summaryrefslogtreecommitdiffstats
path: root/doc/source/crypto/methods.rst
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2014-11-05 20:47:25 +0100
committerMatthias Schiffer <mschiffer@universe-factory.net>2014-11-05 20:47:25 +0100
commit0dfa34ac9491754dc57d4bbc5f3b507f8d4cbb6d (patch)
tree49cc8a27dd7dcbc57facaacf9265171cc30ae4fb /doc/source/crypto/methods.rst
parent2c67136b6bafbf2af3d4694a8b218a8e5e23fc98 (diff)
downloadfastd-0dfa34ac9491754dc57d4bbc5f3b507f8d4cbb6d.tar
fastd-0dfa34ac9491754dc57d4bbc5f3b507f8d4cbb6d.zip
docs: documentation of crypto algorithms
Diffstat (limited to 'doc/source/crypto/methods.rst')
-rw-r--r--doc/source/crypto/methods.rst84
1 files changed, 84 insertions, 0 deletions
diff --git a/doc/source/crypto/methods.rst b/doc/source/crypto/methods.rst
new file mode 100644
index 0000000..bbc1690
--- /dev/null
+++ b/doc/source/crypto/methods.rst
@@ -0,0 +1,84 @@
+Method providers
+================
+
+See :doc:`/manual/methods` for details about the method
+configuration and recommendations.
+
+generic-gmac
+~~~~~~~~~~~~
+
+The *generic-gmac* provider combines the GHASH message authetication code
+with any stream cipher, which is used both to encrypt the data and the
+authentication tag.
+
+After the last encrypted data block, a block containing the length of
+the data (in bits, big endian) is passed to the GHASH function as defined
+by the GCM specification.
+
+The method names normally have the form "<cipher>+gmac", and "aes128-gcm"
+for the AES128 cipher.
+
+composed-gmac
+~~~~~~~~~~~~~
+
+The *composed-gmac* provider combines the GHASH message authetication code
+with two stream ciphers, where the first one is used to encrypt the data and the second one for the
+authentication tag. As only the authentication tag must be encrypted, "null" can be used
+as the first cipher for authenticated-only methods.
+
+After the last encrypted data block, a block with the first 8 bytes containing the length of
+the data (in bits, big endian) and the other 8 bytes set to zero is passed to the GHASH function.
+This differs from the size block used by the *generic-gmac* for historical reasons.
+
+The method names normally have the form "<cipher>+<cipher>+gmac", and "<cipher>+aes128-gmac"
+for the AES128 cipher.
+
+generic-umac
+~~~~~~~~~~~~
+
+The *generic-umac* provider combines the UHASH message authetication code
+with any stream cipher, which is used both to encrypt the data and the
+authentication tag.
+
+The method names have the form "<cipher>+umac".
+
+composed-umac
+~~~~~~~~~~~~~
+
+The *composed-umac* provider combines the UHASH message authetication code
+with two stream ciphers, where the first one is used to encrypt the data and the second one for the
+authentication tag. As only the authentication tag must be encrypted, "null" can be used
+as the first cipher for authenticated-only methods.
+
+The method names have the form "<cipher>+<cipher>+umac".
+
+generic-poly1305
+~~~~~~~~~~~~~~~~
+
+The *generic-umac* provider combines the `Poly1305 <http://cr.yp.to/mac.html>`_ message authentication code
+with any stream cipher, which is used both to encrypt the data and the
+authentication tag. This method was added to replace the deprecated *xsalsa20-poly1305*
+method, but may be removed as well in the long term as UMAC is generally more performant
+and makes the same security guarantees.
+
+The method names have the form "<cipher>+poly1305".
+
+xsalsa20-poly1305
+~~~~~~~~~~~~~~~~~
+
+The *xsalsa20-poly1305* provider only provides a single method, "xsalsa20-poly1305",
+which uses the "secret box" provided by the `NaCl <http://nacl.cr.yp.to/>`_ library.
+It is deprecated and should be used for connections with very old fastd versions only.
+
+null
+~~~~
+
+The "null" method doesn't provide any encryption or authentication.
+
+cipher-test
+~~~~~~~~~~~
+
+The *cipher-test* method can be used to run a cipher without any authentication.
+This isn't secure and should be used for tests and benchmarks only.
+
+The method names have the form "<cipher>+cipher-test".