21.03.2013 Views

Problem - Kevin Tafuro

Problem - Kevin Tafuro

Problem - Kevin Tafuro

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

The functions spc_cipherq_encrypt( ) and spc_cipherq_decrypt( ) each take four<br />

arguments:<br />

q<br />

m<br />

SPC_CIPHERQ object to use for encryption or decryption.<br />

Message to be encrypted or decrypted.<br />

mlen<br />

Length of the message to be encrypted or decrypted, in bytes.<br />

ol<br />

The number of bytes returned from the encryption or decryption operation is<br />

stored in this integer pointer. This may be NULL if you don’t need the information.<br />

The number of bytes returned will always be the message length plus 16<br />

bytes for encryption, or the message length minus 16 bytes for decryption.<br />

These functions don’t check for counter rollover because you can use this API to<br />

send over 250 trillion messages with a single key, which should be adequate for any<br />

use.<br />

Instead of using such a large counter, it is a good idea to use only five<br />

bytes for the counter and initialize the rest with a random salt value.<br />

The random salt helps prevent against a class of problems in which the<br />

attacker amortizes the cost of an attack by targeting a large number of<br />

possible keys at once. In Recipe 9.12, we show a similar construction<br />

that uses both a salt and a counter in the nonce.<br />

If you do think you might send more messages under a single key, be sure to rekey in<br />

time. (This scheme is set up to handle at least four trillion keyings with a single base<br />

key.)<br />

In the previous code, the nonces are separately managed by both parties in the communication.<br />

They each increment by one when appropriate, and will fail to decrypt a<br />

message with the wrong nonce. Thus, this solution prevents capture replay attacks<br />

and detects message drops or message reordering, all as a result of implicit message<br />

numbering. Some people like explicit message numbering and would send at least a<br />

message number, if not the entire nonce, with each message (though you should<br />

always compare against the previous nonce to make sure it’s increasing). In addition,<br />

if there’s a random portion to the nonce as we suggested above, the random<br />

portion needs to be communicated to both parties. In Recipe 9.12, we send the<br />

nonce explicitly with each message, which helps communicate the portion randomly<br />

selected at connection setup time.<br />

It’s possible to mix and match calls to spc_cipherq_encrypt( ) and spc_cipherq_<br />

decrypt( ) using a single context. However, if you want to use this API in this manner,<br />

do so only if the communicating parties send messages in lockstep. If parties can<br />

220 | Chapter 5: Symmetric Encryption<br />

This is the Title of the Book, eMatter Edition<br />

Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!