crypto::chacha +linux +x86_64

crypto::chacha provides an implementation of the Chacha20 and XChacha20 stream ciphers.

Use chacha20 to create a crypto::cipher::xorstream and either chacha20_init or xchacha20_init to set the handle, key and nonce of the appropriate size, NONCESIZE for chacha20 or XNONCESIZE for XChacha20. After calling the appropriate init function, io::write may be used to encrypt blocks to the handle or io::read to decrypt blocks from the handle. The stream must be closed with io::close to wipe sensitive data from memory.

Writing blocks of length BLOCKSIZE is not required. However, seeking the key stream with setctr only operates in units of BLOCKSIZE.

This is a low-level module which implements cryptographic primitives. Direct use of cryptographic primitives is not recommended for non-experts, as incorrect use of these primitives can easily lead to the introduction of security vulnerabilities. Non-experts are advised to use the high-level operations available in the top-level crypto module.

Be advised that Hare's cryptography implementations have not been audited.



type stream;


const BLOCKSIZE: size;
const KEYSIZE: size;
const NONCESIZE: size;
const XNONCESIZE: size;


fn chacha20() stream;
fn chacha20_init(*stream, io::handle, *[KEYSIZE]u8, *[NONCESIZE]u8) void;
fn hchacha20(*[32]u8, *[32]u8, *[16]u8) void;
fn setctr(*stream, u32) void;
fn xchacha20_init(*stream, io::handle, *[KEYSIZE]u8, *[XNONCESIZE]u8) void;


type stream[link]

type stream = struct {
	state: [16]u32,
	xorbuf: [BLOCKSIZE]u8,
	xorused: size,
	rounds: size,

A ChaCha20 or XChaCha20 crypto::cipher::xorstream depending on intialisation.


def BLOCKSIZE[link]

def BLOCKSIZE: size;

The block size of the Chacha cipher in bytes.

def KEYSIZE[link]

def KEYSIZE: size;

Size of a Chacha key, in bytes.

def NONCESIZE[link]

def NONCESIZE: size;

Size of the Chacha20 nonce, in bytes.

def XNONCESIZE[link]

def XNONCESIZE: size;

Size of the XChacha20 nonce, in bytes.


fn chacha20[link]

fn chacha20() stream;

Creates a ChaCha20 or XChaCha20 stream cipher. Must be initialized with chacha20_init or xchacha20_init prior to use, and must be closed with io::close after use to wipe sensitive data from memory.

fn chacha20_init[link]

fn chacha20_init(
	s: *stream,
	h: io::handle,
	key: *[KEYSIZE]u8,
	nonce: *[NONCESIZE]u8,
) void;

Initialize a Chacha20 stream.

fn hchacha20[link]

fn hchacha20(out: *[32]u8, key: *[32]u8, nonce: *[16]u8) void;

Derives a new key from 'key' and 'nonce' as used during XChaCha20 initialization. This function may only be used for specific purposes such as X25519 key derivation. Do not use if in doubt.

fn setctr[link]

fn setctr(s: *stream, counter: u32) void;

Advances the key stream to "seek" to a future state by 'counter' times BLOCKSIZE.

fn xchacha20_init[link]

fn xchacha20_init(
	s: *stream,
	h: io::handle,
	key: *[KEYSIZE]u8,
	nonce: *[XNONCESIZE]u8,
) void;

Initialise a XChacha20 stream.