Expand description
Authenticated Encryption with Additional Data.
AEAD couples confidentiality and integrity in a single primitive. AEAD algorithms take a key and then can seal and open individual messages. Each message has a unique, per-message nonce and, optionally, additional data which is authenticated but not included in the ciphertext.
No two distinct plaintexts must ever be sealed using the same (key, nonce) pair. It is up to the user of these algorithms to ensure this. For example, when encrypting a stream of messages (e.g. over a TCP socket) a message counter can provide distinct nonces as long as the key is randomly generated for the specific connection and is distinct in each direction.
To implement that example:
use bssl_crypto::aead::{Aead, Aes256Gcm};
let key = bssl_crypto::rand_array();
let aead = Aes256Gcm::new(&key);
let mut message_counter: u64 = 0;
let mut nonce = bssl_crypto::rand_array();
nonce[4..].copy_from_slice(message_counter.to_be_bytes().as_slice());
message_counter += 1;
let plaintext = b"message";
let ciphertext = aead.seal(&nonce, plaintext, b"");
let decrypted = aead.open(&nonce, ciphertext.as_slice(), b"");
assert_eq!(plaintext, decrypted.unwrap().as_slice());Structs§
- Aes128
Gcm - AES-128 in Galois Counter Mode.
- Aes128
GcmSiv - AES-128 in GCM-SIV mode (which is different from SIV mode!).
- Aes256
Gcm - AES-256 in Galois Counter Mode.
- Aes256
GcmSiv - AES-256 in GCM-SIV mode (which is different from SIV mode!).
- Chacha20
Poly1305 - The AEAD built from ChaCha20 and Poly1305 as described in https://datatracker.ietf.org/doc/html/rfc8439.
- Invalid
Ciphertext - The error type returned when a fallible, in-place operation fails.
- XChacha20
Poly1305 - Chacha20Poly1305 with an extended nonce that makes random generation of nonces safe.
Traits§
- Aead
- Authenticated Encryption with Associated Data (AEAD) algorithm trait.