IEEE 1619.1-2018 pdf download

IEEE 1619.1-2018 pdf download.IEEE Standard for Authenticated Encryption with Length Expansion for Storage Devices
4.2.5 Storage medium
The storage medium is any device or material capable of non-volatile storage of encrypted records and metadata. The controller may configure the cryptographic unit to write a particular plaintext record to the storage medium either with encryption or without encryption. The cryptographic unit may mix both encrypted records and plaintext records on the storage medium.
The cryptographic unit may write additional information without encryption to the storage medium, assuming that such information does not reveal cryptographic keys or plaintext that was intended to be encrypted. The cryptographic unit shall not write information to the storage medium that compromises the cryptographic confidentiality or integrity of any encrypted information on the storage medium.
4.3 Plaintext record formatter
The plaintext record formatter is a routine that converts host records into plaintext records that pass into the encryption routine. In the simplest case, this routine could simply pass host records directly through as plaintext records.
In more complicated systems, this routine could perform compression, padding, or other reversible transforms. The cryptographic unit receives host records from the host as a basic unit of data for encryption. When performing encryption, the cryptographic unit shall use the plaintext record formatter to format the host records into plaintext records.
To reduce buffering requirements and latency, the cryptographic unit may define a maximum size for the plaintext records that is smaller than the maximum host record size allowed by the cryptographic unit.
The plaintext record formatter may split the host record into multiple plaintext records with optional padding or reformatting.
The cryptographic unit may apply padding or perform reversible transforms (such as compression) to the data within the host records to form the plaintext records. If a host record is formed from two or more plaintext records, then the cryptographic unit shall include sufficient information within the additional authenticated data (AAD), IV, or plaintext record to allow the plaintext record de-formatter (see 4.4) to unambiguously reconstruct each of the original host records or detect malicious tampering.
To help fulfill this requirement, the cryptographic unit should use ordering verification to detect tampering or reordering of the encrypted records (see 4.6.3). Documentation shall describe how the plaintext record formatter generates plaintext records from host records.
4.4 Plaintext record de-formatter
The plaintext record de-formatter is a routine that converts plaintext records received from the decryption routine into host records that the cryptographic unit passes to the host.
The plaintext record de-formatter shall only use information that the decryption routine is able to cryptographically verify using a message authentication code (MAC). If the plaintext record contains padding or reversible transforms, then the plaintext record de-formatter shall verify the correctness of these formats. If the format is incorrect, then the cryptographic unit shall send the special signal FAIL to the host and/or controller and should not return any host records. Documentation shall describe how the plaintext record de-formatter generates host records from plaintext records.
4.5 Encryption routine
4.5.1 Overview The encryption routine takes formatted plaintext records as input and produces encrypted records as output. The following subclauses describe the characteristics of an encryption routine that are common across all cryptographic modes.
4.5.2 Inputs
The encryption routine requires the following inputs (see 5.1 for limits):
a) A secret cipher key
b) An initialization vector (IV)
c) Length of the IV
d) Plaintext record
e) Length of the plaintext record
f) Additional authenticated data (AAD)
g) Length of the AAD
4.5.3 Outputs
The encryption routine produces an encrypted record that contains the following:
a) Aciphertext record
b) A message authentication code (MAC)
c) Optionally, the IV or enough information to reconstruct the IV
d) Optionally, the AAD or enough information to reconstruct the AAD.IEEE 1619.1 pdf download.IEEE 1619.1-2018 pdf download