ChaCha20-Poly1305** - authenticated encryption (AEAD) combining\n ChaCha20 with the Poly1305 MAC. This is the recommended variant.\n\nKey: **32 bytes**. Nonce: **12 bytes**. Counter starts at 0.\n\n```luau\nlocal chacha20 = require(\"@eryx/crypto/chacha20\")\n\nlocal key = buffer.create(32) -- 32 zero bytes (use a real key!)\nlocal nonce = buffer.create(12) -- 12 zero bytes\n\n-- Authenticated encryption\nlocal ct, tag = chacha20.poly1305_encrypt(key, nonce, buffer.fromstring(\"secret\"))\nlocal pt = chacha20.poly1305_decrypt(key, nonce, ct, tag)\n```\n" } ] }