OS/2 Shareware BBS: 10 Tools

home *** CD-ROM | disk | FTP | other *** search

/ OS/2 Shareware BBS: 10 Tools / 10-Tools.zip / cactus.zip / cactus.doc next >

Wrap

Text File | 1996-04-17 | 17KB | 393 lines

************* CACTUS ************* Crypto Algorithm Construction Tool ********************************** CACTUS ------ CACTUS is a set of C++ classes for the construction of strong proprietary cipher algorithms. Content of this package ----------------------- This test and shareware package contains a description of the CACTUS classes and a set of programs for the demonstration of its use. The programs are designed as demos. They are fully functional but do not have any error handling. The user has to take care for proper usage. The following programs are compiled with WATCOM C/C++ 10.5a for DOS and OS/2. The source code for the main files is attached to demonstrate the use of the CACTUS class. - RNG.EXE Random Number Generator RNG produces an file with random bytes (0 ... 255) Usage: RNG <file.name> <file.length> <preruns> [<seed>] The first three parameters are mandatory, the seed is optional. RNG can be used to produce key files. It is recommended to use another CACTUS.PAR file for producing the key file then for the encryption of files, when the same key file is used as key. - FCRYPTX.EXE File encryption/decryption Usage: FCRYPTM -e|d <plain.file> <crypt.file> -e for encryption, -d for decryption - FCRYPTM.EXE File encryption/decryption includes a kind of MIME coding to produce a printable crypt file. Usage: FCRYPTM -e|d <plain.file> <crypt.file> - STRCRYPT.EXE String encryption/decryption with some kind of MIME coding. STRCRYPT returns the plain and the crypted string. Usage: STRCRYPT -e|d <string> -e encrypts the string, -d decrypts the string. STRCRYPT can be used to generate passwords from user names. Only for OS/2 and compiled with IBM VAC++ 3.0 is: - PMCactus.exe A PM based clipboard encryptor/decryptor. A marked text of any PM application can be copied or cut to the clipboard, then be encrypted and placed back into the application encrypted form. Decryption works the same way. The original text and the modified text (encrypted/ decrypted) are shown in two windows and can be control before they are placed into the application. To make the encrypted text printable, some kind of MIME coding is used. No editing should be done on the encrypted text. Any insertion or deletion of characters makes decryption impossible. When marking encrypted text for decryption, the marked block should start with '###' and end with ###'. No error detection is build in. I have tested it with DeScribe 5.0, MESA, Lotus 123G and several text processors. PMCactus is usefull to secure in an easy way some parts of a file or to authenticate an signature. As mentioned earlier, all these programs are added only to demonstrate the use of the CACTUS classes. The main object is the set of the C++ classes. The programs get their parameters for the cipher algorithm from a parameter file. An example is included (CACTUS.PAR). The programs look for the location of this file in the environment parameter CACTUSPAR. You have to set this parameter in the AUTOEXEC.BAT: SET CACTUSPAR=c:\cactus\cactus.par. Another environment parameter can be set: CACTUSKEY. With CACTUSKEY one can set the key to be used by the programs. Usage: SET CACTUSKEY=c:\cactus\cactus.key. If no key file is specified in CACTUSKEY, all key and message key bytes will be set to 0. RNG.EXE has the possibility to add a seed to the key. The seed is XORed with the key file bytes. If the seed is shorter then the required length, the seed will be repeated. The CACTUS classes ------------------ There are 3 elementary classes for the construction of any cipher algorithm: - MiShiftReg A shift register of variable length, and a set of three feedback taps. Public members: void MiShiftReg::initiate(unsigned len,int t1,int t2,int t3) initialiates the shift register with length and the three taps. void MiShiftReg::reset(unsigned len,int t1,int t2,int t3) resets the shift register to the original stage. void MiShiftReg::set(unsigned pos, char val) sets one byte in the shift register. This can be used for initialization or distortion. void MiShiftReg::rotate(char dist, unsigned count) rotates the shift register _count_ times and XORS the tap bytes with the distortion byte _dist_. char MiShiftReg::output() output of the byte at position 0. - MiTable A lookup table with one byte output for one byte input. Public members: void MiTable::MiTable() Constructor for the 256 byte array of the table. void MiTable::fill(char i1, char i2, char i3, char i4, char i5,char i6) fills the table based on the 5 input bytes and a fixed table. void MiTable::set(unsigned pos, char val) sets one byte of the table. Can also be used to fill the table. void MiTable::manipulate(char i1,char i2, char i3,char i4) manipulates the table based on the 4 input bytes and a fixed table. An extra manipulation of the table. char MiTable::output(unsigned in) output of the looked up byte. - MiCombiner A combiner with 8 bytes input and one byte output. The combiner uses one bit of each input byte to generate the output byte. The bit selection of the input bytes can be changed. Public members: void MiCombiner::set(char in) changes the sequence of the input byte bit selection. void MiCombiner::reset() resets the combiner to the original stage. char MiCombiner::output(char * reg) output of one byte after input of an 8 byte array. Using these basic classes I have designed the CACTUS class as a complete algorithm: - MiCactus A complete cipher algorithm Public members: unsigned long lenall the sum of all shift register lengths. This sum is calculated during initialization based on the input from CACTUS.PAR. void MiCactus::MiCactus() Constructor which also checks the registration from CACTUS.PAR. void MiCactus::initiate(char * key,char * msk) initialization of the shift registers with _key_ and _message_key_. The user has to take care that key is an array of char with length _lenall_ and msk is an array of char with length _256_. void MiCactus::reset(char* key, char * msk) resets the algorithm. char MiCactus::gen_byte() generates one crypto byte. The use of the class members can be seen in the demonstration files. Description of the CACTUS algorithm ----------------------------------- CACTUS consists of - 5 shift registers. The length and the 3 taps each can be set in the CACTUS.PAR file. This feature is only for the registered users. The unregistered version has fixed lengths and taps. - 1 combiner The combiner combines the 8 first bytes of the shift registers to one byte. The presetting for the combiner is fixed. It can only be changed in the source code. - 11 tables table[0]... table[7] get input from byte[0] of the next shift register and their output is XORed with byte[0] of the shift register. The resulting byte is used for feedback to the taps. table[8] gets one byte from the combiner and produces the output byte. table[9] gets the same byte from the combiner as table[8] and the output of table[9] controls the change of input byte bit selection of the combiner and controls table[10]. table[10] controls with each output bit the rotation steps of the shift registers. The filling parameters of the tables are taken from CACTUS.PAR. These parameters can be changed in the registered and unregistered version. The configuration is as follows: 8 times this configuration of a shift register: =============================================================================== ----------------------------------- combiner[0]<- | shiftreg[0] | <- bit[0] from table[10] 0---------------------------------- if 0: one rotation step | ^ ^ ^ taps 1...3 1: two rotation steps | |_____|_______| | | ------------> XOR ^ table[0] ^ | byte[0] from table[1] . . . . ----------------------------------- combiner[7]<- | shiftreg[7] | <- bit[7] from table[10] 0---------------------------------- if 0: one rotation step | ^ ^ ^ taps 1...3 1: two rotation steps | |_____|_______| | | ------------> XOR ^ table[7] ^ | byte[0] from table[0] =============================================================================== The output and control looks like: =============================================================================== combiner[0] | <- shiftreg[0][0] | <- table[10],0 combiner[1] | <- shiftreg[1][0] | <- table[10],1 combiner[2] | <- shiftreg[2][0] | <- table[10],2 output <-table[8]<-- combiner[3] | <- shiftreg[3][0] | <- table[10],3 table[9]<-- <- combiner[4] | <- shiftreg[4][0] | <- table[10],4 | combiner[5] | <- shiftreg[5][0] | <- table[10],5 | combiner[6] | <- shiftreg[6][0] | <- table[10],6 | combiner[7] | <- shiftreg[7][0] | <- table[10],7 | ^ ^ | | changes the combiner |controls | | |table[10] |________________|________________________________| =============================================================================== The rotation of the shift registers is done in sequence 0 to 7. Hence the distortion byte from the next shift register is the same for one or two rotation steps. Initialization of the CACTUS algorithm -------------------------------------- The constructor of CACTUS reads all parameters from the file CACTUS.PAR and checks the username and registration number. - the tables are filled using the 5 parameters from CACTUS.PAR and a fixed table. - the shift registers are filled in sequence with the key bytes, which are XORed with the message key bytes. - a number of _prerun_ steps are done. The number of steps is taken from CACTUS.PAR. Unregistered version do 256 steps. - optional a manipulation of the tables can be done using the output from the crypto generator (only for registered users). - again _prerun_ steps of prerun. Now CACTUS is ready for output. For encryption or decryption the output is XORed with the plain or ciphered text in an application program. The reset function of CACTUS can be used to do extra preruns, for reset or to set the crypto generator to some starting point to keep synchronization in a multi session environment. Restrictions for the unregistered test version ---------------------------------------------- - The lengths and the taps of the shift registers are fixed. The total length of all shift registers is 404. - Prerun count is fixed to 256. - Table manipulation off. - Registration reminder in the programs. The restrictions do not reduce the security. One can test the quality of the algorithm with the pseudo random output of RNG.EXE. Registration scheme ------------------- The basic registration for using the programs of this package with all features of CACTUS.PAR is US$10.- Online registration via CompuServe is prefered (GO SWREG # 11105). I will send the registration number by E-Mail. Source code of the header file CACTUS.HPP is US$50.-. Registration via CIS (GO SWREG 5 times and an E-Mail to me for notification. The source code will be sent via CIS or internet. Tayloring of applications to customer needs on request. Also available: QUIPU V1.2 for OS/2 and DOS Full featured file encryption with QUIPU algorithm, which is more complex then CACTUS. Key length of 1632 bytes. Optional file dependend random message key of 256 bytes. Name and CRC of the original file are encrypted in the encrypted file. Compression is included. Authentication of the decrypted file by 32 bit CRC. Much faster then QUIPU V1.1. US$ 15.- for delivery over CIS or internet. My address: INFOQUEST Michael Mieves Wessobrunner Weg 1 D-82407 Wielenbach Germany CIS: 100334,142 E-Mail: mieves@ibm.net mieves@t-online.de ----------------------------------------------------------------------------- At the end of all: Why CACTUS????? We have already some good ciphers DES PGP IDEA and many more... The more a crypto algorithm is used on the world the more profit does a hacker get for his effort when he breaks it. It is not profitable for him to try breaking a rarely used and strong crypto algorithm. One might change his CACTUS crypro algorithm every day by changing his CACTUS.PAR file. CACTUS is an example for what can be done with the base classes. Using the source code any other crypto algorithm can be constructed in short time, optimized for speed, complexity or whatever else. CACTUS is best used for - securing sensitive files on a PC, - for securing the communication traffic in closed user groups, - for generating random byte files, - creation of passwords or registration codes, - for authentications. The advantage of CACTUS over other algorithms is the easy change of all parameters of the algorithm - not only the key - by a parameter file. ********************* Important legal aspect ******************************* * * * Most probably CACTUS falls under US governments ITAR regulations. Others * * then US or Canadian Citizens should get CACTUS from a server outside * * of Northamerica to avoid illegal export from the US. * * * * Encryption is prohibited in some countries (i.e. France) without * * permission from the government. * * * ****************************************************************************