No mode specified. This should not be used. The only exception is that if Libgcrypt is not used in FIPS mode and if any debug flag has been set, this mode may be used to bypass the actual encryption.
Electronic Codebook mode.
Cipher Feedback mode. For GCRY_CIPHER_MODE_CFB the shift size equals the block size of the cipher (e.g. for AES it is CFB-128). For GCRY_CIPHER_MODE_CFB8 the shift size is 8 bit but that variant is not yet available.
Cipher Block Chaining mode.
Stream mode, only to be used with stream cipher algorithms.
Output Feedback mode.
This mode is used to implement the AES-Wrap algorithm according to
RFC-3394. It may be used with any 128 bit block length algorithm,
however the specs require one of the 3 AES algorithms. These special
conditions apply: If
gcry_cipher_setiv has not been used the
standard IV is used; if it has been used the lower 64 bit of the IV
are used as the Alternative Initial Value. On encryption the provided
output buffer must be 64 bit (8 byte) larger than the input buffer;
in-place encryption is still allowed. On decryption the output buffer
may be specified 64 bit (8 byte) shorter than then input buffer. As
per specs the input length must be at least 128 bits and the length
must be a multiple of 64 bits.
Counter with CBC-MAC mode is an Authenticated Encryption with Associated Data (AEAD) block cipher mode, which is specified in ’NIST Special Publication 800-38C’ and RFC 3610.
Galois/Counter Mode (GCM) is an Authenticated Encryption with Associated Data (AEAD) block cipher mode, which is specified in ’NIST Special Publication 800-38D’.
This mode implements the Poly1305 Authenticated Encryption with Associated Data (AEAD) mode according to RFC-7539. This mode can be used with ChaCha20 stream cipher.
OCB is an Authenticated Encryption with Associated Data (AEAD) block
cipher mode, which is specified in RFC-7253. Supported tag lengths
are 128, 96, and 64 bit with the default being 128 bit. To switch to
a different tag length
gcry_cipher_ctl using the command
GCRYCTL_SET_TAGLEN and the address of an
set to 12 (for 96 bit) or 8 (for 64 bit) provided for the
buffer argument and
Note that the use of
gcry_cipher_final is required.
XEX-based tweaked-codebook mode with ciphertext stealing (XTS) mode is used to implement the AES-XTS as specified in IEEE 1619 Standard Architecture for Encrypted Shared Storage Media and NIST SP800-38E.
The XTS mode requires doubling key-length, for example, using 512-bit
key with AES-256 (
GCRY_CIPHER_AES256). The 128-bit tweak value
is feed to XTS mode as little-endian byte array using
gcry_cipher_setiv function. When encrypting or decrypting,
full-sized data unit buffers needs to be passed to
gcry_cipher_decrypt. The tweak
value is automatically incremented after each call of
Auto-increment allows avoiding need of setting IV between processing
of sequential data units.