Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 0344c602eadc0802776b65ff90f0a02c856cf53c / . / library / psa_crypto_aead.h
blob: a3392199f61a8b9ef62fcfab063d936ee5a2ab0b [file] [log] [blame]
Tom Rini0344c602024-10-08 13:56:50 -0600[diff] [blame^]1/*
2 * PSA AEAD driver entry points
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
7 */
8
9#ifndef PSA_CRYPTO_AEAD_H
10#define PSA_CRYPTO_AEAD_H
11
12#include <psa/crypto.h>
13
14/**
15 * \brief Process an authenticated encryption operation.
16 *
17 * \note The signature of this function is that of a PSA driver
18 * aead_encrypt entry point. This function behaves as an aead_encrypt
19 * entry point as defined in the PSA driver interface specification for
20 * transparent drivers.
21 *
22 * \param[in] attributes The attributes of the key to use for the
23 * operation.
24 * \param[in] key_buffer The buffer containing the key context.
25 * \param key_buffer_size Size of the \p key_buffer buffer in bytes.
26 * \param alg The AEAD algorithm to compute.
27 * \param[in] nonce Nonce or IV to use.
28 * \param nonce_length Size of the nonce buffer in bytes. This must
29 * be appropriate for the selected algorithm.
30 * The default nonce size is
31 * PSA_AEAD_NONCE_LENGTH(key_type, alg) where
32 * key_type is the type of key.
33 * \param[in] additional_data Additional data that will be authenticated
34 * but not encrypted.
35 * \param additional_data_length Size of additional_data in bytes.
36 * \param[in] plaintext Data that will be authenticated and encrypted.
37 * \param plaintext_length Size of plaintext in bytes.
38 * \param[out] ciphertext Output buffer for the authenticated and
39 * encrypted data. The additional data is not
40 * part of this output. For algorithms where the
41 * encrypted data and the authentication tag are
42 * defined as separate outputs, the
43 * authentication tag is appended to the
44 * encrypted data.
45 * \param ciphertext_size Size of the ciphertext buffer in bytes. This
46 * must be appropriate for the selected algorithm
47 * and key:
48 * - A sufficient output size is
49 * PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg,
50 * plaintext_length) where key_type is the type
51 * of key.
52 * - PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(
53 * plaintext_length) evaluates to the maximum
54 * ciphertext size of any supported AEAD
55 * encryption.
56 * \param[out] ciphertext_length On success, the size of the output in the
57 * ciphertext buffer.
58 *
59 * \retval #PSA_SUCCESS Success.
60 * \retval #PSA_ERROR_NOT_SUPPORTED
61 * \p alg is not supported.
62 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
63 * \retval #PSA_ERROR_BUFFER_TOO_SMALL
64 * ciphertext_size is too small.
65 * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
66 */
67psa_status_t mbedtls_psa_aead_encrypt(
68 const psa_key_attributes_t *attributes,
69 const uint8_t *key_buffer, size_t key_buffer_size,
70 psa_algorithm_t alg,
71 const uint8_t *nonce, size_t nonce_length,
72 const uint8_t *additional_data, size_t additional_data_length,
73 const uint8_t *plaintext, size_t plaintext_length,
74 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length);
75
76/**
77 * \brief Process an authenticated decryption operation.
78 *
79 * \note The signature of this function is that of a PSA driver
80 * aead_decrypt entry point. This function behaves as an aead_decrypt
81 * entry point as defined in the PSA driver interface specification for
82 * transparent drivers.
83 *
84 * \param[in] attributes The attributes of the key to use for the
85 * operation.
86 * \param[in] key_buffer The buffer containing the key context.
87 * \param key_buffer_size Size of the \p key_buffer buffer in bytes.
88 * \param alg The AEAD algorithm to compute.
89 * \param[in] nonce Nonce or IV to use.
90 * \param nonce_length Size of the nonce buffer in bytes. This must
91 * be appropriate for the selected algorithm.
92 * The default nonce size is
93 * PSA_AEAD_NONCE_LENGTH(key_type, alg) where
94 * key_type is the type of key.
95 * \param[in] additional_data Additional data that has been authenticated
96 * but not encrypted.
97 * \param additional_data_length Size of additional_data in bytes.
98 * \param[in] ciphertext Data that has been authenticated and
99 * encrypted. For algorithms where the encrypted
100 * data and the authentication tag are defined
101 * as separate inputs, the buffer contains
102 * encrypted data followed by the authentication
103 * tag.
104 * \param ciphertext_length Size of ciphertext in bytes.
105 * \param[out] plaintext Output buffer for the decrypted data.
106 * \param plaintext_size Size of the plaintext buffer in bytes. This
107 * must be appropriate for the selected algorithm
108 * and key:
109 * - A sufficient output size is
110 * PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg,
111 * ciphertext_length) where key_type is the
112 * type of key.
113 * - PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(
114 * ciphertext_length) evaluates to the maximum
115 * plaintext size of any supported AEAD
116 * decryption.
117 * \param[out] plaintext_length On success, the size of the output in the
118 * plaintext buffer.
119 *
120 * \retval #PSA_SUCCESS Success.
121 * \retval #PSA_ERROR_INVALID_SIGNATURE
122 * The cipher is not authentic.
123 * \retval #PSA_ERROR_NOT_SUPPORTED
124 * \p alg is not supported.
125 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
126 * \retval #PSA_ERROR_BUFFER_TOO_SMALL
127 * plaintext_size is too small.
128 * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
129 */
130psa_status_t mbedtls_psa_aead_decrypt(
131 const psa_key_attributes_t *attributes,
132 const uint8_t *key_buffer, size_t key_buffer_size,
133 psa_algorithm_t alg,
134 const uint8_t *nonce, size_t nonce_length,
135 const uint8_t *additional_data, size_t additional_data_length,
136 const uint8_t *ciphertext, size_t ciphertext_length,
137 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length);
138
139/** Set the key for a multipart authenticated encryption operation.
140 *
141 * \note The signature of this function is that of a PSA driver
142 * aead_encrypt_setup entry point. This function behaves as an
143 * aead_encrypt_setup entry point as defined in the PSA driver interface
144 * specification for transparent drivers.
145 *
146 * If an error occurs at any step after a call to
147 * mbedtls_psa_aead_encrypt_setup(), the operation is reset by the PSA core by a
148 * call to mbedtls_psa_aead_abort(). The PSA core may call
149 * mbedtls_psa_aead_abort() at any time after the operation has been
150 * initialized, and is required to when the operation is no longer needed.
151 *
152 * \param[in,out] operation The operation object to set up. It must have
153 * been initialized as per the documentation for
154 * #mbedtls_psa_aead_operation_t and not yet in
155 * use.
156 * \param[in] attributes The attributes of the key to use for the
157 * operation.
158 * \param[in] key_buffer The buffer containing the key context.
159 * \param key_buffer_size Size of the \p key_buffer buffer in bytes.
160 It must be consistent with the size in bits
161 recorded in \p attributes.
162 * \param alg The AEAD algorithm to compute
163 * (\c PSA_ALG_XXX value such that
164 * #PSA_ALG_IS_AEAD(\p alg) is true).
165 *
166 * \retval #PSA_SUCCESS
167 * Success.
168 * \retval #PSA_ERROR_INVALID_ARGUMENT
169 * An invalid block length was supplied.
170 * \retval #PSA_ERROR_NOT_SUPPORTED
171 * \p alg is not supported.
172 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
173 * Failed to allocate memory for key material
174 */
175psa_status_t mbedtls_psa_aead_encrypt_setup(
176 mbedtls_psa_aead_operation_t *operation,
177 const psa_key_attributes_t *attributes,
178 const uint8_t *key_buffer,
179 size_t key_buffer_size,
180 psa_algorithm_t alg);
181
182/** Set the key for a multipart authenticated decryption operation.
183 *
184 * \note The signature of this function is that of a PSA driver
185 * aead_decrypt_setup entry point. This function behaves as an
186 * aead_decrypt_setup entry point as defined in the PSA driver interface
187 * specification for transparent drivers.
188 *
189 * If an error occurs at any step after a call to
190 * mbedtls_psa_aead_decrypt_setup(), the PSA core resets the operation by a
191 * call to mbedtls_psa_aead_abort(). The PSA core may call
192 * mbedtls_psa_aead_abort() at any time after the operation has been
193 * initialized, and is required to when the operation is no longer needed.
194 *
195 * \param[in,out] operation The operation object to set up. It must have
196 * been initialized as per the documentation for
197 * #mbedtls_psa_aead_operation_t and not yet in
198 * use.
199 * \param[in] attributes The attributes of the key to use for the
200 * operation.
201 * \param[in] key_buffer The buffer containing the key context.
202 * \param key_buffer_size Size of the \p key_buffer buffer in bytes.
203 It must be consistent with the size in bits
204 recorded in \p attributes.
205 * \param alg The AEAD algorithm to compute
206 * (\c PSA_ALG_XXX value such that
207 * #PSA_ALG_IS_AEAD(\p alg) is true).
208 *
209 * \retval #PSA_SUCCESS
210 * Success.
211 * \retval #PSA_ERROR_INVALID_ARGUMENT
212 * An invalid block length was supplied.
213 * \retval #PSA_ERROR_NOT_SUPPORTED
214 * \p alg is not supported.
215 * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
216 * Failed to allocate memory for key material
217 */
218psa_status_t mbedtls_psa_aead_decrypt_setup(
219 mbedtls_psa_aead_operation_t *operation,
220 const psa_key_attributes_t *attributes,
221 const uint8_t *key_buffer,
222 size_t key_buffer_size,
223 psa_algorithm_t alg);
224
225/** Set the nonce for an authenticated encryption or decryption operation.
226 *
227 * \note The signature of this function is that of a PSA driver aead_set_nonce
228 * entry point. This function behaves as an aead_set_nonce entry point as
229 * defined in the PSA driver interface specification for transparent
230 * drivers.
231 *
232 * This function sets the nonce for the authenticated
233 * encryption or decryption operation.
234 *
235 * The PSA core calls mbedtls_psa_aead_encrypt_setup() or
236 * mbedtls_psa_aead_decrypt_setup() before calling this function.
237 *
238 * If this function returns an error status, the PSA core will call
239 * mbedtls_psa_aead_abort().
240 *
241 * \param[in,out] operation Active AEAD operation.
242 * \param[in] nonce Buffer containing the nonce to use.
243 * \param nonce_length Size of the nonce in bytes.
244 *
245 * \retval #PSA_SUCCESS
246 * Success.
247 * \retval #PSA_ERROR_INVALID_ARGUMENT
248 * The size of \p nonce is not acceptable for the chosen algorithm.
249 * \retval #PSA_ERROR_NOT_SUPPORTED
250 * Algorithm previously set is not supported in this configuration of
251 * the library.
252 */
253psa_status_t mbedtls_psa_aead_set_nonce(
254 mbedtls_psa_aead_operation_t *operation,
255 const uint8_t *nonce,
256 size_t nonce_length);
257
258/** Declare the lengths of the message and additional data for AEAD.
259 *
260 * \note The signature of this function is that of a PSA driver aead_set_lengths
261 * entry point. This function behaves as an aead_set_lengths entry point
262 * as defined in the PSA driver interface specification for transparent
263 * drivers.
264 *
265 * The PSA core calls this function before calling mbedtls_psa_aead_update_ad()
266 * or mbedtls_psa_aead_update() if the algorithm for the operation requires it.
267 * If the algorithm does not require it, calling this function is optional, but
268 * if this function is called then the implementation must enforce the lengths.
269 *
270 * The PSA core may call this function before or after setting the nonce with
271 * mbedtls_psa_aead_set_nonce().
272 *
273 * - For #PSA_ALG_CCM, calling this function is required.
274 * - For the other AEAD algorithms defined in this specification, calling
275 * this function is not required.
276 *
277 * If this function returns an error status, the PSA core calls
278 * mbedtls_psa_aead_abort().
279 *
280 * \param[in,out] operation Active AEAD operation.
281 * \param ad_length Size of the non-encrypted additional
282 * authenticated data in bytes.
283 * \param plaintext_length Size of the plaintext to encrypt in bytes.
284 *
285 * \retval #PSA_SUCCESS
286 * Success.
287 * \retval #PSA_ERROR_INVALID_ARGUMENT
288 * At least one of the lengths is not acceptable for the chosen
289 * algorithm.
290 * \retval #PSA_ERROR_NOT_SUPPORTED
291 * Algorithm previously set is not supported in this configuration of
292 * the library.
293 */
294psa_status_t mbedtls_psa_aead_set_lengths(
295 mbedtls_psa_aead_operation_t *operation,
296 size_t ad_length,
297 size_t plaintext_length);
298
299/** Pass additional data to an active AEAD operation.
300 *
301 * \note The signature of this function is that of a PSA driver
302 * aead_update_ad entry point. This function behaves as an aead_update_ad
303 * entry point as defined in the PSA driver interface specification for
304 * transparent drivers.
305 *
306 * Additional data is authenticated, but not encrypted.
307 *
308 * The PSA core can call this function multiple times to pass successive
309 * fragments of the additional data. It will not call this function after
310 * passing data to encrypt or decrypt with mbedtls_psa_aead_update().
311 *
312 * Before calling this function, the PSA core will:
313 * 1. Call either mbedtls_psa_aead_encrypt_setup() or
314 * mbedtls_psa_aead_decrypt_setup().
315 * 2. Set the nonce with mbedtls_psa_aead_set_nonce().
316 *
317 * If this function returns an error status, the PSA core will call
318 * mbedtls_psa_aead_abort().
319 *
320 * \param[in,out] operation Active AEAD operation.
321 * \param[in] input Buffer containing the fragment of
322 * additional data.
323 * \param input_length Size of the \p input buffer in bytes.
324 *
325 * \retval #PSA_SUCCESS
326 * Success.
327 * \retval #PSA_ERROR_NOT_SUPPORTED
328 * Algorithm previously set is not supported in this configuration of
329 * the library.
330 */
331psa_status_t mbedtls_psa_aead_update_ad(
332 mbedtls_psa_aead_operation_t *operation,
333 const uint8_t *input,
334 size_t input_length);
335
336/** Encrypt or decrypt a message fragment in an active AEAD operation.
337 *
338 * \note The signature of this function is that of a PSA driver
339 * aead_update entry point. This function behaves as an aead_update entry
340 * point as defined in the PSA driver interface specification for
341 * transparent drivers.
342 *
343 * Before calling this function, the PSA core will:
344 * 1. Call either mbedtls_psa_aead_encrypt_setup() or
345 * mbedtls_psa_aead_decrypt_setup(). The choice of setup function
346 * determines whether this function encrypts or decrypts its input.
347 * 2. Set the nonce with mbedtls_psa_aead_set_nonce().
348 * 3. Call mbedtls_psa_aead_update_ad() to pass all the additional data.
349 *
350 * If this function returns an error status, the PSA core will call
351 * mbedtls_psa_aead_abort().
352 *
353 * This function does not require the input to be aligned to any
354 * particular block boundary. If the implementation can only process
355 * a whole block at a time, it must consume all the input provided, but
356 * it may delay the end of the corresponding output until a subsequent
357 * call to mbedtls_psa_aead_update(), mbedtls_psa_aead_finish() provides
358 * sufficient input. The amount of data that can be delayed in this way is
359 * bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE.
360 *
361 * \param[in,out] operation Active AEAD operation.
362 * \param[in] input Buffer containing the message fragment to
363 * encrypt or decrypt.
364 * \param input_length Size of the \p input buffer in bytes.
365 * \param[out] output Buffer where the output is to be written.
366 * \param output_size Size of the \p output buffer in bytes.
367 * This must be appropriate for the selected
368 * algorithm and key:
369 * - A sufficient output size is
370 * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type,
371 * \c alg, \p input_length) where
372 * \c key_type is the type of key and \c alg is
373 * the algorithm that were used to set up the
374 * operation.
375 * - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p
376 * input_length) evaluates to the maximum
377 * output size of any supported AEAD
378 * algorithm.
379 * \param[out] output_length On success, the number of bytes
380 * that make up the returned output.
381 *
382 * \retval #PSA_SUCCESS
383 * Success.
384 *
385 * \retval #PSA_ERROR_BUFFER_TOO_SMALL
386 * The size of the \p output buffer is too small.
387 * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
388 * #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to
389 * determine the required buffer size.
390 */
391psa_status_t mbedtls_psa_aead_update(
392 mbedtls_psa_aead_operation_t *operation,
393 const uint8_t *input,
394 size_t input_length,
395 uint8_t *output,
396 size_t output_size,
397 size_t *output_length);
398
399/** Finish encrypting a message in an AEAD operation.
400 *
401 * \note The signature of this function is that of a PSA driver
402 * aead_finish entry point. This function behaves as an aead_finish entry
403 * point as defined in the PSA driver interface specification for
404 * transparent drivers.
405 *
406 * The operation must have been set up by the PSA core with
407 * mbedtls_psa_aead_encrypt_setup().
408 *
409 * This function finishes the authentication of the additional data
410 * formed by concatenating the inputs passed to preceding calls to
411 * mbedtls_psa_aead_update_ad() with the plaintext formed by concatenating the
412 * inputs passed to preceding calls to mbedtls_psa_aead_update().
413 *
414 * This function has two output buffers:
415 * - \p ciphertext contains trailing ciphertext that was buffered from
416 * preceding calls to mbedtls_psa_aead_update().
417 * - \p tag contains the authentication tag.
418 *
419 * Whether or not this function returns successfully, the PSA core subsequently
420 * calls mbedtls_psa_aead_abort() to deactivate the operation.
421 *
422 * \param[in,out] operation Active AEAD operation.
423 * \param[out] ciphertext Buffer where the last part of the ciphertext
424 * is to be written.
425 * \param ciphertext_size Size of the \p ciphertext buffer in bytes.
426 * This must be appropriate for the selected
427 * algorithm and key:
428 * - A sufficient output size is
429 * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type,
430 * \c alg) where \c key_type is the type of key
431 * and \c alg is the algorithm that were used to
432 * set up the operation.
433 * - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to
434 * the maximum output size of any supported AEAD
435 * algorithm.
436 * \param[out] ciphertext_length On success, the number of bytes of
437 * returned ciphertext.
438 * \param[out] tag Buffer where the authentication tag is
439 * to be written.
440 * \param tag_size Size of the \p tag buffer in bytes.
441 * This must be appropriate for the selected
442 * algorithm and key:
443 * - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c
444 * key_type, \c key_bits, \c alg) where
445 * \c key_type and \c key_bits are the type and
446 * bit-size of the key, and \c alg are the
447 * algorithm that were used in the call to
448 * mbedtls_psa_aead_encrypt_setup().
449 * - #PSA_AEAD_TAG_MAX_SIZE evaluates to the
450 * maximum tag size of any supported AEAD
451 * algorithm.
452 * \param[out] tag_length On success, the number of bytes
453 * that make up the returned tag.
454 *
455 * \retval #PSA_SUCCESS
456 * Success.
457 * \retval #PSA_ERROR_BUFFER_TOO_SMALL
458 * The size of the \p tag buffer is too small.
459 * #PSA_AEAD_TAG_LENGTH(\c key_type, key_bits, \c alg) or
460 * #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag
461 * buffer size.
462 */
463psa_status_t mbedtls_psa_aead_finish(
464 mbedtls_psa_aead_operation_t *operation,
465 uint8_t *ciphertext,
466 size_t ciphertext_size,
467 size_t *ciphertext_length,
468 uint8_t *tag,
469 size_t tag_size,
470 size_t *tag_length);
471
472/** Abort an AEAD operation.
473 *
474 * \note The signature of this function is that of a PSA driver
475 * aead_abort entry point. This function behaves as an aead_abort entry
476 * point as defined in the PSA driver interface specification for
477 * transparent drivers.
478 *
479 * Aborting an operation frees all associated resources except for the
480 * \p operation structure itself. Once aborted, the operation object
481 * can be reused for another operation by the PSA core by it calling
482 * mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup() again.
483 *
484 * The PSA core may call this function any time after the operation object has
485 * been initialized as described in #mbedtls_psa_aead_operation_t.
486 *
487 * In particular, calling mbedtls_psa_aead_abort() after the operation has been
488 * terminated by a call to mbedtls_psa_aead_abort() or
489 * mbedtls_psa_aead_finish() is safe and has no effect.
490 *
491 * \param[in,out] operation Initialized AEAD operation.
492 *
493 * \retval #PSA_SUCCESS
494 * Success.
495 */
496psa_status_t mbedtls_psa_aead_abort(
497 mbedtls_psa_aead_operation_t *operation);
498
499#endif /* PSA_CRYPTO_AEAD_H */