.Fa nb_blocks
× 1024 bytes big, and suitably aligned for 64-bit integers.
.Fn malloc
-will yield a suitable chunk of memory on platforms that support 64-bit types
-(e.g. int64_t or IEEE double precision floats).
+will yield a suitable chunk of memory.
.Pp
The work area is automatically wiped by
.Fn crypto_argon2i .
.Pp
To select the nb_blocks and nb_iterations parameters, it should first be
decided how long the computation should take.
-For user authentication, somewhere between half a second (convenient)
-and several seconds (paranoid) is a good starting point.
+For user authentication, we recommend somewhere between half a second
+(convenient) and several seconds (paranoid).
The computation should use as much memory as can be spared.
.Pp
Since parameter selection depends on your hardware, some trial and error
first.
If using all available memory is not slow enough, increase
.Fa nb_iterations .
-.El
.Sh RETURN VALUES
This function returns nothing.
.Sh EXAMPLES
The MAC is intended to be sent along with the ciphertext.
.It Fa plain_text
The secret message.
-Its content will be kept hidden from attackers.
+Its contents will be kept hidden from attackers.
Its length however, will
.Em not .
-Be careful when combining encryption with compression. See
+Be careful when combining encryption with compression.
+See
.Xr intro 3monocypher
for details.
.It Fa cipher_text
so it gets authenticated, and should be extracted from the end of the
message when decrypting.
Otherwise an attacker could provide a false length, effectively moving
-the boundary between the additional data and the ciphertext. This may
-cause buffer overflows in some programs.
+the boundary between the additional data and the ciphertext.
+This may cause buffer overflows in some programs.
.El
.Pp
An incremental interface is available; see
Corruption can happen because of transmission errors, programmer
error, or an attacker's interference.
.Fa plain_text
-does not need wiping if the decryption fails.
+does not need to be wiped if the decryption fails.
.Sh EXAMPLES
Encryption:
.Bd -literal -offset indent
uint8_t *plain_text; /* Secret message */
if (crypto_unlock(plain_text, key, nonce, mac,
cipher_text, text_size)) {
- /* The message is corrupted */
- /* Wipe key if it is no longer needed */
- /* and abort the decryption */
+ /* The message is corrupted.
+ * Wipe key if it is no longer needed,
+ * and abort the decryption.
+ */
crypto_wipe(key, 32);
}
/* Wipe secrets if they are no longer needed */
uint8_t *text; /* Message to decrypt */
size_t text_size; /* Message size (NOT secret) */
if (crypto_unlock(text, key, nonce, mac, text, text_size)) {
- /* The message is corrupted */
- /* Wipe key if it is no longer needed */
- /* and abort the decryption */
+ /* The message is corrupted.
+ * Wipe key if it is no longer needed,
+ * and abort the decryption.
+ */
crypto_wipe(key, 32);
}
/* Wipe secrets if they are no longer needed */
projects / Monocypher.git / commitdiff