aes-wasm 0.1.17

AES-GCM, AES-OCB, AEGIS, AES-CTR, CMAC-AES for WebAssembly
Documentation

Docs.rs crates.io

aes-wasm

Fast, dependency-free AES and AEGIS ciphers for Rust and WASI (WebAssembly System Interface)

aes-wasm provides high-performance AEAD, stream cipher, and MAC primitives for use in WebAssembly/WASI environments. It is designed for speed, simplicity, and zero dependencies, making it ideal for cryptographic operations in WASI-based runtimes and server-side WASM applications.

Note: This crate is intended specifically for WASI (not web browsers or native environments).

Features

  • AEAD ciphers:
    • AEGIS-128L, AEGIS-128X2, AEGIS-128X4
    • AEGIS-256, AEGIS-256X2, AEGIS-256X4
    • AES-128-GCM, AES-256-GCM
    • AES-128-OCB, AES-256-OCB
  • Stream ciphers:
    • AES-128-CTR, AES-256-CTR
  • Block ciphers:
    • AES-128-CBC, AES-256-CBC (with PKCS#7 padding)
  • MAC:
    • CMAC-AES-128
  • Zero dependencies
  • Simple, consistent API
  • Optimized for WASI

Installation

Add to your Cargo.toml:

[dependencies]
aes-wasm = "*"

Note: Make sure your target is set to a WASI platform, such as wasm32-wasi.

Usage

AEAD Example: AES-128-GCM

use aes_wasm::aes128gcm::{encrypt, decrypt, Key, Nonce};
let key = Key::default();
let nonce = Nonce::default();
let msg = b"hello world";
let ad = b"extra data";
let ciphertext = encrypt(msg, ad, &key, nonce);
let plaintext = decrypt(ciphertext, ad, &key, nonce).unwrap();
assert_eq!(plaintext, msg);

Stream Cipher Example: AES-128-CTR

use aes_wasm::aes128ctr::{encrypt, decrypt, Key, IV};
let key = Key::default();
let iv = IV::default();
let msg = b"streaming!";
let ciphertext = encrypt(msg, &key, iv);
let plaintext = decrypt(ciphertext, &key, iv);
assert_eq!(plaintext, msg);

MAC Example: CMAC-AES-128

use aes_wasm::cmac_aes128::{mac, Key};
let key = Key::default();
let msg = b"authenticate me";
let tag = mac(msg, &key);

Supported Algorithms

  • AEGIS: 128L, 128X2, 128X4, 256, 256X2, 256X4
  • AES: 128/256 GCM, 128/256 OCB, 128/256 CBC (PKCS#7), 128/256 CTR
  • CMAC: AES-128

Safety and Security

  • This crate is designed for use in WASI only.
  • Always use unique nonces for each encryption operation with AEAD ciphers.
  • Review the documentation for each algorithm for security notes and usage patterns.

Benchmarks

Benchmarks can be run with:

cargo wasix bench

Wasmtime 9.0.1 on Apple M1

algorithm crate throughput
aes256-gcm (aes crate) 49.63 M/s
aes256-gcm this crate 98.86 M/s
aes128-gcm (aes crate) 59.87 M/s
aes128-gcm this crate 115.47 M/s
aes256-ocb this crate 168.43 M/s
aes128-ocb this crate 215.23 M/s
aes-128-cbc (cbc crate) 48.48 M/s
aes-128-cbc this crate 225.63 M/s
aes-256-cbc (cbc crate) 35.49 M/s
aes-256-cbc this crate 171.89 M/s
aegis-256 this crate 478.57 M/s
aegis-128l (aegis crate) 533.85 M/s
aegis-128l this crate 695.85 M/s
aes128-ctr (ctr crate) 104.63 M/s
aes128-ctr this crate 217.10 M/s
cmac-aes128 (cmac crate) 53.99 M/s
cmac-aes128 this crate 233.34 M/s

Wasmtime 9.0.1 on Ryzen 7

algorithm crate throughput
aes256-gcm (aes crate) 63.79 M/s
aes256-gcm this crate 129.44 M/s
aes128-gcm (aes crate) 75.09 M/s
aes128-gcm this crate 149.31 M/s
aes256-ocb this crate 205.39 M/s
aes128-ocb this crate 260.56 M/s
aegis-256 this crate 497.97 M/s
aegis-128l (aegis crate) 537.49 M/s
aegis-128l this crate 696.61 M/s
aes128-ctr (ctr crate) 151.26 M/s
aes128-ctr this crate 275.51 M/s
cmac-aes128 (cmac crate) 78.63 M/s
cmac-aes128 this crate 260.23 M/s

Documentation

License

This project is licensed under the MIT License. See LICENSE for details.