The AES block cipher¶
This is a small, simple implementation of AES. Key expansion is done
first, filling in a cf_aes_context
. Then encryption and
decryption can be performed as desired.
Usually you don’t want to use AES directly; you should use it via a block cipher mode.
Macros¶
-
AES_BLOCKSZ
¶ AES has a 128-bit block size. This quantity is in bytes.
-
AES128_ROUNDS
¶
-
AES192_ROUNDS
¶
-
AES256_ROUNDS
¶ Round counts for different key sizes.
-
CF_AES_MAXROUNDS
¶ You can reduce the maximum number of rounds this implementation supports. This reduces the storage needed by
cf_aes_context
.The default is
AES256_ROUNDS
and is good for all key sizes.
-
CF_AES_ENCRYPT_ONLY
¶ Define this to 1 if you don’t need to decrypt anything. This saves space.
cf_aes_decrypt()
calls abort(3).
Types¶
-
cf_aes_context
¶ This type represents an expanded AES key. Create one using
cf_aes_init()
, make use of one usingcf_aes_encrypt()
orcf_aes_decrypt()
.The contents of this structure are equivalent to the original key material. You should clean the contents of this structure with
cf_aes_finish()
when you’re done.-
cf_aes_context.rounds
¶
Number of rounds to use, set by
cf_aes_init()
.This depends on the original key size, and will be
AES128_ROUNDS
,AES192_ROUNDS
orAES256_ROUNDS
.-
cf_aes_context.ks
¶
Expanded key material. Filled in by
cf_aes_init()
.-
Functions¶
-
void
cf_aes_init
(cf_aes_context *ctx, const uint8_t *key, size_t nkey)¶ This function does AES key expansion. It destroys existing contents of
ctx
.Parameters: - ctx – expanded key context, filled in by this function.
- key – pointer to key material, of
nkey
bytes. - nkey – length of key material. Must be 16, 24 or 32.
-
void
cf_aes_encrypt
(const cf_aes_context *ctx, const uint8_t in[AES_BLOCKSZ], uint8_t out[AES_BLOCKSZ])¶ Encrypts the given block, from
in
toout
. These may alias.Fails at runtime if
ctx
is invalid.Parameters: - ctx – expanded key context
- in – input block (read)
- out – output block (written)
-
void
cf_aes_decrypt
(const cf_aes_context *ctx, const uint8_t in[AES_BLOCKSZ], uint8_t out[AES_BLOCKSZ])¶ Decrypts the given block, from
in
toout
. These may alias.Fails at runtime if
ctx
is invalid.Parameters: - ctx – expanded key context
- in – input block (read)
- out – output block (written)
-
void
cf_aes_finish
(cf_aes_context *ctx)¶ Erase scheduled key material.
Call this when you’re done to erase the round keys.