tink_core/
deterministic_aead.rs

1// Copyright 2020 The Tink-Rust Authors
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15////////////////////////////////////////////////////////////////////////////////
16
17//! Deterministic authenticated encryption with associated data.
18
19/// `DeterministicAead` is the interface for deterministic authenticated encryption with associated
20/// data.
21///
22/// ## Warning
23///
24/// Unlike AEAD, implementations of this trait are not semantically secure, because
25/// encrypting the same plaintext always yields the same ciphertext.
26///
27/// ## Security guarantees
28///
29/// Implementations of this trait provide 128-bit security level against multi-user attacks
30/// with up to 2^32 keys. That means if an adversary obtains 2^32 ciphertexts of the same message
31/// encrypted under 2^32 keys, they need to do 2^128 computations to obtain a single key.
32///
33/// Encryption with associated data ensures authenticity (who the sender is) and integrity (the
34/// data has not been tampered with) of that data, but not its secrecy.
35///
36/// ## References
37///
38/// - [RFC 5116](https://tools.ietf.org/html/rfc5116)
39/// - [RFC 5297 s1.3](https://tools.ietf.org/html/rfc5297#section-1.3)
40pub trait DeterministicAead: DeterministicAeadBoxClone {
41    /// Deterministical encrypt plaintext with `additional_data` as additional authenticated data.
42    /// The resulting ciphertext allows for checking authenticity and integrity of additional
43    /// data `additional_data`, but there are no guarantees wrt. secrecy of that data.
44    fn encrypt_deterministically(
45        &self,
46        plaintext: &[u8],
47        additional_data: &[u8],
48    ) -> Result<Vec<u8>, crate::TinkError>;
49
50    /// Deterministically decrypt ciphertext with `additional_data` as
51    /// additional authenticated data. The decryption verifies the authenticity and integrity
52    /// of the additional data, but there are no guarantees wrt. secrecy of that data.
53    fn decrypt_deterministically(
54        &self,
55        ciphertext: &[u8],
56        additional_data: &[u8],
57    ) -> Result<Vec<u8>, crate::TinkError>;
58}
59
60/// Trait bound to indicate that primitive trait objects should support cloning
61/// themselves as trait objects.
62pub trait DeterministicAeadBoxClone {
63    fn box_clone(&self) -> Box<dyn DeterministicAead>;
64}
65
66/// Default implementation of the box-clone trait bound for any underlying
67/// concrete type that implements [`Clone`].
68impl<T> DeterministicAeadBoxClone for T
69where
70    T: 'static + DeterministicAead + Clone,
71{
72    fn box_clone(&self) -> Box<dyn DeterministicAead> {
73        Box::new(self.clone())
74    }
75}