AESAES (Advanced Encryption Standard) is a symmetric-key block cipher standardized by NIST (National Institute of Standards and Technology) in 2001. It replaced the older DES (Data Encryption Standard) and has since become the most widely used algorithm for secure data encryption worldwide.
Key Characteristics:
* Symmetric-Key: The same key is used for both encryption and decryption. This means the key must be securely shared between the communicating parties.
* Block Cipher: AES operates on fixed-size blocks of data, specifically 128 bits (16 bytes). This means that any data not perfectly fitting into 128-bit blocks must be padded before encryption.
* Key Sizes: AES supports three different key sizes: 128-bit, 192-bit, and 256-bit. A larger key size generally implies stronger encryption, making brute-force attacks more computationally intensive.
How it Works (High-Level):
AES encrypts data by performing a series of substitutions, permutations, mixing, and key additions over multiple rounds. The number of rounds depends on the key size (10 rounds for 128-bit keys, 12 for 192-bit, and 14 for 256-bit). Each round transforms the 128-bit data block based on a round key derived from the main secret key.
Modes of Operation:
While AES itself only encrypts 128-bit blocks, real-world data is often much larger. To securely encrypt data streams or messages longer than 128 bits, AES is used in conjunction with various 'modes of operation'. These modes dictate how the block cipher is applied repeatedly and how an Initialization Vector (IV) or Nonce (Number used once) is used to ensure security:
* ECB (Electronic Codebook): The simplest mode. Each 128-bit block is encrypted independently. It's generally *not recommended* for most applications because identical plaintext blocks will produce identical ciphertext blocks, potentially revealing patterns in the data.
* CBC (Cipher Block Chaining): Each plaintext block is XORed with the previous ciphertext block before encryption. Requires an IV (Initialization Vector) for the first block. This makes identical plaintext blocks produce different ciphertext blocks. It's widely used but requires careful handling of padding and IVs.
* CTR (Counter Mode): Transforms a block cipher into a stream cipher. It encrypts a unique 'counter' (which includes a Nonce) for each block and XORs the result with the plaintext. This allows for parallel encryption/decryption and doesn't require padding.
* GCM (Galois/Counter Mode): A highly recommended authenticated encryption mode. It combines the CTR mode for encryption with a Galois Message Authentication Code (GMAC) for data authenticity and integrity. This means GCM not only encrypts data but also verifies that it hasn't been tampered with. It requires a Nonce and can optionally include 'Associated Data' (AAD) which is authenticated but not encrypted.
Initialization Vector (IV) / Nonce:
An IV or Nonce is a random or pseudo-random value that is used alongside the key in encryption. Its primary purpose is to ensure that even if the same plaintext is encrypted multiple times with the same key, the resulting ciphertext will be different each time. This prevents certain types of attacks. IVs/Nonces do not need to be secret but *must* be unique for each encryption operation under the same key.
Padding:
When using block cipher modes like CBC, the plaintext must be a multiple of the block size (128 bits for AES). If the plaintext is not a perfect multiple, padding schemes (e.g., PKCS7 padding) are used to add extra bytes to the end of the data to reach the required block size. These padding bytes are then removed during decryption.
Rust Libraries for AES:
In Rust, AES functionality is typically provided by cryptographic crates that implement the algorithm and its various modes of operation. Common crates include `aes` (for the core block cipher primitive), `block-modes` (for CBC, CTR, etc.), and `aes-gcm` (for GCM mode). These crates often adhere to traits defined by the `aead` (Authenticated Encryption with Associated Data) and `cipher` crates, providing a consistent API.
Example Code
```rust
use aes_gcm::{
aead::{Aead, KeyInit, OsRng},
Aes256Gcm, Nonce, Key,
};
use rand::RngCore;
fn main() -> Result<(), Box<dyn std::error::Error>> {
// 1. Generate a random 256-bit key
let mut key_bytes = [0u8; 32];
OsRng.fill_bytes(&mut key_bytes);
let key = Key::<Aes256Gcm>::from_slice(&key_bytes);
// Initialize AES-256-GCM cipher
let cipher = Aes256Gcm::new(key);
// 2. Generate a random 96-bit (12-byte) Nonce for each encryption operation
// It's crucial that the Nonce is unique for every encryption with the same key.
let mut nonce_bytes = [0u8; 12];
OsRng.fill_bytes(&mut nonce_bytes);
let nonce = Nonce::<Aes256Gcm>::from_slice(&nonce_bytes); // 96-bit; unique per encryption
// 3. Define the plaintext and optional associated data (AAD)
let plaintext = b"This is a super secret message!";
let associated_data = b"metadata-for-this-message"; // Authenticated but not encrypted
println!("Original plaintext: {:?}", String::from_utf8_lossy(plaintext));
println!("Key (hex): {:x?}", key_bytes);
println!("Nonce (hex): {:x?}", nonce_bytes);
// 4. Encrypt the plaintext
let ciphertext_with_tag = cipher.encrypt(nonce, plaintext.as_ref(), associated_data.as_ref())
.map_err(|e| format!("Encryption error: {:?}", e))?;
println!("\nEncrypted ciphertext (hex): {:x?}", ciphertext_with_tag);
// --- Decryption --- //
// 5. Decrypt the ciphertext
// The same key, nonce, and associated_data are required for decryption.
let decrypted_data = cipher.decrypt(nonce, ciphertext_with_tag.as_ref(), associated_data.as_ref())
.map_err(|e| format!("Decryption error: {:?}", e))?;
println!("Decrypted plaintext: {:?}", String::from_utf8_lossy(&decrypted_data));
// 6. Demonstrate failure if data is tampered with or incorrect key/nonce is used
println!("\n--- Demonstrating Decryption Failure ---");
let mut tampered_ciphertext = ciphertext_with_tag.clone();
// Tamper with one byte of the ciphertext
if let Some(byte) = tampered_ciphertext.get_mut(0) {
*byte = byte.wrapping_add(1);
}
match cipher.decrypt(nonce, tampered_ciphertext.as_ref(), associated_data.as_ref()) {
Ok(_) => println!("Error: Tampered data was decrypted successfully!"),
Err(e) => println!("Decryption failed as expected (tampered data): {:?}", e),
}
// Attempt with wrong nonce
let mut wrong_nonce_bytes = [0u8; 12];
OsRng.fill_bytes(&mut wrong_nonce_bytes);
let wrong_nonce = Nonce::<Aes256Gcm>::from_slice(&wrong_nonce_bytes);
match cipher.decrypt(wrong_nonce, ciphertext_with_tag.as_ref(), associated_data.as_ref()) {
Ok(_) => println!("Error: Decrypted with wrong nonce!"),
Err(e) => println!("Decryption failed as expected (wrong nonce): {:?}", e),
}
Ok(())
}
/*
To run this code, add the following to your `Cargo.toml`:
[dependencies]
aes-gcm = "0.10"
rand = { version = "0.8", features = ["getrandom"] }
*/
```