aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2009-08-31 18:40:51 +0000
committerlloyd <[email protected]>2009-08-31 18:40:51 +0000
commit8381ceca38f0eee44e893921cbd74fdb3014f7ba (patch)
treed8f1e44fac6b7ca6956b96caf4bc8ced28458ef1
parent8f8a595abcede0e3a30cc8219510c87b773de470 (diff)
Add Rivest's package transform
-rw-r--r--doc/log.txt2
-rw-r--r--src/aont/info.txt17
-rw-r--r--src/aont/package.cpp128
-rw-r--r--src/aont/package.h45
4 files changed, 192 insertions, 0 deletions
diff --git a/doc/log.txt b/doc/log.txt
index 992829b39..a84e72d62 100644
--- a/doc/log.txt
+++ b/doc/log.txt
@@ -2,6 +2,8 @@
* 1.9.0-pre, 2009-??-??
- Add support for parallel invocation of block ciphers where possible
- Add SSE2 implementation of Serpent
+ - Add Rivest's package transform (an all or nothing transform)
+ - Minor speedups to the Turing key schedule
* 1.8.6, 2009-08-13
- Add Cryptobox, a set of simple password-based encryption routines
diff --git a/src/aont/info.txt b/src/aont/info.txt
new file mode 100644
index 000000000..a0387f358
--- /dev/null
+++ b/src/aont/info.txt
@@ -0,0 +1,17 @@
+realname "All or Nothing Transforms"
+
+define PACKAGE_TRANSFORM
+
+load_on auto
+
+<add>
+package.cpp
+package.h
+</add>
+
+<requires>
+block
+ctr
+rng
+filters
+</requires>
diff --git a/src/aont/package.cpp b/src/aont/package.cpp
new file mode 100644
index 000000000..6c6b56865
--- /dev/null
+++ b/src/aont/package.cpp
@@ -0,0 +1,128 @@
+/*
+* Rivest's Package Tranform
+*
+* (C) 2009 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/package.h>
+#include <botan/pipe.h>
+#include <botan/ctr.h>
+#include <botan/loadstor.h>
+#include <botan/xor_buf.h>
+
+namespace Botan {
+
+namespace AllOrNothingTransform {
+
+void package(RandomNumberGenerator& rng,
+ BlockCipher* cipher,
+ const byte input[], u32bit input_len,
+ byte output[])
+ {
+ if(!cipher->valid_keylength(cipher->BLOCK_SIZE))
+ throw Invalid_Argument("AONT::package: Invalid cipher");
+
+ // The all-zero string which is used both as the CTR IV and as K0
+ const std::string all_zeros(cipher->BLOCK_SIZE*2, '0');
+
+ SymmetricKey package_key(rng, cipher->BLOCK_SIZE);
+
+ // takes ownership of cipher object
+ Keyed_Filter* ctr_mode = new CTR_BE(cipher,
+ package_key,
+ InitializationVector(all_zeros));
+
+ Pipe pipe(ctr_mode);
+
+ pipe.process_msg(input, input_len);
+ pipe.read(output, pipe.remaining());
+
+ // Set K0 (the all zero key)
+ cipher->set_key(SymmetricKey(all_zeros));
+
+ SecureVector<byte> buf(cipher->BLOCK_SIZE);
+
+ const u32bit blocks =
+ (input_len + cipher->BLOCK_SIZE - 1) / cipher->BLOCK_SIZE;
+
+ byte* final_block = output + input_len;
+ clear_mem(final_block, cipher->BLOCK_SIZE);
+
+ // XOR the hash blocks into the final block
+ for(u32bit i = 0; i != blocks; ++i)
+ {
+ u32bit left = std::min<u32bit>(cipher->BLOCK_SIZE,
+ input_len - cipher->BLOCK_SIZE * i);
+
+ buf.clear();
+ copy_mem(&buf[0], output + cipher->BLOCK_SIZE * i, left);
+
+ for(u32bit j = 0; j != 4; ++j)
+ buf[cipher->BLOCK_SIZE - 1 - j] ^= get_byte(3-j, i);
+
+ cipher->encrypt(buf);
+
+ xor_buf(final_block, buf, cipher->BLOCK_SIZE);
+ }
+
+ // XOR the random package key into the final block
+ xor_buf(final_block, package_key.begin(), cipher->BLOCK_SIZE);
+ }
+
+void unpackage(BlockCipher* cipher,
+ const byte input[], u32bit input_len,
+ byte output[])
+ {
+ if(!cipher->valid_keylength(cipher->BLOCK_SIZE))
+ throw Invalid_Argument("AONT::unpackage: Invalid cipher");
+
+ if(input_len < cipher->BLOCK_SIZE)
+ throw Invalid_Argument("AONT::unpackage: Input too short");
+
+ // The all-zero string which is used both as the CTR IV and as K0
+ const std::string all_zeros(cipher->BLOCK_SIZE*2, '0');
+
+ cipher->set_key(SymmetricKey(all_zeros));
+
+ SecureVector<byte> package_key(cipher->BLOCK_SIZE);
+ SecureVector<byte> buf(cipher->BLOCK_SIZE);
+
+ // Copy the package key (masked with the block hashes)
+ copy_mem(&package_key[0],
+ input + (input_len - cipher->BLOCK_SIZE),
+ cipher->BLOCK_SIZE);
+
+ const u32bit blocks = ((input_len - 1) / cipher->BLOCK_SIZE);
+
+ // XOR the blocks into the package key bits
+ for(u32bit i = 0; i != blocks; ++i)
+ {
+ u32bit left = std::min<u32bit>(cipher->BLOCK_SIZE,
+ input_len - cipher->BLOCK_SIZE * (i+1));
+
+ buf.clear();
+ copy_mem(&buf[0], input + cipher->BLOCK_SIZE * i, left);
+
+ for(u32bit j = 0; j != 4; ++j)
+ buf[cipher->BLOCK_SIZE - 1 - j] ^= get_byte(3-j, i);
+
+ cipher->encrypt(buf);
+
+ xor_buf(&package_key[0], buf, cipher->BLOCK_SIZE);
+ }
+
+ // takes ownership of cipher object
+ Pipe pipe(new CTR_BE(cipher,
+ SymmetricKey(package_key),
+ InitializationVector(all_zeros)));
+
+ pipe.process_msg(input, input_len - cipher->BLOCK_SIZE);
+
+ pipe.read(output, pipe.remaining());
+ }
+
+}
+
+}
diff --git a/src/aont/package.h b/src/aont/package.h
new file mode 100644
index 000000000..35d2a23fc
--- /dev/null
+++ b/src/aont/package.h
@@ -0,0 +1,45 @@
+/*
+* Rivest's Package Tranform
+*
+* (C) 2009 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/block_cipher.h>
+#include <botan/rng.h>
+
+namespace Botan {
+
+namespace AllOrNothingTransform {
+
+/**
+* Rivest's Package Tranform
+* @arg rng the random number generator to use
+* @arg cipher the block cipher to use
+* @arg input the input data buffer
+* @arg input_len the length of the input data in bytes
+* @arg output the output data buffer (must be at least
+* input_len + cipher->BLOCK_SIZE bytes long)
+*/
+void package(RandomNumberGenerator& rng,
+ BlockCipher* cipher,
+ const byte input[], u32bit input_len,
+ byte output[]);
+
+/**
+* Rivest's Package Tranform (Inversion)
+* @arg rng the random number generator to use
+* @arg cipher the block cipher to use
+* @arg input the input data buffer
+* @arg input_len the length of the input data in bytes
+* @arg output the output data buffer (must be at least
+* input_len - cipher->BLOCK_SIZE bytes long)
+*/
+void unpackage(BlockCipher* cipher,
+ const byte input[], u32bit input_len,
+ byte output[]);
+
+}
+
+}