Crate salsa20

source ·
Expand description

Implementation of the Salsa family of stream ciphers.

Cipher functionality is accessed using traits from re-exported cipher crate.

§⚠️ Security Warning: Hazmat!

This crate does not ensure ciphertexts are authentic! Thus ciphertext integrity is not verified, which can lead to serious vulnerabilities!

USE AT YOUR OWN RISK!

§Diagram

This diagram illustrates the Salsa quarter round function. Each round consists of four quarter-rounds:

Legend:

  • ⊞ add
  • ‹‹‹ rotate
  • ⊕ xor

§Example

use salsa20::Salsa20;
// Import relevant traits
use salsa20::cipher::{KeyIvInit, StreamCipher, StreamCipherSeek};
use hex_literal::hex;

let key = [0x42; 32];
let nonce = [0x24; 8];
let plaintext = hex!("00010203 04050607 08090A0B 0C0D0E0F");
let ciphertext = hex!("85843cc5 d58cce7b 5dd3dd04 fa005ded");

// Key and IV must be references to the `GenericArray` type.
// Here we use the `Into` trait to convert arrays into it.
let mut cipher = Salsa20::new(&key.into(), &nonce.into());

let mut buffer = plaintext.clone();

// apply keystream (encrypt)
cipher.apply_keystream(&mut buffer);
assert_eq!(buffer, ciphertext);

let ciphertext = buffer.clone();

// Salsa ciphers support seeking
cipher.seek(0u32);

// decrypt ciphertext by applying keystream again
cipher.apply_keystream(&mut buffer);
assert_eq!(buffer, plaintext);

// stream ciphers can be used with streaming messages
cipher.seek(0u32);
for chunk in buffer.chunks_mut(3) {
    cipher.apply_keystream(chunk);
}
assert_eq!(buffer, ciphertext);

Re-exports§

Structs§

Functions§

  • The HSalsa20 function defined in the paper “Extending the Salsa20 nonce”

Type Aliases§

  • Key type used by all Salsa variants and XSalsa20.
  • Nonce type used by all Salsa variants.
  • Salsa20/8 stream cipher (reduced-round variant of Salsa20 with 8 rounds, not recommended)
  • Salsa20/12 stream cipher (reduced-round variant of Salsa20 with 12 rounds, not recommended)
  • Salsa20/20 stream cipher (20 rounds; recommended)
  • Nonce type used by XSalsa20.
  • XSalsa8 stream cipher (reduced-round variant of XSalsa20 with 8 rounds)
  • XSalsa12 stream cipher (reduced-round variant of XSalsa20 with 12 rounds)
  • XSalsa20 is a Salsa20 variant with an extended 192-bit (24-byte) nonce.