crypto::salsa provides an implementation of the Salsa20 and XSalsa20 stream ciphers, per "Salsa20 specification" by Daniel J. Bernstein.

Use salsa20 to create a stream and either xsalsa20_init or salsa20_init to set handle, key and nonce of the appropriate size, NONCESIZE for salsa20 or XNONCESIZE for XSalsa20. After calling the appropriate init function, io::write may be used to encrypt blocks to the handle or io::read to decrypt blocks from the handle. The stream must be closed with io::close to wipe sensitive data from memory.

Writing blocks of length BLOCKSIZE is not required. However, seeking the key stream with setctr only operates in units of BLOCKSIZE.

This is a low-level module which implements cryptographic primitives. Direct use of cryptographic primitives is not recommended for non-experts, as incorrect use of these primitives can easily lead to the introduction of security vulnerabilities. Non-experts are advised to use the high-level operations available in the top-level crypto module.

Be advised that Hare's cryptography implementations have not been audited.

// Undocumented types:
type stream;

const BLOCKSIZE: size;
const KEYSIZE: size;
const NONCESIZE: size;
const XNONCESIZE: size;

fn salsa20() stream;
fn salsa20_init(*stream, io::handle, []u8, []u8) void;
fn setctr(*stream, u64) void;
fn xsalsa20_init(*stream, io::handle, []u8, []u8) void;

type stream = struct {
	cipher::xorstream,
	state: [16]u32,
	xorbuf: [BLOCKSIZE]u8,
	xorused: size,
	rounds: size,
};

def BLOCKSIZE: size;

def KEYSIZE: size;

def NONCESIZE: size;

def XNONCESIZE: size;

fn salsa20() stream;

fn salsa20_init(s: *stream, h: io::handle, key: []u8, nonce: []u8) void;

fn setctr(s: *stream, counter: u64) void;

fn xsalsa20_init(s: *stream, h: io::handle, key: []u8, nonce: []u8) void;