21.03.2013 Views

Problem - Kevin Tafuro

Problem - Kevin Tafuro

Problem - Kevin Tafuro

SHOW MORE
SHOW LESS

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

The functions spc_cipherq_encrypt( ) and spc_cipherq_decrypt( ) each take four<br />

arguments:<br />

q<br />

m<br />

SPC_CIPHERQ object to use for encryption or decryption.<br />

Message to be encrypted or decrypted.<br />

mlen<br />

Length of the message to be encrypted or decrypted, in bytes.<br />

ol<br />

The number of bytes returned from the encryption or decryption operation is<br />

stored in this integer pointer. This may be NULL if you don’t need the information.<br />

The number of bytes returned will always be the message length plus 16<br />

bytes for encryption, or the message length minus 16 bytes for decryption.<br />

These functions don’t check for counter rollover because you can use this API to<br />

send over 250 trillion messages with a single key, which should be adequate for any<br />

use.<br />

Instead of using such a large counter, it is a good idea to use only five<br />

bytes for the counter and initialize the rest with a random salt value.<br />

The random salt helps prevent against a class of problems in which the<br />

attacker amortizes the cost of an attack by targeting a large number of<br />

possible keys at once. In Recipe 9.12, we show a similar construction<br />

that uses both a salt and a counter in the nonce.<br />

If you do think you might send more messages under a single key, be sure to rekey in<br />

time. (This scheme is set up to handle at least four trillion keyings with a single base<br />

key.)<br />

In the previous code, the nonces are separately managed by both parties in the communication.<br />

They each increment by one when appropriate, and will fail to decrypt a<br />

message with the wrong nonce. Thus, this solution prevents capture replay attacks<br />

and detects message drops or message reordering, all as a result of implicit message<br />

numbering. Some people like explicit message numbering and would send at least a<br />

message number, if not the entire nonce, with each message (though you should<br />

always compare against the previous nonce to make sure it’s increasing). In addition,<br />

if there’s a random portion to the nonce as we suggested above, the random<br />

portion needs to be communicated to both parties. In Recipe 9.12, we send the<br />

nonce explicitly with each message, which helps communicate the portion randomly<br />

selected at connection setup time.<br />

It’s possible to mix and match calls to spc_cipherq_encrypt( ) and spc_cipherq_<br />

decrypt( ) using a single context. However, if you want to use this API in this manner,<br />

do so only if the communicating parties send messages in lockstep. If parties can<br />

220 | Chapter 5: Symmetric Encryption<br />

This is the Title of the Book, eMatter Edition<br />

Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!