crypticl-cvs January 2007

crypticl-cvs@common-lisp.net

1 participants
41 discussions

[crypticl-cvs] CVS crypticl/src
by tskogan 27 Jan '07

27 Jan '07

Update of /project/crypticl/cvsroot/crypticl/src In directory clnet:/tmp/cvs-serv24062/src Modified Files: random.lisp load.lisp keygenerator.lisp aes.lisp Log Message: Get rid of load time warnings by reordering some code. Becuase the random number generator uses aes, aes must come before random, but aes depends on the keygenerator for producing keys which again depends on random; a circle dependency. Solve this a bit hackish by moving some aes code related to keys into keygenerator. --- /project/crypticl/cvsroot/crypticl/src/random.lisp 2007/01/27 11:28:30 1.9 +++ /project/crypticl/cvsroot/crypticl/src/random.lisp 2007/01/27 17:07:17 1.10 @@ -122,7 +122,7 @@ The input should be high entropy bits, ideally 256 bits of entropy or more, given as a bignum or a byte array." (unless *random-secure-state* - (setf *random-secure-state* (make-SecurePRNG))) + (setf *random-secure-state* (make-SecurePRNG-AES))) (typecase new-seed (integer (reseed *random-secure-state* (integer-to-octet-vector new-seed))) --- /project/crypticl/cvsroot/crypticl/src/load.lisp 2007/01/18 21:37:02 1.8 +++ /project/crypticl/cvsroot/crypticl/src/load.lisp 2007/01/27 17:07:17 1.9 @@ -21,11 +21,13 @@ "utilities" "numtheory" "common" - "sha" ;used by random - "random" - "keygenerator" - "md5" "aes" "idea" "dsa" "rsa" "diffie-hellman" - "sha256" + "sha" + "sha256" + "aes" + "random" + "keygenerator" + "md5" "idea" "dsa" "rsa" "diffie-hellman" + "keystore" "test"))) (format t "Loading the Crypticl library...") --- /project/crypticl/cvsroot/crypticl/src/keygenerator.lisp 2007/01/17 22:00:52 1.7 +++ /project/crypticl/cvsroot/crypticl/src/keygenerator.lisp 2007/01/27 17:07:17 1.8 @@ -124,4 +124,9 @@ +(defun aes-generate-key (&optional (bitsize 128) encoding) + (declare (ignore encoding)) + (assert (member bitsize '(128 192 256)) () "AES invalid key size ~A" bitsize) + (generate-symmetric-key bitsize "AES")) +(register-key-generator 'AES #'aes-generate-key) \ No newline at end of file --- /project/crypticl/cvsroot/crypticl/src/aes.lisp 2007/01/23 23:55:39 1.9 +++ /project/crypticl/cvsroot/crypticl/src/aes.lisp 2007/01/27 17:07:17 1.10 @@ -658,12 +658,6 @@ (defmethod decrypt ((obj AES) &optional data (start 0) (end (length data))) (update-and-decrypt obj data start end)) - -(defun aes-generate-key (&optional (bitsize 128) encoding) - (declare (ignore encoding)) - (assert (member bitsize '(128 192 256)) () "AES invalid key size ~A" bitsize) - (generate-symmetric-key bitsize "AES")) - ;;;;;;; ;;; Test suite @@ -749,7 +743,7 @@ "Testing long vector." (let ((aa (make-AES)) (tmp nil) - (key (generate-key 'AES 128)) + (key #16(2)) ;(generate-key 'AES 128)) Use a fixed key (iv #16(2)) (clear #500(3))) (format t "~&AES long vector...") @@ -797,9 +791,3 @@ (register-constructor 'AES #'make-AES) -(register-key-generator 'AES #'aes-generate-key) - - - - -

1 0

[crypticl-cvs] CVS crypticl/doc
by tskogan 27 Jan '07

27 Jan '07

Update of /project/crypticl/cvsroot/crypticl/doc In directory clnet:/tmp/cvs-serv24062/doc Modified Files: TODO Log Message: Get rid of load time warnings by reordering some code. Becuase the random number generator uses aes, aes must come before random, but aes depends on the keygenerator for producing keys which again depends on random; a circle dependency. Solve this a bit hackish by moving some aes code related to keys into keygenerator. --- /project/crypticl/cvsroot/crypticl/doc/TODO 2007/01/24 21:45:12 1.6 +++ /project/crypticl/cvsroot/crypticl/doc/TODO 2007/01/27 17:07:17 1.7 @@ -3,10 +3,6 @@ -bug in AES key expansion for 256-bit keys, maybe others. More test cases needed. --Get high entropy seed for PRNG on Windows (native API CryptGenRandom, -Advapi32.dll, Wincrypt.h,) --Replace use of SHA-1 in PRNG with a block cipher (AES) in counter mode. --Study the Fortuna PRNG. -more example applications to test and improve the api -SHA-512? -Document how to run the full test set (when porting to new platform).

1 0

[crypticl-cvs] CVS crypticl/src
by tskogan 27 Jan '07

27 Jan '07

Update of /project/crypticl/cvsroot/crypticl/src In directory clnet:/tmp/cvs-serv32149 Modified Files: random.lisp Log Message: Failed attempt to get access to CryptGenRandom on Windows. Unable to get Allegro's ffi binding to do what I want. --- /project/crypticl/cvsroot/crypticl/src/random.lisp 2007/01/24 21:45:12 1.8 +++ /project/crypticl/cvsroot/crypticl/src/random.lisp 2007/01/27 11:28:30 1.9 @@ -148,7 +148,181 @@ ;;;; TESTING -(defun foo () - (setf *random-secure-state* nil) - (random-secure-bignum 128)) - \ No newline at end of file + +;;;; Failed attempt to get access to CryptGenRandom on Windows. +;;;; Unable to get Allegro's ffi binding to do what I want. +;;;(defun win32-random () ;(size) +;;; " +;;;Some material on CryptGenRandom and the win32 api in general: +;;; +;;;win32 typedefs: +;;; +;;;typedef unsigned char BYTE +;;;typedef unsigned long DWORD +;;; +;;;LPCTSTR Long Pointer to a Constant null-Terminated String (C programming/Windows API) +;;;typedef const CHAR *PCSTR, *LPCSTR; +;;; +;;;Python Cryptography Toolkit, file src/winrandom.c +;;;A successful use of CryptGenRandom. +;;; +;;;wincrypt.h +;;;typedef unsigned long HCRYPTPROV; +;;; +;;;From msdn library: +;;;http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/cryptgenrandom.asp +;;; +;;;http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/cryptgenrandom.asp +;;; +;;;BOOL WINAPI CryptGenRandom( +;;; HCRYPTPROV hProv, +;;; DWORD dwLen, +;;; BYTE* pbBuffer); +;;; +;;;BOOL WINAPI CryptAcquireContext( +;;; HCRYPTPROV* phProv, +;;; LPCTSTR pszContainer, +;;; LPCTSTR pszProvider, +;;; DWORD dwProvType, +;;; DWORD dwFlags); +;;; +;;;if(CryptAcquireContext( +;;; &hCryptProv, // handle to the CSP +;;; UserName, // container name +;;; NULL, // use the default provider +;;; PROV_RSA_FULL, // provider type +;;; 0)) // flag values +;;;{... +;;; +;;;Example C code: +;;; +;;;#include <windows.h> +;;;#include <wincrypt.h> +;;; +;;;static HCRYPTPROV hProvider; +;;; +;;;void spc_rand_init(void) { +;;; if (!CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) +;;; ExitProcess((UINT)-1); /* Feel free to properly signal an error instead. */ +;;;} +;;; +;;;unsigned char *spc_rand(unsigned char *pbBuffer, size_t cbBuffer) { +;;; if (!hProvider) spc_rand_init( ); +;;; if (!CryptGenRandom(hProvider, cbBuffer, pbBuffer)) +;;; ExitProcess((UINT)-1); /* Feel free to properly signal an error instead. */ +;;; return pbBuffer; +;;;} +;;; +;;; +;;;Another example (from http://erngui.com/articles/rng/index.html): +;;; +;;;#define _WIN32_WINNT 0x0400 +;;;#include <windows.h> +;;;#include <wincrypt.h> +;;; +;;;long getrand() +;;;{ +;;; HCRYPTPROV hProv = 0; +;;; CryptAcquireContext(&hProv, +;;; 0, 0, PROV_RSA_FULL, +;;; CRYPT_VERIFYCONTEXT); +;;; long rnd; +;;; CryptGenRandom(hProv, +;;; sizeof(rnd), (BYTE*)&rnd); +;;; CryptReleaseContext(hProv, 0); +;;; return rnd; +;;;} +;;; +;;; +;;;/* Provider Types */ +;;;1530 #define PROV_RSA_FULL 1 +;;;1531 #define PROV_RSA_SIG 2 +;;;1532 #define PROV_DSS 3 +;;;1533 #define PROV_FORTEZZA 4 +;;;1534 #define PROV_MS_EXCHANGE 5 +;;;1535 #define PROV_SSL 6 +;;;1536 #define PROV_RSA_SCHANNEL 12 +;;;1537 #define PROV_DSS_DH 13 +;;;1538 #define PROV_EC_ECDSA_SIG 14 +;;;1539 #define PROV_EC_ECNRA_SIG 15 +;;;1540 #define PROV_EC_ECDSA_FULL 16 +;;;1541 #define PROV_EC_ECNRA_FULL 17 +;;;1542 #define PROV_DH_SCHANNEL 18 +;;;1543 #define PROV_SPYRUS_LYNKS 20 +;;;1544 #define PROV_RNG 21 +;;;1545 #define PROV_INTEL_SEC 22 +;;;1546 #define PROV_REPLACE_OWF 23 +;;;1547 #define PROV_RSA_AES 24 +;;; +;;; +;;;common error codes: +;;; +;;;ERROR_INVALID_PARAMETER ( 0x57/87L ) +;;;One of the parameters contains a value that is not valid. This is most +;;;often a pointer that is not valid. +;;; +;;;NTE_KEYSET_NOT_DEF( 0x80090019L ) +;;;The key container specified by pszContainer does not exist, or the +;;;requested provider does not exist. +;;;" +;;; (load "Kernel32.dll") ; for GetLastError +;;; (load "Advapi32.dll") +;;; ;; Check that we have the foreign functions we need +;;; (load "" :unreferenced-lib-names +;;; (list "CryptGenRandom" "CryptAcquireContextW" +;;; "CryptAcquireContextA" "GetLastError")) +;;; +;;; ;; BOOL WINAPI CryptAcquireContext( +;;; ;; HCRYPTPROV* phProv, +;;; ;; LPCTSTR pszContainer, // const CHAR *LPCTSTR ??? No? +;;; ;; LPCTSTR pszProvider, +;;; ;; DWORD dwProvType, +;;; ;; DWORD dwFlags); +;;; ;; +;;; ;; CryptAcquireContextW also seems to work. +;;; (ff:def-foreign-call (CryptAcquireContext "CryptAcquireContextA") +;;; ((phProv (* :unsigned-long) (:unsigned-long)) +;;; (pszContainer (* :char)) +;;; (pszProvider (* :char)) +;;; (dwProvType :unsigned-long fixnum) +;;; (dwFlags :unsigned-long fixnum)) +;;; :error-value :os-specific +;;; :returning (:int boolean)) +;;; +;;; (ff:def-foreign-call (GetLastError "GetLastError") (:void) +;;; :returning (:unsigned-long bignum)) +;;; +;;; (flet ((err (where) +;;; (format t "Error in ~A: 0x~,2'0X~%" where (GetLastError)))) +;;; +;;; (let ((phProv (ff:allocate-fobject :unsigned-long :foreign-static-gc))) +;;; (unless (CryptAcquireContext +;;; phProv ;phProv +;;; 0 ;pszContainer +;;; 0 ;pszProvider +;;; 1 ;dwProvType 1 = PROV_RSA_FULL +;;; 0) ;dwFlags) +;;; (err "CryptAcquireContext")) +;;; +;;; ;; BOOL WINAPI CryptGenRandom( +;;; ;; HCRYPTPROV hProv, //typedef unsigned long HCRYPTPROV; +;;; ;; DWORD dwLen, +;;; ;; BYTE* pbBuffer); //typedef unsigned char BYTE +;;; (ff:def-foreign-call (CryptGenRandom "CryptGenRandom") +;;; ((a :unsigned-long (:unsigned-long)) +;;; (b :unsigned-long) +;;; (c (* :unsigned-char))) +;;; :returning (:int boolean)) +;;; +;;; (let*((c (make-array 16 :element-type '(unsigned-byte 8) +;;; :initial-element 2)) +;;; (before (hex c)) +;;; after) +;;; ;; XXX This call always fail and error code is 87/0x57 +;;; ;; which supposedly is a bad pointer of some sort. +;;; (unless (CryptGenRandom phProv 8 c) +;;; (err "CryptGenRandom")) +;;; (setf after (hex c)) +;;; (if (string= before after) +;;; (format t "failure, no random bytes returned") +;;; (format t "SUCCESS!! Got random bytes: ~A~%" after))))))

1 0

[crypticl-cvs] CVS crypticl/doc
by tskogan 24 Jan '07

24 Jan '07

Update of /project/crypticl/cvsroot/crypticl/doc In directory clnet:/tmp/cvs-serv5500/doc Modified Files: USERGUIDE TODO ChangeLog Log Message: Replaced secure PRNG based on SHA-1 with 128 bits AES in counter mode. Should be 256 bits, but seems to be a bug in AES key expansion. --- /project/crypticl/cvsroot/crypticl/doc/USERGUIDE 2007/01/20 15:35:00 1.4 +++ /project/crypticl/cvsroot/crypticl/doc/USERGUIDE 2007/01/24 21:45:12 1.5 @@ -68,12 +68,13 @@ "a9993e364706816aba3e25717850c26c9cd0d89d" Implementation note: -There is a semantic difference between calling hash on a -hash object with no data and calling hash on an empty byte vector. Calling -hash on an empty object is more likely to be a user error and hence returns -nil. Calling hash on an empty byte vector on the other hand, may simply mean -that we got very short input and hence returns the initial state of the SHA-1 -algorithm (which is a valid 160 bits byte vector). + +There is a semantic difference between calling hash on a hash object with no +data and calling hash on an empty byte vector. Calling hash on an empty object +is more likely to be a user error and hence returns nil. Calling hash on an +empty byte vector on the other hand, may simply mean that we got very short +input and hence returns the initial state of the SHA-1 algorithm (which is a +valid 160 bits byte vector). The object oriented interface introduced above is built on top of low level function primitives for each algorithm. Sometimes it's easier to work directly --- /project/crypticl/cvsroot/crypticl/doc/TODO 2007/01/21 01:15:22 1.5 +++ /project/crypticl/cvsroot/crypticl/doc/TODO 2007/01/24 21:45:12 1.6 @@ -1,11 +1,14 @@ TODO list for Crypticl ====================== --Get high entropy seed for PRNG on Windows +-bug in AES key expansion for 256-bit keys, maybe others. More test +cases needed. +-Get high entropy seed for PRNG on Windows (native API CryptGenRandom, +Advapi32.dll, Wincrypt.h,) -Replace use of SHA-1 in PRNG with a block cipher (AES) in counter mode. -Study the Fortuna PRNG. -more example applications to test and improve the api -SHA-512? --Document how to run the full test set. - +-Document how to run the full test set (when porting to new platform). +-only use hex and hexo, not the long versions. --- /project/crypticl/cvsroot/crypticl/doc/ChangeLog 2007/01/17 22:00:57 1.15 +++ /project/crypticl/cvsroot/crypticl/doc/ChangeLog 2007/01/24 21:45:12 1.16 @@ -1,3 +1,8 @@ +24-01-2007 Taale Skogan + Replaced secure PRNG based on SHA-1 with 128 bits AES in counter + mode. Should be 256 bits, but seems to be a bug in AES key + expansion. + 17-01-2007 Taale Skogan Removed email addresses (spam).

1 0

[crypticl-cvs] CVS crypticl/src
by tskogan 24 Jan '07

24 Jan '07

Update of /project/crypticl/cvsroot/crypticl/src In directory clnet:/tmp/cvs-serv5500/src Modified Files: random.lisp diffie-hellman.lisp Log Message: Replaced secure PRNG based on SHA-1 with 128 bits AES in counter mode. Should be 256 bits, but seems to be a bug in AES key expansion. --- /project/crypticl/cvsroot/crypticl/src/random.lisp 2007/01/23 23:55:39 1.7 +++ /project/crypticl/cvsroot/crypticl/src/random.lisp 2007/01/24 21:45:12 1.8 @@ -5,125 +5,14 @@ ;;;; Author: Taale Skogan ;;;; Distribution: See the accompanying file LICENSE. -;;To do: -;;-get high entropy bits on non-Linux system. Either roll your own (most likely bad idea) or use win32API to handle one other system. But this is not important. win32 API CryptGenRandom. - (in-package crypticl) +;;;; +;;;; INTERNALS +;;;; -(defun random-secure-bignum (bitsize) - "Return random integer bitsize bits long generatated from a cryptograpically secure pseudo random number generator. The function is very slow because random-secure invokes SHA-1 multiple times. It should only be used for cryptographic keys and the like. - -Note that according to Menezes et al (1997), there exists no formal proof that this add-hoc solution using SHA-1 is cryptographically secure. But it is nevertheless approved for use in standards like the Digital Signature Standard (NIST 2000). -" - (random-bignum-internal bitsize #'random-secure)) - - -(defun random-bignum-internal (bitsize rand-function) - "Internal version of random-bignum. rand-function is a random number generator which takes one integer argument r and returns an integer in the range [0,r-1]." - (assert (> bitsize 0)) - (let* ((size (ceiling bitsize 8)) - (octet-array (make-array size - :element-type '(unsigned-byte 8))) - n) - (do ((i 0 (1+ i))) - ((>= i size)) - (setf (aref octet-array i) (funcall rand-function 256))) - - ;;Remove extra bits if necessary. This is done by setting the - ;;unnecessary 8 - (bitsize mod 8) most significant bits to zero. - (setf n (octet-vector-to-integer octet-array)) - (if (= 0 (mod bitsize 8)) - n - (dpb 0 (byte (- 8 (mod bitsize 8)) bitsize) n)))) - - -(defun random-bignum-max-odd (bitsize) - "Return random, bitsize bits long, odd integer. In other words, the least and most significant bit is always 1." - (let ((n (random-secure-bignum bitsize))) - (setf n (dpb 1 (byte 1 (1- bitsize)) n) - n (dpb 1 (byte 1 0) n)))) - - - -;;;;;;;; CRYPTOGRAPHICALLY SECURE RANDOM NUMBER GENERATOR - -(defparameter *random-secure-obj* nil - "State for the random number generator") - -(defun random-secure-range (low high) - "Return random integer in the range [low,high]. This should only be used for values of low close to 0." - (while t - (let ((n (random-secure (+ high 1)))) - (when (>= n low) - (return-from random-secure-range n))))) - - -(defun random-secure (n) - "Return random integer in the range [0,n-1]." - (if (not *random-secure-obj*) - (setf *random-secure-obj* (make-SecurePRNG))) - (SecurePRNG-random *random-secure-obj* n)) - -(defun random-secure-octets (size) - "Returns size pseudorandom octets from a cryptographically secure PRNG." - (if (not *random-secure-obj*) - (setf *random-secure-obj* (make-SecurePRNG))) - (SecurePRNG-octets *random-secure-obj* size)) - -(defclass SecurePRNG () - ((seed :accessor seed - :initarg :seed)) - (:documentation "Cryptographically secure pseudo random number generator.")) - -(defun set-seed (seed) - "Creates a new seed for the secure PRNG. Input should be a high entropy bignum at least 160 bits long." - (if (not *random-secure-obj*) - (setf *random-secure-obj* (make-SecurePRNG))) - (setf (seed *random-secure-obj*) seed)) - -(defun make-SecurePRNG () - "Constructor for the Secure-PRNG class. Assumes that a 160 bits secret/seed is enough." - (make-instance 'SecurePRNG - :seed (random-secure-seed 160))) - - -(defmethod SecurePRNG-random ((obj SecurePRNG) n) - "Return random number in the range [0,n-1] where n <= 2^160. Is terrible inefficient for small n because we waste most of the 160 bits SHA-1 returns." - (assert (<= (integer-length n) 160)) - (let* ((seed (seed obj)) - (state (octet-vector-to-integer - (sha-1-on-octet-vector (integer-to-octet-vector seed))))) - - ;;update seed to get forward security - (setf (seed obj) (mod (+ 1 seed state) - (expt 2 160))) - - ;;reduce n to proper size - (mod state n))) - - -(defmethod SecurePRNG-octets ((obj SecurePRNG) size) - "Returns size pseudorandom octets from a cryptographically secure PRNG." - (let ((rounds (ceiling size 20)) ;20 octets in 160 bits - (ret (make-array size :element-type '(unsigned-byte 8))) - (current-size 0) ;num octets processed so far - (hash nil)) - - (dotimes (i rounds) - (setf hash (sha-1-on-octet-vector (integer-to-octet-vector (seed obj)))) - (do ((j 0 (1+ j))) - ((or (>= current-size size) (>= j 20))) - - (setf (aref ret current-size) (aref hash j)) - (incf current-size)) - - ;;update seed to get forward security - (setf (seed obj) (mod (+ 1 (seed obj) (octet-vector-to-integer hash)) - (expt 2 160)))) - ret)) - - +(defparameter *random-secure-state* nil + "State for the secure random number generator") (defun high-entropy-octets (size) "Return size octets from some hopefully high entropy bit source." @@ -132,66 +21,38 @@ :if-does-not-exist nil) (if (not file) (progn - (warn "/dev/random was not available on this system.") - (warn "Add 160 bits high entropy seed maually using set-seed.") - (warn "Will use random in the mean time.") + (warn "Unable to get high entropy bits for seeding the secure") + (warn "random number generator. Seed with at least 256 high") + (warn "entropy bits by calling reseed-secure-prng. Will continue") + (warn "in NON-SECURE mode in the mean time.") (do ((i 0 (1+ i))) ((>= i size)) - (setf (aref ret i) (random 256)))) + (setf (aref ret i) (random 256)))) - (progn - (do ((i 0 (1+ i))) - ((>= i size)) - ;;Fails if /dev/random runs out of bytes, but that - ;;should never happen. - (setf (aref ret i) (read-byte file nil))))) - ret))) - - - -(defun random-secure-seed (bitsize) - "Returns bitsize integer with full entrophy (enthropy equals bitsize). Only works on Linux-like systems where /dev/random is a source of high enthropy bits." - (let* ((size (ceiling bitsize 8)) - (octet-array (high-entropy-octets size)) - n) ;Return value + (do ((i 0 (1+ i))) + ((>= i size)) + (setf (aref ret i) (read-byte file nil))))) - ;;Remove extra bits if necessary. This is done by setting the - ;;unnecessary 8 - (bitsize mod 8) most significant bits to zero. - (setf n (octet-vector-to-integer octet-array)) - (if (= 0 (mod bitsize 8)) - n - (dpb 0 (byte (- 8 (mod bitsize 8)) bitsize) n)))) - - - -;;;; -;;;; AES version -;;;; -;;;; Based on Fortuna from Practical Cryptography. -;;;; -(defparameter *random-secure-obj-aes* nil - "State for the random number generator") + ret)) -(defun random-secure-octets-aes (size) - "Returns size pseudorandom octets from a cryptographically secure PRNG." - (unless *random-secure-obj-aes* - (setf *random-secure-obj-aes* (make-SecurePRNG-AES))) - - (SecurePRNG-octets-aes *random-secure-obj-aes* size)) +;;; +;;; AES related code +;;; +;;; Based on Fortuna from Practical Cryptography. +;;; (defclass SecurePRNG-AES () ((key :accessor key - :initform #16(0)) + :initform #16(0)) ; TODO use 32 bytes (256 bits) (ctr :accessor ctr - :initform #16(0))) + :initform #16(0))) ; TODO use 32 bytes (256 bits) (:documentation "Cryptographically secure pseudo random number generator.")) (defun make-SecurePRNG-AES () "Constructor for the Secure-PRNG class. Assumes that X bits secret/seed is enough." (let ((obj (make-instance 'SecurePRNG-AES))) - (format t "ctr after init = ~A~%" (hex (ctr obj))) (reseed obj (high-entropy-octets 16)))) (defmethod reseed ((obj SecurePRNG-AES) new-seed) @@ -203,54 +64,91 @@ (setf (key obj) (subseq (hash hasher new-seed) 0 keysize)) ;; We run in counter mode so update counter (inc-counter obj) - (format t "ctr in reseed = ~A~%" (hex (ctr obj))) obj)) (defmethod inc-counter ((obj SecurePRNG-AES)) (int-as-octet-vector-add (ctr obj) 1)) -(defun set-seed-aes (new-seed) +(defmethod SecurePRNG-octets-aes ((obj SecurePRNG-AES) size) + "Returns size pseudorandom octets from a cryptographically secure PRNG." + (let* ((res (make-array size + :element-type '(unsigned-byte 8) + :initial-element 0)) + (ctr-size (length (ctr obj))) + (tmp (make-array ctr-size + :element-type '(unsigned-byte 8) + :initial-element 0))) + (do* ((offset 0 (+ offset next)) + (leftover size (- leftover next)) + (next (min ctr-size leftover) (min ctr-size leftover))) + ((<= leftover 0)) + ;; the cipher overwrites the input buffer so we cannot use + ;; (ctr obj) directly. + (octet-vector-copy (ctr obj) 0 ctr-size tmp 0) + (aes-crypt-octet-vector tmp (key obj) 'ctr-onetime nil) + (octet-vector-copy tmp 0 next res offset) + (inc-counter obj)) + + res)) + + +;;;; +;;;; API +;;;; + +(defun random-secure-octets (size) + "Return size octets from a cryptographically secure PRNG." + (unless *random-secure-state* + (setf *random-secure-state* (make-SecurePRNG-AES))) + (SecurePRNG-octets-aes *random-secure-state* size)) + + +(defun random-secure-bignum (bitsize) + "Return bignum from a cryptographically secure PRNG." + (let* ((size (ceiling bitsize 8)) + (keep (mod bitsize 8)) + (ov (random-secure-octets size))) + ;; Remove extra bits if bitsize not a multiple of 8. + ;; This is done by only keeping the least (bitsize mod 8) significant + ;; bits in the most significant byte. + (unless (= keep 0) + (setf (aref ov 0) (mask-field (byte keep 0) (aref ov 0)))) + (octet-vector-to-integer ov))) + + +(defun reseed-secure-prng (new-seed) "Reseed the global secure PRNG. The input should be high entropy bits, ideally 256 bits of entropy or more, given as a bignum or a byte array." - (unless *random-secure-obj-aes* - (setf *random-secure-obj-aes* (make-SecurePRNG))) + (unless *random-secure-state* + (setf *random-secure-state* (make-SecurePRNG))) (typecase new-seed - (integer (reseed *random-secure-obj-aes* + (integer (reseed *random-secure-state* (integer-to-octet-vector new-seed))) - (vector (reseed *random-secure-obj-aes* new-seed)))) + (vector (reseed *random-secure-state* new-seed)))) -(defmethod SecurePRNG-octets-aes ((obj SecurePRNG-AES) size) - "Returns size pseudorandom octets from a cryptographically secure PRNG." - (let ((res (make-array size - :element-type '(unsigned-byte 8) - :initial-element 0)) - (tmp (make-array (length (ctr obj)) - :element-type '(unsigned-byte 8) - :initial-element 0)) - (ctr-size (length (ctr obj)))) - - (do* ((offset 0 (+ offset next)) - (leftover size (- leftover next)) - (next (min ctr-size leftover) (min ctr-size leftover))) - ((<= leftover 0)) - ;; the cipher overwrites the input buffer so we cannot use - ;; (ctr obj) directly. - (octet-vector-copy (ctr obj) 0 ctr-size tmp 0) - (aes-crypt-octet-vector tmp (key obj) 'ctr-onetime nil) - (octet-vector-copy tmp 0 next res offset) - (inc-counter obj)) - - res)) + +(defun random-bignum-max-odd (bitsize) + "Return random, bitsize bits long, odd integer. + +In other words, the least and most significant bit is always 1. +Used by RSA and DSA." + (let ((n (random-secure-bignum bitsize))) + (setf n (dpb 1 (byte 1 (1- bitsize)) n) + n (dpb 1 (byte 1 0) n)))) + + +(defun random-secure-bignum-range (low high) + "Return bignum in the range [low,high] from secure PRNG." + ;; Be lazy and retry a few times + (let ((bitsize (integer-length high))) + (do ((n (- low 1)(random-secure-bignum bitsize))) + ((and (<= n high) (>= n low)) n)))) +;;;; TESTING (defun foo () - (setf *random-secure-obj-aes* (make-SecurePRNG-AES)) - (format t "ctr before = ~A~%" (hex (ctr *random-secure-obj-aes*))) - (format t "bytes = ~A~%"(hex (random-secure-octets-aes 16))) - (format t "ctr = ~A~%" (hex (ctr *random-secure-obj-aes*)))) - -(defun bar (&optional (size 16)) - (format t "bytes = ~A~%"(hex (random-secure-octets-aes size))) - (format t "ctr = ~A~%" (hex (ctr *random-secure-obj-aes*)))) + (setf *random-secure-state* nil) + (random-secure-bignum 128)) + \ No newline at end of file --- /project/crypticl/cvsroot/crypticl/src/diffie-hellman.lisp 2007/01/17 22:00:52 1.6 +++ /project/crypticl/cvsroot/crypticl/src/diffie-hellman.lisp 2007/01/24 21:45:12 1.7 @@ -25,7 +25,7 @@ (defmethod generate-random-Diffie-Hellman ((obj Diffie-Hellman)) (let* ((g (g (key obj))) (p (p (key obj))) - (x (random-secure-range 1 (- p 2)))) + (x (random-secure-bignum-range 1 (- p 2)))) (setf (x (key obj)) x) (mod-expt g x p)))

1 0

[crypticl-cvs] CVS crypticl/src
by tskogan 24 Jan '07

24 Jan '07

Update of /project/crypticl/cvsroot/crypticl/src In directory clnet:/tmp/cvs-serv1593 Modified Files: utilities.lisp random.lisp aes.lisp Log Message: Backup of initial version of secure random generator with aes in counter mode. --- /project/crypticl/cvsroot/crypticl/src/utilities.lisp 2007/01/22 22:45:32 1.9 +++ /project/crypticl/cvsroot/crypticl/src/utilities.lisp 2007/01/23 23:55:39 1.10 @@ -73,14 +73,9 @@ (defun int-as-octet-vector-add (ov n) - "Add n to octet vector ov." + "Add n to octet vector ov and keep size of octet vector." (integer-to-octet-vector (+ (octet-vector-to-integer ov) n) :vector ov)) -(defun foo (data ctr) - (aes-crypt-octet-vector data #16(0) 'ctr nil ctr) - (int-as-octet-vector-add ctr 1) - (hex data)) - (defun hex (ov) (octet-vector-to-hex-string ov)) @@ -171,8 +166,7 @@ (unless out (setf out (make-array size :element-type '(unsigned-byte 8)))) (dotimes (i size out) - (setf (aref out (+ out-start i)) (aref in (+ start i)))))) - + (setf (aref out (+ out-start i)) (aref in (+ start i)))))) (defun concat (&rest args) "Concatenates strings and vectors. --- /project/crypticl/cvsroot/crypticl/src/random.lisp 2007/01/23 21:20:36 1.6 +++ /project/crypticl/cvsroot/crypticl/src/random.lisp 2007/01/23 23:55:39 1.7 @@ -161,3 +161,96 @@ (if (= 0 (mod bitsize 8)) n (dpb 0 (byte (- 8 (mod bitsize 8)) bitsize) n)))) + + + +;;;; +;;;; AES version +;;;; +;;;; Based on Fortuna from Practical Cryptography. +;;;; +(defparameter *random-secure-obj-aes* nil + "State for the random number generator") + +(defun random-secure-octets-aes (size) + "Returns size pseudorandom octets from a cryptographically secure PRNG." + (unless *random-secure-obj-aes* + (setf *random-secure-obj-aes* (make-SecurePRNG-AES))) + + (SecurePRNG-octets-aes *random-secure-obj-aes* size)) + +(defclass SecurePRNG-AES () + ((key + :accessor key + :initform #16(0)) + (ctr + :accessor ctr + :initform #16(0))) + (:documentation "Cryptographically secure pseudo random number generator.")) + +(defun make-SecurePRNG-AES () + "Constructor for the Secure-PRNG class. Assumes that X bits secret/seed is enough." + (let ((obj (make-instance 'SecurePRNG-AES))) + (format t "ctr after init = ~A~%" (hex (ctr obj))) + (reseed obj (high-entropy-octets 16)))) + +(defmethod reseed ((obj SecurePRNG-AES) new-seed) + "Reseed with byte array of high entropy bits." + (let ((hasher (make-SHA-256)) + (keysize (length (key obj)))) + ;; Concatenate old key with new seed and hash + (update hasher (key obj)) + (setf (key obj) (subseq (hash hasher new-seed) 0 keysize)) + ;; We run in counter mode so update counter + (inc-counter obj) + (format t "ctr in reseed = ~A~%" (hex (ctr obj))) + obj)) + +(defmethod inc-counter ((obj SecurePRNG-AES)) + (int-as-octet-vector-add (ctr obj) 1)) + +(defun set-seed-aes (new-seed) + "Reseed the global secure PRNG. + +The input should be high entropy bits, ideally 256 bits of entropy or more, +given as a bignum or a byte array." + (unless *random-secure-obj-aes* + (setf *random-secure-obj-aes* (make-SecurePRNG))) + (typecase new-seed + (integer (reseed *random-secure-obj-aes* + (integer-to-octet-vector new-seed))) + (vector (reseed *random-secure-obj-aes* new-seed)))) + +(defmethod SecurePRNG-octets-aes ((obj SecurePRNG-AES) size) + "Returns size pseudorandom octets from a cryptographically secure PRNG." + (let ((res (make-array size + :element-type '(unsigned-byte 8) + :initial-element 0)) + (tmp (make-array (length (ctr obj)) + :element-type '(unsigned-byte 8) + :initial-element 0)) + (ctr-size (length (ctr obj)))) + + (do* ((offset 0 (+ offset next)) + (leftover size (- leftover next)) + (next (min ctr-size leftover) (min ctr-size leftover))) + ((<= leftover 0)) + ;; the cipher overwrites the input buffer so we cannot use + ;; (ctr obj) directly. + (octet-vector-copy (ctr obj) 0 ctr-size tmp 0) + (aes-crypt-octet-vector tmp (key obj) 'ctr-onetime nil) + (octet-vector-copy tmp 0 next res offset) + (inc-counter obj)) + + res)) + + +(defun foo () + (setf *random-secure-obj-aes* (make-SecurePRNG-AES)) + (format t "ctr before = ~A~%" (hex (ctr *random-secure-obj-aes*))) + (format t "bytes = ~A~%"(hex (random-secure-octets-aes 16))) + (format t "ctr = ~A~%" (hex (ctr *random-secure-obj-aes*)))) + +(defun bar (&optional (size 16)) + (format t "bytes = ~A~%"(hex (random-secure-octets-aes size))) + (format t "ctr = ~A~%" (hex (ctr *random-secure-obj-aes*)))) --- /project/crypticl/cvsroot/crypticl/src/aes.lisp 2007/01/21 01:15:22 1.8 +++ /project/crypticl/cvsroot/crypticl/src/aes.lisp 2007/01/23 23:55:39 1.9 @@ -375,8 +375,17 @@ (aes-ecb-mode data round-key num-rounds doEncrypt)) ((eq mode 'cbc) (aes-cbc-mode data round-key num-rounds doEncrypt iv)) + ((eq mode 'ctr-onetime) + (aes-generate-one-time-pad-ctr data round-key num-rounds)) (t (error "No such mode ~A" mode))))) +(defun aes-generate-one-time-pad-ctr (data round-key num-rounds) + "data is the counter" + (let ((encrypted-block (make-array '(4 4))) + (offset 0)) + (get-block encrypted-block data offset) + (aes-encrypt-block encrypted-block round-key num-rounds) + (copy-back-block encrypted-block data offset))) (defun aes-cbc-mode (data round-key num-rounds doEncrypt iv)

1 0

[crypticl-cvs] CVS crypticl/src
by tskogan 23 Jan '07

23 Jan '07

Update of /project/crypticl/cvsroot/crypticl/src In directory clnet:/tmp/cvs-serv1638 Modified Files: random.lisp Log Message: Remove non-secure generator to avoid mistakes. --- /project/crypticl/cvsroot/crypticl/src/random.lisp 2007/01/20 15:46:59 1.5 +++ /project/crypticl/cvsroot/crypticl/src/random.lisp 2007/01/23 21:20:36 1.6 @@ -1,24 +1,15 @@ ;;;;-*-lisp-*- ;;;; The Crypticl cryptographic library. ;;;; -;;;; Description: Pseudo random number generation. +;;;; Description: Cryptographically secure pseudo random number generator. ;;;; Author: Taale Skogan ;;;; Distribution: See the accompanying file LICENSE. - ;;To do: ;;-get high entropy bits on non-Linux system. Either roll your own (most likely bad idea) or use win32API to handle one other system. But this is not important. win32 API CryptGenRandom. -;;-test suite. Some simple statistical tests on output? (in-package crypticl) -(defun random-bignum (bitsize) - "Return random integer bitsize bits long, i.e. an integer in the range [0, 2^bitsize - 1]. Uses the internal Lisp PSNG random which is _not_ cryptographically secure. -" - (warn "Using a PSNG which is _not_ cryptographically secure.") - (random-bignum-internal bitsize #'random)) - - (defun random-secure-bignum (bitsize) "Return random integer bitsize bits long generatated from a cryptograpically secure pseudo random number generator. The function is very slow because random-secure invokes SHA-1 multiple times. It should only be used for cryptographic keys and the like. @@ -55,8 +46,7 @@ -;;;;;;;; -;;; CRYPTOGRAPHICALLY SECURE RANDOM NUMBER GENERATOR +;;;;;;;; CRYPTOGRAPHICALLY SECURE RANDOM NUMBER GENERATOR (defparameter *random-secure-obj* nil "State for the random number generator")

1 0

[crypticl-cvs] CVS crypticl/src
by tskogan 22 Jan '07

22 Jan '07

Update of /project/crypticl/cvsroot/crypticl/src In directory clnet:/tmp/cvs-serv4482 Modified Files: utilities.lisp Log Message: Add keyword option. --- /project/crypticl/cvsroot/crypticl/src/utilities.lisp 2007/01/21 01:15:22 1.8 +++ /project/crypticl/cvsroot/crypticl/src/utilities.lisp 2007/01/22 22:45:32 1.9 @@ -35,13 +35,26 @@ (setq integer (+ (* integer 256) (aref vector i)))) integer)) -(defun integer-to-octet-vector (integer &key vector (start 0)) - "Transforms positive integers to byte vector using big endian format. Assumes a byte is 8 bits. " +(defun integer-to-octet-vector (integer &key vector + (start 0) + size) + "Transforms positive integers to byte vector using big endian/most +significant byte first format. + +Parameters: +size -- size of returned vector, prepadded with zero bytes if necessary. +" + (when (and size vector) + (assert (= size (length vector)))) (let* ((required-length - ;; Special case for 0 because integer-length returns 0 then. - (if (= integer 0) - 1 - (ceiling (integer-length integer) 8))) + (cond + (vector (length vector)) + (size size) + (t + ;; Special case for 0 because integer-length returns 0 then. + (if (= integer 0) + 1 + (ceiling (integer-length integer) 8))))) (result (or vector (make-array required-length :element-type '(unsigned-byte 8) @@ -59,6 +72,15 @@ result)) +(defun int-as-octet-vector-add (ov n) + "Add n to octet vector ov." + (integer-to-octet-vector (+ (octet-vector-to-integer ov) n) :vector ov)) + +(defun foo (data ctr) + (aes-crypt-octet-vector data #16(0) 'ctr nil ctr) + (int-as-octet-vector-add ctr 1) + (hex data)) + (defun hex (ov) (octet-vector-to-hex-string ov))

1 0

[crypticl-cvs] CVS crypticl/etc
by tskogan 21 Jan '07

21 Jan '07

Update of /project/crypticl/cvsroot/crypticl/etc In directory clnet:/tmp/cvs-serv7590 Modified Files: .emacs Log Message: add scp-buffer. --- /project/crypticl/cvsroot/crypticl/etc/.emacs 2007/01/21 01:24:52 1.1 +++ /project/crypticl/cvsroot/crypticl/etc/.emacs 2007/01/21 01:55:59 1.2 @@ -182,3 +182,12 @@ (put 'upcase-region 'disabled nil) + + +;;tskogan@common-lisp.net:/project/crypticl/public_html +(defun scp-buffer (dst) + (interactive "s scp current file to remote destination: ") + (let ((retval (call-process "pscp" nil nil nil (buffer-file-name) dst))) + (if (eq 0 retval) + (princ (format "Copied file %s to %s" (buffer-file-name) dst)) + (princ (format "scp failed with return value %s" retval)))))

1 0

[crypticl-cvs] CVS crypticl/doc/html
by tskogan 21 Jan '07

21 Jan '07

Update of /project/crypticl/cvsroot/crypticl/doc/html In directory clnet:/tmp/cvs-serv6825 Modified Files: index.html Log Message: *** empty log message *** --- /project/crypticl/cvsroot/crypticl/doc/html/index.html 2007/01/17 22:36:02 1.7 +++ /project/crypticl/cvsroot/crypticl/doc/html/index.html 2007/01/21 01:40:26 1.8 @@ -45,7 +45,7 @@ <h3>Download</h3> <a href="crypticl-0.1.1.tar.gz">Crypticl 0.1</a><p> - <a href="obol-0.1.1.tar.gz">Obol 0.1</a>, includes crypticl.<p> + <a href="obol-0.1.1.tar.gz">Obol 0.1</a>, includes Crypticl.<p> <h3>CVS</h3>

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

crypticl-cvs January 2007