[OpenAFS-devel] Re: FCrypt Spec for AFS rxkad

Bjoern Groenvall bg@sics.se
19 Dec 2000 21:07:10 +0100

>>>>> "Ted" == Ted Anderson <ota@transarc.com> writes:

Ted> On 19 Dec 2000 13:58:00 +0100 Bjoern Groenvall <bg@sics.se>
Ted> wrote:
>> Thanks for the spec. It would have been really nice to have all
>> this documentation available when I implemented the "liberated
>> rxkad". It would have saved me from a lot of experimentation.

Ted> Did you really implement FCrypt based only on looking at packets
Ted> and decompiled object code, or did you find a copy of the source
Ted> somewhere?
>> From comments in the source, I see you got the sboxes from
>> Transarc, but
Ted> what about the algorithm itself?

Ted> Just curious, Ted

There has always been a functional reference implementation of FCrypt
available. To be more precise, FCrypt is part of the CM that you load
into the kernel. That implementation together with the crippled code
in /afs/transarc.com/public/afsps/afs.rel31b.export-src/rxkad provides
you with enough of hints to figure out how the algorithm works. You
start out by making small changes to the final value of the key
schedule to derive the F_ENCRYPT macro. Match the changes with the
sbox values and experiment, experiment, and experiment. Eventually you
have it all figured out.

I don't think looking at tcpdumps and decompiled object code would
have been particularly fruitful though. I remember the object code
as pretty confusing.

#ifdef:ed under TEST and TEST_KERNEL you will still find some of the
test cases that I originally used.


  _     _                                               ,_______________.  
Bjorn Gronvall (Bjrn Grnvall)                        /_______________/|     
Swedish Institute of Computer Science                  |               ||
PO Box 1263, S-164 29 Kista, Sweden                    | Schroedingers ||
Email: bg@sics.se, Phone +46 -8 633 15 25              |      Cat      |/
Cellular +46 -70 768 06 35, Fax +46 -8 751 72 30       `---------------'