1=pod 2 3=head1 NAME 4 5EVP_aes_128_cbc, 6EVP_aes_192_cbc, 7EVP_aes_256_cbc, 8EVP_aes_128_cfb, 9EVP_aes_192_cfb, 10EVP_aes_256_cfb, 11EVP_aes_128_cfb1, 12EVP_aes_192_cfb1, 13EVP_aes_256_cfb1, 14EVP_aes_128_cfb8, 15EVP_aes_192_cfb8, 16EVP_aes_256_cfb8, 17EVP_aes_128_cfb128, 18EVP_aes_192_cfb128, 19EVP_aes_256_cfb128, 20EVP_aes_128_ctr, 21EVP_aes_192_ctr, 22EVP_aes_256_ctr, 23EVP_aes_128_ecb, 24EVP_aes_192_ecb, 25EVP_aes_256_ecb, 26EVP_aes_128_ofb, 27EVP_aes_192_ofb, 28EVP_aes_256_ofb, 29EVP_aes_128_cbc_hmac_sha1, 30EVP_aes_256_cbc_hmac_sha1, 31EVP_aes_128_cbc_hmac_sha256, 32EVP_aes_256_cbc_hmac_sha256, 33EVP_aes_128_ccm, 34EVP_aes_192_ccm, 35EVP_aes_256_ccm, 36EVP_aes_128_gcm, 37EVP_aes_192_gcm, 38EVP_aes_256_gcm, 39EVP_aes_128_ocb, 40EVP_aes_192_ocb, 41EVP_aes_256_ocb, 42EVP_aes_128_wrap, 43EVP_aes_192_wrap, 44EVP_aes_256_wrap, 45EVP_aes_128_wrap_pad, 46EVP_aes_192_wrap_pad, 47EVP_aes_256_wrap_pad, 48EVP_aes_128_xts, 49EVP_aes_256_xts 50- EVP AES cipher 51 52=head1 SYNOPSIS 53 54=for comment generic 55 56 #include <openssl/evp.h> 57 58 const EVP_CIPHER *EVP_ciphername(void) 59 60I<EVP_ciphername> is used a placeholder for any of the described cipher 61functions, such as I<EVP_aes_128_cbc>. 62 63=head1 DESCRIPTION 64 65The AES encryption algorithm for EVP. 66 67=over 4 68 69=item EVP_aes_128_cbc(), 70EVP_aes_192_cbc(), 71EVP_aes_256_cbc(), 72EVP_aes_128_cfb(), 73EVP_aes_192_cfb(), 74EVP_aes_256_cfb(), 75EVP_aes_128_cfb1(), 76EVP_aes_192_cfb1(), 77EVP_aes_256_cfb1(), 78EVP_aes_128_cfb8(), 79EVP_aes_192_cfb8(), 80EVP_aes_256_cfb8(), 81EVP_aes_128_cfb128(), 82EVP_aes_192_cfb128(), 83EVP_aes_256_cfb128(), 84EVP_aes_128_ctr(), 85EVP_aes_192_ctr(), 86EVP_aes_256_ctr(), 87EVP_aes_128_ecb(), 88EVP_aes_192_ecb(), 89EVP_aes_256_ecb(), 90EVP_aes_128_ofb(), 91EVP_aes_192_ofb(), 92EVP_aes_256_ofb() 93 94AES for 128, 192 and 256 bit keys in the following modes: CBC, CFB with 128-bit 95shift, CFB with 1-bit shift, CFB with 8-bit shift, CTR, ECB, and OFB. 96 97=item EVP_aes_128_cbc_hmac_sha1(), 98EVP_aes_256_cbc_hmac_sha1() 99 100Authenticated encryption with AES in CBC mode using SHA-1 as HMAC, with keys of 101128 and 256 bits length respectively. The authentication tag is 160 bits long. 102 103WARNING: this is not intended for usage outside of TLS and requires calling of 104some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD 105interface. 106 107=item EVP_aes_128_cbc_hmac_sha256(), 108EVP_aes_256_cbc_hmac_sha256() 109 110Authenticated encryption with AES in CBC mode using SHA256 (SHA-2, 256-bits) as 111HMAC, with keys of 128 and 256 bits length respectively. The authentication tag 112is 256 bits long. 113 114WARNING: this is not intended for usage outside of TLS and requires calling of 115some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD 116interface. 117 118=item EVP_aes_128_ccm(), 119EVP_aes_192_ccm(), 120EVP_aes_256_ccm(), 121EVP_aes_128_gcm(), 122EVP_aes_192_gcm(), 123EVP_aes_256_gcm(), 124EVP_aes_128_ocb(), 125EVP_aes_192_ocb(), 126EVP_aes_256_ocb() 127 128AES for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM), Galois Counter Mode 129(GCM) and OCB Mode respectively. These ciphers require additional control 130operations to function correctly, see the L<EVP_EncryptInit(3)/AEAD Interface> 131section for details. 132 133=item EVP_aes_128_wrap(), 134EVP_aes_192_wrap(), 135EVP_aes_256_wrap(), 136EVP_aes_128_wrap_pad(), 137EVP_aes_128_wrap(), 138EVP_aes_192_wrap(), 139EVP_aes_256_wrap(), 140EVP_aes_192_wrap_pad(), 141EVP_aes_128_wrap(), 142EVP_aes_192_wrap(), 143EVP_aes_256_wrap(), 144EVP_aes_256_wrap_pad() 145 146AES key wrap with 128, 192 and 256 bit keys, as according to RFC 3394 section 1472.2.1 ("wrap") and RFC 5649 section 4.1 ("wrap with padding") respectively. 148 149=item EVP_aes_128_xts(), 150EVP_aes_256_xts() 151 152AES XTS mode (XTS-AES) is standardized in IEEE Std. 1619-2007 and described in NIST 153SP 800-38E. The XTS (XEX-based tweaked-codebook mode with ciphertext stealing) 154mode was designed by Prof. Phillip Rogaway of University of California, Davis, 155intended for encrypting data on a storage device. 156 157XTS-AES provides confidentiality but not authentication of data. It also 158requires a key of double-length for protection of a certain key size. 159In particular, XTS-AES-128 (B<EVP_aes_128_xts>) takes input of a 256-bit key to 160achieve AES 128-bit security, and XTS-AES-256 (B<EVP_aes_256_xts>) takes input 161of a 512-bit key to achieve AES 256-bit security. 162 163The XTS implementation in OpenSSL does not support streaming. That is there must 164only be one L<EVP_EncryptUpdate(3)> call per L<EVP_EncryptInit_ex(3)> call (and 165similarly with the "Decrypt" functions). 166 167The I<iv> parameter to L<EVP_EncryptInit_ex(3)> or L<EVP_DecryptInit_ex(3)> is 168the XTS "tweak" value. 169 170=back 171 172=head1 RETURN VALUES 173 174These functions return an B<EVP_CIPHER> structure that contains the 175implementation of the symmetric cipher. See L<EVP_CIPHER_meth_new(3)> for 176details of the B<EVP_CIPHER> structure. 177 178=head1 SEE ALSO 179 180L<evp(7)>, 181L<EVP_EncryptInit(3)>, 182L<EVP_CIPHER_meth_new(3)> 183 184=head1 COPYRIGHT 185 186Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. 187 188Licensed under the OpenSSL license (the "License"). You may not use 189this file except in compliance with the License. You can obtain a copy 190in the file LICENSE in the source distribution or at 191L<https://www.openssl.org/source/license.html>. 192 193=cut 194 195