Provided by: libkcapi-dev_1.0.3-2_amd64 
NAME
kcapi_aead_decrypt - synchronously decrypt AEAD data (one shot)
SYNOPSIS
int32_t kcapi_aead_decrypt(struct kcapi_handle * handle, const uint8_t * in,
uint32_t inlen, const uint8_t * iv, uint8_t * out,
uint32_t outlen, int access);
ARGUMENTS
handle
[in] cipher handle
in
[in] ciphertext data buffer
inlen
[in] length of in buffer
iv
[in] IV to be used for cipher operation
out
[out] plaintext data buffer
outlen
[in] length of out buffer
access
[in] kernel access type (KCAPI_ACCESS_HEURISTIC - use internal heuristic for fastest
kernel access; KCAPI_ACCESS_VMSPLICE use vmsplice access; KCAPI_ACCESS_SENDMSG sendmsg
access)
DESCRIPTION
The AEAD cipher operation requires the furnishing of the associated authentication data.
In case such data is not required, it can be set to NULL and length value must be set to
zero.
It is perfectly legal to use the same buffer as the plaintext and ciphertext pointers.
That would mean that after the encryption operation, the ciphertext is overwritten with
the plaintext.
The memory should be aligned at the page boundary using
posix_memalign(sysconf(_SC_PAGESIZE)), If it is not aligned at the page boundary, the
vmsplice call may not send all data to the kernel.
The IV buffer must be exactly kcapi_cipher_ivsize bytes in size.
To catch authentication errors (i.e. integrity violations) during the decryption
operation, the return value of this call should be checked. If this function returns
-EBADMSG, an authentication error was detected.
IMPORTANT NOTE
The kernel will only process sysconf(_SC_PAGESIZE) * ALG_MAX_PAGES at one time. Longer
input data cannot be handled by the kernel.
return number of bytes decrypted upon success; a negative errno-style error code if an
error occurred
AUTHOR
Stephan Mueller <smueller@chronox.de>
Author.