Add CryptoInterface library #6961
Conversation
- Add TypeConversion core files.
- Make HelloCrypto.ino stylish. - Include assert.h in CryptoInterface.cpp.
There was a problem hiding this comment.
Other than minor comments already made, I have two thoughts:
- If it makes sense to use this from the core, then it should be moved to core files. If it's a library, it's off limits for the core, because the core can't be dependent on a library.
- I envisioned a different structure, i.e.: have interface objects within the namespace, one for each algorithm, with usage similar to the base64 class: one class for sha1, one for sha256, one for md5, etc. For example:
class md5
{
String hash(blah);
void *hmac(blah);
void *hmacCT(blah);
...
};
class sha1
{
String hash(blah);
void *hmac(blah);
void *hmacCT(blah);
...
};
...If it makes sense, each class could hold context for successive calls, or if it doesn't, the methods could be static.
But, I don't want to delay moving forward for this, so if you want to leave that for another PR it's ok. The choice is yours.
However, please put everything in namespace experimental to not get tied down with maintaining compatibility for the moment while we get around to reworking that.
Other things that could be unified behind this CryptoInterface in the future:
crc16, unify crc32 use, move base64, implement base58, unify md5 use.
- Add deprecated attribute to SHA1 and MD5 hashes. - Remove _warningsEnabled since this has been replaced by the deprecated attribute. - Prefix all getters with "get". - Move all CryptoInterface functionality to the experimental namespace. - Change formatting of core files. - Improve comments.
|
Thank you for the feedback. I've corrected most issues and depending on what you think of the remaining ones this PR may be merge ready. @dirkmueller Ah, so there is a separate style for core files and example files. Good to know. @earlephilhower Thanks! I think there's actually more comments than code in this library, but then again it is supposed to be a frontend. @devyte I should probably finish rewriting the mesh library before starting to rewrite this, so I've put the entire CryptoInterface in namespace experimental for now. |
|
@aerlon I think this needs some restructuring, and probably moving out of a library and into the core, but given that it's in namespace experimental we can merge it as-is and repolish later. |
| * Defaults to nullptr. | ||
| * @param aadLength The length of the aad array in bytes. Defaults to 0. | ||
| */ | ||
| void chacha20Poly1305Encrypt(void *data, const size_t dataLength, const void *key, const void *keySalt, const size_t keySaltLength, void *resultingNonce, void *resultingTag, const void *aad = nullptr, const size_t aadLength = 0); |
There was a problem hiding this comment.
Same as above. ChaCha is fast on the 8266, but AES is also widely used and abstracting one more layer into an encryption major class seems more logical to me.
There was a problem hiding this comment.
There is now an object with encrypt and decrypt methods. Since free standing objects were requested no further abstraction has been done.
…it no longer seems to be required.
- Remove delay in setup() from HelloCrypto example since it does not seem to be required to prevent missing initial Serial prints. - Mark type conversion functions as big endian. - Update keywords.txt.
- Create ESP.random functions in the core based on the defaultNonceGenerator code, and use these in defaultNonceGenerator. - Rename CryptoInterface to esp8266::Crypto and move all functionality to the core. - Remove need to #include <bearssl/bearssl.h> in the Crypto header file by changing br_hkdf_context to ::br_hkdf_context. - Restyle code files for core usage.
- Improve comments.
- Rename namespace Crypto to namespace crypto.
There was a problem hiding this comment.
There are still some details:
- TypeConversion should be wrapped by namespace experimental instead of namespace esp8266
- Code that makes use of this should have a using namespace experimental::crypto at the top to ease use.
But we can fix those details in a subsequent PR.
Approving! And well done.
| } | ||
|
|
||
| void loop() { | ||
| // This serves only to demonstrate the library use. See the header file for a full list of functions. |
There was a problem hiding this comment.
Up here can do something like:
using namespace experimental::crypto;Then further down you can use directly, e.g.:
...
getNonceGenerator()(...);
...
SHA256::hash(...);
...
SHA256::hmac(...);etc. This eases use and reduces the long fully qualified names. It also allows easy remapping of namespaces, because you just change the namespace import at the top instead of having to change each fully qualified name through the code.
Add CryptoInterface library
Add TypeConversion core files.
A library providing an easy-to-use frontend for the cryptographic functionality of BearSSL. Created as an offshoot from the code of the new mesh library PR, based on discussions here.