2024-01-11 16:42:28

by David Howells

[permalink] [raw]
Subject: Rebuilding at least part of my krb5 crypto lib on crypto-aead

Hi Herbert, Chuck,

I've been thinking more on how I might go about rebuilding at least part of my
krb5 crypto library on top of the AEAD template.

I don't think it makes sense to try and put the entirety of it in there.
There are functions that completely don't fit (such as key generation) and the
catalogue of Kerberos type values and associated parameters.

Also, I'm not sure it makes sense to try and squeeze the Integrity-type
operations get_mic and verify_mic as AEAD. get_mic might work as AEAD, but
all a wrapper would add is to emplace the checksum into ciphertext buffer.
The actual checksumming is handled by a SHASH algorithm perfectly well.
verify_mic doesn't really make sense as it has no output other than "yes/no" -
and so is also handled fine by a SHASH algorithm.

Where it does make sense is at the core of the encrypt/decrypt ops where I
have four compound ops to choose from:

- encrypt-then-hash
- hash-then-decrypt
- hash-then-encrypt
- decrypt-then-hash

These can conceivably be hardware optimised to do both parts of the op
simultaneously. I *think* I've seen a suggestion that x86_64 AVX has
sufficient registers available to do both AES and SHA simultaneously, say.

The question I then have is this: How do I parameterise the crypto algorithm
inside AEAD? Can I do something like:

cipher = crypto_alloc_sync_aead("enc-then-hash(cts(cbc(camellia)),cmac(camellia))");

David