Plasma GitLab Archive
Projects Blog Knowledge

Functor Netsys_crypto_modes.Bundle

module Bundle: 

Bundle a list of ciphers as crypto module

Parameters:
C : CIPHERS

Symmetric cryptographic ciphers.

Users should not call functions of the provider directly, but use Netsys_ciphers, or another higher-level layer.

type scipher 

Describes a cipher

val ciphers : scipher list

List of supported ciphers. OCamlnet implements a number of modes anyway, and it is normally only required to implement "ECB" here. If there is special hardware acceleration, though, it is an option to provide accelerated modes too (e.g. some CPUs support AES-GCM specially).

val find : string * string -> scipher

find (name,mode): Looks up a cipher by name and mode, or raises Not_found

val name : scipher -> string

Returns the name. This should follow the convention <uppercasestring>-<size>, e.g. "AES-128" or "TWOFISH-128". The size is normally the key size.

val mode : scipher -> string

Returns the mode. Modes are "ECB", "CBC", "OFB", "CTR", "STREAM", "GCM".

Note that the mode needs not to deal with padding (this is done on a higher level).

val key_lengths : scipher -> (int * int) list

Supported key lengths as pairs min,max. If there is a recommended key length, this should be the first.

val iv_lengths : scipher -> (int * int) list

Supported iv lengths as pairs min,max. If there is a recommended iv length, this should be the first.

val block_constraint : scipher -> int

The buffers used with encrypt/decrypt must have a length that is a multiple of this number. (In ECB mode, this is the block size.)

val supports_aead : scipher -> bool

Whether this cipher integrates authentication

type scipher_ctx 

A cipher context stores processing data while encrypting or decrypting data

val create : scipher ->
string -> scipher_ctx

create c key: create a new cipher context for key. If not set, the initialization vector is zero, and the header the empty string.

val set_iv : scipher_ctx -> string -> unit

set_iv cctx iv: Sets the initialization vector. This is only allowed before encrypting or decrypting data

val set_header : scipher_ctx -> string -> unit

set_header cctx data: Sets the additional header that is authenticated for AEAD schemes. The header must have been set before starting the encryption or decryption (otherwise it is assumed to be the empty string).

For non-AEAD schemes, the header is ignored for encryption, and must be empty for decryption.

val encrypt : scipher_ctx ->
Netsys_types.memory -> Netsys_types.memory -> unit

encrypt cctx inbuf outbuf: Encrypts the data in inbuf and writes the result into outbuf. Both buffers must have the same size. It is not allowed to pass the same buffer as inbuf and outbuf.

In order to encrypt long texts, it is allowed to call encrypt several times in sequence.

val decrypt : scipher_ctx ->
Netsys_types.memory -> Netsys_types.memory -> bool

decrypt cctx inbuf outbuf: Decrypts the data in inbuf and writes the result into outbuf. Both buffers must have the same size. It is not allowed to pass the same buffer as inbuf and outbuf.

The function returns true on success, and false if a problem is detected.

In order to decrypt long texts, it is allowed to call decrypt several times in sequence.

val mac : scipher_ctx -> string

Returns the MAC for AEAD ciphers. This is updated after encrypt/decrypt. This function fails for non-AEAD ciphers.

This web site is published by Informatikbüro Gerd Stolpmann
Powered by Caml