Re: Crypto libraries

Eric Young (eay@cryptsoft.com)
Thu, 23 Jul 1998 10:17:11 +1000 (EST)

• Next message: EKR: "Re: The Cost of Snakeoil"
• Previous message: William H. Geiger III: "Re: Jaws: more snake oil?"
• In reply to: M Taylor: "Jaws: more snake oil?"
• Next in thread: Adam Shostack: "Re: Crypto libraries"

On Thu, 23 Jul 1998, Anonymous wrote:
> Are there any open source PD crypto libraries out there which implement
> Blowfish, DES, IDEA, etc. preferably with some kind of unified interface
> for the different algorithms?

SSLeay has DES, 3DES, IDEA, RC2, Blowfish, cast5 and RC5 in ecb, cbc, ofb64
and cfb64 modes. It also has DESX in cbc mode and RC4.

For x86 (Win32 and unix variants) there is DES, 3DES, Blowfish, cast5, rc5
and RC4 assember which is normally withing a few % of the best implementations
that I know of (you can thank VTune for that :).

All ciphers can be looked up via a text name
EVP_CIPHER *EVP_get_cipherbyname(char *name);
or an ASN.1 OID (via a few other mapping calls).

Various parameters can be accessed via
int EVP_CIPHER_nid(EVP_CIPHER *); /* Used for unique id and ASN.1 OID lookup */
int EVP_CIPHER_block_size(EVP_CIPHER *);
int EVP_CIPHER_key_length(EVP_CIPHER *);
int EVP_CIPHER_iv_length(EVP_CIPHER *);

int EVP_BytesToKey(EVP_CIPHER *type,EVP_MD *md,unsigned char *salt,
                unsigned char *data, int datal, int count,
                unsigned char *key,unsigned char *iv);
can be used to convert from ASCII (or anything) to a key (and an iv, but
this does make it easy for brute force attacks, if you know the iv), via a
slight variant on PKCS#5.

To do the encryption,
void EVP_CipherInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type, unsigned char *key,
                unsigned char *iv,int enc);
void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
                int *outl, unsigned char *in, int inl);
int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);

This does final block padding, but the input data can be any multiple of block
size.

int EVP_Cipher(EVP_CIPHER_CTX *c,unsigned char *out, unsigned char *in,
        int length)

can be used to access the 'raw' cipher, with no padding or buffering. The
input data must be multiples of the block size.

Oh yes, any cipher/mode that conforms to the required API, can be used.

I am currently adding methods to auto convert to/from the ASN.1 encoding of
the algorithms parameters (normally only the iv, but for RC2, there is
extra stuff).

There is a similar API for message digests.

I'm sure most of the other popular Crypto libraries offer similar
functionality but I only really know my own library, and since it is in C,
it will lack some of the syntacical niceties of C++ :-).

eric (doing a slight plug).

• Next message: EKR: "Re: The Cost of Snakeoil"
• Previous message: William H. Geiger III: "Re: Jaws: more snake oil?"
• In reply to: M Taylor: "Jaws: more snake oil?"
• Next in thread: Adam Shostack: "Re: Crypto libraries"