VMS Help  —  ENCRYPT Routine, ENCRYPT$ENCRYPT routine, Arguments
 context

    type:      longword integer (signed)
    access:    write only
    mechanism: by reference
    Context area initialized when ENCRYPT$INIT completes execution.
    The context argument is the address of a longword of unspecified
    interpretation that is used to convey context between encryption
    operations.

 input

    type:      char_string
    access:    read only
    mechanism: by descriptor
    Plaintext record to encrypt. The input argument is the address
    of a descriptor pointing to a byte-aligned buffer containing the
    input record to the encryption operation.

 output

    type:      char_string
    access:    write only by descriptor
    mechanism:
    Ciphertext record that results when ENCRYPT$ENCRYPT completes
    execution. The output argument is the address of a descriptor
    pointing to a byte-aligned buffer that will contain the output
    record from the encryption operation.

    If the descriptor is dynamic and insufficient space is allocated
    to contain the output record, storage is allocated from dynamic
    memory.

    ENCRYPT$ENCRYPT adjusts the length of the output descriptor,
    if possible, to reflect the actual length of the output string.
    If the descriptor type is not DSC$K_DTYPE_VS (varying string),
    DSC$K_DTYPE_V (varying), or DSC$K_DTYPE_D (dynamic), the routine
    takes the actual output count from the output-length argument.

    The output buffer must be able to accommodate a padded block to
    an increment of the block length. For AES this is 16 bytes and
    for DES, 8 bytes.

 output-length

    type:      word integer
    access:    write only
    mechanism: by reference
    Optional argument. Number of bytes that ENCRYPT$ENCRYPT wrote to
    the output buffer. The output-length argument is the address of a
    word containing the number of bytes written to the output buffer.

    Some encryption algorithms have specific requirements for the
    length of the input and output strings. In particular, DESECB
    and DESCBC pad input data with from 1 to 7 bytes to form complete
    64-bit blocks for operation. The values of the pad characters are
    indeterminate.

    When you decrypt fewer than 8 bytes, preserve and present to
    ENCRYPT$DECRYPT the full 8 bytes resulting from ENCRYPT$ENCRYPT.
    Retain the byte count of the input data in order to strip
    trailing pad bytes after a subsequent decryption operation.

    Note that the AES block mode algorithms (AESCBCxxx and AESECBxxx)
    pad the data to even 16 byte block boundaries. For AES, one byte
    encrypts and decrypts to 16 bytes, 72 bytes to 80, and so forth.
    The AES padding character is a HEX number of bytes indicating the
    number of bytes padded. For example, the one-byte encrypted pad
    would decrypt to 15 characters of 0F following the one encrypted
    byte of data. For the 72 bytes of data, eight bytes of padding
    characters (08 08 ... 08), would follow the 72 bytes of encrypted
    data. DESECB and DESCBC modes always pad with characters of
    zeros. The character stream modes (AESCFBxxx, AESOFBxxx, DESCFB).
    In order that the output-length will match the actual number of
    data bytes, do not pad the data.

 p1

    type:      quadword[1] (DES), quadword[2] (AES)
    access:    read only
    mechanism: by reference
    Optional argument. The p1 argument is the address of a quadword
    initialization vector used to seed the three modes (DESECB,
    DESCFB, and DESMAC) of the DES algorithm for which it is
    applicable. The DES IV initialization vector is a quadword
    reference, to an eight byte value.

    For AES, the optional P1 argument for the AES IV initialization
    vector is a reference to a 16 byte (two quadwords) value.

    If you omit this argument, the initialization vector used is
    the residue of the previous use of the specified context block.
    ENCRYPT$INIT initializes the context block with an initialization
    vector of zero.
Close Help