From patchwork Tue Jan 30 14:59:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 126224 Delivered-To: patch@linaro.org Received: by 10.46.84.92 with SMTP id y28csp3438528ljd; Tue, 30 Jan 2018 07:02:09 -0800 (PST) X-Google-Smtp-Source: AH8x226AuE1BJsY/8ZyE+fCRBCKuTdBmb9RZfED+4mjGH5i70sqGwFbfQgxyCRuJ+aTc3BYkaB8Z X-Received: by 10.200.19.74 with SMTP id f10mr38525615qtj.72.1517324529701; Tue, 30 Jan 2018 07:02:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517324529; cv=none; d=google.com; s=arc-20160816; b=XUKAGwVbghYMjxhiwodFowAk2v3QVYxO3RZDb837Bh3kBlifPYmBDVVl3MVlaObtSK WeAyKpvln2K3idVy+sj6y9q+UxdWeklZkdmM2HAPpQafyymwyjmmKsi4p3a5oAeJ4NU4 Hb2pedevBFURfJ36JVOG8F/pTOGTlybqzAI5nzUzALBfWWAe+nm3o1sGOsTkP9KqlQP+ 1tC98X+8ezLEVyoP0/5IB5asYfxlsUXV9xcIQ2Cq4AlL61PUrrghBIBz1t9xDS1MRbC4 sTnGMCZeY7aHUYieP1j7kcq0nxfu040ZzPezJWYIss69PBUth9mBJKK4y0ZLYx11P47N ddUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=scm7HINm47HinOUqt/HEGQkvr1Q273lvbWxTsT6ces8=; b=gVf/XX3FMREXW3IJdbgQ7ksJFu0KWrzf374wMg/0c5vWKL2q+MQslIu4vy656B2rgr C3ytBFAmQog/OZEZZlBEygspY7+eJbZOb4DIHUi33CAaPvyEYltZDK2tquuj1D1ub3TJ kFx53En8yzlFN09SIiKQmxdTPkmu8zmxWwgWzmKFt5cwEbPlpapXgGTWi8+EXP5OzeJ8 ixUomjoP72m7EUjq2M/ul9re2RwIExrxCQs3wdBXOy44zrtQn6r4Fxf0/zFWq8smmXFt aaNJJbpCDtA4JUhpKEEz9L+qpPLxsWI39Ok045zwwmbZ80PKbvABRYzsbFPqwvlspkqw FcXw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id n26si4133275qkh.197.2018.01.30.07.02.09; Tue, 30 Jan 2018 07:02:09 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id 44FB261784; Tue, 30 Jan 2018 15:02:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2 autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id B6C6260C5D; Tue, 30 Jan 2018 15:00:40 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 7810561506; Tue, 30 Jan 2018 15:00:22 +0000 (UTC) Received: from forward102o.mail.yandex.net (forward102o.mail.yandex.net [37.140.190.182]) by lists.linaro.org (Postfix) with ESMTPS id 5A23C60855 for ; Tue, 30 Jan 2018 15:00:16 +0000 (UTC) Received: from mxback16j.mail.yandex.net (mxback16j.mail.yandex.net [IPv6:2a02:6b8:0:1619::92]) by forward102o.mail.yandex.net (Yandex) with ESMTP id B09215A03092 for ; Tue, 30 Jan 2018 18:00:14 +0300 (MSK) Received: from smtp1p.mail.yandex.net (smtp1p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:6]) by mxback16j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id xOtLT7Yzce-0EEakvLq; Tue, 30 Jan 2018 18:00:14 +0300 Received: by smtp1p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id sxKD104gxy-0ErSaRk7; Tue, 30 Jan 2018 18:00:14 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Tue, 30 Jan 2018 17:59:56 +0300 Message-Id: <1517324412-24567-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1517324412-24567-1-git-send-email-odpbot@yandex.ru> References: <1517324412-24567-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 434 Subject: [lng-odp] [PATCH API-NEXT v3 1/17] api: crypto: clarify special nature of gcm and gmac X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Petri Savolainen Reword specification text to be more clear about special nature of GCM (authenticate encryption in general) and GMAC (cannot be paired with cipher) algorithms. Signed-off-by: Petri Savolainen --- /** Email created from pull request 434 (lumag:crypto-upd) ** https://github.com/Linaro/odp/pull/434 ** Patch: https://github.com/Linaro/odp/pull/434.patch ** Base sha: abc7b3bb0babe8efa0fde52752bcd514f2f0d422 ** Merge commit sha: 15e0c830b5937ae889b7bcf6822797dbe0ecb799 **/ include/odp/api/spec/crypto.h | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h index 77ea317b8..e4b0e8cef 100644 --- a/include/odp/api/spec/crypto.h +++ b/include/odp/api/spec/crypto.h @@ -83,9 +83,12 @@ typedef enum { /** AES with counter mode */ ODP_CIPHER_ALG_AES_CTR, - /** AES in Galois/Counter Mode + /** AES-GCM * - * @note Must be paired with cipher ODP_AUTH_ALG_AES_GCM + * AES in Galois/Counter Mode (GCM) algorithm. GCM provides both + * authentication and ciphering of data (authenticated encryption) + * in the same operation. Hence this algorithm must be paired always + * with ODP_AUTH_ALG_AES_GCM authentication. */ ODP_CIPHER_ALG_AES_GCM, @@ -128,23 +131,29 @@ typedef enum { */ ODP_AUTH_ALG_SHA512_HMAC, - /** AES in Galois/Counter Mode + /** AES-GCM * - * @note Must be paired with cipher ODP_CIPHER_ALG_AES_GCM + * AES in Galois/Counter Mode (GCM) algorithm. GCM provides both + * authentication and ciphering of data (authenticated encryption) + * in the same operation. Hence this algorithm must be paired always + * with ODP_CIPHER_ALG_AES_GCM cipher. */ ODP_AUTH_ALG_AES_GCM, - /** AES in Galois/Counter MAC Mode + /** AES-GMAC * - * NIST and RFC specifications of GCM/GMAC refer to all data to be - * authenticated as AAD. In constrast to that, ODP API specifies the - * bulk of authenticated data to be located in packet payload for all - * authentication algorithms, including GMAC. Thus for GMAC application - * should also pass all data to be authenticated as packet data. AAD is - * not used for GMAC. GMAC IV should be passed via session IV or - * per-packet IV override. + * AES Galois Message Authentication Code (GMAC) algorithm. AES-GMAC + * is based on AES-GCM operation, but provides authentication only. + * Hence this algorithm can be paired only with ODP_CIPHER_ALG_NULL + * cipher. * - * @note Must be paired with cipher ODP_CIPHER_ALG_NULL + * NIST and RFC specifications of GMAC refer to all data to be + * authenticated as AAD. In constrast to that, ODP API specifies + * the bulk of authenticated data to be located in packet payload for + * all authentication algorithms. Thus GMAC operation authenticates + * only packet payload and AAD is not used. GMAC needs + * an initialization vector, which can be passed via session (auth_iv) + * or packet (auth_iv_ptr) level parameters. */ ODP_AUTH_ALG_AES_GMAC,