1=pod 2 3=head1 NAME 4 5EVP_aes_128_cbc, 6EVP_aes_192_cbc, 7EVP_aes_256_cbc, 8EVP_aes_128_cfb, 9EVP_aes_192_cfb, 10EVP_aes_256_cfb, 11EVP_aes_128_cfb1, 12EVP_aes_192_cfb1, 13EVP_aes_256_cfb1, 14EVP_aes_128_cfb8, 15EVP_aes_192_cfb8, 16EVP_aes_256_cfb8, 17EVP_aes_128_cfb128, 18EVP_aes_192_cfb128, 19EVP_aes_256_cfb128, 20EVP_aes_128_ctr, 21EVP_aes_192_ctr, 22EVP_aes_256_ctr, 23EVP_aes_128_ecb, 24EVP_aes_192_ecb, 25EVP_aes_256_ecb, 26EVP_aes_128_ofb, 27EVP_aes_192_ofb, 28EVP_aes_256_ofb, 29EVP_aes_128_cbc_hmac_sha1, 30EVP_aes_256_cbc_hmac_sha1, 31EVP_aes_128_cbc_hmac_sha256, 32EVP_aes_256_cbc_hmac_sha256, 33EVP_aes_128_ccm, 34EVP_aes_192_ccm, 35EVP_aes_256_ccm, 36EVP_aes_128_gcm, 37EVP_aes_192_gcm, 38EVP_aes_256_gcm, 39EVP_aes_128_ocb, 40EVP_aes_192_ocb, 41EVP_aes_256_ocb, 42EVP_aes_128_wrap, 43EVP_aes_192_wrap, 44EVP_aes_256_wrap, 45EVP_aes_128_wrap_pad, 46EVP_aes_192_wrap_pad, 47EVP_aes_256_wrap_pad, 48EVP_aes_128_xts, 49EVP_aes_256_xts 50- EVP AES cipher 51 52=head1 SYNOPSIS 53 54=for openssl generic 55 56 #include <openssl/evp.h> 57 58 const EVP_CIPHER *EVP_ciphername(void) 59 60I<EVP_ciphername> is used a placeholder for any of the described cipher 61functions, such as I<EVP_aes_128_cbc>. 62 63=head1 DESCRIPTION 64 65The AES encryption algorithm for EVP. 66 67=over 4 68 69=item EVP_aes_128_cbc(), 70EVP_aes_192_cbc(), 71EVP_aes_256_cbc(), 72EVP_aes_128_cfb(), 73EVP_aes_192_cfb(), 74EVP_aes_256_cfb(), 75EVP_aes_128_cfb1(), 76EVP_aes_192_cfb1(), 77EVP_aes_256_cfb1(), 78EVP_aes_128_cfb8(), 79EVP_aes_192_cfb8(), 80EVP_aes_256_cfb8(), 81EVP_aes_128_cfb128(), 82EVP_aes_192_cfb128(), 83EVP_aes_256_cfb128(), 84EVP_aes_128_ctr(), 85EVP_aes_192_ctr(), 86EVP_aes_256_ctr(), 87EVP_aes_128_ecb(), 88EVP_aes_192_ecb(), 89EVP_aes_256_ecb(), 90EVP_aes_128_ofb(), 91EVP_aes_192_ofb(), 92EVP_aes_256_ofb() 93 94AES for 128, 192 and 256 bit keys in the following modes: CBC, CFB with 128-bit 95shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB, and OFB. 96 97=item EVP_aes_128_cbc_hmac_sha1(), 98EVP_aes_256_cbc_hmac_sha1() 99 100Authenticated encryption with AES in CBC mode using SHA-1 as HMAC, with keys of 101128 and 256 bits length respectively. The authentication tag is 160 bits long. 102 103WARNING: this is not intended for usage outside of TLS and requires calling of 104some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD 105interface. 106 107=item EVP_aes_128_cbc_hmac_sha256(), 108EVP_aes_256_cbc_hmac_sha256() 109 110Authenticated encryption with AES in CBC mode using SHA256 (SHA-2, 256-bits) as 111HMAC, with keys of 128 and 256 bits length respectively. The authentication tag 112is 256 bits long. 113 114WARNING: this is not intended for usage outside of TLS and requires calling of 115some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD 116interface. 117 118=item EVP_aes_128_ccm(), 119EVP_aes_192_ccm(), 120EVP_aes_256_ccm(), 121EVP_aes_128_gcm(), 122EVP_aes_192_gcm(), 123EVP_aes_256_gcm(), 124EVP_aes_128_ocb(), 125EVP_aes_192_ocb(), 126EVP_aes_256_ocb() 127 128AES for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM), Galois Counter Mode 129(GCM) and OCB Mode respectively. These ciphers require additional control 130operations to function correctly, see the L<EVP_EncryptInit(3)/AEAD Interface> 131section for details. 132 133=item EVP_aes_128_wrap(), 134EVP_aes_192_wrap(), 135EVP_aes_256_wrap(), 136EVP_aes_128_wrap_pad(), 137EVP_aes_192_wrap_pad(), 138EVP_aes_256_wrap_pad() 139 140AES key wrap with 128, 192 and 256 bit keys, as according to RFC 3394 section 1412.2.1 ("wrap") and RFC 5649 section 4.1 ("wrap with padding") respectively. 142 143=item EVP_aes_128_xts(), 144EVP_aes_256_xts() 145 146AES XTS mode (XTS-AES) is standardized in IEEE Std. 1619-2007 and described in NIST 147SP 800-38E. The XTS (XEX-based tweaked-codebook mode with ciphertext stealing) 148mode was designed by Prof. Phillip Rogaway of University of California, Davis, 149intended for encrypting data on a storage device. 150 151XTS-AES provides confidentiality but not authentication of data. It also 152requires a key of double-length for protection of a certain key size. 153In particular, XTS-AES-128 (B<EVP_aes_128_xts>) takes input of a 256-bit key to 154achieve AES 128-bit security, and XTS-AES-256 (B<EVP_aes_256_xts>) takes input 155of a 512-bit key to achieve AES 256-bit security. 156 157The XTS implementation in OpenSSL does not support streaming. That is there must 158only be one L<EVP_EncryptUpdate(3)> call per L<EVP_EncryptInit_ex(3)> call (and 159similarly with the "Decrypt" functions). 160 161The I<iv> parameter to L<EVP_EncryptInit_ex(3)> or L<EVP_DecryptInit_ex(3)> is 162the XTS "tweak" value. 163 164=back 165 166=head1 NOTES 167 168Developers should be aware of the negative performance implications of 169calling these functions multiple times and should consider using 170L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-AES(7)> instead. 171See L<crypto(7)/Performance> for further information. 172 173=head1 RETURN VALUES 174 175These functions return an B<EVP_CIPHER> structure that contains the 176implementation of the symmetric cipher. See L<EVP_CIPHER_meth_new(3)> for 177details of the B<EVP_CIPHER> structure. 178 179=head1 SEE ALSO 180 181L<evp(7)>, 182L<EVP_EncryptInit(3)>, 183L<EVP_CIPHER_meth_new(3)> 184 185=head1 COPYRIGHT 186 187Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. 188 189Licensed under the Apache License 2.0 (the "License"). You may not use 190this file except in compliance with the License. You can obtain a copy 191in the file LICENSE in the source distribution or at 192L<https://www.openssl.org/source/license.html>. 193 194=cut 195 196