Description

Symmetric encryption, AEAD and MAC.

API for performing symmetric encryption, Authenticated Encryption and Additional Data (AEAD) operations, and computing Message Authentication Codes (MACs) using the Secure Element.

Data Structures

struct  sl_se_cmac_streaming_context_t
 CMAC streaming context.
 
struct  sl_se_gcm_streaming_context_t
 GCM streaming context.
 

Functions

sl_status_t sl_se_aes_crypt_ecb (sl_se_command_context_t *cmd_ctx, const sl_se_key_descriptor_t *key, sl_se_cipher_operation_t mode, size_t length, const unsigned char *input, unsigned char *output)
 AES-ECB block encryption/decryption.
 
sl_status_t sl_se_aes_crypt_cbc (sl_se_command_context_t *cmd_ctx, const sl_se_key_descriptor_t *key, sl_se_cipher_operation_t mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
 AES-CBC buffer encryption/decryption.
 
sl_status_t sl_se_aes_crypt_cfb128 (sl_se_command_context_t *cmd_ctx, const sl_se_key_descriptor_t *key, sl_se_cipher_operation_t mode, size_t length, uint32_t *iv_off, unsigned char iv[16], const unsigned char *input, unsigned char *output)
 AES-CFB128 buffer encryption/decryption.
 
sl_status_t sl_se_aes_crypt_cfb8 (sl_se_command_context_t *cmd_ctx, const sl_se_key_descriptor_t *key, sl_se_cipher_operation_t mode, size_t length, unsigned char iv[16], const unsigned char *input, unsigned char *output)
 AES-CFB8 buffer encryption/decryption.
 
sl_status_t sl_se_aes_crypt_ctr (sl_se_command_context_t *cmd_ctx, const sl_se_key_descriptor_t *key, size_t length, uint32_t *nc_off, unsigned char nonce_counter[16], unsigned char stream_block[16], const unsigned char *input, unsigned char *output)
 AES-CTR buffer encryption/decryption.
 
sl_status_t sl_se_ccm_encrypt_and_tag (sl_se_command_context_t *cmd_ctx, const sl_se_key_descriptor_t *key, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len)
 AES-CCM buffer encryption.
 
sl_status_t sl_se_ccm_auth_decrypt (sl_se_command_context_t *cmd_ctx, const sl_se_key_descriptor_t *key, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len)
 AES-CCM buffer decryption.
 
sl_status_t sl_se_gcm_crypt_and_tag (sl_se_command_context_t *cmd_ctx, const sl_se_key_descriptor_t *key, sl_se_cipher_operation_t mode, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, size_t tag_len, unsigned char *tag)
 This function performs GCM encryption or decryption of a buffer.
 
sl_status_t sl_se_gcm_auth_decrypt (sl_se_command_context_t *cmd_ctx, const sl_se_key_descriptor_t *key, size_t length, const unsigned char *iv, size_t iv_len, const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, size_t tag_len, unsigned char *tag)
 This function performs a GCM authenticated decryption of a buffer.
 
sl_status_t sl_se_cmac (sl_se_command_context_t *cmd_ctx, const sl_se_key_descriptor_t *key, const unsigned char *input, size_t input_len, unsigned char *output)
 This function calculates the full generic CMAC on the input buffer with the provided key.
 
sl_status_t sl_se_cmac_starts (sl_se_cmac_streaming_context_t *cmac_ctx, sl_se_command_context_t *cmd_ctx, const sl_se_key_descriptor_t *key)
 Prepare a CMAC streaming command context object.
 
sl_status_t sl_se_cmac_update (sl_se_cmac_streaming_context_t *cmac_ctx, const uint8_t *input, size_t input_len)
 This function feeds an input buffer into an ongoing CMAC computation.
 
sl_status_t sl_se_cmac_finish (sl_se_cmac_streaming_context_t *cmac_ctx, uint8_t *output)
 Finish a CMAC streaming operation and return the resulting CMAC tag.
 
sl_status_t sl_se_gcm_starts (sl_se_gcm_streaming_context_t *gcm_ctx, sl_se_command_context_t *cmd_ctx, const sl_se_key_descriptor_t *key, sl_se_cipher_operation_t mode, const uint8_t *iv, size_t iv_len, const uint8_t *add, size_t add_len)
 Prepare a GCM streaming command context object.
 
sl_status_t sl_se_gcm_update (sl_se_gcm_streaming_context_t *gcm_ctx, size_t length, const uint8_t *input, uint8_t *output)
 This function feeds an input buffer into an ongoing GCM computation.
 
sl_status_t sl_se_gcm_finish (sl_se_gcm_streaming_context_t *gcm_ctx, uint8_t *tag, size_t tag_len)
 Finish a GCM streaming operation and return the resulting GCM tag.
 
sl_status_t sl_se_hmac (sl_se_command_context_t *cmd_ctx, const sl_se_key_descriptor_t *key, sl_se_hash_type_t hash_type, const uint8_t *message, size_t message_len, uint8_t *output, size_t output_len)
 Compute a HMAC on a full message.
 
sl_status_t sl_se_chacha20_crypt (sl_se_command_context_t *cmd_ctx, sl_se_cipher_operation_t mode, const sl_se_key_descriptor_t *key, size_t length, const unsigned char initial_counter[4], const unsigned char nonce[12], const unsigned char *input, unsigned char *output)
 ChaCha20 buffer encryption/decryption, as defined by RFC8439 section 2.4.
 
sl_status_t sl_se_chacha20_poly1305_encrypt_and_tag (sl_se_command_context_t *cmd_ctx, const sl_se_key_descriptor_t *key, size_t length, const unsigned char nonce[12], const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, unsigned char *tag)
 ChaCha20-Poly1305 authenticated encryption with additional data, as defined by RFC8439 section 2.8.
 
sl_status_t sl_se_chacha20_poly1305_auth_decrypt (sl_se_command_context_t *cmd_ctx, const sl_se_key_descriptor_t *key, size_t length, const unsigned char nonce[12], const unsigned char *add, size_t add_len, const unsigned char *input, unsigned char *output, const unsigned char tag[16])
 ChaCha20-Poly1305 authenticated decryption with additional data, as defined by RFC8439 section 2.8.
 
sl_status_t sl_se_poly1305_genkey_tag (sl_se_command_context_t *cmd_ctx, const sl_se_key_descriptor_t *key, size_t length, const unsigned char nonce[12], const unsigned char *input, unsigned char *tag)
 Generate a Poly1305 MAC (message authentication code) for a given message using an ephemeral key derived using ChaCha20.
 

Macros

#define SL_SE_CMAC_STREAMING_INIT_DEFAULT   { NULL, { 0 }, { 0 }, 0 }
 Initial values for CMAC streaming context struct sl_se_cmac_streaming_context_t.
 
#define SL_SE_GCM_STREAMING_INIT_DEFAULT
 Initial values for AES-GCM streaming context struct sl_se_gcm_streaming_context_t.
 

Enumerations

enum  sl_se_cipher_operation_t {
  SL_SE_ENCRYPT,
  SL_SE_DECRYPT
}
 Cipher operation types.
 

Function Documentation

◆ sl_se_aes_crypt_ecb()

sl_status_t sl_se_aes_crypt_ecb ( sl_se_command_context_t cmd_ctx,
const sl_se_key_descriptor_t key,
sl_se_cipher_operation_t  mode,
size_t  length,
const unsigned char *  input,
unsigned char *  output 
)

AES-ECB block encryption/decryption.

Parameters
[in]cmd_ctxPointer to an SE command context object.
[in]keyPointer to sl_se_key_descriptor_t structure.
[in]modeCrypto operation type (encryption or decryption).
[in]lengthLength of the input data.
[in]inputBuffer holding the input data.
[out]outputBuffer holding the output data.
Returns
Status code, sl_status.h.

◆ sl_se_aes_crypt_cbc()

sl_status_t sl_se_aes_crypt_cbc ( sl_se_command_context_t cmd_ctx,
const sl_se_key_descriptor_t key,
sl_se_cipher_operation_t  mode,
size_t  length,
unsigned char  iv[16],
const unsigned char *  input,
unsigned char *  output 
)

AES-CBC buffer encryption/decryption.

Note
Length should be a multiple of the block size (16 bytes).
Parameters
[in]cmd_ctxPointer to an SE command context object.
[in]keyPointer to sl_se_key_descriptor_t structure.
[in]modeCrypto operation type (encryption or decryption).
[in]lengthLength of the input data.
[in,out]ivInitialization vector (updated after use).
[in]inputBuffer holding the input data.
[out]outputBuffer holding the output data.
Returns
Status code, sl_status.h.

◆ sl_se_aes_crypt_cfb128()

sl_status_t sl_se_aes_crypt_cfb128 ( sl_se_command_context_t cmd_ctx,
const sl_se_key_descriptor_t key,
sl_se_cipher_operation_t  mode,
size_t  length,
uint32_t *  iv_off,
unsigned char  iv[16],
const unsigned char *  input,
unsigned char *  output 
)

AES-CFB128 buffer encryption/decryption.

Parameters
[in]cmd_ctxPointer to an SE command context object.
[in]keyPointer to sl_se_key_descriptor_t structure.
[in]modeCrypto operation type (encryption or decryption).
[in]lengthLength of the input data.
[in,out]iv_offOffset in IV (updated after use).
[in,out]ivInitialization vector (updated after use).
[in]inputBuffer holding the input data.
[out]outputBuffer holding the output data.
Returns
Status code, sl_status.h.

◆ sl_se_aes_crypt_cfb8()

sl_status_t sl_se_aes_crypt_cfb8 ( sl_se_command_context_t cmd_ctx,
const sl_se_key_descriptor_t key,
sl_se_cipher_operation_t  mode,
size_t  length,
unsigned char  iv[16],
const unsigned char *  input,
unsigned char *  output 
)

AES-CFB8 buffer encryption/decryption.

Parameters
[in]cmd_ctxPointer to an SE command context object.
[in]keyPointer to sl_se_key_descriptor_t structure.
[in]modeCrypto operation type (encryption or decryption).
[in]lengthLength of the input data.
[in,out]ivInitialization vector (updated after use).
[in]inputBuffer holding the input data.
[out]outputBuffer holding the output data.
Returns
Status code, sl_status.h.

◆ sl_se_aes_crypt_ctr()

sl_status_t sl_se_aes_crypt_ctr ( sl_se_command_context_t cmd_ctx,
const sl_se_key_descriptor_t key,
size_t  length,
uint32_t *  nc_off,
unsigned char  nonce_counter[16],
unsigned char  stream_block[16],
const unsigned char *  input,
unsigned char *  output 
)

AES-CTR buffer encryption/decryption.

Parameters
[in]cmd_ctxPointer to an SE command context object.
[in]keyPointer to sl_se_key_descriptor_t structure.
[in]lengthLength of the input data.
[in]nc_offThe offset in the current stream_block (for resuming within current cipher stream). The offset pointer to should be 0 at the start of a stream.
[in,out]nonce_counterThe 128-bit nonce and counter.
[in,out]stream_blockThe saved stream-block for resuming (updated after use).
[in]inputBuffer holding the input data.
[out]outputBuffer holding the output data.
Returns
Status code, sl_status.h.

◆ sl_se_ccm_encrypt_and_tag()

sl_status_t sl_se_ccm_encrypt_and_tag ( sl_se_command_context_t cmd_ctx,
const sl_se_key_descriptor_t key,
size_t  length,
const unsigned char *  iv,
size_t  iv_len,
const unsigned char *  add,
size_t  add_len,
const unsigned char *  input,
unsigned char *  output,
unsigned char *  tag,
size_t  tag_len 
)

AES-CCM buffer encryption.

Parameters
[in]cmd_ctxPointer to an SE command context object.
[in]keyPointer to sl_se_key_descriptor_t structure.
[in]lengthThe length of the input data in Bytes.
[in]ivInitialization vector (nonce).
[in]iv_lenThe length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13.
[in]addThe additional data field.
[in]add_lenThe length of additional data in Bytes.
[in]inputThe buffer holding the input data.
[out]outputThe buffer holding the output data. Must be at least length Bytes wide.
[in,out]tagThe buffer holding the tag.
[in]tag_lenThe length of the tag to generate in Bytes: 4, 6, 8, 10, 12, 14 or 16.
Returns
Status code, sl_status.h.

◆ sl_se_ccm_auth_decrypt()

sl_status_t sl_se_ccm_auth_decrypt ( sl_se_command_context_t cmd_ctx,
const sl_se_key_descriptor_t key,
size_t  length,
const unsigned char *  iv,
size_t  iv_len,
const unsigned char *  add,
size_t  add_len,
const unsigned char *  input,
unsigned char *  output,
const unsigned char *  tag,
size_t  tag_len 
)

AES-CCM buffer decryption.

Parameters
[in]cmd_ctxPointer to an SE command context object.
[in]keyPointer to sl_se_key_descriptor_t structure.
[in]lengthThe length of the input data in Bytes.
[in]ivInitialization vector.
[in]iv_lenThe length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13.
[in]addThe additional data field.
[in]add_lenThe length of additional data in Bytes.
[in]inputThe buffer holding the input data.
[out]outputThe buffer holding the output data. Must be at least length Bytes wide.
[in]tagThe buffer holding the tag.
[in]tag_lenThe length of the tag in Bytes.
Returns
Status code, sl_status.h.

◆ sl_se_gcm_crypt_and_tag()

sl_status_t sl_se_gcm_crypt_and_tag ( sl_se_command_context_t cmd_ctx,
const sl_se_key_descriptor_t key,
sl_se_cipher_operation_t  mode,
size_t  length,
const unsigned char *  iv,
size_t  iv_len,
const unsigned char *  add,
size_t  add_len,
const unsigned char *  input,
unsigned char *  output,
size_t  tag_len,
unsigned char *  tag 
)

This function performs GCM encryption or decryption of a buffer.

Note
For encryption, the output buffer can be the same as the input buffer. For decryption, the output buffer cannot be the same as input buffer. If the buffers overlap, the output buffer must trail at least 8 bytes behind the input buffer.
Warning
When this function performs a decryption, it outputs the authentication tag and does not verify that the data is authentic. You should use this function to perform encryption only. For decryption, use sl_se_gcm_auth_decrypt() instead.
Parameters
[in]cmd_ctxPointer to an SE command context object.
[in]keyPointer to sl_se_key_descriptor_t structure.
[in]modeCrypto operation type (encryption or decryption).
  • SL_SE_ENCRYPT: The ciphertext is written to output and the authentication tag is written to tag.
  • SL_SE_DECRYPT: The plaintext is written to output and the authentication tag is written to tag. Note that this mode is not recommended, because it does not verify the authenticity of the data. For this reason, you should use sl_se_gcm_auth_decrypt() instead.
[in]lengthThe length of the input data, which is equal to the length of the output data.
[in]ivThe initialization vector.
[in]iv_lenThe length of the iv. Must be 12.
[in]addThe buffer holding the additional data.
[in]add_lenThe length of the additional data.
[in]inputThe buffer holding the input data. Its size is length.
[out]outputThe buffer for holding the output data. It must have room for length bytes.
[in]tag_lenThe length of the tag to generate.
[out]tagThe buffer for holding the tag.
Returns
SL_STATUS_OK when the command was executed successfully, otherwise an appropriate error code (sl_status.h).

◆ sl_se_gcm_auth_decrypt()

sl_status_t sl_se_gcm_auth_decrypt ( sl_se_command_context_t cmd_ctx,
const sl_se_key_descriptor_t key,
size_t  length,
const unsigned char *  iv,
size_t  iv_len,
const unsigned char *  add,
size_t  add_len,
const unsigned char *  input,
unsigned char *  output,
size_t  tag_len,
unsigned char *  tag 
)

This function performs a GCM authenticated decryption of a buffer.

Note
The output buffer cannot be the same as input buffer. If the buffers overlap, the output buffer must trail at least 8 bytes behind the input buffer.
Parameters
[in]cmd_ctxPointer to an SE command context object.
[in]keyPointer to sl_se_key_descriptor_t structure.
[in]lengthThe length of the ciphertext to decrypt, which is also the length of the decrypted plaintext.
[in]ivThe initialization vector.
[in]iv_lenThe length of the iv.
[in]addThe buffer holding the additional data.
[in]add_lenThe length of the additional data.
[in]tagThe buffer holding the tag to verify.
[in]tag_lenThe length of the tag to verify.
[in]inputThe buffer holding the ciphertext. Its size is length.
[out]outputThe buffer for holding the decrypted plaintext. It must have room for length bytes.
Returns
SL_STATUS_OK when the command was executed successfully, otherwise an appropriate error code (sl_status.h).

◆ sl_se_cmac()

sl_status_t sl_se_cmac ( sl_se_command_context_t cmd_ctx,
const sl_se_key_descriptor_t key,
const unsigned char *  input,
size_t  input_len,
unsigned char *  output 
)

This function calculates the full generic CMAC on the input buffer with the provided key.

Parameters
[in]cmd_ctxPointer to an SE command context object.
[in]keyPointer to sl_se_key_descriptor_t structure.
[in]inputBuffer holding the input data, must be at least input_len bytes wide.
[in]input_lenThe length of the input data in bytes.
[out]outputBuffer holding the 16-byte output data, must be at least 16 bytes wide.
Returns
Status code, sl_status.h.

◆ sl_se_cmac_starts()

sl_status_t sl_se_cmac_starts ( sl_se_cmac_streaming_context_t cmac_ctx,
sl_se_command_context_t cmd_ctx,
const sl_se_key_descriptor_t key 
)

Prepare a CMAC streaming command context object.

Prepare a CMAC streaming command context object to be used in subsequent CMAC streaming function calls.

Parameters
[in]cmac_ctxPointer to a CMAC streaming context object.
[in]cmd_ctxPointer to an SE command context object.
[in]keyPointer to sl_se_key_descriptor_t structure.
Returns
Status code, sl_status.h.

◆ sl_se_cmac_update()

sl_status_t sl_se_cmac_update ( sl_se_cmac_streaming_context_t cmac_ctx,
const uint8_t *  input,
size_t  input_len 
)

This function feeds an input buffer into an ongoing CMAC computation.

It is called between sl_se_cmac_starts() and sl_se_cmac_finish(). Can be called repeatedly.

Parameters
[in,out]cmac_ctxPointer to a CMAC streaming context object.
[in]inputBuffer holding the input data, must be at least input_len bytes wide.
[in]input_lenThe length of the input data in bytes.
Returns
Status code, sl_status.h.

◆ sl_se_cmac_finish()

sl_status_t sl_se_cmac_finish ( sl_se_cmac_streaming_context_t cmac_ctx,
uint8_t *  output 
)

Finish a CMAC streaming operation and return the resulting CMAC tag.

It is called after sl_se_cmac_update().

Parameters
[in,out]cmac_ctxPointer to a CMAC streaming context object.
[out]outputBuffer holding the 16-byte CMAC tag, must be at least 16 bytes wide.
Returns
Status code, sl_status.h.

◆ sl_se_gcm_starts()

sl_status_t sl_se_gcm_starts ( sl_se_gcm_streaming_context_t gcm_ctx,
sl_se_command_context_t cmd_ctx,
const sl_se_key_descriptor_t key,
sl_se_cipher_operation_t  mode,
const uint8_t *  iv,
size_t  iv_len,
const uint8_t *  add,
size_t  add_len 
)

Prepare a GCM streaming command context object.

Prepare a GCM streaming command context object to be used in subsequent GCM streaming function calls.

Parameters
[in]gcm_ctxPointer to a GCM streaming context object.
[in]cmd_ctxPointer to an SE command context object.
[in]keyPointer to sl_se_key_descriptor_t structure.
modeThe operation to perform: SL_SE_ENCRYPT or SL_SE_DECRYPT.
ivThe initialization vector.
iv_lenThe length of the IV.
addThe buffer holding the additional data, or NULL if add_len is 0.
add_lenThe length of the additional data. If 0, add is NULL.
Returns
Status code, sl_status.h.

◆ sl_se_gcm_update()

sl_status_t sl_se_gcm_update ( sl_se_gcm_streaming_context_t gcm_ctx,
size_t  length,
const uint8_t *  input,
uint8_t *  output 
)

This function feeds an input buffer into an ongoing GCM computation.

It is called between sl_se_gcm_starts() and sl_se_gcm_finish(). Can be called repeatedly.

Parameters
[in]gcm_ctxPointer to a GCM streaming context object.
[in]lengthThe length of the input data. This must be a multiple of 16 except in the last call before sl_se_gcm_finish().
[in]inputBuffer holding the input data, must be at least length bytes wide.
[out]outputBuffer for holding the output data, must be at least length bytes wide.
Returns
Status code, sl_status.h.

◆ sl_se_gcm_finish()

sl_status_t sl_se_gcm_finish ( sl_se_gcm_streaming_context_t gcm_ctx,
uint8_t *  tag,
size_t  tag_len 
)

Finish a GCM streaming operation and return the resulting GCM tag.

It is called after sl_se_gcm_update().

Parameters
[in]gcm_ctxPointer to a GCM streaming context object.
[out]tagThe buffer for holding the tag.
[in]tag_lenThe length of the tag to generate. Must be at least four.
Returns
Status code, sl_status.h.

◆ sl_se_hmac()

sl_status_t sl_se_hmac ( sl_se_command_context_t cmd_ctx,
const sl_se_key_descriptor_t key,
sl_se_hash_type_t  hash_type,
const uint8_t *  message,
size_t  message_len,
uint8_t *  output,
size_t  output_len 
)

Compute a HMAC on a full message.

This function computes a Keyed-Hashed Message Authentication Code (HMAC) for the given input message. HMAC can be used with any iterative cryptographic hash function, e.g., SHA-1 in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. For instance, if the algorithm is chosen to be SHA-256, it will generate a 32 bytes HMAC. This function supports SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512. The key can be of any length. If the key is shorter than the block size of the hash function the SE will append zeros to the key so the key size matches the block size of the hash function. If the key is longer than the block size of the hash function the key will be hashed to produce a key digest, then append zeros so the resulting 'hashed' key size matches the block size of the hash function. In any case the minimal recommended key length is the digest size of the hash function.

Parameters
[in]cmd_ctxPointer to an SE command context object.
[in]keyPointer to sl_se_key_descriptor_t structure specifying the key to use in the HMAC computation.
[in]hash_typeWhich hashing algorithm to use.
[in]messagePointer to the message buffer to compute the hash/digest from.
[in]message_lenNumber of bytes in message.
[out]outputPointer to memory buffer to store the final HMAC output.
[in]output_lenThe length of the HMAC output memory buffer, must be at least the size of the corresponding hash type.
Returns
Status code, sl_status.h.

◆ sl_se_chacha20_crypt()

sl_status_t sl_se_chacha20_crypt ( sl_se_command_context_t cmd_ctx,
sl_se_cipher_operation_t  mode,
const sl_se_key_descriptor_t key,
size_t  length,
const unsigned char  initial_counter[4],
const unsigned char  nonce[12],
const unsigned char *  input,
unsigned char *  output 
)

ChaCha20 buffer encryption/decryption, as defined by RFC8439 section 2.4.

Parameters
[in]cmd_ctxPointer to an SE command context object.
[in]modeCrypto operation type (encryption or decryption).
[in]keyPointer to sl_se_key_descriptor_t structure.
[in]lengthLength of the input data.
[in]initial_counterThe initial counter value as defined in RFC8439 section 2.4.
[in]nonceThe nonce, also called initialisation vector, as defined in RFC8439 section 2.4.
[in]inputBuffer holding the input data.
[out]outputBuffer holding the output data.
Returns
Status code, sl_status.h.

◆ sl_se_chacha20_poly1305_encrypt_and_tag()

sl_status_t sl_se_chacha20_poly1305_encrypt_and_tag ( sl_se_command_context_t cmd_ctx,
const sl_se_key_descriptor_t key,
size_t  length,
const unsigned char  nonce[12],
const unsigned char *  add,
size_t  add_len,
const unsigned char *  input,
unsigned char *  output,
unsigned char *  tag 
)

ChaCha20-Poly1305 authenticated encryption with additional data, as defined by RFC8439 section 2.8.

Parameters
[in]cmd_ctxPointer to an SE command context object.
[in]keyPointer to sl_se_key_descriptor_t structure.
[in]lengthThe length of the input data in bytes.
[in]nonceThe nonce, also called initialisation vector, as defined in RFC8439 section 2.8.
[in]addThe buffer holding additional authenticated data. Can be NULL if add_len equals 0.
[in]add_lenThe length of the additional authenticated data in bytes.
[in]inputThe buffer holding the plaintext input.
[out]outputThe buffer holding the ciphertext output. Can be NULL, in which case the generated ciphertext will be discarded. Must be at least length bytes wide.
[out]tagThe buffer holding the tag. This function will produce a 128-bit tag, so this buffer must be at least 16 bytes wide. Can be NULL, in which case the generated tag will be discarded.
Returns
Status code, sl_status.h.

◆ sl_se_chacha20_poly1305_auth_decrypt()

sl_status_t sl_se_chacha20_poly1305_auth_decrypt ( sl_se_command_context_t cmd_ctx,
const sl_se_key_descriptor_t key,
size_t  length,
const unsigned char  nonce[12],
const unsigned char *  add,
size_t  add_len,
const unsigned char *  input,
unsigned char *  output,
const unsigned char  tag[16] 
)

ChaCha20-Poly1305 authenticated decryption with additional data, as defined by RFC8439 section 2.8.

Parameters
[in]cmd_ctxPointer to an SE command context object.
[in]keyPointer to sl_se_key_descriptor_t structure.
[in]lengthThe length of the input data in Bytes.
[in]nonceThe nonce, also called initialisation vector, as defined in RFC8439 section 2.8.
[in]addThe buffer holding additional authenticated data. Can be NULL if add_len equals 0.
[in]add_lenThe length of the additional authenticated data in bytes.
[in]inputThe buffer holding the ciphertext to decrypt. Can be NULL if length equals 0.
[out]outputThe buffer holding the plaintext output. Can be NULL, in which case the decrypted plaintext will be discarded, or when length equals 0. Must be at least length bytes wide.
[in]tagThe buffer holding the tag to verify.
Returns
Status code, sl_status.h.

◆ sl_se_poly1305_genkey_tag()

sl_status_t sl_se_poly1305_genkey_tag ( sl_se_command_context_t cmd_ctx,
const sl_se_key_descriptor_t key,
size_t  length,
const unsigned char  nonce[12],
const unsigned char *  input,
unsigned char *  tag 
)

Generate a Poly1305 MAC (message authentication code) for a given message using an ephemeral key derived using ChaCha20.

Note
This function first derives a Poly1305 key based on a ChaCha20 key and nonce, which are input to this function. The key derivation adheres to RFC8439 section 2.6. The derived key is then used to calculate a MAC of the input data, according to RFC8439 section 2.5.
Parameters
[in]cmd_ctxPointer to an SE command context object.
[in]keyPointer to sl_se_key_descriptor_t structure containing a ChaCha20 key.
[in]lengthThe length of the input data in Bytes.
[in]nonceThe nonce, also called initialisation vector, as defined in RFC8439 section 2.6.
[in]inputThe buffer holding the input data.
[out]tagThe buffer holding the tag. This function will produce a 128-bit tag, so this buffer must be at least 16 bytes wide.
Returns
Status code, sl_status.h.

Macro Definition Documentation

◆ SL_SE_CMAC_STREAMING_INIT_DEFAULT

#define SL_SE_CMAC_STREAMING_INIT_DEFAULT   { NULL, { 0 }, { 0 }, 0 }

Initial values for CMAC streaming context struct sl_se_cmac_streaming_context_t.

◆ SL_SE_GCM_STREAMING_INIT_DEFAULT

#define SL_SE_GCM_STREAMING_INIT_DEFAULT
Value:
{ NULL, 0, 0, { 0 }, { 0 }, \
{ 0 }, 0, 0 }

Initial values for AES-GCM streaming context struct sl_se_gcm_streaming_context_t.

Enumeration Type Documentation

◆ sl_se_cipher_operation_t

Cipher operation types.