rust-crypto
rust-crypto copied to clipboard
Implement seeking for ChaCha20 and Salsa20
ChaCha20 and Salsa20 are capable of efficiently moving to any point in their output, but that functionality was not being exposed. This patch introduces a new trait, SeekableStreamCipher, with implementations for those two ciphers.
This exposed a bug in Salsa20: overflow in the least-significant block counter word was not correctly detected. This made all streams wrong after 256 GiB, and an unlucky 1 out of 2^32 streams wrong after 64 bytes.
Issue #156 is related to this.
This exposed a bug in Salsa20: overflow in the least-significant block counter word was not correctly detected.
Do you have a test vector for this (preferably one of the shorter ones)?