Struct CipherCtx

Source

pub struct CipherCtx<Dir> { /* private fields */ }

Expand description

Stateful symmetric cipher context.

Dir is either Encrypt or Decrypt; the type parameter prevents accidentally calling encrypt operations on a decrypt context and vice versa.

!Clone — cipher contexts have no up_ref; use a fresh context per message.

Implementations§

Source §

impl<Dir: Direction> CipherCtx<Dir>

Source

pub fn update( &mut self, input: &[u8], output: &mut [u8], ) -> Result<usize, ErrorStack>
where Dir: IsEncrypt,

Feed input into the cipher; write plaintext/ciphertext to output.

output must be at least input.len() + block_size - 1 bytes. Returns the number of bytes written.

§Errors

Source

pub fn update_to_vec(&mut self, input: &[u8]) -> Result<Vec<u8>, ErrorStack>
where Dir: IsEncrypt,

Feed input through the cipher and return the output as a Vec<u8>.

Allocates input.len() + block_size bytes, calls Self::update, then truncates to the actual number of bytes written. Use this when the caller cannot easily compute the output size in advance.

§Errors

Source

pub fn finalize(&mut self, output: &mut [u8]) -> Result<usize, ErrorStack>
where Dir: IsEncrypt,

Finalise the operation (flush padding / verify auth tag).

§Errors

Source

pub fn set_params(&mut self, params: &Params<'_>) -> Result<(), ErrorStack>

Set dynamic parameters on the context (e.g. GCM tag length).

§Errors

Source

pub fn get_params(&self, params: &mut Params<'_>) -> Result<(), ErrorStack>

Query arbitrary parameters from the context via a pre-built getter array.

Build a Params array with placeholder values using ParamBuilder, then call this method to have OpenSSL fill in the real values. Use the typed getters on Params (e.g. get_size_t) to read the results.

This is the low-level interface. For common queries prefer the typed helpers aead_tag_len, key_len, and iv_len.

§Errors

Returns Err if EVP_CIPHER_CTX_get_params fails.

Source

pub fn aead_tag_len(&self) -> Result<usize, ErrorStack>

Return the authentication tag length for this AEAD cipher context.

Available after EVP_EncryptInit_ex2 / EVP_DecryptInit_ex2 with an AEAD algorithm (AES-GCM, AES-CCM, ChaCha20-Poly1305, etc.).

The getter pattern used here builds a Params array with a placeholder value (0) for OSSL_CIPHER_PARAM_AEAD_TAG_LEN ("taglen"); OpenSSL overwrites it with the actual tag length during EVP_CIPHER_CTX_get_params.

§Errors

Returns Err if the context is not initialised with an AEAD algorithm, or if EVP_CIPHER_CTX_get_params fails.

Source

pub fn key_len(&self) -> Result<usize, ErrorStack>

Return the key length in bytes for this cipher context.

Reads OSSL_CIPHER_PARAM_KEYLEN ("keylen") from the context. Useful when the key length is variable (e.g. for some stream ciphers) or to confirm the value that was set during initialisation.

§Errors

Returns Err if EVP_CIPHER_CTX_get_params fails.

Source

pub fn iv_len(&self) -> Result<usize, ErrorStack>

Return the IV length in bytes for this cipher context.

Reads OSSL_CIPHER_PARAM_IVLEN ("ivlen") from the context. Useful for allocating IV buffers when the algorithm is determined at runtime.

§Errors

Returns Err if EVP_CIPHER_CTX_get_params fails.

Source

pub fn as_ptr(&self) -> *mut EVP_CIPHER_CTX

Return the raw EVP_CIPHER_CTX* pointer. Returns a mutable pointer because most OpenSSL EVP functions require EVP_CIPHER_CTX* even for logically read-only operations.