aes.h

All headers

Raw AES functions.

  1. AES_ENCRYPT
  2. AES_DECRYPT
  3. AES_MAXNR
  4. AES_BLOCK_SIZE
  5. aes_key_st
  6. AES_set_encrypt_key
  7. AES_set_decrypt_key
  8. AES_encrypt
  9. AES_decrypt
  10. Block cipher modes
  11. AES_ctr128_encrypt
  12. AES_ecb_encrypt
  13. AES_cbc_encrypt
  14. AES_ofb128_encrypt
  15. AES_cfb128_encrypt
  16. AES key wrap
  17. AES_wrap_key
  18. AES_unwrap_key
#define AES_ENCRYPT 1
#define AES_DECRYPT 0

AES_MAXNR is the maximum number of AES rounds.

#define AES_MAXNR 14
#define AES_BLOCK_SIZE 16

aes_key_st should be an opaque type, but EVP requires that the size be known.

struct aes_key_st {
  uint32_t rd_key[4 * (AES_MAXNR + 1)];
  unsigned rounds;
};
typedef struct aes_key_st AES_KEY;

AES_set_encrypt_key configures aeskey to encrypt with the bits-bit key, key.

WARNING: unlike other OpenSSL functions, this returns zero on success and a negative number on error.

OPENSSL_EXPORT int AES_set_encrypt_key(const uint8_t *key, unsigned bits,
                                       AES_KEY *aeskey);

AES_set_decrypt_key configures aeskey to decrypt with the bits-bit key, key.

WARNING: unlike other OpenSSL functions, this returns zero on success and a negative number on error.

OPENSSL_EXPORT int AES_set_decrypt_key(const uint8_t *key, unsigned bits,
                                       AES_KEY *aeskey);

AES_encrypt encrypts a single block from in to out with key. The in and out pointers may overlap.

OPENSSL_EXPORT void AES_encrypt(const uint8_t *in, uint8_t *out,
                                const AES_KEY *key);

AES_decrypt decrypts a single block from in to out with key. The in and out pointers may overlap.

OPENSSL_EXPORT void AES_decrypt(const uint8_t *in, uint8_t *out,
                                const AES_KEY *key);

Block cipher modes.

AES_ctr128_encrypt encrypts (or decrypts, it's the same in CTR mode) len bytes from in to out. The num parameter must be set to zero on the first call and ivec will be incremented.

OPENSSL_EXPORT void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out,
                                       size_t len, const AES_KEY *key,
                                       uint8_t ivec[AES_BLOCK_SIZE],
                                       uint8_t ecount_buf[AES_BLOCK_SIZE],
                                       unsigned int *num);

AES_ecb_encrypt encrypts (or decrypts, if enc == AES_DECRYPT) a single, 16 byte block from in to out.

OPENSSL_EXPORT void AES_ecb_encrypt(const uint8_t *in, uint8_t *out,
                                    const AES_KEY *key, const int enc);

AES_cbc_encrypt encrypts (or decrypts, if enc == AES_DECRYPT) len bytes from in to out. The length must be a multiple of the block size.

OPENSSL_EXPORT void AES_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
                                    const AES_KEY *key, uint8_t *ivec,
                                    const int enc);

AES_ofb128_encrypt encrypts (or decrypts, it's the same in OFB mode) len bytes from in to out. The num parameter must be set to zero on the first call.

OPENSSL_EXPORT void AES_ofb128_encrypt(const uint8_t *in, uint8_t *out,
                                       size_t len, const AES_KEY *key,
                                       uint8_t *ivec, int *num);

AES_cfb128_encrypt encrypts (or decrypts, if enc == AES_DECRYPT) len bytes from in to out. The num parameter must be set to zero on the first call.

OPENSSL_EXPORT void AES_cfb128_encrypt(const uint8_t *in, uint8_t *out,
                                       size_t len, const AES_KEY *key,
                                       uint8_t *ivec, int *num, int enc);

AES key wrap.

These functions implement AES Key Wrap mode, as defined in RFC 3394. They should never be used except to interoperate with existing systems that use this mode.

AES_wrap_key performs AES key wrap on in which must be a multiple of 8 bytes. iv must point to an 8 byte value or be NULL to use the default IV. key must have been configured for encryption. On success, it writes in_len + 8 bytes to out and returns in_len + 8. Otherwise, it returns -1.

OPENSSL_EXPORT int AES_wrap_key(const AES_KEY *key, const uint8_t *iv,
                                uint8_t *out, const uint8_t *in, size_t in_len);

AES_unwrap_key performs AES key unwrap on in which must be a multiple of 8 bytes. iv must point to an 8 byte value or be NULL to use the default IV. key must have been configured for decryption. On success, it writes in_len - 8 bytes to out and returns in_len - 8. Otherwise, it returns -1.

OPENSSL_EXPORT int AES_unwrap_key(const AES_KEY *key, const uint8_t *iv,
                                  uint8_t *out, const uint8_t *in,
                                  size_t in_len);