ChaCha20Guard

A pure Go implementation of ChaCha20 and its extended nonce variant XChaCha20 with MemGuard in order to protect the key in memory.

Before using read the Warning

The implementation is based on https://github.com/codahale/chacha20

Download/Install

go get -u github.com/alexzava/chacha20guard

Usage

Import

import (
	"log"
	"crypto/rand"

	"github.com/awnumar/memguard"
	"github.com/alexzava/chacha20guard"
)

ChaCha20

message := []byte("Hello World!")

//Generate random nonce
nonce := make([]byte, 8)
_, err := rand.Read(nonce)
if err != nil {
	log.Fatal(err)
}

//Generate random key with memguard
key, err := memguard.NewImmutableRandom(32)
if err != nil {
	log.Println(err)
	memguard.SafeExit(1)
}
defer key.Destroy()

c, err := chacha20guard.New(key, nonce)
if err != nil {
	log.Fatal(err)
}

ciphertext := make([]byte, len(message))
c.XORKeyStream(ciphertext, message)

XChaCha20

message := []byte("Hello World!")

//Generate random nonce
nonce := make([]byte, 24)
_, err := rand.Read(nonce)
if err != nil {
	log.Fatal(err)
}

//Generate random key with memguard
key, err := memguard.NewImmutableRandom(32)
if err != nil {
	log.Println(err)
	memguard.SafeExit(1)
}
defer key.Destroy()

c, err := chacha20guard.NewX(key, nonce)
if err != nil {
	log.Fatal(err)
}

ciphertext := make([]byte, len(message))
c.XORKeyStream(ciphertext, message)

Warning

The code may contain bugs or vulnerabilities, currently they have not been found but this does not guarantee absolute security.

Check the repository often because the code could be updated frequently.

Notes

If you find bugs or vulnerabilities please let me know so they can be fixed.

If you want to help improve the code contact me.

License

This project is licensed under the MIT License - see the LICENSE file for details.