From patchwork Sun Jan 28 08:59:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 126060 Delivered-To: patch@linaro.org Received: by 10.46.84.92 with SMTP id y28csp1556137ljd; Sun, 28 Jan 2018 01:01:19 -0800 (PST) X-Google-Smtp-Source: AH8x2265RKsteMq9LV+eOuB26zKAOZCASaoZRHr4L0ZimoR577eSgbebUo9iP//Zd9VVOsiwegO8 X-Received: by 10.200.55.171 with SMTP id d40mr32652150qtc.61.1517130079765; Sun, 28 Jan 2018 01:01:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517130079; cv=none; d=google.com; s=arc-20160816; b=M/nJ87HQP14xrSuxaFWc8hAt8JspkhCrCvrexDljGlZuHz/sbozgKsub40pIHYli+y foiT0EgPea8uXwnRDePTXVfHR2v5UXB10WM3+P6EUsJtStti57IixIdcoNH2xVAS19CV Em3oTx/git03PGw8YoZbakjdBtQ5keHgPm6Gd+wQWO3SkSuj6QjxO+9WyT1mE65QDXBC ONZSODRNw/pQuK3jOrk7P7uPmC6Z0DwqGHg8nmIuwkB2VqKOwHzfFhpALXICijWPrnFH GJugRSOqsb52Li9oOeWmwb36Nb21E27hKJJooem3rPb7ldNLQu5tacAnEyqC85wgr2d2 9arg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=0ZG8jRkyzDHt1XAw3O3R2lIrVSdxzQgwh+YfLcKAC7U=; b=XKqnV1DQdLJi3/YXo172G5T0pMq33Pfk2VZM4qmeFhj28BmrG8HBy3lIWxinw6EMOQ kBV2P6qqyPV2vUI8f/bK+qi17wQTkZBe2w1XoyHvRW2O/CD6qRGATiTgosthNIMsrf1r f6fx3a+yN3RutaDg8ioR0K/7nWy9/DZqW4/tZWTjDgHvOtjNqXAiyZdpFuyig8lT4dZO n5lA24TLzBbMDkgyhhVrW7GjvJSRaIR3I9J6ZBtM4iURB67UPgbBnSCkgMI14KjNNA4d K/7aKNzLh3/66AssGVi1CkMEDweiqJ3wvaMQWn5pGqGk/82HwPiTxAHxmquix1tsmqe7 QF1g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id j2si446651qka.303.2018.01.28.01.01.19; Sun, 28 Jan 2018 01:01:19 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 6EDA562777; Sun, 28 Jan 2018 09:01:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2 autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 6338761519; Sun, 28 Jan 2018 09:00:27 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 1C64961519; Sun, 28 Jan 2018 09:00:17 +0000 (UTC) Received: from forward100p.mail.yandex.net (forward100p.mail.yandex.net [77.88.28.100]) by lists.linaro.org (Postfix) with ESMTPS id 61B4B61705 for ; Sun, 28 Jan 2018 09:00:13 +0000 (UTC) Received: from mxback2o.mail.yandex.net (mxback2o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1c]) by forward100p.mail.yandex.net (Yandex) with ESMTP id 82B1D510382C for ; Sun, 28 Jan 2018 12:00:11 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback2o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id AJkG6lESOm-0Bv8GA1E; Sun, 28 Jan 2018 12:00:11 +0300 Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id kBi2pciDaV-0AXehAks; Sun, 28 Jan 2018 12:00:10 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Sun, 28 Jan 2018 11:59:54 +0300 Message-Id: <1517130009-11837-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1517130009-11837-1-git-send-email-odpbot@yandex.ru> References: <1517130009-11837-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 434 Subject: [lng-odp] [PATCH API-NEXT v2 1/16] api: crypto: clarify special nature of gcm and gmac X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Petri Savolainen Reword specification text to be more clear about special nature of GCM (authenticate encryption in general) and GMAC (cannot be paired with cipher) algorithms. Signed-off-by: Petri Savolainen --- /** Email created from pull request 434 (lumag:crypto-upd) ** https://github.com/Linaro/odp/pull/434 ** Patch: https://github.com/Linaro/odp/pull/434.patch ** Base sha: 0bdad6d2562166eec4abeb957b6bb5067de9fe94 ** Merge commit sha: 8947b874421e06f87f32ec66357967a71e46e986 **/ include/odp/api/spec/crypto.h | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h index 77ea317b8..e4b0e8cef 100644 --- a/include/odp/api/spec/crypto.h +++ b/include/odp/api/spec/crypto.h @@ -83,9 +83,12 @@ typedef enum { /** AES with counter mode */ ODP_CIPHER_ALG_AES_CTR, - /** AES in Galois/Counter Mode + /** AES-GCM * - * @note Must be paired with cipher ODP_AUTH_ALG_AES_GCM + * AES in Galois/Counter Mode (GCM) algorithm. GCM provides both + * authentication and ciphering of data (authenticated encryption) + * in the same operation. Hence this algorithm must be paired always + * with ODP_AUTH_ALG_AES_GCM authentication. */ ODP_CIPHER_ALG_AES_GCM, @@ -128,23 +131,29 @@ typedef enum { */ ODP_AUTH_ALG_SHA512_HMAC, - /** AES in Galois/Counter Mode + /** AES-GCM * - * @note Must be paired with cipher ODP_CIPHER_ALG_AES_GCM + * AES in Galois/Counter Mode (GCM) algorithm. GCM provides both + * authentication and ciphering of data (authenticated encryption) + * in the same operation. Hence this algorithm must be paired always + * with ODP_CIPHER_ALG_AES_GCM cipher. */ ODP_AUTH_ALG_AES_GCM, - /** AES in Galois/Counter MAC Mode + /** AES-GMAC * - * NIST and RFC specifications of GCM/GMAC refer to all data to be - * authenticated as AAD. In constrast to that, ODP API specifies the - * bulk of authenticated data to be located in packet payload for all - * authentication algorithms, including GMAC. Thus for GMAC application - * should also pass all data to be authenticated as packet data. AAD is - * not used for GMAC. GMAC IV should be passed via session IV or - * per-packet IV override. + * AES Galois Message Authentication Code (GMAC) algorithm. AES-GMAC + * is based on AES-GCM operation, but provides authentication only. + * Hence this algorithm can be paired only with ODP_CIPHER_ALG_NULL + * cipher. * - * @note Must be paired with cipher ODP_CIPHER_ALG_NULL + * NIST and RFC specifications of GMAC refer to all data to be + * authenticated as AAD. In constrast to that, ODP API specifies + * the bulk of authenticated data to be located in packet payload for + * all authentication algorithms. Thus GMAC operation authenticates + * only packet payload and AAD is not used. GMAC needs + * an initialization vector, which can be passed via session (auth_iv) + * or packet (auth_iv_ptr) level parameters. */ ODP_AUTH_ALG_AES_GMAC,