aes - Implementation of the AES block cipher
package require Tcl 8.5
package require aes ?1.2.1?
? ?-dir [encrypt|decrypt]
? -iv vector
? ?-out channel
? [ -in channel
::aes::Init mode keydata iv
::aes::Encrypt Key data
::aes::Decrypt Key data
::aes::Reset Key iv
This is an implementation in Tcl of the Advanced Encryption Standard (AES) as
published by the U.S. National Institute of Standards and Technology . AES
is a 128-bit block cipher with a variable key size of 128, 192 or 256 bits.
This implementation supports ECB and CBC modes.
- ::aes::aes ?-mode [ecb|cbc]? ?-dir
[encrypt|decrypt]? -key keydata ?-iv vector? ?-hex?
? -out channel? ?-chunksize size? [ -in channel |
?--? data ]
- Perform the aes algorithm on either the data
provided by the argument or on the data read from the -in channel.
If an -out channel is given then the result will be written to this
The -key option must be given. This parameter takes a binary string
of either 16, 24 or 32 bytes in length and is used to generate the key
The -mode and -dir options are optional and default to cbc
mode and encrypt respectively. The initialization vector -iv takes
a 16 byte binary argument which defaults to all zeros. See MODES OF
OPERATION for more about available modes and their uses.
AES is a 128-bit block cipher. This means that the data must be provided in
units that are a multiple of 16 bytes.
Internal state is maintained in an opaque structure that is returned from the
function. In ECB mode the state is not affected by the input but
for CBC mode some input dependent state is maintained and may be reset by
calling the Reset
function with a new initialization vector value.
- ::aes::Init mode keydata
- Construct a new AES key schedule using the specified key
data and the given initialization vector. The initialization vector is not
used with ECB mode but is important for CBC mode. See MODES OF
OPERATION for details about cipher modes.
- ::aes::Encrypt Key data
- Use a prepared key acquired by calling Init to
encrypt the provided data. The data argument should be a binary array that
is a multiple of the AES block size of 16 bytes. The result is a binary
array the same size as the input of encrypted data.
- ::aes::Decrypt Key data
- Decipher data using the key. Note that the same key may be
used to encrypt and decrypt data provided that the initialization vector
is reset appropriately for CBC mode.
- ::aes::Reset Key iv
- Reset the initialization vector. This permits the
programmer to re-use a key and avoid the cost of re-generating the key
schedule where the same key data is being used multiple times.
- ::aes::Final Key
- This should be called to clean up resources associated with
Key. Once this function has been called the key may not be used
- Electronic Code Book (ECB)
- ECB is the basic mode of all block ciphers. Each block is
encrypted independently and so identical plain text will produce identical
output when encrypted with the same key. Any encryption errors will only
affect a single block however this is vulnerable to known plaintext
- Cipher Block Chaining (CBC)
- CBC mode uses the output of the last block encryption to
affect the current block. An initialization vector of the same size as the
cipher block size is used to handle the first block. The initialization
vector should be chosen randomly and transmitted as the first block of the
output. Errors in encryption affect the current block and the next block
after which the cipher will correct itself. CBC is the most commonly used
mode in software encryption. This is the default mode of operation for
% set nil_block [string repeat \\0 16]
% aes::aes -hex -mode cbc -dir encrypt -key $nil_block $nil_block
set Key [aes::Init cbc $sixteen_bytes_key_data $sixteen_byte_iv]
append ciphertext [aes::Encrypt $Key $plaintext]
append ciphertext [aes::Encrypt $Key $additional_plaintext]
- "Advanced Encryption Standard", Federal
Information Processing Standards Publication 197, 2001 (
Thorsten Schloermann, Pat Thoyts
This document, and the package it describes, will undoubtedly contain bugs and
other problems. Please report such in the category aes
of the Tcllib
[http://core.tcl.tk/tcllib/reportlist]. Please also report any
ideas for enhancements you may have for either package and/or documentation.
blowfish(n), des(n), md5(n), sha1(n)
aes, block cipher, data integrity, encryption, security
Hashes, checksums, and encryption
Copyright (c) 2005, Pat Thoyts <firstname.lastname@example.org>
Copyright (c) 2012-2014, Andreas Kupries <email@example.com>