xref: /freebsd/crypto/openssl/doc/man7/EVP_CIPHER-AES.pod (revision e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6) 
1b077aed3SPierre Pronchery=pod
2b077aed3SPierre Pronchery
3b077aed3SPierre Pronchery=head1 NAME
4b077aed3SPierre Pronchery
5b077aed3SPierre ProncheryEVP_CIPHER-AES - The AES EVP_CIPHER implementations
6b077aed3SPierre Pronchery
7b077aed3SPierre Pronchery=head1 DESCRIPTION
8b077aed3SPierre Pronchery
9b077aed3SPierre ProncherySupport for AES symmetric encryption using the B<EVP_CIPHER> API.
10b077aed3SPierre Pronchery
11b077aed3SPierre Pronchery=head2 Algorithm Names
12b077aed3SPierre Pronchery
13b077aed3SPierre ProncheryThe following algorithms are available in the FIPS provider as well as the
14b077aed3SPierre Proncherydefault provider:
15b077aed3SPierre Pronchery
16b077aed3SPierre Pronchery=over 4
17b077aed3SPierre Pronchery
18b077aed3SPierre Pronchery=item "AES-128-CBC", "AES-192-CBC" and  "AES-256-CBC"
19b077aed3SPierre Pronchery
20b077aed3SPierre Pronchery=item "AES-128-CBC-CTS", "AES-192-CBC-CTS" and "AES-256-CBC-CTS"
21b077aed3SPierre Pronchery
22b077aed3SPierre Pronchery=item "AES-128-CFB", "AES-192-CFB", "AES-256-CFB",
23b077aed3SPierre Pronchery"AES-128-CFB1", "AES-192-CFB1", "AES-256-CFB1",
24b077aed3SPierre Pronchery"AES-128-CFB8", "AES-192-CFB8" and "AES-256-CFB8"
25b077aed3SPierre Pronchery
26b077aed3SPierre Pronchery=item "AES-128-CTR", "AES-192-CTR" and "AES-256-CTR"
27b077aed3SPierre Pronchery
28b077aed3SPierre Pronchery=item "AES-128-ECB", "AES-192-ECB" and "AES-256-ECB"
29b077aed3SPierre Pronchery
30b077aed3SPierre Pronchery=item "AES-192-OFB", "AES-128-OFB" and "AES-256-OFB"
31b077aed3SPierre Pronchery
32b077aed3SPierre Pronchery=item "AES-128-XTS" and "AES-256-XTS"
33b077aed3SPierre Pronchery
34b077aed3SPierre Pronchery=item "AES-128-CCM", "AES-192-CCM" and "AES-256-CCM"
35b077aed3SPierre Pronchery
36b077aed3SPierre Pronchery=item "AES-128-GCM", "AES-192-GCM" and "AES-256-GCM"
37b077aed3SPierre Pronchery
38b077aed3SPierre Pronchery=item "AES-128-WRAP", "AES-192-WRAP", "AES-256-WRAP",
39b077aed3SPierre Pronchery"AES-128-WRAP-PAD", "AES-192-WRAP-PAD", "AES-256-WRAP-PAD",
40b077aed3SPierre Pronchery"AES-128-WRAP-INV", "AES-192-WRAP-INV", "AES-256-WRAP-INV",
41b077aed3SPierre Pronchery"AES-128-WRAP-PAD-INV", "AES-192-WRAP-PAD-INV" and "AES-256-WRAP-PAD-INV"
42b077aed3SPierre Pronchery
43b077aed3SPierre Pronchery=item "AES-128-CBC-HMAC-SHA1", "AES-256-CBC-HMAC-SHA1",
44b077aed3SPierre Pronchery"AES-128-CBC-HMAC-SHA256" and "AES-256-CBC-HMAC-SHA256"
45b077aed3SPierre Pronchery
46b077aed3SPierre Pronchery=back
47b077aed3SPierre Pronchery
48b077aed3SPierre ProncheryThe following algorithms are available in the default provider, but not the
49b077aed3SPierre ProncheryFIPS provider:
50b077aed3SPierre Pronchery
51b077aed3SPierre Pronchery=over 4
52b077aed3SPierre Pronchery
53b077aed3SPierre Pronchery=item "AES-128-OCB", "AES-192-OCB" and "AES-256-OCB"
54b077aed3SPierre Pronchery
55b077aed3SPierre Pronchery=item "AES-128-SIV", "AES-192-SIV" and "AES-256-SIV"
56b077aed3SPierre Pronchery
57b077aed3SPierre Pronchery=back
58b077aed3SPierre Pronchery
59b077aed3SPierre Pronchery=head2 Parameters
60b077aed3SPierre Pronchery
61b077aed3SPierre ProncheryThis implementation supports the parameters described in
62b077aed3SPierre ProncheryL<EVP_EncryptInit(3)/PARAMETERS>.
63b077aed3SPierre Pronchery
64*e0c4386eSCy Schubert=head1 NOTES
65*e0c4386eSCy Schubert
66*e0c4386eSCy SchubertThe AES-SIV and AES-WRAP mode implementations do not support streaming. That
67*e0c4386eSCy Schubertmeans to obtain correct results there can be only one L<EVP_EncryptUpdate(3)>
68*e0c4386eSCy Schubertor L<EVP_DecryptUpdate(3)> call after the initialization of the context.
69*e0c4386eSCy Schubert
70*e0c4386eSCy SchubertThe AES-XTS implementations allow streaming to be performed, but each
71*e0c4386eSCy SchubertL<EVP_EncryptUpdate(3)> or L<EVP_DecryptUpdate(3)> call requires each input
72*e0c4386eSCy Schubertto be a multiple of the blocksize. Only the final EVP_EncryptUpdate() or
73*e0c4386eSCy SchubertEVP_DecryptUpdate() call can optionally have an input that is not a multiple
74*e0c4386eSCy Schubertof the blocksize but is larger than one block. In that case ciphertext
75*e0c4386eSCy Schubertstealing (CTS) is used to fill the block.
76*e0c4386eSCy Schubert
77b077aed3SPierre Pronchery=head1 SEE ALSO
78b077aed3SPierre Pronchery
79b077aed3SPierre ProncheryL<provider-cipher(7)>, L<OSSL_PROVIDER-FIPS(7)>, L<OSSL_PROVIDER-default(7)>
80b077aed3SPierre Pronchery
81b077aed3SPierre Pronchery=head1 COPYRIGHT
82b077aed3SPierre Pronchery
83b077aed3SPierre ProncheryCopyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
84b077aed3SPierre Pronchery
85b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License").  You may not use
86b077aed3SPierre Proncherythis file except in compliance with the License.  You can obtain a copy
87b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at
88b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>.
89b077aed3SPierre Pronchery
90b077aed3SPierre Pronchery=cut
91