bearssl_aead.h - OpenGrok cross reference for /freebsd-src/contrib/bearssl/inc/bearssl

Lines Matching +full:compute +full:-
51  *   - A symmetric key. Exact size depends on the AEAD algorithm.
53  *   - A nonce (IV). Size depends on the AEAD algorithm; for most
58  *   - Data to encrypt and protect.
60  *   - Additional authenticated data, which is covered by the MAC but
77  *   - `br_xxx_init()`
85  *   - `br_xxx_reset()`
90  *   - `br_xxx_aad_inject()`
95  *   - `br_xxx_flip()`
101  *   - `br_xxx_run()`
107  *   - `br_xxx_get_tag()`
109  *     Compute the authentication tag. All message data (encrypted or
114  *   - `br_xxx_check_tag()`
122  *   - Encryption does not expand the size of the ciphertext; there is
125  *   - The additional authenticated data must be processed first,
128  *   - Nonce, plaintext and additional authenticated data all consist
139  * ## Object-Oriented API
146  *   - `reset`
151  *   - `aad_inject`
155  *   - `flip`
160  *   - `get_tag`
164  *   - `check_tag`
240 	 * been called on the context. If `encrypt` is non-zero, then
248 	 * \param encrypt   non-zero for encryption, zero for decryption.
256 	 * \brief Compute authentication tag.
258 	 * Compute the AEAD authentication tag. The tag length depends
269 	 * `check_tag()` function may be used to compute and check the
280 	 * \brief Compute and check authentication tag.
299 	 * \brief Compute authentication tag (with truncation).
314 	 * \brief Compute and check authentication tag (with truncation).
336  *   - Any block cipher with 16-byte blocks can be used with GCM.
338  *   - The nonce can have any length, from 0 up to 2^64-1 bits; however,
339  *     96-bit nonces (12 bytes) are recommended (nonces with a length
343  *   - Additional authenticated data may have length up to 2^64-1 bits.
345  *   - Message length may range up to 2^39-256 bits at most.
347  *   - The authentication tag has length 16 bytes.
375  * is provided. The block cipher MUST use 16-byte blocks in CTR mode,
400  * arbitrary length (up to 2^64-1 bits), but the "normal" length is
415  * the maximum total size of additional authenticated data is 2^64-1
440  * has been called on the context. If `encrypt` is non-zero, then the
445  * total length for data is 2^39-256 bits, i.e. about 65 gigabytes.
448  * \param encrypt   non-zero for encryption, zero for decryption.
455  * \brief Compute GCM authentication tag.
457  * Compute the GCM authentication tag. The tag is a 16-byte value which
467  * compute and check the tag value.
475  * \brief Compute and check GCM authentication tag.
491  * \brief Compute GCM authentication tag (with truncation).
497  * forgeries easier; NIST SP 800-38D specifies that the tag length shall
515  * compute and check the tag value.
524  * \brief Compute and check GCM authentication tag (with truncation).
554  * CBC-MAC using the same block cipher and the same key, to provide
557  *   - Any block cipher with 16-byte blocks can be used with EAX
562  *   - The nonce can have any length, as long as nonce values are
566  *   - Additional authenticated data length is unlimited.
568  *   - Message length is unlimited.
570  *   - The authentication tag has length 16 bytes.
600  * for lower per-message overhead. Captured values do not depend on
613  * structure, is provided. The block cipher MUST use 16-byte blocks in
614  * CTR + CBC-MAC mode, and its secret key MUST have been already set in
626  * \brief Capture pre-AAD state.
628  * This function precomputes key-dependent data, and stores it in the
661  * \brief Reset an EAX context with a pre-AAD captured state.
664  * previously captured state structure for lower per-message overhead.
678  * \param st      pre-AAD captured state.
686  * \brief Reset an EAX context with a post-AAD captured state.
689  * previously captured state structure for lower per-message overhead.
699  * \param st      post-AAD captured state.
736  * AAD-specific MAC value into the provided state. The MAC value depends
747 	memcpy(st->st[1], ctx->head, sizeof ctx->head);  in br_eax_get_aad_mac()
754  * has been called on the context. If `encrypt` is non-zero, then the
761  * \param encrypt   non-zero for encryption, zero for decryption.
768  * \brief Compute EAX authentication tag.
770  * Compute the EAX authentication tag. The tag is a 16-byte value which
780  * compute and check the tag value.
788  * \brief Compute and check EAX authentication tag.
804  * \brief Compute EAX authentication tag (with truncation).
810  * forgeries easier; NIST SP 800-38D specifies that the tag length shall
828  * compute and check the tag value.
837  * \brief Compute and check EAX authentication tag (with truncation).
867  * CBC-MAC using the same block cipher and the same key, to provide
870  *   - Any block cipher with 16-byte blocks can be used with CCM
875  *   - The authentication tag length, and plaintext length, MUST be
880  *   - The nonce length is constrained between 7 and 13 bytes (inclusive).
882  *     15-nonceLen bytes; thus, if the nonce has length 13 bytes, then
885  *   - Additional authenticated data length is practically unlimited
888  *   - The authentication tag has length 4 to 16 bytes (even values only).
912  * structure, is provided. The block cipher MUST use 16-byte blocks in
913  * CTR + CBC-MAC mode, and its secret key MUST have been already set in
938  * be exact. Moreover, that length MUST be less than 2^(8*(15-nonce_len)).
999  * has been called on the context. If `encrypt` is non-zero, then the
1008  * \param encrypt   non-zero for encryption, zero for decryption.
1015  * \brief Compute CCM authentication tag.
1017  * Compute the CCM authentication tag. This call terminates the CCM
1031  * compute and check the tag value.
1040  * \brief Compute and check CCM authentication tag.