Lines Matching +full:zero +full:- +full:initialised

51  *   - A symmetric key. Exact size depends on the AEAD algorithm.
53 * - A nonce (IV). Size depends on the AEAD algorithm; for most
58 * - Data to encrypt and protect.
60 * - Additional authenticated data, which is covered by the MAC but
77 * - `br_xxx_init()`
85 * - `br_xxx_reset()`
90 * - `br_xxx_aad_inject()`
95 * - `br_xxx_flip()`
101 * - `br_xxx_run()`
107 * - `br_xxx_get_tag()`
114 * - `br_xxx_check_tag()`
122 * - Encryption does not expand the size of the ciphertext; there is
125 * - The additional authenticated data must be processed first,
128 * - Nonce, plaintext and additional authenticated data all consist
139 * ## Object-Oriented API
146 * - `reset`
151 * - `aad_inject`
155 * - `flip`
160 * - `get_tag`
164 * - `check_tag`
192 * This function resets an already initialised AEAD context for
240 * been called on the context. If `encrypt` is non-zero, then
248 * \param encrypt non-zero for encryption, zero for decryption.
336 * - Any block cipher with 16-byte blocks can be used with GCM.
338 * - The nonce can have any length, from 0 up to 2^64-1 bits; however,
339 * 96-bit nonces (12 bytes) are recommended (nonces with a length
343 * - Additional authenticated data may have length up to 2^64-1 bits.
345 * - Message length may range up to 2^39-256 bits at most.
347 * - The authentication tag has length 16 bytes.
374 * A block cipher implementation, with its initialised context structure,
375 * is provided. The block cipher MUST use 16-byte blocks in CTR mode,
384 * \param bctx block cipher context (already initialised with secret key).
393 * This function resets an already initialised GCM context for a new
400 * arbitrary length (up to 2^64-1 bits), but the "normal" length is
415 * the maximum total size of additional authenticated data is 2^64-1
440 * has been called on the context. If `encrypt` is non-zero, then the
445 * total length for data is 2^39-256 bits, i.e. about 65 gigabytes.
448 * \param encrypt non-zero for encryption, zero for decryption.
457 * Compute the GCM authentication tag. The tag is a 16-byte value which
497 * forgeries easier; NIST SP 800-38D specifies that the tag length shall
554 * CBC-MAC using the same block cipher and the same key, to provide
557 * - Any block cipher with 16-byte blocks can be used with EAX
562 * - The nonce can have any length, as long as nonce values are
566 * - Additional authenticated data length is unlimited.
568 * - Message length is unlimited.
570 * - The authentication tag has length 16 bytes.
600 * for lower per-message overhead. Captured values do not depend on
612 * A block cipher implementation, with its initialised context
613 * structure, is provided. The block cipher MUST use 16-byte blocks in
614 * CTR + CBC-MAC mode, and its secret key MUST have been already set in
621 * \param bctx block cipher context (already initialised with secret key).
626 * \brief Capture pre-AAD state.
628 * This function precomputes key-dependent data, and stores it in the
643 * This function resets an already initialised EAX context for a new
661 * \brief Reset an EAX context with a pre-AAD captured state.
664 * previously captured state structure for lower per-message overhead.
678 * \param st pre-AAD captured state.
686 * \brief Reset an EAX context with a post-AAD captured state.
689 * previously captured state structure for lower per-message overhead.
699 * \param st post-AAD captured state.
736 * AAD-specific MAC value into the provided state. The MAC value depends
747 memcpy(st->st[1], ctx->head, sizeof ctx->head); in br_eax_get_aad_mac()
754 * has been called on the context. If `encrypt` is non-zero, then the
761 * \param encrypt non-zero for encryption, zero for decryption.
770 * Compute the EAX authentication tag. The tag is a 16-byte value which
810 * forgeries easier; NIST SP 800-38D specifies that the tag length shall
867 * CBC-MAC using the same block cipher and the same key, to provide
870 * - Any block cipher with 16-byte blocks can be used with CCM
875 * - The authentication tag length, and plaintext length, MUST be
880 * - The nonce length is constrained between 7 and 13 bytes (inclusive).
882 * 15-nonceLen bytes; thus, if the nonce has length 13 bytes, then
885 * - Additional authenticated data length is practically unlimited
888 * - The authentication tag has length 4 to 16 bytes (even values only).
911 * A block cipher implementation, with its initialised context
912 * structure, is provided. The block cipher MUST use 16-byte blocks in
913 * CTR + CBC-MAC mode, and its secret key MUST have been already set in
920 * \param bctx block cipher context (already initialised with secret key).
927 * This function resets an already initialised CCM context for a new
933 * additional authenticated data. It may be zero. That length MUST be
938 * be exact. Moreover, that length MUST be less than 2^(8*(15-nonce_len)).
999 * has been called on the context. If `encrypt` is non-zero, then the
1008 * \param encrypt non-zero for encryption, zero for decryption.
1018 * run: all data must have been injected with `br_ccm_run()` (in zero,