This file contains AES definitions and functions. More...

Macros
#define	MBEDTLS_AES_DECRYPT 0

#define	MBEDTLS_AES_ENCRYPT 1

#define	MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021

#define	MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023

#define	MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025

#define	MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022

#define	MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020

Functions
int	mbedtls_aes_crypt_cbc (mbedtls_aes_context ctx, int mode, size_t length, unsigned char iv[16], const unsigned char input, unsigned char *output)
	This function performs an AES-CBC encryption or decryption operation on full blocks.

int	mbedtls_aes_crypt_cfb128 (mbedtls_aes_context ctx, int mode, size_t length, size_t iv_off, unsigned char iv[16], const unsigned char input, unsigned char output)
	This function performs an AES-CFB128 encryption or decryption operation.

int	mbedtls_aes_crypt_cfb8 (mbedtls_aes_context ctx, int mode, size_t length, unsigned char iv[16], const unsigned char input, unsigned char *output)
	This function performs an AES-CFB8 encryption or decryption operation.

int	mbedtls_aes_crypt_ctr (mbedtls_aes_context ctx, size_t length, size_t nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char input, unsigned char output)
	This function performs an AES-CTR encryption or decryption operation.

int	mbedtls_aes_crypt_ecb (mbedtls_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16])
	This function performs an AES single-block encryption or decryption operation.

MBEDTLS_DEPRECATED void	mbedtls_aes_decrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16])
	Deprecated internal AES block decryption function without return value.

MBEDTLS_DEPRECATED void	mbedtls_aes_encrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16])
	Deprecated internal AES block encryption function without return value.

void	mbedtls_aes_free (mbedtls_aes_context *ctx)
	This function releases and clears the specified AES context.

void	mbedtls_aes_init (mbedtls_aes_context *ctx)
	This function initializes the specified AES context.

int	mbedtls_aes_self_test (int verbose)
	Checkup routine.

int	mbedtls_aes_setkey_dec (mbedtls_aes_context ctx, const unsigned char key, unsigned int keybits)
	This function sets the decryption key.

int	mbedtls_aes_setkey_enc (mbedtls_aes_context ctx, const unsigned char key, unsigned int keybits)
	This function sets the encryption key.

int	mbedtls_internal_aes_decrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16])
	Internal AES block decryption function. This is only exposed to allow overriding it using see `MBEDTLS_AES_DECRYPT_ALT`.

int	mbedtls_internal_aes_encrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16])
	Internal AES block encryption function. This is only exposed to allow overriding it using `MBEDTLS_AES_ENCRYPT_ALT`.

Detailed Description

This file contains AES definitions and functions.

    The Advanced Encryption Standard (AES) specifies a FIPS-approved
    cryptographic algorithm that can be used to protect electronic
    data.

    The AES algorithm is a symmetric block cipher that can
    encrypt and decrypt information. For more information, see
    <em>FIPS Publication 197: Advanced Encryption Standard</em> and
    <em>ISO/IEC 18033-2:2006: Information technology -- Security
    techniques -- Encryption algorithms -- Part 2: Asymmetric
    ciphers</em>.

    The AES-XTS block mode is standardized by NIST SP 800-38E
    <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf>
    and described in detail by IEEE P1619
    <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>.

Macro Definition Documentation

◆ MBEDTLS_AES_DECRYPT

#define MBEDTLS_AES_DECRYPT 0

AES decryption.

◆ MBEDTLS_AES_ENCRYPT

#define MBEDTLS_AES_ENCRYPT 1

AES encryption.

◆ MBEDTLS_ERR_AES_BAD_INPUT_DATA

#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021

Invalid input data.

◆ MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE

#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023

Feature not available. For example, an unsupported AES key size.

◆ MBEDTLS_ERR_AES_HW_ACCEL_FAILED

#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025

AES hardware accelerator failed.

◆ MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH

#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022

Invalid data input length.

◆ MBEDTLS_ERR_AES_INVALID_KEY_LENGTH

#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020

Invalid key length.

Function Documentation

◆ mbedtls_aes_crypt_cbc()

int mbedtls_aes_crypt_cbc	(	mbedtls_aes_context *	ctx,
		int	mode,
		size_t	length,
		unsigned char	iv[16],
		const unsigned char *	input,
		unsigned char *	output )

This function performs an AES-CBC encryption or decryption operation on full blocks.

It performs the operation defined in the mode parameter (encrypt/decrypt), on the input data buffer defined in the input parameter.

It can be called as many times as needed, until all the input data is processed. mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called before the first call to this API with the same context.

Note: This function operates on full blocks, that is, the input size must be a multiple of the AES block size of 16 Bytes.; Upon exit, the content of the IV is updated so that you can call the same function again on the next block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.

Parameters

ctx	The AES context to use for encryption or decryption. It must be initialized and bound to a key.
mode	The AES operation: MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT.
length	The length of the input data in Bytes. This must be a multiple of the block size (`16` Bytes).
iv	Initialization vector (updated after use). It must be a readable and writeable buffer of `16` Bytes.
input	The buffer holding the input data. It must be readable and of size `length` Bytes.
output	The buffer holding the output data. It must be writeable and of size `length` Bytes.

Returns: 0 on success.; MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH on failure.

◆ mbedtls_aes_crypt_cfb128()

int mbedtls_aes_crypt_cfb128	(	mbedtls_aes_context *	ctx,
		int	mode,
		size_t	length,
		size_t *	iv_off,
		unsigned char	iv[16],
		const unsigned char *	input,
		unsigned char *	output )

This function performs an AES-CFB128 encryption or decryption operation.

It performs the operation defined in the mode parameter (encrypt or decrypt), on the input data buffer defined in the input parameter.

For CFB, you must set up the context with mbedtls_aes_setkey_enc(), regardless of whether you are performing an encryption or decryption operation, that is, regardless of the mode parameter. This is because CFB mode uses the same key schedule for encryption and decryption.

Note: Upon exit, the content of the IV is updated so that you can call the same function again on the next block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If you need to retain the contents of the IV, you must either save it manually or use the cipher module instead.

Parameters

ctx	The AES context to use for encryption or decryption. It must be initialized and bound to a key.
mode	The AES operation: MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT.
length	The length of the input data in Bytes.
iv_off	The offset in IV (updated after use). It must point to a valid `size_t`.
iv	The initialization vector (updated after use). It must be a readable and writeable buffer of `16` Bytes.
input	The buffer holding the input data. It must be readable and of size `length` Bytes.
output	The buffer holding the output data. It must be writeable and of size `length` Bytes.

Returns: 0 on success.

◆ mbedtls_aes_crypt_cfb8()

int mbedtls_aes_crypt_cfb8	(	mbedtls_aes_context *	ctx,
		int	mode,
		size_t	length,
		unsigned char	iv[16],
		const unsigned char *	input,
		unsigned char *	output )

This function performs an AES-CFB8 encryption or decryption operation.

It performs the operation defined in the mode parameter (encrypt/decrypt), on the input data buffer defined in the input parameter.

Due to the nature of CFB, you must use the same key schedule for both encryption and decryption operations. Therefore, you must use the context initialized with mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.

Note: Upon exit, the content of the IV is updated so that you can call the same function again on the next block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.

Parameters

ctx	The AES context to use for encryption or decryption. It must be initialized and bound to a key.
mode	The AES operation: MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
length	The length of the input data.
iv	The initialization vector (updated after use). It must be a readable and writeable buffer of `16` Bytes.
input	The buffer holding the input data. It must be readable and of size `length` Bytes.
output	The buffer holding the output data. It must be writeable and of size `length` Bytes.

Returns: 0 on success.

◆ mbedtls_aes_crypt_ctr()

int mbedtls_aes_crypt_ctr	(	mbedtls_aes_context *	ctx,
		size_t	length,
		size_t *	nc_off,
		unsigned char	nonce_counter[16],
		unsigned char	stream_block[16],
		const unsigned char *	input,
		unsigned char *	output )

This function performs an AES-CTR encryption or decryption operation.

This function performs the operation defined in the mode parameter (encrypt/decrypt), on the input data buffer defined in the input parameter.

Due to the nature of CTR, you must use the same key schedule for both encryption and decryption operations. Therefore, you must use the context initialized with mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.

Warning: You must never reuse a nonce value with the same key. Doing so would void the encryption for the two messages encrypted with the same nonce and key.

There are two common strategies for managing nonces with CTR:

You can handle everything as a single message processed over successive calls to this function. In that case, you want to set nonce_counter and nc_off to 0 for the first call, and then preserve the values of nonce_counter, nc_off and stream_block across calls to this function as they will be updated by this function.

With this strategy, you must not encrypt more than 2**128 blocks of data with the same key.

You can encrypt separate messages by dividing the nonce_counter buffer in two areas: the first one used for a per-message nonce, handled by yourself, and the second one updated by this function internally.

For example, you might reserve the first 12 bytes for the per-message nonce, and the last 4 bytes for internal use. In that case, before calling this function on a new message you need to set the first 12 bytes of nonce_counter to your chosen nonce value, the last 4 to 0, and nc_off to 0 (which will cause stream_block to be ignored). That way, you can encrypt at most 2**96 messages of up to 2**32 blocks each with the same key.

The per-message nonce (or information sufficient to reconstruct it) needs to be communicated with the ciphertext and must be unique. The recommended way to ensure uniqueness is to use a message counter. An alternative is to generate random nonces, but this limits the number of messages that can be securely encrypted: for example, with 96-bit random nonces, you should not encrypt more than 2**32 messages with the same key.

Note that for both stategies, sizes are measured in blocks and that an AES block is 16 bytes.

Warning: Upon return, stream_block contains sensitive data. Its content must not be written to insecure storage and should be securely discarded as soon as it's no longer needed.

Parameters

ctx	The AES context to use for encryption or decryption. It must be initialized and bound to a key.
length	The length of the input data.
nc_off	The offset in the current `stream_block`, for resuming within the current cipher stream. The offset pointer should be 0 at the start of a stream. It must point to a valid `size_t`.
nonce_counter	The 128-bit nonce and counter. It must be a readable-writeable buffer of `16` Bytes.
stream_block	The saved stream block for resuming. This is overwritten by the function. It must be a readable-writeable buffer of `16` Bytes.
input	The buffer holding the input data. It must be readable and of size `length` Bytes.
output	The buffer holding the output data. It must be writeable and of size `length` Bytes.

Returns: 0 on success.

◆ mbedtls_aes_crypt_ecb()

int mbedtls_aes_crypt_ecb	(	mbedtls_aes_context *	ctx,
		int	mode,
		const unsigned char	input[16],
		unsigned char	output[16] )

This function performs an AES single-block encryption or decryption operation.

It performs the operation defined in the mode parameter (encrypt or decrypt), on the input data buffer defined in the input parameter.

mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called before the first call to this API with the same context.

Parameters

ctx	The AES context to use for encryption or decryption. It must be initialized and bound to a key.
mode	The AES operation: MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT.
input	The buffer holding the input data. It must be readable and at least `16` Bytes long.
output	The buffer where the output data will be written. It must be writeable and at least `16` Bytes long.

Returns: 0 on success.

◆ mbedtls_aes_decrypt()

MBEDTLS_DEPRECATED void mbedtls_aes_decrypt	(	mbedtls_aes_context *	ctx,
		const unsigned char	input[16],
		unsigned char	output[16] )

Deprecated internal AES block decryption function without return value.

Deprecated: Superseded by mbedtls_internal_aes_decrypt()

Parameters

ctx	The AES context to use for decryption.
input	Ciphertext block.
output	Output (plaintext) block.

◆ mbedtls_aes_encrypt()

MBEDTLS_DEPRECATED void mbedtls_aes_encrypt	(	mbedtls_aes_context *	ctx,
		const unsigned char	input[16],
		unsigned char	output[16] )

Deprecated internal AES block encryption function without return value.

Deprecated: Superseded by mbedtls_internal_aes_encrypt()

Parameters

ctx	The AES context to use for encryption.
input	Plaintext block.
output	Output (ciphertext) block.

◆ mbedtls_aes_free()

void mbedtls_aes_free ( mbedtls_aes_context * ctx )

This function releases and clears the specified AES context.

Parameters

ctx	The AES context to clear. If this is `NULL`, this function does nothing. Otherwise, the context must have been at least initialized.

◆ mbedtls_aes_init()

void mbedtls_aes_init ( mbedtls_aes_context * ctx )

This function initializes the specified AES context.

           It must be the first API called before using
           the context.

Parameters

ctx	The AES context to initialize. This must not be `NULL`.

◆ mbedtls_aes_self_test()

int mbedtls_aes_self_test ( int verbose )

Checkup routine.

Returns: 0 on success.; 1 on failure.

◆ mbedtls_aes_setkey_dec()

int mbedtls_aes_setkey_dec	(	mbedtls_aes_context *	ctx,
		const unsigned char *	key,
		unsigned int	keybits )

This function sets the decryption key.

Parameters

ctx	The AES context to which the key should be bound. It must be initialized.
key	The decryption key. This must be a readable buffer of size `keybits` bits.
keybits	The size of data passed. Valid options are: 128 bits 192 bits 256 bits

Returns: 0 on success.; MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.

◆ mbedtls_aes_setkey_enc()

int mbedtls_aes_setkey_enc	(	mbedtls_aes_context *	ctx,
		const unsigned char *	key,
		unsigned int	keybits )

This function sets the encryption key.

Parameters

ctx	The AES context to which the key should be bound. It must be initialized.
key	The encryption key. This must be a readable buffer of size `keybits` bits.
keybits	The size of data passed in bits. Valid options are: 128 bits 192 bits 256 bits

Returns: 0 on success.; MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.

◆ mbedtls_internal_aes_decrypt()

int mbedtls_internal_aes_decrypt	(	mbedtls_aes_context *	ctx,
		const unsigned char	input[16],
		unsigned char	output[16] )

Internal AES block decryption function. This is only exposed to allow overriding it using see MBEDTLS_AES_DECRYPT_ALT.

Parameters

ctx	The AES context to use for decryption.
input	The ciphertext block.
output	The output (plaintext) block.

Returns: 0 on success.

◆ mbedtls_internal_aes_encrypt()

int mbedtls_internal_aes_encrypt	(	mbedtls_aes_context *	ctx,
		const unsigned char	input[16],
		unsigned char	output[16] )

Internal AES block encryption function. This is only exposed to allow overriding it using MBEDTLS_AES_ENCRYPT_ALT.

Parameters

ctx	The AES context to use for encryption.
input	The plaintext block.
output	The output (ciphertext) block.

Returns: 0 on success.

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ MBEDTLS_AES_DECRYPT

◆ MBEDTLS_AES_ENCRYPT

◆ MBEDTLS_ERR_AES_BAD_INPUT_DATA

◆ MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE

◆ MBEDTLS_ERR_AES_HW_ACCEL_FAILED

◆ MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH

◆ MBEDTLS_ERR_AES_INVALID_KEY_LENGTH

Function Documentation

◆ mbedtls_aes_crypt_cbc()

◆ mbedtls_aes_crypt_cfb128()

◆ mbedtls_aes_crypt_cfb8()

◆ mbedtls_aes_crypt_ctr()

◆ mbedtls_aes_crypt_ecb()

◆ mbedtls_aes_decrypt()

◆ mbedtls_aes_encrypt()

◆ mbedtls_aes_free()

◆ mbedtls_aes_init()

◆ mbedtls_aes_self_test()

◆ mbedtls_aes_setkey_dec()

◆ mbedtls_aes_setkey_enc()

◆ mbedtls_internal_aes_decrypt()

◆ mbedtls_internal_aes_encrypt()