AES HW Key Data - this structure is likely to be changed when we'll start using it.

Defines the IV buffer - 16 bytes array.

Definition at line 126 of file ssi_aes.h.

Defines the AES key data buffer.

Definition at line 129 of file ssi_aes.h.

The user's context prototype - the argument type that is passed by the user to the AES APIs. The context saves the state of the operation and must be saved by the user till the end of the APIs flow

AES User Key Data.

Encrypt or Decrypt operation mode.

Definition at line 65 of file ssi_aes.h.

AES key type.

Definition at line 112 of file ssi_aes.h.

AES operation mode.

Definition at line 79 of file ssi_aes.h.

AES padding type.

Definition at line 99 of file ssi_aes.h.

This function performs an AES operation on an input data buffer, according to the configuration defined in the context parameter. It can be called as many times as needed, until all the input data is processed. SaSi_AesInit, SaSi_AesSetKey, and for some ciphers SaSi_AesSetIv, must be called before the first call to this API with the same context.

Returns

SASI_OK on success,

A non-zero value from ssi_aes_error.h on failure.

Parameters

[in]	pContext	Pointer to the AES context.
[in]	pDataIn	Pointer to the buffer of the input data to the AES. The pointer does not need to be aligned. For TZ, the size of the scatter/gather list representing the data buffer is limited to 128 entries, and the size of each entry is limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). For ARM CryptoCell 3xx, The buffer must be contiguous and limited to 64KB.
[in]	dataInSize	Size of the input data in bytes. For all modes except XTS, must be multiple of 16 bytes. For XTS mode, only the following data sizes are supported: 64, 512, 520, 521, 1024 and 4096 bytes. The data passed in a single SaSi_AesBlock call is considered to be a single XTS unit. All subsequent calls to this API with the same context must use the same data size.
[out]	pDataOut	Pointer to the output buffer. The pointer does not need to be aligned. For CBC-MAC, XCBC-MAC, CMAC modes it may be NULL. For TZ, the size of the scatter/gather list representing the data buffer is limited to 128 entries, and the size of each entry is limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). For ARM CryptoCell 3xx, The buffer must be contiguous and limited to 64KB.

This function is used to finish AES operation.

It processes the last data block if needed, finalizes the AES operation (cipher-specific), and produces operation results (for MAC operations).

Note

In case AES padding is used (PKCS#7) Din and Dout user's buffers must include extra space for the padding scheme.

Returns

SASI_OK on success,

A non-zero value from ssi_aes_error.h on failure.

Parameters

[in]	pContext	Pointer to the AES context.
[in]	dataSize	The size of the input data in bytes. For CBC-CTS mode, must be > 16. Can be <=16 only if this is the only data (no previous calls were made to SaSi_AesBlock with the same context). For XTS mode, the data size must conform to the dataInSize rules as listed for XTS under the SaSi_AesBlock API, and match the data size passed in the previous calls to SaSi_AesBlock with the same context. For all other modes, zero is a valid size. For ECB, CBC, CBC-MAC modes: Must be >= 0, if direction is SASI_AES_ENCRYPT and padding type is SASI_AES_PADDING_PKCS7. Must be >= 16 and a multiple of 16 bytes, if direction is SASI_AES_DECRYPT and padding type is SASI_AES_PADDING_PKCS7. Must be a multiple of 16 bytes, otherwise.
[in]	pDataIn	Pointer of the input data buffer. For TZ, the size of the scatter/gather list representing the data buffer is limited to 128 entries, and the size of each entry is limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). For ARM CryptoCell 3xx, The buffer must be contiguous and limited to 64KB.
[in]	dataInBuffSize	Size of pDataIn buffer in bytes. Must be >= dataSize. According to padding type, must be >= dataSize + padding. For PKCS7, padding size is maximum SASI_AES_BLOCK_SIZE_IN_BYTES.
[out]	pDataOut	Pointer to the output buffer. For TZ, the size of the scatter/gather list representing the data buffer is limited to 128 entries, and the size of each entry is limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). For ARM CryptoCell 3xx, The buffer must be contiguous and limited to 64KB.
[in,out]	dataOutBuffSize	In - Size of pDataOut buffer in bytes. The output buffer size must be no less than: For CBC-MAC, XCBC-MAC, CMAC modes - 16 bytes (for MAC result). For non-MAC modes - dataInBuffSize. Out - The size in bytes of the actual output data: If direction is SASI_AES_ENCRYPT and padding type is SASI_AES_PADDING_PKCS7, it is the actual size with the padding. If direction is SASI_AES_DECRYPT and padding type is SASI_AES_PADDING_PKCS7, it is the size without the padding. For CBC-MAC, XCBC-MAC, CMAC modes - always 16 bytes.

This function releases and crears resources after AES operations.

Returns

SASI_OK on success,

A non-zero value from ssi_aes_error.h on failure.

Parameters

[in]

pContext

Pointer to the AES context.

This function retrieves the current IV, counter or tweak from the AES context.

Returns

SASI_OK on success,

A non-zero value from ssi_aes_error.h on failure.

Parameters

[in]	pContext	Pointer to the AES context.
[out]	pIV	Pointer to the buffer of the IV, counter or tweak. For CBC, CBC-CTS, OFB and CBC-MAC modes - the IV value. For CTR mode - the counter. For XTS mode - the tweak value. For all other modes - N/A.

This function is used to initialize an AES operation context. To operate the AES machine, this must be the first API called.

Returns

SASI_OK on success,

A non-zero value from ssi_aes_error.h on failure.

Parameters

[in]	pContext	Pointer to the AES context buffer that is allocated by the caller and initialized by this API. Should be used in all subsequent calls that are part of the same operation.
[in]	encryptDecryptFlag	A flag specifying whether an AES Encrypt (SASI_AES_Encrypt) or Decrypt (SASI_AES_Decrypt) operation should be performed. Must be set to CRYS_AES_Encrypt in CBC-MAC, XCBC-MAC and CMAC modes.
[in]	operationMode	The operation cipher/mode.
[in]	paddingType	The padding type for AES operation: NONE - supported for all operation modes. PKCS7 - supported for ECB, CBC, CBC-MAC operation modes.

This function sets the IV, counter or tweak data for the following AES operation on the same context. The context must be first initialized by SaSi_AesInit. It must be called at least once prior to the first SaSi_AesBlock operation on the same context - for those ciphers that require it. If needed, it can also be called to override the IV in the middle of a sequence of SaSi_AesBlock operations.

Returns

SASI_OK on success,

A non-zero value from ssi_aes_error.h on failure.

Parameters

[in]	pContext	Pointer to the AES context.
[in]	pIV	Pointer to the buffer of the IV, counter or tweak. For CBC, CBC-CTS, OFB and CBC-MAC modes - the IV value. For CTR mode - the counter. For XTS mode - the tweak value. For all other modes - N/A.

This function sets the key information for the AES operation, in the context that was initialized by SaSi_AesInit.

Note

When FIPS certification mode is set to ON, and the mode is AES-XTS, weak keys are not allowed (128/256 lsb bits must be different than 128/256 msb bits, according to the key size).

Returns

SASI_OK on success,

A non-zero value from ssi_aes_error.h on failure.

Parameters

[in]	pContext	Pointer to the AES context, after it was initialized by SaSi_AesInit.
[in]	keyType	The type of key to be used for the AES operation. Currently only SASI_AES_USER_KEY is supported - the key is plaintext and provided in the pKeyData parameter.
[in]	pKeyData	Pointer to the key data structure (to be casted to the relevant struct type).
[in]	keyDataSize	The size of data passed in pKeyData in bytes.