1KCAPI_AEAD_STREAM_IN(3)      Programming Interface     KCAPI_AEAD_STREAM_IN(3)
2
3
4

NAME

6       kcapi_aead_stream_init_dec - start a decryption operation (stream)
7

SYNOPSIS

9       ssize_t kcapi_aead_stream_init_dec(struct kcapi_handle * handle,
10                                          const uint8_t * iv,
11                                          struct iovec * iov, size_t iovlen);
12

ARGUMENTS

14       handle
15           [in] cipher handle
16
17       iv
18           [in] IV to be used for cipher operation
19
20       iov
21           [in] scatter/gather list with data to be encrypted. This is the
22           pointer to the first iov entry if an array of iov entries is
23           supplied. See sendmsg(2) for details on how iov is to be used. This
24           pointer may be NULL if no data to be encrypted is available at the
25           point of the call.
26
27       iovlen
28           [in] number of scatter/gather list elements. If iov is NULL, this
29           value must be zero.
30

DESCRIPTION

32       A stream decryption operation is started with this call. Multiple
33       successive kcapi_aead_stream_update function calls can be invoked to
34       send more ciphertext data to be encrypted. The kernel buffers the input
35       until kcapi_aead_stream_op picks up the decrypted data. Once ciphertext
36       is decrypted during the kcapi_aead_stream_op it is removed from the
37       kernel buffer.
38
39       Note, unlike the corresponding symmetric cipher API, the function calls
40       of kcapi_aead_stream_update and kcapi_aead_stream_op cannot be mixed!
41       This due to the nature of AEAD where the cipher operation ensures the
42       integrity of the entire data (decryption) or calculates a message
43       digest over the entire data (encryption).
44
45       When using the stream API, the caller must ensure that data is sent in
46       the correct order (regardless whether data is sent in multiple chunks
47       using kcapi_aead_stream_init_enc or kcapi_cipher_stream_update): (i)
48       the complete associated data must be provided, followed by (ii) the
49       plaintext. For decryption, also (iii) the tag value must be sent.
50
51       The IV buffer must be exactly kcapi_cipher_ivsize bytes in size.
52
53       return number of bytes sent to the kernel upon success; a negative
54       errno-style error code if an error occurred
55

AUTHOR

57       Stephan Mueller <smueller@chronox.de>
58           Author.
59
61libkcapi Manual 1.3.1              July 2021           KCAPI_AEAD_STREAM_IN(3)
Impressum