Tink-Rust: Authenticated Encryption with Additional Data
This crate provides authenticated encryption with additional data (AEAD) functionality, as described in the upstream Tink documentation.
Usage
License
Known Issues
- Before version 0.2.4, AES-CTR-HMAC-AEAD keys and the
subtle::EncryptThenAuthenticate
implementation may be vulnerable to chosen-ciphertext attacks. An attacker can generate ciphertexts that bypass the HMAC verification if and only if all of the following conditions are true:- Tink is used on systems where
usize
is a 32-bit integer. This is usually the case on 32-bit machines. - The attacker can specify long (>= 2^29 bytes ~ 536MB) associated data
- Tink is used on systems where
Disclaimer
This is not an officially supported Google product.