Module openssl::aes

source ·
Expand description

Low level AES IGE and key wrapping functionality

AES ECB, CBC, XTS, CTR, CFB, GCM and other conventional symmetric encryption modes are found in symm. This is the implementation of AES IGE and key wrapping

Advanced Encryption Standard (AES) provides symmetric key cipher that the same key is used to encrypt and decrypt data. This implementation uses 128, 192, or 256 bit keys. This module provides functions to create a new key with new_encrypt and perform an encryption/decryption using that key with aes_ige.

The symm module should be used in preference to this module in most cases. The IGE block cipher is a non-traditional cipher mode. More traditional AES encryption methods are found in the Crypter and Cipher structs.

Examples

AES IGE

use openssl::aes::{AesKey, aes_ige};
use openssl::symm::Mode;

let key = b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
let plaintext = b"\x12\x34\x56\x78\x90\x12\x34\x56\x12\x34\x56\x78\x90\x12\x34\x56";
let mut iv = *b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\
                \x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F";

 let key = AesKey::new_encrypt(key).unwrap();
 let mut output = [0u8; 16];
 aes_ige(plaintext, &mut output, &key, &mut iv, Mode::Encrypt);
 assert_eq!(output, *b"\xa6\xad\x97\x4d\x5c\xea\x1d\x36\xd2\xf3\x67\x98\x09\x07\xed\x32");

Key wrapping

use openssl::aes::{AesKey, unwrap_key, wrap_key};

let kek = b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
let key_to_wrap = b"\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF";

let enc_key = AesKey::new_encrypt(kek).unwrap();
let mut ciphertext = [0u8; 24];
wrap_key(&enc_key, None, &mut ciphertext, &key_to_wrap[..]).unwrap();
let dec_key = AesKey::new_decrypt(kek).unwrap();
let mut orig_key = [0u8; 16];
unwrap_key(&dec_key, None, &mut orig_key, &ciphertext[..]).unwrap();

assert_eq!(&orig_key[..], &key_to_wrap[..]);

Structs

AesKey
The key used to encrypt or decrypt cipher blocks.
KeyError
Provides Error handling for parsing keys.

Functions

aes_ige
Performs AES IGE encryption or decryption
unwrap_key
Unwrap a key, according to RFC 3394
wrap_key
Wrap a key, according to RFC 3394