VMS Help  —  ENCRYPT Routine, ENCRYPT$DECRYPT routine
    Decrypts the next record of ciphertext according to the algorithm
    specified in the ENCRYPT$INIT call.

    Format

      ENCRYPT$DECRYPT  context, input, output [,output-length] [,p1]

1  –  Arguments

 context

    type:      longword integer (signed)
    access:    write only
    mechanism: by reference
    Context area initialized when ENCRYPT$INIT completes execution.
    The context argument is the address of a longword of unspecified
    interpretation that is used to convey context between encryption
    operations.

 input

    type:      char_string
    access:    read only
    mechanism: by descriptor
    Ciphertext record that ENCRYPT$DECRYPT is to decrypt. The input
    argument is the address of a descriptor pointing to a byte-
    aligned buffer containing the input record to the decryption
    operation.

 output

    type:      char_string
    access:    write only
    mechanism: by descriptor
    Plaintext record that results when ENCRYPT$DECRYPT completes
    execution. The output argument is the address of a descriptor
    pointing to a byte-aligned padding buffer that will contain the
    output record from the decryption operation.

    If the descriptor is dynamic and insufficient space is allocated
    to contain the output record, storage will be allocated from
    dynamic memory. If insufficient space exists to contain the
    output of the operation, then an error status is returned.

    The ENCRYPT$DECRYPT routine adjusts the length of the output
    descriptor, if possible, to reflect the actual length of the
    output string. If the descriptor type is not DSC$K_DTYPE_VS
    (varying string), DSC$K_DTYPE_V (varying), or DSC$K_DTYPE_D
    (dynamic), the routine takes the actual output count from the
    output-length argument.

    The output buffer must be able to accommodate a padded block to
    an increment of the block length. For AES this is 16 bytes and
    for DES, eight bytes.

 output-length

    type:      word integer
    access:    write only
    mechanism: by reference
    Optional argument.

    Number of bytes that ENCRYPT$DECRYPT wrote to the output buffer.
    The output-length argument is the address of a word containing
    the number of bytes written to the output buffer, including any
    bytes of pad characters generated by the selected algorithm to
    meet length requirements of the input buffer, if any. Output
    length does not count padding in the case of a fixed-length
    string.

    Some encryption algorithms have specific requirements for the
    length of the input and output strings. In particular, DESECB
    and DESCBC pad input data with from 1 to 7 bytes to form complete
    64-bit blocks for operation. The values of the pad characters are
    indeterminate.

    When you decrypt fewer than 8 bytes, present the full 8 bytes
    resulting from the ENCRYPT$ENCRYPT to ENCRYPT$DECRYPT. Retain the
    byte count of the input data in order to strip trailing pad bytes
    after a subsequent decryption operation. Note that the AES block
    mode algorithms (AESCBCxxx and AESECBxxx), pad the data to even
    16 byte block boundaries. For AES, one byte encrypts and decrypts
    to 16 bytes, 72 bytes to 80, and so forth. The AES padding
    character is a HEX number of bytes indicating the number of bytes
    padded, for example, the one byte encrypted pad would decrypt to
    15 characters of 0F following the one decrypted byte of data. For
    the 72 bytes of data, eight bytes of padding characters (08 08
    ... 08), would follow the 72 bytes of decrypted data. DESECB and
    DESCBC modes always pad with characters of zeros. The character
    stream modes (AESCFBxxx, AESOFBxxx, DESCFB), do not pad the data,
    so the output-length will match the actual number of data bytes.

 p1

    type:      quadword[1](DES), quadword[2](AES)
    access:    read only
    mechanism: by reference
    Optional argument. The p1 argument is the address of a quadword
    initialization vector used to seed the two modes of the DES
    algorithm for which it is applicable (DESECB and DESCFB). (That
    is, the DES IV initialization vector is a quadword reference, to
    an eight byte value.)

    For AES, the optional P1 argument for the AES IV initialization
    vector is a reference to a 16 byte (two quadwords) value.

    If this argument is omitted, the initialization vector used is
    the residue of the previous use of the specified context block.
    ENCRYPT$INIT initializes the context block with an initialization
    vector of zero.
Close Help