Could someone please clarify if the XChaCha key derivation function in Crypto++ is consistent with the functionality outlined in “XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305 draft-irtf-cfrg-xchacha-03”? Implementing just the HChaCha_OperateKeystream function using the test vectors outlined in the document produces results consistent with the document. However, executing HChaCha_OperateKeystream using the ChaCha values from the initial XChaCha20 setup does not produce an XChaCha key consistent with the final result. Could someone please clarify the input to HChaCha_OperateKeystream in the Crypto++ implementation as using the ChaCha key and block counter with 64-bit nonce as the 128-bit input does not produce the same values as the XChaCha20 key? Thank you.
Could someone please clarify if the XChaCha key derivation function in Crypto++ is consistent with the functionality outlined in “XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305 draft-irtf-cfrg-xchacha-03”? Implementing just the HChaCha_OperateKeystream function using the test vectors outlined in the document produces results consistent with the document. However, executing HChaCha_OperateKeystream using the ChaCha values from the initial XChaCha20 setup does not produce an XChaCha key consistent with the final result. Could someone please clarify the input to HChaCha_OperateKeystream in the Crypto++ implementation as using the ChaCha key and block counter with 64-bit nonce as the 128-bit input does not produce the same values as the XChaCha20 key? Thank you.