From 5010b791378f4af46176f297888c30ad010a3e83 Mon Sep 17 00:00:00 2001
From: Andreas Schultz
Date: Mon, 4 Mar 2013 20:37:14 +0100
Subject: crypto: add AES128-GCM cipher support
---
lib/crypto/doc/src/crypto.xml | 31 +++++++++++++++++++++++--------
1 file changed, 23 insertions(+), 8 deletions(-)
(limited to 'lib/crypto/doc')
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 7712173ed8..5f19c5cce3 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -41,7 +41,7 @@
-
Block ciphers - DES and AES in
- Block Cipher Modes - ECB, CBC, CFB, OFB and CTR
+ Block Cipher Modes - ECB, CBC, CFB, OFB, CTR and GCM
-
RSA encryption RFC 1321
@@ -53,6 +53,12 @@
-
Secure Remote Password Protocol (SRP - RFC 2945)
+ -
+
gcm: Dworkin, M., "Recommendation for Block Cipher Modes of
+ Operation: Galois/Counter Mode (GCM) and GMAC",
+ National Institute of Standards and Technology SP 800-
+ 38D, November 2007.
+
@@ -130,7 +136,7 @@
block_cipher() = aes_cbc128 | aes_cfb8 | aes_cfb128 | aes_ige256 | blowfish_cbc |
blowfish_cfb64 | des_cbc | des_cfb | des3_cbc | des3_cbf
- | des_ede3 | rc2_cbc
+ | des_ede3 | rc2_cbc | aes_gcm
stream_key() = aes_key() | rc4_key()
@@ -152,7 +158,7 @@
Note that both md4 and md5 are recommended only for compatibility with existing applications.
cipher_algorithms() = des_cbc | des_cfb | des3_cbc | des3_cbf | des_ede3 |
- blowfish_cbc | blowfish_cfb64 | aes_cbc128 | aes_cfb8 | aes_cfb128| aes_cbc256 | aes_ige256 | rc2_cbc | aes_ctr| rc4
+ blowfish_cbc | blowfish_cfb64 | aes_cbc128 | aes_cfb8 | aes_cfb128| aes_cbc256 | aes_ige256 | aes_gcm | rc2_cbc | aes_ctr| rc4
public_key_algorithms() = rsa |dss | ecdsa | dh | ecdh | ec_gf2m
Note that ec_gf2m is not strictly a public key algorithm, but a restriction on what curves are supported
with ecdsa and ecdh.
@@ -161,18 +167,22 @@
-
+
block_encrypt(Type, Key, Ivec, PlainText) -> CipherText
- Encrypt PlainTextaccording to Type block cipher
+ block_encrypt(aes_gcm, Key, Ivec, {AAD, PlainText}) -> {CipherText, CipherTag}
+ Encrypt PlainText according to Type block cipher
Type = block_cipher()
Key = block_key()
PlainText = iodata()
- IVec = CipherText = binary()
+ AAD = IVec = CipherText = CipherTag = binary()
Encrypt PlainTextaccording to Type block cipher.
IVec is an arbitrary initializing vector.
+ In AEAD (Authenticated Encryption with Associated Data) mode, encrypt
+ PlainTextaccording to Type block cipher and calculate
+ CipherTag that also authenticates the AAD (Associated Authenticated Data).
May throw exception notsup in case the chosen Type
is not supported by the underlying OpenSSL implementation.
@@ -180,16 +190,21 @@
block_decrypt(Type, Key, Ivec, CipherText) -> PlainText
- Decrypt CipherTextaccording to Type block cipher
+ block_decrypt(aes_gcm, Key, Ivec, {AAD, CipherText, CipherTag}) -> PlainText | error
+ Decrypt CipherText according to Type block cipher
Type = block_cipher()
Key = block_key()
PlainText = iodata()
- IVec = CipherText = binary()
+ AAD = IVec = CipherText = CipherTag = binary()
Decrypt CipherTextaccording to Type block cipher.
IVec is an arbitrary initializing vector.
+ In AEAD (Authenticated Encryption with Associated Data) mode, decrypt
+ CipherTextaccording to Type block cipher and check the authenticity
+ the PlainText and AAD (Associated Authenticated Data) using the
+ CipherTag. May return error if the decryption or validation fail's
May throw exception notsup in case the chosen Type
is not supported by the underlying OpenSSL implementation.
--
cgit v1.2.3