DiceLock Security Blog

DiceLockIVDigestedOMCheck is a Linux C++ program to verify that DiceLockIVDigested class implementing one of DiceLock different architectures is working as expected.

DiceLockIVDigested class is the class that implements DiceLock architecture with the following characteristics:
– base encryption cipher/decipher is any symmetric cipher (stream cipher or block cipher operation mode) working with symmetric key, and initialization vector (IV) are needed,
– any hash digest algorithm is used to generate message hash digest from plaintext to be encrypted,
– ciphertext plus ciphered hash digest of plaintext is checked for random number test properties,
– any function that is able to change original symmetric key with new values,
– bit random number tests that can verify that encrypted ciphertext is at random.

Current algorithm classes that can be used with DiceLockIVDigested architecture are:

– as base encryption cipher/decipher:

– hash digest algorithms: Sha 1, Sha 224, Sha 256, Sha 384, Sha 512, Ripemd 128, Ripemd 160, Ripemd 256, Ripemd 320, Md 2, Md 4 and Md5,
– symmetric key changers: IncreaseKeyModifier_6_0_0_1 and DecreaseKeyModifier_6_0_0_1,
– random number tests: Frequency, Block Frequency, Cumulative Sum Forward, Cumulative Sum Reverse, Runs, Longest Run Of Ones, Rank, Universal, Approximate Entropy, Serial, Discrete Fourier Transform tests and random number test Suite with any or all previous enumerated random number tests.

Because of so many alternative encryption/decryption engines can be used, we have split DiceLockIVDigested class tests in two main C++ program tests:
– DiceLockIVDigestedNoOMCheck C++ Source Code program making use of stream ciphers, and
– DiceLockIVDigestedOMCheck C++ Source Code program making use of block cipher operation modes with multiple block ciphers.

In this test we verify DiceLockIVDigestedOMCheck C++ Source Code program making use of block ciphers and block cipher operation modes with the configuration shown below.

In this test we have selected this DiceLock configuration:

DiceLock class: DiceLockIVDigested
Encryption block cipher operation mode: CBC Cipher Block Chaining operation mode
Encryption block cipher: AES 192 block cipher
Hash algorithm: Ripemd 160 hash digest algorithm
Random number test: Frequency
Random number test: Block Frequency
Random number test: Cumulative Sum Forward
Random number test: Longest Run of Ones
Random number test: Runs
All random number test significance level: Alpha = 0.001 (confidence level of 99.9 %)
Symmetric key modifier class: IncreaseKeyModifier_6_0_0_1 key modifier
Bit stream class: PhysicalCryptoRandomStream bit data stream

PhysicalCryptoRandomStream class makes use of mlock that uses physical nonpaged memory, so memory is not swapped to hard disk.
In order to use PhysicalCryptoRandomStream class the process must be privileged (CAP_IPC_LOCK) in order to lock memory, and since Linux 2.6.9, no limits are placed on the amount of memory that a privileged process can lock and the RLIMIT_MEMLOCK soft resource defines the limit on how much memory an unprivileged process may lock.

With CBC operation mode all three implemented crypto pad systems (ANSI X.923, ISO/IEC 9797-1 and PKCS7) are used. They are selected on a random basis and such election is logged only when a recipher is performed over the text being randomized-encrypted.

At post bottom there are C++ Source Code links to all DiceLock cipher files being used to perform this configuration test.

Execution call has been:
Click here if you want to read more on … DiceLock-x 8.0.0.1 for Linux – DiceLockIVDigested cipher architecture configuration selecting CBC Cipher Block Chaining operation mode with AES 192 block cipher, Ripemd 160 hash digest algorithm and Random Test Suite with Frequency, Block Frequency, Cumulative Sum Forward, Longest Run Of Ones and Runs random number tests, using IncreaseKeyModifier_6_0_0_1 key modifier, PhysicalCryptoRandomStream bit data stream