[FEEDBACK] Crypto API

This forum is dedicated to feedback, discussions about ongoing or future developments, ideas and suggestions regarding the ChibiOS projects are welcome. This forum is NOT for support.
Post Reply
User avatar
Giovanni
Site Admin
Posts: 14457
Joined: Wed May 27, 2009 8:48 am
Location: Salerno, Italy
Has thanked: 1076 times
Been thanked: 922 times
Contact:
Contact Giovanni

[FEEDBACK] Crypto API

Postby Giovanni » Mon Oct 23, 2017 11:05 am

Hi,

I am introducing a crypto module in the HAL, the module is supposed to be a wrapper around crypto/hashing capabilities and also to provide a SW fall-back for algorithm not supported in HW (a pure SW mode is also possible).

See the files hal_crypto.h and hal_crypto.c in trunk.

Now, I want to provide an effective API without too much complexity, it would help to receive feedback on APIs defined until now. For example the AES-GCM looks very complex:

Code: Select all

  cryerror_t cryEncryptAES_GCM(CRYDriver *cryp,
                               crykey_t key_id,
                               bitsize_t size,
                               const uint8_t *in,
                               uint8_t *out,
                               bitsize_t ivsize,
                               const uint8_t *iv,
                               bitsize_t authsize,
                               uint8_t *authout);
  cryerror_t cryDecryptAES_GCM(CRYDriver *cryp,
                               crykey_t key_id,
                               bitsize_t size,
                               const uint8_t *in,
                               uint8_t *out,
                               bitsize_t ivsize,
                               const uint8_t *iv,
                               bitsize_t authsize,
                               const uint8_t *authin);


Could this be simplified? for example size_t instead of bitsize_t, assuming IVs to be 64 bits, assuming AUTH fields to be 96 bits and so on. Some insight about use cases would be appreciated.

Next I will introduce SHA-1, SHA-2, DES, TDES and possibly others.

Note, there are no implementations yet, I am just trying to define the API.

Giovanni
Top
steved
Posts: 825
Joined: Fri Nov 09, 2012 2:22 pm
Has thanked: 12 times
Been thanked: 135 times

Re: [FEEDBACK] Crypto API

Postby steved » Thu Oct 26, 2017 9:59 am

Giovanni wrote:Some insight about use cases would be appreciated.

Main use case I've come across is in conjunction with supporting https on web servers - so your planned algorithms fully cover this.


I've had a quick look at how another package I use does this, and for AES (not GCM) it implements encryption and decryption as a 2-stage process:

1. int AES_set_encrypt_key(const unsigned char * userKey, const int bits, AES_KEY * key); - "Expands the cipher key into the decryption key schedule"
2. void AES_cbc_encrypt(const unsigned char * in, unsigned char * out, const unsigned long length, const AES_KEY * key, unsigned char * ivec, const int enc); - does the actual encryption (this one for Cipher Block Chaining)

Not used this at all; can put together a bit more info if it would help.
Top
User avatar
Giovanni
Site Admin
Posts: 14457
Joined: Wed May 27, 2009 8:48 am
Location: Salerno, Italy
Has thanked: 1076 times
Been thanked: 922 times
Contact:
Contact Giovanni

Re: [FEEDBACK] Crypto API

Postby Giovanni » Thu Oct 26, 2017 10:35 am

It would help, I imagine it is done in order to restart chained encryption faster.

Giovanni
Top
Post Reply

Return to “Development and Feedback”

Who is online

Users browsing this forum: No registered users and 73 guests