Tags:
create new tag
, view all tags

Where do the bulk and hashing operations get called?

Within funciton do_ssl3_write() , file ssl/s3_pkt.c

Which Cipher Suites use SHA1 and 3DES? (see ssl3.h)

  • DES-CBC3-SHA
  • DH-DSS-DES-CBC3-SHA
  • DH-RSA-DES-CBC3-SHA
  • EDH-DSS-DES-CBC3-SHA
  • EDH-RSA-DES-CBC3-SHA
  • ADH-DES-CBC3-SHA

Start a test server that talks Internet Explorer's cyber suite

openssl s_server -accept 443 -ssl3 -WWW -state -cipher DES-CBC3-SHA (note: default accept port is 4433)

Grep through and find something in c and header files

grep -rI something * | grep "^.*\.[c|h].*$

Function Summary (more in the man page)
function defined in does
des_random_key() crypto/des/rand_key.c generates a random key. calls RAND_seed(key, sizeof(des_cblock)
des_set_key_checked() / des_set_key_unchecked() crypto/des/set_key.c converts key into an architecture-dependent des_key_schedule . des_set_key_checked() checks the key passed is of odd parity and is not a week or semi-weak key.
void des_ecb_encrypt(const_des_cblock *input, des_cblock *output, des_key_schedule ks, int enc) crypto/des/ecb_enc.c the basic DES encryption routine that encrypts / decrypts a single 8-byte (OUCH!) des_cblock in ECB mode. It always transforms the input data, pointed to by input , into the output data, pointed to by output . If the encrypt argument is non-zero (DES_ENCRYPT), the input (cleartext) is encrypted in to the output (ciphertext) using the des_key_schedule specified by the schedule argument, previously set via des_set_key. If encrypt is zero (DES_DECRYPT), the input (now ciphertext) is decrypted into the output (now cleartext). Input and output may overlap.
void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, int enc) crypto/des/ecb3_enc.c encrypts/decrypts the input block by using three-key Triple-DES encryption in ECB mode. This involves encrypting the input with ks1, decrypting with the key schedule ks2, and then encrypting with ks3. This routine greatly reduces the chances of brute force breaking of DES and has the advantage of if ks1, ks2 and ks3 are the same, it is equivalent to just encryption using ECB mode and ks1 as the key.
void des_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int enc) crypto/des/des_enc.c implements outer triple CBC DES encryption with three keys. This means that each DES operation inside the CBC mode is really an C=E(ks3,D(ks2,E(ks1,M))). This mode is used by SSL.

from 'des.pod', openssl documentation

There are two phases to the use of DES encryption.

  • generation of a des_key_schedule from a key,
  • the actual encryption.

A DES key is of type des_cblock . This type is consists of 8 bytes with odd parity. The least significant bit in each byte is the parity bit. The key schedule is an expanded form of the key; it is used to speed the encryption process.

des_random_key() generates a random key. The PRNG must be seeded prior to using this function (see L<rand(3)|rand(3)>; for backward compatibility the function des_random_seed() is available as well). If the PRNG could not generate a secure key, 0 is returned. In earlier versions of the library, des_random_key() did not generate secure keys.

Before a DES key can be used, it must be converted into the architecture dependent des_key_schedule via the des_set_key_checked() / des_set_key_unchecked() functions.

des_set_key_checked() checks that the key passed is of odd parity and is not a week or semi-weak key. If the parity is wrong, then -1 is returned. If the key is a weak key, then -2 is returned. If an error is returned, the key schedule is not generated.

des_set_key() works like des_set_key_checked() if the des_check_key flag is non-zero, otherwise like des_set_key_unchecked() . These functions are available for compatibility; it is recommended to use a function that does not depend on a global variable.

des_set_odd_parity() sets the parity of the passed key to odd.

The following routines mostly operate on an input and output stream of des_cblock s.

des_ecb_encrypt() is the basic DES encryption routine that encrypts or decrypts a single 8-byte I in I (ECB) mode. It always transforms the input data, pointed to by I, into the output data, pointed to by the I argument. If the I argument is non-zero (DES_ENCRYPT), the I (cleartext) is encrypted in to the I (ciphertext) using the

-- MattWalsh - 14 Feb 2002

Edit | Attach | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | More topic actions
Topic revision: r6 - 23 Feb 2002 - MattWalsh
 
This site is powered by the TWiki collaboration platformCopyright © 2008-2012 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback