Module hacl::aead

Authenticated Encryption with Associated Data (AEAD)

This module implements AES-GCM 128 and 256, and Chacha20Poly1305.

Usage

This module provides two APIs

Aead with key state

use hacl::aead::{Aead, Algorithm, Error};

let key = [0x5b, 0x96, 0x04, 0xfe, 0x14, 0xea, 0xdb, 0xa9, 0x31, 0xb0, 0xcc,
           0xf3, 0x48, 0x43, 0xda, 0xb9, 0x5b, 0x96, 0x04, 0xfe, 0x14, 0xea,
           0xdb, 0xa9, 0x31, 0xb0, 0xcc, 0xf3, 0x48, 0x43, 0xda, 0xb9];
let cipher = match Aead::new(Algorithm::Chacha20Poly1305, &key) {
   Ok(c) => c,
   Err(e) => panic!("Error instantiating AEAD.\n{:?}", e),
};

let iv = [0x02, 0x83, 0x18, 0xab, 0xc1, 0x82, 0x40, 0x29, 0x13, 0x81, 0x41, 0xa2];
let msg = [0x00, 0x1d, 0x0c, 0x23, 0x12, 0x87, 0xc1, 0x18, 0x27, 0x84, 0x55, 0x4c, 0xa3, 0xa2, 0x19, 0x08];
let aad = [];

let (ciphertext, tag) = match cipher.encrypt(&msg, &iv, &aad) {
    Ok(r) => r,
    Err(e) => panic!("Error encrypting.\n{:?}", e),
};

let msg_ = match cipher.decrypt(&ciphertext, &tag, &iv, &aad) {
    Ok(r) => r,
    Err(e) => panic!("Error decrypting.\n{:?}", e),
};

assert_eq!(&msg[..], &msg_[..]);

Single-shot API

use hacl::aead::{self, Algorithm};

let key = [0x5b, 0x96, 0x04, 0xfe, 0x14, 0xea, 0xdb, 0xa9, 0x31, 0xb0, 0xcc,
           0xf3, 0x48, 0x43, 0xda, 0xb9, 0x5b, 0x96, 0x04, 0xfe, 0x14, 0xea,
           0xdb, 0xa9, 0x31, 0xb0, 0xcc, 0xf3, 0x48, 0x43, 0xda, 0xb9];
let iv = [0x02, 0x83, 0x18, 0xab, 0xc1, 0x82, 0x40, 0x29, 0x13, 0x81, 0x41, 0xa2];
let msg = [0x00, 0x1d, 0x0c, 0x23, 0x12, 0x87, 0xc1, 0x18, 0x27, 0x84, 0x55, 0x4c, 0xa3, 0xa2, 0x19, 0x08];
let aad = [];

let (ciphertext, tag) = match aead::encrypt(Algorithm::Chacha20Poly1305, &key, &msg, &iv, &aad) {
   Ok(r) => r,
   Err(e) => panic!("Error encrypting.\n{:?}", e),
};

let msg_ = match aead::decrypt(Algorithm::Chacha20Poly1305, &key, &ciphertext, &tag, &iv, &aad) {
    Ok(r) => r,
    Err(e) => panic!("Error decrypting.\n{:?}", e),
};

assert_eq!(&msg[..], &msg_[..]);

Structs

• Aead
  The Aead struct allows to re-use a key without having to initialize it every time.

Enums

• Algorithm
  The AEAD Algorithm Identifier.
• Error
  AEAD Errors

Functions

• decrypt
  Single-shot API for AEAD decryption.
• decrypt_combined
  Single-shot API for combined AEAD decryption.
• decrypt_in_place
  Single-shot API for AEAD decryption in place.
• encrypt
  Single-shot API for AEAD encryption.
• encrypt_combined
  Single-shot API for combined AEAD encryption.
• encrypt_in_place
  Single-shot API for in place AEAD encryption.
• hacl_aes_available^⚠
  Check hardware support for HACL* AES implementation.
• key_gen
  Generate a random key.
• nonce_gen
  Generate a nonce.

Type Aliases

• Aad
  Associated data are byte arrays.
• Aes128Key
• Aes256Key
• Chacha20Key
• Ciphertext
  Ciphertexts are byte vectors.
• Tag