1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 2<!--========================================================================== Copyright 2008 Nintendo. All rights reserved. These coded instructions, statements, and computer programs contain proprietary information of Nintendo of America Inc. and/or Nintendo Company Ltd., and are protected by Federal copyright law. They may not be disclosed to third parties or copied or duplicated in any form, in whole or in part, without the prior written consent of Nintendo. ==========================================================================--> 3<HTML> 4<HEAD> 5<META http-equiv="Content-Type" content="text/html; charset=windows-1252"> 6<META name="GENERATOR" content="IBM WebSphere Studio Homepage Builder Version 7.0.0.0 for Windows"> 7<META http-equiv="Content-Style-Type" content="text/css"> 8<TITLE>aesconv</TITLE> 9<LINK rel="stylesheet" href="../css/nitro.css" type="text/css"> 10<STYLE type="text/css"> 11<!-- 12.sample_source{ 13 background-color : #e8e8e8; 14} 15H3{ 16 color : teal; 17} 18pre 19{ 20 display: compact; 21 font-family : "Courier New", monospace; 22 font-weight : normal; 23 font-size : normal; 24 width: 90%; 25 26 padding : 2pt 8pt 2pt 8pt; 27 background-color : #eee; 28 29 border-style : solid; 30 border-width : 1px; 31} 32TD,TH{ 33 border-color : #c0d8d8; 34 padding : 1pt 4pt 1pt 4pt; 35 border-width : 1px; 36 border-style : solid; 37} 38.arg{ 39 font-style: italic; 40} 41--> 42</STYLE> 43</HEAD> 44<BODY> 45<H1 align="left">aesconv <IMG src="../image/NTR.gif" align="middle"><IMG src="../image/TWL.gif" align="middle"></H1> 46<H2>Description</H2> 47<P> <CODE>aesconv</CODE> is a tool for encrypting and decrypting using the AES encryption algorithm.</P> 48<H2>Using the Tool</H2> 49<H3>Start Command</H3> 50<P> 51<CODE>% aesconv -m ctr -k <span class="arg">key</span> -c <span class="arg">counter</span> [-r] [-p <span class="arg">inputFile</span>] [-o <span class="arg">outputFile</span>]</CODE><BR> <CODE>% aesconv -m cbc_encrypt -k <span class="arg">key</span> -i <span class="arg">iv</span> [-r] [-p <span class="arg">inputFile</span>] [-o <span class="arg">outputFile</span>]</CODE><BR> <CODE>% aesconv -m cbc_decrypt -k <span class="arg">key</span> -i <span class="arg">iv</span> [-r] [-p <span class="arg">inputFile</span>] [-o <span class="arg">outputFile</span>]</CODE><BR> <CODE>% aesconv -m ccm_encrypt -k <span class="arg">key</span> -n <span class="arg">nonce</span> [-r] [-p <span class="arg">inputFile</span>] [-o <span class="arg">outputFile</span>] [-a <span class="arg">Adata</span>] -t <span class="arg">taglen</span></CODE><BR> <CODE>% aesconv -m ccm_decrypt -k <span class="arg">key</span> -n <span class="arg">nonce</span> [-r] [-p <span class="arg">inputFile</span>] [-o <span class="arg">outputFile</span>] [-a <span class="arg">Adata</span>] -t <span class="arg">tag</span></CODE><BR> 52</P> 53 54<P> 55Use the <CODE>-m</code> option to specify the cipher mode and whether to encrypt or decrypt. The five values shown below can be specified. 56</P> 57<table> 58<tr><th>Specified Value<th>Description 59<tr><td>ctr<td>CTR Mode 60<tr><td>cbc_encrypt<td>Encryption in CBC Mode 61<tr><td>cbc_decrypt<td>Decryption in CBC Mode 62<tr><td>ccm_encrypt<td>Encryption in CCM Mode 63<tr><td>ccm_decrypt<td>Decryption in CCM Mode 64</table> 65 66<P> 67<CODE><span class="arg">key</span></code> specifies the key to use for encryption or decryption. Keys can be specified in two ways. The first is to specify the key with <CODE>hex:</CODE> followed by a 32-digit hexadecimal value. For example, if the key is 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF in hexadecimal, specify the following option. 68</P> 69<pre> 70 -k hex:00112233445566778899AABBCCDDEEFF 71</pre> 72<P> 73 The other way is to specify the path to a binary key file. 74</P> 75<pre> 76 -k key.bin 77</pre> 78<P> 79Specifying this option will use the first 16 bytes in the file <CODE>key.bin</CODE> as the key. 80</P> 81 82<P> 83<CODE><span class="arg">counter</span></code> specifies the initial counter value in CTR mode. This is specified in the same ways as <CODE><span class="arg">key</span></code> is. 84</P> 85 86<P> 87<CODE><span class="arg">iv</span></code> specifies the initial vector in CBC mode. This is specified in the same ways as <CODE>key</code>. 88</P> 89 90<P> 91<CODE><span class="arg">nonce</span></code> specifies the nonce in CCM mode. This is specified in the same ways as <CODE>key</code>. However, the <CODE>aesconv</CODE> tool only supports 96-bit nonces. If specifying this value in hex format, be sure to specify 24 hexadecimal digits; if specifying this value using a file, the first 12 bytes will be used. 92</P> 93 94<P> 95Use the <CODE>-r</code> option to perform encryption or decryption in a format that is compatible with the TWL's AES module. 96</P> 97 98<P> 99In <CODE><span class="arg">inputFile</span></code>, specify the file where the input data to encrypt or decrypt is stored. If the <CODE>-p</code> option is not specified, the tool will accept input from standard input. 100</P> 101 102<P> 103In <CODE><span class="arg">outputFile</span></code>, specify the the output file for the encryption or decryption process. If the <CODE>-o</code> option is not specified, the tool will output to standard output. 104</P> 105 106<P> 107<CODE><span class="arg">Adata</span></code> specifies the Adata in CCM mode. Adata can be specified in two ways. The first is to enter Adata from standard input. Specify <CODE>stdin:</CODE> followed by the size of Adata in decimal format. If providing the input data from standard input as well without using the <CODE>-p</CODE> option, specify Adata first, and then the input data. For example, if the size of Adata is 12345 bytes, enter the following. 108</P> 109<pre> 110 -a stdin:12345 111</pre> 112<P> 113 The other way is to specify the path to a binary Adata file. 114</P> 115<pre> 116 -a adata.bin 117</pre> 118<P> 119Specifying this option will use the entire contents of the <CODE>adata.bin</CODE> file as the Adata.<br>If the <CODE>-a</CODE> option is not specified, the tool will consider the size of Adata to be 0. 120</P> 121 122<P> 123In <CODE><span class="arg">taglen</span></code>, specify the length of the MAC for encryption in CCM mode. The values that can be specified are 4, 6, 8, 10, 12, 14, and 16. 124</P> 125 126<P> 127<CODE><span class="arg">tag</span></code> specifies the MAC for decryption in CCM mode. The MAC can be specified in two ways. The first is to specify <CODE>hex:</CODE> followed by the MAC in hexadecimal format. This will be 8, 12, 16, 20, 24, 28, or 32 digits, depending on the MAC length. For example, specify the following if the MAC is 12 bytes in length, and is represented in hex as 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC. 128</P> 129<pre> 130 -t hex:00112233445566778899AABBCC 131</pre> 132<P> 133 The other way is to specify the MAC length and then enter the MAC from standard input. 134</P> 135<pre> 136 -t 12 137</pre> 138<P> 139Specifying this option will read 12 bytes from standard input and use this data as the MAC. The MAC lengths that can be specified are the same as those for encryption, ( 4, 6, 8, 10, 12, 14, or 16). If providing the input data from standard input as well without using the <CODE>-p</CODE> option, specify the input data first, and then the MAC. 140</P> 141 142<H2>Location</H2> 143<P><CODE>$TwlSDK/tools/bin/aesconv.exe</CODE></P> 144<H2>See Also</H2> 145<P><CODE><A href="../aes/list_aes.html">AES Library Function List</A></CODE></P> 146<H2>Revision History</H2> 147<P>2008/08/22 Initial version.</P> 148<hr><p>CONFIDENTIAL</p></body> 149</HTML>
