Kenji Arai / mbed-os_TYBLE16

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   TYBLE16_simple_data_logger TYBLE16_MP3_Air

Embed: (wiki syntax)

« Back to documentation index

Secure Element Symmetric Ciphers
Data Structures | Typedefs

Secure Element Symmetric Ciphers

Encryption and Decryption using secure element keys in block modes other than ECB must be done in multiple parts, using the following flow:

  • `psa_drv_se_cipher_setup_t`
  • `psa_drv_se_cipher_set_iv_t` (optional depending upon block mode)
  • `psa_drv_se_cipher_update_t`
  • `psa_drv_se_cipher_update_t`
  • ...
More...

Data Structures

struct  psa_drv_se_cipher_t
 A struct containing all of the function pointers needed to implement cipher operations using secure elements. More...

Typedefs

typedef psa_status_t(* psa_drv_se_cipher_setup_t )(psa_drv_se_context_t *drv_context, void *op_context, psa_key_slot_number_t key_slot, psa_algorithm_t algorithm, psa_encrypt_or_decrypt_t direction)
 A function that provides the cipher setup function for a secure element driver.
typedef psa_status_t(* psa_drv_se_cipher_set_iv_t )(void *op_context, const uint8_t *p_iv, size_t iv_length)
 A function that sets the initialization vector (if necessary) for an secure element cipher operation.
typedef psa_status_t(* psa_drv_se_cipher_update_t )(void *op_context, const uint8_t *p_input, size_t input_size, uint8_t *p_output, size_t output_size, size_t *p_output_length)
 A function that continues a previously started secure element cipher operation.
typedef psa_status_t(* psa_drv_se_cipher_finish_t )(void *op_context, uint8_t *p_output, size_t output_size, size_t *p_output_length)
 A function that completes a previously started secure element cipher operation.
typedef psa_status_t(* psa_drv_se_cipher_abort_t )(void *op_context)
 A function that aborts a previously started secure element cipher operation.
typedef psa_status_t(* psa_drv_se_cipher_ecb_t )(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t algorithm, psa_encrypt_or_decrypt_t direction, const uint8_t *p_input, size_t input_size, uint8_t *p_output, size_t output_size)
 A function that performs the ECB block mode for secure element cipher operations.

Detailed Description

Encryption and Decryption using secure element keys in block modes other than ECB must be done in multiple parts, using the following flow:

  • `psa_drv_se_cipher_setup_t`
  • `psa_drv_se_cipher_set_iv_t` (optional depending upon block mode)
  • `psa_drv_se_cipher_update_t`
  • `psa_drv_se_cipher_update_t`
  • ...
  • `psa_drv_se_cipher_finish_t`

If a previously started secure element Cipher operation needs to be terminated, it should be done so by the `psa_drv_se_cipher_abort_t`. Failure to do so may result in allocated resources not being freed or in other undefined behavior.

In situations where a PSA Cryptographic API implementation is using a block mode not-supported by the underlying hardware or driver, it can construct the block mode itself, while calling the `psa_drv_se_cipher_ecb_t` function for the cipher operations.

Typedef Documentation

typedef psa_status_t(* psa_drv_se_cipher_abort_t)(void *op_context)

A function that aborts a previously started secure element cipher operation.

Parameters:
[in,out]op_contextA hardware-specific structure for the previously started cipher operation

Definition at line 463 of file crypto_se_driver.h.

typedef psa_status_t(* psa_drv_se_cipher_ecb_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, psa_algorithm_t algorithm, psa_encrypt_or_decrypt_t direction, const uint8_t *p_input, size_t input_size, uint8_t *p_output, size_t output_size)

A function that performs the ECB block mode for secure element cipher operations.

Note: this function should only be used with implementations that do not provide a needed higher-level operation.

Parameters:
[in,out]drv_contextThe driver context structure.
[in]key_slotThe slot of the key to be used for the operation
[in]algorithmThe algorithm to be used in the cipher operation
[in]directionIndicates whether the operation is an encrypt or decrypt
[in]p_inputA buffer containing the data to be encrypted/decrypted
[in]input_sizeThe size in bytes of the buffer pointed to by `p_input`
[out]p_outputThe caller-allocated buffer where the output will be placed
[in]output_sizeThe allocated size in bytes of the `p_output` buffer
Return values:
PSA_SUCCESS
PSA_ERROR_NOT_SUPPORTED

Definition at line 488 of file crypto_se_driver.h.

typedef psa_status_t(* psa_drv_se_cipher_finish_t)(void *op_context, uint8_t *p_output, size_t output_size, size_t *p_output_length)

A function that completes a previously started secure element cipher operation.

Parameters:
[in,out]op_contextA hardware-specific structure for the previously started cipher operation
[out]p_outputThe caller-allocated buffer where the output will be placed
[in]output_sizeThe allocated size in bytes of the `p_output` buffer
[out]p_output_lengthAfter completion, will contain the number of bytes placed in the `p_output` buffer
Return values:
PSA_SUCCESS

Definition at line 452 of file crypto_se_driver.h.

typedef psa_status_t(* psa_drv_se_cipher_set_iv_t)(void *op_context, const uint8_t *p_iv, size_t iv_length)

A function that sets the initialization vector (if necessary) for an secure element cipher operation.

Rationale: The `psa_se_cipher_*` operation in the PSA Cryptographic API has two IV functions: one to set the IV, and one to generate it internally. The generate function is not necessary for the drivers to implement as the PSA Crypto implementation can do the generation using its RNG features.

Parameters:
[in,out]op_contextA structure that contains the previously set up hardware-specific cipher context
[in]p_ivA buffer containing the initialization vector
[in]iv_lengthThe size (in bytes) of the `p_iv` buffer
Return values:
PSA_SUCCESS

Definition at line 409 of file crypto_se_driver.h.

typedef psa_status_t(* psa_drv_se_cipher_setup_t)(psa_drv_se_context_t *drv_context, void *op_context, psa_key_slot_number_t key_slot, psa_algorithm_t algorithm, psa_encrypt_or_decrypt_t direction)

A function that provides the cipher setup function for a secure element driver.

Parameters:
[in,out]drv_contextThe driver context structure.
[in,out]op_contextA structure that will contain the hardware-specific cipher context.
[in]key_slotThe slot of the key to be used for the operation
[in]algorithmThe algorithm to be used in the cipher operation
[in]directionIndicates whether the operation is an encrypt or decrypt
Return values:
PSA_SUCCESS
PSA_ERROR_NOT_SUPPORTED

Definition at line 388 of file crypto_se_driver.h.

typedef psa_status_t(* psa_drv_se_cipher_update_t)(void *op_context, const uint8_t *p_input, size_t input_size, uint8_t *p_output, size_t output_size, size_t *p_output_length)

A function that continues a previously started secure element cipher operation.

Parameters:
[in,out]op_contextA hardware-specific structure for the previously started cipher operation
[in]p_inputA buffer containing the data to be encrypted/decrypted
[in]input_sizeThe size in bytes of the buffer pointed to by `p_input`
[out]p_outputThe caller-allocated buffer where the output will be placed
[in]output_sizeThe allocated size in bytes of the `p_output` buffer
[out]p_output_lengthAfter completion, will contain the number of bytes placed in the `p_output` buffer
Return values:
PSA_SUCCESS

Definition at line 431 of file crypto_se_driver.h.

Generated on Tue Jul 12 2022 13:55:24 by  doxygen 1.7.2