|
Platform Security Architecture — cryptography and keystore interface
Working draft
|
Macros | |
| #define | PSA_AEAD_TAG_SIZE(alg) |
Functions | |
| psa_status_t | psa_aead_encrypt (psa_key_slot_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length) |
| psa_status_t | psa_aead_decrypt (psa_key_slot_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length) |
| #define PSA_AEAD_TAG_SIZE | ( | alg | ) |
The tag size for an AEAD algorithm, in bytes.
| alg | An AEAD algorithm (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true). |
| psa_status_t psa_aead_decrypt | ( | psa_key_slot_t | key, |
| psa_algorithm_t | alg, | ||
| const uint8_t * | nonce, | ||
| size_t | nonce_length, | ||
| const uint8_t * | additional_data, | ||
| size_t | additional_data_length, | ||
| const uint8_t * | ciphertext, | ||
| size_t | ciphertext_length, | ||
| uint8_t * | plaintext, | ||
| size_t | plaintext_size, | ||
| size_t * | plaintext_length | ||
| ) |
Process an authenticated decryption operation.
| key | Slot containing the key to use. | |
| alg | The AEAD algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true). | |
| [in] | nonce | Nonce or IV to use. |
| nonce_length | Size of the nonce buffer in bytes. | |
| [in] | additional_data | Additional data that has been authenticated but not encrypted. |
| additional_data_length | Size of additional_data in bytes. | |
| [in] | ciphertext | Data that has been authenticated and encrypted. For algorithms where the encrypted data and the authentication tag are defined as separate inputs, the buffer must contain the encrypted data followed by the authentication tag. |
| ciphertext_length | Size of ciphertext in bytes. | |
| [out] | plaintext | Output buffer for the decrypted data. |
| plaintext_size | Size of the plaintext buffer in bytes. This must be at least PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length). | |
| [out] | plaintext_length | On success, the size of the output in the plaintext buffer. |
| PSA_SUCCESS | Success. |
| PSA_ERROR_EMPTY_SLOT | |
| PSA_ERROR_INVALID_SIGNATURE | The ciphertext is not authentic. |
| PSA_ERROR_NOT_PERMITTED | |
| PSA_ERROR_INVALID_ARGUMENT | key is not compatible with alg. |
| PSA_ERROR_NOT_SUPPORTED | alg is not supported or is not an AEAD algorithm. |
| PSA_ERROR_INSUFFICIENT_MEMORY | |
| PSA_ERROR_COMMUNICATION_FAILURE | |
| PSA_ERROR_HARDWARE_FAILURE | |
| PSA_ERROR_TAMPERING_DETECTED |
| psa_status_t psa_aead_encrypt | ( | psa_key_slot_t | key, |
| psa_algorithm_t | alg, | ||
| const uint8_t * | nonce, | ||
| size_t | nonce_length, | ||
| const uint8_t * | additional_data, | ||
| size_t | additional_data_length, | ||
| const uint8_t * | plaintext, | ||
| size_t | plaintext_length, | ||
| uint8_t * | ciphertext, | ||
| size_t | ciphertext_size, | ||
| size_t * | ciphertext_length | ||
| ) |
Process an authenticated encryption operation.
| key | Slot containing the key to use. | |
| alg | The AEAD algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg) is true). | |
| [in] | nonce | Nonce or IV to use. |
| nonce_length | Size of the nonce buffer in bytes. | |
| [in] | additional_data | Additional data that will be authenticated but not encrypted. |
| additional_data_length | Size of additional_data in bytes. | |
| [in] | plaintext | Data that will be authenticated and encrypted. |
| plaintext_length | Size of plaintext in bytes. | |
| [out] | ciphertext | Output buffer for the authenticated and encrypted data. The additional data is not part of this output. For algorithms where the encrypted data and the authentication tag are defined as separate outputs, the authentication tag is appended to the encrypted data. |
| ciphertext_size | Size of the ciphertext buffer in bytes. This must be at least PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length). | |
| [out] | ciphertext_length | On success, the size of the output in the ciphertext buffer. |
| PSA_SUCCESS | Success. |
| PSA_ERROR_EMPTY_SLOT | |
| PSA_ERROR_NOT_PERMITTED | |
| PSA_ERROR_INVALID_ARGUMENT | key is not compatible with alg. |
| PSA_ERROR_NOT_SUPPORTED | alg is not supported or is not an AEAD algorithm. |
| PSA_ERROR_INSUFFICIENT_MEMORY | |
| PSA_ERROR_COMMUNICATION_FAILURE | |
| PSA_ERROR_HARDWARE_FAILURE | |
| PSA_ERROR_TAMPERING_DETECTED |
1.8.13