Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crypto API: Separate IV from ciphertext based on struct cipher_ctx::flags #20561

Closed
sidcha opened this issue Nov 10, 2019 · 5 comments · Fixed by #21044
Closed

Crypto API: Separate IV from ciphertext based on struct cipher_ctx::flags #20561

sidcha opened this issue Nov 10, 2019 · 5 comments · Fixed by #21044
Labels
area: Crypto / RNG Enhancement Changes/Updates/Additions to existing features

Comments

@sidcha
Copy link
Member

sidcha commented Nov 10, 2019

Problem:
The crypto API now prefixes the IV to to the ciphertext. This is because Tinycrypt expects the IV and ciphertext to be in the contiguous memory for better performance. This is a problem if applications what to do inplace encrypt/decrypt (in_buf == out_buf) as now, the in_buf has to be larger by 2x block length and the IV has to be removed manually. Besides, not all use-cases expect IV to be prefixed to the ciphertext.

Proposed Solution:
Create new flag and pass it in struct cipher_ctx::flags that would allow out_buf to have only ciphertext. This means the TC shim would now have to do some extra buffer copy but MbedTLS can skip some.

I will raise a PR based on comments here.
@sidcha sidcha added the Enhancement Changes/Updates/Additions to existing features label Nov 10, 2019
@sidcha
Copy link
Member Author

sidcha commented Nov 10, 2019

Related to: #20434

@tbursztyka @chrta @galak @nashif

@sidcha sidcha changed the title Crypto API: Separate IV from ciphertext when based on struct cipher_ctx::flags Crypto API: Separate IV from ciphertext based on struct cipher_ctx::flags Nov 10, 2019
@sidcha
Copy link
Member Author

sidcha commented Nov 20, 2019

Does anyone have any objections/suggestions on this approach? Do I go ahead to a PR?

@tbursztyka
Copy link
Collaborator

Go with an RFC PR.

@sidcha sidcha mentioned this issue Nov 27, 2019
Merged
@sidcha
Copy link
Member Author

sidcha commented Nov 27, 2019

@tbursztyka: I've raised PR. Could you please help add the RFC label to it? I cannot add it.

@tbursztyka tbursztyka changed the title Crypto API: Separate IV from ciphertext based on struct cipher_ctx::flags [RFC]Crypto API: Separate IV from ciphertext based on struct cipher_ctx::flags Nov 28, 2019
@tbursztyka
Copy link
Collaborator

tbursztyka commented Nov 28, 2019
edited
Loading

it was just needed in the title of the PR (hum, note to mysefl: the pr, not the issue...)

@tbursztyka tbursztyka changed the title [RFC]Crypto API: Separate IV from ciphertext based on struct cipher_ctx::flags Crypto API: Separate IV from ciphertext based on struct cipher_ctx::flags Nov 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: Crypto / RNG Enhancement Changes/Updates/Additions to existing features
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

crypto: Add support for non-IV-prefixed CBC ciphers in mbedTLS shim sidcha/zephyr
3 participants
@tbursztyka @sidcha @aescolar