The ChaCha family of stream ciphers

Features

• pure Rust implementation
• supports the RustCrypto API
• builds on stable Rust
• portable
• fast: within 15% of throughput of a hand-optimized ASM SIMD implementation (floodberry/chacha-opt) on my machine (a Xeon X5650, using ppv-lite86)
• no-std compatible (std required only for runtime algorithm selection)

Supported Variants

ChaCha20: used in chacha20-poly1305 in TLS, OpenSSH; arc4random in the BSDs, Linux /dev/urandom since 4.8.

Ietf: IETF RFC 7539. Longer nonce, short block counter.

XChaCha20: constructed analogously to XSalsa20; a mixing step during initialization allows using a long nonce and along with a full-sized block counter.

ChaCha12, ChaCha8: faster; lower security margin of safety.

lib.rs:

Pure Rust ChaCha with SIMD optimizations.

Stream-cipher usage:

#[cfg(features = "std")]
fn demo() {
extern crate c2_chacha;

use c2_chacha::stream_cipher::{NewStreamCipher, SyncStreamCipher, SyncStreamCipherSeek};
use c2_chacha::{ChaCha20, ChaCha12};

let key = b"very secret key-the most secret.";
let iv = b"my nonce";
let plaintext = b"The quick brown fox jumps over the lazy dog.";

let mut buffer = plaintext.to_vec();
// create cipher instance
let mut cipher = ChaCha20::new_var(key, iv).unwrap();
// apply keystream (encrypt)
cipher.apply_keystream(&mut buffer);
// and decrypt it back
cipher.seek(0);
cipher.apply_keystream(&mut buffer);
// stream ciphers can be used with streaming messages
let mut cipher = ChaCha12::new_var(key, iv).unwrap();
for chunk in buffer.chunks_mut(3) {
    cipher.apply_keystream(chunk);
}
}