WordPress at a glance
function is not described

ParagonIE_Sodium_Compat::crypto_stream_xor() public WP 1.0


Unless you are following expert advice, do not used this feature.

Algorithm: XSalsa20

This DOES NOT provide ciphertext integrity.

{} It's a method of the class: ParagonIE_Sodium_Compat{}

No Hooks.


String. Encrypted text which is vulnerable to chosen- ciphertext attacks unless you implement some other mitigation to the ciphertext (i.e. Encrypt then MAC)


$result = ParagonIE_Sodium_Compat::crypto_stream_xor( $message, $nonce, $key );
$message(string) (required)
Plaintext message
$nonce(string) (required)
Number to be used Once; must be 24 bytes
$key(string) (required)
Encryption key

Code of ParagonIE_Sodium_Compat::crypto_stream_xor() WP 5.7

public static function crypto_stream_xor($message, $nonce, $key)
    /* Type checks: */
    ParagonIE_Sodium_Core_Util::declareScalarType($message, 'string', 1);
    ParagonIE_Sodium_Core_Util::declareScalarType($nonce, 'string', 2);
    ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 3);

    /* Input validation: */
    if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_STREAM_NONCEBYTES) {
        throw new SodiumException('Argument 2 must be CRYPTO_SECRETBOX_NONCEBYTES long.');
    if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_STREAM_KEYBYTES) {
        throw new SodiumException('Argument 3 must be CRYPTO_SECRETBOX_KEYBYTES long.');

    if (self::useNewSodiumAPI()) {
        return sodium_crypto_stream_xor($message, $nonce, $key);
    if (self::use_fallback('crypto_stream_xor')) {
        return (string) call_user_func('\\Sodium\\crypto_stream_xor', $message, $nonce, $key);
    if (PHP_INT_SIZE === 4) {
        return ParagonIE_Sodium_Core32_XSalsa20::xsalsa20_xor($message, $nonce, $key);
    return ParagonIE_Sodium_Core_XSalsa20::xsalsa20_xor($message, $nonce, $key);