I opened #1643. This PR is useful as a draft but won't be merged in its current form (likely we'll want the MSRV/edition bump first as its own PR).

I'm not certain on the timeline yet; the main blocker is the chacha20 release; we also need to decide whether we are ready to merge breaking changes to rand yet.

@hpenne could you rebase now that #1653 and #1654 are merged please?

@dhardy I've rebased and the new tests failed as expected (the default ChaCha12 in chacha20 is the IETF variant). I tried to change to the "Legacy" variant, but chacha20 only exports ChaCha20Legacy, not the 12 round variant that we will need here. The ChaCha20Legacy type is just an alias, so I tried to use the underlying type directly to make a 12 round variant (ChaChaCore<R12, Legacy>) but that needs the Legacy struct which turns out to be private.

@tarcieri It seems that I might stuck here until someone either exports Legacy or adds a ChaCha12Legacy. It might be useful to do both, just in case.

that needs the Legacy struct which turns out to be private.

It's an oversight, we should export it. Could you create a PR? It also may be worth to add aliases for the legacy variants as well.

@hpenne I'm confused, why do you need a ChaCha12Legacy instead of just ChaCha12Rng?

@hpenne I'm confused, why do you need a ChaCha12Legacy instead of just ChaCha12Rng?

@tarcieri It seemed to me that the Legacy types were the ones with a 64 bit counter, which is what is needed here. One of us is confused, I suppose. It might also be me.

@tarcieri When I add the "legacy" feature to the chacha20 crate dependency in the rand cargo.toml, the chacha20 crate fails to build:

error[E0432]: unresolved import `cipher::StreamCipherCoreWrapper`
 --> /Users/hpenne/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/chacha20-0.10.0-rc.0/src/chacha.rs:2:41
  |
2 |     IvSizeUser, KeyIvInit, KeySizeUser, StreamCipherCoreWrapper,
  |                                         ^^^^^^^^^^^^^^^^^^^^^^^
  |                                         |
  |                                         no `StreamCipherCoreWrapper` in the root
  |                                         help: a similar name exists in the module: `StreamCipherCore`

Seems to work fine when i build run tests in chacha20 itself. Odd.

@hpenne all of the RNG types now have a 64-bit counter as of the latest prerelease.

Also looks like you found a bug. Perhaps it was being hidden by feature unification? Strange.

@hpenne oh, you're using an out-of-date version! Please upgrade to v0.10.0-rc.1

@hpenne oh, you're using an out-of-date version! Please upgrade to v0.10.0-rc.1

@tarcieri That was embarrassing. Works much better with the correct version. All tests pass now. The only strangeness that I am left with is that if I do not enable the "legacy" feature (the only enabled feature is "rng"), chacha20 fails to build with:

error[E0432]: unresolved import `crate::variants::Legacy`
  --> /Users/hpenne/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/chacha20-0.10.0-rc.1/src/rng.rs:24:16
   |
24 |     variants::{Legacy, Variant},
   |                ^^^^^^ no `Legacy` in `variants`
   |
note: found an item that was configured out
  --> /Users/hpenne/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/chacha20-0.10.0-rc.1/src/variants.rs:57:10
   |
57 | pub enum Legacy {}
   |          ^^^^^^
note: the item is gated behind the `legacy` feature
  --> /Users/hpenne/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/chacha20-0.10.0-rc.1/src/variants.rs:56:7
   |
56 | #[cfg(feature = "legacy")]
   |       ^^^^^^^^^^^^^^^^^^

I'm not able to reproduce this when I build chacha20 locally from master, so perhaps I've done something wrong or you have already fixed this on master. I'll look closer tomorrow.

@hpenne aah that was RustCrypto/stream-ciphers#454 which has been fixed

I can cut an rc.2 if that helps