def gen_hash_test_vectors(): print(r"""\newpage """) print("\subsection{DryGascon%s hash test vectors}"%sys.argv[1]) impl.Verbose(DrySponge.SPY_FULL) print(r"""\begin{lstlisting}[caption={Detailed test vector}]""") impl.hash(binascii.unhexlify(b'0001020304050607')) impl.Verbose(DrySponge.SPY_F_IO) print(r"""\end{lstlisting} \begin{lstlisting}[caption={Less detailed test vector}]""") impl.hash(binascii.unhexlify(b'0001020304050607')) impl.Verbose(DrySponge.SPY_ALG_IO) print(r"""\end{lstlisting} \begin{lstlisting}[caption={Test vectors}]""") m=binascii.unhexlify(b'') for i in range(0,33): impl.hash(m) m+=bytes([i]) impl.Verbose(DrySponge.SPY_NONE) iterations = 100 print(r"""\end{lstlisting} \begin{lstlisting}[caption={Iterative test vector}]""") print("Hashing null message %d times"%iterations) m=binascii.unhexlify(b'') for i in range(0,iterations): m=impl.hash(m) print(" Digest: ",end="") DrySponge.print_bytes_as_hex(m) print(r"""\end{lstlisting}""")
def debug(): impl.Verbose(DrySponge.SPY_ALG_IO) key = binascii.unhexlify(b'00') * impl.key_size() nonce = binascii.unhexlify(b'00') * impl.block_size() aead_enc_dec(key, nonce) aead_enc_dec(key, nonce, binascii.unhexlify(b'00')) aead_enc_dec(key, nonce, binascii.unhexlify(b'0001')) aead_enc_dec(key, nonce, binascii.unhexlify(b'0000')) aead_enc_dec(key, nonce, binascii.unhexlify(b'000000')) aead_enc_dec(key, nonce, binascii.unhexlify(b'00000001')) aead_enc_dec(key, nonce, binascii.unhexlify(b'00'), binascii.unhexlify(b'01'), binascii.unhexlify(b'02')) #test_hash_mode() impl.Verbose(DrySponge.SPY_NONE) impl.Verbose(DrySponge.SPY_ALG_IO) iterations = 16 print("Generating expected tag for benchmark on %d iterations" % iterations) m = binascii.unhexlify(b'00') * impl.block_size() for i in range(0, iterations): o = impl.encrypt(key, nonce, m, binascii.unhexlify(b'')) m = copy.deepcopy(o[impl.block_size():]) print(" CipherText: ", end="") DrySponge.print_bytes_as_hex(o[impl.block_size():])
def CoreRound(self,c,round): S = [0]*self.nw for i in range(0,self.nw): S[i] = DrySponge.bytes_to_int(c[i*8:(i+1)*8]) gascon = Gascon(self.nw,12) gascon.round(S,round,self.spy_all) for i in range(0,self.nw): c[i*8:(i+1)*8] = DrySponge.int_to_bytes(S[i],64) return c
def gen_aead_test_vectors(): print("\subsection{DryGascon%s AEAD test vectors}"%sys.argv[1]) impl.Verbose(DrySponge.SPY_F_IO) nonce = binascii.unhexlify(b'F0F1F2F3F4F5F6F7F8F9FAFBFCFDFEFF')[0:impl.nonce_size()] #key = binascii.unhexlify(b'000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F')[0:impl.key_size()] key = bytearray() for i in range(0,impl.fullkey_size()): key.append(i) print(r"""\begin{lstlisting}[caption={Detailed test vector: m=0, a=0, s=0, full key profile}]""") impl.encrypt(key,nonce,binascii.unhexlify(b''),binascii.unhexlify(b'')) print(r"""\end{lstlisting}""") key = key[:impl.fastkey_size()] print(r"""\begin{lstlisting}[caption={Detailed test vector: m=0, a=0, s=0, fast key profile}]""") impl.encrypt(key,nonce,binascii.unhexlify(b''),binascii.unhexlify(b'')) print(r"""\end{lstlisting}""") key = key[:impl.key_size()] print(r"""\begin{lstlisting}[caption={Detailed test vector: m=0, a=0, s=0}]""") impl.encrypt(key,nonce,binascii.unhexlify(b''),binascii.unhexlify(b'')) print(r"""\end{lstlisting} \begin{lstlisting}[caption={Detailed test vector: m=0, a=0, s=1}]""") impl.encrypt(key,nonce,binascii.unhexlify(b''),binascii.unhexlify(b''),binascii.unhexlify(b'BB')) print(r"""\end{lstlisting} \begin{lstlisting}[caption={Detailed test vector: m=0, a=1, s=0}]""") impl.encrypt(key,nonce,binascii.unhexlify(b''),binascii.unhexlify(b'AA')) print(r"""\end{lstlisting} \begin{lstlisting}[caption={Detailed test vector: m=1, a=0, s=0}]""") impl.encrypt(key,nonce,binascii.unhexlify(b'DD'),binascii.unhexlify(b'')) print(r"""\end{lstlisting} \begin{lstlisting}[caption={Detailed test vector: m=1, a=1, s=0}]""") impl.encrypt(key,nonce,binascii.unhexlify(b'DD'),binascii.unhexlify(b'AA')) print(r"""\end{lstlisting}""") impl.Verbose(DrySponge.SPY_ALG_IO) print(r"""\begin{lstlisting}[caption={Test vectors}]""") m=binascii.unhexlify(b'') for i in range(0,33): impl.encrypt(key,nonce,m,bytes([0])*16) m+=bytes([i]) impl.Verbose(DrySponge.SPY_NONE) print(r"""\end{lstlisting} \begin{lstlisting}[caption={Iterative test vector}]""") iterations = 100 print("Encrypting null message %d times with tag feedback as associated data"%iterations) m=binascii.unhexlify(b'') for i in range(0,iterations): m=impl.encrypt(key,nonce,binascii.unhexlify(b''),m) print(" CipherText: ",end="") DrySponge.print_bytes_as_hex(m) print(r"""\end{lstlisting}""")
def MixPhaseRound(self, c, x, ib, biti, ds=None): if self.spy: DrySponge.print_bytes_as_hex(c) ii = DrySponge.bytes_to_int(ib) if ds is not None: #print("ds=%x"%ds) #print(ib) ii |= ds << (len(ib) * 8) #print("%x"%ii) r = (ii >> biti) & self.MprInputMask if self.spy: print("biti=%d, r=0x%x" % (biti, r)) for j in range(0, self.CapacityWidth // 64): wi = 0 #wi = r & 1 #r = r >> 1 i = r & self.XIdxMask r = r >> self.XIdxWidth ci = ((j * 2) + wi) xi = i if self.spy: print("c[%d]^=x[%d]: c[%d]=" % (ci, xi, ci), end="") DrySponge.print_bytes_as_hex(c[ci * 4:ci * 4 + 4], end="") print(" ^ ", end="") DrySponge.print_bytes_as_hex(x[xi * 4:xi * 4 + 4], end="") for k in range(0, 4): #print(i,j,k,j*4+k,i*4+k) c[ci * 4 + k] ^= x[xi * 4 + k] if self.spy: print(" = ", end="") DrySponge.print_bytes_as_hex(c[ci * 4:ci * 4 + 4]) return (c, x)
def MixPhase(self,c,x,i): if self.spy: print("ds = %x"%self.ds) biti=0 for j in range(0,self.mprounds-1): if self.spy: print("MixPhaseRound entry %2d "%j,end="") (c,x) = self.MixPhaseRound(c,x,i,biti,self.ds) if self.spy: print("CoreRound entry %2d "%j,end="") DrySponge.print_bytes_as_hex(c) biti += self.MprInputWidth c = self.CoreRound(c,0) if self.spy: print("MixPhaseRound entry %2d "%(self.mprounds-1),end="") (c,x) = self.MixPhaseRound(c,x,i,biti,self.ds) self.ds = None return (c,x)
def MixPhaseRound(self,c,x,ib,biti,ds=None): if self.spy: DrySponge.print_bytes_as_hex(c) ii = DrySponge.bytes_to_int(ib) if ds is not None: #print("ds=%x"%ds) #print(ib) ii |= ds << (len(ib)*8) #print("%x"%ii) r=(ii>>biti) & self.MprInputMask #print("biti=%d, r=0x%x"%(biti,r)) for j in range(0,self.CapacityWidth // 64): wi = 0 #wi = r & 1 #r = r >> 1 i = r & self.XIdxMask r = r>>self.XIdxWidth for k in range(0,4): #print(i,j,k,j*4+k,i*4+k) c[((j*2)+wi)*4+k] ^= x[i*4+k] return (c,x)
def instance(self): return DrySponge(self)