139 lines
3.1 KiB
Text
139 lines
3.1 KiB
Text
.TH AES 2
|
|
.SH NAME
|
|
setupAESstate, aesCBCencrypt, aesCBCdecrypt, aesCFBencrypt, aesCFBdecrypt, aesOFBencrypt, setupAESXCBCstate, aesXCBCmac, setupAESGCMstate - advanced encryption standard (rijndael)
|
|
.SH SYNOPSIS
|
|
.B #include <u.h>
|
|
.br
|
|
.B #include <libc.h>
|
|
.br
|
|
.B #include <mp.h>
|
|
.br
|
|
.B #include <libsec.h>
|
|
.PP
|
|
.in +0.5i
|
|
.ti -0.5i
|
|
.B
|
|
void aes_encrypt(ulong rk[], int Nr, uchar pt[16], uchar ct[16]);
|
|
.PP
|
|
.B
|
|
void aes_decrypt(ulong rk[], int Nr, uchar ct[16], uchar pt[16]);
|
|
.PP
|
|
.B
|
|
void setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec)
|
|
.PP
|
|
.B
|
|
void aesCBCencrypt(uchar *p, int len, AESstate *s)
|
|
.PP
|
|
.B
|
|
void aesCBCdecrypt(uchar *p, int len, AESstate *s)
|
|
.PP
|
|
.B
|
|
void aesCFBencrypt(uchar *p, int len, AESstate *s)
|
|
.PP
|
|
.B
|
|
void aesCFBdecrypt(uchar *p, int len, AESstate *s)
|
|
.PP
|
|
.B
|
|
void aesOFBencrypt(uchar *p, int len, AESstate *s)
|
|
.PP
|
|
.B
|
|
void setupAESXCBCstate(AESstate *s)
|
|
.PP
|
|
.B
|
|
void aesXCBCmac(uchar *p, int len, AESstate *s)
|
|
.PP
|
|
.B
|
|
void setupAESGCMstate(AESGCMstate *s, uchar *key, int keylen, uchar *iv, int ivlen)
|
|
.PP
|
|
.B
|
|
void aesgcm_setiv(AESGCMstate *s, uchar *iv, int ivlen)
|
|
.PP
|
|
.B
|
|
void aesgcm_encrypt(uchar *dat, ulong ndat, uchar *aad, ulong naad, uchar tag[16], AESGCMstate *s)
|
|
.PP
|
|
.B
|
|
int aesgcm_decrypt(uchar *dat, ulong ndat, uchar *aad, ulong naad, uchar tag[16], AESGCMstate *s)
|
|
.SH DESCRIPTION
|
|
AES (a.k.a. Rijndael) has replaced DES as the preferred
|
|
block cipher.
|
|
.I Aes_encrypt
|
|
and
|
|
.I aes_decrypt
|
|
are the block ciphers, corresponding to
|
|
.IR des (2)'s
|
|
.IR block_cipher .
|
|
.IR AesCBCencrypt ,
|
|
and
|
|
.I aesCBCdecrypt
|
|
implement cipher-block-chaining encryption.
|
|
.IR AesCFBencrypt ,
|
|
.I aesCFBdecrypt
|
|
and
|
|
.I aesOFBencrypt
|
|
implement cipher-feedback- and output-feedback-mode
|
|
stream cipher encryption.
|
|
.IR SetupAESstate
|
|
is used to initialize the state of the above encryption modes.
|
|
.I SetupAESXCBCstate
|
|
and
|
|
.I aesXCBCmac
|
|
implement AES XCBC message authentication, per RFC 3566.
|
|
.IR SetupAESGCMstate ,
|
|
.IR aesgcm_setiv ,
|
|
.I aesgcm_encrypt
|
|
and
|
|
.I aesgcm_decrypt
|
|
implement Galois/Counter Mode (GCM) authenticated encryption with associated data (AEAD).
|
|
Before encryption or decryption, a new initialization vector (nonce) has to be set with
|
|
.I aesgcm_setiv
|
|
or by calling
|
|
.I setupAESGCMstate
|
|
with non-zero
|
|
.I iv
|
|
and
|
|
.I ivlen
|
|
arguments.
|
|
Aesgcm_decrypt returns zero when authentication and decryption where successfull and
|
|
non-zero otherwise.
|
|
All ciphering is performed in place.
|
|
.I Keybytes
|
|
should be 16, 24, or 32.
|
|
The initialization vector
|
|
.I ivec
|
|
of
|
|
.I AESbsize
|
|
bytes should be random enough to be unlikely to be reused
|
|
but does not need to be
|
|
cryptographically strongly unpredictable.
|
|
.SH SOURCE
|
|
.B /sys/src/libsec
|
|
.SH SEE ALSO
|
|
.I aescbc
|
|
in
|
|
.IR secstore (1),
|
|
.IR mp (2),
|
|
.IR blowfish (2),
|
|
.IR des (2),
|
|
.IR dsa (2),
|
|
.IR elgamal (2),
|
|
.IR rc4 (2),
|
|
.IR rsa (2),
|
|
.IR sechash (2),
|
|
.IR prime (2),
|
|
.IR rand (2)
|
|
.br
|
|
.B http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
|
|
.SH BUGS
|
|
The functions
|
|
.IR aes_encrypt ,
|
|
.IR aes_decrypt ,
|
|
.IR setupAESXCBCstate ,
|
|
and
|
|
.IR aesXCBCmac
|
|
have not yet been verified by running test vectors through them.
|
|
.PP
|
|
Because of the way that non-multiple-of-16 buffers are handled,
|
|
.I aesCBCdecrypt
|
|
must be fed buffers of the same size as the
|
|
.I aesCBCencrypt
|
|
calls that encrypted it.
|