xref: /openbsd/lib/libcrypto/man/EVP_aes_128_cbc.3 (revision 771fbea0) 
1.\" $OpenBSD: EVP_aes_128_cbc.3,v 1.4 2020/06/24 18:15:00 jmc Exp $
2.\" selective merge up to: OpenSSL 7c6d372a Nov 20 13:20:01 2018 +0000
3.\"
4.\" This file was written by Ronald Tse <ronald.tse@ribose.com>
5.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions
9.\" are met:
10.\"
11.\" 1. Redistributions of source code must retain the above copyright
12.\"    notice, this list of conditions and the following disclaimer.
13.\"
14.\" 2. Redistributions in binary form must reproduce the above copyright
15.\"    notice, this list of conditions and the following disclaimer in
16.\"    the documentation and/or other materials provided with the
17.\"    distribution.
18.\"
19.\" 3. All advertising materials mentioning features or use of this
20.\"    software must display the following acknowledgment:
21.\"    "This product includes software developed by the OpenSSL Project
22.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
23.\"
24.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25.\"    endorse or promote products derived from this software without
26.\"    prior written permission. For written permission, please contact
27.\"    openssl-core@openssl.org.
28.\"
29.\" 5. Products derived from this software may not be called "OpenSSL"
30.\"    nor may "OpenSSL" appear in their names without prior written
31.\"    permission of the OpenSSL Project.
32.\"
33.\" 6. Redistributions of any form whatsoever must retain the following
34.\"    acknowledgment:
35.\"    "This product includes software developed by the OpenSSL Project
36.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
37.\"
38.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
42.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50.\"
51.Dd $Mdocdate: June 24 2020 $
52.Dt EVP_AES_128_CBC 3
53.Os
54.Sh NAME
55.Nm EVP_aes_128_cbc ,
56.Nm EVP_aes_192_cbc ,
57.Nm EVP_aes_256_cbc ,
58.Nm EVP_aes_128_cfb1 ,
59.Nm EVP_aes_192_cfb1 ,
60.Nm EVP_aes_256_cfb1 ,
61.Nm EVP_aes_128_cfb8 ,
62.Nm EVP_aes_192_cfb8 ,
63.Nm EVP_aes_256_cfb8 ,
64.Nm EVP_aes_128_cfb128 ,
65.Nm EVP_aes_192_cfb128 ,
66.Nm EVP_aes_256_cfb128 ,
67.Nm EVP_aes_128_cfb ,
68.Nm EVP_aes_192_cfb ,
69.Nm EVP_aes_256_cfb ,
70.Nm EVP_aes_128_ctr ,
71.Nm EVP_aes_192_ctr ,
72.Nm EVP_aes_256_ctr ,
73.Nm EVP_aes_128_ecb ,
74.Nm EVP_aes_192_ecb ,
75.Nm EVP_aes_256_ecb ,
76.Nm EVP_aes_128_ofb ,
77.Nm EVP_aes_192_ofb ,
78.Nm EVP_aes_256_ofb ,
79.Nm EVP_aes_128_cbc_hmac_sha1 ,
80.Nm EVP_aes_256_cbc_hmac_sha1 ,
81.Nm EVP_aes_128_ccm ,
82.Nm EVP_aes_192_ccm ,
83.Nm EVP_aes_256_ccm ,
84.Nm EVP_aes_128_gcm ,
85.Nm EVP_aes_192_gcm ,
86.Nm EVP_aes_256_gcm ,
87.Nm EVP_aes_128_wrap ,
88.Nm EVP_aes_192_wrap ,
89.Nm EVP_aes_256_wrap ,
90.Nm EVP_aes_128_xts ,
91.Nm EVP_aes_256_xts
92.Nd EVP AES cipher
93.Sh SYNOPSIS
94.In openssl/evp.h
95.Ft const EVP_CIPHER *
96.Fn EVP_aes_128_cbc void
97.Ft const EVP_CIPHER *
98.Fn EVP_aes_192_cbc void
99.Ft const EVP_CIPHER *
100.Fn EVP_aes_256_cbc void
101.Ft const EVP_CIPHER *
102.Fn EVP_aes_128_cfb1 void
103.Ft const EVP_CIPHER *
104.Fn EVP_aes_192_cfb1 void
105.Ft const EVP_CIPHER *
106.Fn EVP_aes_256_cfb1 void
107.Ft const EVP_CIPHER *
108.Fn EVP_aes_128_cfb8 void
109.Ft const EVP_CIPHER *
110.Fn EVP_aes_192_cfb8 void
111.Ft const EVP_CIPHER *
112.Fn EVP_aes_256_cfb8 void
113.Ft const EVP_CIPHER *
114.Fn EVP_aes_128_cfb128 void
115.Ft const EVP_CIPHER *
116.Fn EVP_aes_192_cfb128 void
117.Ft const EVP_CIPHER *
118.Fn EVP_aes_256_cfb128 void
119.Ft const EVP_CIPHER *
120.Fn EVP_aes_128_cfb void
121.Ft const EVP_CIPHER *
122.Fn EVP_aes_192_cfb void
123.Ft const EVP_CIPHER *
124.Fn EVP_aes_256_cfb void
125.Ft const EVP_CIPHER *
126.Fn EVP_aes_128_ctr void
127.Ft const EVP_CIPHER *
128.Fn EVP_aes_192_ctr void
129.Ft const EVP_CIPHER *
130.Fn EVP_aes_256_ctr void
131.Ft const EVP_CIPHER *
132.Fn EVP_aes_128_ecb void
133.Ft const EVP_CIPHER *
134.Fn EVP_aes_192_ecb void
135.Ft const EVP_CIPHER *
136.Fn EVP_aes_256_ecb void
137.Ft const EVP_CIPHER *
138.Fn EVP_aes_128_ofb void
139.Ft const EVP_CIPHER *
140.Fn EVP_aes_192_ofb void
141.Ft const EVP_CIPHER *
142.Fn EVP_aes_256_ofb void
143.Ft const EVP_CIPHER *
144.Fn EVP_aes_128_cbc_hmac_sha1 void
145.Ft const EVP_CIPHER *
146.Fn EVP_aes_256_cbc_hmac_sha1 void
147.Ft const EVP_CIPHER *
148.Fn EVP_aes_128_ccm void
149.Ft const EVP_CIPHER *
150.Fn EVP_aes_192_ccm void
151.Ft const EVP_CIPHER *
152.Fn EVP_aes_256_ccm void
153.Ft const EVP_CIPHER *
154.Fn EVP_aes_128_gcm void
155.Ft const EVP_CIPHER *
156.Fn EVP_aes_192_gcm void
157.Ft const EVP_CIPHER *
158.Fn EVP_aes_256_gcm void
159.Ft const EVP_CIPHER *
160.Fn EVP_aes_128_wrap void
161.Ft const EVP_CIPHER *
162.Fn EVP_aes_192_wrap void
163.Ft const EVP_CIPHER *
164.Fn EVP_aes_256_wrap void
165.Ft const EVP_CIPHER *
166.Fn EVP_aes_128_xts void
167.Ft const EVP_CIPHER *
168.Fn EVP_aes_256_xts void
169.Sh DESCRIPTION
170These functions provide the AES encryption algorithm in the
171.Xr evp 3
172framework.
173.Pp
174.Fn EVP_aes_128_cbc ,
175.Fn EVP_aes_192_cbc ,
176.Fn EVP_aes_256_cbc ,
177.Fn EVP_aes_128_cfb1 ,
178.Fn EVP_aes_192_cfb1 ,
179.Fn EVP_aes_256_cfb1 ,
180.Fn EVP_aes_128_cfb8 ,
181.Fn EVP_aes_192_cfb8 ,
182.Fn EVP_aes_256_cfb8 ,
183.Fn EVP_aes_128_cfb128 ,
184.Fn EVP_aes_192_cfb128 ,
185.Fn EVP_aes_256_cfb128 ,
186.Fn EVP_aes_128_ctr ,
187.Fn EVP_aes_192_ctr ,
188.Fn EVP_aes_256_ctr ,
189.Fn EVP_aes_128_ecb ,
190.Fn EVP_aes_192_ecb ,
191.Fn EVP_aes_256_ecb ,
192.Fn EVP_aes_128_ofb ,
193.Fn EVP_aes_192_ofb ,
194and
195.Fn EVP_aes_256_ofb
196provide AES for 128, 192, and 256-bit keys in the following modes:
197CBC, CFB with 1-bit shift, CFB with 8-bit shift, CFB with 128-bit shift,
198CTR, ECB, and OFB.
199.Pp
200.Fn EVP_aes_128_cfb ,
201.Fn EVP_aes_192_cfb ,
202and
203.Fn EVP_aes_256_cfb
204are aliases for
205.Fn EVP_aes_128_cfb128 ,
206.Fn EVP_aes_192_cfb128 ,
207and
208.Fn EVP_aes_256_cfb128 .
209.Pp
210.Fn EVP_aes_128_cbc_hmac_sha1
211and
212.Fn EVP_aes_256_cbc_hmac_sha1
213provide authenticated encryption with AES in CBC mode using SHA-1 as HMAC,
214with keys of 128 and 256-bit length respectively.
215The authentication tag is 160 bits long.
216This is not intended for usage outside of TLS and requires
217calling of some undocumented control functions.
218These ciphers do not conform to the EVP AEAD interface.
219.Pp
220.Fn EVP_aes_128_ccm ,
221.Fn EVP_aes_192_ccm ,
222.Fn EVP_aes_256_ccm ,
223.Fn EVP_aes_128_gcm ,
224.Fn EVP_aes_192_gcm ,
225and
226.Fn EVP_aes_256_gcm
227provide AES for 128, 192 and 256-bit keys in CBC-MAC Mode (CCM)
228and Galois Counter Mode (GCM), respectively.
229These ciphers require additional control operations to function
230correctly; see
231.Xr EVP_EncryptInit 3
232for details.
233.Pp
234.Fn EVP_aes_128_wrap ,
235.Fn EVP_aes_192_wrap ,
236and
237.Fn EVP_aes_256_wrap
238provide AES key wrap with 128, 192 and 256-bit keys
239according to RFC 3394 section 2.2.1 ("wrap").
240When the returned
241.Vt EVP_CIPHER
242object is later passed to
243.Xr EVP_CipherInit_ex 3 ,
244.Xr EVP_EncryptInit_ex 3 ,
245or
246.Xr EVP_DecryptInit_ex 3
247together with an
248.Vt EVP_CIPHER_CTX
249object, the flag
250.Dv EVP_CIPHER_CTX_FLAG_WRAP_ALLOW
251must have been set in the
252.Vt EVP_CIPHER_CTX
253using
254.Xr EVP_CIPHER_CTX_set_flags 3 .
255Otherwise, or when passing the returned
256.Vt EVP_CIPHER
257object to
258.Xr EVP_CipherInit 3 ,
259.Xr EVP_EncryptInit 3 ,
260or
261.Xr EVP_DecryptInit 3 ,
262initialization fails with a
263.Dq wrap not allowed
264error.
265.Pp
266.Fn EVP_aes_128_xts
267and
268.Fn EVP_aes_256_xts
269provide XEX-based tweaked-codebook mode with ciphertext stealing (XTS-AES)
270as specified in IEEE Std. 1619-2007 and described in NIST SP 800-38E.
271It was designed for encrypting data on a storage device,
272provides confidentiality but not authentication of data,
273and requires a key of double length for protection of a certain key size.
274In particular, XTS-AES-128 takes input of a 256-bit key to achieve
275AES 128-bit security, and XTS-AES-256 takes input of a 512-bit key
276to achieve AES 256-bit security.
277.Sh RETURN VALUES
278These functions return an
279.Vt EVP_CIPHER
280structure that provides the implementation of the symmetric cipher.
281.Sh SEE ALSO
282.Xr AES_encrypt 3 ,
283.Xr evp 3 ,
284.Xr EVP_EncryptInit 3
285.Sh HISTORY
286.Fn EVP_aes_128_cbc ,
287.Fn EVP_aes_192_cbc ,
288.Fn EVP_aes_256_cbc ,
289.Fn EVP_aes_128_cfb ,
290.Fn EVP_aes_192_cfb ,
291.Fn EVP_aes_256_cfb ,
292.Fn EVP_aes_128_ebc ,
293.Fn EVP_aes_192_ebc ,
294.Fn EVP_aes_256_ebc ,
295.Fn EVP_aes_128_ofb ,
296.Fn EVP_aes_192_ofb ,
297and
298.Fn EVP_aes_256_ofb
299first appeared in OpenSSL 0.9.7 and have been available since
300.Ox 3.2 .
301.Pp
302.Fn EVP_aes_128_cfb1 ,
303.Fn EVP_aes_192_cfb1 ,
304.Fn EVP_aes_256_cfb1 ,
305.Fn EVP_aes_128_cfb8 ,
306.Fn EVP_aes_192_cfb8 ,
307.Fn EVP_aes_256_cfb8 ,
308.Fn EVP_aes_128_cfb128 ,
309.Fn EVP_aes_192_cfb128 ,
310and
311.Fn EVP_aes_256_cfb128
312first appeared in OpenSSL 0.9.7e and have been available since
313.Ox 3.8 .
314.Pp
315.Fn EVP_aes_128_ctr ,
316.Fn EVP_aes_192_ctr ,
317.Fn EVP_aes_256_ctr ,
318.Fn EVP_aes_128_cbc_hmac_sha1 ,
319.Fn EVP_aes_256_cbc_hmac_sha1 ,
320.Fn EVP_aes_128_ccm ,
321.Fn EVP_aes_192_ccm ,
322.Fn EVP_aes_256_ccm ,
323.Fn EVP_aes_128_gcm ,
324.Fn EVP_aes_192_gcm ,
325.Fn EVP_aes_256_gcm ,
326.Fn EVP_aes_128_xts ,
327and
328.Fn EVP_aes_256_xts
329first appeared in OpenSSL 1.0.1 and have been available since
330.Ox 5.3 .
331.Pp
332.Fn EVP_aes_128_wrap ,
333.Fn EVP_aes_192_wrap ,
334and
335.Fn EVP_aes_256_wrap
336first appeared in OpenSSL 1.0.2 and have been available since
337.Ox 6.5 .
338