|
void | mbedtls_aes_init (mbedtls_aes_context *ctx) |
| This function initializes the specified AES context. More...
|
|
void | mbedtls_aes_free (mbedtls_aes_context *ctx) |
| This function releases and clears the specified AES context. More...
|
|
void | mbedtls_aes_xts_init (mbedtls_aes_xts_context *ctx) |
| This function initializes the specified AES XTS context. More...
|
|
void | mbedtls_aes_xts_free (mbedtls_aes_xts_context *ctx) |
| This function releases and clears the specified AES XTS context. More...
|
|
int | mbedtls_aes_setkey_enc (mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits) |
| This function sets the encryption key. More...
|
|
int | mbedtls_aes_setkey_dec (mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits) |
| This function sets the decryption key. More...
|
|
int | mbedtls_aes_xts_setkey_enc (mbedtls_aes_xts_context *ctx, const unsigned char *key, unsigned int keybits) |
| This function prepares an XTS context for encryption and sets the encryption key. More...
|
|
int | mbedtls_aes_xts_setkey_dec (mbedtls_aes_xts_context *ctx, const unsigned char *key, unsigned int keybits) |
| This function prepares an XTS context for decryption and sets the decryption key. More...
|
|
int | mbedtls_aes_crypt_ecb (mbedtls_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16]) |
| This function performs an AES single-block encryption or decryption operation. More...
|
|
int | mbedtls_aes_crypt_cbc (mbedtls_aes_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output) |
| This function performs an AES-CBC encryption or decryption operation on full blocks. More...
|
|
int | mbedtls_aes_crypt_xts (mbedtls_aes_xts_context *ctx, int mode, size_t length, const unsigned char data_unit[16], const unsigned char *input, unsigned char *output) |
| This function performs an AES-XTS encryption or decryption operation for an entire XTS data unit. More...
|
|
int | mbedtls_aes_crypt_cfb128 (mbedtls_aes_context *ctx, int mode, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output) |
| This function performs an AES-CFB128 encryption or decryption operation. More...
|
|
int | mbedtls_aes_crypt_cfb8 (mbedtls_aes_context *ctx, int mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output) |
| This function performs an AES-CFB8 encryption or decryption operation. More...
|
|
int | mbedtls_aes_crypt_ofb (mbedtls_aes_context *ctx, size_t length, size_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output) |
| This function performs an AES-OFB (Output Feedback Mode) encryption or decryption operation. More...
|
|
int | mbedtls_aes_crypt_ctr (mbedtls_aes_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output) |
| This function performs an AES-CTR encryption or decryption operation. More...
|
|
int | mbedtls_internal_aes_encrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) |
| Internal AES block encryption function. This is only exposed to allow overriding it using MBEDTLS_AES_ENCRYPT_ALT . More...
|
|
int | mbedtls_internal_aes_decrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) |
| Internal AES block decryption function. This is only exposed to allow overriding it using see MBEDTLS_AES_DECRYPT_ALT . More...
|
|
MBEDTLS_DEPRECATED void | mbedtls_aes_encrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) |
| Deprecated internal AES block encryption function without return value. More...
|
|
MBEDTLS_DEPRECATED void | mbedtls_aes_decrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) |
| Deprecated internal AES block decryption function without return value. More...
|
|
int | mbedtls_aes_self_test (int verbose) |
| Checkup routine. More...
|
|
This file contains AES definitions and functions.
The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data.
The AES algorithm is a symmetric block cipher that can encrypt and decrypt information. For more information, see FIPS Publication 197: Advanced Encryption Standard and ISO/IEC 18033-2:2006: Information technology – Security techniques – Encryption algorithms – Part 2: Asymmetric ciphers.
The AES-XTS block mode is standardized by NIST SP 800-38E https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf and described in detail by IEEE P1619 https://ieeexplore.ieee.org/servlet/opac?punumber=4375278.
Definition in file aes.h.
int mbedtls_aes_crypt_ctr |
( |
mbedtls_aes_context * |
ctx, |
|
|
size_t |
length, |
|
|
size_t * |
nc_off, |
|
|
unsigned char |
nonce_counter[16], |
|
|
unsigned char |
stream_block[16], |
|
|
const unsigned char * |
input, |
|
|
unsigned char * |
output |
|
) |
| |
This function performs an AES-CTR encryption or decryption operation.
This function performs the operation defined in the \p mode
parameter (encrypt/decrypt), on the input data buffer
defined in the \p input parameter.
Due to the nature of CTR, you must use the same key schedule
for both encryption and decryption operations. Therefore, you
must use the context initialized with mbedtls_aes_setkey_enc()
for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
- Warning
- You must never reuse a nonce value with the same key. Doing so would void the encryption for the two messages encrypted with the same nonce and key.
There are two common strategies for managing nonces with CTR:
- You can handle everything as a single message processed over successive calls to this function. In that case, you want to set
nonce_counter
and nc_off
to 0 for the first call, and then preserve the values of nonce_counter
, nc_off
and stream_block
across calls to this function as they will be updated by this function.
With this strategy, you must not encrypt more than 2**128 blocks of data with the same key.
- You can encrypt separate messages by dividing the
nonce_counter
buffer in two areas: the first one used for a per-message nonce, handled by yourself, and the second one updated by this function internally.
For example, you might reserve the first 12 bytes for the per-message nonce, and the last 4 bytes for internal use. In that case, before calling this function on a new message you need to set the first 12 bytes of nonce_counter
to your chosen nonce value, the last 4 to 0, and nc_off
to 0 (which will cause stream_block
to be ignored). That way, you can encrypt at most 2**96 messages of up to 2**32 blocks each with the same key.
The per-message nonce (or information sufficient to reconstruct it) needs to be communicated with the ciphertext and must be unique. The recommended way to ensure uniqueness is to use a message counter. An alternative is to generate random nonces, but this limits the number of messages that can be securely encrypted: for example, with 96-bit random nonces, you should not encrypt more than 2**32 messages with the same key.
Note that for both stategies, sizes are measured in blocks and that an AES block is 16 bytes.
- Warning
- Upon return,
stream_block
contains sensitive data. Its content must not be written to insecure storage and should be securely discarded as soon as it's no longer needed.
- Parameters
-
ctx | The AES context to use for encryption or decryption. |
length | The length of the input data. |
nc_off | The offset in the current stream_block , for resuming within the current cipher stream. The offset pointer should be 0 at the start of a stream. |
nonce_counter | The 128-bit nonce and counter. |
stream_block | The saved stream block for resuming. This is overwritten by the function. |
input | The buffer holding the input data. |
output | The buffer holding the output data. |
- Returns
0
on success.
int mbedtls_aes_crypt_ofb |
( |
mbedtls_aes_context * |
ctx, |
|
|
size_t |
length, |
|
|
size_t * |
iv_off, |
|
|
unsigned char |
iv[16], |
|
|
const unsigned char * |
input, |
|
|
unsigned char * |
output |
|
) |
| |
This function performs an AES-OFB (Output Feedback Mode) encryption or decryption operation.
For OFB, you must set up the context with
mbedtls_aes_setkey_enc(), regardless of whether you are
performing an encryption or decryption operation. This is
because OFB mode uses the same key schedule for encryption and
decryption.
The OFB operation is identical for encryption or decryption,
therefore no operation mode needs to be specified.
- Note
- Upon exit, the content of iv, the Initialisation Vector, is updated so that you can call the same function again on the next block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage, by initialising iv_off to 0 before the first call, and preserving its value between calls.
For non-streaming use, the iv should be initialised on each call to a unique value, and iv_off set to 0 on each call.
If you need to retain the contents of the initialisation vector, you must either save it manually or use the cipher module instead.
- Warning
- For the OFB mode, the initialisation vector must be unique every encryption operation. Reuse of an initialisation vector will compromise security.
- Parameters
-
ctx | The AES context to use for encryption or decryption. |
length | The length of the input data. |
iv_off | The offset in IV (updated after use). |
iv | The initialization vector (updated after use). |
input | The buffer holding the input data. |
output | The buffer holding the output data. |
- Returns
0
on success.