Struct tink_streaming_aead::subtle::AesCtrHmac

[+] Show declaration

pub struct AesCtrHmac {
    pub main_key: Vec<u8>,
    // some fields omitted
}

[−] Expand description

AesCtrHmac implements streaming AEAD encryption using AES-CTR and HMAC.

Each ciphertext uses new AES-CTR and HMAC keys. These keys are derived using HKDF and are derived from the key derivation key, a randomly chosen salt of the same size as the key and a nonce prefix.

Fields

main_key: Vec<u8>

Implementations

impl AesCtrHmac[−]

pub fn new(
    main_key: &[u8],
    hkdf_alg: HashType,
    key_size_in_bytes: usize,
    tag_alg: HashType,
    tag_size_in_bytes: usize,
    ciphertext_segment_size: usize,
    first_segment_offset: usize
) -> Result<AesCtrHmac, TinkError>[−]

Initialize an AES_CTR_HMAC primitive with a key derivation key and encryption parameters.

main_key is input keying material used to derive sub keys. This must be longer than the size of the sub keys (key_size_in_bytes). hkdf_alg is a MAC algorithm hash type, used for the HKDF key derivation. key_size_in_bytes is the key size of the sub keys. tag_alg is the MAC algorithm hash type, used for generating per segment tags. tag_size_in_bytes is the size of the per segment tags. ciphertext_segment_size is the size of ciphertext segments. first_segment_offset is the offset of the first ciphertext segment.

pub fn header_length(&self) -> usize[−]

Return the length of the encryption header.

Trait Implementations

impl Clone for AesCtrHmac[+]

[+] Show hidden undocumented items

fn clone(&self) -> AesCtrHmac[−]

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)[−]

Performs copy-assignment from source.

impl StreamingAead for AesCtrHmac[+]

fn new_encrypting_writer(
    &self,
    w: Box<dyn Write>,
    aad: &[u8]
) -> Result<Box<dyn EncryptingWrite>, TinkError>[−]

Return a wrapper around an underlying [std::io.Write], such that any write-operation via the wrapper results in AEAD-encryption of the written data, using aad as associated authenticated data. The associated data is not included in the ciphertext and has to be passed in as parameter for decryption.

fn new_decrypting_reader(
    &self,
    r: Box<dyn Read>,
    aad: &[u8]
) -> Result<Box<dyn Read>, TinkError>[−]

Return a wrapper around an underlying std::io::Read, such that any read-operation via the wrapper results in AEAD-decryption of the underlying ciphertext, using aad as associated authenticated data.