aes(3)



aes(3tcl)             Advanced Encryption Standard (AES)             aes(3tcl)

______________________________________________________________________________

NAME
       aes - Implementation of the AES block cipher

SYNOPSIS
       package require Tcl  8.5

       package require aes  ?1.2.1?

       ::aes::aes ?-mode [ecb|cbc]? ?-dir [encrypt|decrypt]? -key keydata ?-iv
       vector? ?-hex? ?-out channel? ?-chunksize size? [ -in  channel  |  ?--?
       data ]

       ::aes::Init mode keydata iv

       ::aes::Encrypt Key data

       ::aes::Decrypt Key data

       ::aes::Reset Key iv

       ::aes::Final Key

______________________________________________________________________________

DESCRIPTION
       This  is  an  implementation in Tcl of the Advanced Encryption Standard
       (AES) as published by the U.S.  National  Institute  of  Standards  and
       Technology  [1]. AES is a 128-bit block cipher with a variable key size
       of 128, 192 or 256 bits.  This  implementation  supports  ECB  and  CBC
       modes.

COMMANDS
       ::aes::aes ?-mode [ecb|cbc]? ?-dir [encrypt|decrypt]? -key keydata ?-iv
       vector? ?-hex? ?-out channel? ?-chunksize size? [ -in  channel  |  ?--?
       data ]
              Perform the aes algorithm on either the data provided by the ar-
              gument or on the data read from the  -in  channel.  If  an  -out
              channel  is  given then the result will be written to this chan-
              nel.

              The -key option must be given. This  parameter  takes  a  binary
              string  of  either  16,  24 or 32 bytes in length and is used to
              generate the key schedule.

              The -mode and -dir options are optional and default to cbc  mode
              and  encrypt respectively. The initialization vector -iv takes a
              16 byte binary argument which defaults to all zeros.  See  MODES
              OF OPERATION for more about available modes and their uses.

              AES  is a 128-bit block cipher. This means that the data must be
              provided in units that are a multiple of 16 bytes.

PROGRAMMING INTERFACE
       Internal state is maintained in an opaque structure  that  is  returned
       from  the  Init  function. In ECB mode the state is not affected by the
       input but for CBC mode some input dependent state is maintained and may
       be reset by calling the Reset function with a new initialization vector
       value.

       ::aes::Init mode keydata iv
              Construct a new AES key schedule using the  specified  key  data
              and  the  given initialization vector. The initialization vector
              is not used with ECB mode but is important for  CBC  mode.   See
              MODES OF OPERATION for details about cipher modes.

       ::aes::Encrypt Key data
              Use  a prepared key acquired by calling Init to encrypt the pro-
              vided data. The data argument should be a binary array that is a
              multiple  of the AES block size of 16 bytes. The result is a bi-
              nary array the same size as the input of encrypted data.

       ::aes::Decrypt Key data
              Decipher data using the key. Note that the same key may be  used
              to  encrypt  and  decrypt  data provided that the initialization
              vector is reset appropriately for CBC mode.

       ::aes::Reset Key iv
              Reset the initialization vector. This permits the programmer  to
              re-use  a key and avoid the cost of re-generating the key sched-
              ule where the same key data is being used multiple times.

       ::aes::Final Key
              This should be called to clean up resources associated with Key.
              Once  this  function  has  been  called  the key may not be used
              again.

MODES OF OPERATION
       Electronic Code Book (ECB)
              ECB is the basic mode of all block ciphers. Each  block  is  en-
              crypted  independently  and so identical plain text will produce
              identical output when encrypted with the same key.  Any  encryp-
              tion errors will only affect a single block however this is vul-
              nerable to known plaintext attacks.

       Cipher Block Chaining (CBC)
              CBC mode uses the output of the last block encryption to  affect
              the  current block. An initialization vector of the same size as
              the cipher block size is used to handle  the  first  block.  The
              initialization  vector should be chosen randomly and transmitted
              as the first block of the output. Errors  in  encryption  affect
              the current block and the next block after which the cipher will
              correct itself. CBC is the most commonly used mode  in  software
              encryption.  This is the default mode of operation for this mod-
              ule.

EXAMPLES
              % set nil_block [string repeat \\0 16]
              % aes::aes -hex -mode cbc -dir encrypt -key $nil_block $nil_block
              66e94bd4ef8a2c3b884cfa59ca342b2e

              set Key [aes::Init cbc $sixteen_bytes_key_data $sixteen_byte_iv]
              append ciphertext [aes::Encrypt $Key $plaintext]
              append ciphertext [aes::Encrypt $Key $additional_plaintext]
              aes::Final $Key

REFERENCES
       [1]    "Advanced Encryption Standard", Federal  Information  Processing
              Standards  Publication  197, 2001 (http://csrc.nist.gov/publica-
              tions/fips/fips197/fips-197.pdf)

AUTHORS
       Thorsten Schloermann, Pat Thoyts

BUGS, IDEAS, FEEDBACK
       This document, and the package it describes, will  undoubtedly  contain
       bugs and other problems.  Please report such in the category aes of the
       Tcllib Trackers  [http://core.tcl.tk/tcllib/reportlist].   Please  also
       report  any  ideas  for  enhancements  you  may have for either package
       and/or documentation.

       When proposing code changes, please provide unified diffs, i.e the out-
       put of diff -u.

       Note  further  that  attachments  are  strongly  preferred over inlined
       patches. Attachments can be made by going  to  the  Edit  form  of  the
       ticket  immediately  after  its  creation, and then using the left-most
       button in the secondary navigation bar.

SEE ALSO
       blowfish(3tcl), des(3tcl), md5(3tcl), sha1(3tcl)

KEYWORDS
       aes, block cipher, data integrity, encryption, security

CATEGORY
       Hashes, checksums, and encryption

COPYRIGHT
       Copyright (c) 2005, Pat Thoyts <patthoyts@users.sourceforge.net>
       Copyright (c) 2012-2014, Andreas Kupries <andreas_kupries@users.sourceforge.net>

tcllib                               1.2.1                           aes(3tcl)

Man(1) output converted with man2html
list of all man pages