KCAPI_AEAD_STREAM_IN(3) | Programming Interface | KCAPI_AEAD_STREAM_IN(3) |
kcapi_aead_stream_init_dec - start a decryption operation (stream)
ssize_t kcapi_aead_stream_init_dec(struct kcapi_handle * handle, const uint8_t * iv, struct iovec * iov, size_t iovlen);
handle
iv
iov
iovlen
A stream decryption operation is started with this call. Multiple successive kcapi_aead_stream_update function calls can be invoked to send more ciphertext data to be encrypted. The kernel buffers the input until kcapi_aead_stream_op picks up the decrypted data. Once ciphertext is decrypted during the kcapi_aead_stream_op it is removed from the kernel buffer.
Note, unlike the corresponding symmetric cipher API, the function calls of kcapi_aead_stream_update and kcapi_aead_stream_op cannot be mixed! This due to the nature of AEAD where the cipher operation ensures the integrity of the entire data (decryption) or calculates a message digest over the entire data (encryption).
When using the stream API, the caller must ensure that data is sent in the correct order (regardless whether data is sent in multiple chunks using kcapi_aead_stream_init_enc or kcapi_cipher_stream_update): (i) the complete associated data must be provided, followed by (ii) the plaintext. For decryption, also (iii) the tag value must be sent.
The IV buffer must be exactly kcapi_cipher_ivsize bytes in size.
return number of bytes sent to the kernel upon success; a negative errno-style error code if an error occurred
Stephan Mueller <smueller@chronox.de>
February 2022 | libkcapi Manual 1.4.0 |