gohpenc is incompatible with hpenc and much simpler:
-* it uses only ChaCha20-Poly1305 algorithm
+* it uses only XChaCha20-Poly1305 algorithm
* no random data generation mode
* no metadata in output stream and no structure validation. Only blocks
authentication
-* simpler key derivation -- new key for each block
+* no key derivation -- new key for each block
But it still satisfies most of hpenc aims:
How encryption/authentication is performed:
-* First 32 bytes of the stream contain random data -- salt
-* BLAKE2X is initialized: unknown length, PSK key as a MAC key. It
- creates XOF that will be used as a KDF
-* Salt is fed into that XOF
-* All data is processed block by block
-* New key is derived for each block by reading it from the XOF
-* ChaCha20-Poly1305 algorithm is initialized with that key
+* First 16 bytes of the stream contain random data -- nonce salt
+* XChaCha20-Poly1305 algorithm is initialized with the key and 24-byte
+ nonce, where 16 bytes is the salt, and 8 bytes is 64-bit unsigned
+ big-endian block number
* 32-bit big-endian value with the length of the block is outputted,
then an encrypted and authenticated block goes further, with
authenticated data containing that 32-bit length value