Encryption/decryption module
The Encryption/decryption module provides encryption/decryption functions. One can differentiate between symmetric and asymmetric algorithms; the symmetric ones are mostly used for message confidentiality and the asymmetric ones for key exchange and message integrity. Some symmetric algorithms provide different block cipher modes, mainly Electronic Code Book (ECB) which is used for short (64-bit) messages and Cipher Block Chaining (CBC) which provides the structure needed for longer messages. In addition the Cipher Feedback Mode (CFB-128) stream cipher mode, Counter mode (CTR) and Galois Counter Mode (GCM) are implemented for specific algorithms.
All symmetric encryption algorithms are accessible via the generic cipher layer (see
).mbedtls_cipher_setup()
The asymmetric encryptrion algorithms are accessible via the generic public key layer (see
).mbedtls_pk_init()
The following algorithms are provided:
- Symmetric:
- AES (see
,mbedtls_aes_crypt_ecb()
mbedtls_aes_crypt_cbc()
,mbedtls_aes_crypt_cfb128()
andmbedtls_aes_crypt_ctr()
). - ARCFOUR (see
).mbedtls_arc4_crypt()
- Blowfish / BF (see
,mbedtls_blowfish_crypt_ecb()
mbedtls_blowfish_crypt_cbc()
,mbedtls_blowfish_crypt_cfb64()
andmbedtls_blowfish_crypt_ctr()
) - Camellia (see
,mbedtls_camellia_crypt_ecb()
mbedtls_camellia_crypt_cbc()
,mbedtls_camellia_crypt_cfb128()
andmbedtls_camellia_crypt_ctr()
). - DES/3DES (see
,mbedtls_des_crypt_ecb()
mbedtls_des_crypt_cbc()
,
andmbedtls_des3_crypt_ecb()
mbedtls_des3_crypt_cbc()
). - GCM (AES-GCM and CAMELLIA-GCM) (see
)mbedtls_gcm_init()
- XTEA (see
).mbedtls_xtea_crypt_ecb()
- AES (see
- Asymmetric:
- Diffie-Hellman-Merkle (see
,mbedtls_dhm_read_public()
andmbedtls_dhm_make_public()
).mbedtls_dhm_calc_secret()
- RSA (see
andmbedtls_rsa_public()
).mbedtls_rsa_private()
- Elliptic Curves over GF(p) (see
).mbedtls_ecp_point_init()
- Elliptic Curve Digital Signature Algorithm (ECDSA) (see
).mbedtls_ecdsa_init()
- Elliptic Curve Diffie Hellman (ECDH) (see
).mbedtls_ecdh_init()
- Diffie-Hellman-Merkle (see
This module provides encryption/decryption which can be used to provide secrecy.
It also provides asymmetric key functions which can be used for confidentiality, integrity, authentication and non-repudiation.