Trait pwbox::Cipher

pub trait Cipher: 'static {
    const KEY_LEN: usize;
    const NONCE_LEN: usize;
    const MAC_LEN: usize;

    fn seal(message: &[u8], nonce: &[u8], key: &[u8]) -> CipherOutput;
    fn open(
        output: &mut [u8], 
        encrypted: &CipherOutput, 
        nonce: &[u8], 
        key: &[u8]
    ) -> Result<(), ()>;
}

Authenticated symmetric cipher.

Associated Constants

const KEY_LEN: usize

Byte size of a key.

const NONCE_LEN: usize

Byte size of a nonce (aka initialization vector, or IV).

const MAC_LEN: usize

Byte size of a message authentication code (MAC).

Loading content...

Required methods

fn seal(message: &[u8], nonce: &[u8], key: &[u8]) -> CipherOutput

Encrypts message with the provided key and nonce.

Safety

When used within PwBox, key and nonce are guaranteed to have correct sizes.

fn open(
    output: &mut [u8],
    encrypted: &CipherOutput,
    nonce: &[u8],
    key: &[u8]
) -> Result<(), ()>

Decrypts encrypted message with the provided key and nonce and stores the result into output. If the MAC does not verify, returns an error.

Safety

When used within PwBox, key, nonce, encrypted.mac and output are guaranteed to have correct sizes.

Loading content...

Implementors

impl Cipher for ChaCha20Poly1305

const KEY_LEN: usize

const NONCE_LEN: usize

const MAC_LEN: usize

fn seal(message: &[u8], nonce: &[u8], key: &[u8]) -> CipherOutput

fn open(
    output: &mut [u8],
    enc: &CipherOutput,
    nonce: &[u8],
    key: &[u8]
) -> Result<(), ()>

impl Cipher for XSalsa20Poly1305

const KEY_LEN: usize

const NONCE_LEN: usize

const MAC_LEN: usize

fn seal(message: &[u8], nonce: &[u8], key: &[u8]) -> CipherOutput

fn open(
    output: &mut [u8],
    enc: &CipherOutput,
    nonce: &[u8],
    key: &[u8]
) -> Result<(), ()>

impl<C, M> Cipher for CipherWithMac<C, M> where
    C: UnauthenticatedCipher,
    M: Mac, 

const KEY_LEN: usize

Equals to the sum of key sizes for the cipher and MAC.

const NONCE_LEN: usize

const MAC_LEN: usize

fn seal(message: &[u8], nonce: &[u8], key: &[u8]) -> CipherOutput

Works as follows:

1. Split the key into cipher_key (first bytes of the key) and mac_key (remaining bytes).
2. Encrypt the message using the cipher under cipher_key and nonce.
3. Compute MAC over the ciphertext with mac_key.

fn open(
    output: &mut [u8],
    enc: &CipherOutput,
    nonce: &[u8],
    key: &[u8]
) -> Result<(), ()>

Works as follows:

1. Split the key into cipher_key (first bytes of the key) and mac_key (remaining bytes).
2. Compute MAC over the ciphertext with mac_key. If MAC is not equal to the supplied one, return None.
3. Decrypt the ciphertext under the cipher_key and nonce.

Loading content...