ADC Home > Reference Library > Reference > Mac OS X > Mac OS X Man Pages

 

This document is a Mac OS X manual page. Manual pages are a command-line technology for providing documentation. You can view these manual pages locally using the man(1) command. These manual pages come from many different sources, and thus, have a variety of writing styles.

For more information about the manual page format, see the manual page for manpages(5).



CCCryptor(3cc)                       LOCAL                      CCCryptor(3cc)

NAME
     CCCryptorCreate, CCryptorCreateFromData, CCCryptorRelease, CCCryptorUpdate, CCCryptorFinal,
     CCCryptorGetOutputLength, CCCryptorReset, CCCrypt -- Common Cryptographic Algorithm Interfaces

LIBRARY
     These functions are found in libSystem.

SYNOPSIS
     #include <CommonCrypto/CommonCryptor.h>

     CCCryptorStatus
     CCCryptorCreate(CCOperation op, CCAlgorithm alg, CCOptions options, const void *key, size_t keyLength,
         const void *iv, CCCryptorRef *cryptorRef);

     CCCryptorStatus
     CCCryptorCreateFromData(CCOperation op, CCAlgorithm alg, CCOptions options, const void *key,
         size_t keyLength, const void *iv, const void *data, size_t dataLength, CCCryptorRef *cryptorRef,
         size_t *dataUsed);

     CCCryptorStatus
     CCCryptorRelease(CCCryptorRef cryptorRef);

     CCCryptorStatus
     CCCryptorUpdate(CCCryptorRef cryptorRef, const void *dataIn, size_t dataInLength, void *dataOut,
         size_t dataOutAvailable, size_t *dataOutMoved);

     CCCryptorStatus
     CCCryptorFinal(CCCryptorRef cryptorRef, void *dataOut, size_t dataOutAvailable, size_t *dataOutMoved);

     size_t
     CCCryptorGetOutputLength(CCCryptorRef cryptorRef, size_t inputLength, bool final);

     CCCryptorStatus
     CCCryptorReset(CCCryptorRef cryptorRef, const void *iv);

     CCCryptorStatus
     CCCrypt(CCOperation op, CCAlgorithm alg, CCOptions options, const void *key, size_t keyLength,
         const void *iv, const void *dataIn, size_t dataInLength, void *dataOut, size_t dataOutAvailable,
         size_t *dataOutMoved);

DESCRIPTION
     This interface provides access to a number of symmetric encryption algorithms. Symmetric encryption
     algorithms come in two "flavors" - block ciphers, and stream ciphers. Block ciphers process data (while
     both encrypting and decrypting) in discrete chunks of data called blocks; stream ciphers operate on
     arbitrary sized data.

     The object declared in this interface, CCCryptor, provides access to both block ciphers and stream
     ciphers with the same API; however some options are available for block ciphers that do not apply to
     stream ciphers.

     The general operation of a CCCryptor is: initialize it with raw key data and other optional fields with
     CCCryptorCreate(); process input data via one or more calls to CCCryptorUpdate(), each of which may
     result in output data being written to caller-supplied memory; and obtain possible remaining output
     data with CCCryptorFinal(). The CCCryptor is disposed of via CCCryptorRelease(), or it can be reused
     (with the same key data as provided to CCCryptorCreate()) by calling CCCryptorReset().

     CCCryptors can be dynamically allocated by this module, or their memory can be allocated by the caller.

     One option for block ciphers is padding, as defined in PKCS7; when padding is enabled, the total amount
     of data encrypted does not have to be an even multiple of the block size, and the actual length of
     plaintext is calculated during decryption.

     Another option for block ciphers is Cipher Block Chaining, known as CBC mode. When using CBC mode, an
     Initialization Vector (IV) is provided along with the key when starting an encrypt or decrypt opera-tion. operation.
     tion. If CBC mode is selected and no IV is provided, an IV of all zeroes will be used.

     CCCryptor also implements block bufferring, so that individual calls to CCCryptorUpdate() do not have
     to provide data whose length is aligned to the block size. (If padding is disabled, encrypting with
     block ciphers does require that the *total* length of data input to CCCryptorUpdate() call(s) be
     aligned to the block size.)

     A given CCCryptor can only be used by one thread at a time; multiple threads can use safely different
     CCCryptors at the same time.

     CCCryptorRef objects created with CCCryptorCreate() or CCCryptorCreateFromData() *may* be disposed of
     via CCCRyptorRelease() ; that call is not strictly necessary, but if it's not performed, good security
     practice dictates that the caller should zero the memory provided to create the CCCryptorRef when the
     caller is finished using the CCCryptorRef.

     CCCryptorUpdate() is used to encrypt or decrypt data.  This routine can be called multiple times. The
     caller does not need to align input data lengths to block sizes; input is bufferred as necessary for
     block ciphers.

     When performing symmetric encryption with block ciphers, and padding is enabled via
     kCCOptionPKCS7Padding, the total number of bytes provided by all the calls to this function when
     encrypting can be arbitrary (i.e., the total number of bytes does not have to be block aligned). How-ever However
     ever if padding is disabled, or when decrypting, the total number of bytes does have to be aligned to
     the block size; otherwise CCCryptFinal() will return kCCAlignmentError.

     A general rule for the size of the output buffer which must be provided by the caller is that for block
     ciphers, the output length is never larger than the input length plus the block size.  For stream
     ciphers, the output length is always exactly the same as the input length. See the discussion for
     CCCryptorGetOutputLength() for more information on this topic.

     CCCryptFinal() finishes encryption and decryption operations and obtains the final data output.  Except
     when kCCBufferTooSmall is returned, the CCCryptorRef can no longer be used for subsequent operations
     unless CCCryptorReset() is called on it.

     It is not necessary to call CCCryptorFinal() when performing symmetric encryption or decryption if pad-ding padding
     ding is disabled, or when using a stream cipher.

     It is not necessary to call CCCryptorFinal() prior to CCCryptorRelease() when aborting an operation.

     Use CCCryptorGetOutputLength() to determine output buffer size required to process a given input size.
     Some general rules apply that allow clients of this module to know a priori how much output buffer
     space will be required in a given situation. For stream ciphers, the output size is always equal to the
     input size, and CCCryptorFinal() never produces any data. For block ciphers, the output size will
     always be less than or equal to the input size plus the size of one block. For block ciphers, if the
     input size provided to each call to CCCryptorUpdate() is is an integral multiple of the block size,
     then the output size for each call to CCCryptorUpdate() is less than or equal to the input size for
     that call to CCCryptorUpdate().  CCCryptorFinal() only produces output when using a block cipher with
     padding enabled.

     CCCryptorReset() reinitializes an existing CCCryptorRef with a (possibly) new initialization vector.
     The key contained in the CCCryptorRef is unchanged. This function is not implemented for stream
     ciphers.  This can be called on a CCCryptorRef with data pending (i.e.  in a padded mode operation
     before CCCryptFinal() is called); however any pending data will be lost in that case.

     CCCrypt() is a stateless, one-shot encrypt or decrypt operation.  This basically performs a sequence of
     CCCrytorCreate(), CCCryptorUpdate(), CCCryptorFinal(), and CCCryptorRelease().

RETURN VALUES
     The following values may be returned as a status of type CCCryptorStatus.

     kCCSuccess - Operation completed normally.

     kCCParamError - Illegal parameter value.

     kCCBufferTooSmall - Insufficent buffer provided for specified operation.

     kCCMemoryFailure - Memory allocation failure.

     kCCAlignmentError - Input size was not aligned properly.

     kCCDecodeError - Input data did not decode or decrypt properly.

     kCCUnimplemented - Function not implemented for the current algorithm.

SEE ALSO
     CCHmac(3cc), CC_MD5(3cc), CC_SHA(3cc), CC_crypto(3cc)

STANDARDS
     AES:          Federal Information Processing Standard FIPS PUB 197 (Advanced Encryption Standard),

     DES:          Federal Information Processing Standard FIPS PUB 46-3 (Data Encryption Standard)

     3DES:         NIST Special PublicationPUB 800-67 (Recommendation for the Triple Data Encryption Algo-rithm Algorithm
                   rithm (TDEA) Block Cipher)

BSD                             March 22, 2007                             BSD

Did this document help you?
Yes: Tell us what works for you.
It’s good, but: Report typos, inaccuracies, and so forth.
It wasn’t helpful: Tell us what would have helped.