package chacha

import "git.sr.ht/~pingoo/stdx/crypto/chacha"

Package chacha implements some low-level functions of the ChaCha cipher family.

Index ¶

• Constants
• Variables
• func HChaCha20(key, nonce []byte) ([]byte, error)
• type Cipher
• func NewCipher(nonce, key []byte, rounds int) (*Cipher, error)
• func (c *Cipher) SetCounter(ctr uint32)
• func (c *Cipher) SetCounterUint64(ctr uint64)
• func (c *Cipher) XORKeyStream(dst, src []byte)
• Bugs

Constants ¶

const (
	// NonceSize is the size of the ChaCha20 nonce in bytes.
	NonceSize = 8

	// INonceSize is the size of the IETF-ChaCha20 nonce in bytes.
	INonceSize = 12

	// XNonceSize is the size of the XChaCha20 nonce in bytes.
	XNonceSize = 24

	// KeySize is the size of the key in bytes.
	KeySize = 32
)

const (
	HChaCha20KeySize   = 32
	HChaCha20NonceSize = 16
)

Variables ¶

var (
	ErrKeySize               = errors.New("chacha20/chacha: bad key length")
	ErrInvalidNonce          = errors.New("chacha20/chacha: bad nonce length")
	ErrInvalidNumberOfRounds = errors.New("chacha: invalid number of rounds")
)

var (
	ErrBadHChaCha20KeySize   = errors.New("chacha: bad HChaCha20 key size")
	ErrBadHChaCha20NonceSize = errors.New("chacha: bad HChaCha20 nonce size")
)

Functions ¶

func HChaCha20 ¶

func HChaCha20(key, nonce []byte) ([]byte, error)

HChaCha20 generates 32 pseudo-random bytes from a 128 bit nonce and a 256 bit secret key. It can be used as a key-derivation-function (KDF).

Types ¶

type Cipher ¶

type Cipher struct {
	// contains filtered or unexported fields
}

Cipher implements ChaCha20/r (XChaCha20/r) for a given number of rounds r.

func NewCipher ¶

func NewCipher(nonce, key []byte, rounds int) (*Cipher, error)

NewCipher returns a new *chacha.Cipher implementing the ChaCha20/r or XChaCha20/r (r = 8, 12 or 20) stream cipher. The nonce must be unique for one key for all time. The length of the nonce determinds the version of ChaCha20: - NonceSize: ChaCha20/r with a 64 bit nonce and a 2^64 * 64 byte period. - INonceSize: ChaCha20/r as defined in RFC 7539 and a 2^32 * 64 byte period. - XNonceSize: XChaCha20/r with a 192 bit nonce and a 2^64 * 64 byte period. If the nonce is neither 64, 96 nor 192 bits long, a non-nil error is returned.

func (*Cipher) SetCounter ¶

func (c *Cipher) SetCounter(ctr uint32)

SetCounter skips ctr * 64 byte blocks. SetCounter(0) resets the cipher. This function always skips the unused keystream of the current 64 byte block. We use uint32 by default for compatibility reasons with /x/crypto/chacha20 See SetCounterUint64 if you have a specific need

func (*Cipher) SetCounterUint64 ¶

func (c *Cipher) SetCounterUint64(ctr uint64)

SetCounter skips ctr * 64 byte blocks. SetCounter(0) resets the cipher. This function always skips the unused keystream of the current 64 byte block.

func (*Cipher) XORKeyStream ¶

func (c *Cipher) XORKeyStream(dst, src []byte)

XORKeyStream crypts bytes from src to dst. Src and dst may be the same slice but otherwise should not overlap. If len(dst) < len(src) the function panics.

Bugs ¶

☞ A "good" compiler will remove this (optimizations) But using the provided key instead of tmpKey, will change the key (-> probably confuses users)

Source Files ¶

chacha.go chacha_amd64.go chacha_generic.go hchacha20.go hchacha20_amd64.go hchacha20_generic.go