Monocypher

Boring crypto that simply works
CRYPTO_HCHACHA20(3MONOCYPHER) 3MONOCYPHER CRYPTO_HCHACHA20(3MONOCYPHER)

NAME

HChacha20 special-purpose hashing #include <monocypher.h>
void
crypto_hchacha20(uint8_t out[32], const uint8_t key[32], const uint8_t in[16]);

DESCRIPTION

crypto_hchacha20() provides a not-so-cryptographic hash. It may be used for some specific purposes, such as X25519 key derivation, or XChacha20 initialisation. If in doubt, do not use directly. Use crypto_blake2b() instead.
The arguments are:
key
A sufficiently random key, such as the output of crypto_x25519().
in
The space reserved for the Chacha20 nonce and counter. It does not have to be random.
out
A cryptographically secure random number if there is enough entropy in key. X25519 shared secrets have enough entropy.

RETURN VALUES

This function returns nothing.

EXAMPLES

The following example assumes the existence of arc4random_buf(), which fills the given buffer with cryptographically secure random bytes. If arc4random_buf() does not exist on your system, see intro() for advice about how to generate cryptographically secure random bytes.
Simple hash:
uint8_t key[32]; /* Must have enough entropy           */ 
uint8_t in [16]; /* Does not have to be random         */ 
uint8_t out[32]; /* Will be random iff the above holds */ 
arc4random_buf(key, 32); 
crypto_hchacha20(out, key, in); 
/* Wipe secrets if they are no longer needed */ 
crypto_wipe(key, 32); 
crypto_wipe(in , 16);

SEE ALSO

crypto_chacha20_encrypt(), crypto_key_exchange(), intro()

STANDARDS

This function implements HChacha20. HChacha20 derives from Chacha20 the same way HSalsa20 derives from Salsa20.

HISTORY

The crypto_hchacha20() function first appeared in Monocypher 0.1 as crypto_chacha20_H(). It was renamed to crypto_hchacha20() in Monocypher 3.0.0.

CAVEATS

This is not a general-purpose cryptographic hash function.
March 2, 2020 Linux 4.15.0-118-generic