Module dryoc::dryocstream

source ·
Expand description

Encrypted streams

DryocStream implements libsodium’s secret-key authenticated stream encryption, also known as a secretstream. This implementation uses the XChaCha20 stream cipher, and Poly1305 for message authentication.

You should use a DryocStream when you want to:

  • read and write messages from/to a file or network socket
  • exchange messages between two parties
  • send messages in a particular sequence, and authenticate the order of messages
  • provide a way to determine the start and end of a sequence of messages
  • use a shared secret, which could be pre-shared, or derived using one or more of:

Rustaceous API example

use dryoc::dryocstream::*;
let message1 = b"Arbitrary data to encrypt";
let message2 = b"split into";
let message3 = b"three messages";

// Generate a random secret key for this stream
let key = Key::gen();

// Initialize the push side, type annotations required on return type
let (mut push_stream, header): (_, Header) = DryocStream::init_push(&key);

// Encrypt a series of messages
let c1 = push_stream
    .push_to_vec(message1, None, Tag::MESSAGE)
    .expect("Encrypt failed");
let c2 = push_stream
    .push_to_vec(message2, None, Tag::MESSAGE)
    .expect("Encrypt failed");
let c3 = push_stream
    .push_to_vec(message3, None, Tag::FINAL)
    .expect("Encrypt failed");

// Initialize the pull side using header generated by the push side
let mut pull_stream = DryocStream::init_pull(&key, &header);

// Decrypt the encrypted messages, type annotations required
let (m1, tag1) = pull_stream.pull_to_vec(&c1, None).expect("Decrypt failed");
let (m2, tag2) = pull_stream.pull_to_vec(&c2, None).expect("Decrypt failed");
let (m3, tag3) = pull_stream.pull_to_vec(&c3, None).expect("Decrypt failed");

assert_eq!(message1, m1.as_slice());
assert_eq!(message2, m2.as_slice());
assert_eq!(message3, m3.as_slice());

assert_eq!(tag1, Tag::MESSAGE);
assert_eq!(tag2, Tag::MESSAGE);
assert_eq!(tag3, Tag::FINAL);

Additional resources

Re-exports

Modules

Structs

  • Secret-key authenticated encrypted streams
  • Indicates a pull stream
  • Indicates a push stream
  • Message tag definitions

Traits

  • Stream mode marker trait

Type Aliases

  • Stack-allocated header data for authenticated secret streams.
  • Stack-allocated secret for authenticated secret streams.
  • Stack-allocated nonce for authenticated secret streams.