| |
| |
Preface | |
| |
| |
| |
Introduction | |
| |
| |
Introduction | |
| |
| |
Threat Models | |
| |
| |
What Is Cryptography? | |
| |
| |
Cryptographic Goals | |
| |
| |
Privacy | |
| |
| |
Integrity | |
| |
| |
Authentication | |
| |
| |
Nonrepudiation | |
| |
| |
Goals in a Nutshell | |
| |
| |
Asset Management | |
| |
| |
Privacy and Authentication | |
| |
| |
Life of Data | |
| |
| |
Common Wisdom | |
| |
| |
Developer Tools | |
| |
| |
Summary | |
| |
| |
Organization | |
| |
| |
Frequently Asked Questions | |
| |
| |
| |
ASN.1 Encoding | |
| |
| |
Overview of ASN.1 | |
| |
| |
ASN.1 Syntax | |
| |
| |
ASN.1 Explicit Values | |
| |
| |
ASN.1 Containers | |
| |
| |
ASN.1 Modifiers | |
| |
| |
Optional | |
| |
| |
Default | |
| |
| |
Choice | |
| |
| |
ASN.1 Data Types | |
| |
| |
ASN.1 Header Byte | |
| |
| |
Classification Bits | |
| |
| |
Constructed Bit | |
| |
| |
Primitive Types | |
| |
| |
ASN.1 Length Encodings | |
| |
| |
Short Encodings | |
| |
| |
Long Encodings | |
| |
| |
ASN.1 Boolean Type | |
| |
| |
ASN.1 Integer Type | |
| |
| |
ASN.1 Bit String Type | |
| |
| |
ASN.1 Octet String Type | |
| |
| |
ASN.1 Null Type | |
| |
| |
ASN.1 Object Identifier Type | |
| |
| |
ASN.1 Sequence and Set Types | |
| |
| |
Sequence of | |
| |
| |
Set | |
| |
| |
Set of | |
| |
| |
ASN.1 PrintableString and IA5STRINGTypes | |
| |
| |
ASN.1 UTCTIME Type | |
| |
| |
Implementation | |
| |
| |
ASN.1 Length Routines | |
| |
| |
ASN.1 Primitive Encoders | |
| |
| |
Boolean Encoding | |
| |
| |
Integer Encoding | |
| |
| |
Bit String Encoding | |
| |
| |
Octet String Encodings | |
| |
| |
Null Encoding | |
| |
| |
Object Identifier Encodings | |
| |
| |
Printable and IA5 String Encodings | |
| |
| |
UTCTime Encodings | |
| |
| |
Sequence Encodings | |
| |
| |
ASN.1 Flexi Decoder | |
| |
| |
Putting It All Together | |
| |
| |
Building Lists | |
| |
| |
Nested Lists | |
| |
| |
Decoding Lists | |
| |
| |
FlexiLists | |
| |
| |
Other Providers | |
| |
| |
Frequently Asked Questions | |
| |
| |
| |
Random Number Generation | |
| |
| |
Introduction | |
| |
| |
Concept of Random | |
| |
| |
Measuring Entropy | |
| |
| |
Bit Count | |
| |
| |
Word Count | |
| |
| |
Gap Space Count | |
| |
| |
Autocorrelation Test | |
| |
| |
How Bad Can It Be? | |
| |
| |
RNG Design | |
| |
| |
RNG Events | |
| |
| |
Hardware Interrupts | |
| |
| |
Timer Skew | |
| |
| |
Analogue to Digital Errors | |
| |
| |
RNG Data Gathering | |
| |
| |
LFSR Basics | |
| |
| |
Table-based LFSRs | |
| |
| |
Large LFSR Implementation | |
| |
| |
RNG Processing and Output | |
| |
| |
RNG Estimation | |
| |
| |
Keyboard and Mouse | |
| |
| |
Timer | |
| |
| |
Generic Devices | |
| |
| |
RNG Setup | |
| |
| |
PRNG Algorithms | |
| |
| |
PRNG Design | |
| |
| |
Bit Extractors | |
| |
| |
Seeding and Lifetime | |
| |
| |
PRNG Attacks | |
| |
| |
Input Control | |
| |
| |
Malleability Attacks | |
| |
| |
Backtracking Attacks | |
| |
| |
Yarrow PRNG | |
| |
| |
Design | |
| |
| |
Reseeding | |
| |
| |
Statefulness | |
| |
| |
Pros and Cons | |
| |
| |
Fortuna PRNG | |
| |
| |
Design | |
| |
| |
Reseeding | |
| |
| |
Statefulness | |
| |
| |
Pros and Cons | |
| |
| |
NIST Hash Based DRBG | |
| |
| |
Design | |
| |
| |
Reseeding | |
| |
| |
Statefulness | |
| |
| |
Pros and Cons | |
| |
| |
Putting It All Together | |
| |
| |
RNG versus PRNG | |
| |
| |
Fuse Bits | |
| |
| |
Use of PRNGs | |
| |
| |
Example Platforms | |
| |
| |
Desktop and Server | |
| |
| |
Consoles | |
| |
| |
Network Appliances | |
| |
| |
Frequently Asked Questions | |
| |
| |
| |
Advanced Encryption Standard | |
| |
| |
Introduction | |
| |
| |
Block Ciphers | |
| |
| |
AES Design | |
| |
| |
Finite Field Math | |
| |
| |
AddRoundKey | |
| |
| |
SubBytes | |
| |
| |
Hardware Friendly SubBytes | |
| |
| |
ShiftRows | |
| |
| |
MixColumns | |
| |
| |
Last Round | |
| |
| |
Inverse Cipher | |
| |
| |
Key Schedule | |
| |
| |
Implementation | |
| |
| |
An Eight-Bit Implementation | |
| |
| |
Optimized Eight-Bit Implementation | |
| |
| |
Key Schedule Changes | |
| |
| |
Optimized 32-Bit Implementation | |
| |
| |
Precomputed Tables | |
| |
| |
Decryption Tables | |
| |
| |
Macros | |
| |
| |
Key Schedule | |
| |
| |
Performance | |
| |
| |
x86 Performance | |
| |
| |
ARM Performance | |
| |
| |
Performance of the Small Variant | |
| |
| |
Inverse Key Schedule | |
| |
| |
Practical Attacks | |
| |
| |
Side Channels | |
| |
| |
Processor Caches | |
| |
| |
Associative Caches | |
| |
| |
Cache Organization | |
| |
| |
Bernstein Attack | |
| |
| |
Osvik Attack | |
| |
| |
Defeating Side Channels | |
| |
| |
Little Help From the Kernel | |
| |
| |
Chaining Modes | |
| |
| |
Cipher Block Chaining | |
| |
| |
What's in an IV? | |
| |
| |
Message Lengths | |
| |
| |
Decryption | |
| |
| |
Performance Downsides | |
| |
| |
Implementation | |
| |
| |
Counter Mode | |
| |
| |
Message Lengths | |
| |
| |
Decryption | |
| |
| |
Performance | |
| |
| |
Security | |
| |
| |
Implementation | |
| |
| |
Choosing a Chaining Mode | |
| |
| |
Putting It All Together | |
| |
| |
Keying Your Cipher | |
| |
| |
Rekeying Your Cipher | |
| |
| |
Bi-Directional Channels | |
| |
| |
Lossy Channels | |
| |
| |
Myths | |
| |
| |
Providers | |
| |
| |
Frequently Asked Questions | |
| |
| |
| |
Hash Functions | |
| |
| |
Introduction | |
| |
| |
Hash Digests Lengths | |
| |
| |
Designs of SHS and Implementation | |
| |
| |
MD Strengthening | |
| |
| |
SHA-1 Design | |
| |
| |
SHA-1 State | |
| |
| |
SHA-1 Expansion | |
| |
| |
SHA-1 Compression | |
| |
| |
SHA-1 Implementation | |
| |
| |
SHA-256 Design | |
| |
| |
SHA-256 State | |
| |
| |
SHA-256 Expansion | |
| |
| |
SHA-256 Compression | |
| |
| |
SHA-256 Implementation | |
| |
| |
SHA-512 Design | |
| |
| |
SHA-512 State | |
| |
| |
SHA-512 Expansion | |
| |
| |
SHA-512 Compression | |
| |
| |
SHA-512 Implementation | |
| |
| |
SHA-224 Design | |
| |
| |
SHA-384 Design | |
| |
| |
Zero-Copying Hashing | |
| |
| |
PKCS #5 Key Derivation | |
| |
| |
Putting It All Together | |
| |
| |
What Hashes Are For | |
| |
| |
One-Wayness | |
| |
| |
Passwords | |
| |
| |
Random Number Generators | |
| |
| |
Collision Resistance | |
| |
| |
File Manifests | |
| |
| |
Intrusion Detection | |
| |
| |
What Hashes Are Not For | |
| |
| |
Unsalted Passwords | |
| |
| |
Hashes Make Bad Ciphers | |
| |
| |
Hashes Are Not MACs | |
| |
| |
Hashes Don't Double | |
| |
| |
Hashes Don't Mingle | |
| |
| |
Working with Passwords | |
| |
| |
Offline Passwords | |
| |
| |
Salts | |
| |
| |
Salt Sizes | |
| |
| |
Rehash | |
| |
| |
Online Passwords | |
| |
| |
Two-Factor Authentication | |
| |
| |
Performance Considerations | |
| |
| |
Inline Expansion | |
| |
| |
Compression Unrolling | |
| |
| |
Zero-Copy Hashing | |
| |
| |
PKCS #5 Example | |
| |
| |
Frequently Asked Questions | |
| |
| |
| |
Message-Authentication Code Algorithms | |
| |
| |
Introduction | |
| |
| |
Purpose of A MAC Function | |
| |
| |
Security Guidelines | |
| |
| |
MAC Key Lifespan | |
| |
| |
Standards | |
| |
| |
Cipher Message Authentication Code | |
| |
| |
Security of CMAC | |
| |
| |
CMAC Design | |
| |
| |
CMAC Initialization | |
| |
| |
CMAC Processing | |
| |
| |
CMAC Implementation | |
| |
| |
CMAC Performance | |
| |
| |
Hash Message Authentication Code | |
| |
| |
HMAC Design | |
| |
| |
HMAC Implementation | |
| |
| |
Putting It All Together | |
| |
| |
What MAC Functions Are For? | |
| |
| |
Consequences | |
| |
| |
What MAC Functions Are Not For? | |
| |
| |
CMAC versus HMAC | |
| |
| |
Replay Protection | |
| |
| |
Timestamps | |
| |
| |
Counters | |
| |
| |
Encrypt then MAC? | |
| |
| |
Encrypt then MAC | |
| |
| |
MAC then Encrypt | |
| |
| |
Encryption and Authentication | |
| |
| |
Frequently Asked Questions | |
| |
| |
| |
Encrypt and Authenticate Modes | |
| |
| |
Introduction | |
| |
| |
Encrypt and Authenticate Modes | |
| |
| |
Security Goals | |
| |
| |
Standards | |
| |
| |
Design and Implementation | |
| |
| |
Additional Authentication Data | |
| |
| |
Design of GCM | |
| |
| |
GCM GF(2) Mathematics | |
| |
| |
Universal Hashing | |
| |
| |
GCM Definitions | |
| |
| |
Implementation of GCM | |
| |
| |
Interface | |
| |
| |
GCM Generic Multiplication | |
| |
| |
GCM Optimized Multiplication | |
| |
| |
GCM Initialization | |
| |
| |
GCM IV Processing | |
| |
| |
GCM AAD Processing | |
| |
| |
GCM Plaintext Processing | |
| |
| |
Terminating the GCM State | |
| |
| |
GCM Optimizations | |
| |
| |
Use of SIMD Instructions | |
| |
| |
Design of CCM | |
| |
| |
CCM B[subscript 0] Generation | |
| |
| |
CCM MAC Tag Generation | |
| |
| |
CCM Encryption | |
| |
| |
CCM Implementation | |
| |
| |
Putting It All Together | |
| |
| |
What Are These Modes For? | |
| |
| |
Choosing a Nonce | |
| |
| |
GCM Nonces | |
| |
| |
CCM Nonces | |
| |
| |
Additional Authentication Data | |
| |
| |
MAC Tag Data | |
| |
| |
Example Construction | |
| |
| |
Frequently Asked Questions | |
| |
| |
| |
Large Integer Arithmetic | |
| |
| |
Introduction | |
| |
| |
What Are BigNums? | |
| |
| |
Further Resources | |
| |
| |
Key Algorithms | |
| |
| |
The Algorithms | |
| |
| |
Represent! | |
| |
| |
Multiplication | |
| |
| |
Multiplication Macros | |
| |
| |
Code Unrolling | |
| |
| |
Squaring | |
| |
| |
Squaring Macros | |
| |
| |
Montgomery Reduction | |
| |
| |
Montgomery Reduction Unrolling | |
| |
| |
Montgomery Macros | |
| |
| |
Putting It All Together | |
| |
| |
Core Algorithms | |
| |
| |
Size versus Speed | |
| |
| |
Performance BigNum Libraries | |
| |
| |
GNU Multiple Precision Library | |
| |
| |
LibTomMath Library | |
| |
| |
TomsFastMath Library | |
| |
| |
Frequently Asked Questions | |
| |
| |
| |
Public Key Algorithms | |
| |
| |
Introduction | |
| |
| |
Goals of Public Key Cryptography | |
| |
| |
Privacy | |
| |
| |
Nonrepudiation and Authenticity | |
| |
| |
RSA Public Key Cryptography | |
| |
| |
RSA in a Nutshell | |
| |
| |
Key Generation | |
| |
| |
RSA Transform | |
| |
| |
PKCS #1 | |
| |
| |
PKCS #1 Data Conversion | |
| |
| |
PKCS #1 Cryptographic Primitives | |
| |
| |
PKCS #1 Encryption Scheme | |
| |
| |
PKCS #1 Signature Scheme | |
| |
| |
PKCS #1 Key Format | |
| |
| |
RSA Security | |
| |
| |
RSA References | |
| |
| |
Elliptic Curve Cryptography | |
| |
| |
What Are Elliptic Curves? | |
| |
| |
Elliptic Curve Algebra | |
| |
| |
Point Addition | |
| |
| |
Point Doubling | |
| |
| |
Point Multiplication | |
| |
| |
Elliptic Curve Cryptosystems | |
| |
| |
Elliptic Curve Parameters | |
| |
| |
Key Generation | |
| |
| |
ANSI X9.63 Key Storage | |
| |
| |
Elliptic Curve Encryption | |
| |
| |
Elliptic Curve Signatures | |
| |
| |
Elliptic Curve Performance | |
| |
| |
Jacobian Projective Points | |
| |
| |
Point Multiplication Algorithms | |
| |
| |
Putting It All Together | |
| |
| |
ECC versus RSA | |
| |
| |
Speed | |
| |
| |
Size | |
| |
| |
Security | |
| |
| |
Standards | |
| |
| |
References | |
| |
| |
Text References | |
| |
| |
Source Code References | |
| |
| |
Frequently Asked Questions | |
| |
| |
Index | |