Low-level crypto interface

Niels Möller nisse@lysator.liu.se
14 Dec 2000 11:07:06 +0100 

Bob Deblier <bob@virtual-unlimited.com> writes:


> Thanks for sending this contribution - it was good reading material. Here

> are a few comments and thoughts I have about this subject:


Thanks for reading.


> The way I've  solved this is by having a table which describes all

> algorithms of a certain kind.


This is a common approach, I guess (I think both Werner's gnupg,
openssl and several other libraries do that).

In lsh, I also have a table, but at a higher level. I have integer
constants for all algorithms known by my secsh implementation, for
instance ATOM_3DES_CBC, which is installed in the table by something
like

  ALIST_SET(algorithms, ATOM_3DES_CBC, make_3des_cbc());

But there's no entry for plain des anywhere. Then I have a
gperf-generated code to map names that occur in protocol messages to
these integer atoms, and a different, more fuzzy, function for mapping
human-supplied names to atoms.

I can build this on top of the low-level interface, and I believe it
should be straight-forward to build a table like yours on top of the
same code. My intention is to make it feasible to share a low-level
library, even between applications and contexts with different ideas
on how to manage and select algorithms.

Some generic functions could perhaps also be added to the low-level
library, like

  void gcrypt_cbc_encrypt(void *ctx,
                          (*encrypt)(void *, unsigned length,
                                     uint8_t *dst, const uint8_t *src),
                          uint8_t *iv, unsigned block_size,
                          unsigned length, 
                          uint8_t *dst, const uint8_t *src);

if that seems useful. memxor() should also be part of the library (and
perhaps also a part of glibc, of we can sell that idea to the glibc
folks).


> Offtopic: I'm thinking about starting a new open-source (GPL) project

> called 'BeeUtils', of which the first part will be small apps for

> computing the cryptographic hash value of a file. Of course the md5sum

> utility is available in the GNU textutils, but what about a sha1sum, or

> even a sha256sum? Is there a need for utilities that do this?


My first reaction is that I would rather see those utilities as a part
of text-utils, just like md5sum.

Best regards,
/Niels