Hardware-Accelerated Authenticated Encryption with Additional Data

Detailed Description

Hardware-accelerated Authenticated Encryption with Additional Data (AEAD) operations must be done in one function call. While this creates a burden for implementers as there must be sufficient space in memory for the entire message, it prevents decrypted data from being made available before the authentication operation is complete and the data is known to be authentic.

Typedefs

typedef psa_status_t(* psa_drv_accel_aead_encrypt_t) (const uint8_t *p_key, size_t key_length, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)
 The function prototype for the hardware-accelerated authenticated encryption operation.
 
typedef psa_status_t(* psa_drv_accel_aead_decrypt_t) (const uint8_t *p_key, size_t key_length, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)
 The function prototype for the hardware-accelerated authenticated decryption operation.
 

Typedef Documentation

typedef psa_status_t(* psa_drv_accel_aead_decrypt_t) (const uint8_t *p_key, size_t key_length, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)

The function prototype for the hardware-accelerated authenticated decryption operation.

Functions that implement this prototype should be named in the following convention:

  • ~~~~~~~~~~~~~{.c} psa_drv_accel_aead_<ALGO>_decrypt
  • ~~~~~~~~~~~~~ Where ALGO is the name of the AEAD algorithm
    Parameters
    [in]p_keyA pointer to the key material
    [in]key_lengthThe size in bytes of the key material
    [in]algThe AEAD algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true)
    [in]nonceNonce or IV to use
    [in]nonce_lengthSize of the nonce buffer in bytes
    [in]additional_dataAdditional data that has been MACed but not encrypted
    [in]additional_data_lengthSize of additional_data in bytes
    [in]ciphertextData that has been MACed and encrypted For algorithms where the encrypted data and the authentication tag are defined as separate inputs, the buffer must contain the encrypted data followed by the authentication tag.
    [in]ciphertext_lengthSize of ciphertext in bytes
    [out]plaintextOutput buffer for the decrypted data
    [in]plaintext_sizeSize of the plaintext buffer in bytes This must be at least PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length).
    [out]plaintext_lengthOn success, the size of the output in the plaintext buffer
    Return values
    PSA_SUCCESSSuccess.

Definition at line 611 of file crypto_accel_driver.h.

typedef psa_status_t(* psa_drv_accel_aead_encrypt_t) (const uint8_t *p_key, size_t key_length, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)

The function prototype for the hardware-accelerated authenticated encryption operation.

Functions that implement this prototype should be named in the following convention:

  • ~~~~~~~~~~~~~{.c} psa_drv_accel_aead_<ALGO>_encrypt
  • ~~~~~~~~~~~~~ Where ALGO is the name of the AEAD algorithm

    Parameters
    [in]p_keyA pointer to the key material
    [in]key_lengthThe size in bytes of the key material
    [in]algThe AEAD algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true)
    [in]nonceNonce or IV to use
    [in]nonce_lengthSize of the nonce buffer in bytes
    [in]additional_dataAdditional data that will be MACed but not encrypted.
    [in]additional_data_lengthSize of additional_data in bytes
    [in]plaintextData that will be MACed and encrypted.
    [in]plaintext_lengthSize of plaintext in bytes
    [out]ciphertextOutput buffer for the authenticated and encrypted data. The additional data is not part of this output. For algorithms where the encrypted data and the authentication tag are defined as separate outputs, the authentication tag is appended to the encrypted data.
    [in]ciphertext_sizeSize of the ciphertext buffer in bytes This must be at least PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length).
    [out]ciphertext_lengthOn success, the size of the output in the ciphertext buffer
    Return values
    PSA_SUCCESS

Definition at line 559 of file crypto_accel_driver.h.