crypto::salsa +linux +x86_64

crypto::salsa provides an implementation of the Salsa20 and XSalsa20 stream ciphers, per "Salsa20 specification" by Daniel J. Bernstein.

Use salsa20 to create a stream and either xsalsa20_init or salsa20_init to set handle, key and nonce of the appropriate size, NONCESIZE for salsa20 or XNONCESIZE for XSalsa20. After calling the appropriate init function, io::write may be used to encrypt blocks to the handle or io::read to decrypt blocks from the handle. The stream must be closed with io::close to wipe sensitive data from memory.

Writing blocks of length BLOCKSIZE is not required. However, seeking the key stream with setctr only operates in units of BLOCKSIZE.

This is a low-level module which implements cryptographic primitives. Direct use of cryptographic primitives is not recommended for non-experts, as incorrect use of these primitives can easily lead to the introduction of security vulnerabilities. Non-experts are advised to use the high-level operations available in the top-level crypto module.

Be advised that Hare's cryptography implementations have not been audited.



// Undocumented types:
type stream;


const BLOCKSIZE: size;
const KEYSIZE: size;
const NONCESIZE: size;
const XNONCESIZE: size;


fn salsa20() stream;
fn salsa20_init(*stream, io::handle, *[KEYSIZE]u8, *[NONCESIZE]u8) void;
fn setctr(*stream, u64) void;
fn xsalsa20_init(*stream, io::handle, *[KEYSIZE]u8, *[XNONCESIZE]u8) void;


type stream[link]

Show undocumented member
type stream = struct {
	state: [16]u32,
	xorbuf: [BLOCKSIZE]u8,
	xorused: size,
	rounds: size,


def BLOCKSIZE[link]

def BLOCKSIZE: size;

The block size of the Salsa cipher.

def KEYSIZE[link]

def KEYSIZE: size;

Size of a Salsa key, in bytes.

def NONCESIZE[link]

def NONCESIZE: size;

Size of the Salsa20 nonce, in bytes.

def XNONCESIZE[link]

def XNONCESIZE: size;

Size of the XSalsa20 nonce, in bytes.


fn salsa20[link]

fn salsa20() stream;

Create a Salsa20 or XSalsa20 stream. Must be initialized with either salsa20_init or xsalsa20_init, and must be closed with io::close after use to wipe sensitive data from memory.

fn salsa20_init[link]

fn salsa20_init(
	s: *stream,
	h: io::handle,
	key: *[KEYSIZE]u8,
	nonce: *[NONCESIZE]u8,
) void;

Initialize a Salsa20 stream.

fn setctr[link]

fn setctr(s: *stream, counter: u64) void;

Advances the key stream to "seek" to a future state by 'counter' times BLOCKSIZE.

fn xsalsa20_init[link]

fn xsalsa20_init(
	s: *stream,
	h: io::handle,
	key: *[KEYSIZE]u8,
	nonce: *[XNONCESIZE]u8,
) void;

Initialize an XSalsa20 stream. XSalsa20 differs from Salsa20 via the use of a larger nonce parameter.