[python-crypto] Re: Add AES to amkCrypto?

Andrew Kuchling akuchlin at mems-exchange.org
Wed Feb 7 22:42:42 CET 2001


[Resending to the egroups list because the listserv seems to be
swallowing my messages...]

(Going through the thread on the egroups list...)

 
On Thu, Feb 01, 2001 at 02:34:00PM +0100, M.-A. Lemburg wrote:
>Andrew's and the OpenSSL implementation have separate APIs
>for each mode because they can be optimized in different
>ways. The only way to get the compiler to optimize the code
>is by writing it down once for each mode. That way you get
 
I think Bryan is mostly referring to the preprocessing of C source
files that amkCrypto has always done.  Because the feedback modes are
fiddly to get right (off-by-one errors and that sort of thing), I
wanted to save myself effort.  Therefore, to implement a cipher you
just implement functions to encrypt and decrypt a single block; a
script then tangles your single function together with a module
template that handles the feedback modes for you.  Hashes work
similarly.
 
This idea was already showing some strain with algorithms such as CAST
that have variable parameters.  In CAST, the number of rounds has to
be specified as a byte of the key, because there's no way to modify
the constructor.  Remember, the first version was written around 1995,
when I was young and stupid!  We're best off just discarding
amkCrypto's implementation completely.
 
I'd suggest starting by defining a new API for hash operations and
block ciphers, because they're easiest to get right, I think.  In fact
maybe the hash API is perfectly fine as it stands.  The block cipher
API may not be quite right, but it's probably not *too* far wrong.

The public key APIs (RSA, ElGamal) in amkCrypto *are* far wrong, being
basically just toys.  For example, in the first version you checked
signatures by calling a method named validate(); clearly I was on
crack when choosing that name, because this operation is called
'verify' in the literature, and has always been called 'verify'!
IMHO, just forget about amkCrypto public-key them and define new ones,
not bothering about backward compatibility at all.  But note that
public-key will probably drag in complicated other issues such as
certificates; before embarking on that messy task, let's try to do
hashes and block ciphers, which will at least take care of Bryan's AES
code.
 
--amk

------------------------ Yahoo! Groups Sponsor ---------------------~-~>
eGroups is now Yahoo! Groups
Click here for more details
http://click.egroups.com/1/11231/1/_/22498/_/981582196/
---------------------------------------------------------------------_->








More information about the python-crypto mailing list