Salsa20

v0.3.0

Salsa20 v0.3.0 Salsa20

Salsa20 symmetric stream cipher

As specified in http://cr.yp.to/snuffle/spec.pdf.

Also includes the HSalsa20 hashing function as specified in http://cr.yp.to/highspeed/naclcrypto-20090310.pdf

Summary

Types

key()

The shared encryption key

nonce()

The shared per-session nonce

salsa_parameters()

The parameters and state of the current session

Functions

crypt(m, k, v, b \\ 0)

The crypt function suitable for a complete message

crypt_bytes(m, p, acc)

The crypt function suitable for streaming

hash(k, n)

HSalsa20 hash

Types 

key :: <<_::32 * 8>> | <<_::16 * 8>>

The shared encryption key.

32-byte values are to be preferred over 16-byte ones where possible.

nonce :: <<_::8 * 8>>

The shared per-session nonce.

By spec, this nonce may be used to encrypt a stream of up to 2^70 bytes.

salsa_parameters :: {key, nonce, non_neg_integer, binary}

The parameters and state of the current session

  • The shared key
  • The session nonce
  • The next block number
  • The unused portion of the current block

Starting from block 0 the initial state is {k,v,0,""}

Functions

crypt(m, k, v, b \\ 0)

Specs

crypt(binary, key, nonce, non_neg_integer) :: binary

The crypt function suitable for a complete message.

This is a convenience wrapper when the full message is ready for processing.

The operations are symmetric, so if crypt(m,k,v) = c, then crypt(c,k,v) = m

crypt_bytes(m, p, acc)

Specs

crypt_bytes(binary, salsa_parameters, [binary]) :: {binary, salsa_parameters}

The crypt function suitable for streaming

Use an initial state of {k,v,0,""} The returned parameters can be used for the next available bytes. Any previous emitted binary can be included in the acc, if desired.

hash(k, n)

Specs

hash(key, nonce) :: <<_::32 * 8>>

HSalsa20 hash

The strict specification requires a 32-byte key, but the defined expansion function can be used with a 16-byte key.