[Feature] Revamp of Crypto API #35
Description
Currently under tc/crypto/ block ciphers and cipher modes are named in the same way. And generally the naming of these classes could use improvement.
e.g.
- AES Block Cipher ->
AesEncryptor - CBC Mode Cipher ->
CbcEncryptor
These two make AES and CBC sound equivalent, when they are not.
I suggest using keywords in the class names, and replacing encryptor with cipher
AesEncryptor->AesBlockCipherCbcEncryptor->CbcModeCipher
For classes that name a composition of classes, e.g. AesCbcEncryptor, I suggest:
- AesCbcCipher
Additionally, this part of the library doesn't expose interfaces that allow using substitute implementations, including HSMs.
Ideally interfaces that define how CbcModeCipher should work (excluding initialising key data, because HSMs only let you refer to pre-defined keys):
struct CipherInfo
{
AlgType_t alg_type; // AES128
AlgMode_t alg_mode; // CBC/CTR/CCM/XTS
AlgPadding_t alg_padding; // None/CipherTextStealing/PKCS7
}
class ICBCModeCipher
{
public:
~ICBCModeCipher() = default;
const CipherInfo* cipher_info();
int32_t encrypt(in, out, iv=optional, length);
int32_t decrypt(in, out, iv=optional, length);
};Where the HSM implementation would do something like this
class BrandedHSMManager
{
public:
//...
std::shared_ptr<ICBCModeCipher> getCbcModeCipher(uint32_t keyIndex)
//...
}using AesCbcCipher = CbcModeCipher<AesBlockCipher,CipherTextStealingPadder>