Crypto: Add support for AEAD operations
This patch introduces support for the AEAD (authenticated
encryption with associated data) operations in the context
of the Crypto service. It also adds two functional test
cases to the NS suite to showcase AEAD in GCM and CCM mode
using AES-128.
Change-Id: I42ca3b27c68cb95dcddaf525d5a7ff53f92e911c
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
diff --git a/interface/include/tfm_crypto_veneers.h b/interface/include/tfm_crypto_veneers.h
index 312c2c3..83ab510 100644
--- a/interface/include/tfm_crypto_veneers.h
+++ b/interface/include/tfm_crypto_veneers.h
@@ -242,7 +242,6 @@
*/
enum tfm_crypto_err_t tfm_crypto_veneer_hash_abort(
psa_hash_operation_t *operation);
-
/**
* \brief Start a MAC operation with the provided algorithm (for signing)
* (veneer function)
@@ -342,6 +341,33 @@
*/
enum tfm_crypto_err_t tfm_crypto_veneer_mac_abort(
psa_mac_operation_t *operation);
+/**
+ * \brief Perform an AEAD encryption operation on input data with additional
+ * data to be authenticated, producing ciphertext in output with an
+ * appended authentication tag (veneer function)
+ *
+ * \param[in] input_s Pointer to the struct containing input parameters
+ * \param[out] output_s Pointer to the struct containing output parameters
+ *
+ * \return Return values as described in \ref tfm_crypto_err_t
+ */
+enum tfm_crypto_err_t tfm_crypto_veneer_aead_encrypt(
+ struct psa_aead_encrypt_input *input_s,
+ struct psa_aead_encrypt_output *output_s);
+/**
+ * \brief Perform an AEAD decryption operation on input data with additional
+ * data to be verified, producing back the original plain text in case
+ * the verification of the authentication tag is successful (veneer
+ * function)
+ *
+ * \param[in] input_s Pointer to the struct containing input parameters
+ * \param[out] output_s Pointer to the struct containing output parameters
+ *
+ * \return Return values as described in \ref tfm_crypto_err_t
+ */
+enum tfm_crypto_err_t tfm_crypto_veneer_aead_decrypt(
+ struct psa_aead_decrypt_input *input_s,
+ struct psa_aead_decrypt_output *output_s);
#ifdef __cplusplus
}