Skip to main content

NanoCAP operators

An operator is a pluggable, cryptographic implementation that fulfills algorithm-specific requests made by NanoCAP.

There are two types of operators, symmetric and asymmetric.

  • Symmetric operators focus on operations relating to symmetric-key algorithms, such as digesting, computing message authentication codes, encrypting data, and implementing random number generators.

  • Asymmetric operators focus on operations relating to asymmetric-key algorithms, such as using public and private keys to sign, verify, encrypt, decrypt, and perform a key exchange.

    • Asymmetric operators are also known as key operators.

    • The header file that contains the NanoCAP API and operator structures is: {MSS_SRC_PKG}/src/cap/capsym.h

    • The prototypes for symmetric algorithms are defined in: ${MSS_SRC_PKG}/src/

    • The prototypes for asymmetric algorithms are defined in: ${MSS_SRC_PKG}/src/crypto/mocasym.h

Review the following additional statements regarding operators:

  • The operator's system follows a dispatch model.

  • The operators are written in C language.

  • The operators consist of an interface that lists methods and declarations.

  • An operator must be a function. (This function must have the same function signature as typedef.)

Symmetric operator example

In the following example, MSymOperator is configured as the alias for typedef, followed by the value for typedef, which specifies the function pointer type:

typedef MSTATUS (*MSymOperator) (      
  MocSymCtx pMocSymCtx,      
  MocCtx pMocCtx,      
  ubyte4 opCode,      
  void *pInputInfo,      
  void *pOutputInfo      
  );

pMocCtx

pMocCtx is an additional context object that stores the list of enabled operators; this object is shared by all operators. pMocCtx can be used when an operator needs to perform an operation that involves another operator. Otherwise, this object may not be needed.

Dispatch model

NanoCAP uses a dispatch model to make requests to an operator to perform cryptographic work. NanoCap calls an operator with an operation, which is simply a value (the op code) that specifies what the caller wants the operator to do. The caller passes input and output information, based on the type of operation being performed and the algorithm being implemented.

The following example displays the structure of the dispatch model in NanoCap where:

  • A header file (capsym.h) defines the symmetric operation (MOC_SYM_OP_DIGEST_UPDATE).

  • The comments provide details on how the operation should be used and the expected input and output information.

  • An operator is called via an op code (MOC_SYM_OP_CODE + 14).

/* Use this operation to update a digest operation. The inputInfo will be
* a pointer to a MSymOperatorData containing the data to digest. The output
* info will be NULL.
*/
#define MOC_SYM_OP_DIGEST_UPDATE               (MOC_SYM_OP_CODE+14)
In this section: