[−][src]Module tindercrypt::aead
AEAD helpers
This module contains some wrappers over the AEAD functions in the ring
library. You are advised to not use these low-level functions directly, and
instead use the functions provided by the cryptors module
Examples
You can encrypt (seal) and decrypt (open) a secret value as follows:
use ring::aead; use tindercrypt::rand::fill_buf; use tindercrypt::aead::{seal_in_place, open_in_place, NONCE_SIZE}; let algo = &aead::AES_256_GCM; let mut nonce = [0u8; NONCE_SIZE]; let aad = "My encryption context".as_bytes(); let mut key = vec![0u8; algo.key_len()]; let data = "The cake is a lie".as_bytes(); // Create a unique nonce and key. fill_buf(&mut nonce); fill_buf(&mut key); // Create a buffer large enough to hold the ciphertext and its tag. let mut buf = vec![0; data.len() + algo.tag_len()]; buf[..data.len()].copy_from_slice(&data); // Encrypt (seal) the data buffer in place, thereby ovewriting the // plaintext data with the ciphertext, and appending a tag at the end. seal_in_place(algo, nonce.clone(), &aad, &key, &mut buf); // Decrypt (open) the data buffer in place, thereby ovewriting ciphertext // with the plaintext (the previous tag will not be removed). open_in_place(algo, nonce.clone(), &aad, &key, &mut buf); assert_eq!(data, &buf[..data.len()]); // Ensure that the nonce is never used again. drop(nonce);
Constants
| NONCE_SIZE | The size of the nonces that |
Functions
| open_in_place | Open the contents of a sealed data buffer in place. |
| seal_in_place | Seal the contents of a data buffer in place. |