Tink-Rust: Authenticated Encryption with Additional Data

This crate provides authenticated encryption with additional data (AEAD) functionality, as described in the upstream Tink documentation.

Usage

```Rust fn main() -> Result<(), Box> { tinkaead::init(); let kh = tinkcore::keyset::Handle::new(&tinkaead::aes256gcmkeytemplate())?; let a = tink_aead::new(&kh)?;

let pt = b"this data needs to be encrypted";
let aad = b"this data needs to be authenticated, but not encrypted";
let ct = a.encrypt(pt, aad)?;
println!("'{}' => {}", String::from_utf8_lossy(pt), hex::encode(&ct));

let pt2 = a.decrypt(&ct, aad)?;
assert_eq!(&pt[..], pt2);
Ok(())

} ```

License

Apache License, Version 2.0

Known Issues

• Before version 0.2.4, AES-CTR-HMAC-AEAD keys and the subtle::EncryptThenAuthenticate implementation may be vulnerable to chosen-ciphertext attacks. An attacker can generate ciphertexts that bypass the HMAC verification if and only if all of the following conditions are true:
  • Tink is used on systems where usize is a 32-bit integer. This is usually the case on 32-bit machines.
  • The attacker can specify long (>= 2^29 bytes ~ 536MB) associated data

Disclaimer

This is not an officially supported Google product.