Skip to main content

StreamDecryptor

crypt_io::stream

Struct StreamDecryptor 

Source 
pub struct StreamDecryptor { /* private fields */ }
Available on crate feature stream only.
Expand description

Streaming AEAD decryptor — the inverse of super::StreamEncryptor.

Construct from the 24-byte header, feed encrypted chunk bytes via update, and finalise with finalize. The decryptor buffers exactly enough bytes to know whether the next chunk is final, so callers don’t need to track chunk boundaries — only “this is all the bytes” (via finalize).

Authentication failures (tampered ciphertext, wrong key, tampered header, truncated stream, reordered chunks, duplicated chunks) all surface as Error::AuthenticationFailed. The variant is intentionally opaque — exposing which mode failed would leak information to an attacker.

§Example

See super::StreamEncryptor for a round-trip example.

Implementations§

Source§

impl StreamDecryptor

Source

pub fn new(key: &[u8], header_bytes: &[u8]) -> Result<Self>

Construct a decryptor by parsing header_bytes (must be at least 24 bytes — only the first 24 are read).

§Errors
Source

pub fn chunk_size(&self) -> usize

Chunk size in bytes for this decryptor (read from the header).

Source

pub fn chunk_size_log2(&self) -> u8

Log2 of the chunk size (read from the header).

Source

pub fn algorithm(&self) -> Algorithm

Algorithm encoded in the header.

Source

pub fn update(&mut self, data: &[u8]) -> Result<Vec<u8>>

Feed encrypted-stream bytes. Returns zero or more decrypted plaintext bytes as complete non-final chunks are processed.

The decryptor holds at most chunk_size + 16 bytes in its internal buffer between calls — that’s exactly one full non-final chunk, held in case it turns out to be the final chunk (signalled by the next update having nothing to add or finalize being called).

§Errors
  • Error::AuthenticationFailed for any cryptographic failure: tampered ciphertext, wrong key, tampered header, chunk-counter desync, etc.
Source

pub fn finalize(self) -> Result<Vec<u8>>

Flush. Treats whatever is in the buffer as the final encrypted chunk and decrypts it. Returns the final plaintext bytes.

§Errors
  • Error::InvalidCiphertext if the buffer is shorter than 16 bytes (cannot contain a tag) — typically caused by a stream that lost its final chunk entirely.
  • Error::AuthenticationFailed if the buffered bytes do not verify as the final chunk under the expected nonce. This covers truncation (a buffered chunk that the encoder wrote as non-final being treated as final by the decoder), tampering, and wrong key.

Trait Implementations§

Source§

impl Debug for StreamDecryptor

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.