Hi all. Disclaimer...I am relatively new to Rust, but I do have deep experience in java, including some advanced encryption/decryption support.
In learning cryptography from a rust perspective, I'm interested to re-enact a previous use case I encountered in work, namely, random access decryption given an arbitrary (but legal!) offset. This was easily achieved using AES-CBC and later AES-CFB, as computing the correct IV is trivial in these cases.
In choosing ring to handle symmetric encryption, it seems that I am constraining myself to AEAD algorithms, so I chose AES-GCM...this is a choice I am in theory perfectly happy with.
My reading leads me to believe that computing the IV is relatively straightforward for AES-GCM as well, especially if you limit yourself to a 12 byte nonce. I am, however, stumped at the mechanism by which I can drive the ring API to handle a "calculated" IV. The API I have explored so far only appears to support "all or nothing"...perhaps this is due to the difficulties around performing the authentication portion? Am I simply using the wrong library for the use case I have in mind?
I attempted to decrypt just the first block, but this fails:
let symm_algo = &AES_256_GCM; let mut in_out = content.clone(); let mut nonce_vec : Vec<u8> = vec![0; 12]; let rand = SystemRandom::new(); rand.fill(&mut nonce_vec).unwrap(); let mut nonce: [u8; 12] = [0; 12]; nonce.copy_from_slice(&nonce_vec[0..12]); let unbound_key = UnboundKey::new(symm_algo, &key).unwrap(); let less_safe_key = LessSafeKey::new(unbound_key); less_safe_key.seal_in_place_append_tag(Nonce::assume_unique_for_key(nonce), Aad::from(&additional_data), &mut in_out).unwrap(); let decrypted_data = less_safe.open_in_place(Nonce::assume_unique_for_key(nonce), Aad::from(&additional_data), &mut in_out[0..16]).unwrap();
perhaps predictably this failed, as there is none of the tag information.
Can anyone offer any insight or examples for how to do random access decryption using ring? Or am I better off finding another library? I don't mind losing the authentication aspect, but as previously stated, ring appears to only support AEAD algorithms.