mbedtls_cipher_init() function

The context to be initialized. This must not be \c NULL.

This function frees and clears the cipher-specific context of \p ctx. Freeing \p ctx itself remains the responsibility of the caller.

The generic cipher update function. It encrypts or decrypts using the given cipher context. Writes as many block-sized blocks of data as possible to output. Any data that cannot be written immediately is either added to the next block, or flushed when mbedtls_cipher_finish() is called. Exception: For MBEDTLS_MODE_ECB, expects a single block in size. For example, 16 Bytes for AES.

This function prepares a cipher context for use with the given cipher primitive.

This function sets the key to use with the given context.

This function sets the padding mode, for cipher modes that use padding.

This function starts a new CMAC computation by setting the CMAC key, and preparing to authenticate the input data. It must be called with an initialized cipher context. Once this function has completed, data can be supplied to the CMAC computation by calling mbedtls_cipher_cmac_update(). To start a CMAC computation using the same key as a previous CMAC computation, use mbedtls_cipher_cmac_finish().

This function feeds an input buffer into an ongoing CMAC computation. The CMAC computation must have previously been started by calling mbedtls_cipher_cmac_starts() or mbedtls_cipher_cmac_reset(). Call this function as many times as needed to input the data to be authenticated. Once all of the required data has been input, call mbedtls_cipher_cmac_finish() to obtain the result of the CMAC operation.

This function finishes an ongoing CMAC operation, and writes the result to the output buffer. It should be followed either by mbedtls_cipher_cmac_reset(), which starts another CMAC operation with the same key, or mbedtls_cipher_free(), which clears the cipher context.

This function returns the block size of the given cipher in bytes.

The generic cipher finalization function. If data still needs to be flushed from an incomplete block, the data contained in it is padded to the size of the last block, and written to the \p output buffer.

The generic all-in-one encryption/decryption function, for all ciphers except AEAD constructs.

This function sets the initialization vector (IV) or nonce.

This function resets the cipher state.

The authenticated encryption (AEAD/NIST_KW) function.

The authenticated encryption (AEAD/NIST_KW) function.

This function returns the mode of operation for the cipher. For example, MBEDTLS_MODE_CBC.

This function returns the key length of the cipher.

This function returns the size of the IV or nonce of the cipher, in Bytes.

This function starts a new CMAC operation with the same key as the previous one. It should be called after finishing the previous CMAC operation with mbedtls_cipher_cmac_finish(). After calling this function, call mbedtls_cipher_cmac_update() to supply the new CMAC operation with data.

This function adds additional data for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305.

This function writes a tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().

This function checks the tag for AEAD ciphers. Currently supported with GCM and ChaCha20+Poly1305. This must be called after mbedtls_cipher_finish().

Process input for which the algorithm is set to ECB mode. This requires manual processing, since the PSA API is defined as being able to process arbitrary-length calls to psa_cipher_update() with ECB mode, but the underlying mbedtls_cipher_update only takes full blocks.

This function returns the type of the given cipher.

This function returns the name of the given cipher as a string.

This function returns the operation of the given cipher.