Module type Mirage_crypto.AEAD

Authenticated encryption with associated data.

This defines a uniform interface of symmetrics cryptographic algorithms which encrypt, and also protect the integrity of the data. Additional data, only used for integrity protection, not encrypted and not part of the ciphertext, can be passed in optionally. This prevents the same ciphertext being used at a different location. See RFC 5116 for further description.

type key

The abstract type for the key.

val authenticate_encrypt : key:key -> nonce:Cstruct.t -> ?⁠adata:Cstruct.t -> Cstruct.t -> Cstruct.t

authenticate_encrypt ~key ~nonce ~adata msg encrypts msg with key and nonce, and appends an authentication tag computed over the encrypted msg, using key, nonce, and adata.

raises Invalid_argument

if nonce is not of the right size.

val authenticate_decrypt : key:key -> nonce:Cstruct.t -> ?⁠adata:Cstruct.t -> Cstruct.t -> Cstruct.t option

authenticate_decrypt ~key ~nonce ~adata msg splits msg into encrypted data and authentication tag, computes the authentication tag using key, nonce, and adata, and decrypts the encrypted data. If the authentication tags match, the decrypted data is returned.

raises Invalid_argument

if nonce is not of the right size.