Struct tink_streaming_aead::subtle::AesGcmHkdf
source · pub struct AesGcmHkdf {
pub main_key: Vec<u8>,
/* private fields */
}
Expand description
AesGcmHkdf
implements streaming AEAD encryption using AES-GCM.
Each ciphertext uses a new AES-GCM key. These keys are derived using HKDF and are derived from the key derivation key, a randomly chosen salt of the same size as the key and a nonce prefix.
Fields§
§main_key: Vec<u8>
Implementations§
source§impl AesGcmHkdf
impl AesGcmHkdf
sourcepub fn new(
main_key: &[u8],
hkdf_alg: HashType,
key_size_in_bytes: usize,
ciphertext_segment_size: usize,
first_segment_offset: usize
) -> Result<AesGcmHkdf, TinkError>
pub fn new( main_key: &[u8], hkdf_alg: HashType, key_size_in_bytes: usize, ciphertext_segment_size: usize, first_segment_offset: usize ) -> Result<AesGcmHkdf, TinkError>
Initialize a streaming primitive with a key derivation key and encryption parameters.
main_key
is input keying material used to derive sub keys. This must be
longer than the size of the sub keys (key_size_in_bytes
).
hkdf_alg
is a MAC algorithm hash type, used for the HKDF key derivation.
key_size_in_bytes
argument is a key size of the sub keys.
ciphertext_segment_size
argument is the size of ciphertext segments.
first_segment_offset
argument is the offset of the first ciphertext segment.
sourcepub fn header_length(&self) -> usize
pub fn header_length(&self) -> usize
Return the length of the encryption header.
Trait Implementations§
source§impl Clone for AesGcmHkdf
impl Clone for AesGcmHkdf
source§fn clone(&self) -> AesGcmHkdf
fn clone(&self) -> AesGcmHkdf
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl StreamingAead for AesGcmHkdf
impl StreamingAead for AesGcmHkdf
source§fn new_encrypting_writer(
&self,
w: Box<dyn Write>,
aad: &[u8]
) -> Result<Box<dyn EncryptingWrite>, TinkError>
fn new_encrypting_writer( &self, w: Box<dyn Write>, aad: &[u8] ) -> Result<Box<dyn EncryptingWrite>, TinkError>
Return a wrapper around an underlying std::io::Write
, such that
any write-operation via the wrapper results in AEAD-encryption of the
written data, using aad as associated authenticated data. The associated
data is not included in the ciphertext and has to be passed in as parameter
for decryption.
source§fn new_decrypting_reader(
&self,
r: Box<dyn Read>,
aad: &[u8]
) -> Result<Box<dyn Read>, TinkError>
fn new_decrypting_reader( &self, r: Box<dyn Read>, aad: &[u8] ) -> Result<Box<dyn Read>, TinkError>
Return a wrapper around an underlying std::io::Read
, such that
any read-operation via the wrapper results in AEAD-decryption of the
underlying ciphertext, using aad as associated authenticated data.