EVP_aes_128_gcm.pod 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195
  1. =pod
  2. =head1 NAME
  3. EVP_aes_128_cbc,
  4. EVP_aes_192_cbc,
  5. EVP_aes_256_cbc,
  6. EVP_aes_128_cfb,
  7. EVP_aes_192_cfb,
  8. EVP_aes_256_cfb,
  9. EVP_aes_128_cfb1,
  10. EVP_aes_192_cfb1,
  11. EVP_aes_256_cfb1,
  12. EVP_aes_128_cfb8,
  13. EVP_aes_192_cfb8,
  14. EVP_aes_256_cfb8,
  15. EVP_aes_128_cfb128,
  16. EVP_aes_192_cfb128,
  17. EVP_aes_256_cfb128,
  18. EVP_aes_128_ctr,
  19. EVP_aes_192_ctr,
  20. EVP_aes_256_ctr,
  21. EVP_aes_128_ecb,
  22. EVP_aes_192_ecb,
  23. EVP_aes_256_ecb,
  24. EVP_aes_128_ofb,
  25. EVP_aes_192_ofb,
  26. EVP_aes_256_ofb,
  27. EVP_aes_128_cbc_hmac_sha1,
  28. EVP_aes_256_cbc_hmac_sha1,
  29. EVP_aes_128_cbc_hmac_sha256,
  30. EVP_aes_256_cbc_hmac_sha256,
  31. EVP_aes_128_ccm,
  32. EVP_aes_192_ccm,
  33. EVP_aes_256_ccm,
  34. EVP_aes_128_gcm,
  35. EVP_aes_192_gcm,
  36. EVP_aes_256_gcm,
  37. EVP_aes_128_ocb,
  38. EVP_aes_192_ocb,
  39. EVP_aes_256_ocb,
  40. EVP_aes_128_wrap,
  41. EVP_aes_192_wrap,
  42. EVP_aes_256_wrap,
  43. EVP_aes_128_wrap_pad,
  44. EVP_aes_192_wrap_pad,
  45. EVP_aes_256_wrap_pad,
  46. EVP_aes_128_xts,
  47. EVP_aes_256_xts
  48. - EVP AES cipher
  49. =head1 SYNOPSIS
  50. =for openssl generic
  51. #include <openssl/evp.h>
  52. const EVP_CIPHER *EVP_ciphername(void)
  53. I<EVP_ciphername> is used a placeholder for any of the described cipher
  54. functions, such as I<EVP_aes_128_cbc>.
  55. =head1 DESCRIPTION
  56. The AES encryption algorithm for EVP.
  57. =over 4
  58. =item EVP_aes_128_cbc(),
  59. EVP_aes_192_cbc(),
  60. EVP_aes_256_cbc(),
  61. EVP_aes_128_cfb(),
  62. EVP_aes_192_cfb(),
  63. EVP_aes_256_cfb(),
  64. EVP_aes_128_cfb1(),
  65. EVP_aes_192_cfb1(),
  66. EVP_aes_256_cfb1(),
  67. EVP_aes_128_cfb8(),
  68. EVP_aes_192_cfb8(),
  69. EVP_aes_256_cfb8(),
  70. EVP_aes_128_cfb128(),
  71. EVP_aes_192_cfb128(),
  72. EVP_aes_256_cfb128(),
  73. EVP_aes_128_ctr(),
  74. EVP_aes_192_ctr(),
  75. EVP_aes_256_ctr(),
  76. EVP_aes_128_ecb(),
  77. EVP_aes_192_ecb(),
  78. EVP_aes_256_ecb(),
  79. EVP_aes_128_ofb(),
  80. EVP_aes_192_ofb(),
  81. EVP_aes_256_ofb()
  82. AES for 128, 192 and 256 bit keys in the following modes: CBC, CFB with 128-bit
  83. shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB, and OFB.
  84. =item EVP_aes_128_cbc_hmac_sha1(),
  85. EVP_aes_256_cbc_hmac_sha1()
  86. Authenticated encryption with AES in CBC mode using SHA-1 as HMAC, with keys of
  87. 128 and 256 bits length respectively. The authentication tag is 160 bits long.
  88. WARNING: this is not intended for usage outside of TLS and requires calling of
  89. some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD
  90. interface.
  91. =item EVP_aes_128_cbc_hmac_sha256(),
  92. EVP_aes_256_cbc_hmac_sha256()
  93. Authenticated encryption with AES in CBC mode using SHA256 (SHA-2, 256-bits) as
  94. HMAC, with keys of 128 and 256 bits length respectively. The authentication tag
  95. is 256 bits long.
  96. WARNING: this is not intended for usage outside of TLS and requires calling of
  97. some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD
  98. interface.
  99. =item EVP_aes_128_ccm(),
  100. EVP_aes_192_ccm(),
  101. EVP_aes_256_ccm(),
  102. EVP_aes_128_gcm(),
  103. EVP_aes_192_gcm(),
  104. EVP_aes_256_gcm(),
  105. EVP_aes_128_ocb(),
  106. EVP_aes_192_ocb(),
  107. EVP_aes_256_ocb()
  108. AES for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM), Galois Counter Mode
  109. (GCM) and OCB Mode respectively. These ciphers require additional control
  110. operations to function correctly, see the L<EVP_EncryptInit(3)/AEAD Interface>
  111. section for details.
  112. =item EVP_aes_128_wrap(),
  113. EVP_aes_192_wrap(),
  114. EVP_aes_256_wrap(),
  115. EVP_aes_128_wrap_pad(),
  116. EVP_aes_192_wrap_pad(),
  117. EVP_aes_256_wrap_pad()
  118. AES key wrap with 128, 192 and 256 bit keys, as according to RFC 3394 section
  119. 2.2.1 ("wrap") and RFC 5649 section 4.1 ("wrap with padding") respectively.
  120. =item EVP_aes_128_xts(),
  121. EVP_aes_256_xts()
  122. AES XTS mode (XTS-AES) is standardized in IEEE Std. 1619-2007 and described in NIST
  123. SP 800-38E. The XTS (XEX-based tweaked-codebook mode with ciphertext stealing)
  124. mode was designed by Prof. Phillip Rogaway of University of California, Davis,
  125. intended for encrypting data on a storage device.
  126. XTS-AES provides confidentiality but not authentication of data. It also
  127. requires a key of double-length for protection of a certain key size.
  128. In particular, XTS-AES-128 (B<EVP_aes_128_xts>) takes input of a 256-bit key to
  129. achieve AES 128-bit security, and XTS-AES-256 (B<EVP_aes_256_xts>) takes input
  130. of a 512-bit key to achieve AES 256-bit security.
  131. The XTS implementation in OpenSSL does not support streaming. That is there must
  132. only be one L<EVP_EncryptUpdate(3)> call per L<EVP_EncryptInit_ex(3)> call (and
  133. similarly with the "Decrypt" functions).
  134. The I<iv> parameter to L<EVP_EncryptInit_ex(3)> or L<EVP_DecryptInit_ex(3)> is
  135. the XTS "tweak" value.
  136. =back
  137. =head1 NOTES
  138. Developers should be aware of the negative performance implications of
  139. calling these functions multiple times and should consider using
  140. L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-AES(7)> instead.
  141. See L<crypto(7)/Performance> for further information.
  142. =head1 RETURN VALUES
  143. These functions return an B<EVP_CIPHER> structure that contains the
  144. implementation of the symmetric cipher. See L<EVP_CIPHER_meth_new(3)> for
  145. details of the B<EVP_CIPHER> structure.
  146. =head1 SEE ALSO
  147. L<evp(7)>,
  148. L<EVP_EncryptInit(3)>,
  149. L<EVP_CIPHER_meth_new(3)>
  150. =head1 COPYRIGHT
  151. Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
  152. Licensed under the Apache License 2.0 (the "License"). You may not use
  153. this file except in compliance with the License. You can obtain a copy
  154. in the file LICENSE in the source distribution or at
  155. L<https://www.openssl.org/source/license.html>.
  156. =cut