Bill, Robbie, Ola,
In ODP v0.6, the cipher and authentication algorithm enumerations were in
odp_crypto.h. For example:
platform/linux-generic/include/api/odp_crypto.h
I just migrated to ODP v1.0. These enumerations are in plat/crypto_types.h.
For example:
platform/linux-generic/include/odp/plat/crypto_types.h
but the doxygen is in the official header file at include/odp/api/crypto.h
I do not yet understand how to properly add cipher suites to the API, but
below is my local diff with the ciphers and authentications that my platform
supports.
I have not done any linux-generic work with these new enumerations.
We do single pass crypto and hash, so as Bill points out, a NULL cipher or
authentication is valid and useful.
The work I am doing is for packet based IPSec and DTLS. My knowledge of crypto
beyond those use cases is not very good.
Thanks, Leonard.
--- a/odp/platform/linux-northstar/include/odp/plat/crypto_types.h
+++ b/odp/platform/linux-northstar/include/odp/plat/crypto_types.h
@@ -40,12 +40,20 @@ enum odp_crypto_op {
enum odp_cipher_alg {
ODP_CIPHER_ALG_NULL,
ODP_CIPHER_ALG_DES,
+ ODP_CIPHER_ALG_3DES_ECB,
ODP_CIPHER_ALG_3DES_CBC,
+ ODP_CIPHER_ALG_AES_ECB,
+ ODP_CIPHER_ALG_AES_CBC,
+ ODP_CIPHER_ALG_AES_CTR,
};
enum odp_auth_alg {
ODP_AUTH_ALG_NULL,
ODP_AUTH_ALG_MD5_96,
+ ODP_AUTH_ALG_SHA1,
+ ODP_AUTH_ALG_SHA256,
+ ODP_AUTH_ALG_HMAC_SHA1,
+ ODP_AUTH_ALG_HMAC_SHA256,
};
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Robbie King (robking)
Sent: Wednesday, March 04, 2015 1:53 PM
To: Bill Fischofer; Ola Liljedahl
Cc: LNG ODP Mailman List
Subject: Re: [lng-odp] questions on crypto.h
Hi Ola, you have a lot of great questions here. We are getting
into areas of crypto that I know little if any about. I think
we are going to need a better owner than myself for crypto going
forward.
From: Bill Fischofer [mailto:[email protected]]
Sent: Wednesday, March 04, 2015 11:49 AM
To: Ola Liljedahl
Cc: Robbie King (robking); LNG ODP Mailman List
Subject: Re: [lng-odp] questions on crypto.h
Leonard mentioned in one of the calls a couple of weeks back that he had a
proposed patch to extend the range of cipher suites. Now that v1.0 is out
perhaps he can comment on whether that can be brought forward?
And yes, NULL is valid cipher algorithm. It's what's typically specified when
authentication only is needed since encryption/authentication are paired
concepts. An authenticated public document is a prime example of the use of
NULL ciphers.
On Wed, Mar 4, 2015 at 10:38 AM, Ola Liljedahl
<[email protected]<mailto:[email protected]>> wrote:
* @enum odp_cipher_alg:ODP_CIPHER_ALG_NULL
* No cipher algorithm specified
Is this comment correct?
Don't we actually mean "Null cipher algorithm"?
The null algorithm is a valid cipher algorithm, it just doesn't
provide much security....
Should we define ciphers like AES well? Didn't the original crypto
proposal specify a more complete of cipher algorithms?
Does the crypto implementation have to know about the mode (e.g. CBC,
CTR)? Cipher 3DES is defined with CBC mode. For counter mode each
block has its own counter value and it could be specified by the user
if each block is passed for encryption/decryption separately. How
large is a block supposed to be? A packet?
Can crypto.h be extended to asymmetric (public/private key)
encryption/decryption as well? Do we need new calls and data
structures or just some new enums?
-- Ola
_______________________________________________
lng-odp mailing list
[email protected]<mailto:[email protected]>
http://lists.linaro.org/mailman/listinfo/lng-odp
_______________________________________________
lng-odp mailing list
[email protected]
http://lists.linaro.org/mailman/listinfo/lng-odp
