Module chacha20

Expand description

ChaCha20 stream cipher (RFC 8439).

This is the IETF / TLS 1.3 variant of ChaCha20: 256-bit key, 96-bit nonce, 32-bit block counter, 64-byte block size, 20 rounds.

It is the second AEAD primitive shipped by arcana alongside AES-GCM. Used by TLS 1.3, Noise, Signal, WireGuard, QUIC, OpenSSH, and most modern protocols that prefer a constant- time stream cipher with no S-box dependencies (no cache-timing surface, in contrast to table-based AES).

§Layout

state (4x4 u32 little-endian):

  constants  constants  constants  constants    "expand 32-byte k"
  key        key        key        key
  key        key        key        key
  counter    nonce      nonce      nonce

Each 64-byte block is computed as serialize(rounds(state) + state). Successive blocks increment counter.

§API

use arcana::cipher::chacha20::ChaCha20;

let mut cipher = ChaCha20::new(&key, &nonce, 1); // initial counter = 1
let mut buf = b"plaintext".to_vec();
cipher.apply_keystream(&mut buf);  // encrypt or decrypt

Stream ciphers are symmetric: apply_keystream does both encryption and decryption since the keystream is XOR’d with whatever is passed in.

§Tests

Pinned against RFC 8439 §2.3.2 (block test vector) and §2.4.2 (encryption test vector).

Structs§

ChaCha20: ChaCha20 stream cipher state (RFC 8439).

Module chacha20

Module chacha20 Copy item path

§Layout

§API

§Tests

Structs§

Module chacha20