* @param[in] key_alias Alias of the key to be used for encryption
* @param[in] password The password used in decrypting a key value. If password of the policy is
* provided in ckmc_save_key(), the same password should be provided
- * @param[in] decrypted Data to be encrypted. In case of AES algorithm there are no restrictions on
- * the size of data, if S/W backend is used. If module uses TEE backend (since
- * Tizen 5.0 on chosen images), maximum size of data is implementation-specific
- * and at least 500 kB. For RSA the size must be smaller or equal to key size
- * in bytes - 42.
+ * @param[in] decrypted Data to be encrypted. In case of AES algorithm the backend may impose limit
+ * on the maximum size of processed data
+ * (@see ckmc_backend_get_max_chunk_size()). For RSA the size must be smaller
+ * or equal to key size in bytes - 42.
* Example: for 1024 RSA key the maximum data size is 1024/8 - 42 = 86.
* @param[out] ppencrypted Encrypted data. In #CKMC_ALGO_AES_GCM mode it includes the GCM tag
* appended at the end.
* @param[in] password The password used in decrypting a key value. If password of the policy is
* provided in ckmc_save_key(), the same password should be provided
* @param[in] encrypted Data to be decrypted. #CKMC_ALGO_AES_GCM mode requires GCM tag to be
- * appended at the end. Since Tizen 5.0, on chosen images where module is using
- * TEE backend, data size is limited to at least 500 kB (TEE
- * implementation-specific).
+ * appended at the end. In case of AES algorithm the backend may impose limit
+ * on the maximum size of processed data
+ * (@see ckmc_backend_get_max_chunk_size()). For RSA the size must be smaller
+ * or equal to key size in bytes - 42.
* @param[out] ppdecrypted Decrypted data
*
* @return @c 0 on success, otherwise a negative error value
* @remarks If password in @a policy is provided, the stored key is additionally encrypted with it.
* @remarks If extractable in @a policy is set to false, the stored key may still be exported in a
* wrapped form.
+ * @remarks Note that the backend may impose limit on the maximum size of @a wrapped_key
+ * (@see ckmc_backend_get_max_chunk_size()).
*
* @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and #ckmc_algo_type_e
* for details. Supported algorithms:
* @remarks The function may be called multiple times to encrypt succcessive blocks of data.
* @remarks The newly created @a ppout must be destroyed using ckmc_buffer_free() when it's no
* longer needed.
+ * @remarks Note that the backend may impose limit on the maximum size of processed data
+ * (@see ckmc_backend_get_max_chunk_size()).
*
* @param[in] context Encryption/decryption context created with ckmc_cipher_initialize()
* @param[in] in Encryption/decryption input
Supported parameters:
- #CKMC_PARAM_ALGO_TYPE = #CKMC_ALGO_AES_GCM (mandatory),
- #CKMC_PARAM_ED_IV = 1 to (2^64-1) bytes long initialization vector.
- Recommended length is 12B (mandatory)
+ Note that the backend may impose additional limit on the maximum size
+ (@see ckmc_backend_get_max_chunk_size()). Recommended length is 12B
+ (mandatory)
- #CKMC_PARAM_ED_TAG_LEN = GCM tag length in bits. One of
{32, 64, 96, 104, 112, 120, 128} (optional, if not present, the
length 128 is used; since Tizen 5.0, if TrustZone backend is used,
32 and 64 lengths are not supported)
- - #CKMC_PARAM_ED_AAD = additional authentication data(optional) */
+ - #CKMC_PARAM_ED_AAD = additional authentication data. Note that the backend
+ may impose limit on the maximum size (@see ckmc_backend_get_max_chunk_size())
+ (optional) */
CKMC_ALGO_AES_CFB, /**< AES-CFB algorithm
Supported parameters: