Enum Error 

#[non_exhaustive]
pub enum Error {
    InvalidKey {
        expected: usize,
        actual: usize,
    },
    InvalidCiphertext(String),
    AuthenticationFailed,
    AlgorithmNotEnabled(&'static str),
    RandomFailure(&'static str),
    Mac(&'static str),
    Kdf(&'static str),
}

The error type for all crypt-io operations.

Authentication failures are deliberately collapsed into a single variant — distinguishing “wrong key” from “tampered ciphertext” would leak which failure mode an attacker is closer to, which is a side-channel.

Variants (Non-exhaustive)

Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.

InvalidKey

The supplied key was not the correct size for the selected algorithm (ChaCha20-Poly1305 and AES-256-GCM both require exactly 32 bytes).

Fields

expected: usize

The expected key length in bytes.

actual: usize

The length actually supplied.

InvalidCiphertext(String)

The ciphertext was malformed (too short to contain a nonce + tag, or the embedded length fields were inconsistent).

AuthenticationFailed

Authentication of the ciphertext failed. This is the single observable outcome of any corruption: wrong key, tampered bytes, truncated message, or wrong associated data. The variant is opaque by design.

AlgorithmNotEnabled(&'static str)

The requested algorithm is not enabled at compile time. Re-build with the appropriate Cargo feature.

RandomFailure(&'static str)

The OS random source failed to produce a nonce. This is rare and almost always indicates a misconfigured sandbox or exhausted getrandom entropy on a freshly-booted VM.

Mac(&'static str)

A MAC operation could not be initialised or computed. In practice this is unreachable for the algorithms shipped (HMAC accepts any key length; BLAKE3 keyed takes a fixed-size key), but the variant exists because the upstream Mac trait surface is fallible by signature.

Kdf(&'static str)

A KDF operation could not be carried out. Surfaces HKDF expansion-length overflows (output longer than 255 * digest_size), Argon2 parameter errors, and PHC-string parse failures.

Trait Implementations

impl Clone for Error

fn clone(&self) -> Error

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Error

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Display for Error

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Error for Error

Available on crate feature std only.

fn source(&self) -> Option<&(dyn Error + 'static)>

Returns the lower-level source of this error, if any.

fn description(&self) -> &str

👎Deprecated since 1.42.0:

use the Display impl or to_string()

fn cause(&self) -> Option<&dyn Error>

👎Deprecated since 1.33.0:

replaced by Error::source, which can support downcasting

fn provide<'a>(&'a self, request: &mut Request<'a>)

🔬This is a nightly-only experimental API. (error_generic_member_access)

Provides type-based access to context intended for error reports.

impl PartialEq for Error

fn eq(&self, other: &Error) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for Error

impl StructuralPartialEq for Error