From 5c1afc882cb8cf533048dde508bcf8117244f361 Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@felloff.net>
Date: Mon, 30 Oct 2017 03:04:05 +0100
Subject: aes(2): document aes_xts_encrypt() and aes_xts_decrypt() functions

---
 sys/man/2/aes | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/sys/man/2/aes b/sys/man/2/aes
index 72b285a8a..19849657c 100644
--- a/sys/man/2/aes
+++ b/sys/man/2/aes
@@ -1,6 +1,16 @@
 .TH AES 2
 .SH NAME
-setupAESstate, aesCBCencrypt, aesCBCdecrypt, aesCFBencrypt, aesCFBdecrypt, aesOFBencrypt, setupAESXCBCstate, aesXCBCmac, setupAESGCMstate - advanced encryption standard (rijndael)
+setupAESstate, \
+aesCBCencrypt, \
+aesCBCdecrypt, \
+aesCFBencrypt, \
+aesCFBdecrypt, \
+aesOFBencrypt, \
+aes_xts_encrypt, aes_xts_decrypt, \
+setupAESXCBCstate, aesXCBCmac, \
+setupAESGCMstate, \
+aesgcm_setiv, aesgcm_encrypt, aesgcm_decrypt \
+- advanced encryption standard (rijndael)
 .SH SYNOPSIS
 .B #include <u.h>
 .br
@@ -37,6 +47,12 @@ void	aesCFBdecrypt(uchar *p, int len, AESstate *s)
 void	aesOFBencrypt(uchar *p, int len, AESstate *s)
 .PP
 .B
+void	aes_xts_encrypt(AESstate *tweak, AESstate *ecb, uvlong sectorNumber, uchar *input, uchar *output, ulong len)
+.PP
+.B
+void	aes_xts_decrypt(AESstate *tweak, AESstate *ecb, uvlong sectorNumber, uchar *input, uchar *output, ulong len)
+.PP
+.B
 void	setupAESXCBCstate(AESstate *s)
 .PP
 .B
@@ -72,6 +88,10 @@ and
 .I aesOFBencrypt
 implement cipher-feedback- and output-feedback-mode
 stream cipher encryption.
+.I Aes_xts_encrypt
+and
+.I aes_xts_decrypt
+implement the XTS-AES tweakable block cipher, per IEEE 1619-2017 (see bugs below).
 .IR SetupAESstate
 is used to initialize the state of the above encryption modes.
 .I SetupAESXCBCstate
@@ -137,3 +157,10 @@ Because of the way that non-multiple-of-16 buffers are handled,
 must be fed buffers of the same size as the
 .I aesCBCencrypt
 calls that encrypted it.
+.PP
+The functions
+.I aes_xts_encrypt
+an
+.I aes_xts_decrypt
+abort on a non-multiple-of-16 length as ciphertext stealing
+is not implemented.
-- 
cgit v1.2.3