Ascon AEAD

Pure Rust implementation of the lightweight Authenticated Encryption with Associated Data (AEAD) algorithm Ascon-AEAD128.

Security Notes

No security audits of this crate have ever been performed.

USE AT YOUR OWN RISK!

Minimum Supported Rust Version

This crate requires Rust 1.85 at a minimum.

License

Licensed under either of:

• Apache License, Version 2.0
• MIT license

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

lib.rs:

Usage

Simple usage (allocating, no associated data):

use ascon_aead::{AsconAead128, AsconAead128Key, AsconAead128Nonce, Key, Nonce};
use ascon_aead::aead::{Aead, KeyInit};

let key = AsconAead128Key::from_slice(b"very secret key.");
let cipher = AsconAead128::new(key);

// 128-bits; unique per message
let nonce = AsconAead128Nonce::from_slice(b"unique nonce 012");

let ciphertext = cipher.encrypt(nonce, b"plaintext message".as_ref())
    .expect("encryption failure!"); // NOTE: handle this error to avoid panics!

let plaintext = cipher.decrypt(nonce, ciphertext.as_ref())
    .expect("decryption failure!"); // NOTE: handle this error to avoid panics!

assert_eq!(&plaintext, b"plaintext message");

With randomly sampled keys and nonces (requires getrandom feature):

use ascon_aead::AsconAead128;
use ascon_aead::aead::{Aead, AeadCore, KeyInit};

let key = AsconAead128::generate_key()
    .expect("key generation failure"); // NOTE: handle this error to avoid panics!
let cipher = AsconAead128::new(&key);

// 128 bits; unique per message
let nonce = AsconAead128::generate_nonce()
    .expect("nonce generation failure"); // NOTE: handle this error to avoid panics!

let ciphertext = cipher.encrypt(&nonce, b"plaintext message".as_ref())
    .expect("encryption failure!"); // NOTE: handle this error to avoid panics!

let plaintext = cipher.decrypt(&nonce, ciphertext.as_ref())
    .expect("decryption failure!"); // NOTE: handle this error to avoid panics!

assert_eq!(&plaintext, b"plaintext message");

In-place Usage (eliminates alloc requirement)

This crate has an optional alloc feature which can be disabled in e.g. microcontroller environments that don't have a heap.

The AeadInOut::encrypt_in_place and AeadInOut::decrypt_in_place methods accept any type that impls the aead::Buffer trait which contains the plaintext for encryption or ciphertext for decryption.

Enabling the arrayvec feature of this crate will provide an impl of aead::Buffer for arrayvec::ArrayVec (re-exported from the aead crate as aead::arrayvec::ArrayVec), and enabling the bytes feature of this crate will provide an impl of aead::Buffer for bytes::BytesMut (re-exported from the aead crate as aead::bytes::BytesMut).

Truncated Tags

Ascon-AEAD128 also supports truncated tags ranging from 32 to 128 bits. Currently, only byte lengths are supported. Support for truncated tags is available via TruncatedAsconAEAD128.

use aead::consts::{U5};
use ascon_aead::{TruncatedAsconAead128, Key, Nonce};
use ascon_aead::aead::{Aead, KeyInit};

type TruncatedAscon = TruncatedAsconAead128<U5>;
let key = Key::<TruncatedAscon>::from_slice(b"very secret key.");
let cipher = TruncatedAscon::new(key);

// 128-bits; unique per message
let nonce = Nonce::<TruncatedAscon>::from_slice(b"unique nonce 012");

let ciphertext = cipher.encrypt(nonce, b"plaintext message".as_ref())
    .expect("encryption failure!"); // NOTE: handle this error to avoid panics!

let plaintext = cipher.decrypt(nonce, ciphertext.as_ref())
    .expect("decryption failure!"); // NOTE: handle this error to avoid panics!

assert_eq!(&plaintext, b"plaintext message");