AES-GCM - 2021.1 English

Xilinx Standalone Library Documentation OS and Libraries Document Collection (UG643)

Document ID
UG643
Release Date
2021-06-16
Version
2021.1 English

This software uses AES-GCM hardened cryptographic accelerator to encrypt or decrypt the provided data and requires a key of size 256 bits and initialization vector(IV) of size 96 bits.

XilSecure library supports the following features:

  • Encryption of data with provided key and IV
  • Decryption of data with provided key and IV
  • Authentication using a GCM tag.
  • Key loading based on key selection, the key can be either the user provided key loaded into the KUP key or the device key used during boot.

For either encryption or decryption the AES-GCM engine should be initialized first using the XSecure_AesInitialize function.

AES Encryption Function Usage

When all the data to be encrypted is available, the XSecure_AesEncryptData() can be used. When all the data is not available, use the following functions in the suggested order:
  1. XSecure_AesEncryptInit()
  2. XSecure_AesEncryptUpdate() - This function can be called multiple times till input data is completed.

AES Decryption Function Usage

When all the data to be decrypted is available, the XSecure_AesDecryptData() can be used. When all the data is not available, use the following functions in the suggested order:
  1. XSecure_AesDecryptInit()
  2. XSecure_AesDecryptUpdate() - This function can be called multiple times till input data is completed.
During decryption, the provided GCM tag is compared to the GCM tag calculated by the engine. The two tags are then compared in the software and returned to the user as to whether or not the tags matched.
CAUTION:
when using the KUP key for encryption/decryption of the data, where the key is stored should be carefully considered. Key should be placed in an internal memory region that has access controls. Not doing so may result in security vulnerability.