Struct Aes256GcmStream 

pub struct Aes256GcmStream { /* private fields */ }

STREAM chunked AEAD using AES-256-GCM.

Nonce layout: 7-byte prefix ‖ 4-byte counter (big-endian) ‖ 1-byte flag.

Provide a 7-byte prefix to init. Each encrypt_update or decrypt_update call processes exactly one buffered chunk.

Trait Implementations

impl Debug for Aes256GcmStream

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl StreamingAead for Aes256GcmStream

fn init(key: &[u8], nonce: &[u8], aad: &[u8]) -> Result<Self, CryptoError>

Initialise the stream.

nonce must be exactly 7 bytes (the nonce prefix).

fn encrypt_update( &mut self, chunk: &[u8], out: &mut [u8], ) -> Result<usize, CryptoError>

Encrypt one chunk.

The previously supplied chunk (from the last encrypt_update call) is encrypted into out with a non-final nonce. The supplied chunk is buffered for the next call. On the first call, only buffering occurs; out receives 0 bytes.

out must be large enough to hold the previous chunk’s ciphertext + 16-byte tag (i.e. prev_chunk.len() + 16).

fn encrypt_finalize(self, out: &mut [u8]) -> Result<[u8; 16], CryptoError>

Finalize encryption by flushing the buffered last chunk with flag=0x01.

out must hold at least last_buffered_chunk.len() + 16 bytes. Returns the 16-byte final authentication tag (also embedded in out).

fn decrypt_update( &mut self, chunk: &[u8], out: &mut [u8], ) -> Result<usize, CryptoError>

Decrypt one chunk.

Buffers the supplied ciphertext chunk. If a previous chunk is pending, it is decrypted (with non-final nonce) into out.

fn decrypt_finalize(self, expected_tag: &[u8]) -> Result<(), CryptoError>

Verify and finalize decryption of the buffered last chunk.

expected_tag is the 16-byte tag from the last ciphertext chunk. The buffered chunk must already contain ciphertext || tag.

fn reset(&mut self)

Reset the stream to its initial uninitialized state.