Cipher

Secure Element Manager

AES-ECB block encryption/decryption.

Parameters

[in]	cmd_ctx	Pointer to an SE command context object.
[in]	key	Pointer to sl_se_key_descriptor_t structure.
[in]	mode	Crypto operation type (encryption or decryption).
[in]	length	Length of the input data.
[in]	input	Buffer holding the input data.
[out]	output	Buffer holding the output data.

Returns

Status code, sl_status.h.

AES-CBC buffer encryption/decryption.

Note

Length should be a multiple of the block size (16 bytes).

Parameters

[in]	cmd_ctx	Pointer to an SE command context object.
[in]	key	Pointer to sl_se_key_descriptor_t structure.
[in]	mode	Crypto operation type (encryption or decryption).
[in]	length	Length of the input data.
[in,out]	iv	Initialization vector (updated after use).
[in]	input	Buffer holding the input data.
[out]	output	Buffer holding the output data.

Returns

Status code, sl_status.h.

AES-CFB128 buffer encryption/decryption.

Parameters

[in]	cmd_ctx	Pointer to an SE command context object.
[in]	key	Pointer to sl_se_key_descriptor_t structure.
[in]	mode	Crypto operation type (encryption or decryption).
[in]	length	Length of the input data.
[in,out]	iv_off	Offset in IV (updated after use).
[in,out]	iv	Initialization vector (updated after use).
[in]	input	Buffer holding the input data.
[out]	output	Buffer holding the output data.

Returns

Status code, sl_status.h.

AES-CFB8 buffer encryption/decryption.

Parameters

[in]	cmd_ctx	Pointer to an SE command context object.
[in]	key	Pointer to sl_se_key_descriptor_t structure.
[in]	mode	Crypto operation type (encryption or decryption).
[in]	length	Length of the input data.
[in,out]	iv	Initialization vector (updated after use).
[in]	input	Buffer holding the input data.
[out]	output	Buffer holding the output data.

Returns

Status code, sl_status.h.

AES-CTR buffer encryption/decryption.

Parameters

[in]	cmd_ctx	Pointer to an SE command context object.
[in]	key	Pointer to sl_se_key_descriptor_t structure.
[in]	length	Length of the input data.
[in]	nc_off	The offset in the current stream_block (for resuming within current cipher stream). The offset pointer to should be 0 at the start of a stream.
[in,out]	nonce_counter	The 128-bit nonce and counter.
[in,out]	stream_block	The saved stream-block for resuming (updated after use).
[in]	input	Buffer holding the input data.
[out]	output	Buffer holding the output data.

Returns

Status code, sl_status.h.

AES-CCM buffer encryption.

Parameters

[in]	cmd_ctx	Pointer to an SE command context object.
[in]	key	Pointer to sl_se_key_descriptor_t structure.
[in]	length	The length of the input data in Bytes.
[in]	iv	Initialization vector (nonce).
[in]	iv_len	The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13.
[in]	add	The additional data field.
[in]	add_len	The length of additional data in Bytes.
[in]	input	The buffer holding the input data.
[out]	output	The buffer holding the output data. Must be at least length Bytes wide.
[in,out]	tag	The buffer holding the tag.
[in]	tag_len	The length of the tag to generate in Bytes: 4, 6, 8, 10, 12, 14 or 16.

Returns

Status code, sl_status.h.

AES-CCM buffer decryption.

Parameters

[in]	cmd_ctx	Pointer to an SE command context object.
[in]	key	Pointer to sl_se_key_descriptor_t structure.
[in]	length	The length of the input data in Bytes.
[in]	iv	Initialization vector.
[in]	iv_len	The length of the IV in Bytes: 7, 8, 9, 10, 11, 12, or 13.
[in]	add	The additional data field.
[in]	add_len	The length of additional data in Bytes.
[in]	input	The buffer holding the input data.
[out]	output	The buffer holding the output data. Must be at least length Bytes wide.
[in]	tag	The buffer holding the tag.
[in]	tag_len	The length of the tag in Bytes.

Returns

Status code, sl_status.h.

This function performs GCM encryption or decryption of a buffer.

Note

For encryption, the output buffer can be the same as the input buffer. For decryption, the output buffer cannot be the same as input buffer. If the buffers overlap, the output buffer must trail at least 8 bytes behind the input buffer.

Warning

When this function performs a decryption, it outputs the authentication tag and does not verify that the data is authentic. You should use this function to perform encryption only. For decryption, use sl_se_gcm_auth_decrypt() instead.

Parameters

[in]	cmd_ctx	Pointer to an SE command context object.
[in]	key	Pointer to sl_se_key_descriptor_t structure.
[in]	mode	Crypto operation type (encryption or decryption). SL_SE_ENCRYPT: The ciphertext is written to output and the authentication tag is written to tag . SL_SE_DECRYPT: The plaintext is written to output and the authentication tag is written to tag . Note that this mode is not recommended, because it does not verify the authenticity of the data. For this reason, you should use sl_se_gcm_auth_decrypt() instead.
[in]	length	The length of the input data, which is equal to the length of the output data.
[in]	iv	The initialization vector.
[in]	iv_len	The length of the iv. Must be 12 bytes.
[in]	add	The buffer holding the additional data.
[in]	add_len	The length of the additional data in bytes.
[in]	input	The buffer holding the input data. Its size is length bytes.
[out]	output	The buffer for holding the output data. It must have room for length bytes.
[in]	tag_len	The length of the tag to generate (in bytes).
[out]	tag	The buffer for holding the tag.

Returns

SL_STATUS_OK when the command was executed successfully, otherwise an appropriate error code (sl_status.h).

This function performs a GCM authenticated decryption of a buffer.

Note

The output buffer cannot be the same as input buffer. If the buffers overlap, the output buffer must trail at least 8 bytes behind the input buffer.

Parameters

[in]	cmd_ctx	Pointer to an SE command context object.
[in]	key	Pointer to sl_se_key_descriptor_t structure.
[in]	length	The length of the ciphertext to decrypt, which is also the length of the decrypted plaintext.
[in]	iv	The initialization vector.
[in]	iv_len	The length of the iv. Must be 12 bytes.
[in]	add	The buffer holding the additional data.
[in]	add_len	The length of the additional data in bytes.
[in]	tag	The buffer holding the tag to verify.
[in]	tag_len	The length of the tag to verify (in bytes).
[in]	input	The buffer holding the ciphertext. Its size is length bytes.
[out]	output	The buffer for holding the decrypted plaintext. It must have room for length bytes.

Returns

SL_STATUS_OK when the command was executed successfully, otherwise an appropriate error code (sl_status.h).

This function calculates the full generic CMAC on the input buffer with the provided key.

Parameters

[in]	cmd_ctx	Pointer to an SE command context object.
[in]	key	Pointer to sl_se_key_descriptor_t structure.
[in]	input	Buffer holding the input data, must be at least input_len bytes wide.
[in]	input_len	The length of the input data in bytes.
[out]	output	Buffer holding the 16-byte output data, must be at least 16 bytes wide.

Returns

Status code, sl_status.h.

Prepare a CMAC streaming command context object.

Prepare a CMAC streaming command context object to be used in subsequent CMAC streaming function calls.

Parameters

[in]	cmac_ctx	Pointer to a CMAC streaming context object.
[in]	cmd_ctx	Pointer to an SE command context object.
[in]	key	Pointer to sl_se_key_descriptor_t structure.

Returns

Status code, sl_status.h.

This function feeds an input buffer into an ongoing CMAC computation.

It is called between sl_se_cmac_starts() and sl_se_cmac_finish() . Can be called repeatedly.

Parameters

[in,out]	cmac_ctx	Pointer to a CMAC streaming context object.
[in]	input	Buffer holding the input data, must be at least input_len bytes wide.
[in]	input_len	The length of the input data in bytes.

Returns

Status code, sl_status.h.

Finish a CMAC streaming operation and return the resulting CMAC tag.

It is called after sl_se_cmac_update() .

Parameters

[in,out]	cmac_ctx	Pointer to a CMAC streaming context object.
[out]	output	Buffer holding the 16-byte CMAC tag, must be at least 16 bytes wide.

Returns

Status code, sl_status.h.

Prepare a GCM streaming command context object.

Prepare a GCM streaming command context object to be used in subsequent GCM streaming function calls.

Parameters

[in]	gcm_ctx	Pointer to a GCM streaming context object.
[in]	cmd_ctx	Pointer to an SE command context object.
[in]	key	Pointer to sl_se_key_descriptor_t structure.
	mode	The operation to perform: SL_SE_ENCRYPT or SL_SE_DECRYPT.
	iv	The initialization vector.
	iv_len	The length of the IV.
	add	The buffer holding the additional data, or NULL if add_len is 0.
	add_len	The length of the additional data. If 0, add is NULL.

Returns

Status code, sl_status.h.

This function feeds an input buffer into an ongoing GCM computation.

It is called between sl_se_gcm_starts() and sl_se_gcm_finish() . Can be called repeatedly.

Parameters

[in]	gcm_ctx	Pointer to a GCM streaming context object.
[in]	length	The length of the input data. This must be a multiple of 16 except in the last call before sl_se_gcm_finish() .
[in]	input	Buffer holding the input data, must be at least length bytes wide.
[out]	output	Buffer for holding the output data, must be at least length bytes wide.

Returns

Status code, sl_status.h.

Finish a GCM streaming operation and return the resulting GCM tag.

It is called after sl_se_gcm_update() .

Parameters

[in]	gcm_ctx	Pointer to a GCM streaming context object.
[out]	tag	The buffer for holding the tag.
[in]	tag_len	The length of the tag to generate. Must be at least four.

Returns

Status code, sl_status.h.

Compute a HMAC on a full message.

This function computes a Keyed-Hashed Message Authentication Code (HMAC) for the given input message. HMAC can be used with any iterative cryptographic hash function, e.g., SHA-1 in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function. For instance, if the algorithm is chosen to be SHA-256, it will generate a 32 bytes HMAC. This function supports SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512. The key can be of any length. If the key is shorter than the block size of the hash function the SE will append zeros to the key so the key size matches the block size of the hash function. If the key is longer than the block size of the hash function the key will be hashed to produce a key digest, then append zeros so the resulting 'hashed' key size matches the block size of the hash function. In any case the minimal recommended key length is the digest size of the hash function.

Parameters

[in]	cmd_ctx	Pointer to an SE command context object.
[in]	key	Pointer to sl_se_key_descriptor_t structure specifying the key to use in the HMAC computation.
[in]	hash_type	Which hashing algorithm to use.
[in]	message	Pointer to the message buffer to compute the hash/digest from.
[in]	message_len	Number of bytes in message.
[out]	output	Pointer to memory buffer to store the final HMAC output.
[in]	output_len	The length of the HMAC output memory buffer, must be at least the size of the corresponding hash type.

Returns

Status code, sl_status.h.

ChaCha20 buffer encryption/decryption, as defined by RFC8439 section 2.4.

Parameters

[in]	cmd_ctx	Pointer to an SE command context object.
[in]	mode	Crypto operation type (encryption or decryption).
[in]	key	Pointer to sl_se_key_descriptor_t structure.
[in]	length	Length of the input data.
[in]	initial_counter	The initial counter value as defined in RFC8439 section 2.4.
[in]	nonce	The nonce, also called initialisation vector, as defined in RFC8439 section 2.4.
[in]	input	Buffer holding the input data.
[out]	output	Buffer holding the output data.

Returns

Status code, sl_status.h.

ChaCha20-Poly1305 authenticated encryption with additional data, as defined by RFC8439 section 2.8.

Parameters

[in]	cmd_ctx	Pointer to an SE command context object.
[in]	key	Pointer to sl_se_key_descriptor_t structure.
[in]	length	The length of the input data in bytes.
[in]	nonce	The nonce, also called initialisation vector, as defined in RFC8439 section 2.8.
[in]	add	The buffer holding additional authenticated data. Can be NULL if add_len equals 0.
[in]	add_len	The length of the additional authenticated data in bytes.
[in]	input	The buffer holding the plaintext input.
[out]	output	The buffer holding the ciphertext output. Can be NULL, in which case the generated ciphertext will be discarded. Must be at least length bytes wide.
[out]	tag	The buffer holding the tag. This function will produce a 128-bit tag, so this buffer must be at least 16 bytes wide. Can be NULL, in which case the generated tag will be discarded.

Returns

Status code, sl_status.h.

ChaCha20-Poly1305 authenticated decryption with additional data, as defined by RFC8439 section 2.8.

Parameters

[in]	cmd_ctx	Pointer to an SE command context object.
[in]	key	Pointer to sl_se_key_descriptor_t structure.
[in]	length	The length of the input data in Bytes.
[in]	nonce	The nonce, also called initialisation vector, as defined in RFC8439 section 2.8.
[in]	add	The buffer holding additional authenticated data. Can be NULL if add_len equals 0.
[in]	add_len	The length of the additional authenticated data in bytes.
[in]	input	The buffer holding the ciphertext to decrypt. Can be NULL if length equals 0.
[out]	output	The buffer holding the plaintext output. Can be NULL, in which case the decrypted plaintext will be discarded, or when length equals 0. Must be at least length bytes wide.
[in]	tag	The buffer holding the tag to verify.

Returns

Status code, sl_status.h.

Generate a Poly1305 MAC (message authentication code) for a given message using an ephemeral key derived using ChaCha20.

Note

This function first derives a Poly1305 key based on a ChaCha20 key and nonce, which are input to this function. The key derivation adheres to RFC8439 section 2.6. The derived key is then used to calculate a MAC of the input data, according to RFC8439 section 2.5.

Parameters

[in]	cmd_ctx	Pointer to an SE command context object.
[in]	key	Pointer to sl_se_key_descriptor_t structure containing a ChaCha20 key.
[in]	length	The length of the input data in Bytes.
[in]	nonce	The nonce, also called initialisation vector, as defined in RFC8439 section 2.6.
[in]	input	The buffer holding the input data.
[out]	tag	The buffer holding the tag. This function will produce a 128-bit tag, so this buffer must be at least 16 bytes wide.

Returns

Status code, sl_status.h.

Initial values for CMAC streaming context struct sl_se_cmac_streaming_context_t .

Initial values for AES-GCM streaming context struct sl_se_gcm_streaming_context_t .

Cipher operation types.