Group se_aead

group se_aead

Authenticated Encryption with Additional Data (AEAD) operations with secure elements must be done in one function call. While this creates a burden for implementers as there must be sufficient space in memory for the entire message, it prevents decrypted data from being made available before the authentication operation is complete and the data is known to be authentic.

Typedefs

typedef psa_status_t (*psa_drv_se_aead_encrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t algorithm, const uint8_t *p_nonce, size_t nonce_length, const uint8_t *p_additional_data, size_t additional_data_length, const uint8_t *p_plaintext, size_t plaintext_length, uint8_t *p_ciphertext, size_t ciphertext_size, size_t *p_ciphertext_length)

A function that performs a secure element authenticated encryption operation.

Param drv_context

[inout] The driver context structure.

Param key_slot

[in] Slot containing the key to use.

Param algorithm

[in] The AEAD algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true)

Param p_nonce

[in] Nonce or IV to use

Param nonce_length

[in] Size of the p_nonce buffer in bytes

Param p_additional_data

[in] Additional data that will be authenticated but not encrypted

Param additional_data_length

[in] Size of p_additional_data in bytes

Param p_plaintext

[in] Data that will be authenticated and encrypted

Param plaintext_length

[in] Size of p_plaintext in bytes

Param p_ciphertext

[out] Output buffer for the authenticated and encrypted data. The additional data is not part of this output. For algorithms where the encrypted data and the authentication tag are defined as separate outputs, the authentication tag is appended to the encrypted data.

Param ciphertext_size

[in] Size of the p_ciphertext buffer in bytes

Param p_ciphertext_length

[out] On success, the size of the output in the p_ciphertext buffer

Retval PSA_SUCCESS

Success.

typedef psa_status_t (*psa_drv_se_aead_decrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t algorithm, const uint8_t *p_nonce, size_t nonce_length, const uint8_t *p_additional_data, size_t additional_data_length, const uint8_t *p_ciphertext, size_t ciphertext_length, uint8_t *p_plaintext, size_t plaintext_size, size_t *p_plaintext_length)

A function that performs a secure element authenticated decryption operation

Param drv_context

[inout] The driver context structure.

Param key_slot

[in] Slot containing the key to use

Param algorithm

[in] The AEAD algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true)

Param p_nonce

[in] Nonce or IV to use

Param nonce_length

[in] Size of the p_nonce buffer in bytes

Param p_additional_data

[in] Additional data that has been authenticated but not encrypted

Param additional_data_length

[in] Size of p_additional_data in bytes

Param p_ciphertext

[in] Data that has been authenticated and encrypted. For algorithms where the encrypted data and the authentication tag are defined as separate inputs, the buffer must contain the encrypted data followed by the authentication tag.

Param ciphertext_length

[in] Size of p_ciphertext in bytes

Param p_plaintext

[out] Output buffer for the decrypted data

Param plaintext_size

[in] Size of the p_plaintext buffer in bytes

Param p_plaintext_length

[out] On success, the size of the output in the p_plaintext buffer

Retval PSA_SUCCESS

Success.

struct psa_drv_se_aead_t

#include <crypto_se_driver.h>

A struct containing all of the function pointers needed to implement secure element Authenticated Encryption with Additional Data operations.

PSA Crypto API implementations should populate instances of the table as appropriate upon startup.

If one of the functions is not implemented, it should be set to NULL.