diff options
author | Janne Peltonen <janne.peltonen@nokia.com> | 2023-02-20 19:29:37 +0200 |
---|---|---|
committer | Matias Elo <matias.elo@nokia.com> | 2023-04-12 15:52:37 +0300 |
commit | 8fbdef844009f78aff372a6022e125da15bdd064 (patch) | |
tree | 22f8acf8b4c8dd288a94de4b7b49a50c59db67fc /include | |
parent | 037a579d6af0ef1313e53c9141d637ee1760faa6 (diff) |
api: crypto: clarify when cipher and auth ranges are ignored
The null crypto and auth algorithms do not modify the packet and
therefore do not need the crypto/auth range parameter. Specify
explicitly that the null algorithms ignore range parameters so that
the range parameters do not have to have valid (e.g. within packet
data area) values.
AEAD algorithms, such as AES_GCM, AES_CCM and CHACHA20_POLY1305,
authenticate the AAD and the cipher range. Specify that they ignore
the auth_range field. It was already mentioned in the deprecated
odp_crypto_op_param_t but not in odp_crypto_packet_op_param_t.
Signed-off-by: Janne Peltonen <janne.peltonen@nokia.com>
Reviewed-by: Anoob Joseph <anoobj@marvell.com>
Reviewed-by: Petri Savolainen <petri.savolainen@nokia.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/odp/api/spec/crypto_types.h | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/include/odp/api/spec/crypto_types.h b/include/odp/api/spec/crypto_types.h index 0a5051d07..e4851b69e 100644 --- a/include/odp/api/spec/crypto_types.h +++ b/include/odp/api/spec/crypto_types.h @@ -811,10 +811,18 @@ typedef struct odp_crypto_packet_op_param_t { */ const uint8_t *aad_ptr; - /** Data range to apply cipher */ + /** Data range to be ciphered. Ignored by the null cipher. */ odp_packet_data_range_t cipher_range; - /** Data range to authenticate */ + /** Data range to be authenticated + * + * The value is ignored with authenticated encryption algorithms, + * such as AES-GCM, which authenticate data in the cipher range + * and the AAD. The value is also ignored by the null algorithm. + * + * As a special case AES-GMAC uses this field instead of aad_ptr + * for the data bytes to be authenticated. + */ odp_packet_data_range_t auth_range; /** Shift of the output offsets with ODP_CRYPTO_OP_TYPE_OOP |