AesGcm

wolf_crypto::aead

Struct AesGcm 

Source 
pub struct AesGcm { /* private fields */ }
Expand description

Represents an AES-GCM (Galois/Counter Mode) instance.

Implementations§

Source§

impl AesGcm

Source

pub fn new(key: &Key) -> Result<Self, Unspecified>

Create a new AES-GCM instance.

§Arguments
  • key - The key material to use.
§Returns

A new AES-GCM instance.

§Errors

Returns an error if the key setup fails.

Source

pub fn encrypt_sized<const C: usize, N: GenericIv, A: Aad>( &mut self, nonce: N, input: &[u8; C], output: &mut [u8; C], aad: A, ) -> Result<Tag, Unspecified>

Encrypt data using AES-GCM with compile-time known sizes.

§Arguments
  • nonce - The nonce (IV) to use for encryption.
  • input - The input data to encrypt.
  • output - The output buffer to store the encrypted data.
  • aad - Additional Authenticated Data.
§Errors
  • The size of input is greater than u32::MAX.
  • The provided AAD’s length is greater than u32::MAX.
§Returns

The associated authentication Tag.

§Example
use wolf_crypto::{aead::{AesGcm, AadSlice}, aes::Key, buf::Nonce};

let key = Key::Aes256([1u8; 32]);
let nonce: Nonce = [2u8; 12].into();;

let input = [3u8; 32];
let mut output = [0u8; 32];

let mut gcm = AesGcm::new(&key).unwrap();
let tag = gcm.encrypt_sized(nonce, &input, &mut output, AadSlice::EMPTY).unwrap();

assert_ne!(input, output);
Source

pub fn try_encrypt<N: GenericIv, A: Aad>( &mut self, nonce: N, input: &[u8], output: &mut [u8], aad: A, ) -> Result<Tag, Unspecified>

Try to encrypt data using AES-GCM.

§Arguments
  • nonce - The nonce (IV) to use for encryption.
  • input - The input data to encrypt.
  • output - The output buffer to store the encrypted data.
  • aad - Additional Authenticated Data.
§Returns

The authentication tag on success, or an error.

§Errors
  • If the input buffer is larger than the output buffer.
  • If the input or AAD size is greater than what can be represented by a u32.
§Example
use wolf_crypto::{aead::{AesGcm, AadSlice}, aes::Key, buf::Nonce};

let key = Key::Aes256([1u8; 32]);
let nonce: Nonce = [2u8; 12].into();

let mut output = [0u8; 32];
let input = [3u8; 32];

let mut gcm = AesGcm::new(&key).unwrap();
let tag = gcm.try_encrypt(nonce, &input, &mut output, AadSlice::EMPTY).unwrap();

assert_ne!(input, output);
Source

pub fn encrypt<N: GenericIv, A: Aad>( &mut self, nonce: N, input: &[u8], output: &mut [u8], aad: A, ) -> Tag

Available on crate feature can-panic only.

Encrypt data using AES-GCM, panicking on failure.

§Arguments
  • nonce - The nonce (IV) to use for encryption.
  • input - The input data to encrypt.
  • output - The output buffer to store the encrypted data.
  • aad - Additional Authenticated Data.
§Returns

The authentication tag.

§Panics
  • If the input buffer is larger than the output buffer.
  • If the input or AAD size is greater than what can be represented by a u32.
  • If the encryption operation fails.
§Example
use wolf_crypto::{aead::{AesGcm, AadSlice}, aes::Key, buf::Nonce};

let key = Key::Aes256([1u8; 32]);
let nonce: Nonce = [2u8; 12].into();

let mut output = [0u8; 32];
let input = [3u8; 32];

let mut gcm = AesGcm::new(&key).unwrap();
let tag = gcm.encrypt(nonce, &input, &mut output, AadSlice::EMPTY);

assert_ne!(input, output);
Source

pub fn decrypt_sized<const C: usize, N: GenericIv, A: Aad>( &mut self, nonce: N, input: &[u8; C], output: &mut [u8; C], aad: A, tag: &Tag, ) -> Res

Decrypt data using AES-GCM with compile-time known sizes.

§Arguments
  • nonce - The nonce (IV) used for encryption.
  • input - The input data to decrypt.
  • output - The output buffer to store the decrypted data.
  • aad - Additional Authenticated Data.
  • tag - The authentication tag from encryption.
§Returns

A Res indicating success or failure.

§Example
use wolf_crypto::{aead::{AesGcm, AadSlice}, aes::Key, buf::Nonce};

let key = Key::Aes256([1u8; 32]);
let nonce: Nonce = [2u8; 12].into();

let mut ciphertext = [0u8; 32];
let plaintext = [3u8; 32];
let aad = AadSlice::EMPTY;

let mut gcm = AesGcm::new(&key).unwrap();
let tag = gcm.encrypt_sized(nonce.copy(), &plaintext, &mut ciphertext, aad).unwrap();

let mut decrypted = [0u8; 32];
let result = gcm.decrypt_sized(nonce, &ciphertext, &mut decrypted, aad, &tag);

assert!(result.is_ok());
assert_eq!(plaintext, decrypted);
Source

pub fn try_decrypt<N: GenericIv, A: Aad>( &mut self, nonce: N, input: &[u8], output: &mut [u8], aad: A, tag: &Tag, ) -> Res

Try to decrypt data using AES-GCM.

§Arguments
  • nonce - The nonce (IV) used for encryption.
  • input - The input data to decrypt.
  • output - The output buffer to store the decrypted data.
  • aad - Additional Authenticated Data.
  • tag - The authentication tag from encryption.
§Returns

A Res indicating success or failure.

§Errors
  • If the input buffer is larger than the output buffer.
  • If the input or AAD size is greater than what can be represented by a u32.
  • If the decryption operation fails (including authentication failure).
§Example
use wolf_crypto::{aead::AesGcm, aes::Key, buf::Nonce};

let key = Key::Aes256([1u8; 32]);
let nonce: Nonce = [2u8; 12].into();

let mut ciphertext = [0u8; 32];
let plaintext = [3u8; 32];

let mut gcm = AesGcm::new(&key).unwrap();
let tag = gcm.try_encrypt(nonce.copy(), &plaintext, &mut ciphertext, ()).unwrap();

let mut decrypted = [0u8; 32];
let result = gcm.try_decrypt(nonce, &ciphertext, &mut decrypted, (), &tag);

assert!(result.is_ok());
assert_eq!(plaintext, decrypted);
Source

pub fn decrypt<N: GenericIv, A: Aad>( &mut self, nonce: N, input: &[u8], output: &mut [u8], aad: A, tag: &Tag, )

Available on crate feature can-panic only.

Decrypt data using AES-GCM, panicking on failure.

§Arguments
  • nonce - The nonce (IV) used for encryption.
  • input - The input data to decrypt.
  • output - The output buffer to store the decrypted data.
  • aad - Additional Authenticated Data.
  • tag - The authentication tag from encryption.
§Panics
  • If the input buffer is larger than the output buffer.
  • If the input or AAD size is greater than what can be represented by a u32.
  • If the decryption operation fails (including authentication failure).
§Example
use wolf_crypto::{aead::AesGcm, aes::Key, buf::Nonce};

let key = Key::Aes256([1u8; 32]);
let nonce: Nonce = [2u8; 12].into();

let mut ciphertext = [0u8; 32];
let plaintext = [3u8; 32];

let mut gcm = AesGcm::new(&key).unwrap();
let tag = gcm.encrypt(nonce.copy(), &plaintext, &mut ciphertext, ());

let mut decrypted = [0u8; 32];
gcm.decrypt(nonce, &ciphertext, &mut decrypted, (), &tag);

assert_eq!(plaintext, decrypted);

Trait Implementations§

Source§

impl Drop for AesGcm

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

impl Fips for AesGcm

Source§

impl Send for AesGcm

Source§

impl Sync for AesGcm

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.