[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Request review of crypto secure sockets
Hi there
I have developed a secure socket protocol using diffie-hellman key
exchanges and a stream cypher.
I was wanting to know if anyone would review the protocol.
The package is called mirrordir:
ftp://ftp.is.co.za/pub/mirrordir
and contains a detailed description of protocol.
The connect and accept scripts for the socket are attached. initarcrd()
and initarcwr() initialise the stream cypher - thereafter all send and
recv's are encrpyted. `type' is the size of the prime.
The signature scheme is the p-NEW signature scheme from Bruce Schneier's,
Applied Cryptography.
Any takers??
TIA
-paul
Obsidian Systems . . . . Linux installations, support, networking
info@obsidian.co.za . . . . . . . . . . . . Tel (+27 11) 792 6500
http://www.obsidian.co.za . . . . . . . . Fax (+27 11) 792 6522
__ __ __ __ __ __ __ __
/ / / // |/ // / / / \ \/ /
/ /_ / // /| // /_/ / \ /
/___//_//_/ |_/ \____/ / \
/_/\_\
/* server connection script, exporting this script from the US
may be in violation of the US munitions export regulations */
Huge *r; Huge *s; Huge *p; Huge *q; Huge *g; Huge *m;
Huge *x; Huge *y; Huge *X; Huge *Y; Huge *k; long l;
long save; long type;
char *c; char *prot;
save = 0;
l = strlen ("dIffIe--HelLmaN\n");
if (recv (&c, l, MSG_PEEK) != l)
return 1;
if (strncmp ("dIffIe--HelLmaN\n", c, l))
return 1;
if (recv (&c, l, 0) != l)
return 0;
if (recv (&prot, 4, 0) != 4)
return 0;
if (prot[0] != 0 || prot[1] != 1)
return 0;
type = prot[2];
if (!(Y = readhuge (0)))
return 0;
l = strlen ("DIfFiE--hEllMan\n");
if (l != send ("DIfFiE--hEllMan\n", l, 0))
return 0;
p = prime (type);
g = 2;
x = random (typesize (type));
X = pow (g, x, p);
if (writehuge (X, 0))
return 0;
m = pow (Y, x, p);
huge2bin (m, &c, &l);
initarcrd (c + l / 2, l / 2);
initarcwr (c, l / 2);
/* x assumes a new meaning here: the hosts private signature key */
x = 0;
y = 0;
if (loadkeys (&x, &y, type))
return 0;
if (!x) {
x = pow (g, random (typesize (type)), p);
save = 1;
}
if (!y) {
y = pow (g, x, p);
save = 1;
}
writehuge (y, 1);
if (save)
savekeys (x, y, type);
/* p-NEW signature scheme by Nyberg and Rueppel */
q = p >> 1;
k = random (typesize (type)) % q;
r = (m * pow (g, (p - 1) - k, p)) % p;
s = k - (((r % q) * x) % q);
if (s < 0)
s = p - 1 + s;
if (writehuge (r, 1))
return 0;
if (writehuge (s, 1))
return 0;
return 1;
/* client connection script, exporting this script from the US
may be in violation of the US munitions export regulations */
Huge *r; Huge *s; Huge *p; Huge *q; Huge *g;
Huge *m; Huge *x; Huge *y; Huge *X; Huge *Y;
long l; long type;
char *c; char *prot;
l = strlen ("dIffIe--HelLmaN\n");
if (l != send ("dIffIe--HelLmaN\n", l, 0))
return 0;
prot = "1234";
prot[0] = 0;
prot[1] = 1;
type = typeoption ();
prot[2] = type;
prot[3] = 0;
if (send (prot, 4, 0) != 4)
return 0;
p = prime (type);
g = 2;
y = random (typesize (type));
Y = pow (g, y, p);
if (writehuge (Y, 0))
return 0;
l = strlen ("DIfFiE--hEllMan\n");
if (recv (&c, l, 0) != l)
return 1;
if (strncmp ("DIfFiE--hEllMan\n", c, l))
return 1;
if (!(X = readhuge (0)))
return 0;
m = pow (X, y, p);
huge2bin (m, &c, &l);
initarcrd (c, l / 2);
initarcwr (c + l / 2, l / 2);
x = 0;
y = 0;
if (!(y = readhuge (1)))
return 0;
if (checksavedkey (y, type))
return 0;
if (!(r = readhuge (1)))
return 0;
if (!(s = readhuge (1)))
return 0;
q = p >> 1;
/* signature equation */
if (m != (((pow (g, s, p) * pow (y, r % q, p)) % p * r) % p))
return 0;
return 1;