Search results

There are no results.

std.crypto.chacha.hchacha20

Show source code
Hide source code
fn pub hchacha20(key: ref ByteArray, nonce: ref ByteArray) -> ByteArray {
  if key.size != KEY_SIZE {
    panic('HChaCha20 key sizes must be exactly ${KEY_SIZE} bytes')
  }

  if nonce.size != HCHACHA_NONCE_SIZE {
    panic('HChaCha20 nonce sizes must be exactly ${HCHACHA_NONCE_SIZE} bytes')
  }

  let out = ByteArray.filled(with: 0, times: 32)
  let matrix = Matrix(
    [
      0x61707865,
      0x3320646E,
      0x79622D32,
      0x6B206574,
      little.read_u32(from: key, at: 0),
      little.read_u32(from: key, at: 4),
      little.read_u32(from: key, at: 8),
      little.read_u32(from: key, at: 12),
      little.read_u32(from: key, at: 16),
      little.read_u32(from: key, at: 20),
      little.read_u32(from: key, at: 24),
      little.read_u32(from: key, at: 28),
      little.read_u32(from: nonce, at: 0),
      little.read_u32(from: nonce, at: 4),
      little.read_u32(from: nonce, at: 8),
      little.read_u32(from: nonce, at: 12),
    ],
  )

  matrix.perform_rounds
  little.write_u32(matrix.words.get(0), into: out, at: 0)
  little.write_u32(matrix.words.get(1), into: out, at: 4)
  little.write_u32(matrix.words.get(2), into: out, at: 8)
  little.write_u32(matrix.words.get(3), into: out, at: 12)
  little.write_u32(matrix.words.get(12), into: out, at: 16)
  little.write_u32(matrix.words.get(13), into: out, at: 20)
  little.write_u32(matrix.words.get(14), into: out, at: 24)
  little.write_u32(matrix.words.get(15), into: out, at: 28)
  out
}
fn pub static hchacha20(key: ref ByteArray, nonce: ref ByteArray) -> ByteArray

Derives a sub-key from a secret key and nonce, using the HChaCha20 algorithm.

HChaCha20 is a hasher used as part of XChaCha20, and may be used for other similar purposes such as X25519 key derivation. It's not a general-purpose cryptographic hasher, and direct use is best avoided unless you're certain you must use the HChaCha20 hasher.

The API is different from traditional cryptographic hashers, as HChaCha20 isn't meant to hash arbitrary input.

The return value is a ByteArray containing the 256-bit derived sub-key.

Panics

This method panics if key isn't exactly 32 bytes, or if nonce isn't exactly 16 bytes.