Authenticated Encryption with Additional Data (AEAD) operations with secure elements must be done in one function call. While this creates a burden for implementers as there must be sufficient space in memory for the entire message, it prevents decrypted data from being made available before the authentication operation is complete and the data is known to be authentic.
|
|
|
struct
|
psa_drv_se_aead_t
|
|
|
A struct containing all of the function pointers needed to implement secure element Authenticated Encryption with Additional Data operations.
|
|
|
|
|
|
typedef
psa_status_t
(*
|
psa_drv_se_aead_encrypt_t
) (
psa_drv_se_context_t
*drv_context,
psa_key_slot_number_t
key_slot,
psa_algorithm_t
algorithm, const uint8_t *p_nonce, size_t nonce_length, const uint8_t *p_additional_data, size_t additional_data_length, const uint8_t *p_plaintext, size_t plaintext_length, uint8_t *p_ciphertext, size_t ciphertext_size, size_t *p_ciphertext_length)
|
|
|
A function that performs a secure element authenticated encryption operation.
|
|
|
|
typedef
psa_status_t
(*
|
psa_drv_se_aead_decrypt_t
) (
psa_drv_se_context_t
*drv_context,
psa_key_slot_number_t
key_slot,
psa_algorithm_t
algorithm, const uint8_t *p_nonce, size_t nonce_length, const uint8_t *p_additional_data, size_t additional_data_length, const uint8_t *p_ciphertext, size_t ciphertext_length, uint8_t *p_plaintext, size_t plaintext_size, size_t *p_plaintext_length)
|
|
|
A function that peforms a secure element authenticated decryption operation.
|
|
|
◆
psa_drv_se_aead_encrypt_t
|
typedef
psa_status_t
(* psa_drv_se_aead_encrypt_t) (
psa_drv_se_context_t
*drv_context,
psa_key_slot_number_t
key_slot,
psa_algorithm_t
algorithm, const uint8_t *p_nonce, size_t nonce_length, const uint8_t *p_additional_data, size_t additional_data_length, const uint8_t *p_plaintext, size_t plaintext_length, uint8_t *p_ciphertext, size_t ciphertext_size, size_t *p_ciphertext_length)
|
A function that performs a secure element authenticated encryption operation.
-
Parameters
-
|
[in,out]
|
drv_context
|
The driver context structure.
|
|
[in]
|
key_slot
|
Slot containing the key to use.
|
|
[in]
|
algorithm
|
The AEAD algorithm to compute (
PSA_ALG_XXX
value such that
PSA_ALG_IS_AEAD
(
alg
) is true)
|
|
[in]
|
p_nonce
|
Nonce or IV to use
|
|
[in]
|
nonce_length
|
Size of the
p_nonce
buffer in bytes
|
|
[in]
|
p_additional_data
|
Additional data that will be authenticated but not encrypted
|
|
[in]
|
additional_data_length
|
Size of
p_additional_data
in bytes
|
|
[in]
|
p_plaintext
|
Data that will be authenticated and encrypted
|
|
[in]
|
plaintext_length
|
Size of
p_plaintext
in bytes
|
|
[out]
|
p_ciphertext
|
Output buffer for the authenticated and encrypted data. The additional data is not part of this output. For algorithms where the encrypted data and the authentication tag are defined as separate outputs, the authentication tag is appended to the encrypted data.
|
|
[in]
|
ciphertext_size
|
Size of the
p_ciphertext
buffer in bytes
|
|
[out]
|
p_ciphertext_length
|
On success, the size of the output in the
p_ciphertext
buffer
|
-
Return values
-
◆
psa_drv_se_aead_decrypt_t
|
typedef
psa_status_t
(* psa_drv_se_aead_decrypt_t) (
psa_drv_se_context_t
*drv_context,
psa_key_slot_number_t
key_slot,
psa_algorithm_t
algorithm, const uint8_t *p_nonce, size_t nonce_length, const uint8_t *p_additional_data, size_t additional_data_length, const uint8_t *p_ciphertext, size_t ciphertext_length, uint8_t *p_plaintext, size_t plaintext_size, size_t *p_plaintext_length)
|
A function that peforms a secure element authenticated decryption operation.
-
Parameters
-
|
[in,out]
|
drv_context
|
The driver context structure.
|
|
[in]
|
key_slot
|
Slot containing the key to use
|
|
[in]
|
algorithm
|
The AEAD algorithm to compute (
PSA_ALG_XXX
value such that
PSA_ALG_IS_AEAD
(
alg
) is true)
|
|
[in]
|
p_nonce
|
Nonce or IV to use
|
|
[in]
|
nonce_length
|
Size of the
p_nonce
buffer in bytes
|
|
[in]
|
p_additional_data
|
Additional data that has been authenticated but not encrypted
|
|
[in]
|
additional_data_length
|
Size of
p_additional_data
in bytes
|
|
[in]
|
p_ciphertext
|
Data that has been authenticated and encrypted. For algorithms where the encrypted data and the authentication tag are defined as separate inputs, the buffer must contain the encrypted data followed by the authentication tag.
|
|
[in]
|
ciphertext_length
|
Size of
p_ciphertext
in bytes
|
|
[out]
|
p_plaintext
|
Output buffer for the decrypted data
|
|
[in]
|
plaintext_size
|
Size of the
p_plaintext
buffer in bytes
|
|
[out]
|
p_plaintext_length
|
On success, the size of the output in the
p_plaintext
buffer
|
-
Return values
-