roottk

ROOT Toolkit مجموعة أدوات متطورة

α Command-line ECC Integrated Security Suite

Multi purpose cross-platform hybrid cryptography tool for symmetric and asymmetric encryption, cipher-based message authentication code (CMAC), parallelizable message authentication code (PMAC), recursive hash digest, hash-based message authentication code (HMAC), HMAC-based key derivation function (HKDF), password-based key derivation function (PBKDF2/Scrypt), digital signature (ECDSA/EdDSA/ECGOST), shared key agreement (ECDH/X25519/VKO) and TLS 1.2 instant server for small or embedded systems.

I. Asymmetric الخوارزميات:

• I.I. ECC Bit-length Equivalence

  Symmetric Key Size	RSA and DSA Key Size	ECC Key Size
  80	1024	160
  112	2048	224
  128	3072	256
  192	7680	384
  256	15360	512

• I.II. 256-bit> Public Key Algorithms

  Algorithm	256	512	ECDH	ECDSA	Encryption	TLS
  BN	O	O	O	O	O
  Brainpool	O	O	O	O	O
  ECDSA	O		O	O	O	O
  Ed25519	O		O	O		O
  FRP256v1	O		O	O	O
  GOST2001	O		O	O	O
  GOST2012	O	O	O	O	O	O
  Koblitz	O		O	O	O
  NUMS	O	O	O	O	O
  Oakley256	O		O	O	O
  RSA						O
  SM2	O		O	O	O	O
  SM9	O		O	O	O

• I.III. 192-bit< Public Key Algorithms (for IoT devices)

  Algorithm	128	160	192	ECDH	ECDSA	Encryption
  Brainpool		O	O	O	O	O
  Koblitz		O	O	O	O	O
  Oakley192			O	O	O	O
  ANSI x9.62			O	O	O	O
  SEC2v1	O	O	O	O	O	O
  WapiP192			O	O		O
  WTLS9		O		O	O	O

II. Symmetric الخوارزميات:

• II.I. KDF Equivalence Funksioni i derivimit të çelësit

  Method	Iter	Iter	Iter	Iter	Iter	Iter
  PBKDF2	4000	8000	10000	20000	40000	80000
  Scrypt	1	2	4	8	16	32

• II.II. Stream Ciphers التشفيرات تيار Shifra e Transmetimit

  Cipher	Key Size	IV	Modes
  Ascon 1.2	128	-	AEAD Stream Cipher
  Grain128a	128	-	AEAD Stream Cipher
  Chacha20Poly1305³	256	-	AEAD Stream Cipher
  Rabbit (RFC 4503)	128	64	XOR
  Salsa20	128 to 256	192	XOR
  Shannon	256	-	MAC+XOR
  Skein512	128 to 1024	256	XOR
  Trivium	80	80	XOR
  KCipher2	128	128	XOR
  HC128	128	128	XOR
  HC256	256	256	XOR
  Snow3G (UEA2/UIA2)	128	-	MAC+XOR
  ZUC-128 (EEA3/EIA3)	128	128	MAC+XOR
  ZUC-256	256	184	MAC+XOR

  • Confidentiality algorithm 128-EEA3 and the 3GPP integrity algorithm 128-EIA3.
  • Confidentiality algorithm 256-EEA and the 5G integrity algorithm 256-EIA.
  • Confidentiality algorithm 128-UEA2 and the 3GPP integrity algorithm 128-UIA2.
  • Trivium stream cipher ISO/IEC 29192-3:2012.

• II.III. Modes of Operation for Block Ciphers أوضاع التشغيل لكتلة الأصفار Mënyra e funksionimit për shifrat e bllokut

  Mode		Blocks	Keys
  CCM	Counter w/ CBC-MAC (AEAD)	128	128/192/256
  EAX	Encrypt-Authenticate-Translate	128	128/192/256
  GCM	Galois/Counter Mode (AEAD)	128	128/192/256
  MGM	Multilinear Galois Mode (AEAD)	64/128	Any
  OCB	Offset Codebook Mode (AEAD)	128	128/192/256
  SIV	Synthetic IV (AEAD)	AES	256
  CFB-8	Cipher Feedback Mode 8-bit	All	Any
  CTR	Counter Mode (a.k.a. CNT)	All	Any
  IGE	Infinite Garble Extension Mode	All	Any
  OFB	Output Feedback Mode	All	Any

• II.IV. 128-bit> Block Ciphers التشفير كتلة Blloko Shifrat

  Cipher	Block Size	Key Size	Modes
  AES² (Rijndael)	128	128/192/256	All modes supported
  Anubis²	128	128	All modes supported
  ARIA²	128	128/192/256	All modes supported
  Camellia¹	128	128/192/256	All modes supported
  Grasshopper²	128	256	All modes supported
  LEA³	128	128/192/256	All modes supported
  RC6¹	128	128/192/256	All modes supported
  SEED¹	128	128/256	All modes supported
  Serpent²	128	128/192/256	All modes supported
  Simon128¹	128	128/192/256	All modes supported
  Speck128³	128	128/192/256	All modes supported
  SM4¹	128	128	All modes supported
  Twofish¹	128	128/192/256	All modes supported
  Threefish256	256	256	CFB8, CTR and OFB
  Threefish512	512	512	CFB8, CTR and OFB
  Threefish1024	1024	1024	CFB8, CTR and OFB

• II.V. 64-bit Block Ciphers التشفير كتلة Blloko Shifrat (for IoT devices)

  Cipher	Block Size	Key Size	Modes
  3DES¹	64	192	CFB8, MGM, CTR, OFB
  Blowfish¹	64	40 to 448	CFB8, MGM, CTR, OFB
  CAST5¹	64	128	CFB8, MGM, CTR, OFB
  GOST89¹	64	256	CFB8, MGM, CTR, OFB
  HIGHT	64	128	CFB8, MGM, CTR, OFB
  IDEA¹ [obsolete]	64	128	CFB8, MGM, CTR, OFB
  Magma¹	64	256	CFB8, MGM, CTR, OFB
  Misty1¹	64	128	CFB8, MGM, CTR, OFB
  Present²	64	80/128	CFB8, MGM, CTR, OFB
  RC5¹	64	128	CFB8, MGM, CTR, OFB
  Skipjack¹	64	80	CFB8, MGM, CTR, OFB
  Simon64¹	64	96/128	CFB8, MGM, CTR, OFB
  Speck64³	64	96/128	CFB8, MGM, CTR, OFB
  TEA¹	64	128	CFB8, MGM, CTR, OFB
  XTEA¹	64	128	CFB8, MGM, CTR, OFB
  Twine	64	80/128	CFB8, MGM, CTR, OFB

• II.VI. 32-bit Block Ciphers التشفير كتلة Blloko Shifrat (Obfuscators)

  Cipher	Block Size	Key Size	Modes
  Simon32¹	32	64	IGE, CFB8, CTR, OFB
  Speck32³	32	64	IGE, CFB8, CTR, OFB
  Skip32*	32	40	-

  • [*] Integer obfuscator. It works with integers from 0 to 2,147,483,647, eighth Mersenne prime, largest (unsigned) number computable by 32-bit architectures.
  • ¹: Feistel Network
  • ²: SPN Structure
  • ³: ARX Structure

• II.VII. Hash Digests خوارزميات التشتت Algoritmet e Shpërndarjes

  Algorithm	128	160	192	256	512	MAC
  BLAKE-1³				O	O
  BLAKE-2B³				O	O	O
  BLAKE-2S³	O			O		O
  BLAKE-3³				O
  Chaskey³	O					O
  CubeHash					O
  GOST94 CryptoPro				O
  Grøstl				O	O
  Haraka v2				O
  JH²				O
  Keccak				O	O
  LSH256				O
  LSH512				O	O
  MD5 [Obsolete]	O
  Poly1305	O					O
  RIPEMD	O	O		O
  SHA1 [Obsolete]		O
  SHA2-256 (default)				O
  SHA2-512				O	O
  SHA3				O	O
  Skein256				O		O
  Skein512				O	O	O
  SM3				O
  SipHash³	O					O
  Streebog				O	O
  Tiger	O	O	O
  Tiger2	O	O	O
  Whirlpool					O

  • MAC refers to keyed hash function, like HMAC.

AEAD تشفير مصدق مع البيانات المرتبطة

Authenticated encryption (AE) and authenticated encryption with associated data (AEAD) are forms of encryption which simultaneously assure the confidentiality and authenticity of data. Provides both authenticated encryption (confidentiality and authentication) and the ability to check the integrity and authentication of additional authenticated data (AAD) that is sent in the clear.

XOR

XOR (Exclusive OR) is a logical operator that works on bits. Let’s denote it by ^. If the two bits it takes as input are the same, the result is 0, otherwise it is 1. This implements an exclusive or operation, i.e. exactly one argument has to be 1 for the final result to be 1. We can show this using a truth table:

• exclusive or

  x	y	x^y
  0	0	0
  0	1	1
  1	0	1
  1	1	0

IKM (input key material value)

Keying material is in general to include things like shared Diffie-Hellman secrets (which are not suitable as symmetric keys), which have more structure than normal keys.

NUMS curves منحنيات إهليلجية Kurbë eliptike

NUMS (Nothing Up My Sleeve) curves, which are supported in the MSRElliptic Curve Cryptography Library (a.k.a. MSR ECCLib).

These curves are elliptic curves over a prime field, just like the NIST or Brainpool curves. However, the domain-parameters are choosen using a VERY TIGHT DESIGN SPACE to ensure, that the introduction of a backdoor is infeasable. For a desired size of s bits the prime p is choosen as p = 2^s - c with the smallest c where c>0 and p mod 4 = 3 and p being prime.

III. Features سمات Veçoritë

• Cryptographic Functions:

  • Asymmetric Encryption
  • Symmetric Encryption + AEAD Modes
  • Digital Signature [ECDSA/EdDSA/ECGOST]
  • Shared Key Agreement [ECDH/X25519/VKO]
  • Recursive Hash Digest + Check
  • CMAC (Cipher-based message authentication code)
  • PMAC (Parallelizable message authentication code)
  • HMAC (Hash-based message authentication code)
  • HKDF (HMAC-based key derivation function)
  • Password-based key derivation function (PBKDF2/Scrypt)
  • TLS 1.2 (Transport Layer Security)

• Non-Cryptographic Functions:

  • Base64/Base32 string conversion
  • Bin to Hex/Hex to Bin string conversion
  • Data sanitization method
  • LZMA, GZIP, Bzip2, Zlib and Brotli compression algorithms
  • Random Art (OpenSSH equivalent)

IV. Usage يستخدم

 -algorithm string
       Asymmetric algorithm: brainpool256r1, ecdsa, sm2. (default "ecdsa")
 -bits int
       Key length: 64, 128, 192 or 256. (for RAND and KDF) (default 256)
 -check string
       Check hashsum file. ('-' for STDIN)
 -cipher string
       Symmetric algorithm, e.g. aes, serpent, twofish. (default "aes")
 -crypt string
       Encrypt/Decrypt with bulk ciphers.
 -digest string
       Target file/wildcard to generate hashsum list. ('-' for STDIN)
 -info string
       Associated data, additional info. (for HKDF and AEAD encryption)
 -iter int
       Iterations. (for KDF and SHRED commands) (default 1)
 -iv string
       Initialization vector. (for symmetric encryption)
 -kdf string
       Password-based key derivation function: HKDF, PBKDF2 or Scrypt.
 -key string
       Private/Public key, password or HMAC key, depending on operation.
 -keygen
       Generate asymmetric keypair.
 -list
       List all available algorithms.
 -mac string
       Compute Cipher-based/Hash-based message authentication code.
 -md string
       Hash algorithm, e.g. sha256, sm3 or keccak256. (default "sha256")
 -mode string
       Mode of operation: CCM, GCM, MGM, OCB, EAX or OFB. (default "CTR")
 -pkeyutl string
       Derive or Encrypt/Decrypt with asymmetric algorithms.
 -pub string
       Remote's side public key/Public IP/Local Port. (for ECDH and TLS)
 -rand
       Generate random cryptographic key.
 -recursive
       Process directories recursively. (for DIGEST command only)
 -salt string
       Salt. (for KDF only)
 -shred string
       Target file/path/wildcard to apply data sanitization method.
 -sign
       Sign hash with Private key.
 -signature string
       Input signature. (verification only)
 -tcp string
       Encrypted TCP/IP Transfer Protocol. [dump|listen|ip|send|dial]
 -util string
       Utilities for encoding and compression. (type -util help)
 -verify
       Verify signature with Public key.

V. Examples أمثلة Shembuj

Asymmetric keypair generation (default ECDSA):

./roottk -keygen [-algorithm prime192v3]
./roottk -pkeyutl text -key $prvkey [-algorithm prime192v3]

Symmetric key generation (default 256):

./roottk -rand [-bits 64|128|192|256]

Digital signature:

./roottk -sign -key $prvkey < file.ext > sign.txt
sign=$(cat sign.txt|awk '{print $2}')
./roottk -verify -key $pubkey -signature $sign < file.ext
echo $?

Shared key agreement (ECDH/X25519/VKO) with a given bit-length output:

./roottk -pkeyutl derive -key $prvkey -pub $pubkey [-bits 64|128|192|256]

Encryption/decryption with asymmetric cipher (EC-based):

./roottk -pkeyutl enc -key $pubkey -algorithm sm2 < plaintext.ext > ciphertext.ext 
./roottk -pkeyutl dec -key $prvkey -algorithm sm2 < ciphertext.ext 

Encryption/decryption with symmetric block cipher (default AES):

./roottk -crypt enc -key $256bitkey < plaintext.ext > ciphertext.ext
./roottk -crypt dec -key $256bitkey < ciphertext.ext > plaintext.ext

Encryption/decryption with block cipher with AEAD mode (AES-GCM):

./roottk -crypt enc -mode GCM [-info "AAD"] -key $256bitkey < plaintext.ext
./roottk -crypt dec -mode GCM [-info "AAD"] -key $256bitkey < ciphertext.ext

Cipher-based MAC:

./roottk -mac cmac -key $128bitkey < file.ext

SHA256-based HMAC:

./roottk -mac hmac -key $256bitkey < file.ext

KDF (password-based key derivation function):

./roottk -kdf pbkdf2 -key "pass" -iter 10000 -salt "salt"
./roottk -kdf scrypt -key "pass" -iter 8 -salt "salt"

KDF (HMAC-based key derivation function):

./roottk -kdf hkdf -key "IKM" -salt "salt" -info "AD"

Note:

KDF function can be combined with CRYPT and HMAC commands:

./roottk -crypt enc -kdf scrypt -key "pass" < plaintext.ext > ciphertext.ext
./roottk -mac hmac -kdf pbkdf2 -key "pass" -iter 10000 -salt "salt" < file.ext

Symmetric encryption/decryption with ZUC/Snow3G stream ciphers:

./roottk -crypt [eea3|uea2] -key $128bitkey < plaintext.ext > ciphertext.ext
./roottk -crypt [eea3|uea2] -key $128bitkey < ciphertext.ext > plaintext.ext

MAC-EIA3/UIA2 (3GPP message authentication code):

./roottk -mac [eia3|uia2] -key $128bitkey < file.ext
./roottk -mac [eia3|uia2] -key $128bitkey -signature $32bitmac < file.ext

Shred (data sanitization method, 25 iterations):

./roottk -shred keypair.ini -iter 25

Bin to Hex/Hex to Bin:

./roottk -util hexenc < file.ext > file.hex
./roottk -util hexdec < file.hex > file.ext
-
./roottk -util hexdump < file.ext
./roottk -util pwgen|./roottk -util hexdump

Bin to Base64/Base64 to Bin:

./roottk -util b64enc < file.ext > file.b64
./roottk -util b64dec < file.b64 > file.ext

String compression LZMA/BZIP2/GZIP/Brotli:

./roottk -util compress -algorithm lzma < file.ext > file.lzma
./roottk -util decompress -algorithm lzma < file.lzma > file.ext

TCP/IP Dump/Send:

./roottk -tcp ip > PublicIP.txt
./roottk -tcp dump [-pub "8081"] > Token.jwt
./roottk -tcp send [-pub "127.0.0.1:8081"] < Token.jwt

TCP/IP Listen/Dial:

./roottk -tcp listen [-pub "8081"]
./roottk -tcp dial [-pub "127.0.0.1:8081"]

Random Art (Public Key Fingerprint):

./roottk -util fingerprint -key $pubkey
./roottk -util fingerprint -key - < Pubkey.txt

Key Split/Join:

./roottk -util splitkey -key $privkey
./roottk -util splitkey -key - < Privkey.txt > split.txt
./roottk -util joinkey < split.txt

Password Generator/Validator:

./roottk -util pwgen [-bits 160] > passwd.txt
./roottk -util entropy -bits 128 -key '-' < passwd.txt
echo $?

Passwords must have at least 128-bit of entropy, otherwise exit code is 1.

VI. Warning تحذير Paralajmërim

• Modes of Operation:
  • Non-AEAD modes are susceptible to MitM attacks as silent corruption.
  • The default mode of operation is CTR as it supports all block ciphers, but this does not guarantee integrity of the ciphertext, it is highly recommended to use an AEAD mode.
• Block Ciphers:
  • Some 64-bit block ciphers are susceptible to Birthday attacks (SWEET32).
  • NIST has deprecated DES and 3DES for new applications in 2017, and for all application by 2023.
  • NIST recommends not to use Skipjack after 2010.
  • Bruce Schneier has recommended migrating to his Blowfish successor, Twofish.
  • In 2011 full 8.5-round IDEA was broken using a meet-in-the-middle attack. Independently in 2012, full 8.5-round IDEA was broken using a narrow-bicliques attack, with a reduction of cryptographic strength of about 2 bits, similar to the effect of the previous bicliques attack on AES; however, this attack does not threaten the security of IDEA in practice.
  • TEA suffers from equivalent keys and can be broken using a related-key attack requiring 2²³ chosen plaintexts and a time complexity of 2³². The best structural cryptanalysis of TEA in the standard single secret key setting is the zero-correlation cryptanalysis breaking 21 rounds in 2^121.5 time with less than the full code book.
  • A related-key rectangle attack on 36 rounds of XTEA (Lu, 2009).
  • Triathlon of Lightweight Block Ciphers for the Internet of Things.
• Shred:
  • The non-cryptographic algorithm GOST R 50739-95 carries out one overwriting cycle using pseudo-random numbers and protects the data from recovery by common tools. This algorithm corresponds to protection class 2 (out of 6), according to the Russian State Technical Commission classification.
  • Data Sanitization Method cannot be applied to solid state drives (SSDs), it's useless in this case.

VII. Contribute

Use issues for everything

• You can help and get help by:
  • Reporting doubts and questions
• You can contribute by:
  • Reporting issues
  • Suggesting new features or enhancements
  • Improve/fix documentation

VIII. Acknoledgments

• Sergey Matveev (GoGOST Library Author)
• RyuaNerin (go-krypto Library Author)
• Chris Howey (Contributor, PBKDF2 function)
• Leonard von Hagen (Contributor, GOSTLS patch)
• Paul Scheduikat (Contributor, Introduction to the use of flags in Go)
• Chenxu (GMSM Library Author)
• Suzhou Tongji Fintech Research Institute (GMSM Library Author)
• Damian Gryski (Anubis, Present, SipHash, Misty1 Libraries Author)

Ω License

This project is licensed under the ISC License.