libwebsockets
Lightweight C library for HTML5 websockets
AES

Data Structures

struct  lws_genaes_ctx
 

Macros

#define LWS_AES_BLOCKSIZE   128
 

Enumerations

enum  enum_aes_modes {
  LWS_GAESM_CBC, LWS_GAESM_CFB128, LWS_GAESM_CFB8, LWS_GAESM_CTR,
  LWS_GAESM_ECB, LWS_GAESM_OFB, LWS_GAESM_XTS, LWS_GAESM_GCM,
  LWS_GAESM_KW
}
 
enum  enum_aes_operation { LWS_GAESO_ENC, LWS_GAESO_DEC }
 
enum  enum_aes_padding { LWS_GAESP_NO_PADDING, LWS_GAESP_WITH_PADDING }
 

Functions

LWS_VISIBLE LWS_EXTERN int lws_genaes_create (struct lws_genaes_ctx *ctx, enum enum_aes_operation op, enum enum_aes_modes mode, struct lws_gencrypto_keyelem *el, enum enum_aes_padding padding, void *engine)
 
LWS_VISIBLE LWS_EXTERN int lws_genaes_destroy (struct lws_genaes_ctx *ctx, unsigned char *tag, size_t tlen)
 
LWS_VISIBLE LWS_EXTERN int lws_genaes_crypt (struct lws_genaes_ctx *ctx, const uint8_t *in, size_t len, uint8_t *out, uint8_t *iv_or_nonce_ctr_or_data_unit_16, uint8_t *stream_block_16, size_t *nc_or_iv_off, int taglen)
 

Detailed Description

Generic AES related functions

Lws provides generic AES functions that abstract the ones provided by whatever tls library you are linking against.

It lets you use the same code if you build against mbedtls or OpenSSL for example.

Function Documentation

◆ lws_genaes_create()

LWS_VISIBLE LWS_EXTERN int lws_genaes_create ( struct lws_genaes_ctx ctx,
enum enum_aes_operation  op,
enum enum_aes_modes  mode,
struct lws_gencrypto_keyelem el,
enum enum_aes_padding  padding,
void *  engine 
)

#include <include/libwebsockets/lws-genaes.h>

lws_genaes_create() - Create RSA public decrypt context

Parameters
ctxyour struct lws_genaes_ctx
opLWS_GAESO_ENC or LWS_GAESO_DEC
modeone of LWS_GAESM_
elstruct prepared with key element data
padding0 = no padding, 1 = padding
engineif openssl engine used, pass the pointer here

Creates an RSA context with a public key associated with it, formed from the key elements in el.

Returns 0 for OK or nonzero for error.

This and related APIs operate identically with OpenSSL or mbedTLS backends.

◆ lws_genaes_crypt()

LWS_VISIBLE LWS_EXTERN int lws_genaes_crypt ( struct lws_genaes_ctx ctx,
const uint8_t *  in,
size_t  len,
uint8_t *  out,
uint8_t *  iv_or_nonce_ctr_or_data_unit_16,
uint8_t *  stream_block_16,
size_t *  nc_or_iv_off,
int  taglen 
)

#include <include/libwebsockets/lws-genaes.h>

lws_genaes_crypt() - Encrypt or decrypt

Parameters
ctxyour struct lws_genaes_ctx
ininput plaintext or ciphertext
lenlength of input (which is always length of output)
outoutput plaintext or ciphertext
iv_or_nonce_ctr_or_data_unit_16NULL, iv, nonce_ctr16, or data_unit16
stream_block_16pointer to 16-byte stream block for CTR mode only
nc_or_iv_offNULL or pointer to nc, or iv_off
taglenlength of tag

Encrypts or decrypts using the AES mode set when the ctx was created. The last three arguments have different meanings depending on the mode:

                          KW   CBC  CFB128 CFB8 CTR    ECB  OFB    XTS

iv_or_nonce_ct.._unit_16 : iv iv iv iv nonce NULL iv dataunt stream_block_16 : NULL NULL NULL NULL stream NULL NULL NULL nc_or_iv_off : NULL NULL iv_off NULL nc_off NULL iv_off NULL

For GCM:

iv_or_nonce_ctr_or_data_unit_16 : iv stream_block_16 : pointer to tag nc_or_iv_off : set pointed-to size_t to iv length in : first call: additional data, subsequently : input data len : first call: add data length, subsequently : input / output length

The length of the optional arg is always 16 if used, regardless of the mode.

Returns 0 for OK or nonzero for error.

This and related APIs operate identically with OpenSSL or mbedTLS backends.

◆ lws_genaes_destroy()

LWS_VISIBLE LWS_EXTERN int lws_genaes_destroy ( struct lws_genaes_ctx ctx,
unsigned char *  tag,
size_t  tlen 
)

#include <include/libwebsockets/lws-genaes.h>

lws_genaes_destroy() - Destroy genaes AES context

Parameters
ctxyour struct lws_genaes_ctx
tagNULL, or, GCM-only: buffer to receive tag
tlen0, or, GCM-only: length of tag buffer

Destroys any allocations related to ctx.

For GCM only, up to tlen bytes of tag buffer will be set on exit.

This and related APIs operate identically with OpenSSL or mbedTLS backends.