Open jakcron opened 10 months ago
Currently under tc/crypto/ block ciphers and cipher modes are named in the same way. And generally the naming of these classes could use improvement.
tc/crypto/
e.g.
AesEncryptor
CbcEncryptor
These two make AES and CBC sound equivalent, when they are not.
I suggest using keywords in the class names, and replacing encryptor with cipher
AesBlockCipher
CbcModeCipher
For classes that name a composition of classes, e.g. AesCbcEncryptor, I suggest:
Additionally, this part of the library doesn't expose interfaces that allow using substitute implementations, including HSMs.
Ideally interfaces that define how CbcModeCipher should work (excluding initialising key data, because HSMs only let you refer to pre-defined keys):
struct CipherInfo { AlgType_t alg_type; // AES128 AlgMode_t alg_mode; // CBC/CTR/CCM/XTS AlgPadding_t alg_padding; // None/CipherTextStealing/PKCS7 } class ICBCModeCipher { public: ~ICBCModeCipher() = default; const CipherInfo* cipher_info(); int32_t encrypt(in, out, iv=optional, length); int32_t decrypt(in, out, iv=optional, length); };
Where the HSM implementation would do something like this
class BrandedHSMManager { public: //... std::shared_ptr<ICBCModeCipher> getCbcModeCipher(uint32_t keyIndex) //... }
using AesCbcCipher = CbcModeCipher<AesBlockCipher,CipherTextStealingPadder>
Currently under
tc/crypto/
block ciphers and cipher modes are named in the same way. And generally the naming of these classes could use improvement.e.g.
AesEncryptor
CbcEncryptor
These two make AES and CBC sound equivalent, when they are not.
I suggest using keywords in the class names, and replacing encryptor with cipher
AesEncryptor
->AesBlockCipher
CbcEncryptor
->CbcModeCipher
For classes that name a composition of classes, e.g. AesCbcEncryptor, I suggest:
Additionally, this part of the library doesn't expose interfaces that allow using substitute implementations, including HSMs.
Ideally interfaces that define how CbcModeCipher should work (excluding initialising key data, because HSMs only let you refer to pre-defined keys):
Where the HSM implementation would do something like this