Involved Source Files
Package chacha20 implements the ChaCha20 and XChaCha20 encryption algorithms
as specified in RFC 8439 and draft-irtf-cfrg-xchacha-01.
chacha_noasm.goxor.go
Package-Level Type Names (only one, which is exported)
/* sort exporteds by: | */
Cipher is a stateful instance of ChaCha20 or XChaCha20 using a particular key
and nonce. A *Cipher implements the cipher.Stream interface.
The last len bytes of buf are leftover key stream bytes from the previous
XORKeyStream invocation. The size of buf depends on how many blocks are
computed at a time by xorKeyStreamBlocks.
counteruint32
The ChaCha20 state is 16 words: 4 constant, 8 of key, 1 of counter
(incremented after each block), and 3 of nonce.
lenintnonce[3]uint32
overflow is set when the counter overflowed, no more blocks can be
generated, and the next XORKeyStream call should panic.
p1uint32p10uint32p11uint32p13uint32p14uint32p15uint32p2uint32p3uint32p5uint32p6uint32p7uint32p9uint32
The counter-independent results of the first round are cached after they
are computed the first time.
SetCounter sets the Cipher counter. The next invocation of XORKeyStream will
behave as if (64 * counter) bytes had been encrypted so far.
To prevent accidental counter reuse, SetCounter panics if counter is less
than the current value.
Note that the execution time of XORKeyStream is not independent of the
counter value.
XORKeyStream XORs each byte in the given slice with a byte from the
cipher's key stream. Dst and src must overlap entirely or not at all.
If len(dst) < len(src), XORKeyStream will panic. It is acceptable
to pass a dst bigger than src, and in that case, XORKeyStream will
only update dst[:len(src)] and will not touch the rest of dst.
Multiple calls to XORKeyStream behave as if the concatenation of
the src buffers was passed in a single run. That is, Cipher
maintains state and does not reset at each XORKeyStream call.
(*T) xorKeyStreamBlocks(dst, src []byte)(*T) xorKeyStreamBlocksGeneric(dst, src []byte)
*T : crypto/cipher.Stream
func NewUnauthenticatedCipher(key, nonce []byte) (*Cipher, error)
func newUnauthenticatedCipher(c *Cipher, key, nonce []byte) (*Cipher, error)
func newUnauthenticatedCipher(c *Cipher, key, nonce []byte) (*Cipher, error)
Package-Level Functions (total 6, in which 2 are exported)
HChaCha20 uses the ChaCha20 core to generate a derived key from a 32 bytes
key and a 16 bytes nonce. It returns an error if key or nonce have any other
length. It is used as part of the XChaCha20 construction.
NewUnauthenticatedCipher creates a new ChaCha20 stream cipher with the given
32 bytes key and a 12 or 24 bytes nonce. If a nonce of 24 bytes is provided,
the XChaCha20 construction will be used. It returns an error if key or nonce
have any other length.
Note that ChaCha20, like all stream ciphers, is not authenticated and allows
attackers to silently tamper with the plaintext. For this reason, it is more
appropriate as a building block than as a standalone encryption mechanism.
Instead, consider using package golang.org/x/crypto/chacha20poly1305.
addXor reads a little endian uint32 from src, XORs it with (a + b) and
places the result in little endian byte order in dst.
quarterRound is the core of ChaCha20. It shuffles the bits of 4 state words.
It's executed 4 times for each of the 20 ChaCha20 rounds, operating on all 16
words each round, in columnar or diagonal groups of 4 at a time.
Package-Level Constants (total 10, in which 3 are exported)
KeySize is the size of the key used by this cipher, in bytes.
NonceSize is the size of the nonce used with the standard variant of this
cipher, in bytes.
Note that this is too short to be safely generated at random if the same
key is reused more than 2³² times.
NonceSizeX is the size of the nonce used with the XChaCha20 variant of
this cipher, in bytes.
Platforms that have fast unaligned 32-bit little endian accesses.
The pages are generated with Goldsv0.3.2. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds.