Skip to content

Latest commit

 

History

History
79 lines (60 loc) · 2.7 KB

AES_SIV_Encrypt.adoc

File metadata and controls

79 lines (60 loc) · 2.7 KB
Raw

AES_SIV_Encrypt(3) Manual Page

NAME

AES_SIV_Encrypt, AES_SIV_Decrypt - AES-SIV high-level interface

SYNOPSIS

#include <aes_siv.h>

int AES_SIV_Encrypt(AES_SIV_CTX *ctx,
                    unsigned char *out, size_t *out_len,
                    unsigned char const* key, size_t key_len,
                    unsigned char const* nonce, size_t nonce_len,
                    unsigned char const* plaintext, size_t plaintext_len,
                    unsigned char const* ad, size_t ad_len);

int AES_SIV_Decrypt(AES_SIV_CTX *ctx,
                    unsigned char *out, size_t *out_len,
                    unsigned char const* key, size_t key_len,
                    unsigned char const* nonce, size_t nonce_len,
                    unsigned char const* ciphertext, size_t ciphertext_len,
                    unsigned char const* ad, size_t ad_len);

DESCRIPTION

These functions provide a high-level interface for AES-SIV encryption and decryption, complying with RFC 5297.

AES_SIV_Encrypt() uses the provided ctx to encrypt the provided plaintext and associated data ad using the provided key and nonce, and outputs up to *out_len bytes of ciphertext into the memory pointed to by out. It sets *out_len to the actual output length, which will always be plaintext_len + 16.

AES_SIV_Decrypt() uses the provided ctx to authenticate and decrypt the provided ciphertext and associated data ad using the provided key and nonce, and outputs up to *out_len bytes of plaintext into the memory pointed to by out. It sets *out_len to the actual output length, which will always be ciphertext_len - 16.

key_len is given in bytes and must be 32, 48, or 64.

For deterministic encryption, the nonce may be NULL; note that this is distinct from providing a zero-length nonce; see NOTES.

NOTES

The output of AES_SIV_Encrypt() is formatted as a 16-byte authentication tag followed by the actual ciphertext. Plaintext may be encrypted in-place by letting plaintext equal &out[16]. Similarly, ciphertext may be authenticated and decrypted in-place by letting out equal &ciphertext[16].

RFC 5297 defines AES-SIV in such a way that deterministic use (i.e, not providing a nonce) is distinct from providing a nonce of zero length. The latter (a zero-length-onnce) is supported by libaes_siv but not recommended, and RFC 5297 is ambiguous as to whether it ought to be permitted: the operation is clearly defined, but the IANA registrations for AES-SIV’s RFC 5116 interface specify an N_MIN of 1.

RETURN VALUE

These functions return 1 on success and 0 on failure.

SEE ALSO

AES_SIV_CTX_new(3), AES_SIV_Init(3), RFC 5297