Module crypto.aead
AEAD (Authenticated Encryption with Associated Data) operations.
This module provides a Lua wrapper for AEAD operations, using the underlying 'crypto_aead' C module.
Class AEAD
| AEAD:authsize () | Gets the authentication tag size. |
| AEAD:close () | Closes the cipher instance and releases underlying C resources. |
| AEAD:decrypt (nonce, ciphertext_with_tag[, aad]) | Decrypts ciphertext. |
| AEAD:encrypt (nonce, plaintext[, aad]) | Encrypts plaintext. |
| AEAD:ivsize () | Gets the required nonce/IV size. |
| AEAD:setauthsize (size) | Sets the authentication tag size. |
| AEAD:setkey (key) | Sets the encryption key. |
aead
| new (algname) | Creates a new AEAD cipher instance. |
Class AEAD
Prototype for AEAD instances.
Objects of this type are created by
AeadModule.new().
- AEAD:authsize ()
-
Gets the authentication tag size.
Returns:
-
number
The current tag size in bytes.
- AEAD:close ()
- Closes the cipher instance and releases underlying C resources. If not called explicitly, this will be called by the garbage collector.
- AEAD:decrypt (nonce, ciphertext_with_tag[, aad])
-
Decrypts ciphertext.
Parameters:
- nonce
string
The unique nonce (must match encryption). Its length should match
self:ivsize(). - ciphertext_with_tag string The ciphertext including the tag.
- aad string Additional Authenticated Data (must match encryption). Defaults to an empty string if nil. (optional)
Returns:
-
string
plaintext The decrypted data on success.
Raises:
Error if decryption fails in C (e.g., tag mismatch). - nonce
string
The unique nonce (must match encryption). Its length should match
- AEAD:encrypt (nonce, plaintext[, aad])
-
Encrypts plaintext.
Parameters:
- nonce
string
The unique nonce. Its length should match
self:ivsize(). - plaintext string The plaintext to encrypt.
- aad string Additional Authenticated Data. Defaults to an empty string if nil. (optional)
Returns:
- string ciphertextwithtag The encrypted data including the authentication tag.
-
number
tag_length The length of the authentication tag in bytes (equal to
self:authsize()).
Raises:
Error if encryption fails in C. - nonce
string
The unique nonce. Its length should match
- AEAD:ivsize ()
-
Gets the required nonce/IV size.
Returns:
-
number
The required IV size in bytes.
- AEAD:setauthsize (size)
-
Sets the authentication tag size.
Parameters:
- size number The desired tag size in bytes.
Raises:
Error if C operation fails. - AEAD:setkey (key)
-
Sets the encryption key.
Parameters:
- key string The encryption key.
Raises:
Error if setting the key fails (e.g., invalid key length for the algorithm).
aead
- new (algname)
-
Creates a new AEAD cipher instance.
Parameters:
- algname string The algorithm name, e.g., "gcm(aes)".
Returns:
-
Aead
An AEAD instance.
Raises:
Error if C object creation fails.Usage:
local aead = require("crypto.aead") local gcm_aes = aead.new("gcm(aes)")