bearssl_aead.h - OpenGrok cross reference for /freebsd/contrib/bearssl/inc/bearssl

Lines Matching +full:exact +full:- +full:len
51  *   - A symmetric key. Exact size depends on the AEAD algorithm.
53  *   - A nonce (IV). Size depends on the AEAD algorithm; for most
58  *   - Data to encrypt and protect.
60  *   - Additional authenticated data, which is covered by the MAC but
77  *   - `br_xxx_init()`
80  *     Exact parameters depend on the algorithm, and may include
85  *   - `br_xxx_reset()`
90  *   - `br_xxx_aad_inject()`
95  *   - `br_xxx_flip()`
101  *   - `br_xxx_run()`
107  *   - `br_xxx_get_tag()`
114  *   - `br_xxx_check_tag()`
122  *   - Encryption does not expand the size of the ciphertext; there is
125  *   - The additional authenticated data must be processed first,
128  *   - Nonce, plaintext and additional authenticated data all consist
139  * ## Object-Oriented API
146  *   - `reset`
151  *   - `aad_inject`
155  *   - `flip`
160  *   - `get_tag`
164  *   - `check_tag`
205 	 * \param len   AEAD nonce length (in bytes).
207 	void (*reset)(const br_aead_class **cc, const void *iv, size_t len);
219 	 * \param len    length of additional authenticated data (in bytes).
222 		const void *data, size_t len);
240 	 * been called on the context. If `encrypt` is non-zero, then
248 	 * \param encrypt   non-zero for encryption, zero for decryption.
250 	 * \param len       data length (in bytes).
253 		void *data, size_t len);
294 	 * \return  1 on success (exact match of tag value), 0 otherwise.
309 	 * \param len   tag length (in bytes).
311 	void (*get_tag_trunc)(const br_aead_class **cc, void *tag, size_t len);
323 	 * \param len   tag length (in bytes).
324 	 * \return  1 on success (exact match of tag value), 0 otherwise.
327 		const void *tag, size_t len);
336  *   - Any block cipher with 16-byte blocks can be used with GCM.
338  *   - The nonce can have any length, from 0 up to 2^64-1 bits; however,
339  *     96-bit nonces (12 bytes) are recommended (nonces with a length
343  *   - Additional authenticated data may have length up to 2^64-1 bits.
345  *   - Message length may range up to 2^39-256 bits at most.
347  *   - The authentication tag has length 16 bytes.
375  * is provided. The block cipher MUST use 16-byte blocks in CTR mode,
400  * arbitrary length (up to 2^64-1 bits), but the "normal" length is
405  * \param len   GCM nonce length (in bytes).
407 void br_gcm_reset(br_gcm_context *ctx, const void *iv, size_t len);
415  * the maximum total size of additional authenticated data is 2^64-1
420  * \param len    length of additional authenticated data (in bytes).
422 void br_gcm_aad_inject(br_gcm_context *ctx, const void *data, size_t len);
440  * has been called on the context. If `encrypt` is non-zero, then the
445  * total length for data is 2^39-256 bits, i.e. about 65 gigabytes.
448  * \param encrypt   non-zero for encryption, zero for decryption.
450  * \param len       data length (in bytes).
452 void br_gcm_run(br_gcm_context *ctx, int encrypt, void *data, size_t len);
457  * Compute the GCM authentication tag. The tag is a 16-byte value which
486  * \return  1 on success (exact match of tag value), 0 otherwise.
495  * is provided as `len` (in bytes); it MUST be no more than 16, but
497  * forgeries easier; NIST SP 800-38D specifies that the tag length shall
519  * \param len   tag length (16 bytes or less).
521 void br_gcm_get_tag_trunc(br_gcm_context *ctx, void *tag, size_t len);
539  * \param len   tag length (in bytes).
540  * \return  1 on success (exact match of tag value), 0 otherwise.
543 	const void *tag, size_t len);
554  * CBC-MAC using the same block cipher and the same key, to provide
557  *   - Any block cipher with 16-byte blocks can be used with EAX
562  *   - The nonce can have any length, as long as nonce values are
566  *   - Additional authenticated data length is unlimited.
568  *   - Message length is unlimited.
570  *   - The authentication tag has length 16 bytes.
600  * for lower per-message overhead. Captured values do not depend on
613  * structure, is provided. The block cipher MUST use 16-byte blocks in
614  * CTR + CBC-MAC mode, and its secret key MUST have been already set in
626  * \brief Capture pre-AAD state.
628  * This function precomputes key-dependent data, and stores it in the
656  * \param len     EAX nonce length (in bytes).
658 void br_eax_reset(br_eax_context *ctx, const void *nonce, size_t len);
661  * \brief Reset an EAX context with a pre-AAD captured state.
664  * previously captured state structure for lower per-message overhead.
678  * \param st      pre-AAD captured state.
680  * \param len     EAX nonce length (in bytes).
683 	const void *nonce, size_t len);
686  * \brief Reset an EAX context with a post-AAD captured state.
689  * previously captured state structure for lower per-message overhead.
699  * \param st      post-AAD captured state.
701  * \param len     EAX nonce length (in bytes).
704 	const void *nonce, size_t len);
716  * \param len    length of additional authenticated data (in bytes).
718 void br_eax_aad_inject(br_eax_context *ctx, const void *data, size_t len);
736  * AAD-specific MAC value into the provided state. The MAC value depends
747 	memcpy(st->st[1], ctx->head, sizeof ctx->head);  in br_eax_get_aad_mac()
754  * has been called on the context. If `encrypt` is non-zero, then the
761  * \param encrypt   non-zero for encryption, zero for decryption.
763  * \param len       data length (in bytes).
765 void br_eax_run(br_eax_context *ctx, int encrypt, void *data, size_t len);
770  * Compute the EAX authentication tag. The tag is a 16-byte value which
799  * \return  1 on success (exact match of tag value), 0 otherwise.
808  * is provided as `len` (in bytes); it MUST be no more than 16, but
810  * forgeries easier; NIST SP 800-38D specifies that the tag length shall
832  * \param len   tag length (16 bytes or less).
834 void br_eax_get_tag_trunc(br_eax_context *ctx, void *tag, size_t len);
852  * \param len   tag length (in bytes).
853  * \return  1 on success (exact match of tag value), 0 otherwise.
856 	const void *tag, size_t len);
867  * CBC-MAC using the same block cipher and the same key, to provide
870  *   - Any block cipher with 16-byte blocks can be used with CCM
875  *   - The authentication tag length, and plaintext length, MUST be
880  *   - The nonce length is constrained between 7 and 13 bytes (inclusive).
882  *     15-nonceLen bytes; thus, if the nonce has length 13 bytes, then
885  *   - Additional authenticated data length is practically unlimited
888  *   - The authentication tag has length 4 to 16 bytes (even values only).
912  * structure, is provided. The block cipher MUST use 16-byte blocks in
913  * CTR + CBC-MAC mode, and its secret key MUST have been already set in
934  * exact.
938  * be exact. Moreover, that length MUST be less than 2^(8*(15-nonce_len)).
979  * \param len    length of additional authenticated data (in bytes).
981 void br_ccm_aad_inject(br_ccm_context *ctx, const void *data, size_t len);
999  * has been called on the context. If `encrypt` is non-zero, then the
1008  * \param encrypt   non-zero for encryption, zero for decryption.
1010  * \param len       data length (in bytes).
1012 void br_ccm_run(br_ccm_context *ctx, int encrypt, void *data, size_t len);
1051  * \return  1 on success (exact match of tag value), 0 otherwise.