Skip to main content

Module aead

crypt_io

Module aead 

Source
Available on crate feature aead-chacha20 only.
Expand description

Authenticated encryption with associated data (AEAD).

This module exposes the high-level Crypt handle and the Algorithm enum. The default algorithm is ChaCha20-Poly1305 (RFC 8439): it is fast in software, post-quantum-safe at 256-bit symmetric strength, and the recommended choice when hardware AES acceleration is not available.

§Wire format

The ciphertext returned by Crypt::encrypt / Crypt::encrypt_with_aad is the concatenation nonce || ciphertext || tag, where:

  • nonce is a 12-byte CSPRNG-generated value (mod-rand Tier 3, backed by the OS — getrandom on Linux, getentropy on macOS, BCryptGenRandom on Windows).
  • ciphertext is the encryption of the plaintext under the supplied key and generated nonce.
  • tag is the 16-byte Poly1305 authentication tag, covering both the ciphertext and any associated data passed to the AAD variants.

Crypt::decrypt / Crypt::decrypt_with_aad split this layout, verify the tag in constant time (provided by upstream RustCrypto), and return the decrypted plaintext.

§Nonce policy

Nonces are generated fresh for every call. The 96-bit nonce space has a birthday bound of ~2^48 — well beyond any realistic message volume for a single key. Callers that need a specific nonce (interop with another implementation, deterministic test vectors) are out of scope for the 0.2.0 API; that surface will arrive in a later milestone with explicit “I understand the risk” naming.

§Example

use crypt_io::Crypt;

let key = [0x42u8; 32];
let plaintext = b"attack at dawn";

let crypt = Crypt::new();
let ciphertext = crypt.encrypt(&key, plaintext).expect("encrypt");
let recovered = crypt.decrypt(&key, &ciphertext).expect("decrypt");

assert_eq!(&*recovered, plaintext);

Structs§

Crypt
High-level encryption handle.

Enums§

Algorithm
Supported AEAD algorithms.

Constants§

CHACHA20_NONCE_LEN
Length of a ChaCha20-Poly1305 nonce, in bytes. Equal to 12.
CHACHA20_TAG_LEN
Length of a ChaCha20-Poly1305 authentication tag, in bytes. Equal to 16.
KEY_LEN
Length of a symmetric key for any algorithm shipped in this version, in bytes. Equal to 32 (256-bit keys).