mbedtls_gcm_auth_decrypt() function

The GCM context. This must be initialized.

The length of the ciphertext to decrypt, which is also the length of the decrypted plaintext.

The initialization vector. This must be a readable buffer of at least \p iv_len Bytes.

The length of the IV.

The buffer holding the additional data. This must be of at least that size in Bytes.

The length of the additional data.

The buffer holding the tag to verify. This must be a readable buffer of at least \p tag_len Bytes.

The length of the tag to verify.

The buffer holding the ciphertext. If \p length is greater than zero, this must be a readable buffer of at least that size.

The buffer for holding the decrypted plaintext. If \p length is greater than zero, this must be a writable buffer of at least that size.

This function clears a GCM context and the underlying cipher sub-context.

This function feeds an input buffer into an ongoing GCM encryption or decryption operation. You may call this function zero, one or more times to pass successive parts of the input: the plaintext to encrypt, or the ciphertext (not including the tag) to decrypt. After the last part of the input, call mbedtls_gcm_finish(). This function may produce output in one of the following ways: - Immediate output: the output length is always equal to the input length. - Buffered output: the output consists of a whole number of 16-byte blocks. If the total input length so far (not including associated data) is 16 \* *B* + *A* with *A* < 16 then the total output length is 16 \* *B*. In particular: - It is always correct to call this function with \p output_size >= \p input_length + 15. - If \p input_length is a multiple of 16 for all the calls to this function during an operation, then it is correct to use \p output_size = \p input_length.

This function associates a GCM context with a cipher algorithm and a key.

This function initializes the specified GCM context, to make references valid, and prepares the context for mbedtls_gcm_setkey() or mbedtls_gcm_free(). The function does not bind the GCM context to a particular cipher, nor set the key. For this purpose, use mbedtls_gcm_setkey().

This function performs GCM encryption or decryption of a buffer. \warning When this function performs a decryption, it outputs the authentication tag and does not verify that the data is authentic. You should use this function to perform encryption only. For decryption, use mbedtls_gcm_auth_decrypt() instead.

This function finishes the GCM operation and generates the authentication tag. It wraps up the GCM stream, and generates the tag. The tag can have a maximum length of 16 Bytes.

This function starts a GCM encryption or decryption operation.

This function feeds an input buffer as associated data (authenticated but not encrypted data) in a GCM encryption or decryption operation. Call this function after mbedtls_gcm_starts() to pass the associated data. If the associated data is empty, you do not need to call this function. You may not call this function after calling mbedtls_cipher_update().