NAME
AES_set_encrypt_key
,
AES_set_decrypt_key
,
AES_encrypt
, AES_decrypt
,
AES_cbc_encrypt
—
low-level interface to the AES
symmetric cipher
SYNOPSIS
#include
<openssl/aes.h>
int
AES_set_encrypt_key
(const unsigned
char *userKey, const int bits,
AES_KEY *key);
int
AES_set_decrypt_key
(const unsigned
char *userKey, const int bits,
AES_KEY *key);
void
AES_encrypt
(const unsigned char
*in, unsigned char *out, const
AES_KEY *key);
void
AES_decrypt
(const unsigned char
*in, unsigned char *out, const
AES_KEY *key);
void
AES_cbc_encrypt
(const unsigned char
*in, unsigned char *out, size_t
length, const AES_KEY *key,
unsigned char *ivec, const int
enc);
DESCRIPTION
These function provide a low-level interface to the AES symmetric cipher algorithm, also called Rijndael. For reasons of flexibility, it is recommended that application programs use the high-level interface described in EVP_EncryptInit(3) and EVP_aes_128_cbc(3) instead whenever possible.AES_KEY is a structure that can hold up to 60 int values and a number of rounds.
AES_set_encrypt_key
()
expands the userKey, which is
bits long, into the key
structure to prepare for encryption. The number of bits and bytes read from
userKey, the number of int
values stored into key, and the number of rounds are
as follows:
bits | bytes | ints | rounds |
128 | 16 | 44 | 10 |
192 | 24 | 52 | 12 |
256 | 32 | 60 | 14 |
AES_set_decrypt_key
()
does the same, but in preparation for decryption.
AES_encrypt
()
reads a single 16 byte block from *in, encrypts it
with the key, and writes the 16 resulting bytes to
*out. The 16 byte buffers starting at
in and out can overlap, and
in and out can even point to the
same memory location.
AES_decrypt
()
decrypts a single block and is otherwise identical to
AES_encrypt
().
If enc is non-zero,
AES_cbc_encrypt
()
encrypts len bytes at in to
out using the 128 bit key and
the 128 bit initialization vector ivec in CBC mode. If
enc is 0, AES_cbc_encrypt
()
performs the corresponding decryption.
RETURN VALUES
AES_set_encrypt_key
() and
AES_set_decrypt_key
() return 0 for success, -1 if
userKey or key is
NULL
, or -2 if the number of
bits is unsupported.
SEE ALSO
STANDARDS
ISO/IEC 18033-3:2010 Information technology — Security techniques — Encryption algorithms — Part 3: Block ciphers
HISTORY
These functions first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.
AUTHORS
Vincent Rijmen
Antoon Bosselaers
Paulo Barreto