Expand description
Secret stream functions
Implements authenticated encrypted streams as per https://libsodium.gitbook.io/doc/secret-key_cryptography/secretstream.
This API is compatible with libsodium’s implementation.
Classic API example
use dryoc::classic::crypto_secretstream_xchacha20poly1305::*;
use dryoc::constants::{
CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_ABYTES,
CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_FINAL,
CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_MESSAGE,
};
let message1 = b"Arbitrary data to encrypt";
let message2 = b"split into";
let message3 = b"three messages";
// Generate a key
let mut key = Key::default();
crypto_secretstream_xchacha20poly1305_keygen(&mut key);
// Create stream push state
let mut state = State::new();
let mut header = Header::default();
crypto_secretstream_xchacha20poly1305_init_push(&mut state, &mut header, &key);
let (mut c1, mut c2, mut c3) = (
vec![0u8; message1.len() + CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_ABYTES],
vec![0u8; message2.len() + CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_ABYTES],
vec![0u8; message3.len() + CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_ABYTES],
);
// Encrypt a series of messages
crypto_secretstream_xchacha20poly1305_push(
&mut state,
&mut c1,
message1,
None,
CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_MESSAGE,
)
.expect("Encrypt failed");
crypto_secretstream_xchacha20poly1305_push(
&mut state,
&mut c2,
message2,
None,
CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_MESSAGE,
)
.expect("Encrypt failed");
crypto_secretstream_xchacha20poly1305_push(
&mut state,
&mut c3,
message3,
None,
CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_FINAL,
)
.expect("Encrypt failed");
// Create stream pull state, using the same key as above with a new state.
let mut state = State::new();
crypto_secretstream_xchacha20poly1305_init_pull(&mut state, &header, &key);
let (mut m1, mut m2, mut m3) = (
vec![0u8; message1.len()],
vec![0u8; message2.len()],
vec![0u8; message3.len()],
);
let (mut tag1, mut tag2, mut tag3) = (0u8, 0u8, 0u8);
// Decrypt the stream of messages
crypto_secretstream_xchacha20poly1305_pull(&mut state, &mut m1, &mut tag1, &c1, None)
.expect("Decrypt failed");
crypto_secretstream_xchacha20poly1305_pull(&mut state, &mut m2, &mut tag2, &c2, None)
.expect("Decrypt failed");
crypto_secretstream_xchacha20poly1305_pull(&mut state, &mut m3, &mut tag3, &c3, None)
.expect("Decrypt failed");
assert_eq!(message1, m1.as_slice());
assert_eq!(message2, m2.as_slice());
assert_eq!(message3, m3.as_slice());
assert_eq!(tag1, CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_MESSAGE);
assert_eq!(tag2, CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_MESSAGE);
assert_eq!(tag3, CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_FINAL);Structs
- Stream state data
Functions
- Initializes a pull stream from
headerintostateusingkeyand returns a stream header. The stream header can be generated using crypto_secretstream_xchacha20poly1305_init_push. - Initializes a push stream into
stateusingkeyand returns a stream header. The stream header can be used to initialize a pull stream using the same key (i.e., using crypto_secretstream_xchacha20poly1305_init_pull). - Generates a random stream key using crate::rng::copy_randombytes.
- Decrypts
ciphertextfrom the stream forstatewith optionaladditional_data, placing the result intomessage(which must be manually resized) andtag. Returns the length of the message. - Encrypts
messagefrom the stream forstate, withtagand optionalassociated_data, placing the result intociphertext. - Manually rekeys a stream.
Type Aliases
- Container for stream header data
- A secret for authenticated secret streams.
- A nonce for authenticated secret streams.