crypto::chachapoly — Hare documentation

crypto::chachapoly+x86_64 +linux

This module provides Chacha20-Poly1305 and XChacha20-Poly1305 stream implementations as described in RFC 8439.

A stream is created with chachapoly. init initializes a stream as a Chacha20-Poly1305 one where xinit will initialize it as a XChacha20-Poly1305 stream. After initializiation data can be encrypted by writing to or decrypted by reading from the stream. The user must call seal when encryption is done to create the authentication tag and verify in case of decryption to check if the dercypted data is valid. If the data is invalid it must not be processed further.

This is a low-level module which implements cryptographic primitives. Direct use of cryptographic primitives is not recommended for non-experts, as incorrect use of these primitives can easily lead to the introduction of security vulnerabilities. Non-experts are advised to use the high-level operations available in the top-level crypto:: module.

Be advised that Hare's cryptography implementations have not been audited.

Index

Types

// Undocumented types:
type stream = struct {
	stream: io::stream,
	h: io::teestream,
	c: chacha::stream,
	p: poly1305::state,
	adsz: size,
	msgsz: size,
};

Constants

def KEYSZ: size = chacha::KEYSZ;
def NONCESZ: size = chacha::NONCESZ;
def TAGSZ: size = poly1305::SZ;
def XNONCESZ: size = chacha::XNONCESZ;

Functions

fn chachapoly() stream;
fn init(s: *stream, h: io::handle, key: const []u8, nonce: const []u8, ad: const []u8...) void;
fn seal(s: *stream, tag: []u8) void;
fn verify(s: *stream, tag: []u8) (void | errors::invalid);
fn xinit(s: *stream, h: io::handle, key: const []u8, nonce: const []u8, ad: const []u8...) void;

Types

type stream[link]

Show undocumented member

type stream = struct {
	stream: io::stream,
	h: io::teestream,
	c: chacha::stream,
	p: poly1305::state,
	adsz: size,
	msgsz: size,
};

Constants

def KEYSZ[link]

def KEYSZ: size = chacha::KEYSZ;

Key size

def NONCESZ[link]

def NONCESZ: size = chacha::NONCESZ;

Nonce size as required by init.

def TAGSZ[link]

def TAGSZ: size = poly1305::SZ;

Tag size

def XNONCESZ[link]

def XNONCESZ: size = chacha::XNONCESZ;

Nonce size as required by xinit.

Functions

fn chachapoly[link]

fn chachapoly() stream;

Create a stream that must be initialised by init or xinit. The user must call io::close when they are done using the stream to securly erase secret information stored in the stream state.

fn init[link]

fn init(s: *stream, h: io::handle, key: const []u8, nonce: const []u8, ad: const []u8...) void;

Initialises the stream as Chacha20-Poly1305. Encrypts to or decrypts from 'h'. 'nonce' must be a random value that will only be used once. Additional data can be passed as 'ad'.

fn seal[link]

fn seal(s: *stream, tag: []u8) void;

Finishes encryption and writes the authentication code to 'tag'. After calling seal, the user must not write any more data to the stream.

fn verify[link]

fn verify(s: *stream, tag: []u8) (void | errors::invalid);

Verifies the authentication tag against the decrypted data. Must be called after reading all data from the stream to ensure that the data was not modified. If the data was modified, errors::invalid will be returned and the data must not be trusted.

fn xinit[link]

fn xinit(s: *stream, h: io::handle, key: const []u8, nonce: const []u8, ad: const []u8...) void;

Initialise the stream as XChacha20-Poly1305. Encrypts to or decrypts from 'h'. 'nonce' must be a random value that will only be used once. Additional data can be passed as 'ad'.