mbedtls_cipher_auth_encrypt_ext() function

The generic cipher context. This must be initialized and bound to a key, with an AEAD algorithm or NIST_KW.

The nonce to use. This must be a readable buffer of at least \p iv_len Bytes and may be \c NULL if \p iv_len is \c 0.

The length of the nonce. For AEAD ciphers, this must satisfy the constraints imposed by the cipher used. For NIST_KW, this must be \c 0.

The additional data to authenticate. This must be a readable buffer of at least \p ad_len Bytes, and may be \c NULL is \p ad_len is \c 0.

The length of \p ad. For NIST_KW, this must be \c 0.

The buffer holding the input data. This must be a readable buffer of at least \p ilen Bytes, and may be \c NULL if \p ilen is \c 0.

The length of the input data.

The buffer for the output data. This must be a writable buffer of at least \p output_len Bytes, and must not be \c NULL.

The length of the \p output buffer in Bytes. For AEAD ciphers, this must be at least \p ilen + \p tag_len. For NIST_KW, this must be at least \p ilen + 8 (rounded up to a multiple of 8 if KWP is used); \p ilen + 15 is always a safe value.

This will be filled with the actual number of Bytes written to the \p output buffer. This must point to a writable object of type \c size_t.

The desired length of the authentication tag. For AEAD ciphers, this must match the constraints imposed by the cipher used, and in particular must not be \c 0. For NIST_KW, this must be \c 0.

This function frees and clears the cipher-specific context of \p ctx. Freeing \p ctx itself remains the responsibility of the caller.

The generic cipher update function. It encrypts or decrypts using the given cipher context. Writes as many block-sized blocks of data as possible to output. Any data that cannot be written immediately is either added to the next block, or flushed when mbedtls_cipher_finish() is called. Exception: For MBEDTLS_MODE_ECB, expects a single block in size. For example, 16 Bytes for AES.

This function prepares a cipher context for use with the given cipher primitive.

This function sets the key to use with the given context.

This function initializes a \p ctx as NONE.

This function sets the padding mode, for cipher modes that use padding.

This function starts a new CMAC computation by setting the CMAC key, and preparing to authenticate the input data. It must be called with an initialized cipher context. Once this function has completed, data can be supplied to the CMAC computation by calling mbedtls_cipher_cmac_update(). To start a CMAC computation using the same key as a previous CMAC computation, use mbedtls_cipher_cmac_finish().

This function feeds an input buffer into an ongoing CMAC computation. The CMAC computation must have previously been started by calling mbedtls_cipher_cmac_starts() or mbedtls_cipher_cmac_reset(). Call this function as many times as needed to input the data to be authenticated. Once all of the required data has been input, call mbedtls_cipher_cmac_finish() to obtain the result of the CMAC operation.

This function finishes an ongoing CMAC operation, and writes the result to the output buffer. It should be followed either by mbedtls_cipher_cmac_reset(), which starts another CMAC operation with the same key, or mbedtls_cipher_free(), which clears the cipher context.

This function returns the block size of the given cipher in bytes.

The generic cipher finalization function. If data still needs to be flushed from an incomplete block, the data contained in it is padded to the size of the last block, and written to the \p output buffer.

The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs.

This function sets the initialization vector (IV) or nonce.

This function resets the cipher state.

The authenticated encryption (AEAD/NIST_KW) function.

This function returns the mode of operation for the cipher. For example, MBEDTLS_MODE_CBC.

This function returns the key length of the cipher.

This function returns the size of the IV or nonce of the cipher, in Bytes.

This function starts a new CMAC operation with the same key as the previous one. It should be called after finishing the previous CMAC operation with mbedtls_cipher_cmac_finish(). After calling this function, call mbedtls_cipher_cmac_update() to supply the new CMAC operation with data.

This function adds additional data for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305.

This function writes a tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().

This function checks the tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().

Process input for which the algorithm is set to ECB mode. This requires manual processing, since the PSA API is defined as being able to process arbitrary-length calls to psa_cipher_update() with ECB mode, but the underlying mbedtls_cipher_update only takes full blocks.

This function returns the type of the given cipher.

This function returns the name of the given cipher as a string.

This function returns the operation of the given cipher.