diff options
| author | Janne Peltonen <janne.peltonen@nokia.com> | 2021-12-21 16:47:08 +0200 |
|---|---|---|
| committer | Matias Elo <matias.elo@nokia.com> | 2022-01-28 10:09:30 +0200 |
| commit | 57382f550c4b5a5a8e6b8b06594d832eb49ebf00 (patch) | |
| tree | 81eaa4c6a7bfaa6872ce101d02a7ce45846965d6 /include/odp/api/spec/crypto.h | |
| parent | d0d22345455d81ffd5d75a9dacc253427447d885 (diff) | |
api: crypto: deprecate per-session IVs
Deprecate the mechanism of configuring initialization vectors in sessions
since reusing the same IV with the same key is almost always wrong. Require
that IV is provided for each packet in the operation parameters.
Signed-off-by: Janne Peltonen <janne.peltonen@nokia.com>
Reviewed-by: Anoob Joseph <anoobj@marvell.com>
Reviewed-by: Petri Savolainen <petri.savolainen@nokia.com>
Diffstat (limited to 'include/odp/api/spec/crypto.h')
| -rw-r--r-- | include/odp/api/spec/crypto.h | 48 |
1 files changed, 32 insertions, 16 deletions
diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h index b90b544ec..178bda4c9 100644 --- a/include/odp/api/spec/crypto.h +++ b/include/odp/api/spec/crypto.h @@ -525,6 +525,8 @@ typedef struct odp_crypto_key { /** * Crypto API IV structure + * + * @deprecated */ typedef struct odp_crypto_iv { /** IV data @@ -532,7 +534,7 @@ typedef struct odp_crypto_iv { * Ignored when length is zero. Null value indicates that an * IV will be provided for each packet through the crypto * operation parameters. In that case the per-operation - * IV override parameter must always point to a valid IV. + * IV parameter must always point to a valid IV. * * Default value is NULL. */ @@ -541,7 +543,7 @@ typedef struct odp_crypto_iv { /** IV length in bytes. Default value is zero. */ uint32_t length; -} odp_crypto_iv_t; +} ODP_DEPRECATE(odp_crypto_iv_t); /** * Crypto API data range specifier @@ -614,19 +616,26 @@ typedef struct odp_crypto_session_param_t { */ odp_crypto_key_t cipher_key; - /** Cipher Initialization Vector (IV) */ + /** Cipher Initialization Vector (IV) + * + * Unless using the deprecated API, this specifies the length of + * the IV only. The actual IV must then be provided in per-packet + * parameters of crypto operations. + */ union { +#if ODP_DEPRECATED_API /** @deprecated Use cipher_iv */ odp_crypto_iv_t ODP_DEPRECATE(iv); /** Cipher Initialization Vector (IV) */ - odp_crypto_iv_t cipher_iv; - + odp_crypto_iv_t ODP_DEPRECATE(cipher_iv); +#endif /** Cipher IV length */ struct { +#if ODP_DEPRECATED_API /** Unused padding field */ uint8_t *dummy_padding_0; - +#endif /** Length of cipher initialization vector. * Default value is zero. */ @@ -657,15 +666,22 @@ typedef struct odp_crypto_session_param_t { */ odp_crypto_key_t auth_key; - /** Authentication Initialization Vector (IV) */ + /** Authentication Initialization Vector (IV) + * + * Unless using the deprecated API, this specifies the length of + * the IV only. The actual IV must then be provided in per-packet + * parameters of crypto operations. + */ union { - odp_crypto_iv_t auth_iv; - +#if ODP_DEPRECATED_API + odp_crypto_iv_t ODP_DEPRECATE(auth_iv); +#endif /** Authentication IV length */ struct { +#if ODP_DEPRECATED_API /** Unused padding field */ uint8_t *dummy_padding_1; - +#endif /** Length of authentication initialization vector. * Default value is zero. */ @@ -740,15 +756,15 @@ typedef struct odp_crypto_op_param_t { */ odp_packet_t out_pkt; - /** Override session IV pointer for cipher */ + /** IV pointer for cipher */ union { /** @deprecated use cipher_iv_ptr */ uint8_t *ODP_DEPRECATE(override_iv_ptr); - /** Override session IV pointer for cipher */ + /** IV pointer for cipher */ uint8_t *cipher_iv_ptr; }; - /** Override session authentication IV pointer */ + /** Authentication IV pointer */ uint8_t *auth_iv_ptr; /** Offset from start of packet for hash result @@ -790,15 +806,15 @@ typedef struct odp_crypto_packet_op_param_t { /** Session handle from creation */ odp_crypto_session_t session; - /** Override session IV pointer for cipher */ + /** IV pointer for cipher */ union { /** @deprecated use cipher_iv_ptr */ uint8_t *ODP_DEPRECATE(override_iv_ptr); - /** Override session IV pointer for cipher */ + /** IV pointer for cipher */ uint8_t *cipher_iv_ptr; }; - /** Override session IV pointer for authentication */ + /** IV pointer for authentication */ uint8_t *auth_iv_ptr; /** Offset from start of packet for hash result |