Struct ChaCha20Poly1305

pub struct ChaCha20Poly1305 { /* private fields */ }

Available on crate feature chacha20poly1305 only.

OpenSSH variant of ChaCha20Poly1305: chacha20-poly1305@openssh.com as described in PROTOCOL.chacha20poly1305.

Differences from ChaCha20Poly1305-IETF as described in RFC8439:

• Nonce is 64-bit instead of 96-bit (i.e. uses legacy “djb” ChaCha20 variant).
• The AAD and ciphertext inputs of Poly1305 are not padded.
• The lengths of ciphertext and AAD are not authenticated using Poly1305.

Implementations

impl ChaCha20Poly1305

pub fn encrypt( &self, nonce: &ChaChaNonce, buffer: &mut [u8], aad_len: usize, ) -> Result<Tag>

Encrypt the provided buffer in-place, returning the Poly1305 authentication tag.

The input buffer should contain the concatenation of any additional associated data (AAD) and the plaintext to be encrypted, where in the context of the SSH packet encryption protocol the AAD represents an encrypted packet length, which is itself 4-bytes / 64-bits.

aad_len is the length of the AAD in bytes:

• In the context of SSH packet encryption, this should be 4.
• In the context of SSH key encryption, aad_len should be 0.

The first aad_len bytes of buffer will be unmodified after encryption is completed. Only the data after aad_len will be encrypted.

The resulting Tag authenticates both the AAD and the ciphertext in the buffer.

pub fn decrypt( &self, nonce: &ChaChaNonce, buffer: &mut [u8], tag: Tag, aad_len: usize, ) -> Result<()>

Decrypt the provided buffer in-place, verifying it against the provided Poly1305 authentication tag.

The input buffer should contain the concatenation of any additional associated data (AAD) and the ciphertext to be authenticated, where in the context of the SSH packet encryption protocol the AAD represents an encrypted packet length, which is itself 4-bytes / 64-bits.

aad_len is the length of the AAD in bytes:

• In the context of SSH packet encryption, this should be 4.
• In the context of SSH key encryption, aad_len should be 0.

The first aad_len bytes of buffer will be unmodified after decryption completes successfully. Only data after aad_len will be decrypted.

Trait Implementations

impl AeadCore for ChaCha20Poly1305

const TAG_POSITION: TagPosition = TagPosition::Postfix

The AEAD tag position.

type NonceSize = UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>

The length of a nonce.

type TagSize = UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>

The maximum length of the tag.

impl Clone for ChaCha20Poly1305

fn clone(&self) -> ChaCha20Poly1305

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Drop for ChaCha20Poly1305

fn drop(&mut self)

Executes the destructor for this type.

impl KeyInit for ChaCha20Poly1305

fn new(key: &ChaChaKey) -> Self

Create new value from fixed size key.

fn weak_key_test(_key: &Array<u8, Self::KeySize>) -> Result<(), WeakKeyError>

Check if the key might be considered weak.

fn new_checked(key: &Array<u8, Self::KeySize>) -> Result<Self, WeakKeyError>

Create new value from fixed size key after checking it for weakness.

fn new_from_slice(key: &[u8]) -> Result<Self, InvalidLength>

Create new value from variable size key.

impl KeySizeUser for ChaCha20Poly1305

type KeySize = UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>

Key size in bytes.

fn key_size() -> usize

Return key size in bytes.

impl ZeroizeOnDrop for ChaCha20Poly1305

Available on crate feature zeroize only.