Pure Rust implementation of AES256-CTR/Poly1305-AES: an Authenticated Encryption with Associated Data (AEAD) cipher amenable to fast, constant-time implementations in software, based on the AES256-CTR stream cipher and the Poly1305-AES MAC which uses the Poly1305 universal hash function in combination with the AES-128 block cipher.
A lot code is copied from the chacha20poly1305 crate
AES256-CTR is widely known as stream cipher using the AES256 block cipher. Poly1305-AES as MAC has been proposed by Daniel J. Bernstein in his famous paper The Poly1305-AES message-authentication code.
While both the stream cipher and the MAC are not commonly used, there exists software which uses the combination to encrypt and authenticate the data, e.g. the backup software restic.
Licensed under either of:
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.