Commit 693b549d authored by Herbert Xu's avatar Herbert Xu

crypto: aead - Document behaviour of AD in destination buffer

This patch defines the behaviour of AD in the new interface more
clearly.  In particular, it specifies that if the user must copy
the AD to the destination manually when src != dst if they wish
to guarantee that the destination buffer contains a copy of the
AD.

The reason for this is that otherwise every AEAD implementation
would have to perform such a copy when src != dst.  In reality
most users do in-place processing where src == dst so this is
not an issue.

This patch also kills some remaining references to cryptoff.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 6d7e3d89
...@@ -473,8 +473,15 @@ static inline void aead_request_set_callback(struct aead_request *req, ...@@ -473,8 +473,15 @@ static inline void aead_request_set_callback(struct aead_request *req,
* destination is the ciphertext. For a decryption operation, the use is * destination is the ciphertext. For a decryption operation, the use is
* reversed - the source is the ciphertext and the destination is the plaintext. * reversed - the source is the ciphertext and the destination is the plaintext.
* *
* For both src/dst the layout is associated data, skipped data, * For both src/dst the layout is associated data, plain/cipher text,
* plain/cipher text, authentication tag. * authentication tag.
*
* The content of the AD in the destination buffer after processing
* will either be untouched, or it will contain a copy of the AD
* from the source buffer. In order to ensure that it always has
* a copy of the AD, the user must copy the AD over either before
* or after processing. Of course this is not relevant if the user
* is doing in-place processing where src == dst.
* *
* IMPORTANT NOTE AEAD requires an authentication tag (MAC). For decryption, * IMPORTANT NOTE AEAD requires an authentication tag (MAC). For decryption,
* the caller must concatenate the ciphertext followed by the * the caller must concatenate the ciphertext followed by the
...@@ -525,8 +532,7 @@ static inline void aead_request_set_assoc(struct aead_request *req, ...@@ -525,8 +532,7 @@ static inline void aead_request_set_assoc(struct aead_request *req,
* @assoclen: number of bytes in associated data * @assoclen: number of bytes in associated data
* *
* Setting the AD information. This function sets the length of * Setting the AD information. This function sets the length of
* the associated data and the number of bytes to skip after it to * the associated data.
* access the plain/cipher text.
*/ */
static inline void aead_request_set_ad(struct aead_request *req, static inline void aead_request_set_ad(struct aead_request *req,
unsigned int assoclen) unsigned int assoclen)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment