AesGcm

aes_gcm

Struct AesGcm 

Source 
pub struct AesGcm<Aes, NonceSize, TagSize = U16>
where
    TagSize: TagSize,
{
    pub(crate) cipher: Aes,
    pub(crate) ghash: GHash,
    pub(crate) nonce_size: PhantomData<NonceSize>,
    pub(crate) tag_size: PhantomData<TagSize>,
}
Expand description

AES-GCM: generic over an underlying AES implementation and nonce size.

This type is generic to support substituting alternative AES implementations (e.g. embedded hardware implementations)

It is NOT intended to be instantiated with any block cipher besides AES! Doing so runs the risk of unintended cryptographic properties!

The NonceSize generic parameter can be used to instantiate AES-GCM with other nonce sizes, however it’s recommended to use it with typenum::U12, the default of 96-bits.

The TagSize generic parameter can be used to instantiate AES-GCM with other authorization tag sizes, however it’s recommended to use it with typenum::U16, the default of 128-bits.

If in doubt, use the built-in Aes128Gcm and Aes256Gcm type aliases.

Fields§

§cipher: Aes

Encryption cipher.

§ghash: GHash

GHASH authenticator.

§nonce_size: PhantomData<NonceSize>

Length of the nonce.

§tag_size: PhantomData<TagSize>

Length of the tag.

Implementations§

Source§

impl<Aes, NonceSize, TagSize> AesGcm<Aes, NonceSize, TagSize>
where Aes: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt, NonceSize: ArrayLength<u8>, TagSize: TagSize,

Source

pub(crate) fn init_ctr( &self, nonce: &Nonce<NonceSize>, ) -> (CtrCore<&Aes, Ctr32BE>, GenericArray<u8, U16>)

Initialize counter mode.

See algorithm described in Section 7.2 of NIST SP800-38D: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf

Define a block, J0, as follows: If len(IV)=96, then J0 = IV || 0{31} || 1. If len(IV) ≠ 96, then let s = 128 ⎡len(IV)/128⎤-len(IV), and J0=GHASH(IV||0s+64||[len(IV)]64).

Source

pub(crate) fn compute_tag( &self, mask: GenericArray<u8, U16>, associated_data: &[u8], buffer: &[u8], ) -> Tag

Authenticate the given plaintext and associated data using GHASH.

Trait Implementations§

Source§

impl<Aes, NonceSize, TagSize> AeadCore for AesGcm<Aes, NonceSize, TagSize>
where NonceSize: ArrayLength<u8>, TagSize: TagSize,

Source§

type NonceSize = NonceSize

The length of a nonce.
Source§

type TagSize = TagSize

The maximum length of the nonce.
Source§

type CiphertextOverhead = UTerm

The upper bound amount of additional space required to support a ciphertext vs. a plaintext.
Source§

fn generate_nonce( rng: impl CryptoRng + RngCore, ) -> GenericArray<u8, Self::NonceSize>
where GenericArray<u8, Self::NonceSize>: Default,

Generate a random nonce for this AEAD algorithm. Read more
Source§

impl<Aes, NonceSize, TagSize> AeadInPlace for AesGcm<Aes, NonceSize, TagSize>
where Aes: BlockCipher + BlockSizeUser<BlockSize = U16> + BlockEncrypt, NonceSize: ArrayLength<u8>, TagSize: TagSize,

Source§

fn encrypt_in_place_detached( &self, nonce: &Nonce<NonceSize>, associated_data: &[u8], buffer: &mut [u8], ) -> Result<Tag<TagSize>, Error>

Encrypt the data in-place, returning the authentication tag
Source§

fn decrypt_in_place_detached( &self, nonce: &Nonce<NonceSize>, associated_data: &[u8], buffer: &mut [u8], tag: &Tag<TagSize>, ) -> Result<(), Error>

Decrypt the message in-place, returning an error in the event the provided authentication tag does not match the given ciphertext (i.e. ciphertext is modified/unauthentic)
Source§

fn encrypt_in_place( &self, nonce: &GenericArray<u8, Self::NonceSize>, associated_data: &[u8], buffer: &mut dyn Buffer, ) -> Result<(), Error>

Encrypt the given buffer containing a plaintext message in-place. Read more
Source§

fn decrypt_in_place( &self, nonce: &GenericArray<u8, Self::NonceSize>, associated_data: &[u8], buffer: &mut dyn Buffer, ) -> Result<(), Error>

Decrypt the message in-place, returning an error in the event the provided authentication tag does not match the given ciphertext. Read more
Source§

impl<Aes: Clone, NonceSize: Clone, TagSize> Clone for AesGcm<Aes, NonceSize, TagSize>
where TagSize: TagSize + Clone,

Source§

fn clone(&self) -> AesGcm<Aes, NonceSize, TagSize>

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<Aes, NonceSize, TagSize> From<Aes> for AesGcm<Aes, NonceSize, TagSize>
where Aes: BlockSizeUser<BlockSize = U16> + BlockEncrypt, TagSize: TagSize,

Source§

fn from(cipher: Aes) -> Self

Converts to this type from the input type.
Source§

impl<Aes, NonceSize, TagSize> KeyInit for AesGcm<Aes, NonceSize, TagSize>
where Aes: BlockSizeUser<BlockSize = U16> + BlockEncrypt + KeyInit, TagSize: TagSize,

Source§

fn new(key: &Key<Self>) -> Self

Create new value from fixed size key.
Source§

fn new_from_slice(key: &[u8]) -> Result<Self, InvalidLength>

Create new value from variable size key.
Source§

fn generate_key( rng: impl CryptoRng + RngCore, ) -> GenericArray<u8, Self::KeySize>

Generate random key using the provided CryptoRng.
Source§

impl<Aes, NonceSize, TagSize> KeySizeUser for AesGcm<Aes, NonceSize, TagSize>
where Aes: KeySizeUser, TagSize: TagSize,

Source§

type KeySize = <Aes as KeySizeUser>::KeySize

Key size in bytes.
Source§

fn key_size() -> usize

Return key size in bytes.

Auto Trait Implementations§

§

impl<Aes, NonceSize, TagSize> Freeze for AesGcm<Aes, NonceSize, TagSize>
where Aes: Freeze,

§

impl<Aes, NonceSize, TagSize> RefUnwindSafe for AesGcm<Aes, NonceSize, TagSize>
where Aes: RefUnwindSafe, NonceSize: RefUnwindSafe, TagSize: RefUnwindSafe,

§

impl<Aes, NonceSize, TagSize> Send for AesGcm<Aes, NonceSize, TagSize>
where Aes: Send, NonceSize: Send, TagSize: Send,

§

impl<Aes, NonceSize, TagSize> Sync for AesGcm<Aes, NonceSize, TagSize>
where Aes: Sync, NonceSize: Sync, TagSize: Sync,

§

impl<Aes, NonceSize, TagSize> Unpin for AesGcm<Aes, NonceSize, TagSize>
where Aes: Unpin, NonceSize: Unpin, TagSize: Unpin,

§

impl<Aes, NonceSize, TagSize> UnwindSafe for AesGcm<Aes, NonceSize, TagSize>
where Aes: UnwindSafe, NonceSize: UnwindSafe, TagSize: UnwindSafe,

Blanket Implementations§

Source§

impl<Alg> Aead for Alg
where Alg: AeadInPlace,

Source§

fn encrypt<'msg, 'aad>( &self, nonce: &GenericArray<u8, <Alg as AeadCore>::NonceSize>, plaintext: impl Into<Payload<'msg, 'aad>>, ) -> Result<Vec<u8>, Error>

Encrypt the given plaintext payload, and return the resulting ciphertext as a vector of bytes. Read more
Source§

fn decrypt<'msg, 'aad>( &self, nonce: &GenericArray<u8, <Alg as AeadCore>::NonceSize>, ciphertext: impl Into<Payload<'msg, 'aad>>, ) -> Result<Vec<u8>, Error>

Decrypt the given ciphertext slice, and return the resulting plaintext as a vector of bytes. Read more
Source§

impl<Alg> AeadMut for Alg
where Alg: AeadMutInPlace,

Source§

fn encrypt<'msg, 'aad>( &mut self, nonce: &GenericArray<u8, <Alg as AeadCore>::NonceSize>, plaintext: impl Into<Payload<'msg, 'aad>>, ) -> Result<Vec<u8>, Error>

Encrypt the given plaintext slice, and return the resulting ciphertext as a vector of bytes. Read more
Source§

fn decrypt<'msg, 'aad>( &mut self, nonce: &GenericArray<u8, <Alg as AeadCore>::NonceSize>, ciphertext: impl Into<Payload<'msg, 'aad>>, ) -> Result<Vec<u8>, Error>

Decrypt the given ciphertext slice, and return the resulting plaintext as a vector of bytes. Read more
Source§

impl<Alg> AeadMutInPlace for Alg
where Alg: AeadInPlace,

Source§

fn encrypt_in_place( &mut self, nonce: &GenericArray<u8, <Alg as AeadCore>::NonceSize>, associated_data: &[u8], buffer: &mut impl Buffer, ) -> Result<(), Error>

Encrypt the given buffer containing a plaintext message in-place. Read more
Source§

fn encrypt_in_place_detached( &mut self, nonce: &GenericArray<u8, <Alg as AeadCore>::NonceSize>, associated_data: &[u8], buffer: &mut [u8], ) -> Result<GenericArray<u8, <Alg as AeadCore>::TagSize>, Error>

Encrypt the data in-place, returning the authentication tag
Source§

fn decrypt_in_place( &mut self, nonce: &GenericArray<u8, <Alg as AeadCore>::NonceSize>, associated_data: &[u8], buffer: &mut impl Buffer, ) -> Result<(), Error>

Decrypt the message in-place, returning an error in the event the provided authentication tag does not match the given ciphertext. Read more
Source§

fn decrypt_in_place_detached( &mut self, nonce: &GenericArray<u8, <Alg as AeadCore>::NonceSize>, associated_data: &[u8], buffer: &mut [u8], tag: &GenericArray<u8, <Alg as AeadCore>::TagSize>, ) -> Result<(), Error>

Decrypt the data in-place, returning an error in the event the provided authentication tag does not match the given ciphertext (i.e. ciphertext is modified/unauthentic)
Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.