Expand description
Cipher Block Chaining (CBC) mode.
Mode functionality is accessed using traits from re-exported cipher
crate.
§⚠️ Security Warning: Hazmat!
This crate does not ensure ciphertexts are authentic! Thus ciphertext integrity is not verified, which can lead to serious vulnerabilities!
§Example
use aes::cipher::{block_padding::Pkcs7, BlockDecryptMut, BlockEncryptMut, KeyIvInit};
use hex_literal::hex;
type Aes128CbcEnc = cbc::Encryptor<aes::Aes128>;
type Aes128CbcDec = cbc::Decryptor<aes::Aes128>;
let key = [0x42; 16];
let iv = [0x24; 16];
let plaintext = *b"hello world! this is my plaintext.";
let ciphertext = hex!(
"c7fe247ef97b21f07cbdd26cb5d346bf"
"d27867cb00d9486723e159978fb9a5f9"
"14cfb228a710de4171e396e7b6cf859e"
);
// encrypt/decrypt in-place
// buffer must be big enough for padded plaintext
let mut buf = [0u8; 48];
let pt_len = plaintext.len();
buf[..pt_len].copy_from_slice(&plaintext);
let ct = Aes128CbcEnc::new(&key.into(), &iv.into())
.encrypt_padded_mut::<Pkcs7>(&mut buf, pt_len)
.unwrap();
assert_eq!(ct, &ciphertext[..]);
let pt = Aes128CbcDec::new(&key.into(), &iv.into())
.decrypt_padded_mut::<Pkcs7>(&mut buf)
.unwrap();
assert_eq!(pt, &plaintext);
// encrypt/decrypt from buffer to buffer
let mut buf = [0u8; 48];
let ct = Aes128CbcEnc::new(&key.into(), &iv.into())
.encrypt_padded_b2b_mut::<Pkcs7>(&plaintext, &mut buf)
.unwrap();
assert_eq!(ct, &ciphertext[..]);
let mut buf = [0u8; 48];
let pt = Aes128CbcDec::new(&key.into(), &iv.into())
.decrypt_padded_b2b_mut::<Pkcs7>(&ct, &mut buf)
.unwrap();
assert_eq!(pt, &plaintext);
With enabled alloc
(or std
) feature you also can use allocating
convinience methods:
let res = Aes128CbcEnc::new(&key.into(), &iv.into())
.encrypt_padded_vec_mut::<Pkcs7>(&plaintext);
assert_eq!(res[..], ciphertext[..]);
let res = Aes128CbcDec::new(&key.into(), &iv.into())
.decrypt_padded_vec_mut::<Pkcs7>(&res)
.unwrap();
assert_eq!(res[..], plaintext[..]);
Re-exports§
pub use cipher;
Structs§
- CBC mode decryptor.
- CBC mode encryptor.