pub struct Aez { /* private fields */ }Expand description
AEZ encryption scheme.
Implementations§
Source§impl Aez
impl Aez
Sourcepub fn new(key: &[u8]) -> Self
pub fn new(key: &[u8]) -> Self
Create a new AEZ instance.
The key is expanded using Blake2b, according to the AEZ specification.
If you provide a key of the correct length (48 bytes), no expansion is done and the key is taken as-is.
Sourcepub fn encrypt(
&self,
nonce: &[u8],
associated_data: &[&[u8]],
tau: u32,
data: &[u8],
) -> Vec<u8> ⓘ
pub fn encrypt( &self, nonce: &[u8], associated_data: &[&[u8]], tau: u32, data: &[u8], ) -> Vec<u8> ⓘ
Encrypt the given data.
This is a convenience function that allocates a fresh buffer of the appropriate size and copies the data.
Parameters:
nonce– the nonce to use. Each nonce should only be used once, as re-using the nonce (without chaning the key) will lead to the same ciphertext being produced, potentially making it re-identifiable.associated_data– additional data to be included in the integrity check. Note that this data will not be contained in the ciphertext, but it must be provided on decryption.tau– number of bytes (not bits) to use for integrity checking. A value oftau = 16gives 128 bits of security. Passing a value of 0 is valid and leads to no integrity checking.data– actual data to encrypt. Can be empty, in which case the returned ciphertext provides a “hash” that verifies the integrity of the associated data will be
Returns the ciphertext, which will be of length data.len() + tau.
Sourcepub fn encrypt_vec(
&self,
nonce: &[u8],
associated_data: &[&[u8]],
tau: u32,
data: &mut Vec<u8>,
)
pub fn encrypt_vec( &self, nonce: &[u8], associated_data: &[&[u8]], tau: u32, data: &mut Vec<u8>, )
Encrypts the data in the given Vec.
This function extends the vector with enough space to hold tau bytes of authentication
data. Afterwards, the vector will hold the ciphertext.
If tau == 0, the vector will not be expanded.
The parameters are the same as for Aez::encrypt.
Sourcepub fn encrypt_inplace(
&self,
nonce: &[u8],
associated_data: &[&[u8]],
tau: u32,
buffer: &mut [u8],
)
pub fn encrypt_inplace( &self, nonce: &[u8], associated_data: &[&[u8]], tau: u32, buffer: &mut [u8], )
Encrypts the data inplace.
This function will overwrite the last tau bytes of the given buffer with the
authentication block before encrypting the data.
If the buffer is smaller than tau, this function panics.
Sourcepub fn encrypt_buffer(
&self,
nonce: &[u8],
associated_data: &[&[u8]],
input: &[u8],
output: &mut [u8],
)
pub fn encrypt_buffer( &self, nonce: &[u8], associated_data: &[&[u8]], input: &[u8], output: &mut [u8], )
Encrypts the data in the given buffer, writing the output to the given output buffer.
This function will infer tau from the size difference between input and output. If the
output is smaller than the input, this funcion will panic.
The nonce and associated_data parameters are the same as for Aez::encrypt.
Sourcepub fn decrypt(
&self,
nonce: &[u8],
associated_data: &[&[u8]],
tau: u32,
data: &[u8],
) -> Option<Vec<u8>>
pub fn decrypt( &self, nonce: &[u8], associated_data: &[&[u8]], tau: u32, data: &[u8], ) -> Option<Vec<u8>>
Decrypts the given ciphertext.
This is a convenience function that returns an owned version of the plaintext. If the
original buffer may be modified, you can use Aez::decrypt_inplace to save an allocation.
Parameters:
nonce,associated_dataandtauare as forAez::encrypt.data– the ciphertext to decrypt.
Returns the decrypted content. If the integrity check fails, returns None instead. The
returned vector has length data.len() - tau.
Sourcepub fn decrypt_inplace<'a>(
&self,
nonce: &[u8],
associated_data: &[&[u8]],
tau: u32,
data: &'a mut [u8],
) -> Option<&'a [u8]>
pub fn decrypt_inplace<'a>( &self, nonce: &[u8], associated_data: &[&[u8]], tau: u32, data: &'a mut [u8], ) -> Option<&'a [u8]>
Decrypt the given buffer in-place.
Returns a slice to the valid plaintext subslice, or None.
The parameters are the same as for Aez::decrypt.