Data Structures | Typedefs | Enumerations | Functions | Variables
aes.h File Reference

Go to the source code of this file.

Data Structures

struct  Aes
 
struct  XtsAes
 
struct  Gmac
 

Typedefs

typedef struct Aes Aes
 
typedef struct XtsAes XtsAes
 
typedef struct Gmac Gmac
 
typedef int(* wc_AesAuthEncryptFunc) (Aes *aes, byte *out, const byte *in, word32 sz, const byte *iv, word32 ivSz, byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz)
 
typedef int(* wc_AesAuthDecryptFunc) (Aes *aes, byte *out, const byte *in, word32 sz, const byte *iv, word32 ivSz, const byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz)
 

Enumerations

enum  {
  AES_ENC_TYPE = WC_CIPHER_AES, AES_ENCRYPTION = 0, AES_DECRYPTION = 1, AES_BLOCK_SIZE = 16,
  KEYWRAP_BLOCK_SIZE = 8, GCM_NONCE_MAX_SZ = 16, GCM_NONCE_MID_SZ = 12, GCM_NONCE_MIN_SZ = 8,
  CCM_NONCE_MIN_SZ = 7, CCM_NONCE_MAX_SZ = 13, CTR_SZ = 4, AES_IV_FIXED_SZ = 4,
  AES_MAX_ID_LEN = 32
}
 

Functions

WOLFSSL_API int wc_AesSetKey (Aes *aes, const byte *key, word32 len, const byte *iv, int dir)
 This function initializes an AES structure by setting the key and then setting the initialization vector. More...
 
WOLFSSL_API int wc_AesSetIV (Aes *aes, const byte *iv)
 This function sets the initialization vector for a particular AES object. The AES object should be initialized before calling this function. More...
 
WOLFSSL_API int wc_AesCbcEncrypt (Aes *aes, byte *out, const byte *in, word32 sz)
 Encrypts a plaintext message from the input buffer in, and places the resulting cipher text in the output buffer out using cipher block chaining with AES. This function requires that the AES object has been initialized by calling AesSetKey before a message is able to be encrypted. This function assumes that the input message is AES block length aligned. PKCS#7 style padding should be added beforehand. This differs from the OpenSSL AES-CBC methods which add the padding for you. To make the wolfSSL function and equivalent OpenSSL functions interoperate, one should specify the -nopad option in the OpenSSL command line function so that it behaves like the wolfSSL AesCbcEncrypt method and does not add extra padding during encryption. More...
 
WOLFSSL_API int wc_AesCbcDecrypt (Aes *aes, byte *out, const byte *in, word32 sz)
 Decrypts a cipher from the input buffer in, and places the resulting plain text in the output buffer out using cipher block chaining with AES. This function requires that the AES structure has been initialized by calling AesSetKey before a message is able to be decrypted. This function assumes that the original message was AES block length aligned. This differs from the OpenSSL AES-CBC methods which do not require alignment as it adds PKCS#7 padding automatically. To make the wolfSSL function and equivalent OpenSSL functions interoperate, one should specify the -nopad option in the OpenSSL command line function so that it behaves like the wolfSSL AesCbcEncrypt method and does not create errors during decryption. More...
 
WOLFSSL_API int wc_AesCfbEncrypt (Aes *aes, byte *out, const byte *in, word32 sz)
 
WOLFSSL_API int wc_AesCfbDecrypt (Aes *aes, byte *out, const byte *in, word32 sz)
 
WOLFSSL_API int wc_AesEcbEncrypt (Aes *aes, byte *out, const byte *in, word32 sz)
 
WOLFSSL_API int wc_AesEcbDecrypt (Aes *aes, byte *out, const byte *in, word32 sz)
 
WOLFSSL_API int wc_AesCtrEncrypt (Aes *aes, byte *out, const byte *in, word32 sz)
 Encrypts/Decrypts a message from the input buffer in, and places the resulting cipher text in the output buffer out using CTR mode with AES. This function is only enabled if WOLFSSL_AES_COUNTER is enabled at compile time. The AES structure should be initialized through AesSetKey before calling this function. Note that this function is used for both decryption and encryption. NOTE: Regarding using same API for encryption and decryption. User should differentiate between Aes structures for encrypt/decrypt. More...
 
WOLFSSL_API void wc_AesEncryptDirect (Aes *aes, byte *out, const byte *in)
 This function is a one-block encrypt of the input block, in, into the output block, out. It uses the key and iv (initialization vector) of the provided AES structure, which should be initialized with wc_AesSetKey before calling this function. It is only enabled if the configure option WOLFSSL_AES_DIRECT is enabled. Warning: In nearly all use cases ECB mode is considered to be less secure. Please avoid using ECB API’s directly whenever possible. More...
 
WOLFSSL_API void wc_AesDecryptDirect (Aes *aes, byte *out, const byte *in)
 This function is a one-block decrypt of the input block, in, into the output block, out. It uses the key and iv (initialization vector) of the provided AES structure, which should be initialized with wc_AesSetKey before calling this function. It is only enabled if the configure option WOLFSSL_AES_DIRECT is enabled, and there is support for direct AES encryption on the system in question. Warning: In nearly all use cases ECB mode is considered to be less secure. Please avoid using ECB API’s directly whenever possible. More...
 
WOLFSSL_API int wc_AesSetKeyDirect (Aes *aes, const byte *key, word32 len, const byte *iv, int dir)
 This function is used to set the AES keys for CTR mode with AES. It initializes an AES object with the given key, iv (initialization vector), and encryption dir (direction). It is only enabled if the configure option WOLFSSL_AES_DIRECT is enabled. Currently wc_AesSetKeyDirect uses wc_AesSetKey internally. Warning: In nearly all use cases ECB mode is considered to be less secure. Please avoid using ECB API’s directly whenever possible. More...
 
WOLFSSL_API int wc_AesGcmSetKey_ex (Aes *aes, const byte *key, word32 len, word32 kup)
 
WOLFSSL_API int wc_AesGcmSetKey (Aes *aes, const byte *key, word32 len)
 This function is used to set the key for AES GCM (Galois/Counter Mode). It initializes an AES object with the given key. It is only enabled if the configure option HAVE_AESGCM is enabled at compile time. More...
 
WOLFSSL_API int wc_AesGcmEncrypt (Aes *aes, byte *out, const byte *in, word32 sz, const byte *iv, word32 ivSz, byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz)
 This function encrypts the input message, held in the buffer in, and stores the resulting cipher text in the output buffer out. It requires a new iv (initialization vector) for each call to encrypt. It also encodes the input authentication vector, authIn, into the authentication tag, authTag. More...
 
WOLFSSL_API int wc_AesGcmDecrypt (Aes *aes, byte *out, const byte *in, word32 sz, const byte *iv, word32 ivSz, const byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz)
 This function decrypts the input cipher text, held in the buffer in, and stores the resulting message text in the output buffer out. It also checks the input authentication vector, authIn, against the supplied authentication tag, authTag. More...
 
WOLFSSL_API int wc_AesGcmSetExtIV (Aes *aes, const byte *iv, word32 ivSz)
 
WOLFSSL_API int wc_AesGcmSetIV (Aes *aes, word32 ivSz, const byte *ivFixed, word32 ivFixedSz, WC_RNG *rng)
 
WOLFSSL_API int wc_AesGcmEncrypt_ex (Aes *aes, byte *out, const byte *in, word32 sz, byte *ivOut, word32 ivOutSz, byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz)
 
WOLFSSL_API int wc_GmacSetKey (Gmac *gmac, const byte *key, word32 len)
 This function initializes and sets the key for a GMAC object to be used for Galois Message Authentication. More...
 
WOLFSSL_API int wc_GmacUpdate (Gmac *gmac, const byte *iv, word32 ivSz, const byte *authIn, word32 authInSz, byte *authTag, word32 authTagSz)
 This function generates the Gmac hash of the authIn input and stores the result in the authTag buffer. After running wc_GmacUpdate, one should compare the generated authTag to a known authentication tag to verify the authenticity of a message. More...
 
WOLFSSL_API int wc_Gmac (const byte *key, word32 keySz, byte *iv, word32 ivSz, const byte *authIn, word32 authInSz, byte *authTag, word32 authTagSz, WC_RNG *rng)
 
WOLFSSL_API int wc_GmacVerify (const byte *key, word32 keySz, const byte *iv, word32 ivSz, const byte *authIn, word32 authInSz, const byte *authTag, word32 authTagSz)
 
WOLFSSL_LOCAL void GHASH (Aes *aes, const byte *a, word32 aSz, const byte *c, word32 cSz, byte *s, word32 sSz)
 
WOLFSSL_API int wc_AesCcmSetKey (Aes *aes, const byte *key, word32 keySz)
 This function sets the key for an AES object using CCM (Counter with CBC-MAC). It takes a pointer to an AES structure and initializes it with supplied key. More...
 
WOLFSSL_API int wc_AesCcmEncrypt (Aes *aes, byte *out, const byte *in, word32 inSz, const byte *nonce, word32 nonceSz, byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz)
 This function encrypts the input message, in, into the output buffer, out, using CCM (Counter with CBC-MAC). It subsequently calculates and stores the authorization tag, authTag, from the authIn input. More...
 
WOLFSSL_API int wc_AesCcmDecrypt (Aes *aes, byte *out, const byte *in, word32 inSz, const byte *nonce, word32 nonceSz, const byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz)
 This function decrypts the input cipher text, in, into the output buffer, out, using CCM (Counter with CBC-MAC). It subsequently calculates the authorization tag, authTag, from the authIn input. If the authorization tag is invalid, it sets the output buffer to zero and returns the error: AES_CCM_AUTH_E. More...
 
WOLFSSL_API int wc_AesCcmSetNonce (Aes *aes, const byte *nonce, word32 nonceSz)
 
WOLFSSL_API int wc_AesCcmEncrypt_ex (Aes *aes, byte *out, const byte *in, word32 sz, byte *ivOut, word32 ivOutSz, byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz)
 
WOLFSSL_API int wc_AesKeyWrap (const byte *key, word32 keySz, const byte *in, word32 inSz, byte *out, word32 outSz, const byte *iv)
 
WOLFSSL_API int wc_AesKeyUnWrap (const byte *key, word32 keySz, const byte *in, word32 inSz, byte *out, word32 outSz, const byte *iv)
 
WOLFSSL_API int wc_AesXtsSetKey (XtsAes *aes, const byte *key, word32 len, int dir, void *heap, int devId)
 This is to help with setting keys to correct encrypt or decrypt type. It is up to user to call wc_AesXtsFree on aes key when done. More...
 
WOLFSSL_API int wc_AesXtsEncryptSector (XtsAes *aes, byte *out, const byte *in, word32 sz, word64 sector)
 Same process as wc_AesXtsEncrypt but uses a word64 type as the tweak value instead of a byte array. This just converts the word64 to a byte array and calls wc_AesXtsEncrypt. More...
 
WOLFSSL_API int wc_AesXtsDecryptSector (XtsAes *aes, byte *out, const byte *in, word32 sz, word64 sector)
 Same process as wc_AesXtsDecrypt but uses a word64 type as the tweak value instead of a byte array. This just converts the word64 to a byte array. More...
 
WOLFSSL_API int wc_AesXtsEncrypt (XtsAes *aes, byte *out, const byte *in, word32 sz, const byte *i, word32 iSz)
 AES with XTS mode. (XTS) XEX encryption with Tweak and cipher text Stealing. More...
 
WOLFSSL_API int wc_AesXtsDecrypt (XtsAes *aes, byte *out, const byte *in, word32 sz, const byte *i, word32 iSz)
 Same process as encryption but Aes key is AES_DECRYPTION type. More...
 
WOLFSSL_API int wc_AesXtsFree (XtsAes *aes)
 This is to free up any resources used by the XtsAes structure. More...
 
WOLFSSL_API int wc_AesGetKeySize (Aes *aes, word32 *keySize)
 
WOLFSSL_API int wc_AesInit (Aes *aes, void *heap, int devId)
 Initialize Aes structure. Sets heap hint to be used and ID for use with async hardware. More...
 
WOLFSSL_API int wc_AesInit_Id (Aes *aes, unsigned char *id, int len, void *heap, int devId)
 
WOLFSSL_API void wc_AesFree (Aes *aes)
 

Variables

 C
 

Variable Documentation

◆ C

C
Initial value:
{
#endif
enum {
AES_128_KEY_SIZE = 16,
AES_192_KEY_SIZE = 24,
AES_256_KEY_SIZE = 32,
AES_IV_SIZE = 16,
}