Encryption/decryption module

The Encryption/decryption module provides encryption/decryption functions. One can differentiate between symmetric and asymmetric algorithms; the symmetric ones are mostly used for message confidentiality and the asymmetric ones for key exchange and message integrity. Some symmetric algorithms provide different block cipher modes, mainly Electronic Code Book (ECB) which is used for short (64-bit) messages and Cipher Block Chaining (CBC) which provides the structure needed for longer messages. In addition the Cipher Feedback Mode (CFB-128) stream cipher mode, Counter mode (CTR) and Galois Counter Mode (GCM) are implemented for specific algorithms.

All symmetric encryption algorithms are accessible via the generic cipher layer (see mbedtls_cipher_setup()).

The asymmetric encryptrion algorithms are accessible via the generic public key layer (see mbedtls_pk_init()).

The following algorithms are provided:

  • Symmetric:
    • AES (see mbedtls_aes_crypt_ecb(), mbedtls_aes_crypt_cbc(), mbedtls_aes_crypt_cfb128() and mbedtls_aes_crypt_ctr()).
    • ARCFOUR (see mbedtls_arc4_crypt()).
    • Blowfish / BF (see mbedtls_blowfish_crypt_ecb(), mbedtls_blowfish_crypt_cbc(), mbedtls_blowfish_crypt_cfb64() and mbedtls_blowfish_crypt_ctr())
    • Camellia (see mbedtls_camellia_crypt_ecb(), mbedtls_camellia_crypt_cbc(), mbedtls_camellia_crypt_cfb128() and mbedtls_camellia_crypt_ctr()).
    • DES/3DES (see mbedtls_des_crypt_ecb(), mbedtls_des_crypt_cbc(), mbedtls_des3_crypt_ecb() and mbedtls_des3_crypt_cbc()).
    • GCM (AES-GCM and CAMELLIA-GCM) (see mbedtls_gcm_init())
    • XTEA (see mbedtls_xtea_crypt_ecb()).
  • Asymmetric:
    • Diffie-Hellman-Merkle (see mbedtls_dhm_read_public(), mbedtls_dhm_make_public() and mbedtls_dhm_calc_secret()).
    • RSA (see mbedtls_rsa_public() and mbedtls_rsa_private()).
    • Elliptic Curves over GF(p) (see mbedtls_ecp_point_init()).
    • Elliptic Curve Digital Signature Algorithm (ECDSA) (see mbedtls_ecdsa_init()).
    • Elliptic Curve Diffie Hellman (ECDH) (see mbedtls_ecdh_init()).

This module provides encryption/decryption which can be used to provide secrecy.

It also provides asymmetric key functions which can be used for confidentiality, integrity, authentication and non-repudiation.