Skip to main content

Crate salsa20

Crate salsa20 

Source
Expand description

§RustCrypto: Salsa20 Stream Cipher

Crate Docs Build Status Apache2/MIT licensed Rust Version Project Chat HAZMAT

Implementation of the Salsa family of stream ciphers, including the XSalsa variants with an extended 192-bit (24-byte) nonce.

§⚠️ Security Warning: Hazmat!

This crate does not ensure ciphertexts are authentic (i.e. by using a MAC to verify ciphertext integrity), which can lead to serious vulnerabilities if used incorrectly!

No security audits of this crate have ever been performed, and it has not been thoroughly assessed to ensure its operation is constant-time on common CPU architectures.

USE AT YOUR OWN RISK!

§Examples

use salsa20::Salsa20;
use salsa20::cipher::{KeyIvInit, StreamCipher, StreamCipherSeek};
use hex_literal::hex;

let key = [0x42; 32];
let nonce = [0x24; 8];
let plaintext = hex!("000102030405060708090A0B0C0D0E0F");
let ciphertext = hex!("85843cc5d58cce7b5dd3dd04fa005ded");

// Key and IV must be references to the `Array` type.
// Here we use the `Into` trait to convert arrays into it.
let mut cipher = Salsa20::new(&key.into(), &nonce.into());

let mut buffer = plaintext;

// apply keystream (encrypt)
cipher.apply_keystream(&mut buffer);
assert_eq!(buffer, ciphertext);

let ciphertext = buffer;

// Salsa ciphers support seeking
cipher.seek(0u32);

// decrypt ciphertext by applying keystream again
cipher.apply_keystream(&mut buffer);
assert_eq!(buffer, plaintext);

// stream ciphers can be used with streaming messages
cipher.seek(0u32);
for chunk in buffer.chunks_mut(3) {
    cipher.apply_keystream(chunk);
}
assert_eq!(buffer, ciphertext);

§License

Licensed under either of:

at your option.

§Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Re-exports§

pub use cipher;

Structs§

SalsaCore
The Salsa20 core function.
XSalsaCore
The XSalsa core function.

Functions§

hsalsa
The HSalsa20 function defined in the paper “Extending the Salsa20 nonce”

Type Aliases§

Key
Key type used by all Salsa variants and XSalsa20.
Nonce
Nonce type used by all Salsa variants.
Salsa8
Salsa20/8 stream cipher (reduced-round variant of Salsa20 with 8 rounds, not recommended)
Salsa12
Salsa20/12 stream cipher (reduced-round variant of Salsa20 with 12 rounds, not recommended)
Salsa20
Salsa20/20 stream cipher (20 rounds; recommended)
XNonce
Nonce type used by XSalsa20.
XSalsa8
XSalsa8 stream cipher (reduced-round variant of XSalsa20 with 8 rounds)
XSalsa12
XSalsa12 stream cipher (reduced-round variant of XSalsa20 with 12 rounds)
XSalsa20
XSalsa20 is a Salsa20 variant with an extended 192-bit (24-byte) nonce.