Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: othersrc/external/bsd/mink



Module Name:    othersrc
Committed By:   agc
Date:           Thu Jun 15 01:26:34 UTC 2017

Added Files:
        othersrc/external/bsd/mink: Makefile README
        othersrc/external/bsd/mink/bin: Makefile f f2
        othersrc/external/bsd/mink/dist: 1.expected 1.mink 10.expected
            11.expected 12.expected 13.mink 14.expected 14.mink 15.mink
            16.expected 17.mink 18.expected 19.mink 2.expected 2.mink
            20.expected 21.mink 22.expected 23.mink 24.expected 25.mink
            26.expected 27.mink 28.expected 29.mink 3.expected 30.expected
            31.mink 32.expected 33.mink 34.expected 35.mink 36.expected 37.mink
            38.expected 39.mink 4.expected 4.mink 40.expected 41.mink
            42.expected 43.mink 44.expected 45.mink 46.expected 47.mink
            48.expected 49.expected 49.mink 5.expected 5.mink 50.mink
            51.expected 52.mink 53.expected 54.mink 55.expected 56.mink
            57.expected 58.mink 59.expected 6.expected 60.mink 61.expected
            63.expected 65.expected 67.expected 69.expected 7.mink 71.expected
            8.expected 9.mink Makefile aes-eax.c aes-eax.h aes-gcm.c aes-gcm.h
            aes-omac1.c aes-omac1.h libmink.3 main.c mink.1 mink.c mink.h
            netaes.c netaes.h regex2.c regex2.h rijndael-alg-fst.c
            rijndael-alg-fst.h rijndael-api-fst.c rijndael-api-fst.h rijndael.c
            rijndael.h rijndael_local.h text.c text.h
        othersrc/external/bsd/mink/lib: Makefile shlib_version

Log Message:
Add mink, version 20170614, to othersrc. From the README:

        This is a small library and utility program which transforms input
        data into output data, concealing and revealing along the way.  Rather
        than just do one round of encryption, this can do multiple rounds on
        the same data.  All kinds of bit and byte rotation, mirroring around a
        diagonal, Xor, and AES are provided, including raw AES, and CBC, CTR,
        EAX and GCM modes.

        Small awk-like scripts are written to transform the data; the same
        script is used in each direction.

        Keys, IVs and AADs are specified in the script, or can be read from
        the terminal, working from a prompt. This is true for strings used
        to xor data.

        Thus, to extract the original from a file that has already been
        transformed, you need to know not only the keys/IVs/AADs being used,
        you need to know all the arguments used for bitwise rotations,
        repetitions of AES encryption, and order of transformations specified
        in the script. To discourage timing attacks, random data is encrypted
        a random number of times after each transformation in the script.

        It may be best to describe this in a worked example:

        % echo 'Input data' | mink -e 'bswap 32' > scrambled
        % hexdump -C scrambled
        00000000  75 70 6e 49 61 64 20 74  00 0a 61 74 00 00 00 00  |upnIad t..at....|
        00000010
        % mink -c 11 'bswap 32' scrambled
        Input data
        %

        But mink is designed to work with multiple encryption transformations:

        % echo 'Input data' | mink -e 'bitrotr 3; bswap 32' > encrypted
        % hexdump -C encrypted
        00000000  ab 83 73 4a 0b 23 01 a3  00 50 0b a3 00 00 00 00  |..sJ.#...P......|
        00000010
        % mink -c 11 'bitrotr 3; bswap 32' encrypted
        Input data
        %

        And the instructions are usually entered into a file, for ease of use of
        decryption:

        % cat 1.mink
        bitrotr 3
        bswap 32
        % echo 'Input data' | mink -e -f 1.mink > encrypted
        % mink -f 1.mink -c 11 encrypted
        Input data
        %

        However, the main way that mink shines is when using more advanced methods
        of (symmetric) encryption. And, for these, we need keys and IVs:

        % sed 15q < /usr/share/dict/words > in
        % wc in
              15      15      92 in
        % cat 2.mink
        setkey 0 "key number one"
        setkey 1 "IV?"?
        bitrotr 3
        aes128-ctr 0 1 2367
        %

        After the first 2 commands, we have a 92byte file to work with.  We
        also have introduced 128 bit AES in CTR mode, using 2 keys, and
        running for 2367 repetitions.  The "setkey" lines set up the strings
        to be used for keys and IVs.  Hex escapes (\xAB) can be used to
        express 8bit entities.  If a setkey string is followed by a question
        mark, the string is taken to be a prompt, and the user is asked to
        enter the string.  getpass(3) is used for this.  Strings are assigned
        to numeric slots, which do not need to be contiguous or sequential,
        but are easier to remember that way.  The invocation of aes128-ctr
        above means "use string in slot 0 as the key", use the string input by
        the user as an IV, and repeat the ctr encryption 2367 times.

        % mink -e -f 2.mink -o encrypted in
        IV?
        % hexdump -C encrypted
        00000000  c2 16 39 77 9c 98 fd 4d  52 d0 27 17 35 03 e4 f0  |..9w...MR.'.5...|
        00000010  15 5c a0 78 ad 19 77 21  c4 f0 f9 e3 ee a5 b4 1c  |.\.x..w!........|
        00000020  bd 37 06 ad a4 d6 53 f8  ed de 12 8c 05 95 cc 55  |.7....S........U|
        00000030  c4 08 fd cb 8c 1f b5 af  7c 00 50 75 04 d1 2e 3b  |........|.Pu...;|
        00000040  63 70 53 5e ba 8b 41 42  2f 3e aa 81 fe 48 5c e7  |cpS^..AB/>...H\.|
        00000050  a9 7c 8a 33 13 d4 d9 af  fe 6a d4 be 3e c5 7d 9f  |.|.3.....j..>.}.|
        00000060
        % mink -f 2.mink -c 92 encrypted
        IV?
        A
        a
        aa
        aal
        aalii
        aam
        Aani
        aardvark
        aardwolf
        Aaron
        Aaronic
        Aaronical
        Aaronite
        Aaronitic
        Aaru
        % # the user entered the wrong IV in the next invocation of mink
        % mink -f 2.mink -c 92 encrypted | hexdump -C
        IV?
        00000000  21 82 48 b5 93 dd c9 c9  47 56 10 ee 98 43 ab 91  |!.H.....GV...C..|
        00000010  53 96 b3 3d 61 9a fc 87  5a 8f 06 d9 0b 40 47 1d  |S..=a...Z....@G.|
        00000020  8f 00 95 89 ef 79 7a ed  c5 fa 5b 01 0c 8f 58 8c  |.....yz...[...X.|
        00000030  f8 11 52 fe d9 86 4b fa  71 a8 8b 6b 6f d6 59 31  |..R...K.q..ko.Y1|
        00000040  ad 29 60 64 ba 27 e0 d2  3c 4c f2 6d 39 11 cd f4  |.)`d.'..<L.m9...|
        00000050  8c b3 dc d3 b8 5e d0 48  6e ee 99 61              |.....^.Hn..a|
        0000005c
        %

        Please also note that the number of repetitions for operations is important:

        % mink -v 0=zero -v1=two -e 'aes256-ctr 0 1 1330' Makefile | hexdump -C
        00000000  31 3b 82 97 22 e4 ef 26  a7 f3 61 66 02 81 94 4c  |1;.."..&..af...L|
        00000010  12 9f a5 63 cf 95 68 ab  00 46 c3 cd b7 c3 35 f4  |...c..h..F....5.|
        00000020  0d 99 cb 11 c8 0c df ff  88 85 54 7a e9 4c 66 7b  |..........Tz.Lf{|
        00000030  cd b5 7d 27 c0 45 70 d8  cd 85 dc 2c 11 e7 df 07  |..}'.Ep....,....|
        00000040  aa e2 06 d1 85 a8 96 8d  4f d6 f4 8d ab 22 4a b4  |........O...."J.|
        00000050  12 60 30 31 43 63 5c 73  36 1e d6 77 21 6d ff 9e  |.`01Cc\s6..w!m..|
        00000060  7c 6e 52 65 7e 4c 6b d3  4d 8c 5d 2f e3 6c 87 b9  ||nRe~Lk.M.]/.l..|
        00000070  87 d6 f6 ad 84 f9 22 72  d3 46 80 7c ce fb 87 2b  |......"r.F.|...+|
        00000080  b0 7f 89 13 73 5a 3e 75  b3 37 60 cf e7 a0 65 4e  |....sZ>u.7`...eN|
        00000090
        % mink -v 0=zero -v1=two -e 'aes256-ctr 0 1 1331' Makefile | hexdump -C
        00000000  c3 0e b6 08 d1 56 0b 18  c5 2a 80 97 d2 64 85 b2  |.....V...*...d..|
        00000010  d1 42 b8 92 33 00 fd c5  ae ae a8 c5 8f 50 ce 3f  |.B..3........P.?|
        00000020  18 64 ea fc f8 06 17 ae  62 9e c2 eb 1d d3 4d 84  |.d......b.....M.|
        00000030  15 bb b4 da 6a 0c b4 3b  fe 4e 55 41 4e 43 75 64  |....j..;.NUANCud|
        00000040  62 70 ad 45 fd 06 5a 87  dc 0d 62 71 9b 0d ab d7  |bp.E..Z...bq....|
        00000050  0f ba ab 64 28 10 f5 fb  fd 05 60 9e 89 38 f2 e9  |...d(.....`..8..|
        00000060  e6 fd 78 76 24 f3 da 82  f3 22 94 bb 8b 30 92 d7  |..xv$...."...0..|
        00000070  5f 38 94 16 f4 d9 02 2b  89 37 49 e6 f3 93 23 be  |_8.....+.7I...#.|
        00000080  34 f7 43 c2 c3 69 ec 93  76 62 f0 ba c1 2c 96 00  |4.C..i..vb...,..|
        00000090
        %

        After the data has been encrypted by mink, anyone wanting to read the
        original data needs to know ALL of:

        1. the exact statements of the transformation script, i.e. the bitrotr, bswap,
        aes128/256 commands

        2.  the order of these commands - for example, AES encryption before
        using a bit rotation will produce a different result to that where the
        same bitwise rotation is done before AES:

        % echo 'Input data' | mink -e 'setkey 0 "key"; setkey 1 "iv" ; aes128 0 1 3; bitrotr 4' | hexdump -C
        00000000  ef b3 4e 04 a1 13 47 01  3b 16 d9 66 ef 3a da 00  |..N...G.;..f.:..|
        00000010
        % echo 'Input data' | mink -e 'bitrotr 4; setkey 0 "key"; setkey 1 "iv" ; aes128 0 1 3' | hexdump -C
        00000000  89 36 80 e8 32 4d 74 62  2c 9a 02 ea 28 a9 74 6b  |.6..2Mtb,...(.tk|
        00000010

        3.  The keys and IVs used for any AES operations, and any AAD used in
        AEAD transformations such as EAX or GCM, or strings used in XOR
        transformations

        4. The number of repetitions of AES encryption to perform

        Arbitrarily complex scripts can be used, which would help if proof of work
        is to be a part of the data transformation.

        The list of transformation methods is as follows:

                aes(128|256)-cbc key iv reps
                aes(128|256)-ctr key iv reps
                aes(128|256)-eax key iv aad reps
                aes(128|256)-gcm key iv aad reps
                aes(128|256) key
                bitrotl nbits
                bitrotr nbits
                byteswap nbits
                diagonal number
                reverse
                rol nbytes
                ror nbytes
                xor string

        In addition, these transformations can be further specified to apply
        to a range of input data - the offset and length can be appended to
        each of the instructions above, using the form off:n len:m, where n
        and m are both decimal integers.

        After every instruction is executed, a random number of iterations of
        AES encrypting random data are performed.  This is intended to
        minimise the effect of timing attacks.

        Alistair Crooks
        Wed Jun 14 18:08:15 PDT 2017


To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 othersrc/external/bsd/mink/Makefile \
    othersrc/external/bsd/mink/README
cvs rdiff -u -r0 -r1.1 othersrc/external/bsd/mink/bin/Makefile \
    othersrc/external/bsd/mink/bin/f othersrc/external/bsd/mink/bin/f2
cvs rdiff -u -r0 -r1.1 othersrc/external/bsd/mink/dist/1.expected \
    othersrc/external/bsd/mink/dist/1.mink \
    othersrc/external/bsd/mink/dist/10.expected \
    othersrc/external/bsd/mink/dist/11.expected \
    othersrc/external/bsd/mink/dist/12.expected \
    othersrc/external/bsd/mink/dist/13.mink \
    othersrc/external/bsd/mink/dist/14.expected \
    othersrc/external/bsd/mink/dist/14.mink \
    othersrc/external/bsd/mink/dist/15.mink \
    othersrc/external/bsd/mink/dist/16.expected \
    othersrc/external/bsd/mink/dist/17.mink \
    othersrc/external/bsd/mink/dist/18.expected \
    othersrc/external/bsd/mink/dist/19.mink \
    othersrc/external/bsd/mink/dist/2.expected \
    othersrc/external/bsd/mink/dist/2.mink \
    othersrc/external/bsd/mink/dist/20.expected \
    othersrc/external/bsd/mink/dist/21.mink \
    othersrc/external/bsd/mink/dist/22.expected \
    othersrc/external/bsd/mink/dist/23.mink \
    othersrc/external/bsd/mink/dist/24.expected \
    othersrc/external/bsd/mink/dist/25.mink \
    othersrc/external/bsd/mink/dist/26.expected \
    othersrc/external/bsd/mink/dist/27.mink \
    othersrc/external/bsd/mink/dist/28.expected \
    othersrc/external/bsd/mink/dist/29.mink \
    othersrc/external/bsd/mink/dist/3.expected \
    othersrc/external/bsd/mink/dist/30.expected \
    othersrc/external/bsd/mink/dist/31.mink \
    othersrc/external/bsd/mink/dist/32.expected \
    othersrc/external/bsd/mink/dist/33.mink \
    othersrc/external/bsd/mink/dist/34.expected \
    othersrc/external/bsd/mink/dist/35.mink \
    othersrc/external/bsd/mink/dist/36.expected \
    othersrc/external/bsd/mink/dist/37.mink \
    othersrc/external/bsd/mink/dist/38.expected \
    othersrc/external/bsd/mink/dist/39.mink \
    othersrc/external/bsd/mink/dist/4.expected \
    othersrc/external/bsd/mink/dist/4.mink \
    othersrc/external/bsd/mink/dist/40.expected \
    othersrc/external/bsd/mink/dist/41.mink \
    othersrc/external/bsd/mink/dist/42.expected \
    othersrc/external/bsd/mink/dist/43.mink \
    othersrc/external/bsd/mink/dist/44.expected \
    othersrc/external/bsd/mink/dist/45.mink \
    othersrc/external/bsd/mink/dist/46.expected \
    othersrc/external/bsd/mink/dist/47.mink \
    othersrc/external/bsd/mink/dist/48.expected \
    othersrc/external/bsd/mink/dist/49.expected \
    othersrc/external/bsd/mink/dist/49.mink \
    othersrc/external/bsd/mink/dist/5.expected \
    othersrc/external/bsd/mink/dist/5.mink \
    othersrc/external/bsd/mink/dist/50.mink \
    othersrc/external/bsd/mink/dist/51.expected \
    othersrc/external/bsd/mink/dist/52.mink \
    othersrc/external/bsd/mink/dist/53.expected \
    othersrc/external/bsd/mink/dist/54.mink \
    othersrc/external/bsd/mink/dist/55.expected \
    othersrc/external/bsd/mink/dist/56.mink \
    othersrc/external/bsd/mink/dist/57.expected \
    othersrc/external/bsd/mink/dist/58.mink \
    othersrc/external/bsd/mink/dist/59.expected \
    othersrc/external/bsd/mink/dist/6.expected \
    othersrc/external/bsd/mink/dist/60.mink \
    othersrc/external/bsd/mink/dist/61.expected \
    othersrc/external/bsd/mink/dist/63.expected \
    othersrc/external/bsd/mink/dist/65.expected \
    othersrc/external/bsd/mink/dist/67.expected \
    othersrc/external/bsd/mink/dist/69.expected \
    othersrc/external/bsd/mink/dist/7.mink \
    othersrc/external/bsd/mink/dist/71.expected \
    othersrc/external/bsd/mink/dist/8.expected \
    othersrc/external/bsd/mink/dist/9.mink \
    othersrc/external/bsd/mink/dist/Makefile \
    othersrc/external/bsd/mink/dist/aes-eax.c \
    othersrc/external/bsd/mink/dist/aes-eax.h \
    othersrc/external/bsd/mink/dist/aes-gcm.c \
    othersrc/external/bsd/mink/dist/aes-gcm.h \
    othersrc/external/bsd/mink/dist/aes-omac1.c \
    othersrc/external/bsd/mink/dist/aes-omac1.h \
    othersrc/external/bsd/mink/dist/libmink.3 \
    othersrc/external/bsd/mink/dist/main.c \
    othersrc/external/bsd/mink/dist/mink.1 \
    othersrc/external/bsd/mink/dist/mink.c \
    othersrc/external/bsd/mink/dist/mink.h \
    othersrc/external/bsd/mink/dist/netaes.c \
    othersrc/external/bsd/mink/dist/netaes.h \
    othersrc/external/bsd/mink/dist/regex2.c \
    othersrc/external/bsd/mink/dist/regex2.h \
    othersrc/external/bsd/mink/dist/rijndael-alg-fst.c \
    othersrc/external/bsd/mink/dist/rijndael-alg-fst.h \
    othersrc/external/bsd/mink/dist/rijndael-api-fst.c \
    othersrc/external/bsd/mink/dist/rijndael-api-fst.h \
    othersrc/external/bsd/mink/dist/rijndael.c \
    othersrc/external/bsd/mink/dist/rijndael.h \
    othersrc/external/bsd/mink/dist/rijndael_local.h \
    othersrc/external/bsd/mink/dist/text.c \
    othersrc/external/bsd/mink/dist/text.h
cvs rdiff -u -r0 -r1.1 othersrc/external/bsd/mink/lib/Makefile \
    othersrc/external/bsd/mink/lib/shlib_version

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index