| CPC H04L 9/0822 (2013.01) [H04L 9/32 (2013.01)] | 20 Claims |
|
1. An apparatus comprising:
decoder circuitry to decode a single instruction into a decoded single instruction, the single instruction having a first source operand to specify encrypted data and a second source operand to specify a handle including a first including ciphertext of an encryption key, an integrity tag, and additional authentication data;
execution circuitry to execute the decoded single instruction to:
perform a first check of the integrity tag against the ciphertext and the additional authentication data for any modification to the ciphertext or the additional authentication data,
perform a second check of a current request against one or more restrictions specified by the additional authentication data of the handle,
decrypt the ciphertext to generate an encryption key only when the first check indicates no modification to the ciphertext or the additional authentication data and the second check indicates the one or more restrictions are not violated,
decrypt the encrypted data with the encryption key to generate unencrypted data, and
provide the unencrypted data as a result of the single instruction; and
a cache to store the handle, wherein only a portion of the integrity tag is to be used in a lookup of the handle.
|