HMAC and RIJNDAEL192, was: bugs in bit manipulation routines

bpgcrypt at itaparica.org bpgcrypt at itaparica.org
Sun Aug 6 23:38:32 CEST 2006


On Fri, Aug 04, 2006 at 11:40:36AM +0200, Werner Koch wrote:
> On Mon, 31 Jul 2006 18:33, bpgcrypt at itaparica.org said:
> 
> > 3. HMAC-SHA256 calculation via
> >
> > gcry_md_open(&mh, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC);
> >
> >    aborts with some "no secure memory allocated" message. This can be
> >    fixed by explicitely doing a 
> >
> > gcry_control(GCRYCTL_INIT_SECMEM, 1);
> 
> or if you don't need secure memory:
> 
>   gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
> 
> The we require this is that a MAC uses a key and that key should be
> called in the so-called secure memory.  

No doubt: securing the HMAC key is a wise idea. But I think it should be
unnecessary to call gcry_control() if one is going to ommit the 
GCRY_MD_FLAG_SECURE flag anyway when initializing the hash function.


When reading in my /usr/include/gcrypt.h I found the following:

  /* The Rijndael algorithm is basically AES, so provide some macros. */
  #define GCRY_CIPHER_AES128      GCRY_CIPHER_AES
  #define GCRY_CIPHER_RIJNDAEL    GCRY_CIPHER_AES
  #define GCRY_CIPHER_RIJNDAEL128 GCRY_CIPHER_AES128
  #define GCRY_CIPHER_RIJNDAEL192 GCRY_CIPHER_AES192
  #define GCRY_CIPHER_RIJNDAEL256 GCRY_CIPHER_AES256

AES is a block cipher with fixed 128 bit block length and non-fixed
key length. RIJNDAEL on the other hand is a block cipher with "any"
block length from 128 to 256. In the literature the identifier 
RIJNDAEL192 usually denotes the RIJNDAEL cipher with 192 bit block length. 
With the macros above RIJNDAEL192 denotes the cipher with 128 bit block 
length and 192 bit key. This is confusing and possibly hazardous. I 
suggest to drop all of the macros except the third one.

bp




More information about the Gcrypt-devel mailing list