libwebsockets
Lightweight C library for HTML5 websockets
AES

Data Structures

struct  lws_genaes_ctx
 

Macros

#define LWS_AES_BLOCKSIZE   128
 
#define LWS_AES_CBC_BLOCKLEN   16
 

Enumerations

enum  enum_aes_modes {
  LWS_GAESM_CBC , LWS_GAESM_CFB128 , LWS_GAESM_CFB8 , LWS_GAESM_CTR ,
  LWS_GAESM_ECB , LWS_GAESM_OFB , LWS_GAESM_XTS , LWS_GAESM_GCM ,
  LWS_GAESM_KW
}
 
enum  enum_aes_operation { LWS_GAESO_ENC , LWS_GAESO_DEC }
 
enum  enum_aes_padding { LWS_GAESP_NO_PADDING , LWS_GAESP_WITH_PADDING }
 

Functions

LWS_VISIBLE LWS_EXTERN int lws_genaes_create (struct lws_genaes_ctx *ctx, enum enum_aes_operation op, enum enum_aes_modes mode, struct lws_gencrypto_keyelem *el, enum enum_aes_padding padding, void *engine)
 
LWS_VISIBLE LWS_EXTERN int lws_genaes_destroy (struct lws_genaes_ctx *ctx, unsigned char *tag, size_t tlen)
 
LWS_VISIBLE LWS_EXTERN int lws_genaes_crypt (struct lws_genaes_ctx *ctx, const uint8_t *in, size_t len, uint8_t *out, uint8_t *iv_or_nonce_ctr_or_data_unit_16, uint8_t *stream_block_16, size_t *nc_or_iv_off, int taglen)
 

Detailed Description

Generic AES related functions

Lws provides generic AES functions that abstract the ones provided by whatever tls library you are linking against.

It lets you use the same code if you build against mbedtls or OpenSSL for example.


Data Structure Documentation

◆ lws_genaes_ctx

struct lws_genaes_ctx

Definition at line 68 of file lws-genaes.h.

+ Collaboration diagram for lws_genaes_ctx:
Data Fields
EVP_CIPHER_CTX * ctx
const EVP_CIPHER * cipher
ENGINE * engine
char init
unsigned char tag[16]
struct lws_gencrypto_keyelem * k
enum enum_aes_operation op
enum enum_aes_modes mode
enum enum_aes_padding padding
int taglen
char underway

Macro Definition Documentation

◆ LWS_AES_BLOCKSIZE

#define LWS_AES_BLOCKSIZE   128

#include <include/libwebsockets/lws-genaes.h>

Definition at line 65 of file lws-genaes.h.

◆ LWS_AES_CBC_BLOCKLEN

#define LWS_AES_CBC_BLOCKLEN   16

#include <include/libwebsockets/lws-genaes.h>

Definition at line 66 of file lws-genaes.h.

Enumeration Type Documentation

◆ enum_aes_modes

#include <include/libwebsockets/lws-genaes.h>

Enumerator
LWS_GAESM_CBC 
LWS_GAESM_CFB128 
LWS_GAESM_CFB8 
LWS_GAESM_CTR 
LWS_GAESM_ECB 
LWS_GAESM_OFB 
LWS_GAESM_XTS 
LWS_GAESM_GCM 
LWS_GAESM_KW 

Definition at line 41 of file lws-genaes.h.

41  {
48  LWS_GAESM_XTS, /* care... requires double-length key */
51 };
@ LWS_GAESM_CFB128
Definition: lws-genaes.h:43
@ LWS_GAESM_CBC
Definition: lws-genaes.h:42
@ LWS_GAESM_OFB
Definition: lws-genaes.h:47
@ LWS_GAESM_KW
Definition: lws-genaes.h:50
@ LWS_GAESM_CFB8
Definition: lws-genaes.h:44
@ LWS_GAESM_ECB
Definition: lws-genaes.h:46
@ LWS_GAESM_GCM
Definition: lws-genaes.h:49
@ LWS_GAESM_XTS
Definition: lws-genaes.h:48
@ LWS_GAESM_CTR
Definition: lws-genaes.h:45

◆ enum_aes_operation

#include <include/libwebsockets/lws-genaes.h>

Enumerator
LWS_GAESO_ENC 
LWS_GAESO_DEC 

Definition at line 53 of file lws-genaes.h.

53  {
56 };
@ LWS_GAESO_DEC
Definition: lws-genaes.h:55
@ LWS_GAESO_ENC
Definition: lws-genaes.h:54

◆ enum_aes_padding

#include <include/libwebsockets/lws-genaes.h>

Enumerator
LWS_GAESP_NO_PADDING 
LWS_GAESP_WITH_PADDING 

Definition at line 58 of file lws-genaes.h.

58  {
61 };
@ LWS_GAESP_NO_PADDING
Definition: lws-genaes.h:59
@ LWS_GAESP_WITH_PADDING
Definition: lws-genaes.h:60

Function Documentation

◆ lws_genaes_create()

LWS_VISIBLE LWS_EXTERN int lws_genaes_create ( struct lws_genaes_ctx ctx,
enum enum_aes_operation  op,
enum enum_aes_modes  mode,
struct lws_gencrypto_keyelem el,
enum enum_aes_padding  padding,
void *  engine 
)

#include <include/libwebsockets/lws-genaes.h>

lws_genaes_create() - Create genaes AES context

Parameters
ctxyour struct lws_genaes_ctx
opLWS_GAESO_ENC or LWS_GAESO_DEC
modeone of LWS_GAESM_
elstruct prepared with key element data
padding0 = no padding, 1 = padding
engineif openssl engine used, pass the pointer here

Creates an AES context with a key associated with it, formed from the key elements in el.

Returns 0 for OK or nonzero for error.

This and related APIs operate identically with OpenSSL or mbedTLS backends.

◆ lws_genaes_destroy()

LWS_VISIBLE LWS_EXTERN int lws_genaes_destroy ( struct lws_genaes_ctx ctx,
unsigned char *  tag,
size_t  tlen 
)

#include <include/libwebsockets/lws-genaes.h>

lws_genaes_destroy() - Destroy genaes AES context

Parameters
ctxyour struct lws_genaes_ctx
tagNULL, or, GCM-only: buffer to receive tag
tlen0, or, GCM-only: length of tag buffer

Destroys any allocations related to ctx.

For GCM only, up to tlen bytes of tag buffer will be set on exit.

This and related APIs operate identically with OpenSSL or mbedTLS backends.

◆ lws_genaes_crypt()

LWS_VISIBLE LWS_EXTERN int lws_genaes_crypt ( struct lws_genaes_ctx ctx,
const uint8_t in,
size_t  len,
uint8_t out,
uint8_t iv_or_nonce_ctr_or_data_unit_16,
uint8_t stream_block_16,
size_t *  nc_or_iv_off,
int  taglen 
)

#include <include/libwebsockets/lws-genaes.h>

lws_genaes_crypt() - Encrypt or decrypt

Parameters
ctxyour struct lws_genaes_ctx
ininput plaintext or ciphertext
lenlength of input (which is always length of output)
outoutput plaintext or ciphertext
iv_or_nonce_ctr_or_data_unit_16NULL, iv, nonce_ctr16, or data_unit16
stream_block_16pointer to 16-byte stream block for CTR mode only
nc_or_iv_offNULL or pointer to nc, or iv_off
taglenlength of tag

Encrypts or decrypts using the AES mode set when the ctx was created. The last three arguments have different meanings depending on the mode:

                          KW   CBC  CFB128 CFB8 CTR    ECB  OFB    XTS

iv_or_nonce_ct.._unit_16 : iv iv iv iv nonce NULL iv dataunt stream_block_16 : NULL NULL NULL NULL stream NULL NULL NULL nc_or_iv_off : NULL NULL iv_off NULL nc_off NULL iv_off NULL

For GCM:

iv_or_nonce_ctr_or_data_unit_16 : iv stream_block_16 : pointer to tag nc_or_iv_off : set pointed-to size_t to iv length in : first call: additional data, subsequently : input data len : first call: add data length, subsequently : input / output length

The length of the optional arg is always 16 if used, regardless of the mode.

Returns 0 for OK or nonzero for error.

This and related APIs operate identically with OpenSSL or mbedTLS backends.