This software uses AES-GCM hardened cryptographic accelerator to encrypt or decrypt the provided data and requires a key of size 256 bits and initialization vector(IV) of size 96 bits.
XilSecure library supports the following features:
- Encryption of data with provided key and IV
- Decryption of data with provided key and IV
- Authentication using a GCM tag.
- Key loading based on key selection, the key can be either the user provided key loaded into the KUP key or the device key used during boot.
For either encryption or decryption the AES-GCM engine should be initialized first using the XSecure_AesInitialize function.
AES Encryption Function Usage
When all the data to be encrypted is available, the
XSecure_AesEncryptData()
can be used. When all the data is not available, use the following functions in the suggested order:-
XSecure_AesEncryptInit()
-
XSecure_AesEncryptUpdate()
AES Decryption Function Usage
When all the data to be decrypted is available, the
XSecure_AesDecryptData()
can be used. When all the data is not available, use the following functions in the suggested order:-
XSecure_AesDecryptInit()
-
XSecure_AesDecryptUpdate()
CAUTION:
when using the KUP key for encryption/decryption of the data, where the key is stored should be carefully considered. Key should be placed in an internal memory region that has access controls. Not doing so may result in security vulnerability.