diff mbox series

[API-NEXT,v2,1/9] api: ipsec: add salt parameter

Message ID 20170712125639.11445-1-petri.savolainen@linaro.org
State New
Headers show
Series [API-NEXT,v2,1/9] api: ipsec: add salt parameter | expand

Commit Message

Petri Savolainen July 12, 2017, 12:56 p.m. UTC
Added a parameter for passing salt/nonce for algorithms that
need it. Currently, only AES GCM needs it with 4 bytes of
salt. Later on, other cipher or auth algorithms may need
also salt/nonce data.

Signed-off-by: Petri Savolainen <petri.savolainen@linaro.org>

---
 include/odp/api/spec/ipsec.h | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

-- 
2.13.0

Comments

Dmitry Eremin-Solenikov July 12, 2017, 1:05 p.m. UTC | #1
On 12.07.2017 15:56, Petri Savolainen wrote:
> Added a parameter for passing salt/nonce for algorithms that

> need it. Currently, only AES GCM needs it with 4 bytes of

> salt. Later on, other cipher or auth algorithms may need

> also salt/nonce data.

> 

> Signed-off-by: Petri Savolainen <petri.savolainen@linaro.org>

> ---

>  include/odp/api/spec/ipsec.h | 18 ++++++++++++++++++

>  1 file changed, 18 insertions(+)

> 

> diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h

> index e602e4b8..56363e22 100644

> --- a/include/odp/api/spec/ipsec.h

> +++ b/include/odp/api/spec/ipsec.h

> @@ -378,12 +378,30 @@ typedef struct odp_ipsec_crypto_param_t {

>  	/** Cipher key */

>  	odp_crypto_key_t cipher_key;

>  

> +	/** Extra keying material for cipher key

> +	 *

> +	 *  Additional data used as salt or nonce if the algorithm requires it,

> +	 *  other algorithms ignore this field. These algorithms require this

> +	 *  field set:

> +	 *  - AES_GCM: 4 bytes of salt

> +	 **/

> +	odp_crypto_key_t cipher_key_extra;

> +

>  	/** Authentication algorithm */

>  	odp_auth_alg_t auth_alg;

>  

>  	/** Authentication key */

>  	odp_crypto_key_t auth_key;

>  

> +	/** Extra keying material for authentication key

> +	 *

> +	 *  Additional data used as salt or nonce if the algorithm requires it,

> +	 *  other algorithms ignore this field. These algorithms require this

> +	 *  field set:

> +	 *  - AES_GCM: 4 bytes of salt

> +	 **/

> +	odp_crypto_key_t auth_key_extra;

> +


From your description it looks like AES-GCM needs both cipher_key_extra
and auth_key_extra.

Indeed GMAC (or ENC_NULL_GMAC) uses salt, but none of algorithms defined
do require both of them.

BTW: if nobody objects, let's get the rest of your patchset in, so that
we can focus on this patch.

>  } odp_ipsec_crypto_param_t;

>  

>  /**

> 


-- 
With best wishes
Dmitry
diff mbox series

Patch

diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h
index e602e4b8..56363e22 100644
--- a/include/odp/api/spec/ipsec.h
+++ b/include/odp/api/spec/ipsec.h
@@ -378,12 +378,30 @@  typedef struct odp_ipsec_crypto_param_t {
 	/** Cipher key */
 	odp_crypto_key_t cipher_key;
 
+	/** Extra keying material for cipher key
+	 *
+	 *  Additional data used as salt or nonce if the algorithm requires it,
+	 *  other algorithms ignore this field. These algorithms require this
+	 *  field set:
+	 *  - AES_GCM: 4 bytes of salt
+	 **/
+	odp_crypto_key_t cipher_key_extra;
+
 	/** Authentication algorithm */
 	odp_auth_alg_t auth_alg;
 
 	/** Authentication key */
 	odp_crypto_key_t auth_key;
 
+	/** Extra keying material for authentication key
+	 *
+	 *  Additional data used as salt or nonce if the algorithm requires it,
+	 *  other algorithms ignore this field. These algorithms require this
+	 *  field set:
+	 *  - AES_GCM: 4 bytes of salt
+	 **/
+	odp_crypto_key_t auth_key_extra;
+
 } odp_ipsec_crypto_param_t;
 
 /**