NAME
setupAESstate, aesCBCencrypt, aesCBCdecrypt, aesCFBencrypt, aesCFBdecrypt,
aesOFBencrypt, aes_xts_encrypt, aes_xts_decrypt, setupAESGCMstate,
aesgcm_setiv, aesgcm_encrypt, aesgcm_decrypt – advanced encryption
standard (rijndael) |
SYNOPSIS
#include <u.h> #include <libc.h> #include <mp.h> #include <libsec.h>
void aes_encrypt(ulong rk[], int Nr, uchar pt[16], uchar ct[16]) void aes_decrypt(ulong rk[], int Nr, uchar ct[16], uchar pt[16]) void setupAESstate(AESstate *s, uchar key[], int nkey, uchar *ivec) void aesCBCencrypt(uchar *p, int len, AESstate *s) void aesCBCdecrypt(uchar *p, int len, AESstate *s) void aesCFBencrypt(uchar *p, int len, AESstate *s) void aesCFBdecrypt(uchar *p, int len, AESstate *s) void aesOFBencrypt(uchar *p, int len, AESstate *s) void aes_xts_encrypt(AESstate *tweak, AESstate *ecb, uvlong sectorNumber, uchar *input, uchar *output, ulong len) void aes_xts_decrypt(AESstate *tweak, AESstate *ecb, uvlong sectorNumber, uchar *input, uchar *output, ulong len) void setupAESGCMstate(AESGCMstate *s, uchar *key, int keylen, uchar *iv, int ivlen) void aesgcm_setiv(AESGCMstate *s, uchar *iv, int ivlen) void aesgcm_encrypt(uchar *dat, ulong ndat, uchar *aad, ulong naad, uchar tag[16], AESGCMstate *s)
int aesgcm_decrypt(uchar *dat, ulong ndat, uchar *aad, ulong naad,
uchar tag[16], AESGCMstate *s) |
DESCRIPTION
AES (a.k.a. Rijndael) has replaced DES as the preferred block
cipher. Aes_encrypt and aes_decrypt are the block ciphers, corresponding
to des(2)'s block_cipher. AesCBCencrypt and aesCBCdecrypt implement
cipher–block–chaining encryption. AesCFBencrypt, aesCFBdecrypt and
aesOFBencrypt implement cipher–
feedback– and output–feedback–mode stream cipher encryption. Aes_xts_encrypt
and aes_xts_decrypt implement the XTS–AES tweakable block cipher,
per IEEE 1619–2017 (see bugs below). SetupAESstate is used to initialize
the state of the above encryption modes. The expanded roundkey
parameters rk and Nr of
aes_encrypt and aes_decrypt are returned in AESstate.ekey and
AESstate.dkey with the corresponding number of rounds in AESstate.rounds.
SetupAESGCMstate, aesgcm_setiv, aesgcm_encrypt and aesgcm_decrypt
implement Galois/Counter Mode (GCM) authenticated encryption with
associated data (AEAD). Before
encryption or decryption, a new initialization vector (nonce)
has to be set with aesgcm_setiv or by calling setupAESGCMstate
with non–zero iv and ivlen arguments. Aesgcm_decrypt returns zero
when authentication and decryption where successfull and non–zero
otherwise. All ciphering is performed in place. The byte
keysize nkey should be 16, 24, or 32. The initialization vector
ivec of AESbsize bytes should be random enough to be unlikely
to be reused but does not need to be cryptographically strongly
unpredictable. |
SOURCE
/sys/src/libsec |
SEE ALSO
aescbc in secstore(1), mp(2), blowfish(2), des(2), dsa(2), elgamal(2),
rc4(2), rsa(2), sechash(2), prime(2), rand(2) http://csrc.nist.gov/publications/fips/fips197/fips–197.pdf |
BUGS
Because of the way that non–multiple–of–16 buffers are handled, aesCBCdecrypt
must be fed buffers of the same size as the aesCBCencrypt calls
that encrypted it.
The functions aes_xts_encrypt an aes_xts_decrypt abort on a non–multiple–of–16
length as ciphertext stealing is not implemented. |