module Bundle:
Parameters: |
|
Users should not call functions of the provider directly, but use
Netsys_ciphers
, or another higher-level layer.
type
scipher
val ciphers : scipher list
val find : string * string -> scipher
find (name,mode)
: Looks up a cipher by name and mode, or
raises Not_foundval name : scipher -> string
<uppercasestring>-<size>
, e.g.
"AES-128" or "TWOFISH-128". The size is normally the key size.val mode : scipher -> string
Note that the mode needs not to deal with padding (this is done
on a higher level).
val key_lengths : scipher -> (int * int) list
min,max
. If there is a recommended
key length, this should be the first.val iv_lengths : scipher -> (int * int) list
min,max
. If there is a recommended
iv length, this should be the first.val block_constraint : scipher -> int
val supports_aead : scipher -> bool
type
scipher_ctx
val create : scipher ->
string -> scipher_ctx
create c key
: create a new cipher context for key
. If not set,
the initialization vector is zero, and the header the empty string.val set_iv : scipher_ctx -> string -> unit
set_iv cctx iv
: Sets the initialization vector. This is only allowed
before encrypting or decrypting dataval set_header : scipher_ctx -> string -> unit
set_header cctx data
: Sets the additional header that is authenticated
for AEAD schemes. The header must have been set before starting the
encryption or decryption (otherwise it is assumed to be the empty
string).
For non-AEAD schemes, the header is ignored for encryption, and must
be empty for decryption.
val encrypt : scipher_ctx ->
Netsys_types.memory -> Netsys_types.memory -> unit
encrypt cctx inbuf outbuf
: Encrypts the data in inbuf
and writes
the result into outbuf
. Both buffers must have the same size.
It is not allowed to pass the same buffer as inbuf
and outbuf
.
In order to encrypt long texts, it is allowed to call encrypt
several
times in sequence.
val decrypt : scipher_ctx ->
Netsys_types.memory -> Netsys_types.memory -> bool
decrypt cctx inbuf outbuf
: Decrypts the data in inbuf
and writes
the result into outbuf
. Both buffers must have the same size.
It is not allowed to pass the same buffer as inbuf
and outbuf
.
The function returns true
on success, and false
if a problem
is detected.
In order to decrypt long texts, it is allowed to call decrypt
several
times in sequence.
val mac : scipher_ctx -> string
encrypt
/decrypt
. This function fails for non-AEAD ciphers.