| Message ID | 20170712125639.11445-1-petri.savolainen@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | [API-NEXT,v2,1/9] api: ipsec: add salt parameter | expand |
On 12.07.2017 15:56, Petri Savolainen wrote: > Added a parameter for passing salt/nonce for algorithms that > need it. Currently, only AES GCM needs it with 4 bytes of > salt. Later on, other cipher or auth algorithms may need > also salt/nonce data. > > Signed-off-by: Petri Savolainen <petri.savolainen@linaro.org> > --- > include/odp/api/spec/ipsec.h | 18 ++++++++++++++++++ > 1 file changed, 18 insertions(+) > > diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h > index e602e4b8..56363e22 100644 > --- a/include/odp/api/spec/ipsec.h > +++ b/include/odp/api/spec/ipsec.h > @@ -378,12 +378,30 @@ typedef struct odp_ipsec_crypto_param_t { > /** Cipher key */ > odp_crypto_key_t cipher_key; > > + /** Extra keying material for cipher key > + * > + * Additional data used as salt or nonce if the algorithm requires it, > + * other algorithms ignore this field. These algorithms require this > + * field set: > + * - AES_GCM: 4 bytes of salt > + **/ > + odp_crypto_key_t cipher_key_extra; > + > /** Authentication algorithm */ > odp_auth_alg_t auth_alg; > > /** Authentication key */ > odp_crypto_key_t auth_key; > > + /** Extra keying material for authentication key > + * > + * Additional data used as salt or nonce if the algorithm requires it, > + * other algorithms ignore this field. These algorithms require this > + * field set: > + * - AES_GCM: 4 bytes of salt > + **/ > + odp_crypto_key_t auth_key_extra; > + From your description it looks like AES-GCM needs both cipher_key_extra and auth_key_extra. Indeed GMAC (or ENC_NULL_GMAC) uses salt, but none of algorithms defined do require both of them. BTW: if nobody objects, let's get the rest of your patchset in, so that we can focus on this patch. > } odp_ipsec_crypto_param_t; > > /** > -- With best wishes Dmitry
diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index e602e4b8..56363e22 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -378,12 +378,30 @@ typedef struct odp_ipsec_crypto_param_t { /** Cipher key */ odp_crypto_key_t cipher_key; + /** Extra keying material for cipher key + * + * Additional data used as salt or nonce if the algorithm requires it, + * other algorithms ignore this field. These algorithms require this + * field set: + * - AES_GCM: 4 bytes of salt + **/ + odp_crypto_key_t cipher_key_extra; + /** Authentication algorithm */ odp_auth_alg_t auth_alg; /** Authentication key */ odp_crypto_key_t auth_key; + /** Extra keying material for authentication key + * + * Additional data used as salt or nonce if the algorithm requires it, + * other algorithms ignore this field. These algorithms require this + * field set: + * - AES_GCM: 4 bytes of salt + **/ + odp_crypto_key_t auth_key_extra; + } odp_ipsec_crypto_param_t; /**
Added a parameter for passing salt/nonce for algorithms that need it. Currently, only AES GCM needs it with 4 bytes of salt. Later on, other cipher or auth algorithms may need also salt/nonce data. Signed-off-by: Petri Savolainen <petri.savolainen@linaro.org> --- include/odp/api/spec/ipsec.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) -- 2.13.0