The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data.
More...
|
void | mbedtls_aes_init (mbedtls_aes_context *ctx) |
| This function initializes the specified AES context. More...
|
|
void | mbedtls_aes_free (mbedtls_aes_context *ctx) |
| This function releases and clears the specified AES context. More...
|
|
int | mbedtls_aes_setkey_enc (mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits) |
| This function sets the encryption key. More...
|
|
int | mbedtls_aes_setkey_dec (mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits) |
| This function sets the decryption key. More...
|
|
int | mbedtls_aes_crypt_ecb (mbedtls_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16]) |
| This function performs an AES single-block encryption or decryption operation. More...
|
|
int | mbedtls_aes_crypt_cbc (mbedtls_aes_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output) |
| This function performs an AES-CBC encryption or decryption operation on full blocks. More...
|
|
int | mbedtls_aes_crypt_cfb128 (mbedtls_aes_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output) |
| This function performs an AES-CFB128 encryption or decryption operation. More...
|
|
int | mbedtls_aes_crypt_cfb8 (mbedtls_aes_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output) |
| This function performs an AES-CFB8 encryption or decryption operation. More...
|
|
int | mbedtls_aes_crypt_ctr (mbedtls_aes_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output) |
| This function performs an AES-CTR encryption or decryption operation. More...
|
|
int | mbedtls_internal_aes_encrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) |
| Internal AES block encryption function. This is only exposed to allow overriding it using MBEDTLS_AES_ENCRYPT_ALT . More...
|
|
int | mbedtls_internal_aes_decrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) |
| Internal AES block decryption function. This is only exposed to allow overriding it using see MBEDTLS_AES_DECRYPT_ALT . More...
|
|
MBEDTLS_DEPRECATED void | mbedtls_aes_encrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) |
| Deprecated internal AES block encryption function without return value. More...
|
|
MBEDTLS_DEPRECATED void | mbedtls_aes_decrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) |
| Deprecated internal AES block decryption function without return value. More...
|
|
int | mbedtls_aes_self_test (int verbose) |
| Checkup routine. More...
|
|
The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data.
The AES algorithm is a symmetric block cipher that can encrypt and decrypt information. For more information, see FIPS Publication 197: Advanced Encryption Standard and ISO/IEC 18033-2:2006: Information technology – Security techniques – Encryption algorithms – Part 2: Asymmetric ciphers.
Definition in file aes.h.
int mbedtls_aes_crypt_cbc |
( |
mbedtls_aes_context * |
ctx, |
|
|
int |
mode, |
|
|
size_t |
length, |
|
|
unsigned char |
iv[16], |
|
|
const unsigned char * |
input, |
|
|
unsigned char * |
output |
|
) |
| |
This function performs an AES-CBC encryption or decryption operation on full blocks.
It performs the operation defined in the mode
parameter (encrypt/decrypt), on the input data buffer defined in the input
parameter.
It can be called as many times as needed, until all the input data is processed. mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called before the first call to this API with the same context.
- Note
- This function operates on aligned blocks, that is, the input size must be a multiple of the AES block size of 16 Bytes.
-
Upon exit, the content of the IV is updated so that you can call the same function again on the next block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.
- Parameters
-
ctx | The AES context to use for encryption or decryption. |
mode | The AES operation: MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT. |
length | The length of the input data in Bytes. This must be a multiple of the block size (16 Bytes). |
iv | Initialization vector (updated after use). |
input | The buffer holding the input data. |
output | The buffer holding the output data. |
- Returns
0
on success, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH on failure.
int mbedtls_aes_crypt_cfb128 |
( |
mbedtls_aes_context * |
ctx, |
|
|
int |
mode, |
|
|
size_t |
length, |
|
|
size_t * |
iv_off, |
|
|
unsigned char |
iv[16], |
|
|
const unsigned char * |
input, |
|
|
unsigned char * |
output |
|
) |
| |
This function performs an AES-CFB128 encryption or decryption operation.
It performs the operation defined in the mode
parameter (encrypt or decrypt), on the input data buffer defined in the input
parameter.
For CFB, you must set up the context with mbedtls_aes_setkey_enc(), regardless of whether you are performing an encryption or decryption operation, that is, regardless of the mode
parameter. This is because CFB mode uses the same key schedule for encryption and decryption.
- Note
- Upon exit, the content of the IV is updated so that you can call the same function again on the next block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If you need to retain the contents of the IV, you must either save it manually or use the cipher module instead.
- Parameters
-
ctx | The AES context to use for encryption or decryption. |
mode | The AES operation: MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT. |
length | The length of the input data. |
iv_off | The offset in IV (updated after use). |
iv | The initialization vector (updated after use). |
input | The buffer holding the input data. |
output | The buffer holding the output data. |
- Returns
0
on success.
int mbedtls_aes_crypt_cfb8 |
( |
mbedtls_aes_context * |
ctx, |
|
|
int |
mode, |
|
|
size_t |
length, |
|
|
unsigned char |
iv[16], |
|
|
const unsigned char * |
input, |
|
|
unsigned char * |
output |
|
) |
| |
This function performs an AES-CFB8 encryption or decryption operation.
It performs the operation defined in the mode
parameter (encrypt/decrypt), on the input data buffer defined in the input
parameter.
Due to the nature of CFB, you must use the same key schedule for both encryption and decryption operations. Therefore, you must use the context initialized with mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
- Note
- Upon exit, the content of the IV is updated so that you can call the same function again on the next block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.
- Parameters
-
ctx | The AES context to use for encryption or decryption. |
mode | The AES operation: MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT |
length | The length of the input data. |
iv | The initialization vector (updated after use). |
input | The buffer holding the input data. |
output | The buffer holding the output data. |
- Returns
0
on success.
int mbedtls_aes_crypt_ctr |
( |
mbedtls_aes_context * |
ctx, |
|
|
size_t |
length, |
|
|
size_t * |
nc_off, |
|
|
unsigned char |
nonce_counter[16], |
|
|
unsigned char |
stream_block[16], |
|
|
const unsigned char * |
input, |
|
|
unsigned char * |
output |
|
) |
| |
This function performs an AES-CTR encryption or decryption operation.
This function performs the operation defined in the mode
parameter (encrypt/decrypt), on the input data buffer defined in the input
parameter.
Due to the nature of CTR, you must use the same key schedule for both encryption and decryption operations. Therefore, you must use the context initialized with mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
- Warning
- You must keep the maximum use of your counter in mind.
- Parameters
-
ctx | The AES context to use for encryption or decryption. |
length | The length of the input data. |
nc_off | The offset in the current stream_block , for resuming within the current cipher stream. The offset pointer should be 0 at the start of a stream. |
nonce_counter | The 128-bit nonce and counter. |
stream_block | The saved stream block for resuming. This is overwritten by the function. |
input | The buffer holding the input data. |
output | The buffer holding the output data. |
- Returns
0
on success.