3.1.2. Functions - 5.2 English - 68552

AOCL API Guide (68552)
Document ID
68552
Release Date
2025-12-29
Version
5.2 English
Uint64 alcp_cipher_context_size(void)#

Gets the size of the context for a session.

This API should be called before alcp_cipher_request to identify the memory to be allocated for context

Returns:

Size of context in bytes

alc_error_t alcp_cipher_request(const alc_cipher_mode_t cipherMode, const Uint64 keyLen, alc_cipher_handle_p pCipherHandle)#

Request for populating handle with algorithm specified by cipher mode and key Length.

This API can be called after alcp_cipher_context_size is called

Note

Error needs to be checked for each call. Valid only if alcp_is_error (ret) is false

Parameters:

  • cipherMode[in] cipher mode to be set

  • keyLen[in] key length in bits

  • pCipherHandle[out]   Library populated session handle for future cipher operations.

Returns:

Error Code for the API called.

alc_error_t alcp_cipher_init(const alc_cipher_handle_p pCipherHandle, const Uint8 *pKey, Uint64 keyLen, const Uint8 *pIv, Uint64 ivLen)#

Cipher init.

This API can be called after alcp_cipher_request is called.

Parameters:

  • pCipherHandle[in] Session handle for cipher operation

  • pKey[in] Key

  • keyLen[in] key Length in bits

  • pIv[in] IV/Nonce

  • ivLen[in] IV length in bytes

Returns:

Error Code for the API called. If alc_error_t is not ALC_ERROR_NONE then an error has occurred and handle will be invalid for future operations

alc_error_t alcp_multibuffer_init(const alc_cipher_handle_p pCipherHandle, const Uint8 *pKey, Uint64 keyLen, const Uint8 **pIv, Uint64 ivLen, Uint64 numBuffers)#

Initialize a cipher session for multi-buffer processing.

This API can be called after alcp_cipher_request. It prepares the session to process multiple buffers in parallel by accepting an array of IVs (one IV per buffer) for modes that support parallel buffers

Parameters:

  • pCipherHandle[in] Session handle for cipher operation

  • pKey[in] Key

  • keyLen[in] Key length in bits

  • pIv[in] Array of pointers to IV/Nonce values (one per buffer)

  • ivLen[in] IV length in bytes (applies to every buffer)

  • numBuffers[in] Number of buffers to be processed in parallel

Returns:

Error Code for the API called. If alc_error_t is not ALC_ERROR_NONE then an error has occurred and handle will be invalid for future operations

alc_error_t alcp_cipher_encrypt(const alc_cipher_handle_p pCipherHandle, const Uint8 *pPlainText, Uint8 *pCipherText, Uint64 datalen, Uint64 *outlen)#

Encrypt plain text and write it to cipher text with provided handle.

This API can be called after alcp_cipher_request and before alcp_cipher_finish API is meant to be used with CBC,CTR,CFB,OFB,XTS mode.

Note

Error needs to be checked for each call, valid only if alcp_is_error (ret) is false

Parameters:

  • pCipherHandle[in] Session handle for future encrypt/decrypt operation

  • pPlainText[in] Pointer to Plain Text

  • pCipherText[out] Pointer to Cipher Text

  • datalen[in] Length of cipher/plain text

  • outlen[out] Pointer to store actual bytes written to pCipherText

Returns:

Error Code for the API called.

alc_error_t alcp_cipher_decrypt(const alc_cipher_handle_p pCipherHandle, const Uint8 *pCipherText, Uint8 *pPlainText, Uint64 datalen, Uint64 *outlen)#

Decrypt the cipher text and write it to plain text with provided handle.

This API can be called after alcp_cipher_request and before alcp_cipher_finish API is meant to be used with CBC,CTR,CFB,OFB,XTS mode.

Note

Error needs to be checked for each call, valid only if alcp_is_error (ret) is false

Parameters:

  • pCipherHandle[in] Session handle for future encrypt decrypt operation

  • pCipherText[in] Pointer to Cipher Text

  • pPlainText[out] Pointer to Plain Text

  • datalen[in] Length of cipher/plain text

  • outlen[out] Pointer to store actual bytes written to pPlainText

Returns:

Error Code for the API called.

void alcp_cipher_finish(const alc_cipher_handle_p pCipherHandle)#

Release resources allocated by alcp_cipher_request.

This API is called to free the session resources

Note

alcp_cipher_finish has to be called at the end of the transaction. Context will be unusable after this call.

Parameters:

pCipherHandle[in] Session handle for future encrypt/decrypt operation

Returns:

None

alc_error_t alcp_cipher_context_copy(const alc_cipher_handle_p src, alc_cipher_handle_p dst)#

Copy a cipher context from source to destination.

This API allows copying all state information from one cipher context to another. Both source and destination must be initialized with the same cipher mode and key length.

Parameters:

  • src[in] Source cipher handle containing the context to copy from

  • dst[in] Destination cipher handle where the context will be copied to

Returns:

Error code:

  • ALC_ERROR_NONE Success

  • ALC_ERROR_BAD_STATE Either src or dst is in an invalid state

  • ALC_ERROR_INVALID_ARG Source and destination context types don’t match

  • ALC_ERROR_GENERIC Generic error during copy operation

alc_error_t alcp_cipher_segment_init(const alc_cipher_handle_p pCipherHandle, const Uint8 *pKey, Uint64 keyLen, const Uint8 *pIv, Uint64 ivLen)#

Cipher Segment init.

This API can be called after alcp_cipher_request is called.

Parameters:

  • pCipherHandle[in] Session handle for cipher operation

  • pKey[in] Key

  • keyLen[in] key Length in bits

  • pIv[in] IV/Nonce

  • ivLen[in] iv Length in bits

Returns:

Error Code for the API called. If alc_error_t is not ALC_ERROR_NONE then an error has occurred and handle will be invalid for future operations

alc_error_t alcp_cipher_segment_request(const alc_cipher_mode_t cipherMode, const Uint64 keyLen, alc_cipher_handle_p pCipherHandle)#

Request for populating handle with algorithm specified by cipher mode and key Length.

This API can be called after alcp_cipher_context_size is called

Note

Error needs to be checked for each call, valid only if alcp_is_error (ret) is false, ctx to be considered valid.

Parameters:

  • cipherMode[in] cipher mode to be set

  • keyLen[in] key length in bits

  • pCipherHandle[out]   Library populated session handle for future cipher operations.

Returns:

Error Code for the API called.

alc_error_t alcp_cipher_segment_encrypt_xts(const alc_cipher_handle_p pCipherHandle, const Uint8 *pPlainText, Uint8 *pCipherText, Uint64 currPlainTextLen, Uint64 startBlockNum)#

Encrypt plain text and write it to cipher text with provided handle.

This XTS specific API should be called only after alcp_cipher_segment_request and alcp_cipher_segment_init. API is meant to be used with XTS mode.

Note

Error needs to be checked for each call, valid only if alcp_is_error (ret) is false

Note

XTS: Argument currPlainTextLen should be a multiple of 16 bytes unless it’s the last call. By the last call, if there is a partial block, both a partial and a complete block have to be included in the last call to this function.

Parameters:

  • pCipherHandle[in] Session handle for future encrypt decrypt operation

  • pPlainText[in] Pointer to Plain Text

  • pCipherText[out] Pointer to Cipher Text

  • currPlainTextLen[in] Length of the given plaintext

  • startBlockNum[in] Start block number of given plaintext

Returns:

Error Code for the API called.

alc_error_t alcp_cipher_segment_decrypt_xts(const alc_cipher_handle_p pCipherHandle, const Uint8 *pCipherText, Uint8 *pPlainText, Uint64 currCipherTextLen, Uint64 startBlockNum)#

Decryption of cipher text and write it to plain text with provided handle.

This XTS specific API should be called only after alcp_cipher_segment_init. API is meant to be used with XTS mode.

Note

Error needs to be checked for each call, valid only if alcp_is_error (ret) is false

Note

XTS: Argument currCipherTextLen should be a multiple of 16 bytes unless it’s the last call. By the last call, if there is a partial block, both a partial and a complete block have to be included in the last call to this function.

Parameters:

  • pCipherHandle[in] Session handle for future encrypt decrypt operation

  • pPlainText[out] Pointer to Plain Text

  • pCipherText[in] Pointer to Cipher Text

  • startBlockNum[in] Start block number of given plaintext

  • currCipherTextLen[in] Length of the given Cipher Text

Returns:

Error Code for the API called.

void alcp_cipher_segment_finish(const alc_cipher_handle_p pCipherHandle)#

Release resources allocated by alcp_cipher_request.

This API is called to free the session resources

Note

alcp_cipher_finish to be called at the end of the transaction. Context will be unusable after this call.

Parameters:

pCipherHandle[in] Session handle for completed encrypt/decrypt operations whose resources has to be freed.

Returns:

None

Uint64 alcp_cipher_aead_context_size(void)#

Gets the size of the context for a session.

This AEAD API should be called before alcp_cipher_aead_request to identify the memory to be allocated for context

Returns:

Size of context in bytes

alc_error_t alcp_cipher_aead_request(const alc_cipher_mode_t cipherMode, const Uint64 keyLen, alc_cipher_handle_p pCipherHandle)#

Request for populating handle with algorithm specified by cipher mode and key length info.

This AEAD API can be called after alcp_cipher_aead_context_size is called

Note

Error needs to be checked for each call, valid only if alcp_is_error (ret) is false

Parameters:

  • cipherMode[in] AEAD cipher mode to be set

  • keyLen[in] key length in bits

  • pCipherHandle[out]   Library populated session handle for future cipher operations.

Returns:

Error Code for the API called. If alc_error_t is not ALC_ERROR_NONE then an error has occurred and handle will be invalid for future operations

alc_error_t alcp_cipher_aead_request_with_extState(const alc_cipher_mode_t mode, const Uint64 keyLen, alc_cipher_state_t *pCipherState, alc_cipher_handle_p pCipherHandle)#

Request for populating handle with algorithm specified by cipher mode and key length info. This API is used when memory for expanded keys and precomputed keys is already allocated by the application.

This AEAD API can be called after alcp_cipher_aead_context_size is called

Note

Error needs to be checked for each call, valid only if alcp_is_error (ret) is false

Parameters:

  • mode[in] AEAD cipher mode to be set

  • keyLen[in] key length in bits

  • pCipherState[in] pointer to the state of the cipher holding expanded and precomputed keys

  • pCipherHandle[out]   Library populated session handle for future cipher operations.

Returns:

Error Code for the API called. If alc_error_t is not ALC_ERROR_NONE then an error has occurred and handle will be invalid for future operations

alc_error_t alcp_cipher_aead_init(const alc_cipher_handle_p pCipherHandle, const Uint8 *pKey, Uint64 keyLen, const Uint8 *pIv, Uint64 ivLen)#

Cipher aead init.

This API can be called after alcp_cipher_aead_request is called. For SIV decrypt, the IV passed should be the tag generated by alcp_cipher_aead_get_tag during encrypt call.

Parameters:

  • pCipherHandle[in] Session handle for future encrypt/decrypt operation

  • pKey[in] Key

  • keyLen[in] key Length in bits

  • pIv[in] IV/Nonce

  • ivLen[in] IV length in bytes

Returns:

Error Code for the API called. If alc_error_t is not ALC_ERROR_NONE then an error has occurred and handle will be invalid for future operations

alc_error_t alcp_cipher_aead_encrypt(const alc_cipher_handle_p pCipherHandle, const Uint8 *pInput, Uint8 *pOutput, Uint64 len, Uint64 *outlen)#

AEAD encryption of plain text and write it to cipher text with provided handle.

This AEAD API can be called after alcp_cipher_aead_request and before alcp_cipher_aead_finish

Note

Error needs to be checked for each call, valid only if alcp_is_error (ret) is false

Parameters:

  • pCipherHandle[in] Session handle for future encrypt decrypt operation

  • pInput[in] Pointer to plainText

  • pOutput[out] Pointer to cipherText

  • len[in] Length of plainText/cipherText

  • outlen[out] Pointer to store actual bytes written to pOutput

Returns:

Error Code for the API called. If alc_error_t is not ALC_ERROR_NONE then an error has occurred and handle will be invalid for future operations

alc_error_t alcp_cipher_aead_decrypt(const alc_cipher_handle_p pCipherHandle, const Uint8 *pInput, Uint8 *pOutput, Uint64 len, Uint64 *outlen)#

AEAD decryption of cipher text and write it to plain text with provided handle.

This AEAD API can be called after alcp_cipher_aead_request and before alcp_cipher_aead_finish

Note

Error needs to be checked for each call, valid only if alcp_is_error (ret) is false

Parameters:

  • pCipherHandle[in] Session handle for future encrypt/decrypt operation

  • pInput[in] Pointer to CipherText

  • pOutput[out] Pointer to PlainText

  • len[in] Length of PlainText/CipherText

  • outlen[out] Pointer to store actual bytes written to pOutput

Returns:

Error Code for the API called. If alc_error_t is not ALC_ERROR_NONE then an error has occurred and handle will be invalid for future operations

alc_error_t alcp_cipher_aead_set_aad(const alc_cipher_handle_p pCipherHandle, const Uint8 *pInput, Uint64 len)#

AEAD set Additional Data for the Tag generation.

This AEAD API can be called after alcp_cipher_aead_init.

Parameters:

  • pCipherHandle[in] Session handle for encrypt/decrypt operation

  • pInput[in] Additional Data in bytes

  • len[in] Length in bytes of Additional Data

Returns:

Error Code for the API called. If alc_error_t is not ALC_ERROR_NONE, then an error has occurred and handle will be invalid for future operations

alc_error_t alcp_cipher_aead_get_tag(const alc_cipher_handle_p pCipherHandle, Uint8 *pOutput, Uint64 tagLen)#

AEAD get a copy of Tag generated.

This AEAD API can be called after alcp_cipher_aead_request and before alcp_cipher_aead_finish. During encrypt, this API copies the generated tag to the provided buffer, and during decryption, it retrieves the internally calculated tag and compares it with the provided buffer.

Parameters:

  • pCipherHandle[in] Session handle for encrypt/decrypt operation

  • pOutput[out] Byte addressable memory to write tag into

  • tagLen[in] Length of Tag in bytes

Returns:

Returns ALC_ERROR_NONE on success, ALC_ERROR_TAG_MISMATCH if the tag generated during encryption does not match the tag provided during decryption, or other error codes if an error has occurred.

alc_error_t alcp_cipher_aead_set_tag_length(const alc_cipher_handle_p pCipherHandle, Uint64 tagLen)#

AEAD set the tag length.

This AEAD API is meant specifically for CCM and have to be called after alcp_cipher_aead_request and before alcp_cipher_aead_init

Parameters:

  • pCipherHandle[in] Session handle for encrypt/decrypt operation

  • tagLen[in] Length of Tag in bytes

Returns:

Error Code for the API called. If alc_error_t is not ALC_ERROR_NONE then an error has occurred and handle will be invalid for future operations

alc_error_t alcp_cipher_aead_set_ccm_plaintext_length(const alc_cipher_handle_p pCipherHandle, Uint64 plaintextLength)#

AEAD set the total plaintext length which is to be encrypted for CCM mode.

This AEAD API is meant specifically for CCM and have to be called after alcp_cipher_aead_request and before alcp_cipher_aead_init

Parameters:

  • pCipherHandle[in] Session handle for encrypt/decrypt operation

  • plaintextLength[in] Length in bytes of plaintext in bytes

Returns:

Error Code for the API called. If alc_error_t is not ALC_ERROR_NONE then an error has occurred and handle will be invalid for future operations

void alcp_cipher_aead_finish(const alc_cipher_handle_p pCipherHandle)#

Release resources allocated by alcp_cipher_aead_request.

This AEAD API is called to free session resources

Note

Need to be called at the end of the transaction, context will be unusable after this call.

Parameters:

pCipherHandle[in] Session handle for the completed encrypt/decrypt operations whose resources has to be freed.

Returns:

None

alc_error_t alcp_flush(const alc_cipher_handle_p pCipherHandle, const Uint8 **pPlainText, Uint64 numBuffers, Uint64 len)#

Submit multiple plaintext buffers for encryption (multi-buffer API)

This API enqueues a batch of buffers for processing after a successful alcp_multibuffer_init call. The number of buffers and their lengths must match the parameters provided during initialization.

Parameters:

  • pCipherHandle[in] Session handle for cipher operation

  • pPlainText[in] Array of pointers to plaintext buffers

  • numBuffers[in] Number of buffers in the batch

  • len[in] Length of each buffer in bytes

Returns:

Error code:

  • ALC_ERROR_NONE Success

alc_error_t alcp_dequeue(const alc_cipher_handle_p pCipherHandle, Uint8 **pCipherText, Uint64 numBuffers, Uint64 len)#

Dequeue processed ciphertext buffers (multi-buffer API)

This API retrieves the outputs corresponding to the buffers submitted via alcp_flush. Each output buffer pointer must be pre-allocated by the caller with space for the specified length.

Parameters:

  • pCipherHandle[in] Session handle for cipher operation

  • pCipherText[out] Array of pointers to ciphertext buffers (outputs)

  • numBuffers[in] Number of buffers to dequeue

  • len[in] Length of each buffer in bytes

Returns:

Error code:

  • ALC_ERROR_NONE Success

  • ALC_ERROR_BAD_STATE Either src or dst is in an invalid state