Pure Rust implementation of the ChaCha20 Stream Cipher.
It improves upon the previous Salsa20 stream cipher with increased per-round diffusion at no cost to performance.
This crate also contains an implementation of XChaCha20: a variant of ChaCha20 with an extended 192-bit (24-byte) nonce, gated under the
xchacha20 Cargo feature (on-by-default).
This crate contains the following implementations of ChaCha20, all of which work on stable Rust with the following
-Ctarget-feature=+sse2(on by default on x86 CPUs)
soft: (~5 cpb on x86/x86_64)
NOTE: cpb = cycles per byte (smaller is better)
This crate does not ensure ciphertexts are authentic (i.e. by using a MAC to verify ciphertext integrity), which can lead to serious vulnerabilities if used incorrectly!
USE AT YOUR OWN RISK!
All implementations contained in the crate (along with the underlying ChaCha20 stream cipher itself) are designed to execute in constant time.
Rust 1.41 or higher.
Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.
Licensed under either of:
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.