crypto::chacha provides an implementation of the Chacha20 and XChacha20 stream ciphers.

Use chacha20 to create a crypto::cipher::xorstream and either chacha20_init or xchacha20_init to set the handle, key and nonce of the appropriate size, NONCESIZE for chacha20 or XNONCESIZE for XChacha20. After calling the appropriate init function, io::write may be used to encrypt blocks to the handle or io::read to decrypt blocks from the handle. The stream must be closed with io::close to wipe sensitive data from memory.

Writing blocks of length BLOCKSIZE is not required. However, seeking the key stream with setctr only operates in units of BLOCKSIZE.

This is a low-level module which implements cryptographic primitives. Direct use of cryptographic primitives is not recommended for non-experts, as incorrect use of these primitives can easily lead to the introduction of security vulnerabilities. Non-experts are advised to use the high-level operations available in the top-level crypto module.

Be advised that Hare's cryptography implementations have not been audited.

type stream;

const BLOCKSIZE: size;
const KEYSIZE: size;
const NONCESIZE: size;
const XNONCESIZE: size;

fn chacha20() stream;
fn chacha20_init(*stream, io::handle, []u8, []u8) void;
fn hchacha20([]u8, []u8, []u8) void;
fn setctr(*stream, u32) void;
fn xchacha20_init(*stream, io::handle, []u8, []u8) void;

type stream = struct {
	cipher::xorstream,
	state: [16]u32,
	xorbuf: [BLOCKSIZE]u8,
	xorused: size,
	rounds: size,
};

def BLOCKSIZE: size;

def KEYSIZE: size;

def NONCESIZE: size;

def XNONCESIZE: size;

fn chacha20() stream;

fn chacha20_init(s: *stream, h: io::handle, key: []u8, nonce: []u8) void;

fn hchacha20(out: []u8, key: []u8, nonce: []u8) void;

fn setctr(s: *stream, counter: u32) void;

fn xchacha20_init(s: *stream, h: io::handle, key: []u8, nonce: []u8) void;