This software uses AES-GCM hardened cryptographic accelerator to encrypt or decrypt the provided data and requires a key of size 256 bits and initialization vector(IV) of size 96 bits.
XilSecure library supports the following features:
- Encryption of data with provided key and IV
- Decryption of data with provided key and IV
- Authentication using a GCM tag.
- Key loading based on key selection, the key can be either the user provided key loaded into the KUP key or the device key used during boot.
For either encryption or decryption the AES-GCM engine should be initialized first using the XSecure_AesInitialize function.
When all the data to be encrypted is available, the
XSecure_AesEncryptData()
can be used. When all the data is not available, use the following functions in the suggested order:
-
XSecure_AesEncryptInit()
-
XSecure_AesEncryptUpdate()
- This function can be called multiple times till input data is completed.
When all the data to be decrypted is available, the
XSecure_AesDecryptData()
can be used. When all the data is not available, use the following functions in the suggested order:
-
XSecure_AesDecryptInit()
-
XSecure_AesDecryptUpdate()
- This function can be called multiple times till input data is completed.
During decryption, the provided GCM tag is compared to the GCM tag calculated by the engine. The two tags are then compared in the software and returned to the user as to whether or not the tags matched.