From 5010b791378f4af46176f297888c30ad010a3e83 Mon Sep 17 00:00:00 2001 From: Andreas Schultz Date: Mon, 4 Mar 2013 20:37:14 +0100 Subject: crypto: add AES128-GCM cipher support --- lib/crypto/doc/src/crypto.xml | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) (limited to 'lib/crypto/doc') diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 7712173ed8..5f19c5cce3 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -41,7 +41,7 @@

Block ciphers - DES and AES in - Block Cipher Modes - ECB, CBC, CFB, OFB and CTR

+ Block Cipher Modes - ECB, CBC, CFB, OFB, CTR and GCM

RSA encryption RFC 1321

@@ -53,6 +53,12 @@

Secure Remote Password Protocol (SRP - RFC 2945)

+ +

gcm: Dworkin, M., "Recommendation for Block Cipher Modes of + Operation: Galois/Counter Mode (GCM) and GMAC", + National Institute of Standards and Technology SP 800- + 38D, November 2007.

+ @@ -130,7 +136,7 @@

block_cipher() = aes_cbc128 | aes_cfb8 | aes_cfb128 | aes_ige256 | blowfish_cbc | blowfish_cfb64 | des_cbc | des_cfb | des3_cbc | des3_cbf - | des_ede3 | rc2_cbc

+ | des_ede3 | rc2_cbc | aes_gcm

stream_key() = aes_key() | rc4_key()

@@ -152,7 +158,7 @@ Note that both md4 and md5 are recommended only for compatibility with existing applications.

cipher_algorithms() = des_cbc | des_cfb | des3_cbc | des3_cbf | des_ede3 | - blowfish_cbc | blowfish_cfb64 | aes_cbc128 | aes_cfb8 | aes_cfb128| aes_cbc256 | aes_ige256 | rc2_cbc | aes_ctr| rc4

+ blowfish_cbc | blowfish_cfb64 | aes_cbc128 | aes_cfb8 | aes_cfb128| aes_cbc256 | aes_ige256 | aes_gcm | rc2_cbc | aes_ctr| rc4

public_key_algorithms() = rsa |dss | ecdsa | dh | ecdh | ec_gf2m Note that ec_gf2m is not strictly a public key algorithm, but a restriction on what curves are supported with ecdsa and ecdh. @@ -161,18 +167,22 @@ - + block_encrypt(Type, Key, Ivec, PlainText) -> CipherText - Encrypt PlainTextaccording to Type block cipher + block_encrypt(aes_gcm, Key, Ivec, {AAD, PlainText}) -> {CipherText, CipherTag} + Encrypt PlainText according to Type block cipher Type = block_cipher() Key = block_key() PlainText = iodata() - IVec = CipherText = binary() + AAD = IVec = CipherText = CipherTag = binary()

Encrypt PlainTextaccording to Type block cipher. IVec is an arbitrary initializing vector.

+

In AEAD (Authenticated Encryption with Associated Data) mode, encrypt + PlainTextaccording to Type block cipher and calculate + CipherTag that also authenticates the AAD (Associated Authenticated Data).

May throw exception notsup in case the chosen Type is not supported by the underlying OpenSSL implementation.

@@ -180,16 +190,21 @@ block_decrypt(Type, Key, Ivec, CipherText) -> PlainText - Decrypt CipherTextaccording to Type block cipher + block_decrypt(aes_gcm, Key, Ivec, {AAD, CipherText, CipherTag}) -> PlainText | error + Decrypt CipherText according to Type block cipher Type = block_cipher() Key = block_key() PlainText = iodata() - IVec = CipherText = binary() + AAD = IVec = CipherText = CipherTag = binary()

Decrypt CipherTextaccording to Type block cipher. IVec is an arbitrary initializing vector.

+

In AEAD (Authenticated Encryption with Associated Data) mode, decrypt + CipherTextaccording to Type block cipher and check the authenticity + the PlainText and AAD (Associated Authenticated Data) using the + CipherTag. May return error if the decryption or validation fail's

May throw exception notsup in case the chosen Type is not supported by the underlying OpenSSL implementation.

 -- cgit v1.2.3