[FEEDBACK] Crypto API

This forum is dedicated to feedback, discussions about ongoing or future developments, ideas and suggestions regarding the ChibiOS projects are welcome.
User avatar
Giovanni
Site Admin
Posts: 10341
Joined: Wed May 27, 2009 8:48 am
Location: Salerno, Italy
Has thanked: 231 times
Been thanked: 205 times
Contact:

[FEEDBACK] Crypto API

Postby Giovanni » Mon Oct 23, 2017 11:05 am

Hi,

I am introducing a crypto module in the HAL, the module is supposed to be a wrapper around crypto/hashing capabilities and also to provide a SW fall-back for algorithm not supported in HW (a pure SW mode is also possible).

See the files hal_crypto.h and hal_crypto.c in trunk.

Now, I want to provide an effective API without too much complexity, it would help to receive feedback on APIs defined until now. For example the AES-GCM looks very complex:

Code: Select all

  cryerror_t cryEncryptAES_GCM(CRYDriver *cryp,
                               crykey_t key_id,
                               bitsize_t size,
                               const uint8_t *in,
                               uint8_t *out,
                               bitsize_t ivsize,
                               const uint8_t *iv,
                               bitsize_t authsize,
                               uint8_t *authout);
  cryerror_t cryDecryptAES_GCM(CRYDriver *cryp,
                               crykey_t key_id,
                               bitsize_t size,
                               const uint8_t *in,
                               uint8_t *out,
                               bitsize_t ivsize,
                               const uint8_t *iv,
                               bitsize_t authsize,
                               const uint8_t *authin);


Could this be simplified? for example size_t instead of bitsize_t, assuming IVs to be 64 bits, assuming AUTH fields to be 96 bits and so on. Some insight about use cases would be appreciated.

Next I will introduce SHA-1, SHA-2, DES, TDES and possibly others.

Note, there are no implementations yet, I am just trying to define the API.

Giovanni

steved
Posts: 456
Joined: Fri Nov 09, 2012 2:22 pm
Has thanked: 3 times
Been thanked: 34 times

Re: [FEEDBACK] Crypto API

Postby steved » Thu Oct 26, 2017 9:59 am

Giovanni wrote:Some insight about use cases would be appreciated.

Main use case I've come across is in conjunction with supporting https on web servers - so your planned algorithms fully cover this.


I've had a quick look at how another package I use does this, and for AES (not GCM) it implements encryption and decryption as a 2-stage process:

1. int AES_set_encrypt_key(const unsigned char * userKey, const int bits, AES_KEY * key); - "Expands the cipher key into the decryption key schedule"
2. void AES_cbc_encrypt(const unsigned char * in, unsigned char * out, const unsigned long length, const AES_KEY * key, unsigned char * ivec, const int enc); - does the actual encryption (this one for Cipher Block Chaining)

Not used this at all; can put together a bit more info if it would help.

User avatar
Giovanni
Site Admin
Posts: 10341
Joined: Wed May 27, 2009 8:48 am
Location: Salerno, Italy
Has thanked: 231 times
Been thanked: 205 times
Contact:

Re: [FEEDBACK] Crypto API

Postby Giovanni » Thu Oct 26, 2017 10:35 am

It would help, I imagine it is done in order to restart chained encryption faster.

Giovanni


Return to “Development and Feedback”

Who is online

Users browsing this forum: No registered users and 4 guests