AES(2)                                                     AES(2)

     NAME
          aes_encrypt, aes_decrypt, setupAESstate, aesCBCencrypt,
          aesCBCdecrypt, aesCTRencrypt, aesCTRdecrypt,
          setupAESXCBCstate, aesXCBCmac - advanced encryption standard
          (rijndael)

     SYNOPSIS
          #include <u.h>
          #include <libc.h>
          #include <mp.h>
          #include <libsec.h>

          void aes_encrypt(ulong rk[], int Nr, uchar pt[16], uchar
               ct[16]);

          void aes_decrypt(ulong rk[], int Nr, uchar ct[16], uchar
          pt[16]);

          void setupAESstate(AESstate *s, uchar key[], int keybytes,
          uchar *ivec)

          void aesCBCencrypt(uchar *p, int len, AESstate *s)

          void aesCBCdecrypt(uchar *p, int len, AESstate *s)

          void aesCTRencrypt(uchar *p, int len, AESstate *s)

          void aesCTRdecrypt(uchar *p, int len, AESstate *s)

          void setupAESXCBCstate(AESstate *s)

          void aesXCBCmac(uchar *p, int len, AESstate *s)

     DESCRIPTION
          AES (a.k.a. Rijndael) has replaced DES as the preferred
          block cipher.  Aes_encrypt and aes_decrypt are the block
          ciphers, corresponding to des(2)'s block_cipher.
          SetupAESstate, aesCBCencrypt, and aesCBCdecrypt implement
          cipher-block-chaining encryption.  AesCTRencrypt and
          aesCTRdecrypt implement counter mode, per RFC 3686; they are
          identical operations.  setupAESXCBCstate and aesXCBCmac
          implement AES XCBC message authentication, per RFC 3566.
          All ciphering is performed in place.  Keybytes should be 16,
          24, or 32.  The initialization vector ivec of AESbsize bytes
          should be random enough to be unlikely to be reused but does
          not need to be cryptographically strongly unpredictable.

     SOURCE
          /sys/src/libsec

     Page 1                       Plan 9            (printed 12/22/24)

     AES(2)                                                     AES(2)

     SEE ALSO
          aescbc in secstore(1), mp(2), blowfish(2), des(2), dsa(2),
          elgamal(2), rc4(2), rsa(2), sechash(2), prime(2), rand(2)
          http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

     BUGS
          The functions aes_encrypt, aes_decrypt, aesCTRencrypt,
          aesCTRdecrypt, setupAESXCBCstate, and aesXCBCmac have not
          yet been verified by running test vectors through them.

     Page 2                       Plan 9            (printed 12/22/24)