On Mon, Dec 5, 2016 at 2:39 AM, Petri Savolainen
<petri.savolai...@nokia.com> wrote:
> Enumerations for cipher and authentication algorithms grow
> fast if key and digest lengths are included into the enum.
> Decoupled lengths from algorithm names, only exception is
> SHA-2 family of authentication algorithms which has established
> naming convention with digest lengths (SHA-224, SHA-256, ...).
> Old enumerations are still functional but deprecated.
>
> Algotrithm level capability functions provide a flexible way to
> handle all possible key/digest/iv length combinations.
>
> Signed-off-by: Petri Savolainen <petri.savolai...@nokia.com>
> ---
> include/odp/api/spec/crypto.h | 167
> ++++++++++++++++++++++++++++++++++++------
> 1 file changed, 146 insertions(+), 21 deletions(-)
>
> diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h
> index 0cb8814..b136a80 100644
> --- a/include/odp/api/spec/crypto.h
> +++ b/include/odp/api/spec/crypto.h
> @@ -65,14 +65,28 @@ typedef enum {
> typedef enum {
> /** No cipher algorithm specified */
> ODP_CIPHER_ALG_NULL,
> +
> /** DES */
> ODP_CIPHER_ALG_DES,
> +
> /** Triple DES with cipher block chaining */
> ODP_CIPHER_ALG_3DES_CBC,
> - /** AES128 with cipher block chaining */
> +
> + /** AES with cipher block chaining */
> + ODP_CIPHER_ALG_AES_CBC,
> +
> + /** AES in Galois/Counter Mode
> + *
> + * @note Must be paired with cipher ODP_AUTH_ALG_AES_GCM
> + */
> + ODP_CIPHER_ALG_AES_GCM,
> +
> + /** @deprecated Use ODP_CIPHER_ALG_AES_CBC instead */
> ODP_CIPHER_ALG_AES128_CBC,
> - /** AES128 in Galois/Counter Mode */
> - ODP_CIPHER_ALG_AES128_GCM,
> +
> + /** @deprecated Use ODP_CIPHER_ALG_AES_GCM instead */
> + ODP_CIPHER_ALG_AES128_GCM
> +
> } odp_cipher_alg_t;
>
> /**
> @@ -81,12 +95,33 @@ typedef enum {
> typedef enum {
> /** No authentication algorithm specified */
> ODP_AUTH_ALG_NULL,
> - /** HMAC-MD5 with 96 bit key */
> +
> + /** HMAC-MD5
> + *
> + * MD5 algorithm in HMAC mode
> + */
> + ODP_AUTH_ALG_MD5_HMAC,
> +
> + /** HMAC-SHA-256
> + *
> + * SHA-256 algorithm in HMAC mode
> + */
> + ODP_AUTH_ALG_SHA256_HMAC,
> +
> + /** AES in Galois/Counter Mode
> + *
> + * @note Must be paired with cipher ODP_CIPHER_ALG_AES_GCM
> + */
> + ODP_AUTH_ALG_AES_GCM,
> +
> + /** @deprecated Use ODP_AUTH_ALG_MD5_HMAC instead */
> ODP_AUTH_ALG_MD5_96,
> - /** SHA256 with 128 bit key */
> +
> + /** @deprecated Use ODP_AUTH_ALG_SHA256_HMAC instead */
> ODP_AUTH_ALG_SHA256_128,
> - /** AES128 in Galois/Counter Mode */
> - ODP_AUTH_ALG_AES128_GCM,
> +
> + /** @deprecated Use ODP_AUTH_ALG_AES_GCM instead */
> + ODP_AUTH_ALG_AES128_GCM
> } odp_auth_alg_t;
>
> /**
> @@ -96,19 +131,25 @@ typedef union odp_crypto_cipher_algos_t {
> /** Cipher algorithms */
> struct {
> /** ODP_CIPHER_ALG_NULL */
> - uint32_t null : 1;
> + uint32_t null : 1;
>
> /** ODP_CIPHER_ALG_DES */
> - uint32_t des : 1;
> + uint32_t des : 1;
>
> /** ODP_CIPHER_ALG_3DES_CBC */
> - uint32_t trides_cbc : 1;
> + uint32_t trides_cbc : 1;
> +
> + /** ODP_CIPHER_ALG_AES_CBC */
> + uint32_t aes_cbc : 1;
>
> - /** ODP_CIPHER_ALG_AES128_CBC */
> - uint32_t aes128_cbc : 1;
> + /** ODP_CIPHER_ALG_AES_GCM */
> + uint32_t aes_gcm : 1;
>
> - /** ODP_CIPHER_ALG_AES128_GCM */
> - uint32_t aes128_gcm : 1;
> + /** @deprecated Use aes_cbc instead */
> + uint32_t aes128_cbc : 1;
> +
> + /** @deprecated Use aes_gcm instead */
> + uint32_t aes128_gcm : 1;
> } bit;
>
> /** All bits of the bit field structure
> @@ -125,16 +166,25 @@ typedef union odp_crypto_auth_algos_t {
> /** Authentication algorithms */
> struct {
> /** ODP_AUTH_ALG_NULL */
> - uint32_t null : 1;
> + uint32_t null : 1;
> +
> + /** ODP_AUTH_ALG_MD5_HMAC */
> + uint32_t md5_hmac : 1;
> +
> + /** ODP_AUTH_ALG_SHA256_HMAC */
> + uint32_t sha256_hmac : 1;
>
> - /** ODP_AUTH_ALG_MD5_96 */
> - uint32_t md5_96 : 1;
> + /** ODP_AUTH_ALG_AES_GCM */
> + uint32_t aes_gcm : 1;
>
> - /** ODP_AUTH_ALG_SHA256_128 */
> - uint32_t sha256_128 : 1;
> + /** @deprecated Use md5_hmac instead */
> + uint32_t md5_96 : 1;
>
> - /** ODP_AUTH_ALG_AES128_GCM */
> - uint32_t aes128_gcm : 1;
> + /** @deprecated Use sha256_hmac instead */
> + uint32_t sha256_128 : 1;
> +
> + /** @deprecated Use aes_gcm instead */
> + uint32_t aes128_gcm : 1;
> } bit;
>
> /** All bits of the bit field structure
> @@ -335,6 +385,43 @@ typedef struct odp_crypto_capability_t {
> } odp_crypto_capability_t;
>
> /**
> + * Cipher algorithm capabilities
> + */
> +typedef struct odp_crypto_cipher_capa_t {
> + /** Key length in bytes */
> + uint32_t key_len;
> +
> + /** IV length in bytes */
> + uint32_t iv_len;
> +
> +} odp_crypto_cipher_capa_t;
This should be odp_crypto_cipher_capability_t for consistency with
other odp_xxx_capability_t types.
> +
> +/**
> + * Authentication algorithm capabilities
> + */
> +typedef struct odp_crypto_auth_capa_t {
> + /** Digest length in bytes */
> + uint32_t digest_len;
> +
> + /** Key length in bytes */
> + uint32_t key_len;
> +
> + /** Additional Authenticated Data (AAD) lengths */
> + struct {
> + /** Minimum AAD length in bytes */
> + uint32_t min;
> +
> + /** Maximum AAD length in bytes */
> + uint32_t max;
> +
> + /** Increment of supported lengths between min and max
> + * (in bytes) */
> + uint32_t inc;
> + } aad_len;
> +
> +} odp_crypto_auth_capa_t;
odp_crypto_auth_capability_t for same reason.
> +
> +/**
> * Query crypto capabilities
> *
> * Outputs crypto capabilities on success.
> @@ -347,6 +434,44 @@ typedef struct odp_crypto_capability_t {
> int odp_crypto_capability(odp_crypto_capability_t *capa);
>
> /**
> + * Query supported cipher algorithm capabilities
> + *
> + * Outputs all supported configuration options for the algorithm. Output is
> + * sorted (from the smallest to the largest) first by key length, then by IV
> + * length.
> + *
> + * @param cipher Cipher algorithm
> + * @param[out] capa Array of capability structures for output
> + * @param num Maximum number of capability structures to output
> + *
> + * @return Number of capability structures for the algorithm. If this is
> larger
> + * than 'num', only 'num' first structures were output and
> application
> + * may call the function again with a larger value of 'num'.
> + * @retval <0 on failure
> + */
> +int odp_crypto_cipher_capa(odp_cipher_alg_t cipher,
> + odp_crypto_cipher_capa_t capa[], int num);
odp_crypto_cipher_capability() for consistency with other
odp_xxx_capability() APIs
> +
> +/**
> + * Query supported authentication algorithm capabilities
> + *
> + * Outputs all supported configuration options for the algorithm. Output is
> + * sorted (from the smallest to the largest) first by digest length, then by
> key
> + * length.
> + *
> + * @param auth Authentication algorithm
> + * @param[out] capa Array of capability structures for output
> + * @param num Maximum number of capability structures to output
> + *
> + * @return Number of capability structures for the algorithm. If this is
> larger
> + * than 'num', only 'num' first structures were output and
> application
> + * may call the function again with a larger value of 'num'.
> + * @retval <0 on failure
> + */
> +int odp_crypto_auth_capa(odp_auth_alg_t auth,
> + odp_crypto_auth_capa_t capa[], int num);
odp_crypto_auth_capability()
> +
> +/**
> * Crypto session creation (synchronous)
> *
> * @param params Session parameters
> --
> 2.8.1
>
