Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. gcrypt
DES-CBC?
jas at extundo
Jun 7, 2002, 12:36 PM
Post #1 of 8 (1470 views)
Permalink
Any plans to add DES-CBC? Calling
gcry_cipher_open(GCRY_CIPHER_DES_SK, GCRY_CIPHER_MODE_CBC, 0)
fails. (And I don't want _SK as well, I think).

The mode of operation seem to be implemented in the same file as the
encryption algorithms. Would it make sense to separate the encryption
algorithm implementation from the modes of operation implementation?
Re: DES-CBC? [ In reply to ]
wk at gnupg
Jun 10, 2002, 12:43 AM
Post #2 of 8 (1465 views)
Permalink
On Fri, 07 Jun 2002 21:36:56 +0200, Simon Josefsson said:

> Any plans to add DES-CBC? Calling

3-key-EDE-DES in CBC mode should work. If you need plain old DES I
will implement it.

> gcry_cipher_open(GCRY_CIPHER_DES_SK, GCRY_CIPHER_MODE_CBC, 0)

DES/SK is not implemented because it is marked as an reserved
algorithm in OpenPGP and not further specified.

> The mode of operation seem to be implemented in the same file as the
> encryption algorithms. Would it make sense to separate the encryption

No, the encryption algorithm should just do an ECB and we build on
that in cipher/cipher.c to implement CFB and CBC using a generic
method. This is not the fastest way of doing so but saves us a lot of
work and code.

Salam-Shalom,

Werner
Re: DES-CBC? [ In reply to ]
jas at extundo
Jun 10, 2002, 3:00 AM
Post #3 of 8 (1463 views)
Permalink
Werner Koch <wk@gnupg.org> writes:

> On Fri, 07 Jun 2002 21:36:56 +0200, Simon Josefsson said:
>
>> Any plans to add DES-CBC? Calling
>
> 3-key-EDE-DES in CBC mode should work. If you need plain old DES I
> will implement it.

Unfortunately I need plain old DES. Thanks.

>> gcry_cipher_open(GCRY_CIPHER_DES_SK, GCRY_CIPHER_MODE_CBC, 0)
>
> DES/SK is not implemented because it is marked as an reserved
> algorithm in OpenPGP and not further specified.

My uses isn't OpenPGP related at all. Is this a problem?

I have looked at Nettle and MCrypt/MHash (GnuTLS) as well, but I just
became a bit confused -- all three looks good, free license, at least
some documentation, on the surface the design differences seem minor,
etc. Mcrypt/Mhash seem to support most algorithms/modes. Has GNU
adopted either one of them? I'd rather not start using one of them
and then change to another one if they merge into a official GNU
project one day...

>> The mode of operation seem to be implemented in the same file as the
>> encryption algorithms. Would it make sense to separate the encryption
>
> No, the encryption algorithm should just do an ECB and we build on
> that in cipher/cipher.c to implement CFB and CBC using a generic
> method. This is not the fastest way of doing so but saves us a lot of
> work and code.

Ok.
Re: DES-CBC? [ In reply to ]
gnupg at lists
Jun 10, 2002, 3:23 AM
Post #4 of 8 (1464 views)
Permalink
On Mon, Jun 10, 2002 at 12:00:04PM +0200, Simon Josefsson wrote:
> Werner Koch <wk@gnupg.org> writes:
> > On Fri, 07 Jun 2002 21:36:56 +0200, Simon Josefsson said:
> >> Any plans to add DES-CBC? Calling
> > 3-key-EDE-DES in CBC mode should work. If you need plain old DES I
> > will implement it.
> Unfortunately I need plain old DES. Thanks.

3DES is EDE so that you can use a repeated key as your key material, and
you end up with just plain old DES (for compatibility)

So you specify your 3DES key as <56bit DES Key><56bit DES Key>

I'm not sure quite how to do this with gcrypt, however.

MBM

--
Matthew Byng-Maddick <mbm@colondot.net> http://colondot.net/
Re: DES-CBC? [ In reply to ]
wk at gnupg
Jun 10, 2002, 4:49 AM
Post #5 of 8 (1464 views)
Permalink
On Mon, 10 Jun 2002 12:00:04 +0200, Simon Josefsson said:

> Unfortunately I need plain old DES. Thanks.

Okay, I'll _try_ to implement it today.

> My uses isn't OpenPGP related at all. Is this a problem?

No it is just that you asked for DES-SK and there is a reserved
identifier for it in OpenPGP.

> I have looked at Nettle and MCrypt/MHash (GnuTLS) as well, but I just

Nettle is very low-level, I have not looked into Mcrypt for quite some
time.

> adopted either one of them? I'd rather not start using one of them
> and then change to another one if they merge into a official GNU
> project one day...

The advantage of Libgcrypt is that we have all the legal papers...


Salam-Shalom,

Werner
Re: DES-CBC? [ In reply to ]
wk at gnupg
Jun 10, 2002, 4:52 AM
Post #6 of 8 (1460 views)
Permalink
On Mon, 10 Jun 2002 11:23:54 +0100, Matthew Byng-Maddick said:

> So you specify your 3DES key as <56bit DES Key><56bit DES Key>

> I'm not sure quite how to do this with gcrypt, however.

I see no reason why this should not work. You have to use 2 64 bit
keys of course because the high bit is ignored. This is a workaround
with the disadvantage that it is much slower, it was invented to
use 3DES hardware for 1DES.

Shalom-Salam,

Werner
Re: DES-CBC [ In reply to ]
jas at extundo
Aug 14, 2002, 9:49 AM
Post #7 of 8 (1462 views)
Permalink
?

Index: cipher/ChangeLog
===================================================================
RCS file: /cvs/gnupg/libgcrypt/cipher/ChangeLog,v
retrieving revision 1.126
diff -u -p -r1.126 ChangeLog
--- cipher/ChangeLog 25 Jul 2002 14:51:14 -0000 1.126
+++ cipher/ChangeLog 14 Aug 2002 16:46:51 -0000
@@ -1,3 +1,11 @@
+2002-08-14 Simon Josefsson <jas@extundo.com>
+
+ * des.c (CIPHER_ALGO_DES): Define.
+ (do_des_setkey, do_des_encrypt, do_des_decrypt): New functions.
+ (_gcry_des_get_info): Return DES info too.
+
+ * cipher.c (setup_cipher_table): Setup DES.
+
2002-07-25 Werner Koch <wk@gnupg.org>

* rndunix.c (_gcry_rndunix_constructor): Prefixed with _gcry_.
Index: cipher/cipher.c
===================================================================
RCS file: /cvs/gnupg/libgcrypt/cipher/cipher.c,v
retrieving revision 1.44
diff -u -p -r1.44 cipher.c
--- cipher/cipher.c 5 Jun 2002 18:10:20 -0000 1.44
+++ cipher/cipher.c 14 Aug 2002 16:46:52 -0000
@@ -34,7 +34,7 @@
#include "dynload.h"

#define MAX_BLOCKSIZE 16
-#define TABLE_SIZE 14
+#define TABLE_SIZE 15
#define CTX_MAGIC_NORMAL 0x24091964
#define CTX_MAGIC_SECURE 0x46919042

@@ -216,6 +216,17 @@ setup_cipher_table(void)
&cipher_table[i].setkey,
&cipher_table[i].stencrypt,
&cipher_table[i].stdecrypt );
+ if( !cipher_table[i].name )
+ BUG();
+ i++;
+ cipher_table[i].algo = GCRY_CIPHER_DES;
+ cipher_table[i].name = _gcry_des_get_info( cipher_table[i].algo,
+ &cipher_table[i].keylen,
+ &cipher_table[i].blocksize,
+ &cipher_table[i].contextsize,
+ &cipher_table[i].setkey,
+ &cipher_table[i].encrypt,
+ &cipher_table[i].decrypt );
if( !cipher_table[i].name )
BUG();
i++;
Index: cipher/des.c
===================================================================
RCS file: /cvs/gnupg/libgcrypt/cipher/des.c,v
retrieving revision 1.21
diff -u -p -r1.21 des.c
--- cipher/des.c 14 May 2002 13:11:06 -0000 1.21
+++ cipher/des.c 14 Aug 2002 16:46:52 -0000
@@ -156,6 +156,8 @@ burn_stack (int bytes)
#error CIPHER_ALGO_3DES is defined to a wrong value.
#endif

+#define CIPHER_ALGO_DES 302
+

/* Macros used by the info function. */
#define FNCCAST_SETKEY(f) ((int(*)(void*, byte*, unsigned))(f))
@@ -972,6 +974,24 @@ do_tripledes_setkey ( struct _tripledes_
return 0;
}

+static int
+do_des_setkey ( struct _des_ctx *ctx, byte *key, unsigned keylen )
+{
+ if( selftest_failed )
+ return GCRYERR_SELFTEST;
+ if( keylen != 8 )
+ return GCRYERR_INV_KEYLEN;
+
+ des_setkey ( ctx, key);
+
+ if( is_weak_key( key ) ) {
+ burn_stack (64);
+ return GCRYERR_WEAK_KEY;
+ }
+ burn_stack (64);
+
+ return 0;
+}

static void
do_tripledes_encrypt( struct _tripledes_ctx *ctx, byte *outbuf, byte *inbuf )
@@ -987,6 +1007,21 @@ do_tripledes_decrypt( struct _tripledes_
burn_stack (32);
}

+static void
+do_des_encrypt( struct _des_ctx *ctx, byte *outbuf, byte *inbuf )
+{
+ des_ecb_encrypt ( ctx, inbuf, outbuf );
+ burn_stack (32);
+}
+
+static void
+do_des_decrypt( struct _des_ctx *ctx, byte *outbuf, byte *inbuf )
+{
+ des_ecb_decrypt ( ctx, inbuf, outbuf );
+ burn_stack (32);
+}
+
+

/****************
* Return some information about the algorithm. We need algo here to
@@ -1027,6 +1062,19 @@ _gcry_des_get_info( int algo, size_t *ke
= do_tripledes_decrypt;
return "3DES";
}
+
+ if( algo == CIPHER_ALGO_DES ) {
+ *keylen = 64;
+ *blocksize = 8;
+ *contextsize = sizeof(struct _des_ctx);
+ *(int (**)(struct _des_ctx*, byte*, unsigned))r_setkey
+ = do_des_setkey;
+ *(void (**)(struct _des_ctx*, byte*, byte*))r_encrypt
+ = do_des_encrypt;
+ *(void (**)(struct _des_ctx*, byte*, byte*))r_decrypt
+ = do_des_decrypt;
+ return "DES";
+ }
+
return NULL;
}
-
Index: doc/ChangeLog
===================================================================
RCS file: /cvs/gnupg/libgcrypt/doc/ChangeLog,v
retrieving revision 1.5
diff -u -p -r1.5 ChangeLog
--- doc/ChangeLog 14 May 2002 13:11:06 -0000 1.5
+++ doc/ChangeLog 14 Aug 2002 16:46:52 -0000
@@ -1,3 +1,7 @@
+2002-08-14 Simon Josefsson <jas@extundo.com>
+
+ * gcrypt.texi (Features, Building the source): Fix typos.
+
2002-05-14 Werner Koch <wk@gnupg.org>

* lgpl.texi: New.
Index: doc/gcrypt.texi
===================================================================
RCS file: /cvs/gnupg/libgcrypt/doc/gcrypt.texi,v
retrieving revision 1.2
diff -u -p -r1.2 gcrypt.texi
--- doc/gcrypt.texi 14 May 2002 13:11:06 -0000 1.2
+++ doc/gcrypt.texi 14 Aug 2002 16:46:52 -0000
@@ -151,7 +151,7 @@ subject to the terms of the GNU General
list of these parts.

@item It encapsulates the low level cryptography
-`Libgcrypt' a high level interface to cryptographic buiilding blocks
+`Libgcrypt' a high level interface to cryptographic building blocks
using an extendable and flexible API.

@end table
@@ -225,7 +225,7 @@ are created.
@node Building the source
@section Building the source

-If you want to compile a source file including the `gcry.h' header
+If you want to compile a source file including the `gcrypt.h' header
file, you must make sure that the compiler can find it in the
directory hierarchy. This is accomplished by adding the path to the
directory in which the header file is located to the compilers include
Index: src/ChangeLog
===================================================================
RCS file: /cvs/gnupg/libgcrypt/src/ChangeLog,v
retrieving revision 1.52
diff -u -p -r1.52 ChangeLog
--- src/ChangeLog 25 Jul 2002 14:50:55 -0000 1.52
+++ src/ChangeLog 14 Aug 2002 16:46:52 -0000
@@ -1,3 +1,8 @@
+2002-08-14 Simon Josefsson <jas@extundo.com>
+
+ * gcrypt.h (top-level): Add GCRY_CIPHER_DES.
+ (top-level): Include string.h for size_t.
+
2002-07-25 Werner Koch <wk@gnupg.org>

* cipher.h: Added prototypes for progress functions.
Index: src/gcrypt.h
===================================================================
RCS file: /cvs/gnupg/libgcrypt/src/gcrypt.h,v
retrieving revision 1.59
diff -u -p -r1.59 gcrypt.h
--- src/gcrypt.h 25 Jul 2002 14:50:55 -0000 1.59
+++ src/gcrypt.h 14 Aug 2002 16:46:52 -0000
@@ -22,6 +22,7 @@
#define _GCRYPT_H

#include <stdarg.h>
+#include <string.h> /* for size_t */

#ifdef __cplusplus
extern "C" {
@@ -479,7 +480,8 @@ enum gcry_cipher_algos
GCRY_CIPHER_AES256 = 9,
GCRY_CIPHER_TWOFISH = 10,
/* other cipher numbers are above 300 for OpenPGP reasons. */
- GCRY_CIPHER_ARCFOUR = 301
+ GCRY_CIPHER_ARCFOUR = 301,
+ GCRY_CIPHER_DES = 302
};

/* The Rijndael algorithm is basically AES, so provide some macros. */
Re: DES-CBC [ In reply to ]
wk at gnupg
Aug 14, 2002, 10:34 AM
Post #8 of 8 (1460 views)
Permalink
On Wed, 14 Aug 2002 18:49:39 +0200, Simon Josefsson said:

> ?

I am pretty sure you know the legal paper game ;-). If you want to
send more patches, it might be worth to check with the FSF for
libgcrypt. For implementing plain old DES I willtake your patch as a
suggestion to implemnt it.

Thanks,

Werner

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal