aws_lc_rs::aead

Struct TlsRecordSealingKey

Source 
pub struct TlsRecordSealingKey { /* private fields */ }
Expand description

AEAD Encryption key used for TLS protocol record encryption.

This type encapsulates encryption operations for TLS AEAD algorithms. It validates that the provides nonce values are monotonically increasing for each invocation.

The following algorithms are supported:

  • AES_128_GCM
  • AES_256_GCM

Prefer this type in place of LessSafeKey, OpeningKey, SealingKey for TLS protocol implementations.

Implementations§

Source§

impl TlsRecordSealingKey

Source

pub fn new( algorithm: &'static Algorithm, protocol: TlsProtocolId, key_bytes: &[u8], ) -> Result<Self, Unspecified>

New TLS record sealing key. Only supports AES_128_GCM and AES_256_GCM.

§Errors
  • Unspecified: Returned if the length of key_bytes does not match the chosen algorithm, or if an unsupported algorithm is provided.
Source

pub fn seal_in_place_append_tag<A, InOut>( &mut self, nonce: Nonce, aad: Aad<A>, in_out: &mut InOut, ) -> Result<(), Unspecified>
where A: AsRef<[u8]>, InOut: AsMut<[u8]> + for<'in_out> Extend<&'in_out u8>,

Accepts a Nonce and Aad construction that is unique for this key and TLS record sealing operation for the configured TLS protocol version.

nonce must be unique and incremented per each sealing operation, otherwise an error is returned.

§Errors

error::Unspecified if encryption operation fails.

Source

pub fn seal_in_place_separate_tag<A>( &mut self, nonce: Nonce, aad: Aad<A>, in_out: &mut [u8], ) -> Result<Tag, Unspecified>
where A: AsRef<[u8]>,

Encrypts and signs (“seals”) data in place.

aad is the additional authenticated data (AAD), if any. This is authenticated but not encrypted. The type A could be a byte slice &[u8], a byte array [u8; N] for some constant N, Vec<u8>, etc. If there is no AAD then use Aad::empty().

The plaintext is given as the input value of in_out. seal_in_place() will overwrite the plaintext with the ciphertext and return the tag. For most protocols, the caller must append the tag to the ciphertext. The tag will be self.algorithm.tag_len() bytes long.

The Nonce used for the operation is randomly generated, and returned to the caller.

§Errors

error::Unspecified if encryption operation fails.

Source

pub fn algorithm(&self) -> &'static Algorithm

The key’s AEAD algorithm.

Source

pub fn tls_protocol_id(&self) -> TlsProtocolId

The key’s associated TlsProtocolId.

Trait Implementations§

Source§

impl Debug for TlsRecordSealingKey

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.