9 aes_xts_encrypt, aes_xts_decrypt, \
10 setupAESXCBCstate, aesXCBCmac, \
12 aesgcm_setiv, aesgcm_encrypt, aesgcm_decrypt \
13 - advanced encryption standard (rijndael)
21 .B #include <libsec.h>
26 void aes_encrypt(ulong rk[], int Nr, uchar pt[16], uchar ct[16]);
29 void aes_decrypt(ulong rk[], int Nr, uchar ct[16], uchar pt[16]);
32 void setupAESstate(AESstate *s, uchar key[], int keybytes, uchar *ivec)
35 void aesCBCencrypt(uchar *p, int len, AESstate *s)
38 void aesCBCdecrypt(uchar *p, int len, AESstate *s)
41 void aesCFBencrypt(uchar *p, int len, AESstate *s)
44 void aesCFBdecrypt(uchar *p, int len, AESstate *s)
47 void aesOFBencrypt(uchar *p, int len, AESstate *s)
50 void aes_xts_encrypt(AESstate *tweak, AESstate *ecb, uvlong sectorNumber, uchar *input, uchar *output, ulong len)
53 void aes_xts_decrypt(AESstate *tweak, AESstate *ecb, uvlong sectorNumber, uchar *input, uchar *output, ulong len)
56 void setupAESXCBCstate(AESstate *s)
59 void aesXCBCmac(uchar *p, int len, AESstate *s)
62 void setupAESGCMstate(AESGCMstate *s, uchar *key, int keylen, uchar *iv, int ivlen)
65 void aesgcm_setiv(AESGCMstate *s, uchar *iv, int ivlen)
68 void aesgcm_encrypt(uchar *dat, ulong ndat, uchar *aad, ulong naad, uchar tag[16], AESGCMstate *s)
71 int aesgcm_decrypt(uchar *dat, ulong ndat, uchar *aad, ulong naad, uchar tag[16], AESGCMstate *s)
73 AES (a.k.a. Rijndael) has replaced DES as the preferred
78 are the block ciphers, corresponding to
84 implement cipher-block-chaining encryption.
89 implement cipher-feedback- and output-feedback-mode
90 stream cipher encryption.
94 implement the XTS-AES tweakable block cipher, per IEEE 1619-2017 (see bugs below).
96 is used to initialize the state of the above encryption modes.
100 implement AES XCBC message authentication, per RFC 3566.
101 .IR SetupAESGCMstate ,
106 implement Galois/Counter Mode (GCM) authenticated encryption with associated data (AEAD).
107 Before encryption or decryption, a new initialization vector (nonce) has to be set with
116 Aesgcm_decrypt returns zero when authentication and decryption where successfull and
118 All ciphering is performed in place.
120 should be 16, 24, or 32.
121 The initialization vector
125 bytes should be random enough to be unlikely to be reused
126 but does not need to be
127 cryptographically strongly unpredictable.
145 .B http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
150 .IR setupAESXCBCstate ,
153 have not yet been verified by running test vectors through them.
155 Because of the way that non-multiple-of-16 buffers are handled,
157 must be fed buffers of the same size as the
159 calls that encrypted it.
165 abort on a non-multiple-of-16 length as ciphertext stealing