merge

[plan9front.git] / sys / man / 2 / aes

diff --git a/sys/man/2/aes b/sys/man/2/aes
index caae336308125ee7f55309cba578c048d48b9fd4..5afda84e5545b45f9afbeb64e545008403345d38 100644 (file)
--- a/sys/man/2/aes
+++ b/sys/man/2/aes
@@ -1,6 +1,6 @@
 .TH AES 2
 .SH NAME
-setupAESstate, aesCBCencrypt, aesCBCdecrypt, aesCTRencrypt, aesCTRdecrypt, setupAESXCBCstate, aesXCBCmac - advanced encryption standard (rijndael)
+setupAESstate, aesCBCencrypt, aesCBCdecrypt, setupAESXCBCstate, aesXCBCmac, setupAESGCMstate - advanced encryption standard (rijndael)
 .SH SYNOPSIS
 .B #include <u.h>
 .br
@@ -28,16 +28,22 @@ void        aesCBCencrypt(uchar *p, int len, AESstate *s)
 void   aesCBCdecrypt(uchar *p, int len, AESstate *s)
 .PP
 .B
-void   aesCTRencrypt(uchar *p, int len, AESstate *s)
+void   setupAESXCBCstate(AESstate *s)
 .PP
 .B
-void   aesCTRdecrypt(uchar *p, int len, AESstate *s)
+void   aesXCBCmac(uchar *p, int len, AESstate *s)
 .PP
 .B
-void   setupAESXCBCstate(AESstate *s)
+void   setupAESGCMstate(AESGCMstate *s, uchar *key, int keylen, uchar *iv, int ivlen)
 .PP
 .B
-void   aesXCBCmac(uchar *p, int len, AESstate *s)
+void   aesgcm_setiv(AESGCMstate *s, uchar *iv, int ivlen)
+.PP
+.B
+void   aesgcm_encrypt(uchar *dat, ulong ndat, uchar *aad, ulong naad, uchar tag[16], AESGCMstate *s)
+.PP
+.B
+int    aesgcm_decrypt(uchar *dat, ulong ndat, uchar *aad, ulong naad, uchar tag[16], AESGCMstate *s)
 .SH DESCRIPTION
 AES (a.k.a. Rijndael) has replaced DES as the preferred
 block cipher.
@@ -52,15 +58,27 @@ are the block ciphers, corresponding to
 and
 .I aesCBCdecrypt
 implement cipher-block-chaining encryption.
-.I AesCTRencrypt
-and
-.I aesCTRdecrypt
-implement counter mode, per RFC 3686;
-they are identical operations.
-.I setupAESXCBCstate
+.I SetupAESXCBCstate
 and
 .I aesXCBCmac
 implement AES XCBC message authentication, per RFC 3566.
+.IR SetupAESGCMstate ,
+.IR aesgcm_setiv ,
+.I aesgcm_encrypt
+and
+.I aesgcm_decrypt
+implement Galois/Counter Mode (GCM) authenticated encryption with associated data (AEAD).
+Before encryption or decryption, a new initialization vector (nonce) has to be set with
+.I aesgcm_setiv
+or by calling
+.I setupAESGCMstate
+with non-zero
+.I iv
+and
+.I ivlen
+arguments.
+Aesgcm_decrypt returns zero when authentication and decryption where successfull and
+non-zero otherwise.
 All ciphering is performed in place.
 .I Keybytes
 should be 16, 24, or 32.
@@ -93,9 +111,13 @@ in
 The functions
 .IR aes_encrypt ,
 .IR aes_decrypt ,
-.IR aesCTRencrypt ,
-.IR aesCTRdecrypt ,
 .IR setupAESXCBCstate ,
 and
 .IR aesXCBCmac
 have not yet been verified by running test vectors through them.
+.PP
+Because of the way that non-multiple-of-16 buffers are handled,
+.I aesCBCdecrypt
+must be fed buffers of the same size as the
+.I aesCBCencrypt
+calls that encrypted it.