crypto::salsa — Hare documentation

crypto::salsa+x86_64 +linux

crypto::salsa provides an implementation of the Salsa20 and XSalsa20 stream ciphers, per "Salsa20 specification" by Daniel J. Bernstein.

Use salsa20 to create a stream and either xsalsa20_init or salsa20_init to set handle, key and nonce of the appropriate size, NONCESZ for salsa20 or XNONCESZ for XSalsa20. After calling the appropriate init function, io::write may be used to encrypt blocks to the handle or io::read to decrypt blocks from the handle. The stream must be closed with io::close to wipe sensitive data from memory.

Writing blocks of length BLOCKSZ is not required. However, seeking the key stream with setctr only operates in units of BLOCKSZ.

This is a low-level module which implements cryptographic primitives. Direct use of cryptographic primitives is not recommended for non-experts, as incorrect use of these primitives can easily lead to the introduction of security vulnerabilities. Non-experts are advised to use the high-level operations available in the top-level crypto:: module.

Be advised that Hare's cryptography implementations have not been audited.

Index

Types

// Undocumented types:
type stream = struct {
	cipher::xorstream,
	state: [16]u32,
	xorbuf: [BLOCKSZ]u8,
	xorused: size,
	rounds: size,
};

Constants

def BLOCKSZ: size = 64;
def KEYSZ: size = 32;
def NONCESZ: size = 8;
def XNONCESZ: size = 24;

Functions

fn hsalsa20(out: []u8, key: []u8, nonce: []u8) void;
fn salsa20() stream;
fn salsa20_init(s: *stream, h: io::handle, key: []u8, nonce: []u8) void;
fn setctr(s: *stream, counter: u64) void;
fn xsalsa20_init(s: *stream, h: io::handle, key: []u8, nonce: []u8) void;

Types

type stream[link]

Show undocumented member

type stream = struct {
	cipher::xorstream,
	state: [16]u32,
	xorbuf: [BLOCKSZ]u8,
	xorused: size,
	rounds: size,
};

Constants

def BLOCKSZ[link]

def BLOCKSZ: size = 64;

The block size of the Salsa cipher.

def KEYSZ[link]

def KEYSZ: size = 32;

Size of a Salsa key, in bytes.

def NONCESZ[link]

def NONCESZ: size = 8;

Size of the Salsa20 nonce, in bytes.

def XNONCESZ[link]

def XNONCESZ: size = 24;

Size of the XSalsa20 nonce, in bytes.

Functions

fn hsalsa20[link]

fn hsalsa20(out: []u8, key: []u8, nonce: []u8) void;

Derives a new key from 'key' and 'nonce' as used during XSalsa20 initialization. This function may only be used for specific purposes such as X25519 key derivation. Do not use if in doubt.

fn salsa20[link]

fn salsa20() stream;

Create a Salsa20 or XSalsa20 stream. Must be initialized with either salsa20_init or xsalsa20_init, and must be closed with io::close after use to wipe sensitive data from memory.

fn salsa20_init[link]

fn salsa20_init(s: *stream, h: io::handle, key: []u8, nonce: []u8) void;

Initialize a Salsa20 stream.

fn setctr[link]

fn setctr(s: *stream, counter: u64) void;

Advances the key stream to "seek" to a future state by 'counter' times BLOCKSZ.

fn xsalsa20_init[link]

fn xsalsa20_init(s: *stream, h: io::handle, key: []u8, nonce: []u8) void;

Initialize an XSalsa20 stream. XSalsa20 differs from Salsa20 via the use of a larger nonce parameter.