esp_idf_hal::sys

Function psa_aead_verify

Source
pub unsafe extern "C" fn psa_aead_verify(
    operation: *mut psa_aead_operation_s,
    plaintext: *mut u8,
    plaintext_size: usize,
    plaintext_length: *mut usize,
    tag: *const u8,
    tag_length: usize,
) -> i32
Expand description

Finish authenticating and decrypting a message in an AEAD operation.

The operation must have been set up with psa_aead_decrypt_setup().

This function finishes the authenticated decryption of the message components:

  • The additional data consisting of the concatenation of the inputs passed to preceding calls to psa_aead_update_ad().
  • The ciphertext consisting of the concatenation of the inputs passed to preceding calls to psa_aead_update().
  • The tag passed to this function call.

If the authentication tag is correct, this function outputs any remaining plaintext and reports success. If the authentication tag is not correct, this function returns #PSA_ERROR_INVALID_SIGNATURE.

When this function returns successfully, the operation becomes inactive. If this function returns an error status, the operation enters an error state and must be aborted by calling psa_aead_abort().

\note Implementations shall make the best effort to ensure that the comparison between the actual tag and the expected tag is performed in constant time.

\param[in,out] operation Active AEAD operation. \param[out] plaintext Buffer where the last part of the plaintext is to be written. This is the remaining data from previous calls to psa_aead_update() that could not be processed until the end of the input. \param plaintext_size Size of the \p plaintext buffer in bytes. This must be appropriate for the selected algorithm and key: - A sufficient output size is #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) where \c key_type is the type of key and \c alg is the algorithm that were used to set up the operation. - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to the maximum output size of any supported AEAD algorithm. \param[out] plaintext_length On success, the number of bytes of returned plaintext. \param[in] tag Buffer containing the authentication tag. \param tag_length Size of the \p tag buffer in bytes.

\retval #PSA_SUCCESS Success. \retval #PSA_ERROR_INVALID_SIGNATURE The calculations were successful, but the authentication tag is not correct. \retval #PSA_ERROR_BUFFER_TOO_SMALL The size of the \p plaintext buffer is too small. #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the required buffer size. \retval #PSA_ERROR_INVALID_ARGUMENT The total length of input to psa_aead_update_ad() so far is less than the additional data length that was previously specified with psa_aead_set_lengths(), or the total length of input to psa_aead_update() so far is less than the plaintext length that was previously specified with psa_aead_set_lengths(). \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription \retval #PSA_ERROR_BAD_STATE The operation state is not valid (it must be an active decryption operation with a nonce set), or the library has not been previously initialized by psa_crypto_init(). It is implementation-dependent whether a failure to initialize results in this error code.