mbed TLS v3.1.0
|
Macros | |
#define | PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}} |
Typedefs | |
typedef struct psa_aead_operation_s | psa_aead_operation_t |
Functions | |
psa_status_t | psa_aead_encrypt (mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *plaintext, size_t plaintext_length, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length) |
psa_status_t | psa_aead_decrypt (mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, const uint8_t *additional_data, size_t additional_data_length, const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length) |
static psa_aead_operation_t | psa_aead_operation_init (void) |
psa_status_t | psa_aead_encrypt_setup (psa_aead_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg) |
psa_status_t | psa_aead_decrypt_setup (psa_aead_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg) |
psa_status_t | psa_aead_generate_nonce (psa_aead_operation_t *operation, uint8_t *nonce, size_t nonce_size, size_t *nonce_length) |
psa_status_t | psa_aead_set_nonce (psa_aead_operation_t *operation, const uint8_t *nonce, size_t nonce_length) |
psa_status_t | psa_aead_set_lengths (psa_aead_operation_t *operation, size_t ad_length, size_t plaintext_length) |
psa_status_t | psa_aead_update_ad (psa_aead_operation_t *operation, const uint8_t *input, size_t input_length) |
psa_status_t | psa_aead_update (psa_aead_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length) |
psa_status_t | psa_aead_finish (psa_aead_operation_t *operation, uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length, uint8_t *tag, size_t tag_size, size_t *tag_length) |
psa_status_t | psa_aead_verify (psa_aead_operation_t *operation, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length, const uint8_t *tag, size_t tag_length) |
psa_status_t | psa_aead_abort (psa_aead_operation_t *operation) |
#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}} |
This macro returns a suitable initializer for an AEAD operation object of type psa_aead_operation_t.
Definition at line 177 of file crypto_struct.h.
Referenced by psa_aead_operation_init().
typedef struct psa_aead_operation_s psa_aead_operation_t |
The type of the state data structure for multipart AEAD operations.
Before calling any function on an AEAD operation object, the application must initialize it by any of the following means:
This is an implementation-defined struct
. Applications should not make any assumptions about the content of this structure. Implementation details can change in future versions without notice.
psa_status_t psa_aead_abort | ( | psa_aead_operation_t * | operation | ) |
Abort an AEAD operation.
Aborting an operation frees all associated resources except for the operation
structure itself. Once aborted, the operation object can be reused for another operation by calling psa_aead_encrypt_setup() or psa_aead_decrypt_setup() again.
You may call this function any time after the operation object has been initialized as described in psa_aead_operation_t.
In particular, calling psa_aead_abort() after the operation has been terminated by a call to psa_aead_abort(), psa_aead_finish() or psa_aead_verify() is safe and has no effect.
[in,out] | operation | Initialized AEAD operation. |
PSA_SUCCESS | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_aead_decrypt | ( | mbedtls_svc_key_id_t | key, |
psa_algorithm_t | alg, | ||
const uint8_t * | nonce, | ||
size_t | nonce_length, | ||
const uint8_t * | additional_data, | ||
size_t | additional_data_length, | ||
const uint8_t * | ciphertext, | ||
size_t | ciphertext_length, | ||
uint8_t * | plaintext, | ||
size_t | plaintext_size, | ||
size_t * | plaintext_length | ||
) |
Process an authenticated decryption operation.
key | Identifier of the key to use for the operation. It must allow the usage PSA_KEY_USAGE_DECRYPT. | |
alg | The AEAD algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg ) is true). | |
[in] | nonce | Nonce or IV to use. |
nonce_length | Size of the nonce buffer in bytes. | |
[in] | additional_data | Additional data that has been authenticated but not encrypted. |
additional_data_length | Size of additional_data in bytes. | |
[in] | ciphertext | Data that has been authenticated and encrypted. For algorithms where the encrypted data and the authentication tag are defined as separate inputs, the buffer must contain the encrypted data followed by the authentication tag. |
ciphertext_length | Size of ciphertext in bytes. | |
[out] | plaintext | Output buffer for the decrypted data. |
plaintext_size | Size of the plaintext buffer in bytes. This must be appropriate for the selected algorithm and key:
| |
[out] | plaintext_length | On success, the size of the output in the plaintext buffer. |
PSA_SUCCESS | Success. |
PSA_ERROR_INVALID_HANDLE | |
PSA_ERROR_INVALID_SIGNATURE | The ciphertext is not authentic. |
PSA_ERROR_NOT_PERMITTED | |
PSA_ERROR_INVALID_ARGUMENT | key is not compatible with alg . |
PSA_ERROR_NOT_SUPPORTED | alg is not supported or is not an AEAD algorithm. |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_BUFFER_TOO_SMALL | plaintext_size is too small. PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type , alg , ciphertext_length ) or PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length ) can be used to determine the required buffer size. |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_aead_decrypt_setup | ( | psa_aead_operation_t * | operation, |
mbedtls_svc_key_id_t | key, | ||
psa_algorithm_t | alg | ||
) |
Set the key for a multipart authenticated decryption operation.
The sequence of operations to decrypt a message with authentication is as follows:
If an error occurs at any step after a call to psa_aead_decrypt_setup(), the operation will need to be reset by a call to psa_aead_abort(). The application may call psa_aead_abort() at any time after the operation has been initialized.
After a successful call to psa_aead_decrypt_setup(), the application must eventually terminate the operation. The following events terminate an operation:
[in,out] | operation | The operation object to set up. It must have been initialized as per the documentation for psa_aead_operation_t and not yet in use. |
key | Identifier of the key to use for the operation. It must remain valid until the operation terminates. It must allow the usage PSA_KEY_USAGE_DECRYPT. | |
alg | The AEAD algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg ) is true). |
PSA_SUCCESS | Success. |
PSA_ERROR_BAD_STATE | The operation state is not valid (it must be inactive). |
PSA_ERROR_INVALID_HANDLE | |
PSA_ERROR_NOT_PERMITTED | |
PSA_ERROR_INVALID_ARGUMENT | key is not compatible with alg . |
PSA_ERROR_NOT_SUPPORTED | alg is not supported or is not an AEAD algorithm. |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_aead_encrypt | ( | mbedtls_svc_key_id_t | key, |
psa_algorithm_t | alg, | ||
const uint8_t * | nonce, | ||
size_t | nonce_length, | ||
const uint8_t * | additional_data, | ||
size_t | additional_data_length, | ||
const uint8_t * | plaintext, | ||
size_t | plaintext_length, | ||
uint8_t * | ciphertext, | ||
size_t | ciphertext_size, | ||
size_t * | ciphertext_length | ||
) |
Process an authenticated encryption operation.
key | Identifier of the key to use for the operation. It must allow the usage PSA_KEY_USAGE_ENCRYPT. | |
alg | The AEAD algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg ) is true). | |
[in] | nonce | Nonce or IV to use. |
nonce_length | Size of the nonce buffer in bytes. | |
[in] | additional_data | Additional data that will be authenticated but not encrypted. |
additional_data_length | Size of additional_data in bytes. | |
[in] | plaintext | Data that will be authenticated and encrypted. |
plaintext_length | Size of plaintext in bytes. | |
[out] | ciphertext | Output buffer for the authenticated and encrypted data. The additional data is not part of this output. For algorithms where the encrypted data and the authentication tag are defined as separate outputs, the authentication tag is appended to the encrypted data. |
ciphertext_size | Size of the ciphertext buffer in bytes. This must be appropriate for the selected algorithm and key:
| |
[out] | ciphertext_length | On success, the size of the output in the ciphertext buffer. |
PSA_SUCCESS | Success. |
PSA_ERROR_INVALID_HANDLE | |
PSA_ERROR_NOT_PERMITTED | |
PSA_ERROR_INVALID_ARGUMENT | key is not compatible with alg . |
PSA_ERROR_NOT_SUPPORTED | alg is not supported or is not an AEAD algorithm. |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_BUFFER_TOO_SMALL | ciphertext_size is too small. PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type , alg , plaintext_length ) or PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length ) can be used to determine the required buffer size. |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_aead_encrypt_setup | ( | psa_aead_operation_t * | operation, |
mbedtls_svc_key_id_t | key, | ||
psa_algorithm_t | alg | ||
) |
Set the key for a multipart authenticated encryption operation.
The sequence of operations to encrypt a message with authentication is as follows:
If an error occurs at any step after a call to psa_aead_encrypt_setup(), the operation will need to be reset by a call to psa_aead_abort(). The application may call psa_aead_abort() at any time after the operation has been initialized.
After a successful call to psa_aead_encrypt_setup(), the application must eventually terminate the operation. The following events terminate an operation:
[in,out] | operation | The operation object to set up. It must have been initialized as per the documentation for psa_aead_operation_t and not yet in use. |
key | Identifier of the key to use for the operation. It must remain valid until the operation terminates. It must allow the usage PSA_KEY_USAGE_ENCRYPT. | |
alg | The AEAD algorithm to compute (PSA_ALG_XXX value such that PSA_ALG_IS_AEAD(alg ) is true). |
PSA_SUCCESS | Success. |
PSA_ERROR_BAD_STATE | The operation state is not valid (it must be inactive). |
PSA_ERROR_INVALID_HANDLE | |
PSA_ERROR_NOT_PERMITTED | |
PSA_ERROR_INVALID_ARGUMENT | key is not compatible with alg . |
PSA_ERROR_NOT_SUPPORTED | alg is not supported or is not an AEAD algorithm. |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_aead_finish | ( | psa_aead_operation_t * | operation, |
uint8_t * | ciphertext, | ||
size_t | ciphertext_size, | ||
size_t * | ciphertext_length, | ||
uint8_t * | tag, | ||
size_t | tag_size, | ||
size_t * | tag_length | ||
) |
Finish encrypting a message in an AEAD operation.
The operation must have been set up with psa_aead_encrypt_setup().
This function finishes the authentication of the additional data formed by concatenating the inputs passed to preceding calls to psa_aead_update_ad() with the plaintext formed by concatenating the inputs passed to preceding calls to psa_aead_update().
This function has two output buffers:
ciphertext
contains trailing ciphertext that was buffered from preceding calls to psa_aead_update().tag
contains the authentication tag.When this function returns successfuly, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling psa_aead_abort().
[in,out] | operation | Active AEAD operation. |
[out] | ciphertext | Buffer where the last part of the ciphertext is to be written. |
ciphertext_size | Size of the ciphertext buffer in bytes. This must be appropriate for the selected algorithm and key:
| |
[out] | ciphertext_length | On success, the number of bytes of returned ciphertext. |
[out] | tag | Buffer where the authentication tag is to be written. |
tag_size | Size of the tag buffer in bytes. This must be appropriate for the selected algorithm and key:
| |
[out] | tag_length | On success, the number of bytes that make up the returned tag. |
PSA_SUCCESS | Success. |
PSA_ERROR_BAD_STATE | The operation state is not valid (it must be an active encryption operation with a nonce set). |
PSA_ERROR_BUFFER_TOO_SMALL | The size of the ciphertext or tag buffer is too small. PSA_AEAD_FINISH_OUTPUT_SIZE(key_type , alg ) or PSA_AEAD_FINISH_OUTPUT_MAX_SIZE can be used to determine the required ciphertext buffer size. PSA_AEAD_TAG_LENGTH(key_type , key_bits , alg ) or PSA_AEAD_TAG_MAX_SIZE can be used to determine the required tag buffer size. |
PSA_ERROR_INVALID_ARGUMENT | The total length of input to psa_aead_update_ad() so far is less than the additional data length that was previously specified with psa_aead_set_lengths(). |
PSA_ERROR_INVALID_ARGUMENT | The total length of input to psa_aead_update() so far is less than the plaintext length that was previously specified with psa_aead_set_lengths(). |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_aead_generate_nonce | ( | psa_aead_operation_t * | operation, |
uint8_t * | nonce, | ||
size_t | nonce_size, | ||
size_t * | nonce_length | ||
) |
Generate a random nonce for an authenticated encryption operation.
This function generates a random nonce for the authenticated encryption operation with an appropriate size for the chosen algorithm, key type and key size.
The application must call psa_aead_encrypt_setup() before calling this function.
If this function returns an error status, the operation enters an error state and must be aborted by calling psa_aead_abort().
[in,out] | operation | Active AEAD operation. |
[out] | nonce | Buffer where the generated nonce is to be written. |
nonce_size | Size of the nonce buffer in bytes. | |
[out] | nonce_length | On success, the number of bytes of the generated nonce. |
PSA_SUCCESS | Success. |
PSA_ERROR_BAD_STATE | The operation state is not valid (it must be an active aead encrypt operation, with no nonce set). |
PSA_ERROR_BUFFER_TOO_SMALL | The size of the nonce buffer is too small. |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
|
static |
Return an initial value for an AEAD operation object.
psa_status_t psa_aead_set_lengths | ( | psa_aead_operation_t * | operation, |
size_t | ad_length, | ||
size_t | plaintext_length | ||
) |
Declare the lengths of the message and additional data for AEAD.
The application must call this function before calling psa_aead_update_ad() or psa_aead_update() if the algorithm for the operation requires it. If the algorithm does not require it, calling this function is optional, but if this function is called then the implementation must enforce the lengths.
You may call this function before or after setting the nonce with psa_aead_set_nonce() or psa_aead_generate_nonce().
If this function returns an error status, the operation enters an error state and must be aborted by calling psa_aead_abort().
[in,out] | operation | Active AEAD operation. |
ad_length | Size of the non-encrypted additional authenticated data in bytes. | |
plaintext_length | Size of the plaintext to encrypt in bytes. |
PSA_SUCCESS | Success. |
PSA_ERROR_BAD_STATE | The operation state is not valid (it must be active, and psa_aead_update_ad() and psa_aead_update() must not have been called yet). |
PSA_ERROR_INVALID_ARGUMENT | At least one of the lengths is not acceptable for the chosen algorithm. |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_aead_set_nonce | ( | psa_aead_operation_t * | operation, |
const uint8_t * | nonce, | ||
size_t | nonce_length | ||
) |
Set the nonce for an authenticated encryption or decryption operation.
This function sets the nonce for the authenticated encryption or decryption operation.
The application must call psa_aead_encrypt_setup() or psa_aead_decrypt_setup() before calling this function.
If this function returns an error status, the operation enters an error state and must be aborted by calling psa_aead_abort().
[in,out] | operation | Active AEAD operation. |
[in] | nonce | Buffer containing the nonce to use. |
nonce_length | Size of the nonce in bytes. |
PSA_SUCCESS | Success. |
PSA_ERROR_BAD_STATE | The operation state is not valid (it must be active, with no nonce set). |
PSA_ERROR_INVALID_ARGUMENT | The size of nonce is not acceptable for the chosen algorithm. |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_aead_update | ( | psa_aead_operation_t * | operation, |
const uint8_t * | input, | ||
size_t | input_length, | ||
uint8_t * | output, | ||
size_t | output_size, | ||
size_t * | output_length | ||
) |
Encrypt or decrypt a message fragment in an active AEAD operation.
Before calling this function, you must:
If this function returns an error status, the operation enters an error state and must be aborted by calling psa_aead_abort().
This function does not require the input to be aligned to any particular block boundary. If the implementation can only process a whole block at a time, it must consume all the input provided, but it may delay the end of the corresponding output until a subsequent call to psa_aead_update(), psa_aead_finish() or psa_aead_verify() provides sufficient input. The amount of data that can be delayed in this way is bounded by PSA_AEAD_UPDATE_OUTPUT_SIZE.
[in,out] | operation | Active AEAD operation. |
[in] | input | Buffer containing the message fragment to encrypt or decrypt. |
input_length | Size of the input buffer in bytes. | |
[out] | output | Buffer where the output is to be written. |
output_size | Size of the output buffer in bytes. This must be appropriate for the selected algorithm and key:
| |
[out] | output_length | On success, the number of bytes that make up the returned output. |
PSA_SUCCESS | Success. |
PSA_ERROR_BAD_STATE | The operation state is not valid (it must be active, have a nonce set, and have lengths set if required by the algorithm). |
PSA_ERROR_BUFFER_TOO_SMALL | The size of the output buffer is too small. PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type , alg , input_length ) or PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length ) can be used to determine the required buffer size. |
PSA_ERROR_INVALID_ARGUMENT | The total length of input to psa_aead_update_ad() so far is less than the additional data length that was previously specified with psa_aead_set_lengths(). |
PSA_ERROR_INVALID_ARGUMENT | The total input length overflows the plaintext length that was previously specified with psa_aead_set_lengths(). |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_aead_update_ad | ( | psa_aead_operation_t * | operation, |
const uint8_t * | input, | ||
size_t | input_length | ||
) |
Pass additional data to an active AEAD operation.
Additional data is authenticated, but not encrypted.
You may call this function multiple times to pass successive fragments of the additional data. You may not call this function after passing data to encrypt or decrypt with psa_aead_update().
Before calling this function, you must:
If this function returns an error status, the operation enters an error state and must be aborted by calling psa_aead_abort().
[in,out] | operation | Active AEAD operation. |
[in] | input | Buffer containing the fragment of additional data. |
input_length | Size of the input buffer in bytes. |
PSA_SUCCESS | Success. |
PSA_ERROR_BAD_STATE | The operation state is not valid (it must be active, have a nonce set, have lengths set if required by the algorithm, and psa_aead_update() must not have been called yet). |
PSA_ERROR_INVALID_ARGUMENT | The total input length overflows the additional data length that was previously specified with psa_aead_set_lengths(). |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |
psa_status_t psa_aead_verify | ( | psa_aead_operation_t * | operation, |
uint8_t * | plaintext, | ||
size_t | plaintext_size, | ||
size_t * | plaintext_length, | ||
const uint8_t * | tag, | ||
size_t | tag_length | ||
) |
Finish authenticating and decrypting a message in an AEAD operation.
The operation must have been set up with psa_aead_decrypt_setup().
This function finishes the authenticated decryption of the message components:
If the authentication tag is correct, this function outputs any remaining plaintext and reports success. If the authentication tag is not correct, this function returns PSA_ERROR_INVALID_SIGNATURE.
When this function returns successfuly, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling psa_aead_abort().
[in,out] | operation | Active AEAD operation. |
[out] | plaintext | Buffer where the last part of the plaintext is to be written. This is the remaining data from previous calls to psa_aead_update() that could not be processed until the end of the input. |
plaintext_size | Size of the plaintext buffer in bytes. This must be appropriate for the selected algorithm and key:
| |
[out] | plaintext_length | On success, the number of bytes of returned plaintext. |
[in] | tag | Buffer containing the authentication tag. |
tag_length | Size of the tag buffer in bytes. |
PSA_SUCCESS | Success. |
PSA_ERROR_INVALID_SIGNATURE | The calculations were successful, but the authentication tag is not correct. |
PSA_ERROR_BAD_STATE | The operation state is not valid (it must be an active decryption operation with a nonce set). |
PSA_ERROR_BUFFER_TOO_SMALL | The size of the plaintext buffer is too small. PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type , alg ) or PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the required buffer size. |
PSA_ERROR_INVALID_ARGUMENT | The total length of input to psa_aead_update_ad() so far is less than the additional data length that was previously specified with psa_aead_set_lengths(). |
PSA_ERROR_INVALID_ARGUMENT | The total length of input to psa_aead_update() so far is less than the plaintext length that was previously specified with psa_aead_set_lengths(). |
PSA_ERROR_INSUFFICIENT_MEMORY | |
PSA_ERROR_COMMUNICATION_FAILURE | |
PSA_ERROR_HARDWARE_FAILURE | |
PSA_ERROR_CORRUPTION_DETECTED | |
PSA_ERROR_STORAGE_FAILURE | |
PSA_ERROR_BAD_STATE | The library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code. |