Module openssl::aes

source · []
Expand description

Low level AES IGE and key wrapping functionality

AES ECB, CBC, XTS, CTR, CFB, GCM and other conventional symmetric encryption modes are found in symm. This is the implementation of AES IGE and key wrapping

Advanced Encryption Standard (AES) provides symmetric key cipher that the same key is used to encrypt and decrypt data. This implementation uses 128, 192, or 256 bit keys. This module provides functions to create a new key with new_encrypt and perform an encryption/decryption using that key with aes_ige.

The symm module should be used in preference to this module in most cases. The IGE block cypher is a non-traditional cipher mode. More traditional AES encryption methods are found in the Crypter and Cipher structs.



use openssl::aes::{AesKey, aes_ige};
use openssl::symm::Mode;

let key = b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
let plaintext = b"\x12\x34\x56\x78\x90\x12\x34\x56\x12\x34\x56\x78\x90\x12\x34\x56";
let mut iv = *b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\

 let key = AesKey::new_encrypt(key).unwrap();
 let mut output = [0u8; 16];
 aes_ige(plaintext, &mut output, &key, &mut iv, Mode::Encrypt);
 assert_eq!(output, *b"\xa6\xad\x97\x4d\x5c\xea\x1d\x36\xd2\xf3\x67\x98\x09\x07\xed\x32");

Key wrapping

use openssl::aes::{AesKey, unwrap_key, wrap_key};

let kek = b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
let key_to_wrap = b"\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF";

let enc_key = AesKey::new_encrypt(kek).unwrap();
let mut ciphertext = [0u8; 24];
wrap_key(&enc_key, None, &mut ciphertext, &key_to_wrap[..]).unwrap();
let dec_key = AesKey::new_decrypt(kek).unwrap();
let mut orig_key = [0u8; 16];
unwrap_key(&dec_key, None, &mut orig_key, &ciphertext[..]).unwrap();

assert_eq!(&orig_key[..], &key_to_wrap[..]);


The key used to encrypt or decrypt cipher blocks.

Provides Error handling for parsing keys.


Performs AES IGE encryption or decryption

Unwrap a key, according to RFC 3394

Wrap a key, according to RFC 3394