[kronosnet/kronosnet] ab7487: Add API to enumerate supported cipher modes and ha... - Commits

8 May 2026


      Branch: refs/heads/add-crypto-enumeration-api
  Home:   https://github.com/kronosnet/kronosnet
  Commit: ab74871a81ec29484c7fa05e27225660bd570985
      https://github.com/kronosnet/kronosnet/commit/ab74871a81ec29484c7fa05e272256...
  Author: Fabio M. Di Nitto fdinitto@redhat.com
  Date:   2026-05-08 (Fri, 08 May 2026)
Changed paths:
    M libknet/crypto.c
    M libknet/crypto_nss.c
    M libknet/libknet.h
    M libknet/libknet_exported_syms
    M libknet/tests/api-check.mk
    A libknet/tests/api_knet_get_crypto_cipher_list.c
    A libknet/tests/api_knet_get_crypto_hash_list.c
    M man/Makefile.am
Log Message:
  -----------
  Add API to enumerate supported cipher modes and hash algorithms
Implements issue #478 by introducing two new API functions:
- knet_get_crypto_cipher_list(): Returns AES cipher modes (CBC/CTR) supported across all crypto backends
- knet_get_crypto_hash_list(): Returns hash algorithms supported across all crypto backends
The functions return the intersection of capabilities across OpenSSL, NSS, and libgcrypt backends,
ensuring applications can reliably use any returned cipher/hash combination regardless of which
crypto module is loaded at runtime.
Key implementation decisions:
- Uses hardcoded lists to avoid loading all crypto modules unconditionally
- Flattened cipher list includes both OpenSSL (hyphenated) and NSS/gcrypt (non-hyphenated) naming
  conventions as separate entries to simplify application logic
- Cipher list: 12 entries covering AES-128/192/256 in CBC and CTR modes
- Hash list: 5 entries covering md5, sha1, sha256, sha384, sha512
- Returns pointers to static const strings (consistent with knet_get_crypto_list API)
New structures (following knet_crypto_info pattern):
- knet_crypto_cipher_info: const char *name, const char *mode, int key_bits
- knet_crypto_hash_info: const char *name, int hash_bits
Using pointers instead of arrays:
- Maintains API consistency with existing knet_crypto_info structure
- Eliminates GCC stringop-truncation warnings at -O3 with -D_FORTIFY_SOURCE=3
- Reduces memory footprint and simplifies implementation
- No string copying required - direct pointer assignment to static const data
Includes comprehensive API tests that verify all returned cipher and hash names
work correctly with all three crypto backends (NSS, OpenSSL, libgcrypt).
Fixed NSS parser to accept "-cbc" suffix variants (aes-128-cbc, aes-192-cbc, aes-256-cbc)
in addition to existing non-hyphenated CBC names (aes128, aes192, aes256).
Signed-off-by: Fabio M. Di Nitto fabbione@kronosnet.org
Co-Authored-By: Claude Sonnet 4.5 noreply@anthropic.com
To unsubscribe from these emails, change your notification settings at https://github.com/kronosnet/kronosnet/settings/notifications