Struct chacha20::XChaCha20

pub struct XChaCha20(_);

XChaCha20 is a ChaCha20 variant with an extended 192-bit (24-byte) nonce.

The construction is an adaptation of the same techniques used by XSalsa20 as described in the paper “Extending the Salsa20 Nonce”, applied to the 96-bit nonce variant of ChaCha20, and derive a separate subkey/nonce for each extended nonce:

https://cr.yp.to/snuffle/xsalsa-20081128.pdf

No authoritative specification exists for XChaCha20, however the construction has “rough consensus and running code” in the form of several interoperable libraries and protocols (e.g. libsodium, WireGuard) and is documented in an (expired) IETF draft:

https://tools.ietf.org/html/draft-arciszewski-xchacha-03

The xchacha20 Cargo feature must be enabled in order to use this (which it is by default).

Trait Implementations

impl NewStreamCipher for XChaCha20

type KeySize = U32

Key size in bytes

type NonceSize = U24

Nonce size in bytes

fn new(key: &Key, nonce: &XNonce) -> Self

Create new stream cipher instance from variable length key and nonce.

pub fn new_var(key: &[u8], nonce: &[u8]) -> Result<Self, InvalidKeyNonceLength>

Create new stream cipher instance from variable length key and nonce.

impl SyncStreamCipher for XChaCha20

fn try_apply_keystream(&mut self, data: &mut [u8]) -> Result<(), LoopError>

Apply keystream to the data, but return an error if end of a keystream will be reached.

pub fn apply_keystream(&mut self, data: &mut [u8])

Apply keystream to the data.

impl SyncStreamCipherSeek for XChaCha20

fn try_current_pos<T: SeekNum>(&self) -> Result<T, OverflowError>

Try to get current keystream position

fn try_seek<T: SeekNum>(&mut self, pos: T) -> Result<(), LoopError>

Try to seek to the given position

pub fn current_pos<T>(&self) -> T where
    T: SeekNum, 

Get current keystream position

pub fn seek<T>(&mut self, pos: T) where
    T: SeekNum, 

Seek to the given position