TeaSpeak/tomcrypt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

IV is short for 'initialization vector'

Browse Source
This commit is contained in:
Steffen Jaeckel 2017-09-20 13:54:42 +02:00
parent fff9fee129
commit c210f24853
20 changed files with 57 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
doc/crypt.tex
View File

@ -781,7 +781,7 @@ This snippet is a small program that registers Rijndael.
\subsection{Background} \subsection{Background}
A typical symmetric block cipher can be used in chaining modes to effectively encrypt messages larger than the block A typical symmetric block cipher can be used in chaining modes to effectively encrypt messages larger than the block
size of the cipher. Given a key $k$, a plaintext $P$ and a cipher $E$ we shall denote the encryption of the block size of the cipher. Given a key $k$, a plaintext $P$ and a cipher $E$ we shall denote the encryption of the block
$P$ under the key $k$ as $E_k(P)$. In some modes there exists an initial vector denoted as $C_{-1}$. $P$ under the key $k$ as $E_k(P)$. In some modes there exists an initialization vector denoted as $C_{-1}$.
\subsubsection{ECB Mode} \subsubsection{ECB Mode}
\index{ECB mode} \index{ECB mode}
@ -799,19 +799,19 @@ It is given as:
\begin{equation} \begin{equation}
C_i = E_k(P_i \oplus C_{i - 1}) C_i = E_k(P_i \oplus C_{i - 1})
\end{equation} \end{equation}
It is important that the initial vector be unique and preferably random for each message encrypted under the same key. It is important that the initialization vector be unique and preferably random for each message encrypted under the same key.
\subsubsection{CTR Mode} \subsubsection{CTR Mode}
\index{CTR mode} \index{CTR mode}
CTR or Counter Mode is a mode which only uses the encryption function of the cipher. Given a initial vector which is CTR or Counter Mode is a mode which only uses the encryption function of the cipher. Given a initialization vector which is
treated as a large binary counter the CTR mode is given as: treated as a large binary counter the CTR mode is given as:
\begin{eqnarray} \begin{eqnarray}
C_{-1} = C_{-1} + 1\mbox{ }(\mbox{mod }2^W) \nonumber \\ C_{-1} = C_{-1} + 1\mbox{ }(\mbox{mod }2^W) \nonumber \\
C_i = P_i \oplus E_k(C_{-1}) C_i = P_i \oplus E_k(C_{-1})
\end{eqnarray} \end{eqnarray}
Where $W$ is the size of a block in bits (e.g. 64 for Blowfish). As long as the initial vector is random for each message Where $W$ is the size of a block in bits (e.g. 64 for Blowfish). As long as the initialization vector is random for each message
encrypted under the same key replay and swap attacks are infeasible. CTR mode may look simple but it is as secure encrypted under the same key replay and swap attacks are infeasible. CTR mode may look simple but it is as secure
as the block cipher is under a chosen plaintext attack (provided the initial vector is unique). as the block cipher is under a chosen plaintext attack (provided the initialization vector is unique).
\subsubsection{CFB Mode} \subsubsection{CFB Mode}
\index{CFB mode} \index{CFB mode}
@ -822,7 +822,7 @@ C_{-1} = E_k(C_i)
\end{eqnarray} \end{eqnarray}
Note that in this library the output feedback width is equal to the size of the block cipher. That is this mode is used Note that in this library the output feedback width is equal to the size of the block cipher. That is this mode is used
to encrypt whole blocks at a time. However, the library will buffer data allowing the user to encrypt or decrypt partial to encrypt whole blocks at a time. However, the library will buffer data allowing the user to encrypt or decrypt partial
blocks without a delay. When this mode is first setup it will initially encrypt the initial vector as required. blocks without a delay. When this mode is first setup it will initially encrypt the initialization vector as required.
\subsubsection{OFB Mode} \subsubsection{OFB Mode}
\index{OFB mode} \index{OFB mode}
@ -1012,7 +1012,7 @@ int main(void)
/* start up CTR mode */ /* start up CTR mode */
if ((err = ctr_start( if ((err = ctr_start(
find_cipher("twofish"), /* index of desired cipher */ find_cipher("twofish"), /* index of desired cipher */
IV, /* the initial vector */ IV, /* the initialization vector */
key, /* the secret key */ key, /* the secret key */
16, /* length of secret key (16 bytes) */ 16, /* length of secret key (16 bytes) */
0, /* 0 == default # of rounds */ 0, /* 0 == default # of rounds */
@ -1786,7 +1786,7 @@ With CCM, a header is meta--data you want to send with the message but not have
as \textit{aadlen}. as \textit{aadlen}.
\subsection{Nonce Vector} \subsection{Nonce Vector}
After the state has been initialized (or reset) the next step is to add the session (or packet) initial vector. It should be unique per packet encrypted. After the state has been initialized (or reset) the next step is to add the session (or packet) initialization vector. It should be unique per packet encrypted.
\index{ccm\_add\_nonce()} \index{ccm\_add\_nonce()}
\begin{verbatim} \begin{verbatim}
@ -1973,7 +1973,7 @@ Galois counter mode is an IEEE proposal for authenticated encryption (also it is
however, unlike EAX it cannot accept \textit{additional authentication data} (meta--data) after plaintext has been processed. This mode also only works with however, unlike EAX it cannot accept \textit{additional authentication data} (meta--data) after plaintext has been processed. This mode also only works with
block ciphers with a 16--byte block. block ciphers with a 16--byte block.
A GCM stream is meant to be processed in three modes, one after another. First, the initial vector (per session) data is processed. This should be A GCM stream is meant to be processed in three modes, one after another. First, the initialization vector (per session) data is processed. This should be
unique to every session. Next, the the optional additional authentication data is processed, and finally the plaintext (or ciphertext depending on the direction). unique to every session. Next, the the optional additional authentication data is processed, and finally the plaintext (or ciphertext depending on the direction).
\subsection{Initialization} \subsection{Initialization}
@ -1989,8 +1989,8 @@ int gcm_init( gcm_state *gcm,
This initializes the GCM state \textit{gcm} for the given cipher indexed by \textit{cipher}, with a secret key \textit{key} of length \textit{keylen} octets. The cipher This initializes the GCM state \textit{gcm} for the given cipher indexed by \textit{cipher}, with a secret key \textit{key} of length \textit{keylen} octets. The cipher
chosen must have a 16--byte block size (e.g., AES). chosen must have a 16--byte block size (e.g., AES).
\subsection{Initial Vector} \subsection{Initialization Vector}
After the state has been initialized (or reset) the next step is to add the session (or packet) initial vector. It should be unique per packet encrypted. After the state has been initialized (or reset) the next step is to add the session (or packet) initialization vector. It should be unique per packet encrypted.
\index{gcm\_add\_iv()} \index{gcm\_add\_iv()}
\begin{verbatim} \begin{verbatim}
@ -1998,7 +1998,7 @@ int gcm_add_iv( gcm_state *gcm,
const unsigned char *IV, const unsigned char *IV,
unsigned long IVlen); unsigned long IVlen);
\end{verbatim} \end{verbatim}
This adds the initial vector octets from \textit{IV} of length \textit{IVlen} to the GCM state \textit{gcm}. You can call this function as many times as required This adds the initialization vector octets from \textit{IV} of length \textit{IVlen} to the GCM state \textit{gcm}. You can call this function as many times as required
to process the entire IV. to process the entire IV.
Note: the GCM protocols provides a \textit{shortcut} for 12--byte IVs where no pre-processing is to be done. If you want to minimize per packet latency it is ideal Note: the GCM protocols provides a \textit{shortcut} for 12--byte IVs where no pre-processing is to be done. If you want to minimize per packet latency it is ideal
@ -2193,8 +2193,8 @@ int chacha20poly1305_init(chacha20poly1305_state *st,
This initializes the ChaCha20--Poly1305 state \textit{st} with a secret key \textit{key} of length \textit{keylen} This initializes the ChaCha20--Poly1305 state \textit{st} with a secret key \textit{key} of length \textit{keylen}
octets (valid lengths: 32 or 16). octets (valid lengths: 32 or 16).
\subsection{Initial Vector} \subsection{Initialization Vector}
After the state has been initialized the next step is to add the initial vector. After the state has been initialized the next step is to add the initialization vector.
\index{chacha20poly1305\_setiv()} \index{chacha20poly1305\_setiv()}
\begin{verbatim} \begin{verbatim}
@ -2202,7 +2202,7 @@ int chacha20poly1305_setiv(chacha20poly1305_state *st,
const unsigned char *iv, const unsigned char *iv,
unsigned long ivlen); unsigned long ivlen);
\end{verbatim} \end{verbatim}
This adds the initial vector from \textit{iv} of length \textit{ivlen} octects (valid lengths: 8 or 12) to This adds the initialization vector from \textit{iv} of length \textit{ivlen} octects (valid lengths: 8 or 12) to
the ChaCha20--Poly1305 state \textit{st}. the ChaCha20--Poly1305 state \textit{st}.
\index{chacha20poly1305\_setiv\_rfc7905()} \index{chacha20poly1305\_setiv\_rfc7905()}
@ -2212,7 +2212,7 @@ int chacha20poly1305_setiv_rfc7905(chacha20poly1305_state *st,
unsigned long ivlen, unsigned long ivlen,
ulong64 sequence_number); ulong64 sequence_number);
\end{verbatim} \end{verbatim}
This also adds the initial vector from \textit{iv} of length \textit{ivlen} octects (valid lengths: 8 or 12) to This also adds the initialization vector from \textit{iv} of length \textit{ivlen} octects (valid lengths: 8 or 12) to
the state \textit{st} but it also incorporates 64bit \textit{sequence\_number} into IV as described in RFC7905. the state \textit{st} but it also incorporates 64bit \textit{sequence\_number} into IV as described in RFC7905.
You can call only one of \textit{chacha20poly1305\_setiv} or \textit{chacha20poly1305\_setiv\_rfc7905}. You can call only one of \textit{chacha20poly1305\_setiv} or \textit{chacha20poly1305\_setiv\_rfc7905}.
@ -6163,7 +6163,7 @@ As above, but we generate as many bytes as requested in outlen per the OpenSSL e
\subsection{Algorithm Two} \subsection{Algorithm Two}
Algorithm Two is the recommended algorithm for this task. It allows variable length salts, and can produce outputs larger than the Algorithm Two is the recommended algorithm for this task. It allows variable length salts, and can produce outputs larger than the
hash functions output. As such, it can easily be used to derive session keys for ciphers and MACs as well initial vectors as required hash functions output. As such, it can easily be used to derive session keys for ciphers and MACs as well initialization vectors as required
from a single password and invocation of this algorithm. from a single password and invocation of this algorithm.
\index{pkcs\_5\_alg2()} \index{pkcs\_5\_alg2()}
@ -7295,8 +7295,8 @@ struct ltc_cipher_descriptor {
/** Accelerated GCM packet (one shot) /** Accelerated GCM packet (one shot)
@param key The secret key @param key The secret key
@param keylen The length of the secret key @param keylen The length of the secret key
@param IV The initial vector @param IV The initialization vector
@param IVlen The length of the initial vector @param IVlen The length of the initialization vector
@param adata The additional authentication data (header) @param adata The additional authentication data (header)
@param adatalen The length of the adata @param adatalen The length of the adata
@param pt The plaintext @param pt The plaintext
@ -7412,7 +7412,7 @@ through the accel\_ecb\_encrypt and accel\_ecb\_decrypt pointers. The \textit{b
\subsubsection{Accelerated CBC} \subsubsection{Accelerated CBC}
These two functions are meant for accelerated CBC encryption. These functions are accessed through the accel\_cbc\_encrypt and accel\_cbc\_decrypt pointers. These two functions are meant for accelerated CBC encryption. These functions are accessed through the accel\_cbc\_encrypt and accel\_cbc\_decrypt pointers.
The \textit{blocks} value is the number of complete blocks to process. The \textit{IV} is the CBC initial vector. It is an input upon calling this function and must be The \textit{blocks} value is the number of complete blocks to process. The \textit{IV} is the CBC initialization vector. It is an input upon calling this function and must be
updated by the function before returning. updated by the function before returning.
\subsubsection{Accelerated CTR} \subsubsection{Accelerated CTR}

4
src/encauth/chachapoly/chacha20poly1305_memory.c
View File

@ -15,8 +15,8 @@
Process an entire GCM packet in one call. Process an entire GCM packet in one call.
@param key The secret key @param key The secret key
@param keylen The length of the secret key @param keylen The length of the secret key
@param iv The initial vector @param iv The initialization vector
@param ivlen The length of the initial vector @param ivlen The length of the initialization vector
@param aad The additional authentication data (header) @param aad The additional authentication data (header)
@param aadlen The length of the aad @param aadlen The length of the aad
@param in The plaintext @param in The plaintext

4
src/encauth/gcm/gcm_memory.c
View File

@ -20,8 +20,8 @@
@param cipher Index of cipher to use @param cipher Index of cipher to use
@param key The secret key @param key The secret key
@param keylen The length of the secret key @param keylen The length of the secret key
@param IV The initial vector @param IV The initialization vector
@param IVlen The length of the initial vector @param IVlen The length of the initialization vector
@param adata The additional authentication data (header) @param adata The additional authentication data (header)
@param adatalen The length of the adata @param adatalen The length of the adata
@param pt The plaintext @param pt The plaintext

4
src/headers/tomcrypt_cipher.h
View File

@ -499,8 +499,8 @@ extern struct ltc_cipher_descriptor {
/** Accelerated GCM packet (one shot) /** Accelerated GCM packet (one shot)
@param key The secret key @param key The secret key
@param keylen The length of the secret key @param keylen The length of the secret key
@param IV The initial vector @param IV The initialization vector
@param IVlen The length of the initial vector @param IVlen The length of the initialization vector
@param adata The additional authentication data (header) @param adata The additional authentication data (header)
@param adatalen The length of the adata @param adatalen The length of the adata
@param pt The plaintext @param pt The plaintext

2
src/mac/hmac/hmac_init.c
View File

@ -75,7 +75,7 @@ int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned lon
zeromem((hmac->key) + keylen, (size_t)(LTC_HMAC_BLOCKSIZE - keylen)); zeromem((hmac->key) + keylen, (size_t)(LTC_HMAC_BLOCKSIZE - keylen));
} }
/* Create the initial vector for step (3) */ /* Create the initialization vector for step (3) */
for(i=0; i < LTC_HMAC_BLOCKSIZE; i++) { for(i=0; i < LTC_HMAC_BLOCKSIZE; i++) {
buf[i] = hmac->key[i] ^ 0x36; buf[i] = hmac->key[i] ^ 0x36;
} }

6
src/modes/cbc/cbc_getiv.c
View File

@ -16,9 +16,9 @@
#ifdef LTC_CBC_MODE #ifdef LTC_CBC_MODE
/** /**
Get the current initial vector Get the current initialization vector
@param IV [out] The destination of the initial vector @param IV [out] The destination of the initialization vector
@param len [in/out] The max size and resulting size of the initial vector @param len [in/out] The max size and resulting size of the initialization vector
@param cbc The CBC state @param cbc The CBC state
@return CRYPT_OK if successful @return CRYPT_OK if successful
*/ */

4
src/modes/cbc/cbc_setiv.c
View File

@ -17,8 +17,8 @@
#ifdef LTC_CBC_MODE #ifdef LTC_CBC_MODE
/** /**
Set an initial vector Set an initialization vector
@param IV The initial vector @param IV The initialization vector
@param len The length of the vector (in octets) @param len The length of the vector (in octets)
@param cbc The CBC state @param cbc The CBC state
@return CRYPT_OK if successful @return CRYPT_OK if successful

2
src/modes/cbc/cbc_start.c
View File

@ -18,7 +18,7 @@
/** /**
Initialize a CBC context Initialize a CBC context
@param cipher The index of the cipher desired @param cipher The index of the cipher desired
@param IV The initial vector @param IV The initialization vector
@param key The secret key @param key The secret key
@param keylen The length of the secret key (octets) @param keylen The length of the secret key (octets)
@param num_rounds Number of rounds in the cipher desired (0 for default) @param num_rounds Number of rounds in the cipher desired (0 for default)

6
src/modes/cfb/cfb_getiv.c
View File

@ -16,9 +16,9 @@
#ifdef LTC_CFB_MODE #ifdef LTC_CFB_MODE
/** /**
Get the current initial vector Get the current initialization vector
@param IV [out] The destination of the initial vector @param IV [out] The destination of the initialization vector
@param len [in/out] The max size and resulting size of the initial vector @param len [in/out] The max size and resulting size of the initialization vector
@param cfb The CFB state @param cfb The CFB state
@return CRYPT_OK if successful @return CRYPT_OK if successful
*/ */

4
src/modes/cfb/cfb_setiv.c
View File

@ -16,8 +16,8 @@
#ifdef LTC_CFB_MODE #ifdef LTC_CFB_MODE
/** /**
Set an initial vector Set an initialization vector
@param IV The initial vector @param IV The initialization vector
@param len The length of the vector (in octets) @param len The length of the vector (in octets)
@param cfb The CFB state @param cfb The CFB state
@return CRYPT_OK if successful @return CRYPT_OK if successful

2
src/modes/cfb/cfb_start.c
View File

@ -19,7 +19,7 @@
/** /**
Initialize a CFB context Initialize a CFB context
@param cipher The index of the cipher desired @param cipher The index of the cipher desired
@param IV The initial vector @param IV The initialization vector
@param key The secret key @param key The secret key
@param keylen The length of the secret key (octets) @param keylen The length of the secret key (octets)
@param num_rounds Number of rounds in the cipher desired (0 for default) @param num_rounds Number of rounds in the cipher desired (0 for default)

6
src/modes/ctr/ctr_getiv.c
View File

@ -16,9 +16,9 @@
#ifdef LTC_CTR_MODE #ifdef LTC_CTR_MODE
/** /**
Get the current initial vector Get the current initialization vector
@param IV [out] The destination of the initial vector @param IV [out] The destination of the initialization vector
@param len [in/out] The max size and resulting size of the initial vector @param len [in/out] The max size and resulting size of the initialization vector
@param ctr The CTR state @param ctr The CTR state
@return CRYPT_OK if successful @return CRYPT_OK if successful
*/ */

4
src/modes/ctr/ctr_setiv.c
View File

@ -16,8 +16,8 @@
#ifdef LTC_CTR_MODE #ifdef LTC_CTR_MODE
/** /**
Set an initial vector Set an initialization vector
@param IV The initial vector @param IV The initialization vector
@param len The length of the vector (in octets) @param len The length of the vector (in octets)
@param ctr The CTR state @param ctr The CTR state
@return CRYPT_OK if successful @return CRYPT_OK if successful

2
src/modes/ctr/ctr_start.c
View File

@ -19,7 +19,7 @@
/** /**
Initialize a CTR context Initialize a CTR context
@param cipher The index of the cipher desired @param cipher The index of the cipher desired
@param IV The initial vector @param IV The initialization vector
@param key The secret key @param key The secret key
@param keylen The length of the secret key (octets) @param keylen The length of the secret key (octets)
@param num_rounds Number of rounds in the cipher desired (0 for default) @param num_rounds Number of rounds in the cipher desired (0 for default)

6
src/modes/f8/f8_getiv.c
View File

@ -16,9 +16,9 @@
#ifdef LTC_F8_MODE #ifdef LTC_F8_MODE
/** /**
Get the current initial vector Get the current initialization vector
@param IV [out] The destination of the initial vector @param IV [out] The destination of the initialization vector
@param len [in/out] The max size and resulting size of the initial vector @param len [in/out] The max size and resulting size of the initialization vector
@param f8 The F8 state @param f8 The F8 state
@return CRYPT_OK if successful @return CRYPT_OK if successful
*/ */

4
src/modes/f8/f8_setiv.c
View File

@ -16,8 +16,8 @@
#ifdef LTC_F8_MODE #ifdef LTC_F8_MODE
/** /**
Set an initial vector Set an initialization vector
@param IV The initial vector @param IV The initialization vector
@param len The length of the vector (in octets) @param len The length of the vector (in octets)
@param f8 The F8 state @param f8 The F8 state
@return CRYPT_OK if successful @return CRYPT_OK if successful

2
src/modes/f8/f8_start.c
View File

@ -19,7 +19,7 @@
/** /**
Initialize an F8 context Initialize an F8 context
@param cipher The index of the cipher desired @param cipher The index of the cipher desired
@param IV The initial vector @param IV The initialization vector
@param key The secret key @param key The secret key
@param keylen The length of the secret key (octets) @param keylen The length of the secret key (octets)
@param salt_key The salting key for the IV @param salt_key The salting key for the IV

6
src/modes/ofb/ofb_getiv.c
View File

@ -16,9 +16,9 @@
#ifdef LTC_OFB_MODE #ifdef LTC_OFB_MODE
/** /**
Get the current initial vector Get the current initialization vector
@param IV [out] The destination of the initial vector @param IV [out] The destination of the initialization vector
@param len [in/out] The max size and resulting size of the initial vector @param len [in/out] The max size and resulting size of the initialization vector
@param ofb The OFB state @param ofb The OFB state
@return CRYPT_OK if successful @return CRYPT_OK if successful
*/ */

4
src/modes/ofb/ofb_setiv.c
View File

@ -16,8 +16,8 @@
#ifdef LTC_OFB_MODE #ifdef LTC_OFB_MODE
/** /**
Set an initial vector Set an initialization vector
@param IV The initial vector @param IV The initialization vector
@param len The length of the vector (in octets) @param len The length of the vector (in octets)
@param ofb The OFB state @param ofb The OFB state
@return CRYPT_OK if successful @return CRYPT_OK if successful

2
src/modes/ofb/ofb_start.c
View File

@ -19,7 +19,7 @@
/** /**
Initialize a OFB context Initialize a OFB context
@param cipher The index of the cipher desired @param cipher The index of the cipher desired
@param IV The initial vector @param IV The initialization vector
@param key The secret key @param key The secret key
@param keylen The length of the secret key (octets) @param keylen The length of the secret key (octets)
@param num_rounds Number of rounds in the cipher desired (0 for default) @param num_rounds Number of rounds in the cipher desired (0 for default)