architecture.rst - OpenGrok cross reference for /Linux-v5.10/Documentation/crypto/architecture.rst

Lines Matching +full:aes +full:- +full:gcm
5 ----------------------
10 -  Symmetric ciphers
12 -  AEAD ciphers
14 -  Message digest, including keyed message digest
16 -  Random number generation
18 -  User space interface
21 ---------------------
30 a caller or invoked together with a template to form multi-block ciphers
38 -  aes
40 -  ecb(aes)
42 -  cmac(aes)
44 -  ccm(aes)
46 -  rfc4106(gcm(aes))
48 -  sha1
50 -  hmac(sha1)
52 -  authenc(hmac(sha1),cbc(aes))
54 In these examples, "aes" and "sha1" are the ciphers and all others are
58 --------------------------------------
82 -----------------------------------------
102 or a single block cipher. For example, AES on newer Intel hardware has
103 the following implementations: AES-NI, assembler implementation, or
104 straight C. Now, when using the string "aes" with the kernel crypto API,
113 implementation and thus does not want to rely on the priority-based
122 information -- if one of the components listed as follows are not
125 -  name: the generic name of the cipher that is subject to the
126    priority-based selection -- this name can be used by the cipher
130 -  driver: the unique name of the cipher -- this name can be used by the
133 -  module: the kernel module providing the cipher implementation (or
136 -  priority: the priority value of the cipher implementation
138 -  refcnt: the reference count of the respective cipher (i.e. the number
141 -  selftest: specification whether the self test for the cipher passed
143 -  type:
145    -  skcipher for symmetric key ciphers
147    -  cipher for single block ciphers that may be used with an
150    -  shash for synchronous message digest
152    -  ahash for asynchronous message digest
154    -  aead for AEAD cipher type
156    -  compression for compression type transformations
158    -  rng for random number generator
160    -  kpp for a Key-agreement Protocol Primitive (KPP) cipher such as
163 -  blocksize: blocksize of cipher in bytes
165 -  keysize: key size in bytes
167 -  ivsize: IV size in bytes
169 -  seedsize: required size of seed data for random number generator
171 -  digestsize: output size of the message digest
173 -  geniv: IV generator (obsolete)
176 ---------
180 (e.g. AES-128 vs. AES-192 vs. AES-256). These key sizes are determined
186 --------------------------------
197 -  CRYPTO_ALG_TYPE_CIPHER Single block cipher
199 -  CRYPTO_ALG_TYPE_COMPRESS Compression
201 -  CRYPTO_ALG_TYPE_AEAD Authenticated Encryption with Associated Data
204 -  CRYPTO_ALG_TYPE_KPP Key-agreement Protocol Primitive (KPP) such as
207 -  CRYPTO_ALG_TYPE_HASH Raw message digest
209 -  CRYPTO_ALG_TYPE_SHASH Synchronous multi-block hash
211 -  CRYPTO_ALG_TYPE_AHASH Asynchronous multi-block hash
213 -  CRYPTO_ALG_TYPE_RNG Random Number Generation
215 -  CRYPTO_ALG_TYPE_AKCIPHER Asymmetric cipher
217 -  CRYPTO_ALG_TYPE_PCOMPRESS Enhanced version of
235 ---------------------------------------
257 The depicted example decomposes the AEAD cipher of GCM(AES) based on the
258 generic C implementations (gcm.c, aes-generic.c, ctr.c, ghash-generic.c,
263 AES-NI) provide implementations merging aspects which in the view of the
265 the AES-NI implementation, the CTR mode, the GHASH implementation and
266 the AES cipher are all merged into one cipher implementation registered
268 following ASCII art applies too. However, the decomposition of GCM into
269 the individual sub-components by the kernel crypto API is not done any
289     +-----------+                                    |
291     |   aead    | <-----------------------------------  esp_output
292     |  (seqiv)  | ---+
293     +-----------+    |
295     +-----------+    |
296     |           | <--+                (2)
297     |   aead    | <-----------------------------------  esp_input
298     |   (gcm)   | ------------+
299     +-----------+             |
302     +-----------+       +-----------+
305     |   (ctr)   | ---+  |  (ghash)  |
306     +-----------+    |  +-----------+
308     +-----------+    | (4)
309     |           | <--+
311     |   (aes)   |
312     +-----------+
318 configuration, the administrator set up the use of seqiv(rfc4106(gcm(aes)))
329    cipher handle for GCM is provided to SEQIV. This means that SEQIV
330    invokes AEAD cipher operations with the GCM cipher handle.
332    During instantiation of the GCM handle, the CTR(AES) and GHASH
333    ciphers are instantiated. The cipher handles for CTR(AES) and GHASH
336    The GCM implementation is responsible to invoke the CTR mode AES and
337    the GHASH cipher in the right manner to implement the GCM
340 3. The GCM AEAD cipher type implementation now invokes the SKCIPHER API
341    with the instantiated CTR(AES) cipher handle.
343    During instantiation of the CTR(AES) cipher, the CIPHER type
344    implementation of AES is instantiated. The cipher handle for AES is
347    That means that the SKCIPHER implementation of CTR(AES) only
349    chaining operation, the CIPHER implementation of AES is invoked.
351 4. The SKCIPHER of CTR(AES) now invokes the CIPHER API with the AES
354 5. The GCM AEAD implementation also invokes the GHASH cipher
367 For example, CBC(AES) is implemented with cbc.c, and aes-generic.c. The
386     +-----------+         (1)    |
387     |           | <------------------  some_function
389     |   (hmac)  | ---+
390     +-----------+    |
392     +-----------+    |
393     |           | <--+
396     +-----------+