For DES, the following algorithms are valid:
o DESCBC (default)
o DESECB
o DESCFB
For AES, the following algorithms are valid:
o Cipher block chaining:
AESCBC128 (default)
AESCBC192
AESCBC256
o Electronic code book:
AESECB128
AESECB192
AESECB256
o Cipher feedback:
AESCFB128
AESCFB192
AESCFB256
o Output feedback:
AESOFB128
AESOFB192
AESOFB256
key-type
type: longword logical unsigned
access: read only
mechanism: by reference
Code specifying how ENCRYPT$INIT is to interpret the key-name
argument. The key-type argument is the address of an unsigned
longword indicating whether key-name is the name of the key or
the key value. If you specify:
Key-type as 0 ENCRYPT$INIT interprets key-name as a descriptor
pointing to the key name string.
Key-type as 1 ENCRYPT$INIT interprets key-name as the
descriptor for the value of the key to be used.
key-name
type: char_string
access: read only
mechanism: by descriptor
Key that ENCRYPT$INIT passes to the selected encryption routine.
The key-name argument is the address of a character string
descriptor containing the name of the key or the address of the
actual key value. ENCRYPT$INIT interprets this argument based on
the value of key-type. If this argument is:
The key name Actual key value is retrieved from key storage
by the selected encryption routine.
A key value It is stored with a temporary name, which is
passed to the selected encryption routine.
If the key-name argument is used to specify a key value (that
is, if key-type has been specified as 1), the key-name string
descriptor type field determines whether the key value is to be
treated as a char_string or as a binary value to be used exactly
as specified.
If the descriptor type is DSC$K_DTYPE_T (char_string), DSC$K_
DTYPE_VT (varying char_string), or DSC$K_DTYPE_Z (unspecified),
the value is treated as a text string to be compressed for DES
key values. ASCII compression converts lowercase characters to
uppercase, only A-Z, 0-9, $, . (period), and _ (underscore) are
allowed. Other characters are converted to spaces, and the extra
spaces are removed. AES ASCII key values are not subject to ASCII
compression, allowing any 8-bit ASCII character.
All other descriptor types are treated as though the key value is
to be used exactly as specified.
NOTE
The key name descriptors of type DSC$K_DTYPE_T, DSC$K_DTYPE_
VT, and DSC$K_DTYPE_Z all specify that the key value should
be compressed. For OpenVMS V8.3, this functionality applies
only to DES, not AES. AES keys are not compressed.
p1
type: quadword[1] (DES), quadword[2] (AES)
access: read only
mechanism: by reference
Optional argument. The p1 argument is the address of a quadword
initialization vector used to seed the three modes of the DES
algorithm that uses an initialization vector. These modes
are: DESCBC (default), DESCFB, and DESMAC. That is, the DES IV
initialization vector is a quadword reference, to an eight byte
value.
For AES, the optional P1 argument for the AES IV initialization
vector is a reference to a 16 byte (two quadwords) value.
If you omit this argument, the initialization vector used is
the residue of the previous use of the specified context block.
ENCRYPT$INIT initializes the context block with an initialization
vector of zero.
13 – ENCRYPT$STATISTICS
Gains access to the statistics maintained by the Encryption
software.
Format
ENCRYPT$STATISTICS context, code, destination, return-length
13.1 – Arguments
context
type: longword
access: read only
mechanism: by reference
Context area initialized by ENCRYPT$INIT. The context argument
is the address of a longword initialized by the ENCRYPT$INIT
routine.
code
type: longword
access: read only
mechanism: by reference
Code specifying the desired statistic. The code argument is the
address of a longword containing the code. The only accepted
value is 1, which indicates that ENCRYPT$STATISTICS is to return
all statistics to the destination buffer.
destination
type: char_string
access: write only
mechanism: by descriptor
Buffer into which ENCRYPT$STATISTICS places the statistics.
The destination argument is the address of a string descriptor
describing the buffer. Ensure that the destination buffer is at
least 20 bytes long and contains:
o One longword indicating the number of times the primitive has
been entered referencing this encryption stream
o One quadword indicating the total bytes processed for this
stream
o One quadword indicating the total CPU time, in OpenVMS time
format, spent on processing requests for this stream
return-length
type: longword
access: write only
mechanism: by reference
Number of bytes written to the destination buffer. The return-
length argument is the address of a word containing the number of
bytes.