Application authentication and data encryption without stored pre-shared keys

What is claimed is: 1. A resource controller comprising: a first interface to communicate with an application executing on a processor coupled to the resource controller; a second interface to communicate with a system resource; and a processing device coupled to the first interface and the second interface, wherein the processing device is to: receive an application identifier (ID) from the application; provide a current nonce to the application, wherein the current nonce is associated with the application ID; receive a current key from the application, wherein the current key is generated by the application based on the current nonce and a set of program instructions of the application; and provide the application access to the system resource responsive to determining that a hash of the current key received from the application equals a current tag, wherein the current tag was previously provided from the application to the resource controller. 2. The resource controller of claim 1 , wherein the current tag, provided from the application, was hashed using the current key by the application. 3. The resource controller of claim 1 , further comprising a memory device coupled to the processing device, wherein the processing device is to store a table in the memory device, wherein the table comprises information for each application registered to the resource controller. 4. The resource controller of claim 1 , further comprising a memory device coupled to the processing device, wherein the processing device is to: store the application ID, the current nonce, and the current tag in the memory device; mark the application ID, the current nonce, and the current tag as valid; store the application ID and a new nonce; and mark the application ID and the new nonce as invalid. 5. The resource controller of claim 1 , further comprising a memory device coupled to the processing device, wherein the processing device is to: store the application ID, the current nonce, the current tag, and a second nonce in the memory device, wherein the current nonce is an authentication nonce and the second nonce is an encryption nonce or a message authentication code (MAC) nonce; mark the application ID, the current nonce, the current tag, and the second nonce as valid; store the application ID, a new authentication nonce, and a third nonce, wherein the third nonce is a new encryption nonce or MAC nonce; and mark the application ID, the new authentication nonce, and the third nonce as invalid. 6. The resource controller of claim 1 , further comprising a memory device coupled to the processing device, wherein the processing device is to: store the application ID, the current nonce, the current tag, a second nonce, and a third nonce in the memory device, wherein the current nonce is an authentication nonce, the second nonce is an encryption nonce, and the third nonce is a message authentication code (MAC) nonce; and mark the application ID, the current nonce, the current tag, the second nonce, and the third nonce as valid. 7. The resource controller of claim 1 , wherein the system resource is a non-volatile memory (NVM) device and the resource controller is an NVM controller. 8. The resource controller of claim 1 , wherein the system resource is a cryptographic engine. 9. The resource controller of claim 1 , wherein the system resource is a peripheral device. 10. A method comprising: receiving, by a resource controller of a system resource, an application identifier (ID) from an application executing on a processor coupled to the resource controller; providing, by the resource controller, a current nonce to the application, wherein the current nonce is associated with the application ID; receiving, by the resource controller, a current key from the application, wherein the current key is generated by the application based on the current nonce and a set of program instructions of the application; and providing, by the resource controller, the application access to the system resource responsive to determining that a hash of the current key received from the application equals a current tag, wherein the current tag was previously provided from the application to the resource controller. 11. The method of claim 10 , further comprising receiving, by the resource controller, the current tag from the application, wherein the current tag, received from the application, was hashed using the current key by the application. 12. The method of claim 10 , further comprising: receiving, by the resource controller, a registration request from the application, wherein the registration request comprises the application ID; generating, by the resource controller, a first application authentication random nonce (AARN) in response to the registration request, wherein the first AARN is the current nonce; sending, by the resource controller, the first AARN to the application, wherein the current key is a first authentication key (AK) generated by the application using values stored at a set of memory addresses in system memory based on the first AARN, wherein the set of memory addresses is associated with the set of program instructions of the application, wherein the current tag is a first authentication tag (AT) derived by the application cryptographically hashing the first AK; receiving, by the resource controller, the application ID and the first AT from the application; storing, by the resource controller in a table in memory of the resource controller, the application ID and the first AT; and marking, by the resource controller, the application ID and the first AT stored in the table as valid. 13. The method of claim 12 , further comprising: receiving, by the resource controller, an authentication request with the application ID from the application; verifying, by the resource controller, that the first AARN and first AT are marked as valid in the table; generating, by the resource controller, a second AARN responsive to the authentication request; storing, by the resource controller in the table, the second AARN; marking, by the resource controller, the second AARN in the table as invalid; sending, by the resource controller, the first AARN and the second AARN to the application responsive to the authentication request; receiving, by the resource controller, an access request, the first AK, and a second AT from the application, wherein the second AT is derived by the application; verifying, by the resource controller, that a result of hashing the first AK equals the first AT; marking, by the resource controller the second AARN and the second AT in the table as valid responsive to the result being equal to the first AT; and sending, by the resource controller, an access response to the application responsive to the access request, wherein the access response allows the application access to the system resource. 14. The method of claim 12 , further comprising: generating, by the resource controller, a first encryption random nonce (ERN); sending, by the resource controller, the first ERN to the application in response to the registration request, wherein a first encryption key (EK) is generated by the application using values stored at a second set of memory addresses in system memory based on the first ERN, wherein the second set of memory addresses is associated with the set of program instructions of the application, wherein the current tag is a first authentication tag (AT) derived by the application cryptographically hashing the first AK; and receiving, by the resource controller from the application, encrypted data with an