Tink-Rust: Streaming Authenticated Encryption with Additional Data
This crate provides streaming authenticated encryption with additional data functionality, as described in the upstream
Tink documentation.
Usage
fn main() -> Result<(), Box<dyn Error>> {
let dir = tempfile::tempdir()?.into_path();
let ct_filename = dir.join("ciphertext.bin");
tink_streaming_aead::init();
let kh =
tink_core::keyset::Handle::new(&tink_streaming_aead::aes128_gcm_hkdf_4kb_key_template())?;
let a = tink_streaming_aead::new(&kh)?;
let aad = b"this data needs to be authenticated, but not encrypted";
let ct_file = std::fs::File::create(ct_filename.clone())?;
let mut w = a.new_encrypting_writer(Box::new(ct_file), &aad[..])?;
let mut offset = 0;
while offset < PT.len() {
let end = std::cmp::min(PT.len(), offset + CHUNK_SIZE);
let written = w.write(&PT[offset..end])?;
offset += written;
w.flush()?;
}
w.close()?;
let ct_file = std::fs::File::open(ct_filename)?;
let mut r = a.new_decrypting_reader(Box::new(ct_file), &aad[..])?;
let mut recovered = vec![];
loop {
let mut chunk = vec![0; CHUNK_SIZE];
let len = r.read(&mut chunk)?;
if len == 0 {
break;
}
recovered.extend_from_slice(&chunk[..len]);
}
assert_eq!(recovered, PT);
Ok(())
}
License
Apache License, Version 2.0
Disclaimer
This is not an officially supported Google product.