| Andrew Cooke | Contents | Latest | RSS | Twitter | Previous | Next

C[omp]ute

Welcome to my blog, which was once a mailing list of the same name and is still generated by mail. Please reply via the "comment" links.

Always interested in offers/projects/new ideas. Eclectic experience in fields like: numerical computing; Python web; Java enterprise; functional languages; GPGPU; SQL databases; etc. Based in Santiago, Chile; telecommute worldwide. CV; email.

Personal Projects

Lepl parser for Python.

Colorless Green.

Photography around Santiago.

SVG experiment.

Professional Portfolio

Calibration of seismometers.

Data access via web services.

Cache rewrite.

Extending OpenSSH.

C-ORM: docs, API.

Last 100 entries

Discover new movies on demand in our online cinema; Tasting; Credit Card Processing for Cat Soft LLC; Apple + Kiwi Jam; Hit Me; Increase Efficiency with GPS Vehicle Tracking for Cat Soft LLC; Sudoku - CSP + Chaos; Recycling Electronics In Santiago; Vector Displays in OpenGL; Call Center Services for Cat Soft LLC; And Anti-Aliased; OpenGL - Render via Intermediate Texture; And Garmin Connect; Using Garmin Forerunner 230 With Linux; Payroll Service Quotes for Cat Soft LLC; (Beating Dead Horse) StackOverflow; Current State of Justice in China; Now Is Cat Soft LLC's Chance To Save Up To 32% On Mail; Axiom of Determinacy; Ewww; Fee Chaos Book; Course on Differential Geometry; Increase Efficiency with GPS Vehicle Tracking for Cat Soft LLC; Okay, but...; Sparse Matrices, Deep Learning; Sounds Bad; Applebaum Rape; Tomato Chutney v4; Have to add...; Culturally Liberal and Nothing More; Weird Finite / Infinite Result; Your diamond is a beaten up mess; Maths Books; Good Bike Route from Providencia / Las Condes to Panul\; Iain Pears (Author of Complex Plots); Plum Jam; Excellent; More Recently; For a moment I forgot StackOverflow sucked; A Few Weeks On...; Chilean Book Recommendations; How To Write Shared Libraries; Jenny Erpenbeck (Author); Dijkstra, Coins, Tables; Python libraries error on OpenSuse; Deserving Trump; And Smugness; McCloskey Economics Trilogy; cmocka - Mocks for C; Concept Creep (Americans); Futhark - OpenCL Language; Moved / Gone; Fan and USB issues; Burgers in Santiago; The Origin of Icosahedral Symmetry in Viruses; autoenum on PyPI; Jars Explains; Tomato Chutney v3; REST; US Elections and Gender: 24 Point Swing; PPPoE on OpenSuse Leap 42.1; SuperMicro X10SDV-TLN4F/F with Opensuse Leap 42.1; Big Data AI Could Be Very Bad Indeed....; Cornering; Postcapitalism (Paul Mason); Black Science Fiction; Git is not a CDN; Mining of Massive Data Sets; Rachel Kaadzi Ghansah; How great republics meet their end; Raspberry, Strawberry and Banana Jam; Interesting Dead Areas of Math; Later Taste; For Sale; Death By Bean; It's Good!; Tomato Chutney v2; Time ATAC MX 2 Pedals - First Impressions; Online Chilean Crafts; Intellectual Variety; Taste + Texture; Time Invariance and Gauge Symmetry; Jodorowsky; Tomato Chutney; Analysis of Support for Trump; Indian SF; TP-Link TL-WR841N DNS TCP Bug; TP-Link TL-WR841N as Wireless Bridge; Sending Email On Time; Maybe run a command; Sterile Neutrinos; Strawberry and Banana Jam; The Best Of All Possible Worlds; Kenzaburo Oe: The Changeling; Peach Jam; Taste Test; Strawberry and Raspberry Jam; flac to mp3 on OpenSuse 42.1; Also, Sebald; Kenzaburo Oe Interview; Otake (Kitani Minoru) move Black 121

© 2006-2015 Andrew Cooke (site) / post authors (content).

Using AES CTR mode with Java / Clojure

From: andrew cooke <andrew@...>

Date: Sun, 27 May 2012 08:49:45 -0400

I needed to generate a sequence of "random" bytes and, for various reasons I
won't get into here, decided that running AES in CTR mode would be the best
solution.

Background:
https://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29

The general procedure is described in detail in RFC2686, along with some test
vectors (thanks!) - http://www.ietf.org/rfc/rfc3686.txt - but it wasn't clear
to me how this mapped to the Java Cipher API.

It turns out that you need to do the following:

 - create a cipher instance for AES/CTR/NoPadding
 - create the CTRBLK as described in the RFC
 - initialise the cipher with CTRBLK as the IV
 - encoding blocks of zero bytes then returns the key stream

The two main sources fo confusion are:

 - What the RFC calls the CTRBLK is what Java calls the IV (what RFC calls
   the IV is the central 8 bytes of the Java IV).

 - Java automatically increments CTRBLK on successive calls to update.

And I verified all this by testing against the 128-bit test vectors in the
RFC (that is the ONLY verification made - I have not looked at any source and
I am not an expert at this...).


Here is the equivalent Clojure code (cut+pasted from a more complete module
that I will be releasing soon - you can see the code at
https://github.com/andrewcooke/particl/blob/master/src/cl/parti/random.clj):

(ns cl.parti.random
  (:use (cl.parti utils))
  (:import javax.crypto.Cipher)
  (:import javax.crypto.spec.SecretKeySpec)
  (:import javax.crypto.spec.IvParameterSpec)
  (:import java.security.MessageDigest))


;; Constants for AES in counter mode.

(def ^:private CIPHER "AES")
(def ^:private CIPHER_SPEC (str CIPHER "/CTR/NoPadding"))
(def ^:private BLOCK_SIZE 16)
(def ^:private NONCE_SIZE 4)
(def ^:private IV_SIZE 8)
(def ^:private CTR_SIZE 4)
(def ^:private KEY_SIZE 16)

(def ^:private ^{:doc "The hash used for nonce and IV."} HASH "SHA-1")


;; ## Basic counter mode operation
;;
;; The general approach follows
;; [RFC3686](http://www.faqs.org/rfcs/rfc3686.html), except that Java
;; handles the increment of the counter.

(def ^:private ^{:doc "An array of zeroes; used as the 'plaintext' since we
want to access the key stream."}
  BLANK (byte-array BLOCK_SIZE (byte 0)))

(defn- stream-blocks
  "Run the given cipher, generating a lazy stream of blocks.  The underlying
  Java code increments the counter after each loop, generating a lazy stream
  of blocks."
  [cipher]
  (lazy-seq
    (let [block (.update cipher BLANK)]
      (cons block (stream-blocks cipher)))))

(defn- stream-bytes
  "Convert a stream of blocks to a stream of bytes.

  The first form re-calls with the head block and a zero offset.

  The second form recurses through the available bytes in the block and
  then re-calls with the remaining blocks."
  ([blocks] (stream-bytes (first blocks) 0 (rest blocks)))
  ([block i blocks]
    (lazy-seq
      (if (= i BLOCK_SIZE)
        (stream-bytes blocks)
        (cons (nth block i) (stream-bytes block (inc i) blocks))))))

(defn- init-ctrblk
  "Create a counter block with CTR set to 1 (lsb)."
  [nonce iv]
  (byte-array
    (for [i (range BLOCK_SIZE)]
      (let [j (- i NONCE_SIZE)]
        (cond
          (< i NONCE_SIZE) (nth nonce i)
          (< j IV_SIZE) (nth iv j)
          (not= i (dec BLOCK_SIZE)) (byte 0)
          :else (byte 1))))))

(defn stream-aes-ctr
  "Generate a stream of bytes from the initial data, using AES in counter
  mode.

  This is tested against the three 128-bit test vectors in
  [RFC3686](http://www.faqs.org/rfcs/rfc3686.html) - the bytes returned
  match those expected for the key stream."
  [key nonce iv]
  (let [cipher (Cipher/getInstance CIPHER_SPEC)
        key (SecretKeySpec. key CIPHER)
        ctrblk (init-ctrblk nonce iv)]
    (do (.init cipher Cipher/ENCRYPT_MODE key (IvParameterSpec. ctrblk))
      (stream-bytes (stream-blocks cipher)))))


Andrew

Comment on this post