HChacha20 special-purpose hashing
#include
<monocypher.h>
void
crypto_hchacha20(
uint8_t
out[32],
const uint8_t key[32],
const uint8_t in[16]);
crypto_hchacha20() provides a not-so-cryptographic
hash. It may be used for some specific purposes, such as X25519 key
derivation, or XChacha20 initialisation. If in doubt, do not use directly. Use
crypto_blake2b()
instead.
The arguments are:
- key
- A sufficiently random key, such as the output of
crypto_x25519().
- in
- The space reserved for the Chacha20 nonce and counter. It
does not have to be random.
- out
- A cryptographically secure random number
if there is enough entropy in
key. X25519 shared secrets have enough
entropy.
This function returns nothing.
The following example assumes the existence of
arc4random_buf(), which fills the given buffer
with cryptographically secure random bytes. If
arc4random_buf() does not exist on your system,
see
intro() for advice
about how to generate cryptographically secure random bytes.
Simple hash:
uint8_t key[32]; /* Must have enough entropy */
uint8_t in [16]; /* Does not have to be random */
uint8_t out[32]; /* Will be random iff the above holds */
arc4random_buf(key, 32);
crypto_hchacha20(out, key, in);
/* Wipe secrets if they are no longer needed */
crypto_wipe(key, 32);
crypto_wipe(in , 16);
crypto_chacha20_encrypt(),
crypto_key_exchange(),
intro()
This function implements HChacha20. HChacha20 derives from Chacha20 the same way
HSalsa20 derives from Salsa20.
The
crypto_hchacha20() function first appeared in
Monocypher 0.1 as
crypto_chacha20_H(). It was
renamed to
crypto_hchacha20() in Monocypher
3.0.0.
This is not a general-purpose cryptographic hash
function.
