Source-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: othersrc/external/bsd/mink
Module Name: othersrc
Committed By: agc
Date: Thu Jun 15 01:26:34 UTC 2017
Added Files:
othersrc/external/bsd/mink: Makefile README
othersrc/external/bsd/mink/bin: Makefile f f2
othersrc/external/bsd/mink/dist: 1.expected 1.mink 10.expected
11.expected 12.expected 13.mink 14.expected 14.mink 15.mink
16.expected 17.mink 18.expected 19.mink 2.expected 2.mink
20.expected 21.mink 22.expected 23.mink 24.expected 25.mink
26.expected 27.mink 28.expected 29.mink 3.expected 30.expected
31.mink 32.expected 33.mink 34.expected 35.mink 36.expected 37.mink
38.expected 39.mink 4.expected 4.mink 40.expected 41.mink
42.expected 43.mink 44.expected 45.mink 46.expected 47.mink
48.expected 49.expected 49.mink 5.expected 5.mink 50.mink
51.expected 52.mink 53.expected 54.mink 55.expected 56.mink
57.expected 58.mink 59.expected 6.expected 60.mink 61.expected
63.expected 65.expected 67.expected 69.expected 7.mink 71.expected
8.expected 9.mink Makefile aes-eax.c aes-eax.h aes-gcm.c aes-gcm.h
aes-omac1.c aes-omac1.h libmink.3 main.c mink.1 mink.c mink.h
netaes.c netaes.h regex2.c regex2.h rijndael-alg-fst.c
rijndael-alg-fst.h rijndael-api-fst.c rijndael-api-fst.h rijndael.c
rijndael.h rijndael_local.h text.c text.h
othersrc/external/bsd/mink/lib: Makefile shlib_version
Log Message:
Add mink, version 20170614, to othersrc. From the README:
This is a small library and utility program which transforms input
data into output data, concealing and revealing along the way. Rather
than just do one round of encryption, this can do multiple rounds on
the same data. All kinds of bit and byte rotation, mirroring around a
diagonal, Xor, and AES are provided, including raw AES, and CBC, CTR,
EAX and GCM modes.
Small awk-like scripts are written to transform the data; the same
script is used in each direction.
Keys, IVs and AADs are specified in the script, or can be read from
the terminal, working from a prompt. This is true for strings used
to xor data.
Thus, to extract the original from a file that has already been
transformed, you need to know not only the keys/IVs/AADs being used,
you need to know all the arguments used for bitwise rotations,
repetitions of AES encryption, and order of transformations specified
in the script. To discourage timing attacks, random data is encrypted
a random number of times after each transformation in the script.
It may be best to describe this in a worked example:
% echo 'Input data' | mink -e 'bswap 32' > scrambled
% hexdump -C scrambled
00000000 75 70 6e 49 61 64 20 74 00 0a 61 74 00 00 00 00 |upnIad t..at....|
00000010
% mink -c 11 'bswap 32' scrambled
Input data
%
But mink is designed to work with multiple encryption transformations:
% echo 'Input data' | mink -e 'bitrotr 3; bswap 32' > encrypted
% hexdump -C encrypted
00000000 ab 83 73 4a 0b 23 01 a3 00 50 0b a3 00 00 00 00 |..sJ.#...P......|
00000010
% mink -c 11 'bitrotr 3; bswap 32' encrypted
Input data
%
And the instructions are usually entered into a file, for ease of use of
decryption:
% cat 1.mink
bitrotr 3
bswap 32
% echo 'Input data' | mink -e -f 1.mink > encrypted
% mink -f 1.mink -c 11 encrypted
Input data
%
However, the main way that mink shines is when using more advanced methods
of (symmetric) encryption. And, for these, we need keys and IVs:
% sed 15q < /usr/share/dict/words > in
% wc in
15 15 92 in
% cat 2.mink
setkey 0 "key number one"
setkey 1 "IV?"?
bitrotr 3
aes128-ctr 0 1 2367
%
After the first 2 commands, we have a 92byte file to work with. We
also have introduced 128 bit AES in CTR mode, using 2 keys, and
running for 2367 repetitions. The "setkey" lines set up the strings
to be used for keys and IVs. Hex escapes (\xAB) can be used to
express 8bit entities. If a setkey string is followed by a question
mark, the string is taken to be a prompt, and the user is asked to
enter the string. getpass(3) is used for this. Strings are assigned
to numeric slots, which do not need to be contiguous or sequential,
but are easier to remember that way. The invocation of aes128-ctr
above means "use string in slot 0 as the key", use the string input by
the user as an IV, and repeat the ctr encryption 2367 times.
% mink -e -f 2.mink -o encrypted in
IV?
% hexdump -C encrypted
00000000 c2 16 39 77 9c 98 fd 4d 52 d0 27 17 35 03 e4 f0 |..9w...MR.'.5...|
00000010 15 5c a0 78 ad 19 77 21 c4 f0 f9 e3 ee a5 b4 1c |.\.x..w!........|
00000020 bd 37 06 ad a4 d6 53 f8 ed de 12 8c 05 95 cc 55 |.7....S........U|
00000030 c4 08 fd cb 8c 1f b5 af 7c 00 50 75 04 d1 2e 3b |........|.Pu...;|
00000040 63 70 53 5e ba 8b 41 42 2f 3e aa 81 fe 48 5c e7 |cpS^..AB/>...H\.|
00000050 a9 7c 8a 33 13 d4 d9 af fe 6a d4 be 3e c5 7d 9f |.|.3.....j..>.}.|
00000060
% mink -f 2.mink -c 92 encrypted
IV?
A
a
aa
aal
aalii
aam
Aani
aardvark
aardwolf
Aaron
Aaronic
Aaronical
Aaronite
Aaronitic
Aaru
% # the user entered the wrong IV in the next invocation of mink
% mink -f 2.mink -c 92 encrypted | hexdump -C
IV?
00000000 21 82 48 b5 93 dd c9 c9 47 56 10 ee 98 43 ab 91 |!.H.....GV...C..|
00000010 53 96 b3 3d 61 9a fc 87 5a 8f 06 d9 0b 40 47 1d |S..=a...Z....@G.|
00000020 8f 00 95 89 ef 79 7a ed c5 fa 5b 01 0c 8f 58 8c |.....yz...[...X.|
00000030 f8 11 52 fe d9 86 4b fa 71 a8 8b 6b 6f d6 59 31 |..R...K.q..ko.Y1|
00000040 ad 29 60 64 ba 27 e0 d2 3c 4c f2 6d 39 11 cd f4 |.)`d.'..<L.m9...|
00000050 8c b3 dc d3 b8 5e d0 48 6e ee 99 61 |.....^.Hn..a|
0000005c
%
Please also note that the number of repetitions for operations is important:
% mink -v 0=zero -v1=two -e 'aes256-ctr 0 1 1330' Makefile | hexdump -C
00000000 31 3b 82 97 22 e4 ef 26 a7 f3 61 66 02 81 94 4c |1;.."..&..af...L|
00000010 12 9f a5 63 cf 95 68 ab 00 46 c3 cd b7 c3 35 f4 |...c..h..F....5.|
00000020 0d 99 cb 11 c8 0c df ff 88 85 54 7a e9 4c 66 7b |..........Tz.Lf{|
00000030 cd b5 7d 27 c0 45 70 d8 cd 85 dc 2c 11 e7 df 07 |..}'.Ep....,....|
00000040 aa e2 06 d1 85 a8 96 8d 4f d6 f4 8d ab 22 4a b4 |........O...."J.|
00000050 12 60 30 31 43 63 5c 73 36 1e d6 77 21 6d ff 9e |.`01Cc\s6..w!m..|
00000060 7c 6e 52 65 7e 4c 6b d3 4d 8c 5d 2f e3 6c 87 b9 ||nRe~Lk.M.]/.l..|
00000070 87 d6 f6 ad 84 f9 22 72 d3 46 80 7c ce fb 87 2b |......"r.F.|...+|
00000080 b0 7f 89 13 73 5a 3e 75 b3 37 60 cf e7 a0 65 4e |....sZ>u.7`...eN|
00000090
% mink -v 0=zero -v1=two -e 'aes256-ctr 0 1 1331' Makefile | hexdump -C
00000000 c3 0e b6 08 d1 56 0b 18 c5 2a 80 97 d2 64 85 b2 |.....V...*...d..|
00000010 d1 42 b8 92 33 00 fd c5 ae ae a8 c5 8f 50 ce 3f |.B..3........P.?|
00000020 18 64 ea fc f8 06 17 ae 62 9e c2 eb 1d d3 4d 84 |.d......b.....M.|
00000030 15 bb b4 da 6a 0c b4 3b fe 4e 55 41 4e 43 75 64 |....j..;.NUANCud|
00000040 62 70 ad 45 fd 06 5a 87 dc 0d 62 71 9b 0d ab d7 |bp.E..Z...bq....|
00000050 0f ba ab 64 28 10 f5 fb fd 05 60 9e 89 38 f2 e9 |...d(.....`..8..|
00000060 e6 fd 78 76 24 f3 da 82 f3 22 94 bb 8b 30 92 d7 |..xv$...."...0..|
00000070 5f 38 94 16 f4 d9 02 2b 89 37 49 e6 f3 93 23 be |_8.....+.7I...#.|
00000080 34 f7 43 c2 c3 69 ec 93 76 62 f0 ba c1 2c 96 00 |4.C..i..vb...,..|
00000090
%
After the data has been encrypted by mink, anyone wanting to read the
original data needs to know ALL of:
1. the exact statements of the transformation script, i.e. the bitrotr, bswap,
aes128/256 commands
2. the order of these commands - for example, AES encryption before
using a bit rotation will produce a different result to that where the
same bitwise rotation is done before AES:
% echo 'Input data' | mink -e 'setkey 0 "key"; setkey 1 "iv" ; aes128 0 1 3; bitrotr 4' | hexdump -C
00000000 ef b3 4e 04 a1 13 47 01 3b 16 d9 66 ef 3a da 00 |..N...G.;..f.:..|
00000010
% echo 'Input data' | mink -e 'bitrotr 4; setkey 0 "key"; setkey 1 "iv" ; aes128 0 1 3' | hexdump -C
00000000 89 36 80 e8 32 4d 74 62 2c 9a 02 ea 28 a9 74 6b |.6..2Mtb,...(.tk|
00000010
3. The keys and IVs used for any AES operations, and any AAD used in
AEAD transformations such as EAX or GCM, or strings used in XOR
transformations
4. The number of repetitions of AES encryption to perform
Arbitrarily complex scripts can be used, which would help if proof of work
is to be a part of the data transformation.
The list of transformation methods is as follows:
aes(128|256)-cbc key iv reps
aes(128|256)-ctr key iv reps
aes(128|256)-eax key iv aad reps
aes(128|256)-gcm key iv aad reps
aes(128|256) key
bitrotl nbits
bitrotr nbits
byteswap nbits
diagonal number
reverse
rol nbytes
ror nbytes
xor string
In addition, these transformations can be further specified to apply
to a range of input data - the offset and length can be appended to
each of the instructions above, using the form off:n len:m, where n
and m are both decimal integers.
After every instruction is executed, a random number of iterations of
AES encrypting random data are performed. This is intended to
minimise the effect of timing attacks.
Alistair Crooks
Wed Jun 14 18:08:15 PDT 2017
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 othersrc/external/bsd/mink/Makefile \
othersrc/external/bsd/mink/README
cvs rdiff -u -r0 -r1.1 othersrc/external/bsd/mink/bin/Makefile \
othersrc/external/bsd/mink/bin/f othersrc/external/bsd/mink/bin/f2
cvs rdiff -u -r0 -r1.1 othersrc/external/bsd/mink/dist/1.expected \
othersrc/external/bsd/mink/dist/1.mink \
othersrc/external/bsd/mink/dist/10.expected \
othersrc/external/bsd/mink/dist/11.expected \
othersrc/external/bsd/mink/dist/12.expected \
othersrc/external/bsd/mink/dist/13.mink \
othersrc/external/bsd/mink/dist/14.expected \
othersrc/external/bsd/mink/dist/14.mink \
othersrc/external/bsd/mink/dist/15.mink \
othersrc/external/bsd/mink/dist/16.expected \
othersrc/external/bsd/mink/dist/17.mink \
othersrc/external/bsd/mink/dist/18.expected \
othersrc/external/bsd/mink/dist/19.mink \
othersrc/external/bsd/mink/dist/2.expected \
othersrc/external/bsd/mink/dist/2.mink \
othersrc/external/bsd/mink/dist/20.expected \
othersrc/external/bsd/mink/dist/21.mink \
othersrc/external/bsd/mink/dist/22.expected \
othersrc/external/bsd/mink/dist/23.mink \
othersrc/external/bsd/mink/dist/24.expected \
othersrc/external/bsd/mink/dist/25.mink \
othersrc/external/bsd/mink/dist/26.expected \
othersrc/external/bsd/mink/dist/27.mink \
othersrc/external/bsd/mink/dist/28.expected \
othersrc/external/bsd/mink/dist/29.mink \
othersrc/external/bsd/mink/dist/3.expected \
othersrc/external/bsd/mink/dist/30.expected \
othersrc/external/bsd/mink/dist/31.mink \
othersrc/external/bsd/mink/dist/32.expected \
othersrc/external/bsd/mink/dist/33.mink \
othersrc/external/bsd/mink/dist/34.expected \
othersrc/external/bsd/mink/dist/35.mink \
othersrc/external/bsd/mink/dist/36.expected \
othersrc/external/bsd/mink/dist/37.mink \
othersrc/external/bsd/mink/dist/38.expected \
othersrc/external/bsd/mink/dist/39.mink \
othersrc/external/bsd/mink/dist/4.expected \
othersrc/external/bsd/mink/dist/4.mink \
othersrc/external/bsd/mink/dist/40.expected \
othersrc/external/bsd/mink/dist/41.mink \
othersrc/external/bsd/mink/dist/42.expected \
othersrc/external/bsd/mink/dist/43.mink \
othersrc/external/bsd/mink/dist/44.expected \
othersrc/external/bsd/mink/dist/45.mink \
othersrc/external/bsd/mink/dist/46.expected \
othersrc/external/bsd/mink/dist/47.mink \
othersrc/external/bsd/mink/dist/48.expected \
othersrc/external/bsd/mink/dist/49.expected \
othersrc/external/bsd/mink/dist/49.mink \
othersrc/external/bsd/mink/dist/5.expected \
othersrc/external/bsd/mink/dist/5.mink \
othersrc/external/bsd/mink/dist/50.mink \
othersrc/external/bsd/mink/dist/51.expected \
othersrc/external/bsd/mink/dist/52.mink \
othersrc/external/bsd/mink/dist/53.expected \
othersrc/external/bsd/mink/dist/54.mink \
othersrc/external/bsd/mink/dist/55.expected \
othersrc/external/bsd/mink/dist/56.mink \
othersrc/external/bsd/mink/dist/57.expected \
othersrc/external/bsd/mink/dist/58.mink \
othersrc/external/bsd/mink/dist/59.expected \
othersrc/external/bsd/mink/dist/6.expected \
othersrc/external/bsd/mink/dist/60.mink \
othersrc/external/bsd/mink/dist/61.expected \
othersrc/external/bsd/mink/dist/63.expected \
othersrc/external/bsd/mink/dist/65.expected \
othersrc/external/bsd/mink/dist/67.expected \
othersrc/external/bsd/mink/dist/69.expected \
othersrc/external/bsd/mink/dist/7.mink \
othersrc/external/bsd/mink/dist/71.expected \
othersrc/external/bsd/mink/dist/8.expected \
othersrc/external/bsd/mink/dist/9.mink \
othersrc/external/bsd/mink/dist/Makefile \
othersrc/external/bsd/mink/dist/aes-eax.c \
othersrc/external/bsd/mink/dist/aes-eax.h \
othersrc/external/bsd/mink/dist/aes-gcm.c \
othersrc/external/bsd/mink/dist/aes-gcm.h \
othersrc/external/bsd/mink/dist/aes-omac1.c \
othersrc/external/bsd/mink/dist/aes-omac1.h \
othersrc/external/bsd/mink/dist/libmink.3 \
othersrc/external/bsd/mink/dist/main.c \
othersrc/external/bsd/mink/dist/mink.1 \
othersrc/external/bsd/mink/dist/mink.c \
othersrc/external/bsd/mink/dist/mink.h \
othersrc/external/bsd/mink/dist/netaes.c \
othersrc/external/bsd/mink/dist/netaes.h \
othersrc/external/bsd/mink/dist/regex2.c \
othersrc/external/bsd/mink/dist/regex2.h \
othersrc/external/bsd/mink/dist/rijndael-alg-fst.c \
othersrc/external/bsd/mink/dist/rijndael-alg-fst.h \
othersrc/external/bsd/mink/dist/rijndael-api-fst.c \
othersrc/external/bsd/mink/dist/rijndael-api-fst.h \
othersrc/external/bsd/mink/dist/rijndael.c \
othersrc/external/bsd/mink/dist/rijndael.h \
othersrc/external/bsd/mink/dist/rijndael_local.h \
othersrc/external/bsd/mink/dist/text.c \
othersrc/external/bsd/mink/dist/text.h
cvs rdiff -u -r0 -r1.1 othersrc/external/bsd/mink/lib/Makefile \
othersrc/external/bsd/mink/lib/shlib_version
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index