Next: , Previous: , Up: Symmetric cryptography   [Contents][Index]


5.2 Available cipher modes

GCRY_CIPHER_MODE_NONE

No mode specified. This should not be used. The only exception is that if Libgcrypt is not used in FIPS mode and if any debug flag has been set, this mode may be used to bypass the actual encryption.

GCRY_CIPHER_MODE_ECB

Electronic Codebook mode.

GCRY_CIPHER_MODE_CFB
GCRY_CIPHER_MODE_CFB8

Cipher Feedback mode. For GCRY_CIPHER_MODE_CFB the shift size equals the block size of the cipher (e.g. for AES it is CFB-128). For GCRY_CIPHER_MODE_CFB8 the shift size is 8 bit but that variant is not yet available.

GCRY_CIPHER_MODE_CBC

Cipher Block Chaining mode.

GCRY_CIPHER_MODE_STREAM

Stream mode, only to be used with stream cipher algorithms.

GCRY_CIPHER_MODE_OFB

Output Feedback mode.

GCRY_CIPHER_MODE_CTR

Counter mode.

GCRY_CIPHER_MODE_AESWRAP

This mode is used to implement the AES-Wrap algorithm according to RFC-3394. It may be used with any 128 bit block length algorithm, however the specs require one of the 3 AES algorithms. These special conditions apply: If gcry_cipher_setiv has not been used the standard IV is used; if it has been used the lower 64 bit of the IV are used as the Alternative Initial Value. On encryption the provided output buffer must be 64 bit (8 byte) larger than the input buffer; in-place encryption is still allowed. On decryption the output buffer may be specified 64 bit (8 byte) shorter than then input buffer. As per specs the input length must be at least 128 bits and the length must be a multiple of 64 bits.

GCRY_CIPHER_MODE_CCM

Counter with CBC-MAC mode is an Authenticated Encryption with Associated Data (AEAD) block cipher mode, which is specified in ’NIST Special Publication 800-38C’ and RFC 3610.

GCRY_CIPHER_MODE_GCM

Galois/Counter Mode (GCM) is an Authenticated Encryption with Associated Data (AEAD) block cipher mode, which is specified in ’NIST Special Publication 800-38D’.

GCRY_CIPHER_MODE_POLY1305

This mode implements the Poly1305 Authenticated Encryption with Associated Data (AEAD) mode according to RFC-7539. This mode can be used with ChaCha20 stream cipher.

GCRY_CIPHER_MODE_OCB

OCB is an Authenticated Encryption with Associated Data (AEAD) block cipher mode, which is specified in RFC-7253. Supported tag lengths are 128, 96, and 64 bit with the default being 128 bit. To switch to a different tag length gcry_cipher_ctl using the command GCRYCTL_SET_TAGLEN and the address of an int variable set to 12 (for 96 bit) or 8 (for 64 bit) provided for the buffer argument and sizeof(int) for buflen.

Note that the use of gcry_cipher_final is required.

GCRY_CIPHER_MODE_XTS

XEX-based tweaked-codebook mode with ciphertext stealing (XTS) mode is used to implement the AES-XTS as specified in IEEE 1619 Standard Architecture for Encrypted Shared Storage Media and NIST SP800-38E.

The XTS mode requires doubling key-length, for example, using 512-bit key with AES-256 (GCRY_CIPHER_AES256). The 128-bit tweak value is feed to XTS mode as little-endian byte array using gcry_cipher_setiv function. When encrypting or decrypting, full-sized data unit buffers needs to be passed to gcry_cipher_encrypt or gcry_cipher_decrypt. The tweak value is automatically incremented after each call of gcry_cipher_encrypt and gcry_cipher_decrypt. Auto-increment allows avoiding need of setting IV between processing of sequential data units.


Next: , Previous: , Up: Symmetric cryptography   [Contents][Index]