Subject: Re: cgd and crypt-ccd
To: Roland Dowdeswell <elric@imrryr.org>
From: None <itojun@iijlab.net>
List: tech-kern
Date: 10/08/2002 17:40:50
>>We should have a quick test of what the compatibility between the
>>devices turns out to be. From a quick code inspection, it looks
>>like the blowfish-cbc modes are compatible on LE machines, but we
>>should test it out. cgdconfig(8) inputs passphrases and turns them
>>into keys slightly differently, but we could come up with a document
>>that describes how to get that to work.
>
>Hmmm, on closer inspection it looks like the IV generation is subtly
>different mainly because BF_encrypt() and BF_decrypt work in host
>byte order. If anyone needs it, I can look into implementing a
>compatible mode (which also probably covers compatibility with
>OpenBSD's vnd(4) blowfish encryption.)
if I remember correctly, it is not recommended to use BF_{en,de}crypt
directly.
itojun
-- from blowfish.pod
BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish
encryption. They encrypt/decrypt the first 64 bits of the vector pointed by
B<data>, using the key B<key>. These functions should not be used unless you
implement 'modes' of Blowfish. The alternative is to use BF_ecb_encrypt().
If you still want to use these functions, you should be aware that they take
each 32-bit chunk in host-byte order, which is little-endian on little-endian
platforms and big-endian on big-endian ones.