/usr/lib/ocaml/netsys/netsys_ciphers.mli is in libocamlnet-ocaml-dev 4.1.2-3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 | (* $Id$ *)
(** Symmetric cryptographic ciphers *)
type padding =
[ `None
| `Length
| `_8000
| `CTS
]
(** Padding schemes:
- [`None]: no padding. The text to encrypt/decrypt must be a multiple
of [block_constraint] bytes
- [`Length]: Pad the last block with n bytes of code n
- [`_8000]: Pad with one byte 0x80 and as many zeros as needed to fill
the block (this may add one or two blocks)
- [`CTS]: Use "Ciphertext Stealing". There is a minimum length of the
message to encrypt of two blocks.
*)
class type cipher_ctx =
object
method padding : padding
(** The padding scheme of the cipher *)
method block_constraint : int
(** The buffers used with encrypt/decrypt must have a length that is a
multiple of this number. (In ECB mode this is the
block size.)
This value doesn't take padding into account.
*)
method supports_aead : bool
(** Whether this cipher integrates authentication *)
method set_iv : string -> unit
(** Sets the initialization vector (this must be done before starting
the encryption or decryption).
*)
method set_header : string -> unit
(** Sets the header to authenticate for AEAD (this must be done before
starting the encryption or decryption).
*)
method encrypt : last:bool ->
Netsys_types.memory -> Netsys_types.memory -> int * int
(** [let n_in, n_out = encrypt ~last inbuf outbuf]:
Encrypts the text in [inbuf] and
writes the result to [outbuf]. The returned numbers indicate how
much data was processed: the first [n_in] bytes of [inbuf] are
encrypted, and the first [n_out] bytes of [outbuf] are filled with
ciphertext.
This function can be called several
times to encrypt a larger text. [last] should be set for the last
call.
The sizes of [inbuf] and [outbuf] must be at least one block
in order to produce non-zero ([n_in],[n_out]). (For `CTS only:
two blocks.)
*)
method decrypt : last:bool ->
Netsys_types.memory -> Netsys_types.memory -> int * int
(** [let n_in, n_out = decrypt ~last inbuf outbuf]:
Decrypts the text in [inbuf] and
writes the result to [outbuf]. The returned numbers indicate how
much data was processed: the first [n_in] bytes of [inbuf] are
decrypted, and the first [n_out] bytes of [outbuf] are filled with
plaintext.
This function can be called several
times to decrypt a larger text. [last] should be set for the last
call.
The sizes of [inbuf] and [outbuf] must be at least one block
in order to produce non-zero ([n_in],[n_out]). (For `CTS only:
two blocks.)
On error, the method fails.
*)
method encrypt_bytes : Bytes.t -> Bytes.t
(** Encrypts this string as a whole *)
method encrypt_string : string -> string
(** Encrypts this string as a whole *)
method decrypt_bytes : Bytes.t -> Bytes.t
(** Decrypts this string as a whole *)
method decrypt_string : string -> string
(** Decrypts this string as a whole *)
method mac : unit -> string
(** Returns the MAC for AEAD ciphers. Can first be called after the
encryption/decryption is complete. This function fails for non-AEAD
ciphers.
*)
end
class type cipher =
object
method name : string
(** The name of the cipher *)
method mode : string
(** The mode of the cipher *)
method key_lengths : (int * int) list
(** Supported key lengths as pairs [min,max]. If there is a recommended
key length, this is the first.
*)
method iv_lengths : (int * int) list
(** Supported iv lengths as pairs [min,max]. If there is a recommended
iv length, this is the first.
*)
method block_constraint : int
(** The buffers used with encrypt/decrypt must have a length that is a
multiple of this number. (In ECB mode this is the
block size.)
*)
method supports_aead : bool
(** Whether this cipher integrates authentication *)
method create : string -> padding -> cipher_ctx
(** [create c p key]: create a new cipher context for [key]. If not set,
the initialization vector is assumed to be zero, and the header the
empty string.
The cipher context can be used for either encrypting or decrypting a
single message.
*)
end
(** The following functions use the current crypto module (as retrieved by
{!Netsys_crypto.current_symmetric_crypto}), unless the [impl] argument is
passed.
*)
val ciphers : ?impl:(module Netsys_crypto_types.SYMMETRIC_CRYPTO) ->
unit -> cipher list
(** List of supported ciphers *)
val find : ?impl:(module Netsys_crypto_types.SYMMETRIC_CRYPTO) ->
(string * string) ->
cipher
(** [find (name,mode)]: get the cipher [name] in the passed [mode].
The name conventionally follows the [<uppercasestring>-<size>] format,
e.g. "AES-128" or "TWOFISH-128".
Modes are "ECB", "CBC", "OFB", "CTR", "STREAM", "GCM". Not every cipher
is available in every mode.
*)
val process_subbytes :
(last:bool -> Netsys_types.memory -> Netsys_types.memory -> int * int) ->
Bytes.t -> int -> int -> Bytes.t
(** [process_subbytes p s pos len]: If [p] is [encrypt] or [decrypt] from
a [cipher_ctx], [p] will be called to submit the data from string [s],
starting at position [pos] and length [len].
The encrypted or decrypted string is returned.
*)
val process_substring :
(last:bool -> Netsys_types.memory -> Netsys_types.memory -> int * int) ->
string -> int -> int -> string
(** [process_substring p s pos len]: Same for immutable strings.
*)
val process_bytes :
(last:bool -> Netsys_types.memory -> Netsys_types.memory -> int * int) ->
Bytes.t -> Bytes.t
(** [process_bytes p s]: If [p] is [encrypt] or [decrypt] from
a [cipher_ctx], [p] will be called to submit the data from string [s].
The encrypted or decrypted string is returned.
*)
val process_string :
(last:bool -> Netsys_types.memory -> Netsys_types.memory -> int * int) ->
string -> string
(** [process_string p s]: same for immutable strings. *)
|