Lines Matching defs:Cipher
125 block cipher and hash function to ensure that they compile and execute to the published design specifications. The library
180 mode routines for every single cipher. That means every time you add or remove a cipher from the library
182 are not directly tied to the ciphers. That is a new cipher can be added to the library by simply providing
184 can make use of the cipher right away.
254 related issue is if you use the same symmetric cipher, hash or public key state data in multiple threads. Normally
412 functions which are (given that XXX is the name of the cipher) the following:
413 \index{Cipher Setup}
421 The XXX\_setup() routine will setup the cipher to be used with a given number of rounds and a given key length (in bytes).
425 that you should only used this scheduled key with the intended cipher. For example, if you call \textit{blowfish\_setup()} do not
432 To encrypt or decrypt a block in ECB mode there are these two functions per cipher:
433 \index{Cipher Encrypt} \index{Cipher Decrypt}
444 which cipher you are using.}, storing the result in the \textit{ct} buffer (\textit{pt} resp.). It is possible that the input and output buffer are
447 return \textbf{CRYPT\_OK} on success. To test a particular cipher against test vectors\footnote{As published in their design papers.}
451 \index{Cipher Testing}
455 This function will return {\bf CRYPT\_OK} if the cipher matches the test vectors from the design publication it is
459 For each cipher there is a function which will help find a desired key size. It is specified as follows:
486 \subsection{Cipher Termination}
487 When you are finished with a cipher you can de--initialize it with the done function.
492 cipher descriptors may require to be called for resource management purposes. To be compliant, all functions which call a cipher
493 setup function must also call the respective cipher done function when finished.
535 /* Terminate the cipher context */
558 \mysection{The Cipher Descriptors}
559 \index{Cipher Descriptor}
560 To facilitate automatic routines an array of cipher descriptors is provided in the array \textit{cipher\_descriptor}. An element
566 /** name of cipher */
589 are the minimum and maximum key sizes in bytes. The \textit{block\_length} member is the block size of the cipher
590 in bytes. As a good rule of thumb it is assumed that the cipher supports
597 The remaining fields are all pointers to the core functions for each cipher. The end of the cipher\_descriptor array is
600 As of this release the current cipher\_descriptors elements are the following:
602 \index{Cipher descriptor table}
640 rijndael\_desc and rijndael\_enc\_desc provide the cipher named \textit{rijndael}. The descriptors aes\_desc and
641 aes\_enc\_desc provide the cipher name \textit{aes}. Functionally both \textit{rijndael} and \textit{aes} are the same cipher. The
642 only difference is when you call find\_cipher() you have to pass the correct name. The cipher descriptors with \textit{enc}
647 The \textit{encrypt only} descriptors are useful for applications that only use the encryption function of the cipher. Algorithms such
649 Rijndael as it makes the most sense for this cipher.
660 key will require less ram but the resulting cipher will be slower. The second option is \textit{TWOFISH\_TABLES} which when
686 To work with the cipher\_descriptor array there is a function:
691 Which will search for a given name in the array. It returns $-1$ if the cipher is not found, otherwise it returns
692 the location in the array where the cipher was found. For example, to indirectly setup Blowfish you can also use:
703 /* you must register a cipher before you use it */
705 printf("Unable to register Blowfish cipher.");
718 /* ... use cipher ... */
724 to use a cipher with the descriptor table you must register it first using:
727 int register_cipher(const struct _cipher_descriptor *cipher);
730 as there is no more room (it can have 32 ciphers at most) it will return {\bf{-1}}. If you try to add the same cipher more
731 than once it will just return the index of the first copy. To remove a cipher call:
734 int unregister_cipher(const struct _cipher_descriptor *cipher);
736 Which returns {\bf CRYPT\_OK} if it removes the cipher, otherwise it returns {\bf CRYPT\_ERROR}.
744 /* register the cipher */
766 A typical symmetric block cipher can be used in chaining modes to effectively encrypt messages larger than the block
767 size of the cipher. Given a key $k$, a plaintext $P$ and a cipher $E$ we shall denote the encryption of the block
781 CBC or Cipher Block Chaining mode is a simple mode designed to prevent trivial forms of replay and swap attacks on ciphers.
790 CTR or Counter Mode is a mode which only uses the encryption function of the cipher. Given a initial vector which is
798 as the block cipher is under a chosen plaintext attack (provided the initial vector is unique).
807 Note that in this library the output feedback width is equal to the size of the block cipher. That is this mode is used
818 Like the CFB mode the output width in CFB mode is the same as the width of the block cipher. OFB mode will also
825 \item Provably as secure as the block cipher being used under a chosen plaintext attack.
826 \item Technically does not require the decryption routine of the cipher.
828 \item Allows the encryption of block sizes that are not equal to the size of the block cipher.
834 The ECB and CBC modes process blocks of the same size as the cipher at a time. Therefore, they are less flexible than the
841 support this mode directly but it is fairly easy to emulate with a call to the cipher's ecb\_encrypt() callback function.
853 int XXX_start( int cipher,
860 int ctr_start( int cipher,
868 int ecb_start( int cipher,
875 In each case, \textit{cipher} is the index into the cipher\_descriptor array of the cipher you want to use. The \textit{IV} value is
876 the initialization vector to be used with the cipher. You must fill the IV yourself and it is assumed they are the same
877 length as the block size\footnote{In other words the size of a block of plaintext for the cipher, e.g. 8 for DES, 16 for AES, etc.}
878 of the cipher you choose. It is important that the IV be random for each unique message you want to encrypt. The
889 The routines return {\bf CRYPT\_OK} if the cipher initialized correctly, otherwise, they return an error code.
936 The XXX\_setiv() functions are handy if you wish to change the IV without re--keying the cipher.
952 This will terminate the stream (by terminating the cipher) and return \textbf{CRYPT\_OK} if successful.
967 printf("Error registering cipher.\n");
975 find_cipher("twofish"), /* index of desired cipher */
1033 LRW mode is a cipher mode which is meant for indexed encryption like used to handle storage media. It is meant to have efficient seeking and overcome the
1043 int lrw_start( int cipher,
1052 This will initialize the LRW context with the given (16 octet) \textit{IV}, cipher $K_1$ \textit{key} of length \textit{keylen} octets and the (16 octet) $K_2$ \textit{tweak}.
1053 While LRW was specified to be used only with AES, LibTomCrypt will allow any 128--bit block cipher to be specified as indexed by \textit{cipher}. The
1054 number of rounds for the block cipher \textit{num\_rounds} can be 0 to use the default number of rounds for the given cipher.
1104 int f8_start( int cipher,
1161 by the designers. First, a short description of what EAX mode is before we explain how to use it. EAX is a mode that requires a cipher,
1163 authentication\footnote{Note that since EAX only requires OMAC and CTR you may use \textit{encrypt only} cipher descriptors with this mode.}.
1178 int cipher,
1187 Where \textit{eax} is the EAX state. The \textit{cipher} parameter is the index of the desired cipher in the descriptor table.
1243 This requires that the AES (or Rijndael) block cipher be registered with the cipher\_descriptor table first.
1263 find_cipher("rijndael"), /* cipher id */
1305 int cipher,
1314 int cipher,
1332 P. Rogaway, M. Bellare, J. Black, T. Krovetz, \textit{OCB: A Block Cipher Mode of Operation for Efficient Authenticated Encryption}.}
1339 int cipher,
1345 This will initialize the \textit{ocb} context using cipher descriptor \textit{cipher}. It will use a \textit{key} of length \textit{keylen}
1364 They assume that \textit{pt} and \textit{ct} are the same size as the block cipher's block size. Note that you cannot call
1386 Note that \textit{ptlen} must be less than or equal to the block size of block cipher chosen. Also note that if you have
1412 int cipher,
1426 int cipher,
1439 cipher) as a primitive. Unlike EAX and OCB mode,
1446 int cipher,
1457 This performs the \textit{CCM} operation on the data. The \textit{cipher} variable indicates which cipher in the descriptor table to use. It must have a
1497 /* register cipher */
1555 int cipher,
1559 This initializes the GCM state \textit{gcm} for the given cipher indexed by \textit{cipher}, with a secret key \textit{key} of length \textit{keylen} octets. The cipher
1633 int cipher,
1975 Similar to the cipher descriptor table you must register your hash algorithms before you can use them. These functions
1976 work exactly like those of the cipher registration code. The functions are:
2012 \mysection{Cipher Hash Construction}
2013 \index{Cipher Hash Construction}
2014 An addition to the suite of hash functions is the \textit{Cipher Hash Construction} or \textit{CHC} mode. In this mode
2020 data. While it is in the hash system you still have to tell the CHC code which cipher to use. This is accomplished
2025 int chc_register(int cipher);
2028 A cipher has to be registered with CHC (and also in the cipher descriptor tables with
2029 register\_cipher()). The chc\_register() function will bind a cipher to the CHC system. Only one cipher can
2033 \item The cipher must have a block size greater than 64--bits.
2034 \item The cipher must allow an input key the size of the block size.
2037 Example of using CHC with the AES block cipher.
2045 /* register cipher and hash */
2047 printf("Could not register cipher\n");
2083 and its length. The key is much like a key you would pass to a cipher. That is, it is simply an array of octets stored in
2201 algorithm which produces a Message Authentication Code (MAC) using only a block cipher such as AES. Note: OMAC has been standardized as
2203 HMAC routines. Instead, in this case a cipher is used instead of a hash.
2209 int cipher,
2213 The \textit{omac} parameter is the state for the OMAC algorithm. The \textit{cipher} parameter is the index into the cipher\_descriptor table
2214 of the cipher\footnote{The cipher must have a 64 or 128 bit block size. Such as CAST5, Blowfish, DES, AES, Twofish, etc.} you
2248 specification states that the output may be truncated. So if you pass in $outlen = 5$ and use AES as your cipher than
2258 int cipher,
2263 This will compute the OMAC of \textit{inlen} bytes of \textit{in} using the key \textit{key} of length \textit{keylen} bytes and the cipher
2264 specified by the \textit{cipher}'th entry in the cipher\_descriptor table. It will store the MAC in \textit{out} with the same
2271 int cipher,
2278 and the cipher specified by the \textit{cipher}'th entry in the cipher\_descriptor table. It will store the MAC in \textit{out} with
2305 /* get index of Rijndael in cipher descriptor table */
2337 The PMAC\footnote{J.Black, P.Rogaway, \textit{A Block--Cipher Mode of Operation for Parallelizable Message Authentication}}
2338 protocol is another MAC algorithm that relies solely on a symmetric-key block cipher. It uses essentially the same
2346 int cipher,
2350 Which initializes the \textit{pmac} state with the given \textit{cipher} and \textit{key} of length \textit{keylen} bytes. The chosen cipher
2392 int cipher,
2397 This will compute the PMAC of \textit{msglen} bytes of \textit{msg} using the key \textit{key} of length \textit{keylen} bytes, and the cipher
2398 specified by the \textit{cipher}'th entry in the cipher\_descriptor table. It will store the MAC in \textit{out} with the same
2405 int cipher,
2412 and the cipher specified by the \textit{cipher}'th entry in the cipher\_descriptor table. It will store the MAC in \textit{out} with
2500 by using a cipher in CBC mode. It also uses a single key which it expands into the requisite three keys for the MAC function. A XCBC--MAC state is
2506 int cipher,
2511 This will initialize the XCBC--MAC state \textit{xcbc}, with the key specified in \textit{key} of length \textit{keylen} octets. The cipher indicated
2512 by the \textit{cipher} index can be either a 64 or 128--bit block cipher. This will return \textbf{CRYPT\_OK} on success.
2543 int cipher,
2548 This will compute the XCBC--MAC of \textit{msglen} bytes of \textit{msg}, using the key \textit{key} of length \textit{keylen} bytes, and the cipher
2549 specified by the \textit{cipher}'th entry in the cipher\_descriptor table. It will store the MAC in \textit{out} with the same rules as xcbc\_done().
2555 int cipher,
2561 Which will XCBC--MAC the entire contents of the file specified by \textit{filename} using the key \textit{key} of length \textit{keylen} bytes, and the cipher
2562 specified by the \textit{cipher}'th entry in the cipher\_descriptor table. It will store the MAC in \textit{out} with the same rules as xcbc\_done().
2576 The F9--MAC is yet another CBC--MAC variant proposed for the 3GPP standard. Originally specified to be used with the KASUMI block cipher, it can also be used
2577 with other ciphers. For LibTomCrypt, the F9--MAC code can use any cipher.
2581 bit followed by a 1 bit and enough zeros to make the message a multiple of the cipher block size. If the message is byte aligned, the padding takes on the form of
2592 int cipher,
2597 This will initialize the F9--MAC state \textit{f9}, with the key specified in \textit{key} of length \textit{keylen} octets. The cipher indicated
2598 by the \textit{cipher} index can be either a 64 or 128--bit block cipher. This will return \textbf{CRYPT\_OK} on success.
2629 int cipher,
2634 This will compute the F9--MAC of \textit{msglen} bytes of \textit{msg}, using the key \textit{key} of length \textit{keylen} bytes, and the cipher
2635 specified by the \textit{cipher}'th entry in the cipher\_descriptor table. It will store the MAC in \textit{out} with the same rules as f9\_done().
2641 int cipher,
2647 Which will F9--MAC the entire contents of the file specified by \textit{filename} using the key \textit{key} of length \textit{keylen} bytes, and the cipher
2648 specified by the \textit{cipher}'th entry in the cipher\_descriptor table. It will store the MAC in \textit{out} with the same rules as f9\_done().
2831 Just like the ciphers and hashes, you must register your prng before you can use it. The two functions provided work exactly as those for the cipher registry functions.
2851 \hline RC4 & rc4\_desc & Stream Cipher \\
2852 \hline SOBER-128 & sober128\_desc & Stream Cipher (also very fast PRNG) \\
2871 to work with most cipher and hash combos based on which you have chosen to build into the library.} while
2874 Fortuna is slightly less flexible than Yarrow in the sense that it only works with the AES block cipher
2875 and SHA--256 hash function. Technically, Fortuna will work with any block cipher that accepts a 256--bit
2887 RC4 is an old stream cipher that can also double duty as a PRNG in a pinch. You key RC4 by
2899 SOBER--128 is a stream cipher designed by the QUALCOMM Australia team. Like RC4, you key it by
2902 Note: this cipher has several oddities about how it operates. The first call to add\_entropy() sets the cipher's key.
2903 Every other time call to the add\_entropy() function sets the cipher's IV variable. The IV mechanism allows you to
5269 of your block cipher (e.g. 16 bytes for AES). This means sadly if you're on a platform with 57--bit words (or something) you can't
5280 cipher and a hash function.
5290 Twofish is a 128-bit symmetric block cipher that is provided within the library. The cipher itself is flexible enough
5293 defined will also greatly slow down the cipher. When this macro is not defined Twofish will pre-compute the
5294 tables at a cost of 4KB of memory. The cipher will be much faster as a result.
5296 When TWOFISH\_TABLES is defined the cipher will use pre-computed (and fixed in code) tables required to work. This is
5298 will increase by approximately 500 bytes. If this is defined but TWOFISH\_SMALL is not the cipher will still work but
5346 The entire API was designed with plug and play in mind at the low level. That is you can swap out any cipher, hash, PRNG or bignum library and the dependent API will not
5352 portable routines. For instance, hand optimized assembler versions of AES could be provided. Any existing function that uses the cipher could automatically use
5356 to functions that do the required work. For a given class of operation (e.g. cipher, hash, prng, bignum) the functions of a descriptor have identical prototypes which makes
5366 /** name of cipher */
5384 /** Setup the cipher
5416 /** Test the block cipher
5634 The \textit{name} parameter specifies the name of the cipher. This is what a developer would pass to find\_cipher() to find the cipher in the descriptor
5642 and both must valid key sizes for the cipher. Values in between are not assumed to be valid though they may be.
5651 To initialize a cipher (for ECB mode) the function setup() was provided. It accepts an array of key octets \textit{key} of length \textit{keylen} octets. The user
5668 cipher. For
5670 cannot be mapped to a valid key size for the cipher.
5673 The next set of functions cover the accelerated functionality of the cipher descriptor. Any combination of these functions may be set to \textbf{NULL} to indicate
5713 Note that calling lrw\_done() will only invoke the cipher\_descriptor[].done() function on the \textit{symmetric\_key} parameter of the LRW state. That means
5715 the plugin solely to do LRW with the cipher. That way cipher\_descriptor[].setup() means to init LRW resources and cipher\_descriptor[].done() means to