Thread: [Ocf-linux-users] Public Key Operation help.
Brought to you by:
david-m
Menu
▾
▴
ocf-linux-users
|
From: Nawang C. <naw...@gm...> - 2008-10-17 04:11:07
|
Hi David,
I am trying to perform MODEXP operation through OCF. Device I
am using is "safe". But I am totally lost is middle with issues like:
1. Endianess: Looking at the cryptoktest program it seems we have to pass
the data to "ocf" in Little Endian format.
2. Word Length: While converting a byte string into Little Endian format, I
am not sure what is the length of a word(4bytes or 8 bytes).
With lack of proper API documentation I am finding it even hard.
Can you give me some pointers where I can clear my above doubts.
Please help.
--
Nawang.
|
|
From: David M. <Dav...@se...> - 2008-10-17 05:16:16
|
Jivin Nawang Chhetan lays it down ... > Hi David, > I am trying to perform MODEXP operation through OCF. Device I > am using is "safe". But I am totally lost is middle with issues like: > 1. Endianess: Looking at the cryptoktest program it seems we have to pass > the data to "ocf" in Little Endian format. Thats sounds about right. > 2. Word Length: While converting a byte string into Little Endian format, I > am not sure what is the length of a word(4bytes or 8 bytes). The parameters for OCF MODEXP are byte arrays, all the code I can see works on bytes. The BIGNUM format from openssl however is word based IIRC. > With lack of proper API documentation I am finding it even hard. > Can you give me some pointers where I can clear my above doubts. You might find it easier to look at the openswan patches and how it converts various formats to the OCF version and back. Although both cryptokeytest and openswan convert from BIGNUM to OCF format. It may help to understand the BIGNUM format first. Then you can see how cryptokeytest does the same op using both openssl and it's own modexp, Cheers, Davidm -- David McCullough, dav...@se..., Ph:+61 734352815 Secure Computing - SnapGear http://www.uCdot.org http://www.snapgear.com |
|
From: Nawang C. <naw...@gm...> - 2008-10-17 06:56:22
|
On Fri, Oct 17, 2008 at 10:17 AM, David McCullough
<Dav...@se...> wrote:
>
> Jivin Nawang Chhetan lays it down ...
>> Hi David,
>> I am trying to perform MODEXP operation through OCF. Device I
>> am using is "safe". But I am totally lost is middle with issues like:
>> 1. Endianess: Looking at the cryptoktest program it seems we have to pass
>> the data to "ocf" in Little Endian format.
>
> Thats sounds about right.
>
>> 2. Word Length: While converting a byte string into Little Endian format, I
>> am not sure what is the length of a word(4bytes or 8 bytes).
>
> The parameters for OCF MODEXP are byte arrays, all the code I can see
> works on bytes.
>
Does that mean, if I have a (hex) byte array as BIGNUM input, I need
to convert it into little
endian format i.e. if BigNUM=0x1a2b3c4d 5e6f7182 than I should covert
it to little endian format by reversing the
complete string to: 0x82716f5e 4d3c2b1a
> The BIGNUM format from openssl however is word based IIRC.
>
>> With lack of proper API documentation I am finding it even hard.
>> Can you give me some pointers where I can clear my above doubts.
>
> You might find it easier to look at the openswan patches and how it
> converts various formats to the OCF version and back.
>
> Although both cryptokeytest and openswan convert from BIGNUM to OCF
> format. It may help to understand the BIGNUM format first. Then you
> can see how cryptokeytest does the same op using both openssl and
> it's own modexp,
>
BIGNUM in openssl library is a structure,
struct bignum_st
{
BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
int top; /* Index of last used d +1. */
/* The next are internal book keeping for bn_expand. */
int dmax; /* Size of the d array. */
int neg; /* one if the number is negative */
int flags;
};
BN_BITS2=64,
when bignum_to_le conversion is done in cryptoktest each BN_BITS2
words in "bignum_st->d"( not the complete byte string) is converted to
little endian.
Is this right comprehension ?
If so then,(to reiterate you) the modexp input data i.e mod, exp and
base are stored as caddr_t which boils down to char * i.e. modexp data
in byte string.
Don't you think little endian conversion of entire byte string should
have been done, instead of each word.
> Cheers,
> Davidm
>
> --
> David McCullough, dav...@se..., Ph:+61 734352815
> Secure Computing - SnapGear http://www.uCdot.org http://www.snapgear.com
>
--
Nawang
|
|
From: Nawang C. <naw...@gm...> - 2008-11-10 05:25:30
|
Hi All,
I am sorry for late mention, I've resolved the issue. Ocf
expects/delivers complete byte string as little endian.
On Fri, Oct 17, 2008 at 12:26 PM, Nawang Chhetan
<naw...@gm...> wrote:
> On Fri, Oct 17, 2008 at 10:17 AM, David McCullough
> <Dav...@se...> wrote:
>>
>> Jivin Nawang Chhetan lays it down ...
>>> Hi David,
>>> I am trying to perform MODEXP operation through OCF. Device I
>>> am using is "safe". But I am totally lost is middle with issues like:
>>> 1. Endianess: Looking at the cryptoktest program it seems we have to pass
>>> the data to "ocf" in Little Endian format.
>>
>> Thats sounds about right.
>>
>>> 2. Word Length: While converting a byte string into Little Endian format, I
>>> am not sure what is the length of a word(4bytes or 8 bytes).
>>
>> The parameters for OCF MODEXP are byte arrays, all the code I can see
>> works on bytes.
>>
> Does that mean, if I have a (hex) byte array as BIGNUM input, I need
> to convert it into little
> endian format i.e. if BigNUM=0x1a2b3c4d 5e6f7182 than I should covert
> it to little endian format by reversing the
> complete string to: 0x82716f5e 4d3c2b1a
>
>> The BIGNUM format from openssl however is word based IIRC.
>>
>>> With lack of proper API documentation I am finding it even hard.
>>> Can you give me some pointers where I can clear my above doubts.
>>
>> You might find it easier to look at the openswan patches and how it
>> converts various formats to the OCF version and back.
>>
>> Although both cryptokeytest and openswan convert from BIGNUM to OCF
>> format. It may help to understand the BIGNUM format first. Then you
>> can see how cryptokeytest does the same op using both openssl and
>> it's own modexp,
>>
>
> BIGNUM in openssl library is a structure,
> struct bignum_st
> {
> BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
> int top; /* Index of last used d +1. */
> /* The next are internal book keeping for bn_expand. */
> int dmax; /* Size of the d array. */
> int neg; /* one if the number is negative */
> int flags;
> };
>
> BN_BITS2=64,
> when bignum_to_le conversion is done in cryptoktest each BN_BITS2
> words in "bignum_st->d"( not the complete byte string) is converted to
> little endian.
>
> Is this right comprehension ?
> If so then,(to reiterate you) the modexp input data i.e mod, exp and
> base are stored as caddr_t which boils down to char * i.e. modexp data
> in byte string.
>
> Don't you think little endian conversion of entire byte string should
> have been done, instead of each word.
>
>
>> Cheers,
>> Davidm
>>
>> --
>> David McCullough, dav...@se..., Ph:+61 734352815
>> Secure Computing - SnapGear http://www.uCdot.org http://www.snapgear.com
>>
>
>
>
> --
> Nawang
>
--
Nawang Chhetan
Software Engineer
SafeNet India.
|
Thanks for helping keep SourceForge clean.
X