def ctr_crypt(s, key, idx=0):
"""Given a string s and a 16-byte key key, computes the AES counter-mode
encryption of s using k. The counter begins at idx.
"""
if isinstance(key, StringType):
key = _ml.aes_key(key)
return _ml.aes_ctr128_crypt(key, s, idx)
def ctr_crypt(s, key, idx=0):
"""Given a string s and a 16-byte key key, computes the AES counter-mode
encryption of s using k. The counter begins at idx.
"""
if isinstance(key, StringType):
key = _ml.aes_key(key)
return _ml.aes_ctr128_crypt(key, s, idx)
def prng(key, count, idx=0):
"""Returns the bytestream 0x00000000...., encrypted in counter mode."""
if isinstance(key, StringType):
key = _ml.aes_key(key)
return _ml.aes_ctr128_crypt(key, "", idx, count)
"""Given four 20-byte keys, encrypts s using the LIONESS
super-pseudorandom permutation.
"""
assert len(key1) == len(key3) == DIGEST_LEN
assert len(key2) == len(key4) == DIGEST_LEN
assert len(s) > DIGEST_LEN
# Split the message.
left = s[:DIGEST_LEN]
right = s[DIGEST_LEN:]
del s
# Performance note: This business with sha1("".join((key,right,key)))
# may look slow, but it contributes only .7% to the total time for
# LIONESS.
right = _ml.aes_ctr128_crypt(_ml.aes_key(_ml.sha1("".join((key1, left, key1)))[:AES_KEY_LEN]), right, 0)
left = _ml.strxor(left, _ml.sha1("".join((key2, right, key2))))
right = _ml.aes_ctr128_crypt(_ml.aes_key(_ml.sha1("".join((key3, left, key3)))[:AES_KEY_LEN]), right, 0)
left = _ml.strxor(left, _ml.sha1("".join((key4, right, key4))))
# You could write the above as:
# right = ctr_crypt(right, "".join((key1,left,key1))[:AES_KEY_LEN])
# left = strxor(left, sha1("".join((key2,right,key2))))
# right = ctr_crypt(right, "".join((key3,left,key3))[:AES_KEY_LEN])
# left = strxor(left, sha1("".join((key4,right,key4))))
# but that would be slower by about 10%. (Since LIONESS is in the
# critical path, we care.)
return left + right
def prng(key, count, idx=0):
"""Returns the bytestream 0x00000000...., encrypted in counter mode."""
if isinstance(key, StringType):
key = _ml.aes_key(key)
return _ml.aes_ctr128_crypt(key, "", idx, count)
super-pseudorandom permutation.
"""
assert len(key1) == len(key3) == DIGEST_LEN
assert len(key2) == len(key4) == DIGEST_LEN
assert len(s) > DIGEST_LEN
# Split the message.
left = s[:DIGEST_LEN]
right = s[DIGEST_LEN:]
del s
# Performance note: This business with sha1("".join((key,right,key)))
# may look slow, but it contributes only .7% to the total time for
# LIONESS.
right = _ml.aes_ctr128_crypt(
_ml.aes_key(_ml.sha1("".join((key1, left, key1)))[:AES_KEY_LEN]),
right, 0)
left = _ml.strxor(left, _ml.sha1("".join((key2, right, key2))))
right = _ml.aes_ctr128_crypt(
_ml.aes_key(_ml.sha1("".join((key3, left, key3)))[:AES_KEY_LEN]),
right, 0)
left = _ml.strxor(left, _ml.sha1("".join((key4, right, key4))))
# You could write the above as:
# right = ctr_crypt(right, "".join((key1,left,key1))[:AES_KEY_LEN])
# left = strxor(left, sha1("".join((key2,right,key2))))
# right = ctr_crypt(right, "".join((key3,left,key3))[:AES_KEY_LEN])
# left = strxor(left, sha1("".join((key4,right,key4))))
# but that would be slower by about 10%. (Since LIONESS is in the
# critical path, we care.)
return left + right
def testLeaks1():
print "Trying to leak (sha1,aes,xor,seed,oaep)"
s20k="a"*20*1024
keytxt="a"*16
key = _ml.aes_key(keytxt)
while 1:
_ml.aes_key(keytxt)
_ml.sha1(s20k)
_ml.aes_ctr128_crypt(key,s20k,0)
_ml.aes_ctr128_crypt(key,s20k,2000)
_ml.aes_ctr128_crypt(key,"",2000,20000)
_ml.aes_ctr128_crypt(key,"",0,20000)
_ml.aes_ctr128_crypt(key,s20k,0,2000)
try:
_ml.aes_ctr128_crypt("abc",s20k,0,2000)
except:
pass
_ml.strxor(s20k,s20k)
try:
_ml.strxor(s20k,keytxt)
except:
pass
_ml.openssl_seed(s20k)
r = _ml.add_oaep_padding("Hello",OAEP_PARAMETER,128)
_ml.check_oaep_padding(r,OAEP_PARAMETER,128)
try:
_ml.check_oaep_padding("hello",OAEP_PARAMETER,128)
except:
pass
try:
_ml.add_oaep_padding(s20k,OAEP_PARAMETER,128)
except:
pass
try:
_ml.add_oaep_padding("a"*127,OAEP_PARAMETER,128)
except:
pass