Gecko Modes

Home page

 

Gecko Architecture

 

Modes: CBC, CTR, ECB, PCBC, CFB, OFB

 

Test Harnesses and Sample programs

 

Downloads

Building the Software

About Gecko

Gecko ships with several encryption modes built-in.

These modes include CBC, CTR, ECB, PCBP, CFB, and OFB.

 

Each mode is #ifdef’ed so no modes but the one you want is included in final product. But the modes are included natively within the Gecko module to provide the best speed and smallest size.

This is because the compiler can eliminate non-local jumps as well as inline the cryptographic methods within the mode (say, CBC,) directly.

Here are the mode implementations for reference.

 

Implementation note: LOCAL is defined as static inline.

 

Native Gecko modes of operation

 

Cipher Block Chaining (CBC)

 

 

Ehrsam, Meyer, Smith and Tuchman invented the Cipher Block Chaining (CBC) mode of operation in 1976. In CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block depends on all plaintext blocks processed up to that point. To make each message unique, an initialization vector must be used in the first block. https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_Block_Chaining_(CBC)

Images By WhiteTimberwolf (SVG version) - PNG version, Public Domain, https://commons.wikimedia.org/w/index.php?curid=26434095

 

LOCAL void GKO_EncryptCBC(GKO_state_t* state, uint8_t* bp)

{

       GKO_XorWithCB(state, bp);                       // initially, this is set to IV

       GKO_Cipher(state, bp, GKO_cipher_forward);      // encrypt

       GKO_SetCB(state, bp);                           // store ciphertext in chaining buffer

}

 

LOCAL void GKO_DecryptCBC(GKO_state_t* state, uint8_t* bp)

{     

       uint8_t ciphertext[GKO_BLOCK_SIZE];             // ciphertext storage

       memcpy(ciphertext, bp, GKO_BLOCK_SIZE);         // backup ciphertext

       GKO_Cipher(state, bp,GKO_cipher_backward);      // decrypt the buffer     

       GKO_XorWithCB(state, bp);                       // XOR the ciphertext chaining buffer

       GKO_SetCB(state, ciphertext);                   // store ciphertext in chaining buffer

}

 

Counter (CTR)

 

 

Note: CTR mode (CM) is also known as integer counter mode (ICM) and segmented integer counter (SIC) mode
Like OFB, Counter mode turns a block cipher into a stream cipher. It generates the next keystream block by encrypting successive values of a "counter". The counter can be any function which produces a sequence which is guaranteed not to repeat for a long time, although an actual increment-by-one counter is the simplest and most popular. The usage of a simple deterministic input function used to be controversial; critics argued that "deliberately exposing a cryptosystem to a known systematic input represents an unnecessary risk."However, today CTR mode is widely accepted and any problems are considered a weakness of the underlying block cipher, which is expected to be secure regardless of systemic bias in its input. Along with CBC, CTR mode is one of two block cipher modes recommended by Niels Ferguson and Bruce Schneier. https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR)

 

 

LOCAL void GKO_EncryptCTR(GKO_state_t* state, uint8_t* bp)

{

       GKO_Cipher(state, GKO_GetCB(state),GKO_cipher_symmetrical); // encrypt IV

       GKO_XorWithCB(state, bp);                // XOR the plaintext with chaining buffer
       GKO_SetCB(
state,GKO_IncIv(state));       // store incremented IV in chaining buffer

}

 

LOCAL void GKO_DecryptCTR(GKO_state_t* state, uint8_t* bp)

{

       // symmetric encryption

       GKO_EncryptCTR(state, bp);

}

 

Electronic Codebook (ECB)

 

  The simplest of the encryption modes is the Electronic Codebook (ECB) mode (named after conventional physical codebooks). The message is divided into blocks, and each block is encrypted separately. https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_Codebook_(ECB)  

 

LOCAL void GKO_EncryptECB(GKO_state_t* state, uint8_t* bp)

{

       GKO_Cipher(state, bp, GKO_cipher_forward);       // encrypt the plaintext

}

 

LOCAL void GKO_DecryptECB(GKO_state_t* state, uint8_t* bp)

{

       // symmetric encryption

       GKO_Cipher(state, bp, GKO_cipher_backward);

}

 

Propagating CBC (PCBC)

 

  The Propagating Cipher Block Chaining or plaintext cipher-block chaining mode was designed to cause small changes in the ciphertext to propagate indefinitely when decrypting, as well as when encrypting. In PCBC mode, each block of plaintext is XORed with both the previous plaintext block and the previous ciphertext block before being encrypted. As with CBC mode, an initialization vector is used in the first block. https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Propagating_Cipher_Block_Chaining_(PCBC)  

 

LOCAL void GKO_EncryptPCBC(GKO_state_t* state, uint8_t* bp)

{

       uint8_t plaintext[GKO_BLOCK_SIZE];        // make a copy of the plaintext

       memcpy(plaintext,bp,GKO_BLOCK_SIZE);

       GKO_XorWithCB(state, bp);                // XOR plaintext with chaining buffer

       GKO_Cipher(state,bp, GKO_cipher_forward);// encrypt

       GKO_SetCB(state, bp);                    // store ciphertext in chaining buffer

       GKO_XorToCB(state, plaintext);           // XOR the chaining buffer with the plaintext

}

 

LOCAL void GKO_DecryptPCBC(GKO_state_t* state, uint8_t* bp)

{     

       uint8_t ciphertext[GKO_BLOCK_SIZE];       // ciphertext storage

       memcpy(ciphertext, bp, GKO_BLOCK_SIZE);   // backup ciphertext

       GKO_Cipher(state,bp,GKO_cipher_backward); // decrypt the buffer  

       GKO_XorWithCB(state, bp);                 // XOR ciphertext with chaining buffer

       GKO_SetCB(state, ciphertext);             // store ciphertext in chaining buffer

       GKO_XorToCB(state, bp);                   // XOR the chaining buffer with the plaintext

}

 

Cipher Feedback (CFB)

 

  The Cipher Feedback (CFB) mode, a close relative of CBC, makes a block cipher into a self-synchronizing stream cipher. Operation is very similar; in particular, CFB decryption is almost identical to CBC encryption performed in reverse. https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_Feedback_(CFB)  

 

LOCAL void GKO_EncryptCFB(GKO_state_t* state, uint8_t* bp)

{   

       GKO_Cipher(state, GKO_GetCB(state),GKO_cipher_symmetrical); // encrypt IV

       GKO_XorWithCB(state, bp);         // XOR plaintext with chaining buffer

       GKO_SetCB(state,bp);              // store ciphertext in chaining buffer

}

 

LOCAL void GKO_DecryptCFB(GKO_state_t* state, uint8_t* bp)

{      uint8_t ciphertext[GKO_BLOCK_SIZE];             // ciphertext storage

       memcpy(ciphertext, bp, GKO_BLOCK_SIZE);         // backup ciphertext

       GKO_Cipher(state, GKO_GetCB(state),GKO_cipher_symmetrical); // decrypt the IV      

       GKO_XorWithCB(state, bp);                       // XOR plaintext with chaining buffer

       GKO_SetCB(state,ciphertext);                    // store ciphertext in chaining buffer

}

 

 

 

 

Output Feedback (OFB)

 

 

The Output Feedback (OFB) mode makes a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext. Just as with other stream ciphers, flipping a bit in the ciphertext produces a flipped bit in the plaintext at the same location. This property allows many error correcting codes to function normally even when applied before encryption.
Because of the symmetry of the XOR operation, encryption and decryption are exactly the same. https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Output_Feedback_(OFB)

 

 

LOCAL void GKO_EncryptOFB(GKO_state_t* state, uint8_t* bp)

{

       uint8_t ciphertext[GKO_BLOCK_SIZE];                           // ciphertext storage

       GKO_Cipher(state, GKO_GetCB(state),GKO_cipher_symmetrical);   // encrypt IV

       memcpy(ciphertext, GKO_GetCB(state), GKO_BLOCK_SIZE);         // backup ciphertext

       GKO_XorWithCB(state, bp);                       // XOR plaintext with chaining buffer

       GKO_SetCB(state,ciphertext);                    // store ciphertext in chaining buffer

}

 

 

LOCAL void GKO_DecryptOFB(GKO_state_t* state, uint8_t* bp)

{      // symmetric encryption

       GKO_EncryptOFB(state, bp);

}