1[comment {-*- tcl -*- doctools manpage}] 2[manpage_begin aes n 1.0.2] 3[copyright {2005, Pat Thoyts <patthoyts@users.sourceforge.net>}] 4[moddesc {Advanced Encryption Standard (AES)}] 5[titledesc {Implementation of the AES block cipher}] 6[category {Hashes, checksums, and encryption}] 7[require Tcl 8.2] 8[require aes [opt 1.0.2]] 9[description] 10[para] 11 12This is an implementation in Tcl of the Advanced Encryption Standard 13(AES) as published by the U.S. National Institute of Standards and 14Technology [lb]1[rb]. AES is a 128-bit block cipher with a variable 15key size of 128, 192 or 256 bits. This implementation supports ECB and 16CBC modes. 17 18[section {COMMANDS}] 19 20[list_begin definitions] 21 22[call [cmd "::aes::aes"] \ 23 [opt [arg "-mode [lb]ecb|cbc[rb]"]] \ 24 [opt [arg "-dir [lb]encrypt|decrypt[rb]"]] \ 25 [arg "-key keydata"] \ 26 [opt [arg "-iv vector"]] \ 27 [opt [arg "-hex"]] \ 28 [opt [arg "-out channel"]] \ 29 [opt [arg "-chunksize size"]] \ 30 [lb] [arg "-in channel"] | \ 31 [arg "data"] [rb]] 32 33Perform the [package aes] algorithm on either the data provided 34by the argument or on the data read from the [arg "-in"] channel. If 35an [arg "-out"] channel is given then the result will be written to 36this channel. 37 38[para] 39 40The [arg -key] option must be given. This parameter takes a binary 41string of either 16, 24 or 32 bytes in length and is used to generate the 42key schedule. 43 44[para] 45 46The [arg -mode] and [arg -dir] options are optional and default to cbc 47mode and encrypt respectively. The initialization vector [arg -iv] 48takes a 16 byte binary argument which defaults to all zeros. 49See [sectref "MODES OF OPERATION"] for more about available modes and 50their uses. 51 52[para] 53 54AES is a 128-bit block cipher. This means that the data must be 55provided in units that are a multiple of 16 bytes. 56 57[list_end] 58 59[section "PROGRAMMING INTERFACE"] 60 61Internal state is maintained in an opaque structure that is returned 62from the [cmd Init] function. In ECB mode the state is not affected by 63the input but for CBC mode some input dependent state is maintained 64and may be reset by calling the [cmd Reset] function with a new 65initialization vector value. 66 67[list_begin definitions] 68 69[call [cmd "::aes::Init"] [arg "mode"] [arg "keydata"] [arg "iv"]] 70 71Construct a new AES key schedule using the specified key data and the 72given initialization vector. The initialization vector is not used 73with ECB mode but is important for CBC mode. 74See [sectref "MODES OF OPERATION"] for details about cipher modes. 75 76[call [cmd "::aes::Encrypt"] [arg "Key"] [arg "data"]] 77 78Use a prepared key acquired by calling [cmd Init] to encrypt the 79provided data. The data argument should be a binary array that is a 80multiple of the AES block size of 16 bytes. The result is a binary 81array the same size as the input of encrypted data. 82 83[call [cmd "::aes::Decrypt"] [arg "Key"] [arg "data"]] 84 85Decipher data using the key. Note that the same key may be used to 86encrypt and decrypt data provided that the initialization vector is 87reset appropriately for CBC mode. 88 89[call [cmd "::aes::Reset"] [arg "Key"] [arg "iv"]] 90 91Reset the initialization vector. This permits the programmer to re-use 92a key and avoid the cost of re-generating the key schedule where the 93same key data is being used multiple times. 94 95[call [cmd "::aes::Final"] [arg "Key"]] 96 97This should be called to clean up resources associated with [arg Key]. 98Once this function has been called the key may not be used again. 99 100[list_end] 101 102[section "MODES OF OPERATION"] 103 104[list_begin definitions] 105 106[def "Electronic Code Book (ECB)"] 107ECB is the basic mode of all block ciphers. Each block is encrypted 108independently and so identical plain text will produce identical 109output when encrypted with the same key. Any encryption errors will 110only affect a single block however this is vulnerable to known 111plaintext attacks. 112 113[def "Cipher Block Chaining (CBC)"] 114 115CBC mode uses the output of the last block encryption to affect the 116current block. An initialization vector of the same size as the cipher 117block size is used to handle the first block. The initialization 118vector should be chosen randomly and transmitted as the first block of 119the output. Errors in encryption affect the current block and the next 120block after which the cipher will correct itself. CBC is the most 121commonly used mode in software encryption. This is the default mode 122of operation for this module. 123 124[list_end] 125 126[section "EXAMPLES"] 127 128[example { 129% set nil_block [string repeat \\0 16] 130% aes::aes -hex -mode cbc -dir encrypt -key $nil_block $nil_block 13166e94bd4ef8a2c3b884cfa59ca342b2e 132}] 133 134[example { 135set Key [aes::Init cbc $sixteen_bytes_key_data $sixteen_byte_iv] 136append ciphertext [aes::Encrypt $Key $plaintext] 137append ciphertext [aes::Encrypt $Key $additional_plaintext] 138aes::Final $Key 139}] 140 141[section "REFERENCES"] 142 143[list_begin enumerated] 144 145[enum] 146 "Advanced Encryption Standard", 147 Federal Information Processing Standards Publication 197, 2001 148 ([uri http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf]) 149 150[list_end] 151 152[see_also des(n) md5(n) sha1(n) blowfish(n)] 153 154[section AUTHORS] 155Thorsten Schloermann, Pat Thoyts 156 157[section {BUGS, IDEAS, FEEDBACK}] 158 159This document, and the package it describes, will undoubtedly contain 160bugs and other problems. 161 162Please report such in the category [emph aes] of the 163[uri {http://sourceforge.net/tracker/?group_id=12883} {Tcllib SF Trackers}]. 164 165Please also report any ideas for enhancements you may have for either 166package and/or documentation. 167 168 169[keywords aes {block cipher} security encryption {data integrity}] 170[manpage_end] 171