not sure how, but blowfish, which used to run perfectly with 64 bit to 448 keys, is now failing even with 128 bit keys.
but the code builds again. we believe.
public:
borked_blowfish_crypto(int key_size);
//!< this will create a new random key of the "key_size", in bits.
- /*!< the valid sizes are from 64 bits to 448 bits (we are forcing a
- higher minimum than the published algorithm because we have found smaller
- keys to be unreliable during decryption. keys of 168 bits and larger
- should be very secure. it is said that if a billion computers each tried
- a billion keys a second, then a 168 bit key would take 10 * 10^24 years
- to break (using brute force). this is essentially unbreakable since the
- age of the universe is only 10 * 10^9 years so far. */
+ /*!< the valid published sizes are from 32 bits to 448 bits, but openssl
+ borks with lower than 128 seemingly. so we are forcing a higher minimum
+ here than the published algorithm.
+ keys of 168 bits and larger should be very secure. it is said
+ (ed: by who?) that if a billion computers each tried a billion keys a
+ second, then a 168 bit key would take 10 * 10^24 years to break (using
+ brute force). this would be essentially unbreakable since the age of the
+ universe is only 10 * 10^9 years so far. (estimates not guaranteed.) */
borked_blowfish_crypto(const basis::byte_array &key, int key_size);
//!< uses a pre-existing "key".
DEFINE_CLASS_NAME("borked_blowfish_crypto");
// blowfish relevant values for appropriate key sizes.
- virtual int minimum_key_size_in_bits() const { return 64; } // officially, this is 32.
- virtual int maximum_key_size_in_bits() const { return 448; }
+ virtual int minimum_key_size_in_bits() const { return static_minimum_key_size_in_bits(); }
+ virtual int maximum_key_size_in_bits() const { return static_maximum_key_size_in_bits(); }
+ static int static_minimum_key_size_in_bits() { return 128; }
+ // officially, this is 32. but openssl fails occasionally with less than 64 bits.
+ static int static_maximum_key_size_in_bits() { return 448; }
};
} //namespace.
// this macro checks on the validity of the key sizes (in bits).
#define DISCUSS_KEY_SIZE(key_size) \
if (key_size < minimum_key_size_in_bits()) { \
- ERROR_BAILOUT(static_class_name(), func, \
+ ERROR_BAILOUT(class_name(), func, \
a_sprintf("key size (%d bits) is less than minimum key size %d.", \
key_size, minimum_key_size_in_bits())); \
return false; \
} \
if (key_size > maximum_key_size_in_bits()) { \
- ERROR_BAILOUT(static_class_name(), func, \
+ ERROR_BAILOUT(class_name(), func, \
a_sprintf("key size (%d bits) is greater than maximum key size %d.", \
key_size, maximum_key_size_in_bits())); \
return false; \
// the key size bits.
#define DISCUSS_PROVIDED_KEY(key_size, key) \
if (key.length() * BITS_PER_BYTE < key_size) { \
- ERROR_BAILOUT(static_class_name(), func, \
+ ERROR_BAILOUT(class_name(), func, \
a_sprintf("key array length (%d) is less than required by key size " \
"(%d bits).", key.length(), key_size)); \
return false; \
* Name : cryptical_envelopment
* Author : Chris Koeritz
*
-* Purpose: Implements the majority of encryption processing using the
+* Purpose:
+*
+* A base class that implements the majority of encryption processing using the
* OpenSSL EVP methods, aka the digital envelope routines.
+*
*****
* Copyright (c) 2005-$now By Author. This program is free software; you can
* redistribute it and/or modify it under the terms of the GNU General Public
DEFINE_CLASS_NAME("twofish_crypto");
// twofish relevant values for appropriate key sizes.
- virtual int minimum_key_size_in_bits() const { return 92; }
+ virtual int minimum_key_size_in_bits() const { return static_minimum_key_size_in_bits(); }
+ virtual int maximum_key_size_in_bits() const { return static_maximum_key_size_in_bits(); }
+ static int static_minimum_key_size_in_bits() { return 92; }
/*
note that the lower bound above was discovered for openssl library through experimentation,
and is not officially documented for the twofish algorithm anywhere we can find (yet).
would succeed on the same key length but then would trigger an 'invalid key length' error.
not the kind of deterministic behavior we might expect.
*/
- virtual int maximum_key_size_in_bits() const { return 256; }
+ static int static_maximum_key_size_in_bits() { return 256; }
};
} //namespace.
const int MAX_STRING = 20000; // largest chunk that we'll try to encrypt.
-// some constants snagged from older version of borked_blowfish_crypto class...
-///const int borked_blowfish_crypto_minimum_key_size_in_bits = 32;
-///const int borked_blowfish_crypto_maximum_key_size_in_bits = 448;
-
//////////////
class test_blowfish; // forward.
int left = ITERATIONS;
while (left--) {
time_stamp key_start;
- borked_blowfish_crypto bc(256);
- bc = borked_blowfish_crypto(_parent.randomizer().inclusive(bc.minimum_key_size_in_bits(), bc.maximum_key_size_in_bits()));
+ borked_blowfish_crypto bc = borked_blowfish_crypto(_parent.randomizer().inclusive(bc.static_minimum_key_size_in_bits(),
+ bc.static_maximum_key_size_in_bits()));
#ifdef DEBUG_BLOWFISH
LOG(a_sprintf("%d bit key has:", bc.key_size()));
astring dumped_key = byte_formatter::text_dump(bc.get_key());
const int MAX_STRING = 64 * KILOBYTE; // largest chunk that we'll try to encrypt.
-// some constants snagged from older version of twofish_crypto class...
-//const int twofish_crypto_minimum_key_size_in_bits = 92;
-//const int twofish_crypto_maximum_key_size_in_bits = 256;
-
//////////////
class test_twofish; // forward.
int left = ITERATIONS;
while (left--) {
time_stamp key_start;
- twofish_crypto tc(256);
- tc = twofish_crypto(_parent.randomizer().inclusive(tc.minimum_key_size_in_bits(), tc.maximum_key_size_in_bits()));
+ twofish_crypto tc = twofish_crypto(_parent.randomizer().inclusive(tc.static_minimum_key_size_in_bits(), tc.static_maximum_key_size_in_bits()));
#ifdef DEBUG_TWOFISH
LOG(a_sprintf("%d bit key has:", tc.key_size()));
astring dumped_key = byte_formatter::text_dump(tc.get_key());
namespace octopi {
-const int encryption_infoton::BLOWFISH_KEY_SIZE = 314;
- // our key size is almost double the recommended key size (168 bits).
- // this would take a very long time to crack using brute force.
+const int encryption_infoton::BLOWFISH_KEY_SIZE = 256;
+ // maximum provided for in standard encryptions.
-const int encryption_infoton::RSA_KEY_SIZE = 1480;
+const int encryption_infoton::RSA_KEY_SIZE = 2048;
// a little bit larger than the 1024 bit threshold.
#undef LOG
//!< this key size should be used for all RSA private keys.
static const int BLOWFISH_KEY_SIZE;
//!< this will be used for blowfish keys that this object generates.
+//hmmm: FIX THAT NAME! argh. blowfish used to be used for second stage, and rsa for first stage, of encrypted communications.
void text_form(basis::base_string &fill) const {
fill.assign(basis::astring(class_name())); // low exposure for vital held info.
if (!_server_side) {
// client's side must track the key we were given for decryption. we'll
// use that from now on.
- twofish_crypto new_key(twofish_crypto::minimum_key_size()); // bogus.
+ twofish_crypto new_key(twofish_crypto::static_maximum_key_size_in_bits());
outcome ret = inf->extract_response(*_rsa_private, new_key);
if (ret != OKAY) {
#ifdef DEBUG_ENCRYPTION_TENTACLE
} else {
// server's side need to process a key request and send it back using
// the public key the requester provided.
- twofish_crypto agreed_key(twofish_crypto::minimum_key_size());
+ twofish_crypto agreed_key(twofish_crypto::static_maximum_key_size_in_bits());
// initialized with junk.
outcome worked = inf->prepare_blowfish_key(agreed_key);
if (worked != OKAY) {
$(MAKE) -f makefile.decoder
run_client_server_test:
+ifdef RUN_ALL_TESTS
# launch the server into the background first. we have to hope it completes, eventually.
echo "launching the cromp server..."
($(FEISTY_MEOW_BINARIES)/test_cromp_server &)
# zap the server now, since it won't quit otherwise.
killall test_cromp_server
echo "after cromp client & server tests."
+endif
+
projects / feisty_meow.git / commitdiff