What is crypto_*_ABYTES?

[etkaar]

Is the constant crypto_*_ABYTES (such as crypto_aead_xchacha20poly1305_ietf_ABYTES) the header size, thus the ciphertext size is size_bytes_ciphertext = len(bytes_plain_text) + *_ABYTES?

[jedisct1]

Hi,

The documentation seems to explain it:

unsigned char ciphertext[MESSAGE_LEN + crypto_aead_xchacha20poly1305_ietf_ABYTES];

At most mlen + crypto_aead_xchacha20poly1305_ietf_ABYTES bytes are put into c.
...
At most clen - crypto_aead_xchacha20poly1305_ietf_ABYTES bytes will be put into m.
...
It also computes a tag that authenticates the ciphertext as well as optional, additional data ad of length adlen. This tag is put into mac, and its length is crypto_aead_xchacha20poly1305_ietf_ABYTES bytes.

So, this is the different in size between the message and the ciphertext.

[rzabarazesh]

I'm a bit confused about the wording here:

At most mlen + crypto_aead_xchacha20poly1305_ietf_ABYTES bytes are put into c.

Does this mean clen is mlen when adlen=0? and clen + mlen + ABYTES if adlen>0?
Or could clen be anything between mlen and mlen + ABYTES?

[jedisct1]

adlen is unrelated.

The construction does authenticated encryption. The ciphertext will always be longer than the plaintext in order to add the data required for authentication. Not that one, but some constructions also require information related to padding.

So, ABYTES is how bigger the ciphertext can be compared to the plaintext.