| Ronald Cron | 7ceee8d | 2021-03-17 16:55:43 +0100 | [diff] [blame] | 1 | /* | 
|  | 2 | *  PSA AEAD driver entry points | 
|  | 3 | */ | 
|  | 4 | /* | 
|  | 5 | *  Copyright The Mbed TLS Contributors | 
|  | 6 | *  SPDX-License-Identifier: Apache-2.0 | 
|  | 7 | * | 
|  | 8 | *  Licensed under the Apache License, Version 2.0 (the "License"); you may | 
|  | 9 | *  not use this file except in compliance with the License. | 
|  | 10 | *  You may obtain a copy of the License at | 
|  | 11 | * | 
|  | 12 | *  http://www.apache.org/licenses/LICENSE-2.0 | 
|  | 13 | * | 
|  | 14 | *  Unless required by applicable law or agreed to in writing, software | 
|  | 15 | *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | 
|  | 16 | *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 
|  | 17 | *  See the License for the specific language governing permissions and | 
|  | 18 | *  limitations under the License. | 
|  | 19 | */ | 
|  | 20 |  | 
|  | 21 | #ifndef PSA_CRYPTO_AEAD_H | 
|  | 22 | #define PSA_CRYPTO_AEAD_H | 
|  | 23 |  | 
|  | 24 | #include <psa/crypto.h> | 
|  | 25 |  | 
| Ronald Cron | 46f9178 | 2021-03-17 08:16:34 +0100 | [diff] [blame] | 26 | /** | 
|  | 27 | * \brief Process an authenticated encryption operation. | 
|  | 28 | * | 
|  | 29 | * \note The signature of this function is that of a PSA driver | 
|  | 30 | *       aead_encrypt entry point. This function behaves as an aead_encrypt | 
|  | 31 | *       entry point as defined in the PSA driver interface specification for | 
|  | 32 | *       transparent drivers. | 
|  | 33 | * | 
|  | 34 | * \param[in]  attributes         The attributes of the key to use for the | 
|  | 35 | *                                operation. | 
|  | 36 | * \param[in]  key_buffer         The buffer containing the key context. | 
|  | 37 | * \param      key_buffer_size    Size of the \p key_buffer buffer in bytes. | 
|  | 38 | * \param      alg                The AEAD algorithm to compute. | 
|  | 39 | * \param[in]  nonce              Nonce or IV to use. | 
|  | 40 | * \param      nonce_length       Size of the nonce buffer in bytes. This must | 
|  | 41 | *                                be appropriate for the selected algorithm. | 
|  | 42 | *                                The default nonce size is | 
|  | 43 | *                                PSA_AEAD_NONCE_LENGTH(key_type, alg) where | 
|  | 44 | *                                key_type is the type of key. | 
|  | 45 | * \param[in]  additional_data    Additional data that will be authenticated | 
|  | 46 | *                                but not encrypted. | 
|  | 47 | * \param      additional_data_length  Size of additional_data in bytes. | 
|  | 48 | * \param[in]  plaintext          Data that will be authenticated and encrypted. | 
|  | 49 | * \param      plaintext_length   Size of plaintext in bytes. | 
|  | 50 | * \param[out] ciphertext         Output buffer for the authenticated and | 
|  | 51 | *                                encrypted data. The additional data is not | 
|  | 52 | *                                part of this output. For algorithms where the | 
|  | 53 | *                                encrypted data and the authentication tag are | 
|  | 54 | *                                defined as separate outputs, the | 
|  | 55 | *                                authentication tag is appended to the | 
|  | 56 | *                                encrypted data. | 
|  | 57 | * \param      ciphertext_size    Size of the ciphertext buffer in bytes. This | 
|  | 58 | *                                must be appropriate for the selected algorithm | 
|  | 59 | *                                and key: | 
|  | 60 | *                                - A sufficient output size is | 
|  | 61 | *                                  PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, | 
|  | 62 | *                                  plaintext_length) where key_type is the type | 
|  | 63 | *                                  of key. | 
|  | 64 | *                                - PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( | 
|  | 65 | *                                  plaintext_length) evaluates to the maximum | 
|  | 66 | *                                  ciphertext size of any supported AEAD | 
|  | 67 | *                                  encryption. | 
|  | 68 | * \param[out] ciphertext_length  On success, the size of the output in the | 
|  | 69 | *                                ciphertext buffer. | 
|  | 70 | * | 
|  | 71 | * \retval #PSA_SUCCESS Success. | 
|  | 72 | * \retval #PSA_ERROR_NOT_SUPPORTED | 
|  | 73 | *         \p alg is not supported. | 
|  | 74 | * \retval #PSA_ERROR_INSUFFICIENT_MEMORY | 
|  | 75 | * \retval #PSA_ERROR_BUFFER_TOO_SMALL | 
|  | 76 | *         ciphertext_size is too small. | 
|  | 77 | * \retval #PSA_ERROR_CORRUPTION_DETECTED | 
|  | 78 | */ | 
|  | 79 | psa_status_t mbedtls_psa_aead_encrypt( | 
|  | 80 | const psa_key_attributes_t *attributes, | 
|  | 81 | const uint8_t *key_buffer, size_t key_buffer_size, | 
|  | 82 | psa_algorithm_t alg, | 
|  | 83 | const uint8_t *nonce, size_t nonce_length, | 
|  | 84 | const uint8_t *additional_data, size_t additional_data_length, | 
|  | 85 | const uint8_t *plaintext, size_t plaintext_length, | 
|  | 86 | uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ); | 
|  | 87 |  | 
|  | 88 | /** | 
|  | 89 | * \brief Process an authenticated decryption operation. | 
|  | 90 | * | 
|  | 91 | * \note The signature of this function is that of a PSA driver | 
|  | 92 | *       aead_decrypt entry point. This function behaves as an aead_decrypt | 
|  | 93 | *       entry point as defined in the PSA driver interface specification for | 
|  | 94 | *       transparent drivers. | 
|  | 95 | * | 
|  | 96 | * \param[in]  attributes         The attributes of the key to use for the | 
|  | 97 | *                                operation. | 
|  | 98 | * \param[in]  key_buffer         The buffer containing the key context. | 
|  | 99 | * \param      key_buffer_size    Size of the \p key_buffer buffer in bytes. | 
|  | 100 | * \param      alg                The AEAD algorithm to compute. | 
|  | 101 | * \param[in]  nonce              Nonce or IV to use. | 
|  | 102 | * \param      nonce_length       Size of the nonce buffer in bytes. This must | 
|  | 103 | *                                be appropriate for the selected algorithm. | 
|  | 104 | *                                The default nonce size is | 
|  | 105 | *                                PSA_AEAD_NONCE_LENGTH(key_type, alg) where | 
|  | 106 | *                                key_type is the type of key. | 
|  | 107 | * \param[in]  additional_data    Additional data that has been authenticated | 
|  | 108 | *                                but not encrypted. | 
|  | 109 | * \param      additional_data_length  Size of additional_data in bytes. | 
|  | 110 | * \param[in]  ciphertext         Data that has been authenticated and | 
|  | 111 | *                                encrypted. For algorithms where the encrypted | 
|  | 112 | *                                data and the authentication tag are defined | 
|  | 113 | *                                as separate inputs, the buffer contains | 
|  | 114 | *                                encrypted data followed by the authentication | 
|  | 115 | *                                tag. | 
|  | 116 | * \param      ciphertext_length  Size of ciphertext in bytes. | 
|  | 117 | * \param[out] plaintext          Output buffer for the decrypted data. | 
|  | 118 | * \param      plaintext_size     Size of the plaintext buffer in bytes. This | 
|  | 119 | *                                must be appropriate for the selected algorithm | 
|  | 120 | *                                and key: | 
|  | 121 | *                                - A sufficient output size is | 
|  | 122 | *                                  PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, | 
|  | 123 | *                                  ciphertext_length) where key_type is the | 
|  | 124 | *                                  type of key. | 
|  | 125 | *                                - PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( | 
|  | 126 | *                                  ciphertext_length) evaluates to the maximum | 
|  | 127 | *                                  plaintext size of any supported AEAD | 
|  | 128 | *                                  decryption. | 
|  | 129 | * \param[out] plaintext_length   On success, the size of the output in the | 
|  | 130 | *                                plaintext buffer. | 
|  | 131 | * | 
|  | 132 | * \retval #PSA_SUCCESS Success. | 
|  | 133 | * \retval #PSA_ERROR_INVALID_SIGNATURE | 
|  | 134 | *         The cipher is not authentic. | 
|  | 135 | * \retval #PSA_ERROR_NOT_SUPPORTED | 
|  | 136 | *         \p alg is not supported. | 
|  | 137 | * \retval #PSA_ERROR_INSUFFICIENT_MEMORY | 
|  | 138 | * \retval #PSA_ERROR_BUFFER_TOO_SMALL | 
|  | 139 | *         plaintext_size is too small. | 
|  | 140 | * \retval #PSA_ERROR_CORRUPTION_DETECTED | 
|  | 141 | */ | 
|  | 142 | psa_status_t mbedtls_psa_aead_decrypt( | 
|  | 143 | const psa_key_attributes_t *attributes, | 
|  | 144 | const uint8_t *key_buffer, size_t key_buffer_size, | 
|  | 145 | psa_algorithm_t alg, | 
|  | 146 | const uint8_t *nonce, size_t nonce_length, | 
|  | 147 | const uint8_t *additional_data, size_t additional_data_length, | 
|  | 148 | const uint8_t *ciphertext, size_t ciphertext_length, | 
|  | 149 | uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); | 
|  | 150 |  | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 151 | /** Set the key for a multipart authenticated encryption operation. | 
|  | 152 | * | 
|  | 153 | *  \note The signature of this function is that of a PSA driver | 
|  | 154 | *       aead_encrypt_setup entry point. This function behaves as an | 
|  | 155 | *       aead_encrypt_setup entry point as defined in the PSA driver interface | 
|  | 156 | *       specification for transparent drivers. | 
|  | 157 | * | 
| Paul Elliott | cbbde5f | 2021-05-10 18:19:46 +0100 | [diff] [blame] | 158 | * If an error occurs at any step after a call to | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 159 | * mbedtls_psa_aead_encrypt_setup(), the operation is reset by the PSA core by a | 
|  | 160 | * call to mbedtls_psa_aead_abort(). The PSA core may call | 
| Paul Elliott | cbbde5f | 2021-05-10 18:19:46 +0100 | [diff] [blame] | 161 | * mbedtls_psa_aead_abort() at any time after the operation has been | 
|  | 162 | * initialized. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 163 | * | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 164 | * After a successful call to mbedtls_psa_aead_encrypt_setup(), the PSA core | 
|  | 165 | * eventually terminates the operation by calling mbedtls_psa_aead_abort(). | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 166 | * | 
|  | 167 | * \param[in,out] operation     The operation object to set up. It must have | 
|  | 168 | *                              been initialized as per the documentation for | 
| Paul Elliott | cbbde5f | 2021-05-10 18:19:46 +0100 | [diff] [blame] | 169 | *                              #mbedtls_psa_aead_operation_t and not yet in | 
|  | 170 | *                              use. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 171 | * \param[in]  attributes       The attributes of the key to use for the | 
|  | 172 | *                              operation. | 
|  | 173 | * \param[in]  key_buffer       The buffer containing the key context. | 
|  | 174 | * \param      key_buffer_size  Size of the \p key_buffer buffer in bytes. | 
|  | 175 | * \param alg                   The AEAD algorithm to compute | 
|  | 176 | *                              (\c PSA_ALG_XXX value such that | 
|  | 177 | *                              #PSA_ALG_IS_AEAD(\p alg) is true). | 
|  | 178 | * | 
|  | 179 | * \retval #PSA_SUCCESS | 
|  | 180 | *         Success. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 181 | * \retval #PSA_ERROR_INVALID_ARGUMENT | 
|  | 182 | *         \p key is not compatible with \p alg. | 
|  | 183 | * \retval #PSA_ERROR_NOT_SUPPORTED | 
| Paul Elliott | 1c8de15 | 2021-06-03 15:54:00 +0100 | [diff] [blame] | 184 | *         \p alg is not supported. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 185 | * \retval #PSA_ERROR_INSUFFICIENT_MEMORY | 
| Paul Elliott | b91f331 | 2021-05-19 12:30:15 +0100 | [diff] [blame] | 186 | *         Failed to allocate memory for key material | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 187 | */ | 
| Paul Elliott | bb8bf66 | 2021-05-19 17:29:42 +0100 | [diff] [blame] | 188 | psa_status_t mbedtls_psa_aead_encrypt_setup( | 
|  | 189 | mbedtls_psa_aead_operation_t *operation, | 
|  | 190 | const psa_key_attributes_t *attributes, | 
|  | 191 | const uint8_t *key_buffer, | 
|  | 192 | size_t key_buffer_size, | 
|  | 193 | psa_algorithm_t alg ); | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 194 |  | 
|  | 195 | /** Set the key for a multipart authenticated decryption operation. | 
|  | 196 | * | 
|  | 197 | * \note The signature of this function is that of a PSA driver | 
|  | 198 | *       aead_decrypt_setup entry point. This function behaves as an | 
|  | 199 | *       aead_decrypt_setup entry point as defined in the PSA driver interface | 
|  | 200 | *       specification for transparent drivers. | 
|  | 201 | * | 
| Paul Elliott | cbbde5f | 2021-05-10 18:19:46 +0100 | [diff] [blame] | 202 | * If an error occurs at any step after a call to | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 203 | * mbedtls_psa_aead_decrypt_setup(), the PSA core resets the operation by a | 
|  | 204 | * call to mbedtls_psa_aead_abort(). The PSA core may call | 
| Paul Elliott | cbbde5f | 2021-05-10 18:19:46 +0100 | [diff] [blame] | 205 | * mbedtls_psa_aead_abort() at any time after the operation has been | 
|  | 206 | * initialized. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 207 | * | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 208 | * After a successful call to mbedtls_psa_aead_decrypt_setup(), the PSA core | 
|  | 209 | * eventually terminates the operation by a call to mbedtls_psa_aead_abort(). | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 210 | * | 
|  | 211 | * \param[in,out] operation     The operation object to set up. It must have | 
|  | 212 | *                              been initialized as per the documentation for | 
| Paul Elliott | cbbde5f | 2021-05-10 18:19:46 +0100 | [diff] [blame] | 213 | *                              #mbedtls_psa_aead_operation_t and not yet in | 
|  | 214 | *                              use. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 215 | * \param[in]  attributes       The attributes of the key to use for the | 
|  | 216 | *                              operation. | 
|  | 217 | * \param[in]  key_buffer       The buffer containing the key context. | 
|  | 218 | * \param      key_buffer_size  Size of the \p key_buffer buffer in bytes. | 
|  | 219 | * \param alg                   The AEAD algorithm to compute | 
|  | 220 | *                              (\c PSA_ALG_XXX value such that | 
|  | 221 | *                              #PSA_ALG_IS_AEAD(\p alg) is true). | 
|  | 222 | * | 
|  | 223 | * \retval #PSA_SUCCESS | 
|  | 224 | *         Success. | 
| Paul Elliott | b91f331 | 2021-05-19 12:30:15 +0100 | [diff] [blame] | 225 | * * \retval #PSA_ERROR_INVALID_ARGUMENT | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 226 | *         \p key is not compatible with \p alg. | 
|  | 227 | * \retval #PSA_ERROR_NOT_SUPPORTED | 
| Paul Elliott | 1c8de15 | 2021-06-03 15:54:00 +0100 | [diff] [blame] | 228 | *         \p alg is not supported. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 229 | * \retval #PSA_ERROR_INSUFFICIENT_MEMORY | 
| Paul Elliott | b91f331 | 2021-05-19 12:30:15 +0100 | [diff] [blame] | 230 | *         Failed to allocate memory for key material | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 231 | */ | 
| Paul Elliott | bb8bf66 | 2021-05-19 17:29:42 +0100 | [diff] [blame] | 232 | psa_status_t mbedtls_psa_aead_decrypt_setup( | 
|  | 233 | mbedtls_psa_aead_operation_t *operation, | 
|  | 234 | const psa_key_attributes_t *attributes, | 
|  | 235 | const uint8_t *key_buffer, | 
|  | 236 | size_t key_buffer_size, | 
|  | 237 | psa_algorithm_t alg ); | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 238 |  | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 239 | /** Set the nonce for an authenticated encryption or decryption operation. | 
|  | 240 | * | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 241 | * \note The signature of this function is that of a PSA driver aead_set_nonce | 
|  | 242 | *       entry point. This function behaves as an aead_set_nonce entry point as | 
|  | 243 | *       defined in the PSA driver interface specification for transparent | 
|  | 244 | *       drivers. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 245 | * | 
|  | 246 | * This function sets the nonce for the authenticated | 
|  | 247 | * encryption or decryption operation. | 
|  | 248 | * | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 249 | * The PSA core calls mbedtls_psa_aead_encrypt_setup() or | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 250 | * mbedtls_psa_aead_decrypt_setup() before calling this function. | 
|  | 251 | * | 
| Paul Elliott | 498d350 | 2021-05-17 18:16:20 +0100 | [diff] [blame] | 252 | * If this function returns an error status, the PSA core will call | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 253 | * mbedtls_psa_aead_abort(). | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 254 | * | 
|  | 255 | * \param[in,out] operation     Active AEAD operation. | 
|  | 256 | * \param[in] nonce             Buffer containing the nonce to use. | 
|  | 257 | * \param nonce_length          Size of the nonce in bytes. | 
|  | 258 | * | 
|  | 259 | * \retval #PSA_SUCCESS | 
|  | 260 | *         Success. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 261 | * \retval #PSA_ERROR_INVALID_ARGUMENT | 
|  | 262 | *         The size of \p nonce is not acceptable for the chosen algorithm. | 
| Paul Elliott | b91f331 | 2021-05-19 12:30:15 +0100 | [diff] [blame] | 263 | * \retval #PSA_ERROR_NOT_SUPPORTED | 
|  | 264 | *         Algorithm previously set is not supported in this configuration of | 
|  | 265 | *         the library. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 266 | */ | 
| Paul Elliott | bb8bf66 | 2021-05-19 17:29:42 +0100 | [diff] [blame] | 267 | psa_status_t mbedtls_psa_aead_set_nonce( | 
|  | 268 | mbedtls_psa_aead_operation_t *operation, | 
|  | 269 | const uint8_t *nonce, | 
|  | 270 | size_t nonce_length ); | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 271 |  | 
|  | 272 | /** Declare the lengths of the message and additional data for AEAD. | 
|  | 273 | * | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 274 | * \note The signature of this function is that of a PSA driver aead_set_lengths | 
|  | 275 | *       entry point. This function behaves as an aead_set_lengths entry point | 
|  | 276 | *       as defined in the PSA driver interface specification for transparent | 
|  | 277 | *       drivers. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 278 | * | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 279 | * The PSA core calls this function before calling mbedtls_psa_aead_update_ad() | 
|  | 280 | * or mbedtls_psa_aead_update() if the algorithm for the operation requires it. | 
|  | 281 | * If the algorithm does not require it, calling this function is optional, but | 
|  | 282 | * if this function is called then the implementation must enforce the lengths. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 283 | * | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 284 | * The PSA core may call this function before or after setting the nonce with | 
|  | 285 | * mbedtls_psa_aead_set_nonce(). | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 286 | * | 
|  | 287 | * - For #PSA_ALG_CCM, calling this function is required. | 
|  | 288 | * - For the other AEAD algorithms defined in this specification, calling | 
|  | 289 | *   this function is not required. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 290 | * | 
| Paul Elliott | 498d350 | 2021-05-17 18:16:20 +0100 | [diff] [blame] | 291 | * If this function returns an error status, the PSA core calls | 
|  | 292 | * mbedtls_psa_aead_abort(). | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 293 | * | 
|  | 294 | * \param[in,out] operation     Active AEAD operation. | 
|  | 295 | * \param ad_length             Size of the non-encrypted additional | 
|  | 296 | *                              authenticated data in bytes. | 
|  | 297 | * \param plaintext_length      Size of the plaintext to encrypt in bytes. | 
|  | 298 | * | 
|  | 299 | * \retval #PSA_SUCCESS | 
|  | 300 | *         Success. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 301 | * \retval #PSA_ERROR_INVALID_ARGUMENT | 
|  | 302 | *         At least one of the lengths is not acceptable for the chosen | 
|  | 303 | *         algorithm. | 
| Paul Elliott | b91f331 | 2021-05-19 12:30:15 +0100 | [diff] [blame] | 304 | * \retval #PSA_ERROR_NOT_SUPPORTED | 
|  | 305 | *         Algorithm previously set is not supported in this configuration of | 
|  | 306 | *         the library. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 307 | */ | 
| Paul Elliott | bb8bf66 | 2021-05-19 17:29:42 +0100 | [diff] [blame] | 308 | psa_status_t mbedtls_psa_aead_set_lengths( | 
|  | 309 | mbedtls_psa_aead_operation_t *operation, | 
|  | 310 | size_t ad_length, | 
|  | 311 | size_t plaintext_length ); | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 312 |  | 
|  | 313 | /** Pass additional data to an active AEAD operation. | 
|  | 314 | * | 
|  | 315 | *  \note The signature of this function is that of a PSA driver | 
|  | 316 | *       aead_update_ad entry point. This function behaves as an aead_update_ad | 
|  | 317 | *       entry point as defined in the PSA driver interface specification for | 
|  | 318 | *       transparent drivers. | 
|  | 319 | * | 
|  | 320 | * Additional data is authenticated, but not encrypted. | 
|  | 321 | * | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 322 | * The PSA core can call this function multiple times to pass successive | 
|  | 323 | * fragments of the additional data. It will not call this function after | 
|  | 324 | * passing data to encrypt or decrypt with mbedtls_psa_aead_update(). | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 325 | * | 
| Paul Elliott | 498d350 | 2021-05-17 18:16:20 +0100 | [diff] [blame] | 326 | * Before calling this function, the PSA core will: | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 327 | *    1. Call either mbedtls_psa_aead_encrypt_setup() or | 
|  | 328 | *       mbedtls_psa_aead_decrypt_setup(). | 
|  | 329 | *    2. Set the nonce with mbedtls_psa_aead_set_nonce(). | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 330 | * | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 331 | * If this function returns an error status, the PSA core will call | 
|  | 332 | * mbedtls_psa_aead_abort(). | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 333 | * | 
| Paul Elliott | cbbde5f | 2021-05-10 18:19:46 +0100 | [diff] [blame] | 334 | * \warning When decrypting, until mbedtls_psa_aead_verify() has returned | 
|  | 335 | *          #PSA_SUCCESS, there is no guarantee that the input is valid. | 
|  | 336 | *          Therefore, until you have called mbedtls_psa_aead_verify() and it | 
|  | 337 | *          has returned #PSA_SUCCESS, treat the input as untrusted and prepare | 
|  | 338 | *          to undo any action that depends on the input if | 
|  | 339 | *          mbedtls_psa_aead_verify() returns an error status. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 340 | * | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 341 | * | 
|  | 342 | * \param[in,out] operation     Active AEAD operation. | 
|  | 343 | * \param[in] input             Buffer containing the fragment of | 
|  | 344 | *                              additional data. | 
|  | 345 | * \param input_length          Size of the \p input buffer in bytes. | 
|  | 346 | * | 
|  | 347 | * \retval #PSA_SUCCESS | 
|  | 348 | *         Success. | 
| Paul Elliott | b91f331 | 2021-05-19 12:30:15 +0100 | [diff] [blame] | 349 | * \retval #PSA_ERROR_NOT_SUPPORTED | 
|  | 350 | *         Algorithm previously set is not supported in this configuration of | 
|  | 351 | *         the library. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 352 | */ | 
| Paul Elliott | bb8bf66 | 2021-05-19 17:29:42 +0100 | [diff] [blame] | 353 | psa_status_t mbedtls_psa_aead_update_ad( | 
|  | 354 | mbedtls_psa_aead_operation_t *operation, | 
|  | 355 | const uint8_t *input, | 
|  | 356 | size_t input_length ); | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 357 |  | 
|  | 358 | /** Encrypt or decrypt a message fragment in an active AEAD operation. | 
|  | 359 | * | 
|  | 360 | *  \note The signature of this function is that of a PSA driver | 
|  | 361 | *       aead_update entry point. This function behaves as an aead_update entry | 
|  | 362 | *       point as defined in the PSA driver interface specification for | 
|  | 363 | *       transparent drivers. | 
|  | 364 | * | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 365 | * Before calling this function, the PSA core will: | 
|  | 366 | *    1. Call either mbedtls_psa_aead_encrypt_setup() or | 
|  | 367 | *       mbedtls_psa_aead_decrypt_setup(). The choice of setup function | 
|  | 368 | *       determines whether this function encrypts or decrypts its input. | 
|  | 369 | *    2. Set the nonce with mbedtls_psa_aead_set_nonce(). | 
|  | 370 | *    3. Call mbedtls_psa_aead_update_ad() to pass all the additional data. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 371 | * | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 372 | * If this function returns an error status, the PSA core will call | 
|  | 373 | * mbedtls_psa_aead_abort(). | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 374 | * | 
|  | 375 | * This function does not require the input to be aligned to any | 
|  | 376 | * particular block boundary. If the implementation can only process | 
|  | 377 | * a whole block at a time, it must consume all the input provided, but | 
|  | 378 | * it may delay the end of the corresponding output until a subsequent | 
|  | 379 | * call to mbedtls_psa_aead_update(), mbedtls_psa_aead_finish() or | 
|  | 380 | * mbedtls_psa_aead_verify() provides sufficient input. The amount of data that | 
|  | 381 | * can be delayed in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE. | 
|  | 382 | * | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 383 | * \param[in,out] operation     Active AEAD operation. | 
|  | 384 | * \param[in] input             Buffer containing the message fragment to | 
|  | 385 | *                              encrypt or decrypt. | 
|  | 386 | * \param input_length          Size of the \p input buffer in bytes. | 
|  | 387 | * \param[out] output           Buffer where the output is to be written. | 
|  | 388 | * \param output_size           Size of the \p output buffer in bytes. | 
| Paul Elliott | 9622c9a | 2021-05-17 17:30:52 +0100 | [diff] [blame] | 389 | *                              This must be appropriate for the selected | 
|  | 390 | *                                algorithm and key: | 
|  | 391 | *                                - A sufficient output size is | 
|  | 392 | *                                  #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, | 
|  | 393 | *                                  \c alg, \p input_length) where | 
|  | 394 | *                                  \c key_type is the type of key and \c alg is | 
|  | 395 | *                                  the algorithm that were used to set up the | 
|  | 396 | *                                  operation. | 
|  | 397 | *                                - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p | 
|  | 398 | *                                  input_length) evaluates to the maximum | 
|  | 399 | *                                  output size of any supported AEAD | 
|  | 400 | *                                  algorithm. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 401 | * \param[out] output_length    On success, the number of bytes | 
|  | 402 | *                              that make up the returned output. | 
|  | 403 | * | 
|  | 404 | * \retval #PSA_SUCCESS | 
|  | 405 | *         Success. | 
| Paul Elliott | b91f331 | 2021-05-19 12:30:15 +0100 | [diff] [blame] | 406 |  | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 407 | * \retval #PSA_ERROR_BUFFER_TOO_SMALL | 
|  | 408 | *         The size of the \p output buffer is too small. | 
| Paul Elliott | 9622c9a | 2021-05-17 17:30:52 +0100 | [diff] [blame] | 409 | *         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or | 
|  | 410 | *         #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to | 
|  | 411 | *         determine the required buffer size. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 412 | */ | 
| Paul Elliott | bb8bf66 | 2021-05-19 17:29:42 +0100 | [diff] [blame] | 413 | psa_status_t mbedtls_psa_aead_update( | 
|  | 414 | mbedtls_psa_aead_operation_t *operation, | 
|  | 415 | const uint8_t *input, | 
|  | 416 | size_t input_length, | 
|  | 417 | uint8_t *output, | 
|  | 418 | size_t output_size, | 
|  | 419 | size_t *output_length ); | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 420 |  | 
|  | 421 | /** Finish encrypting a message in an AEAD operation. | 
|  | 422 | * | 
|  | 423 | *  \note The signature of this function is that of a PSA driver | 
|  | 424 | *       aead_finish entry point. This function behaves as an aead_finish entry | 
|  | 425 | *       point as defined in the PSA driver interface specification for | 
|  | 426 | *       transparent drivers. | 
|  | 427 | * | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 428 | * The operation must have been set up by the PSA core with | 
|  | 429 | * mbedtls_psa_aead_encrypt_setup(). | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 430 | * | 
|  | 431 | * This function finishes the authentication of the additional data | 
|  | 432 | * formed by concatenating the inputs passed to preceding calls to | 
|  | 433 | * mbedtls_psa_aead_update_ad() with the plaintext formed by concatenating the | 
|  | 434 | * inputs passed to preceding calls to mbedtls_psa_aead_update(). | 
|  | 435 | * | 
|  | 436 | * This function has two output buffers: | 
|  | 437 | * - \p ciphertext contains trailing ciphertext that was buffered from | 
| Paul Elliott | 498d350 | 2021-05-17 18:16:20 +0100 | [diff] [blame] | 438 | *   preceding calls to mbedtls_psa_aead_update(). | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 439 | * - \p tag contains the authentication tag. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 440 | * | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 441 | * Whether or not this function returns successfuly, the PSA core subsequently | 
|  | 442 | * calls mbedtls_psa_aead_abort() to deactivate the operation. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 443 | * | 
|  | 444 | * \param[in,out] operation     Active AEAD operation. | 
|  | 445 | * \param[out] ciphertext       Buffer where the last part of the ciphertext | 
|  | 446 | *                              is to be written. | 
|  | 447 | * \param ciphertext_size       Size of the \p ciphertext buffer in bytes. | 
| Paul Elliott | 9622c9a | 2021-05-17 17:30:52 +0100 | [diff] [blame] | 448 | *                              This must be appropriate for the selected | 
|  | 449 | *                              algorithm and key: | 
|  | 450 | *                              - A sufficient output size is | 
|  | 451 | *                                #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, | 
|  | 452 | *                                \c alg) where \c key_type is the type of key | 
|  | 453 | *                                and \c alg is the algorithm that were used to | 
|  | 454 | *                                set up the operation. | 
|  | 455 | *                              - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to | 
|  | 456 | *                                the maximum output size of any supported AEAD | 
|  | 457 | *                                algorithm. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 458 | * \param[out] ciphertext_length On success, the number of bytes of | 
|  | 459 | *                              returned ciphertext. | 
|  | 460 | * \param[out] tag              Buffer where the authentication tag is | 
|  | 461 | *                              to be written. | 
|  | 462 | * \param tag_size              Size of the \p tag buffer in bytes. | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 463 | *                              This must be appropriate for the selected | 
|  | 464 | *                              algorithm and key: | 
|  | 465 | *                              - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c | 
|  | 466 | *                                key_type, \c key_bits, \c alg) where | 
|  | 467 | *                                \c key_type and \c key_bits are the type and | 
| Paul Elliott | 498d350 | 2021-05-17 18:16:20 +0100 | [diff] [blame] | 468 | *                                bit-size of the key, and \c alg are the | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 469 | *                                algorithm that were used in the call to | 
| Paul Elliott | 498d350 | 2021-05-17 18:16:20 +0100 | [diff] [blame] | 470 | *                                mbedtls_psa_aead_encrypt_setup(). | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 471 | *                              - #PSA_AEAD_TAG_MAX_SIZE evaluates to the | 
|  | 472 | *                                maximum tag size of any supported AEAD | 
|  | 473 | *                                algorithm. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 474 | * \param[out] tag_length       On success, the number of bytes | 
|  | 475 | *                              that make up the returned tag. | 
|  | 476 | * | 
|  | 477 | * \retval #PSA_SUCCESS | 
|  | 478 | *         Success. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 479 | * \retval #PSA_ERROR_BUFFER_TOO_SMALL | 
|  | 480 | *         The size of the \p ciphertext or \p tag buffer is too small. | 
| Paul Elliott | 9622c9a | 2021-05-17 17:30:52 +0100 | [diff] [blame] | 481 | *         #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or | 
|  | 482 | *         #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE can be used to determine the | 
|  | 483 | *         required \p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\c key_type, | 
|  | 484 | *         \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to | 
|  | 485 | *         determine the required \p tag buffer size. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 486 | */ | 
| Paul Elliott | bb8bf66 | 2021-05-19 17:29:42 +0100 | [diff] [blame] | 487 | psa_status_t mbedtls_psa_aead_finish( | 
|  | 488 | mbedtls_psa_aead_operation_t *operation, | 
|  | 489 | uint8_t *ciphertext, | 
|  | 490 | size_t ciphertext_size, | 
|  | 491 | size_t *ciphertext_length, | 
|  | 492 | uint8_t *tag, | 
|  | 493 | size_t tag_size, | 
|  | 494 | size_t *tag_length ); | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 495 |  | 
|  | 496 | /** Finish authenticating and decrypting a message in an AEAD operation. | 
|  | 497 | * | 
|  | 498 | *  \note The signature of this function is that of a PSA driver | 
|  | 499 | *       aead_verify entry point. This function behaves as an aead_verify entry | 
|  | 500 | *       point as defined in the PSA driver interface specification for | 
|  | 501 | *       transparent drivers. | 
|  | 502 | * | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 503 | * The operation must have been set up by the PSA core with | 
|  | 504 | * mbedtls_psa_aead_decrypt_setup(). | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 505 | * | 
|  | 506 | * This function finishes the authenticated decryption of the message | 
|  | 507 | * components: | 
|  | 508 | * | 
|  | 509 | * -  The additional data consisting of the concatenation of the inputs | 
|  | 510 | *    passed to preceding calls to mbedtls_psa_aead_update_ad(). | 
|  | 511 | * -  The ciphertext consisting of the concatenation of the inputs passed to | 
|  | 512 | *    preceding calls to mbedtls_psa_aead_update(). | 
|  | 513 | * -  The tag passed to this function call. | 
|  | 514 | * | 
|  | 515 | * If the authentication tag is correct, this function outputs any remaining | 
|  | 516 | * plaintext and reports success. If the authentication tag is not correct, | 
|  | 517 | * this function returns #PSA_ERROR_INVALID_SIGNATURE. | 
|  | 518 | * | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 519 | * Whether or not this function returns successfully, the PSA core subsequently | 
|  | 520 | * calls mbedtls_psa_aead_abort() to deactivate the operation. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 521 | * | 
|  | 522 | * \note Implementations shall make the best effort to ensure that the | 
|  | 523 | * comparison between the actual tag and the expected tag is performed | 
|  | 524 | * in constant time. | 
|  | 525 | * | 
|  | 526 | * \param[in,out] operation     Active AEAD operation. | 
|  | 527 | * \param[out] plaintext        Buffer where the last part of the plaintext | 
|  | 528 | *                              is to be written. This is the remaining data | 
|  | 529 | *                              from previous calls to mbedtls_psa_aead_update() | 
|  | 530 | *                              that could not be processed until the end | 
|  | 531 | *                              of the input. | 
|  | 532 | * \param plaintext_size        Size of the \p plaintext buffer in bytes. | 
| Paul Elliott | 9622c9a | 2021-05-17 17:30:52 +0100 | [diff] [blame] | 533 | *                              This must be appropriate for the selected | 
|  | 534 | *                              algorithm and key: | 
|  | 535 | *                              - A sufficient output size is | 
|  | 536 | *                                #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, | 
|  | 537 | *                                \c alg) where \c key_type is the type of key | 
|  | 538 | *                                and \c alg is the algorithm that were used to | 
|  | 539 | *                                set up the operation. | 
|  | 540 | *                              - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to | 
|  | 541 | *                                the maximum output size of any supported AEAD | 
|  | 542 | *                                algorithm. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 543 | * \param[out] plaintext_length On success, the number of bytes of | 
|  | 544 | *                              returned plaintext. | 
|  | 545 | * \param[in] tag               Buffer containing the authentication tag. | 
|  | 546 | * \param tag_length            Size of the \p tag buffer in bytes. | 
|  | 547 | * | 
|  | 548 | * \retval #PSA_SUCCESS | 
|  | 549 | *         Success. | 
|  | 550 | * \retval #PSA_ERROR_INVALID_SIGNATURE | 
|  | 551 | *         The calculations were successful, but the authentication tag is | 
|  | 552 | *         not correct. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 553 | * \retval #PSA_ERROR_BUFFER_TOO_SMALL | 
|  | 554 | *         The size of the \p plaintext buffer is too small. | 
| Paul Elliott | 9622c9a | 2021-05-17 17:30:52 +0100 | [diff] [blame] | 555 | *         #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or | 
|  | 556 | *         #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the | 
|  | 557 | *         required buffer size. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 558 | */ | 
| Paul Elliott | bb8bf66 | 2021-05-19 17:29:42 +0100 | [diff] [blame] | 559 | psa_status_t mbedtls_psa_aead_verify( | 
|  | 560 | mbedtls_psa_aead_operation_t *operation, | 
|  | 561 | uint8_t *plaintext, | 
|  | 562 | size_t plaintext_size, | 
|  | 563 | size_t *plaintext_length, | 
|  | 564 | const uint8_t *tag, | 
|  | 565 | size_t tag_length ); | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 566 |  | 
|  | 567 | /** Abort an AEAD operation. | 
|  | 568 | * | 
|  | 569 | *  \note The signature of this function is that of a PSA driver | 
|  | 570 | *       aead_abort entry point. This function behaves as an aead_abort entry | 
|  | 571 | *       point as defined in the PSA driver interface specification for | 
|  | 572 | *       transparent drivers. | 
|  | 573 | * | 
|  | 574 | * Aborting an operation frees all associated resources except for the | 
|  | 575 | * \p operation structure itself. Once aborted, the operation object | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 576 | * can be reused for another operation by the PSA core by it calling | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 577 | * mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup() again. | 
|  | 578 | * | 
| Paul Elliott | 4148a68 | 2021-05-14 17:26:56 +0100 | [diff] [blame] | 579 | * The PSA core may call this function any time after the operation object has | 
| Paul Elliott | cbbde5f | 2021-05-10 18:19:46 +0100 | [diff] [blame] | 580 | * been initialized as described in #mbedtls_psa_aead_operation_t. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 581 | * | 
|  | 582 | * In particular, calling mbedtls_psa_aead_abort() after the operation has been | 
| Paul Elliott | cbbde5f | 2021-05-10 18:19:46 +0100 | [diff] [blame] | 583 | * terminated by a call to mbedtls_psa_aead_abort(), mbedtls_psa_aead_finish() | 
|  | 584 | * or mbedtls_psa_aead_verify() is safe and has no effect. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 585 | * | 
|  | 586 | * \param[in,out] operation     Initialized AEAD operation. | 
|  | 587 | * | 
|  | 588 | * \retval #PSA_SUCCESS | 
| Paul Elliott | b91f331 | 2021-05-19 12:30:15 +0100 | [diff] [blame] | 589 | *         Success. | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 590 | */ | 
| Paul Elliott | bb8bf66 | 2021-05-19 17:29:42 +0100 | [diff] [blame] | 591 | psa_status_t mbedtls_psa_aead_abort( | 
|  | 592 | mbedtls_psa_aead_operation_t *operation ); | 
| Paul Elliott | adb8b16 | 2021-04-20 16:06:57 +0100 | [diff] [blame] | 593 |  | 
| Ronald Cron | 7ceee8d | 2021-03-17 16:55:43 +0100 | [diff] [blame] | 594 | #endif /* PSA_CRYPTO_AEAD */ |