| CPC H04L 9/3226 (2013.01) [G06F 9/30178 (2013.01); H04L 9/0861 (2013.01); H04L 2209/12 (2013.01)] | 20 Claims |
|
1. A hardware processor comprising:
a decoder of a core to decode a single instruction into a decoded single instruction, the single instruction comprising a first input operand of a handle including a ciphertext of an encryption key, an authentication tag, and additional authentication data comprising a first bit that, when set, indicates the handle is not usable when a current privilege level is greater than zero, a second bit that, when set, indicates the handle is not usable for encryption, and a third bit that, when set, indicates the handle is not usable for decryption, and a second input operand of data encrypted with the encryption key; and
an execution unit of the core to execute the decoded single instruction to:
perform a first check of the authentication tag against the ciphertext and the additional authentication data for any modification to the ciphertext or the additional authentication data,
perform a second check of a current request of the core against one or more restrictions specified by the first bit, the second bit, and the third bit of the additional authentication data of the handle,
decrypt the ciphertext to generate the encryption key only when the first check indicates no modification to the ciphertext or the additional authentication data, and the second check indicates the one or more restrictions are not violated,
decrypt the data encrypted with the encryption key to generate unencrypted data, and
provide the unencrypted data as a resultant of the single instruction.
|