RustCrypto · tarcieri · Mar 13, 2025
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/aes-gcm-siv/src/lib.rs b/aes-gcm-siv/src/lib.rs
@@ -78,18 +78,18 @@
 //! provide an impl of [`aead::Buffer`] for `bytes::BytesMut` (re-exported from the
 //! [`aead`] crate as [`aead::bytes::BytesMut`]).
 
-pub use aead::{self, AeadCore, AeadInPlaceDetached, Error, Key, KeyInit, KeySizeUser};
+pub use aead::{self, AeadCore, AeadInOut, Error, Key, KeyInit, KeySizeUser};
 
 #[cfg(feature = "aes")]
 pub use aes;
 
-use aead::PostfixTagged;
+use aead::{inout::InOutBuf, PostfixTagged};
 use cipher::{
-    BlockCipherEncrypt, BlockSizeUser, InnerIvInit, StreamCipherCore,
     array::Array,
     consts::{U12, U16},
+    BlockCipherEncrypt, BlockSizeUser, InnerIvInit, StreamCipherCore,
 };
-use polyval::{Polyval, universal_hash::UniversalHash};
+use polyval::{universal_hash::UniversalHash, Polyval};
 
 /// AES is optional to allow swapping in hardware-specific backends.
 #[cfg(feature = "aes")]
@@ -165,28 +165,28 @@ where
 
 impl<Aes> PostfixTagged for AesGcmSiv<Aes> {}
 
-impl<Aes> AeadInPlaceDetached for AesGcmSiv<Aes>
+impl<Aes> AeadInOut for AesGcmSiv<Aes>
 where
     Aes: BlockSizeUser<BlockSize = U16> + BlockCipherEncrypt + KeyInit,
 {
-    fn encrypt_in_place_detached(
+    fn encrypt_inout_detached(
         &self,
         nonce: &Nonce,
         associated_data: &[u8],
-        buffer: &mut [u8],
+        buffer: InOutBuf<'_, '_, u8>,
     ) -> Result<Tag, Error> {
         Cipher::<Aes>::new(&self.key_generating_key, nonce)
-            .encrypt_in_place_detached(associated_data, buffer)
+            .encrypt_inout_detached(associated_data, buffer)
     }
 
-    fn decrypt_in_place_detached(
+    fn decrypt_inout_detached(
         &self,
         nonce: &Nonce,
         associated_data: &[u8],
-        buffer: &mut [u8],
+        buffer: InOutBuf<'_, '_, u8>,
         tag: &Tag,
     ) -> Result<(), Error> {
-        Cipher::<Aes>::new(&self.key_generating_key, nonce).decrypt_in_place_detached(
+        Cipher::<Aes>::new(&self.key_generating_key, nonce).decrypt_inout_detached(
             associated_data,
             buffer,
             tag,
@@ -268,10 +268,10 @@ where
     }
 
     /// Encrypt the given message in-place, returning the authentication tag.
-    pub(crate) fn encrypt_in_place_detached(
+    pub(crate) fn encrypt_inout_detached(
         mut self,
         associated_data: &[u8],
-        buffer: &mut [u8],
+        buffer: InOutBuf<'_, '_, u8>,
     ) -> Result<Tag, Error> {
         if buffer.len() as u64 > P_MAX || associated_data.len() as u64 > A_MAX {
             return Err(Error);
@@ -288,10 +288,10 @@ where
 
     /// Decrypt the given message, first authenticating ciphertext integrity
     /// and returning an error if it's been tampered with.
-    pub(crate) fn decrypt_in_place_detached(
+    pub(crate) fn decrypt_inout_detached(
         mut self,
         associated_data: &[u8],
-        buffer: &mut [u8],
+        buffer: InOutBuf<'_, '_, u8>,
         tag: &Tag,
     ) -> Result<(), Error> {
         if buffer.len() as u64 > C_MAX || associated_data.len() as u64 > A_MAX {

diff --git a/aes-gcm/src/lib.rs b/aes-gcm/src/lib.rs
@@ -98,26 +98,26 @@
 //! provide an impl of [`aead::Buffer`] for `bytes::BytesMut` (re-exported from the
 //! [`aead`] crate as [`aead::bytes::BytesMut`]).
 
-pub use aead::{self, AeadCore, AeadInPlaceDetached, Error, Key, KeyInit, KeySizeUser};
+pub use aead::{self, AeadCore, AeadInOut, Error, Key, KeyInit, KeySizeUser};
 
 #[cfg(feature = "aes")]
 pub use aes;
 
-use aead::PostfixTagged;
+use aead::{inout::InOutBuf, PostfixTagged};
 
 use cipher::{
-    BlockCipherEncrypt, BlockSizeUser, InnerIvInit, StreamCipherCore,
     array::{Array, ArraySize},
     consts::U16,
+    BlockCipherEncrypt, BlockSizeUser, InnerIvInit, StreamCipherCore,
 };
 use core::marker::PhantomData;
-use ghash::{GHash, universal_hash::UniversalHash};
+use ghash::{universal_hash::UniversalHash, GHash};
 
 #[cfg(feature = "zeroize")]
 use zeroize::Zeroize;
 
 #[cfg(feature = "aes")]
-use aes::{Aes128, Aes256, cipher::consts::U12};
+use aes::{cipher::consts::U12, Aes128, Aes256};
 
 /// Maximum length of associated data.
 pub const A_MAX: u64 = 1 << 36;
@@ -260,17 +260,17 @@ impl<Aes, NonceSize, TagSize> PostfixTagged for AesGcm<Aes, NonceSize, TagSize>
 {
 }
 
-impl<Aes, NonceSize, TagSize> AeadInPlaceDetached for AesGcm<Aes, NonceSize, TagSize>
+impl<Aes, NonceSize, TagSize> AeadInOut for AesGcm<Aes, NonceSize, TagSize>
 where
     Aes: BlockSizeUser<BlockSize = U16> + BlockCipherEncrypt,
     NonceSize: ArraySize,
     TagSize: self::TagSize,
 {
-    fn encrypt_in_place_detached(
+    fn encrypt_inout_detached(
         &self,
         nonce: &Nonce<NonceSize>,
         associated_data: &[u8],
-        buffer: &mut [u8],
+        buffer: InOutBuf<'_, '_, u8>,
     ) -> Result<Tag<TagSize>, Error> {
         if buffer.len() as u64 > P_MAX || associated_data.len() as u64 > A_MAX {
             return Err(Error);
@@ -286,11 +286,11 @@ where
         Ok(Tag::try_from(&full_tag[..TagSize::to_usize()]).expect("tag size mismatch"))
     }
 
-    fn decrypt_in_place_detached(
+    fn decrypt_inout_detached(
         &self,
         nonce: &Nonce<NonceSize>,
         associated_data: &[u8],
-        buffer: &mut [u8],
+        buffer: InOutBuf<'_, '_, u8>,
         tag: &Tag<TagSize>,
     ) -> Result<(), Error> {
         if buffer.len() as u64 > C_MAX || associated_data.len() as u64 > A_MAX {

diff --git a/aes-gcm/tests/aes128gcm.rs b/aes-gcm/tests/aes128gcm.rs
@@ -7,7 +7,7 @@ mod common;
 
 use self::common::TestVector;
 use aes_gcm::Aes128Gcm;
-use aes_gcm::aead::{Aead, AeadInPlaceDetached, KeyInit, Payload, array::Array};
+use aes_gcm::aead::{Aead, AeadInOut, KeyInit, Payload, array::Array};
 use hex_literal::hex;
 
 /// NIST CAVS vectors

diff --git a/aes-gcm/tests/aes256gcm.rs b/aes-gcm/tests/aes256gcm.rs
@@ -7,7 +7,7 @@ mod common;
 
 use self::common::TestVector;
 use aes_gcm::Aes256Gcm;
-use aes_gcm::aead::{Aead, AeadInPlaceDetached, KeyInit, Payload, array::Array};
+use aes_gcm::aead::{Aead, AeadInOut, KeyInit, Payload, array::Array};
 use hex_literal::hex;
 
 /// NIST CAVS vectors

diff --git a/aes-gcm/tests/common/mod.rs b/aes-gcm/tests/common/mod.rs
@@ -77,7 +77,7 @@ macro_rules! tests {
         }
 
         #[test]
-        fn decrypt_in_place_detached_modified() {
+        fn decrypt_inout_detached_modified() {
             let vector = &$vectors.iter().last().unwrap();
             let key = Array(*vector.key);
             let nonce = Array(*vector.nonce);
@@ -92,7 +92,7 @@ macro_rules! tests {
             let cipher = <$aead>::new(&key);
             assert!(
                 cipher
-                    .decrypt_in_place_detached(&nonce, &[], &mut buffer, &tag)
+                    .decrypt_inout_detached(&nonce, &[], &mut buffer, &tag)
                     .is_err()
             );
 

diff --git a/aes-siv/src/lib.rs b/aes-siv/src/lib.rs
@@ -83,15 +83,14 @@ extern crate alloc;
 
 pub mod siv;
 
-pub use aead::{
-    self, AeadCore, AeadInPlace, AeadInPlaceDetached, Error, Key, KeyInit, KeySizeUser,
-};
+pub use aead::{self, AeadCore, AeadInOut, AeadInPlace, Error, Key, KeyInit, KeySizeUser};
 
 use crate::siv::Siv;
 use aead::{
     Buffer,
     array::Array,
     consts::{U1, U16, U32, U64},
+    inout::InOutBuf,
 };
 use aes::{Aes128, Aes256};
 use cipher::{BlockCipherEncrypt, BlockSizeUser, array::ArraySize, typenum::IsGreaterOrEqual};
@@ -241,7 +240,7 @@ where
     }
 }
 
-impl<C, M, NonceSize> AeadInPlaceDetached for SivAead<C, M, NonceSize>
+impl<C, M, NonceSize> AeadInOut for SivAead<C, M, NonceSize>
 where
     Self: KeySizeUser,
     Siv<C, M>: KeyInit + KeySizeUser<KeySize = <Self as KeySizeUser>::KeySize>,
@@ -250,24 +249,24 @@ where
     <C as KeySizeUser>::KeySize: Add,
     NonceSize: ArraySize + IsGreaterOrEqual<U1>,
 {
-    fn encrypt_in_place_detached(
+    fn encrypt_inout_detached(
         &self,
         nonce: &Array<u8, Self::NonceSize>,
         associated_data: &[u8],
-        buffer: &mut [u8],
+        buffer: InOutBuf<'_, '_, u8>,
     ) -> Result<Array<u8, Self::TagSize>, Error> {
         Siv::<C, M>::new(&self.key)
-            .encrypt_in_place_detached([associated_data, nonce.as_slice()], buffer)
+            .encrypt_inout_detached([associated_data, nonce.as_slice()], buffer)
     }
 
-    fn decrypt_in_place_detached(
+    fn decrypt_inout_detached(
         &self,
         nonce: &Array<u8, Self::NonceSize>,
         associated_data: &[u8],
-        buffer: &mut [u8],
+        buffer: InOutBuf<'_, '_, u8>,
         tag: &Array<u8, Self::TagSize>,
     ) -> Result<(), Error> {
-        Siv::<C, M>::new(&self.key).decrypt_in_place_detached(
+        Siv::<C, M>::new(&self.key).decrypt_inout_detached(
             [associated_data, nonce.as_slice()],
             buffer,
             tag,

diff --git a/aes-siv/src/siv.rs b/aes-siv/src/siv.rs
@@ -72,6 +72,7 @@ use crate::Tag;
 use aead::{
     Buffer, Error,
     array::{Array, ArraySize, typenum::U16},
+    inout::InOutBuf,
 };
 use aes::{Aes128, Aes256};
 use cipher::{
@@ -209,10 +210,10 @@ where
         // Make room in the buffer for the SIV tag. It needs to be prepended.
         buffer.extend_from_slice(Tag::default().as_slice())?;
 
-        // TODO(tarcieri): add offset param to `encrypt_in_place_detached`
+        // TODO(tarcieri): add offset param to `encrypt_inout_detached`
         buffer.as_mut().copy_within(..pt_len, IV_SIZE);
 
-        let tag = self.encrypt_in_place_detached(headers, &mut buffer.as_mut()[IV_SIZE..])?;
+        let tag = self.encrypt_inout_detached(headers, &mut buffer.as_mut()[IV_SIZE..])?;
         buffer.as_mut()[..IV_SIZE].copy_from_slice(tag.as_slice());
         Ok(())
     }
@@ -223,10 +224,10 @@ where
     ///
     /// Returns [`Error`] if `plaintext.len()` is less than `M::OutputSize`.
     /// Returns [`Error`] if `headers.len()` is greater than [`MAX_HEADERS`].
-    pub fn encrypt_in_place_detached<I, T>(
+    pub fn encrypt_inout_detached<I, T>(
         &mut self,
         headers: I,
-        plaintext: &mut [u8],
+        plaintext: InOutBuf<'_, '_, u8>,
     ) -> Result<Tag, Error>
     where
         I: IntoIterator<Item = T>,
@@ -270,11 +271,11 @@ where
         }
 
         let siv_tag = Tag::try_from(&buffer.as_ref()[..IV_SIZE]).expect("tag size mismatch");
-        self.decrypt_in_place_detached(headers, &mut buffer.as_mut()[IV_SIZE..], &siv_tag)?;
+        self.decrypt_inout_detached(headers, &mut buffer.as_mut()[IV_SIZE..], &siv_tag)?;
 
         let pt_len = buffer.len() - IV_SIZE;
 
-        // TODO(tarcieri): add offset param to `encrypt_in_place_detached`
+        // TODO(tarcieri): add offset param to `encrypt_inout_detached`
         buffer.as_mut().copy_within(IV_SIZE.., 0);
         buffer.truncate(pt_len);
         Ok(())
@@ -286,10 +287,10 @@ where
     /// # Errors
     ///
     /// Returns [`Error`] if the ciphertext is not authentic
-    pub fn decrypt_in_place_detached<I, T>(
+    pub fn decrypt_inout_detached<I, T>(
         &mut self,
         headers: I,
-        ciphertext: &mut [u8],
+        ciphertext: InOutBuf<'_, '_, u8>,
         siv_tag: &Tag,
     ) -> Result<(), Error>
     where