Available on crate feature
stream only.Expand description
Streaming AEAD support.
Implementation of the STREAM online authenticated encryption construction as described in the paper Online Authenticated-Encryption and its Nonce-Reuse Misuse-Resistance.
About
The STREAM construction supports encrypting/decrypting sequences of AEAD message segments, which is useful in cases where the overall message is too large to fit in a single buffer and needs to be processed incrementally.
STREAM defends against reordering and truncation attacks which are common in naive schemes which attempt to provide these properties, and is proven to meet the security definition of “nonce-based online authenticated encryption” (nOAE) as given in the aforementioned paper.
Diagram
Legend:
- 𝐄k: AEAD encryption under key
k - 𝐌: message
- 𝐍: nonce
- 𝐀: additional associated data
- 𝐂: ciphertext
- 𝜏: MAC tag
Structs
- Stateful STREAM object which can decrypt AEAD messages one-at-a-time.
- Stateful STREAM object which can encrypt AEAD messages one-at-a-time.
- The original “Rogaway-flavored” STREAM as described in the paper Online Authenticated-Encryption and its Nonce-Reuse Misuse-Resistance.
- STREAM as instantiated with a 31-bit little endian counter and 1-bit “last block” flag stored as the most significant bit of the counter when interpreted as a 32-bit integer.
Traits
- Create a new STREAM from the provided AEAD.
- Low-level STREAM implementation.
Type Definitions
- STREAM decryptor instantiated with
StreamBE32as the underlying STREAM primitive. - STREAM decryptor instantiated with
StreamLE31as the underlying STREAM primitive. - STREAM encryptor instantiated with
StreamBE32as the underlying STREAM primitive. - STREAM encryptor instantiated with
StreamLE31as the underlying STREAM primitive. - Nonce as used by a given AEAD construction and STREAM primitive.
- Size of a nonce as used by a STREAM construction, sans the overhead of the STREAM protocol itself.