Monocypher - data encryption and decryption

-

 Monocypher is an open-source BSD licensed project that has great data encryption and decryption capability for embedded systems. Here is a short simple engineer view on how to make it work.

Sequence diagram

In the image is a sequence diagram that described how to securely exchange data works in one way from server to client.
nonce, mac, secure key, shared key

Explaining the keywords

secret key -  a pre-shared key that needed to be exchanged between client and server in a secure manner before communication started. A secret key can also be referenced as a private client and a private server key.

client public key - the key that client has generated (calculated) from a pre-shared key that can be publicly shared. Alone it doesn't have any valuable value. It is sent to the server where the server can use it to calculate a shared key.

server public key - the key that server has generated (calculated) from a pre-shared key that can be publicly shared. Alone it doesn't have any valuable value. It is sent to the client where the client can use it to calculate a shared key.

shared key - is the only key that is used for data encryption and decryption. It is a newly generated key after the client and server exchange their public keys. The shared key is the same for both client and the server. The client will calculate it by using pre-shared and server public key while sever will do it by using pre-shared key and client public key. 

mac - message authentication code that helps the client to be sure that data arrives from the server from which we received the public key in case the package was intercepted and changed. Mac is generated together with the encrypted messages. 

nonce - is an arbitrary number that needs to be provided for the encryption mechanism to work. It is not necessary to be random but it is very important that each data encryption never has the same nonce value.  In other words, each time using an encryption function, nonce must have a unique value. It is sent together with encrypted data and mac to the client for data decryption.

Sequence diagram with Monocypher functions

Monocypher, encryption, decryption, security, nonce, mac, secure key, shared key, chiper, plane, crypto_lock, crypto_unlock, crypto_key_exchange_public_key, crypto_key_exchange

Diagram explains the order of functions to call to do a crypto key exchange so both client and server have the same shared key. The size of mac is always 16 bytes while for the nonce is always 24 bytes.
The size of data is arbitrary, and the example is used 2 bytes. The size of keys is fixed to 32 bytes. 

Comments

Post a Comment

Popular posts from this blog

AUTOSAR and CRC calculation

-
Image
If you find yourself reading AUTOSAR document Specification of CRC Routines you are probably looking for a solution on how to implement it in your code. This is short instruction without explaining how CRC works. It includes working CRC code with examples from the mentioned documentation. Explanation of CRC8 CRC 8 it means, the polynomial of CRC is 8 bit long.  Explaining chapter 7.2.1: CRC result width - it is the return value, it says it is 8 bits long Polynomial - this value is used to calculate CRC. In this case, it is 0x1D Initial value - CRC calculation start with this value. It is usually all F's or zeros.  Input data reflection - it says if the data which you want to do CRC need to be reflected or not. Example of data reflection: hex: 0x73 or binary: 1110011, reflected value is: 1100111 or hex 0x67 Result data reflected - same as input data, but the only result is reflected XOR value - result value need to be XOR-ed with this value before is r
Read more

Flashing/debugging/running code at external memory in the memory-mapped mode

-
Image
  STM32 microcontrollers have special capabilities running code directly from external flash. To make it possible STM32 made a special set of instructions called memory-mapped mode where the microcontroller is reading instructions from the external flash. Since to read data from an external flash can take some time there is QSPI protocol witch basically four wires used as SPI MISO (Master Input Slave Output) to make throughput 4x time faster than classical SPI.   Figure 1 - Illustration of STM32H750 connected to W25Q128JV 
Read more

Debugging EK-TM4C123GXL with Visual Studio Code on Linux

-
Image
If you have TM4C123G LaunchPad Evaluation Kit and you like Visual Studio Code here is how to setup debugging on this board. This is the tutorial how to do that on clean Ubuntu 16.04 LTS. ARM GCC Compiler Setup Download the latest GCC cross compiler for the ARM from here:  https://launchpad.net/gcc-arm-embedded/+download In the time of writing this text, the last one is    gcc-arm-none-eabi-5_4-2016q3-20160926-linux.tar.bz2 Run this commands in Linux console. wget https://launchpad.net/gcc-arm-embedded/5.0/5-2016-q3-update/+download/gcc-arm-none-eabi-5_4-2016q3-20160926-linux.tar.bz2 tar -jxf gcc-arm-none-eabi-5_4-2016q3-20160926-linux.tar.bz2 rm gcc-arm-none-eabi-5_4-2016q3-20160926-linux.tar.bz2 exportline="export PATH=$HOME/gcc-arm-none-eabi-5_4-2016q3/bin:\$PATH" echo $exportline >> ~/.profile source ~/.profile sudo dpkg --add-architecture i386 sudo apt-get update sudo apt-get install libc6:i386 lib32ncurses5 Without i386 architecture you will
Read more