Struct tink_streaming_aead::subtle::AesCtrHmac
source · pub struct AesCtrHmac {
pub main_key: Vec<u8>,
/* private fields */
}
Expand description
AesCtrHmac
implements streaming AEAD encryption using AES-CTR and HMAC.
Each ciphertext uses new AES-CTR and HMAC keys. These keys are derived using HKDF and are derived from the key derivation key, a randomly chosen salt of the same size as the key and a nonce prefix.
Fields§
§main_key: Vec<u8>
Implementations§
source§impl AesCtrHmac
impl AesCtrHmac
sourcepub fn new(
main_key: &[u8],
hkdf_alg: HashType,
key_size_in_bytes: usize,
tag_alg: HashType,
tag_size_in_bytes: usize,
ciphertext_segment_size: usize,
first_segment_offset: usize
) -> Result<AesCtrHmac, TinkError>
pub fn new( main_key: &[u8], hkdf_alg: HashType, key_size_in_bytes: usize, tag_alg: HashType, tag_size_in_bytes: usize, ciphertext_segment_size: usize, first_segment_offset: usize ) -> Result<AesCtrHmac, TinkError>
Initialize an AES_CTR_HMAC primitive with a key derivation key and encryption parameters.
main_key
is input keying material used to derive sub keys. This must be
longer than the size of the sub keys (key_size_in_bytes
).
hkdf_alg
is a MAC algorithm hash type, used for the HKDF key derivation.
key_size_in_bytes
is the key size of the sub keys.
tag_alg
is the MAC algorithm hash type, used for generating per segment tags.
tag_size_in_bytes
is the size of the per segment tags.
ciphertext_segment_size
is the size of ciphertext segments.
first_segment_offset
is the offset of the first ciphertext segment.
sourcepub fn header_length(&self) -> usize
pub fn header_length(&self) -> usize
Return the length of the encryption header.
Trait Implementations§
source§impl Clone for AesCtrHmac
impl Clone for AesCtrHmac
source§fn clone(&self) -> AesCtrHmac
fn clone(&self) -> AesCtrHmac
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl StreamingAead for AesCtrHmac
impl StreamingAead for AesCtrHmac
source§fn new_encrypting_writer(
&self,
w: Box<dyn Write>,
aad: &[u8]
) -> Result<Box<dyn EncryptingWrite>, TinkError>
fn new_encrypting_writer( &self, w: Box<dyn Write>, aad: &[u8] ) -> Result<Box<dyn EncryptingWrite>, TinkError>
Return a wrapper around an underlying [std::io.Write
], such that
any write-operation via the wrapper results in AEAD-encryption of the
written data, using aad
as associated authenticated data. The associated
data is not included in the ciphertext and has to be passed in as parameter
for decryption.
source§fn new_decrypting_reader(
&self,
r: Box<dyn Read>,
aad: &[u8]
) -> Result<Box<dyn Read>, TinkError>
fn new_decrypting_reader( &self, r: Box<dyn Read>, aad: &[u8] ) -> Result<Box<dyn Read>, TinkError>
Return a wrapper around an underlying std::io::Read
, such that
any read-operation via the wrapper results in AEAD-decryption of the
underlying ciphertext, using aad as associated authenticated data.