Algorithms and Mechanisms

Algorithms

Encryption

DES
IDEA
[SKIPJACK]

Key Exchange

RSA (Patent to 2000)
Diffie Helleman (Patent to 1997)

Authentication

Shared secret
- Digest password method to replace Basic
No shared secret
- RSA (Patent to 2000)
- [DSS] (Approval ?)

Digest

RSA-MD2, RSA-MD4, RSA-MD5
[SQMODN]
[MDC5]

Extension Mechanism.

As part of the modular browser and library concept we would like to provide a mechanism to permit additional transformer modules to be declared. In the context of security these modules would provide encryption, digest and authentication functionality.

Create a new transformation context and prepare it for use.

Facility_open (sh_parameters *param, sh_context **context)

Process a block of data returning the result in an block of memory .

Facility_block (sh_context *context, const void *block_in,
        int length_in, void **block_out, int *length_out)

Close transformation context and return remaining data.

Facility_close (sh_context *context, void **block_out, int *length_out)

Memory Allocation

The block and close routines are responsible for allocating the required memory using the SHAllocate (int size, void **block). routine. The caller is responsible for freeing this memory with the SHFree (void block) routine.

Registration of new transformers

Transformers are registerered using the SHRegister routine and derregistered using the SHDeregister routine:

SHRegister (sh_context *context,
        int (*open)(const sh_parameters *param, sh_context **context),
        int (*block)(sh_context *context, 
            const void *block_in, int length_in, 
            void **block_out, int *length_out),
        int (*close)(sh_context *context, 
            void **block_out, int *length_out),     
        sh_identifier **id)

Deregistration of a transformer.

SHDeregister (sh_identifier, *id);

Alternative scheme:

Alternatively a stream like format might be employed. In this scheme data would be returned via callbacks to a specified routine using a context defined when the stream was opened. This scheme avoids the need to create and destroy memory blocks.

Facility_open (const sh_parameters *param, 
        void *user_data, sh_context **context)

Facility_block (sh_context *context,
        void *block_in, int length_in,
        int (*putblock) (const void *user_data, 
            void **block_out, int *length_out));

Facility_close (sh_context *context, 
        int (*putblock) (void *user_data, 
            void **block_out, int *length_out));

Either scheme may be made to appear like the other through additional wrapper logic. It may be appropriate to permit transformers of both varieties to be added to the library. A single scheme would be preferred however.

Phillip M. Hallam-Baker, CERN ECP PTG hallam@alws.cern.ch

Henrik Frystyk Nielsen, CERN CN, frystryk@ptsun00.cern.ch

Ari Luotonen, CERN ECP (Now at Mosaic Communications Corp)