Next: Working with cipher handles, Previous: Available ciphers, Up: Symmetric cryptography [Contents][Index]
GCRY_CIPHER_MODE_NONENo mode specified. This should not be used. The only exception is that if Libgcrypt is not used in FIPS mode and if any debug flag has been set, this mode may be used to bypass the actual encryption.
GCRY_CIPHER_MODE_ECBElectronic Codebook mode.
GCRY_CIPHER_MODE_CFBGCRY_CIPHER_MODE_CFB8Cipher Feedback mode. For GCRY_CIPHER_MODE_CFB the shift size equals
the block size of the cipher (e.g. for AES it is CFB-128). For
GCRY_CIPHER_MODE_CFB8 the shift size is 8 bits but that variant is not
yet available.
GCRY_CIPHER_MODE_CBCCipher Block Chaining mode.
GCRY_CIPHER_MODE_STREAMStream mode, only to be used with stream cipher algorithms.
GCRY_CIPHER_MODE_OFBOutput Feedback mode.
GCRY_CIPHER_MODE_CTRCounter mode.
GCRY_CIPHER_MODE_AESWRAPThis mode is used to implement the AES-Wrap algorithm according to
RFC-3394. It may be used with any 128 bit block length algorithm,
however the specs require one of the 3 AES algorithms. These special
conditions apply: If gcry_cipher_setiv has not been used, the
standard IV is used; if it has been used, the lower 64 bits of the IV
are used as the Alternative Initial Value. On encryption the provided
output buffer must be 64 bits (8 bytes) larger than the input buffer;
in-place encryption is still allowed. On decryption the output buffer
may be specified 64 bits (8 bytes) shorter than then input buffer. As
per specs the input length must be at least 128 bits and the length
must be a multiple of 64 bits.
GCRY_CIPHER_MODE_CCMCounter with CBC-MAC mode is an Authenticated Encryption with Associated Data (AEAD) block cipher mode, which is specified in ’NIST Special Publication 800-38C’ and RFC 3610.
GCRY_CIPHER_MODE_GCMGalois/Counter Mode (GCM) is an Authenticated Encryption with Associated Data (AEAD) block cipher mode, which is specified in ’NIST Special Publication 800-38D’.
GCRY_CIPHER_MODE_POLY1305This mode implements the Poly1305 Authenticated Encryption with Associated Data (AEAD) mode according to RFC-8439. This mode can be used with ChaCha20 stream cipher.
GCRY_CIPHER_MODE_OCBOCB is an Authenticated Encryption with Associated Data (AEAD) block
cipher mode, which is specified in RFC-7253. Supported tag lengths
are 128, 96, and 64 bits with the default being 128 bits. To switch to
a different tag length, gcry_cipher_ctl using the command
GCRYCTL_SET_TAGLEN and the address of an int variable
set to 12 (for 96 bits) or 8 (for 64 bits) provided for the
buffer argument and sizeof(int) for buflen.
Note that the use of gcry_cipher_final is required.
GCRY_CIPHER_MODE_XTSXEX-based tweaked-codebook mode with ciphertext stealing (XTS) mode is used to implement the AES-XTS as specified in IEEE 1619 Standard Architecture for Encrypted Shared Storage Media and NIST SP800-38E.
The XTS mode requires doubling key-length, for example, using 512-bit
key with AES-256 (GCRY_CIPHER_AES256). The 128-bit tweak value
is feed to XTS mode as little-endian byte array using
gcry_cipher_setiv function. When encrypting or decrypting,
full-sized data unit buffers needs to be passed to
gcry_cipher_encrypt or gcry_cipher_decrypt. The tweak
value is automatically incremented after each call of
gcry_cipher_encrypt and gcry_cipher_decrypt.
Auto-increment allows avoiding need of setting IV between processing
of sequential data units.
GCRY_CIPHER_MODE_EAXEAX is an Authenticated Encryption with Associated Data (AEAD) block cipher mode by Bellare, Rogaway, and Wagner (see http://web.cs.ucdavis.edu/~rogaway/papers/eax.html).
GCRY_CIPHER_MODE_SIVSynthetic Initialization Vector (SIV) is an Authenticated Encryption with Associated Data (AEAD) block cipher mode, which is specified in RFC-5297. This mode works with block ciphers with block size of 128 bits and uses tag length of 128 bits. Depending on how it is used, SIV achieves either the goal of deterministic authenticated encryption or the goal of nonce-based, misuse-resistant authenticated encryption.
The SIV mode requires doubling key-length, for example, using 512-bit
key with AES-256 (GCRY_CIPHER_AES256). Multiple AD instances can
be passed to SIV mode with separate calls to
gcry_cipher_authenticate. Nonce may be passed either through
gcry_cipher_setiv or in the last call to
gcry_cipher_authenticate. Note that use of gcry_cipher_setiv
blocks any further calls to gcry_cipher_authenticate as nonce needs
to be the last AD element with the SIV mode. When encrypting or decrypting,
full-sized plaintext or ciphertext needs to be passed to
gcry_cipher_encrypt or gcry_cipher_decrypt. Decryption tag
needs to be given to SIV mode before decryption using
gcry_cipher_set_decryption_tag.
GCRY_CIPHER_MODE_GCM_SIVThis mode implements is GCM-SIV Authenticated Encryption with Associated Data (AEAD) block cipher mode specified in RFC-5297 (AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption). This implementations works with block ciphers with block size of 128 bits and uses tag length of 128 bits. Supported key lengths by the mode are 128 bits and 256 bits. GCM-SIV is specified as nonce misuse resistant, so that it does not fail catastrophically if a nonce is repeated.
When encrypting or decrypting, full-sized plaintext or ciphertext
needs to be passed to gcry_cipher_encrypt or
gcry_cipher_decrypt. Decryption tag needs to be given to
GCM-SIV mode before decryption using gcry_cipher_set_decryption_tag.
Next: Working with cipher handles, Previous: Available ciphers, Up: Symmetric cryptography [Contents][Index]