 |
Mbed OS Reference
|
|
Mbed OS Reference
|
Data Structures | |
| struct | mbedtls_aes_context |
| The AES context-type definition. More... | |
Macros | |
| #define | MBEDTLS_AES_ENCRYPT 1 |
| AES encryption. More... | |
| #define | MBEDTLS_AES_DECRYPT 0 |
| AES decryption. More... | |
| #define | MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 |
| Invalid key length. More... | |
| #define | MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 |
| Invalid data input length. More... | |
| #define | MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 |
| Invalid input data. More... | |
| #define | MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 |
| Feature not available. More... | |
| #define | MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 |
| AES hardware accelerator failed. More... | |
Typedefs | |
| typedef struct mbedtls_aes_context | mbedtls_aes_context |
| The AES context-type definition. More... | |
Functions | |
| void | mbedtls_aes_init (mbedtls_aes_context *ctx) |
| This function initializes the specified AES context. More... | |
| void | mbedtls_aes_free (mbedtls_aes_context *ctx) |
| This function releases and clears the specified AES context. More... | |
| int | mbedtls_aes_setkey_enc (mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits) |
| This function sets the encryption key. More... | |
| int | mbedtls_aes_setkey_dec (mbedtls_aes_context *ctx, const unsigned char *key, unsigned int keybits) |
| This function sets the decryption key. More... | |
| int | mbedtls_aes_crypt_ecb (mbedtls_aes_context *ctx, int mode, const unsigned char input[16], unsigned char output[16]) |
| This function performs an AES single-block encryption or decryption operation. More... | |
| int | mbedtls_aes_crypt_ctr (mbedtls_aes_context *ctx, size_t length, size_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output) |
| This function performs an AES-CTR encryption or decryption operation. More... | |
| int | mbedtls_internal_aes_encrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) |
| Internal AES block encryption function. More... | |
| int | mbedtls_internal_aes_decrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) |
| Internal AES block decryption function. More... | |
| void | mbedtls_aes_encrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) |
| Deprecated internal AES block encryption function without return value. More... | |
| void | mbedtls_aes_decrypt (mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) |
| Deprecated internal AES block decryption function without return value. More... | |
| #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 |
| #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 |
| #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 |
| #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 |
| #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 |
| typedef struct mbedtls_aes_context mbedtls_aes_context |
The AES context-type definition.
| void mbedtls_aes_init | ( | mbedtls_aes_context * | ctx | ) |
This function initializes the specified AES context.
It must be the first API called before using
the context.
| ctx | The AES context to initialize. This must not be NULL. |
| void mbedtls_aes_free | ( | mbedtls_aes_context * | ctx | ) |
This function releases and clears the specified AES context.
| ctx | The AES context to clear. If this is NULL, this function does nothing. Otherwise, the context must have been at least initialized. |
| int mbedtls_aes_setkey_enc | ( | mbedtls_aes_context * | ctx, |
| const unsigned char * | key, | ||
| unsigned int | keybits | ||
| ) |
This function sets the encryption key.
| ctx | The AES context to which the key should be bound. It must be initialized. |
| key | The encryption key. This must be a readable buffer of size keybits bits. |
| keybits | The size of data passed in bits. Valid options are:
|
0 on success. | int mbedtls_aes_setkey_dec | ( | mbedtls_aes_context * | ctx, |
| const unsigned char * | key, | ||
| unsigned int | keybits | ||
| ) |
This function sets the decryption key.
| ctx | The AES context to which the key should be bound. It must be initialized. |
| key | The decryption key. This must be a readable buffer of size keybits bits. |
| keybits | The size of data passed. Valid options are:
|
0 on success. | int mbedtls_aes_crypt_ecb | ( | mbedtls_aes_context * | ctx, |
| int | mode, | ||
| const unsigned char | input[16], | ||
| unsigned char | output[16] | ||
| ) |
This function performs an AES single-block encryption or decryption operation.
It performs the operation defined in the mode parameter (encrypt or decrypt), on the input data buffer defined in the input parameter.
mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called before the first call to this API with the same context.
| ctx | The AES context to use for encryption or decryption. It must be initialized and bound to a key. |
| mode | The AES operation: MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT. |
| input | The buffer holding the input data. It must be readable and at least 16 Bytes long. |
| output | The buffer where the output data will be written. It must be writeable and at least 16 Bytes long. |
0 on success. | int mbedtls_aes_crypt_ctr | ( | mbedtls_aes_context * | ctx, |
| size_t | length, | ||
| size_t * | nc_off, | ||
| unsigned char | nonce_counter[16], | ||
| unsigned char | stream_block[16], | ||
| const unsigned char * | input, | ||
| unsigned char * | output | ||
| ) |
This function performs an AES-CTR encryption or decryption operation.
This function performs the operation defined in the mode parameter (encrypt/decrypt), on the input data buffer defined in the input parameter.
Due to the nature of CTR, you must use the same key schedule for both encryption and decryption operations. Therefore, you must use the context initialized with mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
There are two common strategies for managing nonces with CTR:
nonce_counter and nc_off to 0 for the first call, and then preserve the values of nonce_counter, nc_off and stream_block across calls to this function as they will be updated by this function.With this strategy, you must not encrypt more than 2**128 blocks of data with the same key.
nonce_counter buffer in two areas: the first one used for a per-message nonce, handled by yourself, and the second one updated by this function internally.For example, you might reserve the first 12 bytes for the per-message nonce, and the last 4 bytes for internal use. In that case, before calling this function on a new message you need to set the first 12 bytes of nonce_counter to your chosen nonce value, the last 4 to 0, and nc_off to 0 (which will cause stream_block to be ignored). That way, you can encrypt at most 2**96 messages of up to 2**32 blocks each with the same key.
The per-message nonce (or information sufficient to reconstruct it) needs to be communicated with the ciphertext and must be unique. The recommended way to ensure uniqueness is to use a message counter. An alternative is to generate random nonces, but this limits the number of messages that can be securely encrypted: for example, with 96-bit random nonces, you should not encrypt more than 2**32 messages with the same key.
Note that for both stategies, sizes are measured in blocks and that an AES block is 16 bytes.
stream_block contains sensitive data. Its content must not be written to insecure storage and should be securely discarded as soon as it's no longer needed.| ctx | The AES context to use for encryption or decryption. It must be initialized and bound to a key. |
| length | The length of the input data. |
| nc_off | The offset in the current stream_block, for resuming within the current cipher stream. The offset pointer should be 0 at the start of a stream. It must point to a valid size_t. |
| nonce_counter | The 128-bit nonce and counter. It must be a readable-writeable buffer of 16 Bytes. |
| stream_block | The saved stream block for resuming. This is overwritten by the function. It must be a readable-writeable buffer of 16 Bytes. |
| input | The buffer holding the input data. It must be readable and of size length Bytes. |
| output | The buffer holding the output data. It must be writeable and of size length Bytes. |
0 on success. | int mbedtls_internal_aes_encrypt | ( | mbedtls_aes_context * | ctx, |
| const unsigned char | input[16], | ||
| unsigned char | output[16] | ||
| ) |
Internal AES block encryption function.
This is only exposed to allow overriding it using MBEDTLS_AES_ENCRYPT_ALT.
| ctx | The AES context to use for encryption. |
| input | The plaintext block. |
| output | The output (ciphertext) block. |
0 on success. | int mbedtls_internal_aes_decrypt | ( | mbedtls_aes_context * | ctx, |
| const unsigned char | input[16], | ||
| unsigned char | output[16] | ||
| ) |
Internal AES block decryption function.
This is only exposed to allow overriding it using see MBEDTLS_AES_DECRYPT_ALT.
| ctx | The AES context to use for decryption. |
| input | The ciphertext block. |
| output | The output (plaintext) block. |
0 on success. | void mbedtls_aes_encrypt | ( | mbedtls_aes_context * | ctx, |
| const unsigned char | input[16], | ||
| unsigned char | output[16] | ||
| ) |
Deprecated internal AES block encryption function without return value.
| ctx | The AES context to use for encryption. |
| input | Plaintext block. |
| output | Output (ciphertext) block. |
| void mbedtls_aes_decrypt | ( | mbedtls_aes_context * | ctx, |
| const unsigned char | input[16], | ||
| unsigned char | output[16] | ||
| ) |
Deprecated internal AES block decryption function without return value.
| ctx | The AES context to use for decryption. |
| input | Ciphertext block. |
| output | Output (plaintext) block. |
1.9.5