[][src]Crate aes_siv

AES-SIV (RFC 5297): Authenticated Encryption with Associated Data (AEAD) cipher which also provides nonce reuse misuse resistance.

Usage

Simple usage (allocating, no associated data):

use aes_siv::Aes128SivAead; // Or `Aes256Siv`
use aes_siv::aead::{Aead, NewAead, generic_array::GenericArray};

let key = GenericArray::from_slice(b"an example very very secret key.");
let cipher = Aes128SivAead::new(key);

let nonce = GenericArray::from_slice(b"any unique nonce"); // 128-bits; unique per message

let ciphertext = cipher.encrypt(nonce, b"plaintext message".as_ref())
    .expect("encryption failure!"); // NOTE: handle this error to avoid panics!

let plaintext = cipher.decrypt(nonce, ciphertext.as_ref())
    .expect("decryption failure!"); // NOTE: handle this error to avoid panics!

assert_eq!(&plaintext, b"plaintext message");

In-place Usage (eliminates alloc requirement)

This crate has an optional alloc feature which can be disabled in e.g. microcontroller environments that don't have a heap.

The AeadInPlace::encrypt_in_place and AeadInPlace::decrypt_in_place methods accept any type that impls the aead::Buffer trait which contains the plaintext for encryption or ciphertext for decryption.

Note that if you enable the heapless feature of this crate, you will receive an impl of aead::Buffer for heapless::Vec (re-exported from the aead crate as [aead::heapless::Vec]), which can then be passed as the buffer parameter to the in-place encrypt and decrypt methods:

use aes_siv::Aes128SivAead; // Or `Aes256SivAead`
use aes_siv::aead::{AeadInPlace, NewAead, generic_array::GenericArray};
use aes_siv::aead::heapless::{Vec, consts::U128};

let key = GenericArray::from_slice(b"an example very very secret key.");
let cipher = Aes128SivAead::new(key);

let nonce = GenericArray::from_slice(b"any unique nonce"); // 128-bits; unique per message

let mut buffer: Vec<u8, U128> = Vec::new();
buffer.extend_from_slice(b"plaintext message");

// Encrypt `buffer` in-place, replacing the plaintext contents with ciphertext
cipher.encrypt_in_place(nonce, b"", &mut buffer).expect("encryption failure!");

// `buffer` now contains the message ciphertext
assert_ne!(&buffer, b"plaintext message");

// Decrypt `buffer` in-place, replacing its ciphertext context with the original plaintext
cipher.decrypt_in_place(nonce, b"", &mut buffer).expect("decryption failure!");
assert_eq!(&buffer, b"plaintext message");

Re-exports

pub use aead;

Modules

siv

The Synthetic Initialization Vector (SIV) misuse-resistant block cipher mode of operation (RFC 5297).

Structs

SivAead

The SivAead type wraps the more powerful Siv interface in a more commonly used Authenticated Encryption with Associated Data (AEAD) API, which accepts a key, nonce, and associated data when encrypting/decrypting.

Type Definitions

Aes128PmacSivAead

AES-PMAC-SIV in AEAD mode with 256-bit key size (128-bit security)

Aes128SivAead

AES-CMAC-SIV in AEAD mode with 256-bit key size (128-bit security)

Aes256PmacSivAead

AES-PMAC-SIV in AEAD mode with 512-bit key size (256-bit security)

Aes256SivAead

AES-CMAC-SIV in AEAD mode with 512-bit key size (256-bit security)

CmacSivAead

SIV AEAD modes based on CMAC

KeySize

Size of an AES-SIV key given a particular cipher

PmacSivAead

SIV AEAD modes based on PMAC

Tag

AES-SIV tags (i.e. the Synthetic Initialization Vector value)