Low-level crypto interface

Niels Möller nisse@lysator.liu.se
14 Dec 2000 11:07:06 +0100

Bob Deblier <bob@virtual-unlimited.com> writes:

> Thanks for sending this contribution - it was good reading material. Here
> are a few comments and thoughts I have about this subject:
Thanks for reading.
> The way I've solved this is by having a table which describes all
> algorithms of a certain kind.
This is a common approach, I guess (I think both Werner's gnupg, openssl and several other libraries do that). In lsh, I also have a table, but at a higher level. I have integer constants for all algorithms known by my secsh implementation, for instance ATOM_3DES_CBC, which is installed in the table by something like ALIST_SET(algorithms, ATOM_3DES_CBC, make_3des_cbc()); But there's no entry for plain des anywhere. Then I have a gperf-generated code to map names that occur in protocol messages to these integer atoms, and a different, more fuzzy, function for mapping human-supplied names to atoms. I can build this on top of the low-level interface, and I believe it should be straight-forward to build a table like yours on top of the same code. My intention is to make it feasible to share a low-level library, even between applications and contexts with different ideas on how to manage and select algorithms. Some generic functions could perhaps also be added to the low-level library, like void gcrypt_cbc_encrypt(void *ctx, (*encrypt)(void *, unsigned length, uint8_t *dst, const uint8_t *src), uint8_t *iv, unsigned block_size, unsigned length, uint8_t *dst, const uint8_t *src); if that seems useful. memxor() should also be part of the library (and perhaps also a part of glibc, of we can sell that idea to the glibc folks).
> Offtopic: I'm thinking about starting a new open-source (GPL) project
> called 'BeeUtils', of which the first part will be small apps for
> computing the cryptographic hash value of a file. Of course the md5sum
> utility is available in the GNU textutils, but what about a sha1sum, or
> even a sha256sum? Is there a need for utilities that do this?
My first reaction is that I would rather see those utilities as a part of text-utils, just like md5sum. Best regards, /Niels