2008-08-06 18:04:23 +00:00
|
|
|
====================================
|
|
|
|
= Usage of streamciphers =
|
|
|
|
====================================
|
|
|
|
|
|
|
|
Author: Daniel Otte
|
|
|
|
email: daniel.otte@rub.de
|
|
|
|
|
|
|
|
|
|
|
|
0. Foreword
|
2008-12-30 16:10:30 +00:00
|
|
|
This file will describe how to use the streamcipher implementations provided
|
2008-08-06 18:04:23 +00:00
|
|
|
by this library. It will not only show how to call the cryptographic functions
|
|
|
|
but also discuss a little how to build security mechanisms from that.
|
|
|
|
|
|
|
|
1. What a streamcipher does
|
2008-12-30 16:10:30 +00:00
|
|
|
A streamcipher normally generates a deterministic, random looking stream of
|
2008-08-06 18:04:23 +00:00
|
|
|
bits, known as keystream. For encryption purpose this keystream is XORed with
|
|
|
|
the data stream. So decryption is exactly the same as encryption. The
|
2008-12-30 16:10:30 +00:00
|
|
|
data-stream is XORed with the keystream giving the plaintext. So both sides
|
|
|
|
need exactly the same streamcipher in the same state.
|
2008-08-06 18:04:23 +00:00
|
|
|
|
|
|
|
1.1. high frequent parameters:
|
2008-12-30 16:10:30 +00:00
|
|
|
output-size: 8 bit, 1 bit
|
2008-08-06 18:04:23 +00:00
|
|
|
keysize: 64 bit, 80 bit, 128 bit
|
|
|
|
IVsize: 64 bit
|
|
|
|
|
|
|
|
2. Parts of a streamcipher
|
|
|
|
* generation algorithm
|
2008-12-30 16:10:30 +00:00
|
|
|
* initialization algorithm
|
2008-08-06 18:04:23 +00:00
|
|
|
* state
|
|
|
|
As we can see all streamciphers seem to utilize an internal state which
|
2008-12-30 16:10:30 +00:00
|
|
|
determines the output. This state is initialized by the initialization
|
|
|
|
algorithm with a key and an IV (initialization vector). It is very important
|
2008-08-06 18:04:23 +00:00
|
|
|
for security that _never_ the same key with the same IV is used again. The
|
|
|
|
IV is not required to be kept secret.
|
|
|
|
|
|
|
|
3. streamcipher API
|
|
|
|
The API is not always consistent due to the fact that we tried to optimize the
|
|
|
|
code for size (flash, heap and stack) and speed (runtime of the different
|
|
|
|
components).
|
|
|
|
Generally the API of the implemented streamciphers consists of:
|
|
|
|
|
2008-12-30 16:10:30 +00:00
|
|
|
*_init function, which implements the initialization
|
2008-08-06 18:04:23 +00:00
|
|
|
*_gen function, which implements the streamcipher algorithm and generates a
|
|
|
|
keystream output
|
|
|
|
*_ctx_t context type, which contains internal state information
|
|
|
|
|
|
|
|
3.1 look at the prototypes
|
|
|
|
Generally the prototypes (defined in the *.h files) will tell you what
|
|
|
|
parameter means what.
|
|
|
|
|
|
|
|
3.1.2 sizes in bits and bytes
|
|
|
|
Working with cryptographical functions involves working with different lengths.
|
|
|
|
Some times you want to know it in bits and sometimes in bytes. To reduce
|
2008-12-30 16:10:30 +00:00
|
|
|
frustration and to avoid bugs we suffix a length parameter with either _b or
|
|
|
|
_B depending on the meaning. _b means in bits and _B means in bytes
|
2008-08-06 18:04:23 +00:00
|
|
|
(big b big word).
|
|
|
|
|
|
|
|
3.2. *_init function
|
|
|
|
The *_init function generally takes a pointer to the key as first parameter.
|
|
|
|
For ciphers where the keysize is not fixed the second parameter gives the
|
|
|
|
keysize (in bits regularly) followed by a pointer to the IV and a length
|
|
|
|
parameter for not fixed IV sizes (both are omitted if the algorithm does not
|
|
|
|
specify IV handling, in this case a part of the key should be used as IV).
|
|
|
|
The last parameter points to the context variable to fill.
|
|
|
|
|
|
|
|
3.3. *_gen function
|
|
|
|
The *_gen function updates the internal state to which a pointer is given as
|
|
|
|
parameter and returns a fixed length part of the keystream as return value.
|
|
|
|
|
|
|
|
|
2008-12-30 16:10:30 +00:00
|
|
|
|