chacha20

Imports

Imports # 

"crypto/cipher"
"encoding/binary"
"errors"
"math/bits"
"golang.org/x/crypto/internal/alias"
"golang.org/x/sys/cpu"
"runtime"

Constants & Variables

KeySize const #

KeySize is the size of the key used by this cipher, in bytes.

const KeySize = 32

NonceSize const #

NonceSize is the size of the nonce used with the standard variant of this cipher, in bytes. Note that this is too short to be safely generated at random if the same key is reused more than 2³² times.

const NonceSize = 12

NonceSizeX const #

NonceSizeX is the size of the nonce used with the XChaCha20 variant of this cipher, in bytes.

const NonceSizeX = 24

_ var # 

var _ cipher.Stream = *ast.CallExpr

blockSize const # 

const blockSize = 64

bufSize const # 

const bufSize = blockSize

bufSize const # 

const bufSize = 256

bufSize const # 

const bufSize = 256

bufSize const # 

const bufSize = 256

haveAsm var # 

var haveAsm = cpu.S390X.HasVX

j0 const #

The constant first 4 words of the ChaCha20 state.

const j0 uint32 = 0x61707865

j1 const #

The constant first 4 words of the ChaCha20 state.

const j1 uint32 = 0x3320646e

j2 const #

The constant first 4 words of the ChaCha20 state.

const j2 uint32 = 0x79622d32

j3 const #

The constant first 4 words of the ChaCha20 state.

const j3 uint32 = 0x6b206574

unaligned const #

Platforms that have fast unaligned 32-bit little endian accesses.

const unaligned = *ast.BinaryExpr

Structs

Cipher struct #

Cipher is a stateful instance of ChaCha20 or XChaCha20 using a particular key and nonce. A *Cipher implements the cipher.Stream interface.

type Cipher struct {
key [8]uint32
counter uint32
nonce [3]uint32
buf [bufSize]byte
len int
overflow bool
precompDone bool
p1 uint32
p5 uint32
p9 uint32
p13 uint32
p2 uint32
p6 uint32
p10 uint32
p14 uint32
p3 uint32
p7 uint32
p11 uint32
p15 uint32
}

Functions

HChaCha20 function #

HChaCha20 uses the ChaCha20 core to generate a derived key from a 32 bytes key and a 16 bytes nonce. It returns an error if key or nonce have any other length. It is used as part of the XChaCha20 construction.

func HChaCha20(key []byte, nonce []byte) ([]byte, error)

NewUnauthenticatedCipher function #

NewUnauthenticatedCipher creates a new ChaCha20 stream cipher with the given 32 bytes key and a 12 or 24 bytes nonce. If a nonce of 24 bytes is provided, the XChaCha20 construction will be used. It returns an error if key or nonce have any other length. Note that ChaCha20, like all stream ciphers, is not authenticated and allows attackers to silently tamper with the plaintext. For this reason, it is more appropriate as a building block than as a standalone encryption mechanism. Instead, consider using package golang.org/x/crypto/chacha20poly1305.

func NewUnauthenticatedCipher(key []byte, nonce []byte) (*Cipher, error)

SetCounter method #

SetCounter sets the Cipher counter. The next invocation of XORKeyStream will behave as if (64 * counter) bytes had been encrypted so far. To prevent accidental counter reuse, SetCounter panics if counter is less than the current value. Note that the execution time of XORKeyStream is not independent of the counter value.

func (s *Cipher) SetCounter(counter uint32)

XORKeyStream method #

XORKeyStream XORs each byte in the given slice with a byte from the cipher's key stream. Dst and src must overlap entirely or not at all. If len(dst) < len(src), XORKeyStream will panic. It is acceptable to pass a dst bigger than src, and in that case, XORKeyStream will only update dst[:len(src)] and will not touch the rest of dst. Multiple calls to XORKeyStream behave as if the concatenation of the src buffers was passed in a single run. That is, Cipher maintains state and does not reset at each XORKeyStream call.

func (s *Cipher) XORKeyStream(dst []byte, src []byte)

addXor function #

addXor reads a little endian uint32 from src, XORs it with (a + b) and places the result in little endian byte order in dst.

func addXor(dst []byte, src []byte, a uint32, b uint32)

chaCha20_ctr32_vsx function #

go:noescape

func chaCha20_ctr32_vsx(out *byte, inp *byte, len int, key *[8]uint32, counter *uint32)

hChaCha20 function # 

func hChaCha20(out []byte, key []byte, nonce []byte) ([]byte, error)

newUnauthenticatedCipher function # 

func newUnauthenticatedCipher(c *Cipher, key []byte, nonce []byte) (*Cipher, error)

quarterRound function #

quarterRound is the core of ChaCha20. It shuffles the bits of 4 state words. It's executed 4 times for each of the 20 ChaCha20 rounds, operating on all 16 words each round, in columnar or diagonal groups of 4 at a time.

func quarterRound(a uint32, b uint32, c uint32, d uint32) (uint32, uint32, uint32, uint32)

xorKeyStreamBlocks method # 

func (s *Cipher) xorKeyStreamBlocks(dst []byte, src []byte)

xorKeyStreamBlocks method # 

func (c *Cipher) xorKeyStreamBlocks(dst []byte, src []byte)

xorKeyStreamBlocks method # 

func (c *Cipher) xorKeyStreamBlocks(dst []byte, src []byte)

xorKeyStreamBlocks method # 

func (c *Cipher) xorKeyStreamBlocks(dst []byte, src []byte)

xorKeyStreamBlocksGeneric method # 

func (s *Cipher) xorKeyStreamBlocksGeneric(dst []byte, src []byte)

xorKeyStreamVX function #

xorKeyStreamVX is an assembly implementation of XORKeyStream. It must only be called when the vector facility is available. Implementation in asm_s390x.s. go:noescape

func xorKeyStreamVX(dst []byte, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)

xorKeyStreamVX function #

go:noescape

func xorKeyStreamVX(dst []byte, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)

Generated with Arrow