My Project
Functions
aes.h File Reference

Go to the source code of this file.

Functions

int wc_AesSetKey (Aes *aes, const byte *key, word32 len, const byte *iv, int dir)
 This function initializes an AES structure by setting the key and then setting the initialization vector. More...
 
int wc_AesSetIV (Aes *aes, const byte *iv)
 This function sets the initialization vector for a particular AES object. The AES object should be initialized before calling this function. More...
 
int wc_AesCbcEncrypt (Aes *aes, byte *out, const byte *in, word32 sz)
 Encrypts a plaintext message from the input buffer in, and places the resulting cipher text in the output buffer out using cipher block chaining with AES. This function requires that the AES object has been initialized by calling AesSetKey before a message is able to be encrypted. This function assumes that the input message is AES block length aligned, and expects the input length to be a multiple of the block length, which will optionally be checked and enforced if WOLFSSL_AES_CBC_LENGTH_CHECKS is defined in the build configuration. In order to assure block-multiple input, PKCS#7 style padding should be added beforehand. This differs from the OpenSSL AES-CBC methods which add the padding for you. To make the wolfSSL and corresponding OpenSSL functions interoperate, one should specify the -nopad option in the OpenSSL command line function so that it behaves like the wolfSSL AesCbcEncrypt method and does not add extra padding during encryption. More...
 
int wc_AesCbcDecrypt (Aes *aes, byte *out, const byte *in, word32 sz)
 Decrypts a cipher from the input buffer in, and places the resulting plain text in the output buffer out using cipher block chaining with AES. This function requires that the AES structure has been initialized by calling AesSetKey before a message is able to be decrypted. This function assumes that the original message was AES block length aligned, and expects the input length to be a multiple of the block length, which will optionally be checked and enforced if WOLFSSL_AES_CBC_LENGTH_CHECKS is defined in the build configuration. This differs from the OpenSSL AES-CBC methods, which add PKCS#7 padding automatically, and so do not require block-multiple input. To make the wolfSSL function and equivalent OpenSSL functions interoperate, one should specify the -nopad option in the OpenSSL command line function so that it behaves like the wolfSSL AesCbcEncrypt method and does not create errors during decryption. More...
 
int wc_AesCtrEncrypt (Aes *aes, byte *out, const byte *in, word32 sz)
 Encrypts/Decrypts a message from the input buffer in, and places the resulting cipher text in the output buffer out using CTR mode with AES. This function is only enabled if WOLFSSL_AES_COUNTER is enabled at compile time. The AES structure should be initialized through AesSetKey before calling this function. Note that this function is used for both decryption and encryption. NOTE: Regarding using same API for encryption and decryption. User should differentiate between Aes structures for encrypt/decrypt. More...
 
int wc_AesEncryptDirect (Aes *aes, byte *out, const byte *in)
 This function is a one-block encrypt of the input block, in, into the output block, out. It uses the key of the provided AES structure, which should be initialized with wc_AesSetKey before calling this function. wc_AesSetKey should have been called with the iv set to NULL. This is only enabled if the configure option WOLFSSL_AES_DIRECT is enabled. Warning: In nearly all use cases ECB mode is considered to be less secure. Please avoid using ECB API’s directly whenever possible. More...
 
int wc_AesDecryptDirect (Aes *aes, byte *out, const byte *in)
 This function is a one-block decrypt of the input block, in, into the output block, out. It uses the key of the provided AES structure, which should be initialized with wc_AesSetKey before calling this function. wc_AesSetKey should have been called with the iv set to NULL. This is only enabled if the configure option WOLFSSL_AES_DIRECT is enabled. Warning: In nearly all use cases ECB mode is considered to be less secure. Please avoid using ECB API’s directly whenever possible. More...
 
int wc_AesSetKeyDirect (Aes *aes, const byte *key, word32 len, const byte *iv, int dir)
 This function is used to set the AES keys for CTR mode with AES. It initializes an AES object with the given key, iv (initialization vector), and encryption dir (direction). It is only enabled if the configure option WOLFSSL_AES_DIRECT is enabled. Currently wc_AesSetKeyDirect uses wc_AesSetKey internally. Warning: In nearly all use cases ECB mode is considered to be less secure. Please avoid using ECB API’s directly whenever possible. More...
 
int wc_AesGcmSetKey (Aes *aes, const byte *key, word32 len)
 This function is used to set the key for AES GCM (Galois/Counter Mode). It initializes an AES object with the given key. It is only enabled if the configure option HAVE_AESGCM is enabled at compile time. More...
 
int wc_AesGcmEncrypt (Aes *aes, byte *out, const byte *in, word32 sz, const byte *iv, word32 ivSz, byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz)
 This function encrypts the input message, held in the buffer in, and stores the resulting cipher text in the output buffer out. It requires a new iv (initialization vector) for each call to encrypt. It also encodes the input authentication vector, authIn, into the authentication tag, authTag. More...
 
int wc_AesGcmDecrypt (Aes *aes, byte *out, const byte *in, word32 sz, const byte *iv, word32 ivSz, const byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz)
 This function decrypts the input cipher text, held in the buffer in, and stores the resulting message text in the output buffer out. It also checks the input authentication vector, authIn, against the supplied authentication tag, authTag. More...
 
int wc_GmacSetKey (Gmac *gmac, const byte *key, word32 len)
 This function initializes and sets the key for a GMAC object to be used for Galois Message Authentication. More...
 
int wc_GmacUpdate (Gmac *gmac, const byte *iv, word32 ivSz, const byte *authIn, word32 authInSz, byte *authTag, word32 authTagSz)
 This function generates the Gmac hash of the authIn input and stores the result in the authTag buffer. After running wc_GmacUpdate, one should compare the generated authTag to a known authentication tag to verify the authenticity of a message. More...
 
int wc_AesCcmSetKey (Aes *aes, const byte *key, word32 keySz)
 This function sets the key for an AES object using CCM (Counter with CBC-MAC). It takes a pointer to an AES structure and initializes it with supplied key. More...
 
int wc_AesCcmEncrypt (Aes *aes, byte *out, const byte *in, word32 inSz, const byte *nonce, word32 nonceSz, byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz)
 This function encrypts the input message, in, into the output buffer, out, using CCM (Counter with CBC-MAC). It subsequently calculates and stores the authorization tag, authTag, from the authIn input. More...
 
int wc_AesCcmDecrypt (Aes *aes, byte *out, const byte *in, word32 inSz, const byte *nonce, word32 nonceSz, const byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz)
 This function decrypts the input cipher text, in, into the output buffer, out, using CCM (Counter with CBC-MAC). It subsequently calculates the authorization tag, authTag, from the authIn input. If the authorization tag is invalid, it sets the output buffer to zero and returns the error: AES_CCM_AUTH_E. More...
 
int wc_AesXtsSetKey (XtsAes *aes, const byte *key, word32 len, int dir, void *heap, int devId)
 This is to help with setting keys to correct encrypt or decrypt type. It is up to user to call wc_AesXtsFree on aes key when done. More...
 
int wc_AesXtsEncryptSector (XtsAes *aes, byte *out, const byte *in, word32 sz, word64 sector)
 Same process as wc_AesXtsEncrypt but uses a word64 type as the tweak value instead of a byte array. This just converts the word64 to a byte array and calls wc_AesXtsEncrypt. More...
 
int wc_AesXtsDecryptSector (XtsAes *aes, byte *out, const byte *in, word32 sz, word64 sector)
 Same process as wc_AesXtsDecrypt but uses a word64 type as the tweak value instead of a byte array. This just converts the word64 to a byte array. More...
 
int wc_AesXtsEncrypt (XtsAes *aes, byte *out, const byte *in, word32 sz, const byte *i, word32 iSz)
 AES with XTS mode. (XTS) XEX encryption with Tweak and cipher text Stealing. More...
 
int wc_AesXtsDecrypt (XtsAes *aes, byte *out, const byte *in, word32 sz, const byte *i, word32 iSz)
 Same process as encryption but Aes key is AES_DECRYPTION type. More...
 
int wc_AesXtsFree (XtsAes *aes)
 This is to free up any resources used by the XtsAes structure. More...
 
int wc_AesInit (Aes *aes, void *heap, int devId)
 Initialize Aes structure. Sets heap hint to be used and ID for use with async hardware. More...
 
int wc_AesCfbEncrypt (Aes *aes, byte *out, const byte *in, word32 sz)
 AES with CFB mode. More...
 
int wc_AesCfbDecrypt (Aes *aes, byte *out, const byte *in, word32 sz)
 AES with CFB mode. More...
 
int wc_AesSivEncrypt (const byte *key, word32 keySz, const byte *assoc, word32 assocSz, const byte *nonce, word32 nonceSz, const byte *in, word32 inSz, byte *siv, byte *out)
 This function performs SIV (synthetic initialization vector) encryption as described in RFC 5297. More...
 
int wc_AesSivDecrypt (const byte *key, word32 keySz, const byte *assoc, word32 assocSz, const byte *nonce, word32 nonceSz, const byte *in, word32 inSz, byte *siv, byte *out)
 This function performs SIV (synthetic initialization vector) decryption as described in RFC 5297. More...