peterreid / chacha Goto Github PK

See stream-cipher crate. You have read-write access to RustCrypto/stream-ciphers repository,

Also It would be nice if you'll share the crate access either with me, or with RustCrypto:stream-ciphers team, so in future it will be possible to publish updates even if you will not be around.

The following code seeks in the keystream to just before the first 32-bit portion of the counter overflows, and then encrypts a buffer long enough that the counter overflows during the operation (and so should increment the high half of the counter).

extern crate chacha;
extern crate rustc_serialize;

use chacha::{ChaCha, KeyStream, SeekableKeyStream};
use rustc_serialize::hex::ToHex;

fn main() {

let secret_key = [42u8; 32];
let nonce = [1, 2, 3, 4, 5, 6, 7, 8];
    let mut stream = ChaCha::new_chacha20(&secret_key, &nonce);

    let seek = 274877906800;
    stream.seek_to(seek).expect("seeky");

let mut buffer = [0u8; 256];
    stream.xor_read(&mut buffer[..]).expect("hit end of stream far too soon");

    println!("{}", buffer.to_hex());

}

Output

68b0a4515bb1e2e8da437dfcc66a879414a78365aa0fefdac12b5c388158e3278d053733bfcbd5e7151596051318012e8692441f98b87eaeaf93d799bea5e49b859cce0ce562f319c223158a574c145529e9d91502a0af596208c560eeee359b4d612023f4fbbe164753a0b5b5d742ee24009d3bb492bb51c0775c44fa104d5a044d546f8636779a6017070b1ff1816b2ae02c85d1a7b9c8a718d3db168d1efd366902c7d2c6c9dc68bbea481447edb986ccd499ca60e703a74c8a1590fac30b413e15b573c3d17747b46cf833bfb3152ae02c85d1a7b9c8a718d3db168d1efd366902c7d2c6c9dc68bbea481447edb986ccd499ca60e703a74c8a1590fac30b413e15b573c3d17747b46cf833bfb3152ae02c85d1a7b9c8a718d3db168d1efd366902c7d2c6c9dc68bbea481447edb986ccd499ca60e703a74c8a1590fac30b413e15b573c3d17747b46cf833bfb3152ae02c85d1a7b9c8a718d3db168d1efd366902c7d2c6c9dc68bbea481447edb986ccd499ca60e703a74c8a1590fac30b

Notice how at the end "2ae02c85d1a7b9c8a718d3db168d1efd366902c7d2c6c9dc68bbea481447edb986ccd499ca60e703a74c8a1590fac30b" repeats several times. If you make the buffer longer, it repeats further. It is as if the counter is not incrementing correctly.

From a quick look at the code I don't see what the problem is.

Deriving ChaCha would be useful for me as I use it in an enum.
I can open an PR for this - if wished.

I use new chacha8 function.

got the following result by xor_read:
Plain text = [104, 101, 108, 108, 111, 32, 119, 111, 114, 108, 100, 33]
chiper text = [231, 58, 48, 88, 24, 110, 13, 168, 10, 142, 99, 109]
Reversed text = [74, 125, 182, 57, 114, 163, 174, 148, 86, 8, 41, 250]

is it right?

    let mut plain = *b"hello world!";
    println!("Plain text = {:?}", plain);
    chacha.xor_read(&mut plain[..]);
    println!("chiper text = {:?}", plain);
     chacha.xor_read(&mut plain[..]);
    println!("chiper text = {:?}", plain);