AES Class Reference

#include <aes.h>

Inheritance diagram for AES:

Inheritance graph
Collaboration diagram for AES:

Collaboration graph

Detailed Description

Implementation of the NIST Advanced Encryption Standard ("AES"), FIPS 197.

AES is a 16-byte block cipher with a key size of 128, 192, or 256 bits.

Buffers may be encrypted or decrypted "in place," i.e., in == out is allowed in crypt().

Usage flow:
  AES()         // instantiate a new AES object
  init()        // specify the direction, key, mode, and IV (if required)
  setcounter()  // only required in CTR mode
  crypt()       // perform the encrypt or decrypt operation

Recommendations for strict FIPS 140-1 compliance:
  All supported modes of AES are FIPS compliant.

Sample code illustrating the use of this class appears in the Cookbook section Using the Symmetric Ciphers.

References

AES (also known as "Rijndael") is specified in FIPS 197.


Public Types

 ENCRYPT
 crypt() call performs encryption
 DECRYPT
 crypt() call performs decryption
 ECB = 1
 Electronic Code Book mode.
 CBC = 2
 Cipher Block Chaining mode.
 CFB8
 8-bit Cipher Feedback mode
 CFB64
 64-bit Cipher Feedback mode
 CFB128
 128-bit Cipher Feedback mode
 OFB
 Output Feedback mode.
 CTR
 Counter mode (NIST SP800-38A).
enum  dirs {
  ENCRYPT,
  DECRYPT
}
 Direction values. More...
enum  modes {
  ECB = 1,
  CBC = 2 ,
  CFB8,
  CFB64,
  CFB128,
  OFB,
  CTR
}
 Modes of operation. More...

Public Member Functions

 ~AES ()
 Destructor. Calls clear().
int init (enum dirs dir, int keybytes, const char *key, enum modes md=ECB, const char *IV=0)
 Initialize the AES object.
int setcounter (int bytes, const char *counter)
 Set counter for CTR mode.
int crypt (int bytes, const char *inbuf, char *outbuf)
 Encrypt or decrypt a specified buffer.
void clear (void)
 Clear the AES object.


Member Enumeration Documentation

enum dirs

Direction values.

Enumerator:
ENCRYPT  crypt() call performs encryption
DECRYPT  crypt() call performs decryption

enum modes

Modes of operation.

Enumerator:
ECB  Electronic Code Book mode.
CBC  Cipher Block Chaining mode.
CFB8  8-bit Cipher Feedback mode
CFB64  64-bit Cipher Feedback mode
CFB128  128-bit Cipher Feedback mode
OFB  Output Feedback mode.
CTR  Counter mode (NIST SP800-38A).


Constructor & Destructor Documentation

~AES (  )  [inline]

Destructor. Calls clear().

Remarks:
Modifies: rk, iv, ctr are zeroized; algorithm state is set to UNINIT.


Member Function Documentation

void clear ( void   ) 

Clear the AES object.

Remarks:
Modifies: rk, iv, and ctr are zeroized; state is set to UNINIT.

int crypt ( int  bytes,
const char *  inbuf,
char *  outbuf 
)

Encrypt or decrypt a specified buffer.

Parameters:
bytes length of input and output buffers; must be a multiple of 16 for ECB, CBC, OFB, CFB128, and CTR modes; a multple of 8 for CFB64; arbitrary for CFB8.
inbuf pointer to input buffer to be encrypted or decrypted
outbuf pointer to output buffer; output and input buffers may coincide.
Returns:
0 (success)
CDK_ERROR_STATE
CDK_INVALID_PTR
CDK_INVALID_DATA_LENGTH
CDK_MODE_UNSUPPORTED
CDK_INVALID_MODE
Remarks:
Modifies: iv; to guard against reuse, ctr is auto-incremented.

int init ( enum dirs  dir,
int  keybytes,
const char *  key,
enum modes  md = ECB,
const char *  IV = 0 
)

Initialize the AES object.

Parameters:
dir a direction indicator: ENCRYPT or DECRYPT.
keybytes the length of key in bytes; 16, 24, or 32 for 128-, 192-, or 256-bit AES respectively.
key a pointer to a buffer containing the key
md a mode indicator: ECB, CBC, CFB8, CFB64, CFB128, or OFB.
IV an 16-byte initialization vector (if required). If dir = ENCRYPT and md = CBC or CFB, the IV should be "unpredictable." If dir = ENCRYPT and md = OFB, the IV should be unique for each session. See NIST Spec. Pub. 800-38a.
Returns:
0 (success)
CDK_ERROR_STATE
CDK_OP_UNSUPPORTED
CDK_INVALID_MODE
CDK_INVALID_KEY_SIZE
CDK_MODE_UNSUPPORTED
CDK_INVALID_BLOCK_SIZE
CDK_INVALID_ROUNDS
CDK_INVALID_KEY_PTR
Remarks:
Modifies: rk, direction, md, iv, KC, BC, ROUNDS, state (i.e., the AES object is given the specified direction, key, mode, and IV).

int setcounter ( int  bytes,
const char *  counter 
)

Set counter for CTR mode.

Parameters:
bytes length of counter in bytes (must be 16).
counter pointer to buffer containing 16-byte counter value.
Returns:
0 (success)
CDK_INVALID_DATA_LENGTH
CDK_INVALID_PTR
Remarks:
Modifies: ctr


The documentation for this class was generated from the following file:
ISC Cryptographic Development Kit - User's Guide
ISC website
Questions? E-mail ISC technical support
Copyright© 2002-2006 Information Security Corp. All rights reserved.