1aes(n)                Advanced Encryption Standard (AES)                aes(n)
2
3
4
5______________________________________________________________________________
6

NAME

8       aes - Implementation of the AES block cipher
9

SYNOPSIS

11       package require Tcl  8.2
12
13       package require aes  ?1.0?
14
15       ::aes::aes ?-mode [ecb|cbc]? ?-dir [encrypt|decrypt]? -key keydata ?-iv
16       vector? ?-hex? ?-out channel? ?-chunksize size? [ -in channel | data ]
17
18       ::aes::Init mode keydata iv
19
20       ::aes::Encrypt Key data
21
22       ::aes::Decrypt Key data
23
24       ::aes::Reset Key iv
25
26       ::aes::Final Key
27
28_________________________________________________________________
29

DESCRIPTION

31       This is an implementation in Tcl of the  Advanced  Encryption  Standard
32       (AES)  as  published  by  the  U.S. National Institute of Standards and
33       Technology [1]. AES is a 128-bit block cipher with a variable key  size
34       of  128,  192  or  256  bits.  This implementation supports ECB and CBC
35       modes.
36

COMMANDS

38       ::aes::aes ?-mode [ecb|cbc]? ?-dir [encrypt|decrypt]? -key keydata ?-iv
39       vector? ?-hex? ?-out channel? ?-chunksize size? [ -in channel | data ]
40              Perform  the  aes  algorithm  on either the data provided by the
41              argument or on the data read from the -in channel.  If  an  -out
42              channel  is  given then the result will be written to this chan‐
43              nel.
44
45              The -key option must be given. This  parameter  takes  a  binary
46              string  of  either  16,  24 or 32 bytes in length and is used to
47              generate the key schedule.
48
49              The -mode and -dir options are optional and default to cbc  mode
50              and  encrypt respectively. The initialization vector -iv takes a
51              16 byte binary argument which defaults to all zeros.  See  MODES
52              OF OPERATION for more about available modes and their uses.
53
54              AES  is a 128-bit block cipher. This means that the data must be
55              provided in units that are a multiple of 16 bytes.
56

PROGRAMMING INTERFACE

58       Internal state is maintained in an opaque structure  that  is  returned
59       from  the  Init  function. In ECB mode the state is not affected by the
60       input but for CBC mode some input dependent state is maintained and may
61       be reset by calling the Reset function with a new initialization vector
62       value.
63
64       ::aes::Init mode keydata iv
65              Construct a new AES key schedule using the  specified  key  data
66              and  the  given initialization vector. The initialization vector
67              is not used with ECB mode but is important for  CBC  mode.   See
68              MODES OF OPERATION for details about cipher modes.
69
70       ::aes::Encrypt Key data
71              Use  a prepared key acquired by calling Init to encrypt the pro‐
72              vided data. The data argument should be a binary array that is a
73              multiple  of  the  AES  block  size of 16 bytes. The result is a
74              binary array the same size as the input of encrypted data.
75
76       ::aes::Decrypt Key data
77              Decipher data using the key. Note that the same key may be  used
78              to  encrypt  and  decrypt  data provided that the initialization
79              vector is reset appropriately for CBC mode.
80
81       ::aes::Reset Key iv
82              Reset the initialization vector. This permits the programmer  to
83              re-use  a key and avoid the cost of re-generating the key sched‐
84              ule where the same key data is being used multiple times.
85
86       ::aes::Final Key
87              This should be called to clean up resources associated with Key.
88              Once  this  function  has  been  called  the key may not be used
89              again.
90

MODES OF OPERATION

92       Electronic Code Book (ECB)
93              ECB is the basic mode  of  all  block  ciphers.  Each  block  is
94              encrypted independently and so identical plain text will produce
95              identical output when encrypted with the same key.  Any  encryp‐
96              tion errors will only affect a single block however this is vul‐
97              nerable to known plaintext attacks.
98
99       Cipher Block Chaining (CBC)
100              CBC mode uses the output of the last block encryption to  affect
101              the  current block. An initialization vector of the same size as
102              the cipher block size is used to handle  the  first  block.  The
103              initialization  vector should be chosen randomly and transmitted
104              as the first block of the output. Errors  in  encryption  affect
105              the current block and the next block after which the cipher will
106              correct itself. CBC is the most commonly used mode  in  software
107              encryption.
108

EXAMPLES

110       % set nil_block [string repeat \\0 16]
111       % aes::aes -hex -mode cbc -dir encrypt -key $nil_block $nil_block
112       66e94bd4ef8a2c3b884cfa59ca342b2e
113
114
115       set Key [aes::Init cbc $sixteen_bytes_key_data $sixteen_byte_iv]
116       append ciphertext [aes::Encrypt $Key $plaintext]
117       append ciphertext [aes::Encrypt $Key $additional_plaintext]
118       aes::Final $Key
119
120

REFERENCES

122       [1]    "Advanced  Encryption  Standard", Federal Information Processing
123              Standards Publication 197,  2001  (http://csrc.nist.gov/publica‐
124              tions/fips/fips197/fips-197.pdf)
125

AUTHORS

127       Thorsten Schloermann, Pat Thoyts
128

SEE ALSO

130       blowfish(n), des(n), md5(n), sha1(n)
131

KEYWORDS

133       aes, block cipher, data integrity, encryption, security
134

COPYRIGHT

136       Copyright (c) 2005, Pat Thoyts <patthoyts@users.sourceforge.net>
137
138
139
140
141aes                                   1.0                               aes(n)