Package: crypto/internal/fips140/aes

package aes Import Path crypto/internal/fips140/aes (on go.dev) Dependency Relation imports 12 packages, and imported by 5 packages Involved Source Files aes.go aes_asm.go aes_generic.go cast.go cbc.go cbc_noasm.go const.go ctr.go ctr_asm.go aes_amd64.s ctr_amd64.s Package-Level Type Names (total 7, in which 5 are exported) /* sort exporteds by: alphabet | popularity */ type Block (struct) A Block is an instance of AES using a particular key. It is safe for concurrent use. Fields (total 5, none are exported) /* 5 unexporteds ... *//* 5 unexporteds: */ block block block.blockExpanded blockExpanded block.blockExpanded.dec [60]uint32 block.blockExpanded.enc [60]uint32 Round keys, where only the first (rounds + 1) × (128 ÷ 32) words are used. block.blockExpanded.rounds int Methods (total 4, in which 3 are exported) (*Block) BlockSize() int (*Block) Decrypt(dst, src []byte) (*Block) Encrypt(dst, src []byte) /* one unexported ... *//* one unexported: */ (*Block) roundKeysSize() int roundKeysSize returns the number of uint32 of c.end or c.dec that are used. Implements (at least one exported) *Block : crypto/cipher.Block As Outputs Of (at least 3, in which 1 is exported) func New(key []byte) (*Block, error) /* 2+ unexporteds ... *//* 2+ unexporteds: */ func newBlock(c *Block, key []byte) *Block func newOutlined(b *Block, key []byte) (*Block, error) As Inputs Of (at least 28, in which 12 are exported) func EncryptBlockInternal(c *Block, dst, src []byte) func EncryptionKeySchedule(c *Block) []uint32 func NewCBCDecrypter(b *Block, iv [16]byte) *CBCDecrypter func NewCBCEncrypter(b *Block, iv [16]byte) *CBCEncrypter func NewCTR(b *Block, iv []byte) *CTR func crypto/internal/fips140/aes/gcm.New(cipher *Block, nonceSize, tagSize int) (*gcm.GCM, error) func crypto/internal/fips140/aes/gcm.NewCMAC(b *Block) *gcm.CMAC func crypto/internal/fips140/aes/gcm.NewCounterKDF(b *Block) *gcm.CounterKDF func crypto/internal/fips140/aes/gcm.NewGCMForSSH(cipher *Block) (*gcm.GCMForSSH, error) func crypto/internal/fips140/aes/gcm.NewGCMForTLS12(cipher *Block) (*gcm.GCMForTLS12, error) func crypto/internal/fips140/aes/gcm.NewGCMForTLS13(cipher *Block) (*gcm.GCMForTLS13, error) func crypto/internal/fips140/aes/gcm.NewGCMWithCounterNonce(cipher *Block) (*gcm.GCMWithCounterNonce, error) /* 16+ unexporteds ... *//* 16+ unexporteds: */ func cryptBlocksDec(b *Block, civ *[16]byte, dst, src []byte) func cryptBlocksDecGeneric(b *Block, civ *[16]byte, dst, src []byte) func cryptBlocksEnc(b *Block, civ *[16]byte, dst, src []byte) func cryptBlocksEncGeneric(b *Block, civ *[16]byte, dst, src []byte) func ctrBlocks(b *Block, dst, src []byte, ivlo, ivhi uint64) func ctrBlocks1(b *Block, dst, src *[16]byte, ivlo, ivhi uint64) func ctrBlocks2(b *Block, dst, src *[32]byte, ivlo, ivhi uint64) func ctrBlocks4(b *Block, dst, src *[64]byte, ivlo, ivhi uint64) func ctrBlocks8(b *Block, dst, src *[128]byte, ivlo, ivhi uint64) func decryptBlock(c *Block, dst, src []byte) func encryptBlock(c *Block, dst, src []byte) func newBlock(c *Block, key []byte) *Block func newCTR(b *Block, iv []byte) CTR func newOutlined(b *Block, key []byte) (*Block, error) func crypto/internal/fips140/aes/gcm.gcmCounterCryptGeneric(b *Block, out, src []byte, counter *[16]byte) func crypto/internal/fips140/aes/gcm.newGCM(g *gcm.GCM, cipher *Block, nonceSize, tagSize int) (*gcm.GCM, error) type CBCDecrypter (struct) Fields (total 2, neither is exported) /* 2 unexporteds ... *//* 2 unexporteds: */ b Block iv [16]byte Methods (total 3, all are exported) (*CBCDecrypter) BlockSize() int (*CBCDecrypter) CryptBlocks(dst, src []byte) (*CBCDecrypter) SetIV(iv []byte) Implements (at least 2, in which 1 is exported) *CBCDecrypter : crypto/cipher.BlockMode /* at least one unexported ... *//* at least one unexported: */ *CBCDecrypter : crypto/tls.cbcMode As Outputs Of (at least one exported) func NewCBCDecrypter(b *Block, iv [16]byte) *CBCDecrypter type CBCEncrypter (struct) Fields (total 2, neither is exported) /* 2 unexporteds ... *//* 2 unexporteds: */ b Block iv [16]byte Methods (total 3, all are exported) (*CBCEncrypter) BlockSize() int (*CBCEncrypter) CryptBlocks(dst, src []byte) (*CBCEncrypter) SetIV(iv []byte) Implements (at least 2, in which 1 is exported) *CBCEncrypter : crypto/cipher.BlockMode /* at least one unexported ... *//* at least one unexported: */ *CBCEncrypter : crypto/tls.cbcMode As Outputs Of (at least one exported) func NewCBCEncrypter(b *Block, iv [16]byte) *CBCEncrypter type CTR (struct) Fields (total 4, none are exported) /* 4 unexporteds ... *//* 4 unexporteds: */ b Block ivhi uint64 // start counter as 64-bit limbs ivlo uint64 // start counter as 64-bit limbs offset uint64 // for XORKeyStream only Methods (total 2, both are exported) (*CTR) XORKeyStream(dst, src []byte) (*CTR) XORKeyStreamAt(dst, src []byte, offset uint64) XORKeyStreamAt behaves like XORKeyStream but keeps no state, and instead seeks into the keystream by the given bytes offset from the start (ignoring any XORKetStream calls). This allows for random access into the keystream, up to 16 EiB from the start. Implements (at least one exported) *CTR : crypto/cipher.Stream As Outputs Of (at least 2, in which 1 is exported) func NewCTR(b *Block, iv []byte) *CTR /* at least one unexported ... *//* at least one unexported: */ func newCTR(b *Block, iv []byte) CTR As Inputs Of (at least one exported) func RoundToBlock(c *CTR) type KeySizeError int (basic type) Methods (only one, which is exported) ( KeySizeError) Error() string Implements (at least one exported) KeySizeError : error /* 2 unexporteds ... *//* 2 unexporteds: */ type block (struct) Fields (total 4, none are exported) /* 4 unexporteds ... *//* 4 unexporteds: */ blockExpanded blockExpanded blockExpanded.dec [60]uint32 blockExpanded.enc [60]uint32 Round keys, where only the first (rounds + 1) × (128 ÷ 32) words are used. blockExpanded.rounds int Methods (only one, which is unexported) /* one unexported ... *//* one unexported: */ (*block) roundKeysSize() int roundKeysSize returns the number of uint32 of c.end or c.dec that are used. type blockExpanded (struct) blockExpanded is the block type used for all architectures except s390x, which feeds the raw key directly to its instructions. Fields (total 3, none are exported) /* 3 unexporteds ... *//* 3 unexporteds: */ dec [60]uint32 enc [60]uint32 Round keys, where only the first (rounds + 1) × (128 ÷ 32) words are used. rounds int Methods (only one, which is unexported) /* one unexported ... *//* one unexported: */ (*blockExpanded) roundKeysSize() int roundKeysSize returns the number of uint32 of c.end or c.dec that are used. As Inputs Of (at least 4, none are exported) /* 4+ unexporteds ... *//* 4+ unexporteds: */ func decryptBlockGeneric(c *blockExpanded, dst, src []byte) func encryptBlockGeneric(c *blockExpanded, dst, src []byte) func expandKeyGeneric(c *blockExpanded, key []byte) func newBlockExpanded(c *blockExpanded, key []byte) Package-Level Functions (total 38, in which 7 are exported) func EncryptBlockInternal(c *Block, dst, src []byte) EncryptBlockInternal applies the AES encryption function to one block. It is an internal function meant only for the gcm package. func EncryptionKeySchedule(c *Block) []uint32 EncryptionKeySchedule is used from the GCM implementation to access the precomputed AES key schedule, to pass to the assembly implementation. func New(key []byte) (*Block, error) New creates and returns a new [cipher.Block] implementation. The key argument should be the AES key, either 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256. func NewCBCDecrypter(b *Block, iv [16]byte) *CBCDecrypter NewCBCDecrypter returns a [cipher.BlockMode] which decrypts in cipher block chaining mode, using the given Block. func NewCBCEncrypter(b *Block, iv [16]byte) *CBCEncrypter NewCBCEncrypter returns a [cipher.BlockMode] which encrypts in cipher block chaining mode, using the given Block. func NewCTR(b *Block, iv []byte) *CTR func RoundToBlock(c *CTR) RoundToBlock is used by CTR_DRBG, which discards the rightmost unused bits at each request. It rounds the offset up to the next block boundary. /* 31 unexporteds ... *//* 31 unexporteds: */ func add128(lo, hi uint64, x uint64) (uint64, uint64) func checkGenericIsExpected() checkGenericIsExpected is called by the variable-time implementation to make sure it is not used when hardware support is available. It shouldn't happen, but this way it's more evidently correct. func cryptBlocksDec(b *Block, civ *[16]byte, dst, src []byte) func cryptBlocksDecGeneric(b *Block, civ *[16]byte, dst, src []byte) func cryptBlocksEnc(b *Block, civ *[16]byte, dst, src []byte) func cryptBlocksEncGeneric(b *Block, civ *[16]byte, dst, src []byte) func ctrBlocks(b *Block, dst, src []byte, ivlo, ivhi uint64) func ctrBlocks1(b *Block, dst, src *[16]byte, ivlo, ivhi uint64) func ctrBlocks1Asm(nr int, xk *[60]uint32, dst, src *[16]byte, ivlo, ivhi uint64) func ctrBlocks2(b *Block, dst, src *[32]byte, ivlo, ivhi uint64) func ctrBlocks2Asm(nr int, xk *[60]uint32, dst, src *[32]byte, ivlo, ivhi uint64) func ctrBlocks4(b *Block, dst, src *[64]byte, ivlo, ivhi uint64) func ctrBlocks4Asm(nr int, xk *[60]uint32, dst, src *[64]byte, ivlo, ivhi uint64) func ctrBlocks8(b *Block, dst, src *[128]byte, ivlo, ivhi uint64) func ctrBlocks8Asm(nr int, xk *[60]uint32, dst, src *[128]byte, ivlo, ivhi uint64) func decryptBlock(c *Block, dst, src []byte) func decryptBlockAsm(nr int, xk *uint32, dst, src *byte) func decryptBlockGeneric(c *blockExpanded, dst, src []byte) Decrypt one block from src into dst, using the expanded key xk. func encryptBlock(c *Block, dst, src []byte) func encryptBlockAsm(nr int, xk *uint32, dst, src *byte) func encryptBlockGeneric(c *blockExpanded, dst, src []byte) Encrypt one block from src into dst, using the expanded key xk. func expandKeyAsm(nr int, key *byte, enc *uint32, dec *uint32) func expandKeyGeneric(c *blockExpanded, key []byte) Key expansion algorithm. See FIPS-197, Figure 11. Their rcon[i] is our powx[i-1] << 24. func init() func init() func newBlock(c *Block, key []byte) *Block func newBlockExpanded(c *blockExpanded, key []byte) func newCTR(b *Block, iv []byte) CTR func newOutlined(b *Block, key []byte) (*Block, error) newOutlined is marked go:noinline to avoid it inlining into New, and making New too complex to inline itself. func rotw(w uint32) uint32 Rotate func subw(w uint32) uint32 Apply sbox0 to each byte in w. Package-Level Variables (total 12, none are exported) /* 12 unexporteds ... *//* 12 unexporteds: */ var powx [16]byte Powers of x mod poly in GF(2). var sbox0 [256]byte FIPS-197 Figure 7. S-box substitution values in hexadecimal format. var sbox1 [256]byte FIPS-197 Figure 14. Inverse S-box substitution values in hexadecimal format. var supportsAES bool var td0 [256]uint32 var td1 [256]uint32 var td2 [256]uint32 var td3 [256]uint32 var te0 [256]uint32 var te1 [256]uint32 var te2 [256]uint32 var te3 [256]uint32 Package-Level Constants (total 8, in which 1 is exported) const BlockSize = 16 BlockSize is the AES block size in bytes. /* 7 unexporteds ... *//* 7 unexporteds: */ const aes128KeySize = 16 const aes128Rounds = 10 const aes192KeySize = 24 const aes192Rounds = 12 const aes256KeySize = 32 const aes256Rounds = 14 const poly = 283 // x⁸ + x⁴ + x³ + x + 1 AES is based on the mathematical behavior of binary polynomials (polynomials over GF(2)) modulo the irreducible polynomial x⁸ + x⁴ + x³ + x + 1. Addition of these binary polynomials corresponds to binary xor. Reducing mod poly corresponds to binary xor with poly every time a 0x100 bit appears.