My Project
|
Go to the source code of this file.
Functions | |
int | wc_AesSetKey (Aes *aes, const byte *key, word32 len, const byte *iv, int dir) |
This function initializes an AES structure by setting the key and then setting the initialization vector. More... | |
int | wc_AesSetIV (Aes *aes, const byte *iv) |
This function sets the initialization vector for a particular AES object. The AES object should be initialized before calling this function. More... | |
int | wc_AesCbcEncrypt (Aes *aes, byte *out, const byte *in, word32 sz) |
Encrypts a plaintext message from the input buffer in, and places the resulting cipher text in the output buffer out using cipher block chaining with AES. This function requires that the AES object has been initialized by calling AesSetKey before a message is able to be encrypted. This function assumes that the input message is AES block length aligned, and expects the input length to be a multiple of the block length, which will optionally be checked and enforced if WOLFSSL_AES_CBC_LENGTH_CHECKS is defined in the build configuration. In order to assure block-multiple input, PKCS#7 style padding should be added beforehand. This differs from the OpenSSL AES-CBC methods which add the padding for you. To make the wolfSSL and corresponding OpenSSL functions interoperate, one should specify the -nopad option in the OpenSSL command line function so that it behaves like the wolfSSL AesCbcEncrypt method and does not add extra padding during encryption. More... | |
int | wc_AesCbcDecrypt (Aes *aes, byte *out, const byte *in, word32 sz) |
Decrypts a cipher from the input buffer in, and places the resulting plain text in the output buffer out using cipher block chaining with AES. This function requires that the AES structure has been initialized by calling AesSetKey before a message is able to be decrypted. This function assumes that the original message was AES block length aligned, and expects the input length to be a multiple of the block length, which will optionally be checked and enforced if WOLFSSL_AES_CBC_LENGTH_CHECKS is defined in the build configuration. This differs from the OpenSSL AES-CBC methods, which add PKCS#7 padding automatically, and so do not require block-multiple input. To make the wolfSSL function and equivalent OpenSSL functions interoperate, one should specify the -nopad option in the OpenSSL command line function so that it behaves like the wolfSSL AesCbcEncrypt method and does not create errors during decryption. More... | |
int | wc_AesCtrEncrypt (Aes *aes, byte *out, const byte *in, word32 sz) |
Encrypts/Decrypts a message from the input buffer in, and places the resulting cipher text in the output buffer out using CTR mode with AES. This function is only enabled if WOLFSSL_AES_COUNTER is enabled at compile time. The AES structure should be initialized through AesSetKey before calling this function. Note that this function is used for both decryption and encryption. NOTE: Regarding using same API for encryption and decryption. User should differentiate between Aes structures for encrypt/decrypt. More... | |
int | wc_AesEncryptDirect (Aes *aes, byte *out, const byte *in) |
This function is a one-block encrypt of the input block, in, into the output block, out. It uses the key of the provided AES structure, which should be initialized with wc_AesSetKey before calling this function. wc_AesSetKey should have been called with the iv set to NULL. This is only enabled if the configure option WOLFSSL_AES_DIRECT is enabled. Warning: In nearly all use cases ECB mode is considered to be less secure. Please avoid using ECB API’s directly whenever possible. More... | |
int | wc_AesDecryptDirect (Aes *aes, byte *out, const byte *in) |
This function is a one-block decrypt of the input block, in, into the output block, out. It uses the key of the provided AES structure, which should be initialized with wc_AesSetKey before calling this function. wc_AesSetKey should have been called with the iv set to NULL. This is only enabled if the configure option WOLFSSL_AES_DIRECT is enabled. Warning: In nearly all use cases ECB mode is considered to be less secure. Please avoid using ECB API’s directly whenever possible. More... | |
int | wc_AesSetKeyDirect (Aes *aes, const byte *key, word32 len, const byte *iv, int dir) |
This function is used to set the AES keys for CTR mode with AES. It initializes an AES object with the given key, iv (initialization vector), and encryption dir (direction). It is only enabled if the configure option WOLFSSL_AES_DIRECT is enabled. Currently wc_AesSetKeyDirect uses wc_AesSetKey internally. Warning: In nearly all use cases ECB mode is considered to be less secure. Please avoid using ECB API’s directly whenever possible. More... | |
int | wc_AesGcmSetKey (Aes *aes, const byte *key, word32 len) |
This function is used to set the key for AES GCM (Galois/Counter Mode). It initializes an AES object with the given key. It is only enabled if the configure option HAVE_AESGCM is enabled at compile time. More... | |
int | wc_AesGcmEncrypt (Aes *aes, byte *out, const byte *in, word32 sz, const byte *iv, word32 ivSz, byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz) |
This function encrypts the input message, held in the buffer in, and stores the resulting cipher text in the output buffer out. It requires a new iv (initialization vector) for each call to encrypt. It also encodes the input authentication vector, authIn, into the authentication tag, authTag. More... | |
int | wc_AesGcmDecrypt (Aes *aes, byte *out, const byte *in, word32 sz, const byte *iv, word32 ivSz, const byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz) |
This function decrypts the input cipher text, held in the buffer in, and stores the resulting message text in the output buffer out. It also checks the input authentication vector, authIn, against the supplied authentication tag, authTag. More... | |
int | wc_GmacSetKey (Gmac *gmac, const byte *key, word32 len) |
This function initializes and sets the key for a GMAC object to be used for Galois Message Authentication. More... | |
int | wc_GmacUpdate (Gmac *gmac, const byte *iv, word32 ivSz, const byte *authIn, word32 authInSz, byte *authTag, word32 authTagSz) |
This function generates the Gmac hash of the authIn input and stores the result in the authTag buffer. After running wc_GmacUpdate, one should compare the generated authTag to a known authentication tag to verify the authenticity of a message. More... | |
int | wc_AesCcmSetKey (Aes *aes, const byte *key, word32 keySz) |
This function sets the key for an AES object using CCM (Counter with CBC-MAC). It takes a pointer to an AES structure and initializes it with supplied key. More... | |
int | wc_AesCcmEncrypt (Aes *aes, byte *out, const byte *in, word32 inSz, const byte *nonce, word32 nonceSz, byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz) |
This function encrypts the input message, in, into the output buffer, out, using CCM (Counter with CBC-MAC). It subsequently calculates and stores the authorization tag, authTag, from the authIn input. More... | |
int | wc_AesCcmDecrypt (Aes *aes, byte *out, const byte *in, word32 inSz, const byte *nonce, word32 nonceSz, const byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz) |
This function decrypts the input cipher text, in, into the output buffer, out, using CCM (Counter with CBC-MAC). It subsequently calculates the authorization tag, authTag, from the authIn input. If the authorization tag is invalid, it sets the output buffer to zero and returns the error: AES_CCM_AUTH_E. More... | |
int | wc_AesXtsInit (XtsAes *aes, void *heap, int devId) |
This is to initialize an AES-XTS context. It is up to user to call wc_AesXtsFree on aes key when done. More... | |
int | wc_AesXtsSetKeyNoInit (XtsAes *aes, const byte *key, word32 len, int dir) |
This is to help with setting keys to correct encrypt or decrypt type, after first calling wc_AesXtsInit(). It is up to user to call wc_AesXtsFree on aes key when done. More... | |
int | wc_AesXtsSetKey (XtsAes *aes, const byte *key, word32 len, int dir, void *heap, int devId) |
This is to help with setting keys to correct encrypt or decrypt type. It is up to user to call wc_AesXtsFree on aes key when done. More... | |
int | wc_AesXtsEncryptSector (XtsAes *aes, byte *out, const byte *in, word32 sz, word64 sector) |
Same process as wc_AesXtsEncrypt but uses a word64 type as the tweak value instead of a byte array. This just converts the word64 to a byte array and calls wc_AesXtsEncrypt. More... | |
int | wc_AesXtsDecryptSector (XtsAes *aes, byte *out, const byte *in, word32 sz, word64 sector) |
Same process as wc_AesXtsDecrypt but uses a word64 type as the tweak value instead of a byte array. This just converts the word64 to a byte array. More... | |
int | wc_AesXtsEncrypt (XtsAes *aes, byte *out, const byte *in, word32 sz, const byte *i, word32 iSz) |
AES with XTS mode. (XTS) XEX encryption with Tweak and cipher text Stealing. More... | |
int | wc_AesXtsDecrypt (XtsAes *aes, byte *out, const byte *in, word32 sz, const byte *i, word32 iSz) |
Same process as encryption but Aes key is AES_DECRYPTION type. More... | |
int | wc_AesXtsFree (XtsAes *aes) |
This is to free up any resources used by the XtsAes structure. More... | |
int | wc_AesInit (Aes *aes, void *heap, int devId) |
Initialize Aes structure. Sets heap hint to be used and ID for use with async hardware. It is up to the user to call wc_AesFree on the Aes structure when done. More... | |
int | wc_AesFree (Aes *aes) |
free resources associated with the Aes structure when applicable. Internally may sometimes be a no-op but still recommended to call in all cases as a general best-practice (IE if application code is ported for use on new environments where the call is applicable). More... | |
int | wc_AesCfbEncrypt (Aes *aes, byte *out, const byte *in, word32 sz) |
AES with CFB mode. More... | |
int | wc_AesCfbDecrypt (Aes *aes, byte *out, const byte *in, word32 sz) |
AES with CFB mode. More... | |
int | wc_AesSivEncrypt (const byte *key, word32 keySz, const byte *assoc, word32 assocSz, const byte *nonce, word32 nonceSz, const byte *in, word32 inSz, byte *siv, byte *out) |
This function performs SIV (synthetic initialization vector) encryption as described in RFC 5297. More... | |
int | wc_AesSivDecrypt (const byte *key, word32 keySz, const byte *assoc, word32 assocSz, const byte *nonce, word32 nonceSz, const byte *in, word32 inSz, byte *siv, byte *out) |
This function performs SIV (synthetic initialization vector) decryption as described in RFC 5297. More... | |
WOLFSSL_API int | wc_AesEaxEncryptAuth (const byte *key, word32 keySz, byte *out, const byte *in, word32 inSz, const byte *nonce, word32 nonceSz, byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz) |
This function performs AES EAX encryption and authentication as described in "EAX: A Conventional Authenticated-Encryption Mode" (https://eprint.iacr.org/2003/069). It is a "one-shot" API that performs all encryption and authentication operations in one function call. More... | |
WOLFSSL_API int | wc_AesEaxDecryptAuth (const byte *key, word32 keySz, byte *out, const byte *in, word32 inSz, const byte *nonce, word32 nonceSz, const byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz) |
This function performs AES EAX decryption and authentication as described in "EAX: A Conventional Authenticated-Encryption Mode" (https://eprint.iacr.org/2003/069). It is a "one-shot" API that performs all decryption and authentication operations in one function call. More... | |
WOLFSSL_API int | wc_AesEaxInit (AesEax *eax, const byte *key, word32 keySz, const byte *nonce, word32 nonceSz, const byte *authIn, word32 authInSz) |
This function initializes an AesEax object for use in authenticated encryption or decryption. This function must be called on an AesEax object before using it with any of the AES EAX incremental API functions. It does not need to be called if using the one-shot EAX API functions. All AesEax instances initialized with this function need to be freed with a call to wc_AesEaxFree() when done using the instance. More... | |
WOLFSSL_API int | wc_AesEaxEncryptUpdate (AesEax *eax, byte *out, const byte *in, word32 inSz, const byte *authIn, word32 authInSz) |
This function uses AES EAX to encrypt input data, and optionally, add more input data to the authentication stream. eax must have been previously initialized with a call to wc_AesEaxInit. More... | |
WOLFSSL_API int | wc_AesEaxDecryptUpdate (AesEax *eax, byte *out, const byte *in, word32 inSz, const byte *authIn, word32 authInSz) |
This function uses AES EAX to decrypt input data, and optionally, add more input data to the authentication stream. eax must have been previously initialized with a call to wc_AesEaxInit. More... | |
WOLFSSL_API int | wc_AesEaxAuthDataUpdate (AesEax *eax, const byte *authIn, word32 authInSz) |
This function adds input data to the authentication stream. eax must have been previously initialized with a call to wc_AesEaxInit. More... | |
WOLFSSL_API int | wc_AesEaxEncryptFinal (AesEax *eax, byte *authTag, word32 authTagSz) |
This function finalizes the encrypt AEAD operation, producing an auth tag over the current authentication stream. eax must have been previously initialized with a call to wc_AesEaxInit. When done using the AesEax context structure, make sure to free it using wc_AesEaxFree. More... | |
WOLFSSL_API int | wc_AesEaxDecryptFinal (AesEax *eax, const byte *authIn, word32 authInSz) |
This function finalizes the decrypt AEAD operation, finalizing the auth tag computation and checking it for validity against the user supplied tag. eax must have been previously initialized with a call to wc_AesEaxInit. When done using the AesEax context structure, make sure to free it using wc_AesEaxFree. More... | |
WOLFSSL_API int | wc_AesEaxFree (AesEax *eax) |
This frees up any resources, specifically keys, used by the Aes instance inside the AesEax wrapper struct. It should be called on the AesEax struct after it has been initialized with wc_AesEaxInit, and all desired EAX operations are complete. More... | |