Skip to main content

CipherState

fips_core::noise

Struct CipherState 

Source 
pub struct CipherState { /* private fields */ }
Expand description

Symmetric cipher state for post-handshake encryption.

AEAD is ring’s ChaCha20-Poly1305 (BoringSSL backend), which dispatches to NEON on aarch64 and AVX-512/AVX2 on x86_64. The cipher field caches a constructed LessSafeKey so we don’t re-derive it per packet. LessSafeKey itself isn’t Clone, so CipherState’s Clone impl rebuilds it from the retained 32-byte key on demand — for the off-task-decrypt path see cipher_clone.

Implementations§

Source§

impl CipherState

Source

pub fn encrypt(&mut self, plaintext: &[u8]) -> Result<Vec<u8>, NoiseError>

Encrypt plaintext, returning ciphertext with appended tag.

Source

pub fn decrypt(&mut self, ciphertext: &[u8]) -> Result<Vec<u8>, NoiseError>

Decrypt ciphertext (with appended tag), returning plaintext.

Uses the internal nonce counter. For transport phase with explicit counters from the wire format, use decrypt_with_counter instead.

Source

pub fn decrypt_with_counter( &self, ciphertext: &[u8], counter: u64, ) -> Result<Vec<u8>, NoiseError>

Decrypt with an explicit counter value (for transport phase).

This is used when the counter comes from the wire format rather than an internal counter. The counter must be validated by a replay window before calling this method.

Source

pub fn encrypt_with_aad( &mut self, plaintext: &[u8], aad: &[u8], ) -> Result<Vec<u8>, NoiseError>

Encrypt plaintext with Additional Authenticated Data (AAD).

The AAD is authenticated but not encrypted. Used for the FMP established frame format where the 16-byte outer header is bound to the AEAD tag.

Source

pub fn encrypt_with_counter( &self, plaintext: &[u8], counter: u64, ) -> Result<Vec<u8>, NoiseError>

Encrypt plaintext with an explicit counter (no AAD).

Symmetric to decrypt_with_counter: takes &self and a caller- supplied counter rather than mutating the internal nonce. Intended for pipelined encrypt paths where a dispatcher pre-assigns counters and fans the AEAD work out across worker threads. Callers are responsible for ensuring counter uniqueness — typically by holding the cipher behind a lock or queue that hands out counters in order.

Source

pub fn encrypt_with_counter_and_aad( &self, plaintext: &[u8], counter: u64, aad: &[u8], ) -> Result<Vec<u8>, NoiseError>

Encrypt plaintext with an explicit counter and AAD.

Symmetric to decrypt_with_counter_and_aad: takes &self and a caller-supplied counter rather than mutating the internal nonce. Same uniqueness contract as encrypt_with_counter.

Source

pub fn cipher_clone(&self) -> Option<LessSafeKey>

Construct an independent keyed AEAD pinned to this cipher’s key.

Returns None for an empty (un-keyed) state. The returned key is freshly built from the retained 32-byte key material — ring’s LessSafeKey doesn’t implement Clone deliberately, but for ChaCha20-Poly1305 the construction is essentially a key copy plus a constant-time check, so this is cheap. Combined with decrypt_with_counter[_and_aad] (which already takes &self), this lets a dispatcher offload the AEAD rounds to a worker pool while the main task keeps the replay window and counter assignment sequential.

Source

pub fn decrypt_with_counter_and_aad( &self, ciphertext: &[u8], counter: u64, aad: &[u8], ) -> Result<Vec<u8>, NoiseError>

Decrypt with an explicit counter and AAD (for transport phase).

Combines explicit counter (from wire format) with AAD verification. The AAD must match exactly what was used during encryption or the AEAD tag verification will fail.

Source

pub fn decrypt_with_counter_and_aad_in_place( &self, buf: &mut [u8], counter: u64, aad: &[u8], ) -> Result<usize, NoiseError>

In-place variant of Self::decrypt_with_counter_and_aad.

On entry, buf holds ciphertext + 16-byte AEAD tag. On successful return, buf[..returned_len] holds the plaintext. Saves one heap alloc + memcpy per packet versus the by-value variant — at multi-Gbps that’s a real chunk of the rx_loop’s per-packet cost.

If the cipher has no key (handshake-not-yet-complete fallback), buf is treated as already-plaintext and the full length is returned unchanged.

Source

pub fn nonce(&self) -> u64

Get the current nonce value (for debugging/testing).

Source

pub fn has_key(&self) -> bool

Check if cipher has a key.

Trait Implementations§

Source§

impl Clone for CipherState

Source§

fn clone(&self) -> Self

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for CipherState

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more