AES Utilities

Includes:
"Common.h"
"Debug.h"
"SecurityUtils.h"
"gcm.h"
<CommonCrypto/CommonCryptor.h>
"aes.h"
<openssl/aes.h>

Introduction

This header contains function prototypes called by the WAC engine. These functions abstract the interaction with AES libraries.



Groups

AES 128-bit ECB API

API to encrypt or decrypt using AES-128 in ECB mode.

Discussion

Call AES_ECB_Init to initialize the context. Don't use the context until it has been initialized. Call AES_ECB_Update to encrypt or decrypt N bytes of input and generate N bytes of output. Call AES_ECB_Final to finalize the context. After finalizing, you must call AES_ECB_Init to use it again.

 

AES 128-bit Counter Mode API

API to encrypt or decrypt using AES-128 in counter mode.

Discussion

Call AES_CTR_Init to initialize the context. Don't use the context until it has been initialized. Call AES_CTR_Update to encrypt or decrypt N bytes of input and generate N bytes of output. Call AES_CTR_Final to finalize the context. After finalizing, you must call AES_CTR_Init to use it again.

 

AES_GCM 128-bit API

API to perform authenticated encryption and decryption using AES-128 in GCM mode.

Discussion

Call AES_GCM_Init to initialize the context. Don't use the context until it has been initialized. Call AES_GCM_Final to finalize the context. After finalizing, you must call AES_GCM_Init to use it again.

The general flow for sending a message:

AES_GCM_InitMessage (provide per-message nonce or use kAES_CGM_Nonce_Auto to increment the nonce from AES_GCM_Init). AES_GCM_AddAAD (may repeat as many times as necessary to add each chunk of AAD). AES_GCM_Encrypt (may repeat as many times as necessary to add each chunk of data to encrypt). AES_GCM_FinalizeMessage (outputs a auth tag to send along with the message so it can be verified by the receiver).

The general flow for receiving a message:

AES_GCM_InitMessage (provide per-message nonce or use kAES_CGM_Nonce_Auto to increment the nonce from AES_GCM_Init). AES_GCM_AddAAD (may repeat as many times as necessary to add each chunk of AAD). AES_GCM_Decrypt (may repeat as many times as necessary to add each chunk of data to encrypt). AES_GCM_VerifyMessage (if this fails, reject the message).

See <http://en.wikipedia.org/wiki/Galois/Counter_Mode> for more information.

 

AES 128-bit CBC Frame Mode API

API to encrypt or decrypt using AES-128 in CBC frame mode.

Discussion

Call AES_CBCFrame_Init to initialize the context. Don't use the context until it has been initialized. Call AES_CBCFrame_Update to encrypt or decrypt N bytes of input and generate N bytes of output. Call AES_CBCFrame_Final to finalize the context. After finalizing, you must call AES_CBCFrame_Init to use it again.