On 03/29/2011 05:02 AM, Niels Möller wrote:
If you're fine with either having weak keys always raise an exception or always be accepted, you could write set_key wrappers for the affected ciphers which do precisely that and which adhere to the nettle_set_key_func interface (note that des_set_key and des3_set_key don't have a key size argument so they need wrappers also for that reason). If you want it to be configurable, things get a bit more complicated and you may need your own struct perl_cipher to extend struct nettle_cipher (you could still enumerate the available nettle_cipher and convert each to a corresponding perl_cipher). Or you could just define separate classes with and without weak key checking.
this is quite a bit of code duplication across bindings. I'd rather just expose the fact of a weak key to the caller directly (whether through exceptions, return codes, or some other mechanism.
-----
Here's a proposal for (2) which i'll name "2a"; I believe it does involve an ABI+API bump to libnettle, but should allow for a reduction in the amount of code for all bindings (which in turn might make the creation of future bindings more likely, thereby getting the nettle goodness out to more people). I know i'd be more likely to maintain additional bindings if they are smaller/simpler.
redefine nettle_set_key_func to return an int instead of a void:
typedef int nettle_set_key_func(void *ctx, unsigned length, const uint8_t *key);
For the ciphers which have no weak keys, create wrapper functions around their set_key functions which always return 1, and use those wrapper functions to populate the standard nettle_cipher objects.
Add a wrapper function around des_set_key and des3_set_key that includes a key length argument; add corresponding nettle_cipher objects for des and des3.
Add new nettle_cipher objects for the remaining weak-key ciphers (only blowfish?) without the wrapping functions.
-----
And here is "2b", a more involved proposal for (2) -- it's a bigger ABI+API change, but the exposed API becomes more normalized:
Redefine nettle_set_key_func as in "2a"; and also change all the *_set_key() functions in nettle to return an int directly. ciphers with no weak keys will naturally always return 1.
Change des_set_key() and des3_set_key() to take length arguments like every other *_set_key() function.
Add new nettle_cipher objects for all missing ciphers.
-----
I understand the natural reluctance to make an ABI bump, and i think it's good to do so carefully (and i regret that i didn't make this proposal before the recent ABI bump to get it all done together). But i think the tradeoff in terms of simplicity of new bindings is an overall positive one.
In either proposal, bindings still retain the ability to report weak keys using language-specific mechanisms/error handling.
I'd be happy to write a patch for either 2a or 2b, if there was a chance that they would be accepted upstream. Either one would make me happy (and more willing to step up to writing python bindings, which i'd like to have on my plate for the future).
Regards,
--dkg