Struct StreamEncryptor 

pub struct StreamEncryptor { /* private fields */ }

Available on crate feature stream only.

Streaming AEAD encryptor. Buffers caller-supplied plaintext into fixed-size chunks, encrypts each chunk with a STREAM-construction nonce, and emits ciphertext || tag per chunk.

Usage is symmetric with the super::StreamDecryptor:

1. Construct with StreamEncryptor::new. The constructor returns the encryptor and a 24-byte header — write this header to the output sink first.
2. Feed plaintext via update. The method returns zero or more encrypted chunks (each chunk_size + 16 bytes) as buffer fills are reached.
3. Call finalize to emit any remaining buffered data as the final chunk. The final chunk is always emitted (even if zero plaintext bytes remain) and is always strictly smaller than chunk_size + 16 bytes, so the decryptor can detect it unambiguously by length.

Example

use crypt_io::stream::{StreamDecryptor, StreamEncryptor};
use crypt_io::Algorithm;

let key = [0u8; 32];
let plaintext = b"the quick brown fox jumps over the lazy dog".repeat(1000);

// ---- Encrypt ----
let (mut enc, header) = StreamEncryptor::new(&key, Algorithm::ChaCha20Poly1305)?;
let mut wire = header.to_vec();
wire.extend(enc.update(&plaintext)?);
wire.extend(enc.finalize()?);

// ---- Decrypt ----
let mut dec = StreamDecryptor::new(&key, &wire[..24])?;
let mut recovered = dec.update(&wire[24..])?;
recovered.extend(dec.finalize()?);
assert_eq!(recovered, plaintext);

Implementations

impl StreamEncryptor

pub fn new(key: &[u8], algorithm: Algorithm) -> Result<(Self, [u8; 24])>

Construct a new stream encryptor with the default 64 KiB chunk size. Returns the encryptor plus the 24-byte header to be written to the output sink before any encrypted chunks.

Errors

• Error::InvalidKey if key is not 32 bytes.
• Error::RandomFailure if the OS RNG cannot produce a nonce prefix.

pub fn new_with_chunk_size( key: &[u8], algorithm: Algorithm, chunk_size_log2: u8, ) -> Result<(Self, [u8; 24])>

Construct with an explicit chunk size. chunk_size_log2 must be in MIN_CHUNK_SIZE_LOG2..=MAX_CHUNK_SIZE_LOG2 (10..=24).

Errors

See new, plus Error::InvalidCiphertext on out-of-range chunk size.

pub fn chunk_size(&self) -> usize

Chunk size in bytes used by this encryptor.

pub fn chunk_size_log2(&self) -> u8

Log2 of the chunk size, as stored in the header.

pub fn update(&mut self, data: &[u8]) -> Result<Vec<u8>>

Feed plaintext bytes. Returns zero or more complete encrypted chunks (each chunk_size + 16 bytes) concatenated.

Errors

• Error::AuthenticationFailed on an upstream AEAD failure (unreachable in practice).

pub fn finalize(self) -> Result<Vec<u8>>

Flush remaining buffered plaintext as the final chunk. Always emits at least 16 bytes (the AEAD tag), so the receiver sees an unambiguous “final” frame.

Errors

Same as update.

pub fn update_into(&mut self, data: &[u8], out: &mut Vec<u8>) -> Result<()>

Zero-allocation update — appends complete encrypted chunks to out instead of returning a new Vec. Reusing the same out buffer across calls amortises the allocation cost away.

New in 0.10.0.

Errors

Same as update.

pub fn finalize_into(self, out: &mut Vec<u8>) -> Result<()>

Zero-allocation finalize — appends the final chunk to out instead of returning a new Vec. See update_into.

Errors

Same as finalize.

Trait Implementations

impl Debug for StreamEncryptor

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.