Crate isap_aead

source · []
Expand description

ISAP authenticated encryption with Keccak and Ascon permutations

This crate provides an implementation of the authenticated encryption scheme ISAP. As specified in ISAP version 2, implementations are provided for the Ascon and Keccak based instances.

Usage

Simple usage (allocating, no associated data):

use isap_aead::IsapAscon128; // Or `IsapAscon128A`, `IsapKeccak128`, `IsapKeccak128A`
use isap_aead::aead::{Aead, KeyInit};

let key = b"very secret key.";
let cipher = IsapAscon128::new(key.into());
let nonce = b"unique nonce 012"; // 128-bits; unique per message

let ciphertext = cipher.encrypt(nonce.into(), b"plaintext message".as_ref())
    .expect("encryption failure!"); // NOTE: handle this error to avoid panics!

let plaintext = cipher.decrypt(nonce.into(), ciphertext.as_ref())
    .expect("decryption failure!"); // NOTE: handle this error to avoid panics!

assert_eq!(&plaintext, b"plaintext message");

In-place Usage (eliminates alloc requirement)

Similar to other crates implementing aead interfaces, this crate also offers an optional alloc feature which can be disabled in e.g. microcontroller environments that don’t have a heap. See aead::AeadInPlace for more details.

use isap_aead::IsapAscon128; // Or `IsapAscon128A`, `IsapKeccak128`, `IsapKeccak128A`
use isap_aead::aead::{AeadInPlace, KeyInit};
use isap_aead::aead::heapless::Vec;

let key = b"very secret key.";
let cipher = IsapAscon128::new(key.into());
let nonce = b"unique nonce 012"; // 128-bits; unique per message

let mut buffer: Vec<u8, 128> = Vec::new(); // Buffer needs 16-bytes overhead for authentication tag
buffer.extend_from_slice(b"plaintext message");

// Encrypt `buffer` in-place, replacing the plaintext contents with ciphertext
cipher.encrypt_in_place(nonce.into(), b"", &mut buffer).expect("encryption failure!");

// `buffer` now contains the message ciphertext
assert_ne!(&buffer, b"plaintext message");

// Decrypt `buffer` in-place, replacing its ciphertext context with the original plaintext
cipher.decrypt_in_place(nonce.into(), b"", &mut buffer).expect("decryption failure!");
assert_eq!(&buffer, b"plaintext message");

Re-exports

pub use aead;

Structs

Error

Error type.

IsapAscon128

ISAP-Ascon128

IsapAscon128A

ISAP-Ascon128A

IsapKeccak128

ISAP-Keccask128

IsapKeccak128A

ISAP-Keccak128A

Traits

AeadCore

Authenticated Encryption with Associated Data (AEAD) algorithm core trait.

AeadInPlace

In-place stateless AEAD trait.

KeyInit

Types which can be initialized from key.

Type Definitions

Key

Key used by [KeySizeUser] implementors.

Nonce

Nonce: single-use value for ensuring ciphertexts are unique

Result

Result type alias with Error.

Tag

Tag: authentication code which ensures ciphertexts are authentic