aes.h File Reference

This function performs an AES-CBC encryption or decryption operation on full blocks.

It performs the operation defined in the mode parameter (encrypt/decrypt), on the input data buffer defined in the input parameter.

It can be called as many times as needed, until all the input data is processed. mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called before the first call to this API with the same context.

Note:

This function operates on aligned blocks, that is, the input size must be a multiple of the AES block size of 16 Bytes.

Upon exit, the content of the IV is updated so that you can call the same function again on the next block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.

Parameters:

ctx	The AES context to use for encryption or decryption.
mode	The AES operation: MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT.
length	The length of the input data in Bytes. This must be a multiple of the block size (16 Bytes).
iv	Initialization vector (updated after use).
input	The buffer holding the input data.
output	The buffer holding the output data.

Returns:

0 on success, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH on failure.

Definition at line 876 of file aes.c.

This function performs an AES-CFB128 encryption or decryption operation.

It performs the operation defined in the mode parameter (encrypt or decrypt), on the input data buffer defined in the input parameter.

For CFB, you must set up the context with mbedtls_aes_setkey_enc(), regardless of whether you are performing an encryption or decryption operation, that is, regardless of the mode parameter. This is because CFB mode uses the same key schedule for encryption and decryption.

Note:

Upon exit, the content of the IV is updated so that you can call the same function again on the next block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If you need to retain the contents of the IV, you must either save it manually or use the cipher module instead.

Parameters:

ctx	The AES context to use for encryption or decryption.
mode	The AES operation: MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT.
length	The length of the input data.
iv_off	The offset in IV (updated after use).
iv	The initialization vector (updated after use).
input	The buffer holding the input data.
output	The buffer holding the output data.

Returns:

0 on success.

Definition at line 942 of file aes.c.

This function performs an AES-CFB8 encryption or decryption operation.

It performs the operation defined in the mode parameter (encrypt/decrypt), on the input data buffer defined in the input parameter.

Due to the nature of CFB, you must use the same key schedule for both encryption and decryption operations. Therefore, you must use the context initialized with mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.

Note:

Upon exit, the content of the IV is updated so that you can call the same function again on the next block(s) of data and get the same result as if it was encrypted in one call. This allows a "streaming" usage. If you need to retain the contents of the IV, you should either save it manually or use the cipher module instead.

Parameters:

ctx	The AES context to use for encryption or decryption.
mode	The AES operation: MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
length	The length of the input data.
iv	The initialization vector (updated after use).
input	The buffer holding the input data.
output	The buffer holding the output data.

Returns:

0 on success.

Definition at line 988 of file aes.c.

This function performs an AES-CTR encryption or decryption operation.

This function performs the operation defined in the mode parameter (encrypt/decrypt), on the input data buffer defined in the input parameter.

Due to the nature of CTR, you must use the same key schedule for both encryption and decryption operations. Therefore, you must use the context initialized with mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.

Warning:

You must keep the maximum use of your counter in mind.

Parameters:

ctx	The AES context to use for encryption or decryption.
length	The length of the input data.
nc_off	The offset in the current stream_block, for resuming within the current cipher stream. The offset pointer should be 0 at the start of a stream.
nonce_counter	The 128-bit nonce and counter.
stream_block	The saved stream block for resuming. This is overwritten by the function.
input	The buffer holding the input data.
output	The buffer holding the output data.

Returns:

0 on success.

Definition at line 1022 of file aes.c.

This function performs an AES single-block encryption or decryption operation.

It performs the operation defined in the mode parameter (encrypt or decrypt), on the input data buffer defined in the input parameter.

mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called before the first call to this API with the same context.

Parameters:

ctx	The AES context to use for encryption or decryption.
mode	The AES operation: MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT.
input	The 16-Byte buffer holding the input data.
output	The 16-Byte buffer holding the output data.

Returns:

0 on success.

Definition at line 844 of file aes.c.

Deprecated internal AES block decryption function without return value.

Parameters:

ctx	The AES context to use for decryption.
input	Ciphertext block.
output	Output (plaintext) block.

Definition at line 834 of file aes.c.

Deprecated internal AES block encryption function without return value.

Parameters:

ctx	The AES context to use for encryption.
input	Plaintext block.
output	Output (ciphertext) block.

Definition at line 768 of file aes.c.

This function releases and clears the specified AES context.

Parameters:

ctx	The AES context to clear.

Definition at line 472 of file aes.c.

This function initializes the specified AES context.

It must be the first API called before using the context.

Parameters:

ctx	The AES context to initialize.

Definition at line 467 of file aes.c.

Checkup routine.

Returns:

0 on success, or 1 on failure.

Definition at line 1236 of file aes.c.

This function sets the decryption key.

Parameters:

ctx	The AES context to which the key should be bound.
key	The decryption key.
keybits	The size of data passed. Valid options are: 128 bits 192 bits 256 bits

Returns:

0 on success, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.

Definition at line 598 of file aes.c.

This function sets the encryption key.

Parameters:

ctx	The AES context to which the key should be bound.
key	The encryption key.
keybits	The size of data passed in bits. Valid options are: 128 bits 192 bits 256 bits

Returns:

0 on success or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.

Definition at line 484 of file aes.c.

Internal AES block decryption function.

This is only exposed to allow overriding it using see MBEDTLS_AES_DECRYPT_ALT.

Parameters:

ctx	The AES context to use for decryption.
input	The ciphertext block.
output	The output (plaintext) block.

Returns:

0 on success.

Definition at line 779 of file aes.c.

Internal AES block encryption function.

This is only exposed to allow overriding it using MBEDTLS_AES_ENCRYPT_ALT.

Parameters:

ctx	The AES context to use for encryption.
input	The plaintext block.
output	The output (ciphertext) block.

Returns:

0 on success.

Definition at line 713 of file aes.c.