Gcrypt: Mozart binding for libgcrypt

Some parts are copied from the libgcrypt documentation.

Publik key cryptography is currently not supported.

Symmetric cryptography

{New Gcrypt.cipher init(Algo Mode flags:Flags<=nil) ?Cipher}

Create a new symmetric cipher object.

Algo

An atom denoting the encryption algorithm to use. Use Gcrypt.cipherAlgorithms to obtain a list of known algorithms and Gcrypt.cipherAlgoIsAvailable to check availability (for example, IDEA is known but unavailable because it is patented).

Mode

An atom denoting the encryption mode to use. Use Gcrypt.cipherModes to obtain a list of known modes.

Flags

A list of atoms denoting the flags to use. Use Gcrypt.cipherFlags to obtain a list of known flags. The flags have the following meaning:

secure

Use secure, i.e. non-swapped, memory for keys. Currently not supported, it is unclear if it is feasible with Mozart.

enableSync

This flag enables the CFB sync mode, which is a special feature of Libgcrypt's CFB mode implementation to allow for OpenPGP's CFB variant. See sync.

cbcCts

Enable cipher text stealing (CTS) for the CBC mode. Cannot be used simultaneous with cbcMac.

cbcMac

Compute CBC-MAC keyed checksums. This is the same as CBC mode, but only output the last block. Cannot be used simultaneous with cbcCts.

Cipher objects support the following methods:

setkey(Key)

Set the key. Key must be a virtual string of key length.

setiv(Iv)

Set the initialization vector. Iv must be a virtual string of block length.

setctr(Ctr)

Set the counter. Ctr must be a virtual string of block length.

encrypt(In ?Out)

Encrypt data. In must be a virtual string of multiple block length.

decrypt(In ?Out)

Decrypt data. In must be a virtual string of multiple block length.

close

Close the cipher and release any resources used. Any further use will raise an exception.

reset

Reset the cipher to its state after init.

sync

Sync, whatever that means.

isSecure(?Bool)

Check whether keys are allocated in secure memory. Currently faked.

Gcrypt.cipherAlgorithms

The list of cipher algorithms.

Gcrypt.cipherModes

The list of cipher modes.

Gcrypt.cipherFlags

The list of cipher flags.

{Gcrypt.cipherAlgoIsAvailable Algo ?Bool}

Check whether a cipher algorithm is available.

{Gcrypt.cipherAlgoGetKeylen Algo ?Len}

Get the key length in bytes of an algorithm.

{Gcrypt.cipherAlgoGetBlklen Algo ?Len}

Get the block length in bytes of an algorithm.

Message digests

{New Gcrypt.messageDigest init(Spec flags:Flags<=nil) ?Md}

Create a new message digest object.

Spec

Either an atom denoting the message digest algorithm to use, or a list of such atoms to use several algorithms in parallel. Use Gcrypt.messageDigestAlgorithms to obtain a list of algorithms.

Flags

A list of atoms denoting the flags to use. Use Gcrypt.messageDigestFlags to obtain a list of known flags. The flags have the following meaning:

secure

Use secure, i.e. non-swapped, memory for keys. Currently not supported, it is unclear if it is feasible with Mozart.

hmac

Turn the algorithm into a HMAC message authentication algorithm. This does only work if just one algorithm is used and SHA-384 and SHA512 is not used. Note that the setkey method must be used set the MAC key. If you want CBC message authentication codes based on a cipher, see the cbcMac flag for symmetric ciphers.

MessageDigest objects support the following methods:

setkey(Key)

Set the key for HMAC message authentication. Key must be a virtual string.

write(VS)

Pass VS to the message digest computation.

read(?Result)

Finish the computation and get the result. Depending on the value of Spec used for initialization this is either a single virtual string containing the message digest, or a list of virtual strings if Spec was a list.

close

Close the messageDigest and release any resources used. Any further use will raise an exception.

reset

Reset the messageDigest to its state after init.

copy(?Md)

Copy the current state of the message digest to a second, independent one.

isSecure(?Bool)

Check whether keys are allocated in secure memory. Currently faked.

Gcrypt.messageDigestAlgorithms

The list of message digest algorithms.

Gcrypt.messageDigestFlags

The list of message digest algorithms.

{Gcrypt.hash Spec Flags Key VS ?Digest}

Compute the message digest of VS.

Random numbers

Gcrypt.randomLevels

The list of quality levels for the random numbers:

strong

Use for session keys.

veryStrong

Use for important keys.

{Gcrypt.randomCreate Len Level ?Random}

Create a virtual string of Len random bytes at the specified quality level.

{Gcrypt.randomCreateNonce Len ?Random}

Create a virtual string of Len random bytes that should be arbitrary but are not kept secret, e.g. nonces. This uses a separate random number generator in order to better protect the confidentiality of the secure random number generator.