17.2 Symmetric Encryption Subsystem Architecture

The interface to work with symmetric encryption algorithms is made up of functions from the gcry_cipher_ name space. The implementation follows the open-use-close paradigm and uses registered algorithm modules for the actual work. Unless a module implements optimized cipher mode implementations, the high level code (cipher/cipher.c) implements the modes and calls the core algorithm functions to process each block.

The most important functions are:

gcry_cipher_open

Create a new instance to encrypt or decrypt using a specified algorithm and mode.

gcry_cipher_close

Release an instance.

gcry_cipher_setkey

Set a key to be used for encryption or decryption.

gcry_cipher_setiv

Set an initialization vector to be used for encryption or decryption.

gcry_cipher_encrypt

gcry_cipher_decrypt

Encrypt or decrypt data. These functions may be called with arbitrary amounts of data and as often as needed to encrypt or decrypt all data.

There is no strict alignment requirements for data, but the best performance can be archived if data is aligned to cacheline boundary.

There are also functions to query properties of algorithms or context, like block length, key length, map names or to enable features like padding methods.