@@ -159,6 +159,88 @@ pub trait AeadCore {
159159 }
160160}
161161
162+ /// Authenticated Encryption with Associated Data (AEAD) algorithm.
163+ #[ cfg( feature = "alloc" ) ]
164+ pub trait Aead : AeadCore {
165+ /// Encrypt the given plaintext payload, and return the resulting
166+ /// ciphertext as a vector of bytes.
167+ ///
168+ /// The [`Payload`] type can be used to provide Additional Associated Data
169+ /// (AAD) along with the message: this is an optional bytestring which is
170+ /// not encrypted, but *is* authenticated along with the message. Failure
171+ /// to pass the same AAD that was used during encryption will cause
172+ /// decryption to fail, which is useful if you would like to "bind" the
173+ /// ciphertext to some other identifier, like a digital signature key
174+ /// or other identifier.
175+ ///
176+ /// If you don't care about AAD and just want to encrypt a plaintext
177+ /// message, `&[u8]` will automatically be coerced into a `Payload`:
178+ ///
179+ /// ```nobuild
180+ /// let plaintext = b"Top secret message, handle with care";
181+ /// let ciphertext = cipher.encrypt(nonce, plaintext);
182+ /// ```
183+ ///
184+ /// The default implementation assumes a postfix tag (ala AES-GCM,
185+ /// AES-GCM-SIV, ChaCha20Poly1305). [`Aead`] implementations which do not
186+ /// use a postfix tag will need to override this to correctly assemble the
187+ /// ciphertext message.
188+ fn encrypt < ' msg , ' aad > (
189+ & self ,
190+ nonce : & Nonce < Self > ,
191+ plaintext : impl Into < Payload < ' msg , ' aad > > ,
192+ ) -> Result < Vec < u8 > > ;
193+
194+ /// Decrypt the given ciphertext slice, and return the resulting plaintext
195+ /// as a vector of bytes.
196+ ///
197+ /// See notes on [`Aead::encrypt()`] about allowable message payloads and
198+ /// Associated Additional Data (AAD).
199+ ///
200+ /// If you have no AAD, you can call this as follows:
201+ ///
202+ /// ```nobuild
203+ /// let ciphertext = b"...";
204+ /// let plaintext = cipher.decrypt(nonce, ciphertext)?;
205+ /// ```
206+ ///
207+ /// The default implementation assumes a postfix tag (ala AES-GCM,
208+ /// AES-GCM-SIV, ChaCha20Poly1305). [`Aead`] implementations which do not
209+ /// use a postfix tag will need to override this to correctly parse the
210+ /// ciphertext message.
211+ fn decrypt < ' msg , ' aad > (
212+ & self ,
213+ nonce : & Nonce < Self > ,
214+ ciphertext : impl Into < Payload < ' msg , ' aad > > ,
215+ ) -> Result < Vec < u8 > > ;
216+ }
217+
218+ #[ cfg( feature = "alloc" ) ]
219+ impl < T : AeadInOut > Aead for T {
220+ fn encrypt < ' msg , ' aad > (
221+ & self ,
222+ nonce : & Nonce < Self > ,
223+ plaintext : impl Into < Payload < ' msg , ' aad > > ,
224+ ) -> Result < Vec < u8 > > {
225+ let payload = plaintext. into ( ) ;
226+ let mut buffer = Vec :: with_capacity ( payload. msg . len ( ) + Self :: TagSize :: to_usize ( ) ) ;
227+ buffer. extend_from_slice ( payload. msg ) ;
228+ self . encrypt_in_place ( nonce, payload. aad , & mut buffer) ?;
229+ Ok ( buffer)
230+ }
231+
232+ fn decrypt < ' msg , ' aad > (
233+ & self ,
234+ nonce : & Nonce < Self > ,
235+ ciphertext : impl Into < Payload < ' msg , ' aad > > ,
236+ ) -> Result < Vec < u8 > > {
237+ let payload = ciphertext. into ( ) ;
238+ let mut buffer = Vec :: from ( payload. msg ) ;
239+ self . decrypt_in_place ( nonce, payload. aad , & mut buffer) ?;
240+ Ok ( buffer)
241+ }
242+ }
243+
162244/// In-place and inout AEAD trait which handles the authentication tag as a return value/separate parameter.
163245pub trait AeadInOut : AeadCore {
164246 /// Encrypt the data in the provided [`InOutBuf`], returning the authentication tag.
@@ -247,88 +329,6 @@ pub trait AeadInOut: AeadCore {
247329 }
248330}
249331
250- /// Authenticated Encryption with Associated Data (AEAD) algorithm.
251- #[ cfg( feature = "alloc" ) ]
252- pub trait Aead : AeadCore {
253- /// Encrypt the given plaintext payload, and return the resulting
254- /// ciphertext as a vector of bytes.
255- ///
256- /// The [`Payload`] type can be used to provide Additional Associated Data
257- /// (AAD) along with the message: this is an optional bytestring which is
258- /// not encrypted, but *is* authenticated along with the message. Failure
259- /// to pass the same AAD that was used during encryption will cause
260- /// decryption to fail, which is useful if you would like to "bind" the
261- /// ciphertext to some other identifier, like a digital signature key
262- /// or other identifier.
263- ///
264- /// If you don't care about AAD and just want to encrypt a plaintext
265- /// message, `&[u8]` will automatically be coerced into a `Payload`:
266- ///
267- /// ```nobuild
268- /// let plaintext = b"Top secret message, handle with care";
269- /// let ciphertext = cipher.encrypt(nonce, plaintext);
270- /// ```
271- ///
272- /// The default implementation assumes a postfix tag (ala AES-GCM,
273- /// AES-GCM-SIV, ChaCha20Poly1305). [`Aead`] implementations which do not
274- /// use a postfix tag will need to override this to correctly assemble the
275- /// ciphertext message.
276- fn encrypt < ' msg , ' aad > (
277- & self ,
278- nonce : & Nonce < Self > ,
279- plaintext : impl Into < Payload < ' msg , ' aad > > ,
280- ) -> Result < Vec < u8 > > ;
281-
282- /// Decrypt the given ciphertext slice, and return the resulting plaintext
283- /// as a vector of bytes.
284- ///
285- /// See notes on [`Aead::encrypt()`] about allowable message payloads and
286- /// Associated Additional Data (AAD).
287- ///
288- /// If you have no AAD, you can call this as follows:
289- ///
290- /// ```nobuild
291- /// let ciphertext = b"...";
292- /// let plaintext = cipher.decrypt(nonce, ciphertext)?;
293- /// ```
294- ///
295- /// The default implementation assumes a postfix tag (ala AES-GCM,
296- /// AES-GCM-SIV, ChaCha20Poly1305). [`Aead`] implementations which do not
297- /// use a postfix tag will need to override this to correctly parse the
298- /// ciphertext message.
299- fn decrypt < ' msg , ' aad > (
300- & self ,
301- nonce : & Nonce < Self > ,
302- ciphertext : impl Into < Payload < ' msg , ' aad > > ,
303- ) -> Result < Vec < u8 > > ;
304- }
305-
306- #[ cfg( feature = "alloc" ) ]
307- impl < T : AeadInOut > Aead for T {
308- fn encrypt < ' msg , ' aad > (
309- & self ,
310- nonce : & Nonce < Self > ,
311- plaintext : impl Into < Payload < ' msg , ' aad > > ,
312- ) -> Result < Vec < u8 > > {
313- let payload = plaintext. into ( ) ;
314- let mut buffer = Vec :: with_capacity ( payload. msg . len ( ) + Self :: TagSize :: to_usize ( ) ) ;
315- buffer. extend_from_slice ( payload. msg ) ;
316- self . encrypt_in_place ( nonce, payload. aad , & mut buffer) ?;
317- Ok ( buffer)
318- }
319-
320- fn decrypt < ' msg , ' aad > (
321- & self ,
322- nonce : & Nonce < Self > ,
323- ciphertext : impl Into < Payload < ' msg , ' aad > > ,
324- ) -> Result < Vec < u8 > > {
325- let payload = ciphertext. into ( ) ;
326- let mut buffer = Vec :: from ( payload. msg ) ;
327- self . decrypt_in_place ( nonce, payload. aad , & mut buffer) ?;
328- Ok ( buffer)
329- }
330- }
331-
332332/// AEAD payloads (message + AAD).
333333///
334334/// Combination of a message (plaintext or ciphertext) and
0 commit comments