plan9fox/sys/man/2/chacha

.TH CHACHA 2
.SH NAME
setupChachastate, chacha_setblock, chacha_encrypt, chacha_encrypt2  - chacha encryption
.SH SYNOPSIS
.B #include <u.h>
.br
.B #include <libc.h>
.br
.B #include <mp.h>
.br
.B #include <libsec.h>
.PP
.B
void setupChachastate(Chachastate *s, uchar key[], ulong keylen, uchar *nonce, int rounds)
.PP
.B
void chacha_encrypt(uchar *data, ulong len, Chachastate *s)
.PP
.B
void chacha_encrypt2(uchar *src, uchar *dst, ulong len, Chachastate *s)
.PP
.B
void chacha_setblock(Chachastate *s, u32int blockno)
.SH DESCRIPTION
.PP
Chacha is D J Berstein's symmetric stream cipher, as modified by RFC7539. It supports
keys of 256 bits (128 bits is supported here for special purposes). It has an underlying block size of 64 bytes
(named as constant
.BR ChachaBsize ).
.PP
.I SetupChachastate
takes a reference to a
.B Chachastate
structure, a
.I key
of
.I keylen
bytes, which should normally be
.BR ChachaKeylen ,
a
.I nonce
or initialisation vector of
.B ChachaIVlen
bytes (set to all zeros if the argument is nil),
and the number of
.I rounds
(set to the default of 20 if the argument is zero).
With a keylength of 256 bits (32 bytes) and 20
.IR rounds ,
the function implements the Chacha20 encryption function of RFC7539.
.PP
.I Chacha_encrypt
encrypts
.I len
bytes of
.I buf
in place using the
.B Chachastate
in
.IR s .
.I Len
can be any byte length.
Encryption and decryption are the same operation given the same starting state
.IR s .
.PP
.I Chacha_encrypt2
is similar, but encrypts
.I len
bytes of
.I src
into
.I dst
without modifying
.IR src .
.PP
.I Chacha_setblock
sets the Chacha block counter for the next encryption to
.IR blockno ,
allowing seeking in an encrypted stream.
.SH SOURCE
.B /sys/src/libsec
.SH SEE ALSO
.IR mp (2),
.IR aes (2),
.IR blowfish (2),
.IR des (2),
.IR dsa (2),
.IR elgamal (2),
.IR rc4 (2),
.IR rsa (2),
.IR sechash (2),
.IR prime (2),
.IR rand (2)