Saphe Implementation - CryptoStuff

Overview

This code implements the various cryptographic functions required by the Saphe solution, which relies on the cryptographic 'primitives' AES and SHA-1.

These functions include:

AES in CFB mode

  • AESCryptExpandKey - converts a given key to an easy-to-use context
  • AESCFBEncrypt - encrypts a given buffer using a context and an initialization vector
  • AESCFBDecrypt - decrypts a given buffer using a context and an initialization vector

CFB mode is used for two reasons:

  • It is in effect a stream cipher, which allows the encryption/decryption of any size of data without requiring padding
  • It is resistant to 'known plain' attacks (in this kind of attack a new 'encrypted' block can be forged from an original one if the corresponding plain block is known)

Simple variable-size SHA-1 calculation

  • SHA1 - simple and easy to use

HMAC calculation

  • SHA1_HMAC - calculates the HMAC of a given data buffer using a given key

HMAC is actually a one-way-function that involves a secret 'encryption' key in the hash calculation. This allows only an entity with knowledge of this key to calculate the hash, effectively creating a digital signature that helps to detect changes made to the data it signs on.

Key derivation

  • DeriveKey - derives the key using the password and client and server challenges

The key derivation process is based on the PBKDF1 proposed scheme. It generates the key by applying the SHA-1 function for many-many iterations over a basic buffer consisting of the user's password, his randomly generated client-challenge and the server's randomly generated challenge.

The great number of iterations (with no computational 'shortcuts') guarantees that the CPU will work hard to derive the key from the password, which will make any offline-enumeration attempts not feasible (assuming that the server enforces a strict password policy that sifts 'weak' passwords). However, this delay causes only minor nuisance for the user and the real server.

The current number of iterations (1000000) results in more than 1 second for a deriving a single key (from a single password) on an average home PC. This number can be increased, of course.

Source code

Back to Saphe implementation page

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License