{ "classes": [ { "constants": [], "types": [], "name": "@eryx/crypto/aes", "tags": [], "functions": [ { "source": { "path": "", "line": 44 }, "is_method": false, "signature": "aes.encryptCBC(\n key: buffer, -- AES key - 16, 24, or 32 bytes (128/192/256-bit).\n iv: buffer, -- Initialisation vector - 16 bytes.\n data: buffer -- Plaintext to encrypt.\n) → (\n buffer -- Ciphertext (length rounded up to a 16-byte block boundary). \n)", "owner": "aes", "desc": "Encrypts `data` with AES-CBC (PKCS#7 padding).\n\nThe same (key, IV) pair must never be reused. Generate a random IV\nper message and transmit it alongside the ciphertext.\n", "tags": [], "name": "encryptCBC", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Ciphertext (length rounded up to a 16-byte block boundary). " } ], "params": [ { "lua_type": "buffer", "name": "key", "desc": "AES key - 16, 24, or 32 bytes (128/192/256-bit)." }, { "lua_type": "buffer", "name": "iv", "desc": "Initialisation vector - 16 bytes." }, { "lua_type": "buffer", "name": "data", "desc": "Plaintext to encrypt." } ] }, { "source": { "path": "", "line": 56 }, "is_method": false, "signature": "aes.decryptCBC(\n key: buffer, -- AES key - 16, 24, or 32 bytes.\n iv: buffer, -- Initialisation vector - 16 bytes.\n data: buffer -- Ciphertext to decrypt.\n) → (\n buffer -- Plaintext. \n)", "owner": "aes", "desc": "Decrypts AES-CBC ciphertext (strips PKCS#7 padding).\n", "tags": [], "name": "decryptCBC", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Plaintext. " } ], "params": [ { "lua_type": "buffer", "name": "key", "desc": "AES key - 16, 24, or 32 bytes." }, { "lua_type": "buffer", "name": "iv", "desc": "Initialisation vector - 16 bytes." }, { "lua_type": "buffer", "name": "data", "desc": "Ciphertext to decrypt." } ] }, { "source": { "path": "", "line": 72 }, "is_method": false, "signature": "aes.encryptCTR(\n key: buffer, -- AES key - 16, 24, or 32 bytes.\n iv: buffer, -- Counter/nonce block - 16 bytes.\n data: buffer -- Plaintext to encrypt.\n) → (\n buffer -- Ciphertext (same length as input). \n)", "owner": "aes", "desc": "Encrypts `data` with AES-CTR (stream cipher; no padding).\n\nCTR mode is length-preserving. The `iv` parameter is the 16-byte\ncounter block (typically a random nonce). A (key, IV) pair must\nnever be reused.\n", "tags": [], "name": "encryptCTR", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Ciphertext (same length as input). " } ], "params": [ { "lua_type": "buffer", "name": "key", "desc": "AES key - 16, 24, or 32 bytes." }, { "lua_type": "buffer", "name": "iv", "desc": "Counter/nonce block - 16 bytes." }, { "lua_type": "buffer", "name": "data", "desc": "Plaintext to encrypt." } ] }, { "source": { "path": "", "line": 87 }, "is_method": false, "signature": "aes.decryptCTR(\n key: buffer, -- AES key - 16, 24, or 32 bytes.\n iv: buffer, -- Counter/nonce block - 16 bytes.\n data: buffer -- Ciphertext to decrypt.\n) → (\n buffer -- Plaintext (same length as input). \n)", "owner": "aes", "desc": "Decrypts AES-CTR ciphertext.\n\nCTR decryption is identical to encryption; this function is provided\nfor API symmetry.\n", "tags": [], "name": "decryptCTR", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Plaintext (same length as input). " } ], "params": [ { "lua_type": "buffer", "name": "key", "desc": "AES key - 16, 24, or 32 bytes." }, { "lua_type": "buffer", "name": "iv", "desc": "Counter/nonce block - 16 bytes." }, { "lua_type": "buffer", "name": "data", "desc": "Ciphertext to decrypt." } ] }, { "source": { "path": "", "line": 112 }, "is_method": false, "signature": "aes.encryptGCM(\n key: buffer, -- AES key - 16, 24, or 32 bytes.\n nonce: buffer, -- Nonce - 12 bytes recommended.\n data: buffer, -- Plaintext to encrypt.\n aad: buffer? -- Additional authenticated data (not encrypted, but covered by tag).\n) → (\n buffer, -- Ciphertext.\n buffer -- 16-byte authentication tag. \n)", "owner": "aes", "desc": "Encrypts `data` with AES-GCM, returning the ciphertext and\nauthentication tag separately.\n\nGCM provides authenticated encryption: the tag covers both the\nciphertext and any additional authenticated data (`aad`). A\n(key, nonce) pair must never be reused; 12-byte random nonces are\nstandard.\n\n```luau\nlocal ct, tag = aes.gcm_encrypt(key, nonce, plain, aad)\nlocal pt = aes.gcm_decrypt(key, nonce, ct, tag, aad)\n```\n", "tags": [], "name": "encryptGCM", "return_str": "(buffer, buffer)", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Ciphertext." }, { "lua_type": "buffer", "desc": "16-byte authentication tag. " } ], "params": [ { "lua_type": "buffer", "name": "key", "desc": "AES key - 16, 24, or 32 bytes." }, { "lua_type": "buffer", "name": "nonce", "desc": "Nonce - 12 bytes recommended." }, { "lua_type": "buffer", "name": "data", "desc": "Plaintext to encrypt." }, { "lua_type": "buffer?", "name": "aad", "desc": "Additional authenticated data (not encrypted, but covered by tag)." } ] }, { "source": { "path": "", "line": 129 }, "is_method": false, "signature": "aes.decryptGCM(\n key: buffer, -- AES key - 16, 24, or 32 bytes.\n nonce: buffer, -- Nonce - must match the value used during encryption.\n ct: buffer, -- Ciphertext.\n tag: buffer, -- 16-byte authentication tag.\n aad: buffer? -- Additional authenticated data (must match encryption).\n) → (\n buffer -- Plaintext. \n)", "owner": "aes", "desc": "Decrypts AES-GCM ciphertext and verifies the authentication tag.\n\nRaises an error if the tag does not match (i.e. the data has been\ntampered with or the wrong key/nonce/aad was supplied).\n", "tags": [], "name": "decryptGCM", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Plaintext. " } ], "params": [ { "lua_type": "buffer", "name": "key", "desc": "AES key - 16, 24, or 32 bytes." }, { "lua_type": "buffer", "name": "nonce", "desc": "Nonce - must match the value used during encryption." }, { "lua_type": "buffer", "name": "ct", "desc": "Ciphertext." }, { "lua_type": "buffer", "name": "tag", "desc": "16-byte authentication tag." }, { "lua_type": "buffer?", "name": "aad", "desc": "Additional authenticated data (must match encryption)." } ] }, { "source": { "path": "", "line": 147 }, "is_method": false, "signature": "aes.encryptCCM(\n key: buffer, -- AES key - 16, 24, or 32 bytes.\n nonce: buffer, -- Nonce - 7 to 13 bytes.\n data: buffer, -- Plaintext to encrypt.\n aad: buffer? -- Additional authenticated data.\n) → (\n buffer, -- Ciphertext.\n buffer -- Authentication tag. \n)", "owner": "aes", "desc": "Encrypts `data` with AES-CCM, returning the ciphertext and\nauthentication tag separately.\n\nCCM is an AEAD mode similar to GCM but based on CBC-MAC. The nonce\nmust be 7–13 bytes; shorter nonces allow larger messages.\n", "tags": [], "name": "encryptCCM", "return_str": "(buffer, buffer)", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Ciphertext." }, { "lua_type": "buffer", "desc": "Authentication tag. " } ], "params": [ { "lua_type": "buffer", "name": "key", "desc": "AES key - 16, 24, or 32 bytes." }, { "lua_type": "buffer", "name": "nonce", "desc": "Nonce - 7 to 13 bytes." }, { "lua_type": "buffer", "name": "data", "desc": "Plaintext to encrypt." }, { "lua_type": "buffer?", "name": "aad", "desc": "Additional authenticated data." } ] }, { "source": { "path": "", "line": 163 }, "is_method": false, "signature": "aes.decryptCCM(\n key: buffer, -- AES key - 16, 24, or 32 bytes.\n nonce: buffer, -- Nonce - must match the value used during encryption.\n ct: buffer, -- Ciphertext.\n tag: buffer, -- Authentication tag.\n aad: buffer? -- Additional authenticated data (must match encryption).\n) → (\n buffer -- Plaintext. \n)", "owner": "aes", "desc": "Decrypts AES-CCM ciphertext and verifies the authentication tag.\n\nRaises an error if the tag does not match.\n", "tags": [], "name": "decryptCCM", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Plaintext. " } ], "params": [ { "lua_type": "buffer", "name": "key", "desc": "AES key - 16, 24, or 32 bytes." }, { "lua_type": "buffer", "name": "nonce", "desc": "Nonce - must match the value used during encryption." }, { "lua_type": "buffer", "name": "ct", "desc": "Ciphertext." }, { "lua_type": "buffer", "name": "tag", "desc": "Authentication tag." }, { "lua_type": "buffer?", "name": "aad", "desc": "Additional authenticated data (must match encryption)." } ] }, { "source": { "path": "", "line": 173 }, "is_method": false, "signature": "aes.encryptECB(\n key: buffer, -- AES key - 16, 24, or 32 bytes.\n data: buffer -- Plaintext to encrypt.\n) → (\n buffer -- Ciphertext (length rounded up to a 16-byte block boundary). \n)", "owner": "aes", "desc": "Encrypts `data` with AES-ECB (PKCS#7 padding).", "tags": [], "name": "encryptECB", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Ciphertext (length rounded up to a 16-byte block boundary). " } ], "params": [ { "lua_type": "buffer", "name": "key", "desc": "AES key - 16, 24, or 32 bytes." }, { "lua_type": "buffer", "name": "data", "desc": "Plaintext to encrypt." } ] }, { "source": { "path": "", "line": 183 }, "is_method": false, "signature": "aes.decryptECB(\n key: buffer, -- AES key - 16, 24, or 32 bytes.\n data: buffer -- Ciphertext to decrypt.\n) → (\n buffer -- Plaintext. \n)", "owner": "aes", "desc": "Decrypts AES-ECB ciphertext (strips PKCS#7 padding).", "tags": [], "name": "decryptECB", "return_str": "buffer", "function_type": "Function", "returns": [ { "lua_type": "buffer", "desc": "Plaintext. " } ], "params": [ { "lua_type": "buffer", "name": "key", "desc": "AES key - 16, 24, or 32 bytes." }, { "lua_type": "buffer", "name": "data", "desc": "Ciphertext to decrypt." } ] } ], "properties": [], "source": { "path": "", "line": 0 }, "desc": "AES (Advanced Encryption Standard) symmetric encryption.\n\nSupports 128-, 192-, and 256-bit keys (determined by key length).\nThree operation modes are provided:\n\n- **CBC** – Cipher Block Chaining with PKCS#7 padding. Requires an\n IV; do not reuse (key, IV) pairs.\n- **CTR** – Counter mode. Turns AES into a stream cipher; no padding.\n The IV is the initial counter block (16 bytes).\n- **GCM** – Galois/Counter Mode. Authenticated encryption (AEAD).\n Returns ciphertext and a 16-byte authentication tag separately.\n- **CCM** – Counter with CBC-MAC. Another AEAD mode; nonce must be\n 7–13 bytes.\n\n```luau\nlocal aes = require(\"@eryx/crypto/aes\")\n\nlocal key = buffer.fromstring(\"0123456789abcdef\") -- 16-byte AES-128\nlocal iv = buffer.fromstring(\"0000000000000000\")\nlocal plain = buffer.fromstring(\"Hello, AES!\")\n\nlocal ct = aes.cbc_encrypt(key, iv, plain)\nlocal pt = aes.cbc_decrypt(key, iv, ct)\nassert(buffer.tostring(pt) == \"Hello, AES!\")\n```\n" } ] }