def test_for_fixed_points():
state = bytearray(16)
sboxes = (bytearray((8, 6, 5, 15, 1, 12, 10, 9, 14, 11, 2, 4, 7, 0, 13, 3)),
bytearray((0, 7, 14, 1, 5, 11, 8, 2, 3, 10, 13, 6, 15, 12, 4, 9)), # best one
bytearray((2, 14, 15, 5, 12, 1, 9, 10, 11, 4, 6, 8, 0, 7, 3, 13)),
bytearray((0, 7, 3, 4, 12, 1, 10, 15, 13, 14, 6, 11, 2, 8, 9, 5)),
bytearray((7, 12, 14, 9, 2, 1, 5, 15, 11, 6, 13, 0, 4, 8, 10, 3)),
bytearray((4, 10, 1, 6, 8, 15, 7, 12, 3, 0, 14, 13, 5, 9, 11, 2)),
bytearray((2, 15, 12, 1, 5, 6, 10, 13, 14, 8, 3, 4, 0, 11, 9, 7)),
bytearray((15, 4, 5, 8, 9, 7, 2, 1, 10, 3, 0, 14, 6, 12, 13, 11)))
#for mapping_number, mapping in enumerate(sboxes):
# print "Mapping number: {}".format(mapping_number)
# assert len(set(mapping)) == 16, (sorted(mapping), mapping)
#mapping = bytearray((0, 7, 14, 1, 5, 11, 8, 2, 3, 10, 13, 6, 15, 12, 4, 9))
def shuffle_bytes(state):
#state[0] = state[0]
temp = state[1]
state[1] = state[7]
state[7] = state[2]
state[2] = state[14]
state[14] = state[4]
state[4] = state[5]
state[5] = state[11]
state[11] = state[6]
state[6] = state[8]
state[8] = state[3]
state[3] = temp
temp = state[9]
state[9] = state[10]
state[10] = state[13]
state[13] = state[12]
state[12] = state[15]
state[15] = temp
mapping = bytearray(range(16))
shuffle_bytes(mapping)
assert len(set(mapping)) == 16, [byte for byte in mapping]
for rounds in range(256):
for index in range(16):
for shift in range(8):
state[index] = 1 << shift
state1, state2 = bytes_to_integer(state[:8]), bytes_to_integer(state[8:])
assert format(state1, 'b').zfill(64).count('1') in (1, 0), format(state1, 'b').zfill(64)
assert format(state2, 'b').zfill(64).count('1') in (1, 0), format(state2, 'b').zfill(64)
for round in range(rounds):
state1, state2 = decorrelation_layer(state1, state2, mapping)
# assert format(state1, 'b').zfill(64).count('1') in (1, 0), format(state1, 'b').zfill(64)
# assert format(state2, 'b').zfill(64).count('1') in (1, 0), format(state2, 'b').zfill(64)
_state = integer_to_bytes(state1, 8) + integer_to_bytes(state2, 8)
if _state[index] == 1 << shift:
print "Returned point in decorrelation layer at: {} {} after {} rounds".format(index, shift, rounds)
state[index] = 0
def slide_rows(b, c, d, word0=0xFFFFFFFF000000000000000000000000,
word1=0x00000000FFFFFFFF0000000000000000,
word2=0x0000000000000000FFFFFFFF00000000,
word3=0x000000000000000000000000FFFFFFFF):
# b: 1, 2, 3, 0
# c: 2, 3, 0, 1
# d: 3, 0, 1, 2
#_b = ((b & word1) << 32) | ((b & word2) << 32) | ((b & word3) << 32) | ((b & word0) >> 96)
#_c = ((c & word2) << 64) | ((c & word3) >> 64) | ((c & word0) >> 64) | ((c & word1) >> 64)
#_d = ((d & word3) << 96) | ((d & word0) >> 32) | ((d & word1) >> 32) | ((d & word2) >> 32)
#_b = ((b & word1) << 64) | ((b & word2) << 0 ) | ((b & word3) >> 64) | ((b & word0) >> 0 )
#_c = ((c & word2) << 32) | ((c & word3) >> 32) | ((c & word0) << 32) | ((c & word1) >> 32)
#_d = ((d & word3) << 0 ) | ((d & word0) << 64) | ((d & word1) >> 0 ) | ((d & word2) >> 64)
_b, _c, _d = [integer_to_bytes(word, 16) for word in (b, c, d)]
_b = bytes_to_integer(_b[1 * 4:] + _b[:1 * 4])
_c = bytes_to_integer(_c[2 * 4:] + _c[:2 * 4])
#print
#print list(bytearray(_d))
_d = _d[3 * 4:] + _d[:3 * 4]
#print list(bytearray(_d))
_d = bytes_to_integer(_d)
#if _b == __b: print 'b', True# (_b, __b)
#if _c == __c: print 'c', True# (_c, __c)
#if _d == __d: print 'd', True# (_d, __d)
return _b, _c, _d
def decorrelation_layer(state1, state2, transposition_table):
state = bytearray(16)
for index, byte in enumerate(integer_to_bytes(state1, 8) + integer_to_bytes(state2, 8)):
state[transposition_table[index]] = byte
state1, state2 = bytes_to_integer(state[:8]), bytes_to_integer(state[8:])
# top half
# the strange ordering applies shuffle_bytes before the bit permutation
x = (((state1 >> 56) & 255) << 24) | (((state1 >> 48) & 255) << 16) | (((state1 >> 40) & 255) << 8) | ((state1 >> 32) & 255)
y = (((state1 >> 24) & 255) << 24) | (((state1 >> 16) & 255) << 16) | (((state1 >> 8) & 255) << 8) | (state1 & 255)
t = (y ^ (y >> 7)) & 0x00AA00AA; y = y ^ t ^ (t << 7);
t = (x ^ (x >>14)) & 0x0000CCCC; x = x ^ t ^ (t <<14);
t = (y ^ (y >>14)) & 0x0000CCCC; y = y ^ t ^ (t <<14);
t = (x & 0xF0F0F0F0) | ((y >> 4) & 0x0F0F0F0F);
y = ((x << 4) & 0xF0F0F0F0) | (y & 0x0F0F0F0F);
# bottom half
x = (((state2 >> 56) & 255) << 24) | (((state2 >> 48) & 255) << 16) | (((state2 >> 40) & 255) << 8) | ((state2 >> 32) & 255)
y2 = (((state2 >> 24) & 255) << 24) | (((state2 >> 16) & 255) << 16) | (((state2 >> 8) & 255) << 8) | (state2 & 255)
t2 = (y2 ^ (y2 >> 7)) & 0x00AA00AA; y2 = y2 ^ t2 ^ (t2 << 7);
t2 = (x ^ (x >>14)) & 0x0000CCCC; x = x ^ t2 ^ (t2 <<14);
t2 = (y2 ^ (y2 >>14)) & 0x0000CCCC; y2 = y2 ^ t2 ^ (t2 <<14);
t2 = (x & 0xF0F0F0F0) | ((y2 >> 4) & 0x0F0F0F0F);
y2 = ((x << 4) & 0xF0F0F0F0) | (y2 & 0x0F0F0F0F);
return ((y << 32) | t), ((y2 << 32) | t2)
def test_for_fixed_points():
state = bytearray(16)
for index in range(16):
for shift in range(8):
state[index] = 1 << shift
state1, state2 = bytes_to_integer(state[:8]), bytes_to_integer(state[8:])
assert format(state1, 'b').zfill(64).count('1') in (1, 0), format(state1, 'b').zfill(64)
assert format(state2, 'b').zfill(64).count('1') in (1, 0), format(state2, 'b').zfill(64)
state1, state2 = decorrelation_layer(state1, state2)
assert format(state1, 'b').zfill(64).count('1') in (1, 0), format(state1, 'b').zfill(64)
assert format(state2, 'b').zfill(64).count('1') in (1, 0), format(state2, 'b').zfill(64)
_state = integer_to_bytes(state1, 8) + integer_to_bytes(state2, 8)
if _state[index] == 1 << shift:
print "Fixed point in decorrelation layer at: {} {}".format(index, shift)
state[index] = 0
for state in range(2 ** 24):
state = integer_to_bytes(state, 16)
inputs = bytes_to_integer(state[:4]), bytes_to_integer(state[4:8]), bytes_to_integer(state[8:12]), bytes_to_integer(state[12:16])
outputs = nonlinear_mixing(*inputs)
if inputs == outputs:
print "Fixed point in nonlinear mixing layer: {}".format([format(word, 'b').zfill(32) for word in inputs])
def slide_rows(b,
c,
d,
word0=0xFFFFFFFF000000000000000000000000,
word1=0x00000000FFFFFFFF0000000000000000,
word2=0x0000000000000000FFFFFFFF00000000,
word3=0x000000000000000000000000FFFFFFFF):
# b: 1, 2, 3, 0
# c: 2, 3, 0, 1
# d: 3, 0, 1, 2
#_b = ((b & word1) << 32) | ((b & word2) << 32) | ((b & word3) << 32) | ((b & word0) >> 96)
#_c = ((c & word2) << 64) | ((c & word3) >> 64) | ((c & word0) >> 64) | ((c & word1) >> 64)
#_d = ((d & word3) << 96) | ((d & word0) >> 32) | ((d & word1) >> 32) | ((d & word2) >> 32)
#_b = ((b & word1) << 64) | ((b & word2) << 0 ) | ((b & word3) >> 64) | ((b & word0) >> 0 )
#_c = ((c & word2) << 32) | ((c & word3) >> 32) | ((c & word0) << 32) | ((c & word1) >> 32)
#_d = ((d & word3) << 0 ) | ((d & word0) << 64) | ((d & word1) >> 0 ) | ((d & word2) >> 64)
_b, _c, _d = [integer_to_bytes(word, 16) for word in (b, c, d)]
_b = bytes_to_integer(_b[1 * 4:] + _b[:1 * 4])
_c = bytes_to_integer(_c[2 * 4:] + _c[:2 * 4])
#print
#print list(bytearray(_d))
_d = _d[3 * 4:] + _d[:3 * 4]
#print list(bytearray(_d))
_d = bytes_to_integer(_d)
#if _b == __b: print 'b', True# (_b, __b)
#if _c == __c: print 'c', True# (_c, __c)
#if _d == __d: print 'd', True# (_d, __d)
return _b, _c, _d
def test_function(top, bottom, key, index):
top, bottom = decorrelation_layer(top, bottom)
state = integer_to_bytes(top, 8) + integer_to_bytes(bottom, 8)
# mixColumns(state)
key = prp_finer_grain(state, key)
top = bytes_to_integer(state[:8])
bottom = bytes_to_integer(state[8:])
return top, bottom, key
def test_prf_words():
state = range(32)
a, b, c, d = bytes_to_integer(state[:8]), bytes_to_integer(state[8:16]), bytes_to_integer(state[16:24]), bytes_to_integer(state[24:32])
for round in range(4):
decorrelation_layer_ab(a, c)
decorrelation_layer_ab(a, b)
decorrelation_layer_ab(b, d)
decorrelation_layer_ab(c, d)
def test_prf_words():
state = range(32)
a, b, c, d = bytes_to_integer(state[:8]), bytes_to_integer(
state[8:16]), bytes_to_integer(state[16:24]), bytes_to_integer(
state[24:32])
for round in range(4):
decorrelation_layer_ab(a, c)
decorrelation_layer_ab(a, b)
decorrelation_layer_ab(b, d)
decorrelation_layer_ab(c, d)
def encrypt(plaintext, key, wordsize=WORDSIZE, rounds=ROUNDS):
# 128 bit state
assert len(key) == KEY_SIZE
assert isinstance(plaintext, bytearray)
assert len(plaintext) == 16, (len(plaintext), plaintext)
a, b, c, d = [bytes_to_integer(word) for word in slide(plaintext, 4)] # this conversion makes this version slower then the 8-bit python version
key = [bytes_to_integer(word) for word in slide(key, 4)]
for round in range(rounds):
a, b, c, d = add_key_and_constants(a, b, c, d, key, round)
a, b, c, d = sbox_layer(a, b, c, d)
a, b, c, d = mix_state(a, b, c, d)
plaintext[:] = integer_to_bytes(a, 4) + integer_to_bytes(b, 4) + integer_to_bytes(c, 4) + integer_to_bytes(d, 4)
return plaintext
def test_identity_encrypt():
bobs_identity = bytes_to_integer(bytearray("Bob"))
message = bytes_to_integer(bytearray(urandom(3)))
public_key, private_key, prime = generate_keypair_for_e(8, e=bobs_identity)
ciphertext = encrypt(message, public_key, prime)
plaintext = decrypt(ciphertext, private_key, prime)
assert plaintext == message, (plaintext, message)
print("Identity : {}".format(bobs_identity))
print("Prime : {}".format(prime))
print("d exponent: {}".format(private_key))
print("Ciphertext: {}".format(ciphertext))
def encrypt(message, public_key):
m = bytes_to_integer(bytearray(message))
n, g = public_key
r = bytes_to_integer(bytearray(urandom(len(message))))
assert m < n, (m, n)
print "Encrypting?", n, g
part1 = pow(g, m)
print "After part1"
part2 = pow(r, n)
print "After part2"
part3 = pow(n, 2)
print "After part3"
return (part1 * part2) % part3
def encrypt(message, public_key):
m = bytes_to_integer(bytearray(message))
n, g = public_key
r = bytes_to_integer(bytearray(urandom(len(message))))
assert m < n, (m, n)
print "Encrypting?", n, g
part1 = pow(g, m)
print "After part1"
part2 = pow(r, n)
print "After part2"
part3 = pow(n, 2)
print "After part3"
return (part1 * part2) % part3
def convergent_encrypt(message, public_key, n=N,
_hash=hash_function, encrypt=symmetric_encrypt):
""" usage: convergent_encrypt(message, public_key, n=N,
_hash=hash_function, encrypt=symmetric_encrypt) => ciphertext, decryption key
Given a plaintext message and public key, returns a ciphertext and secret decryption key.
The ciphertext and key are both integers, which is what the convergent_decrypt function requires.
Ciphertexts produced this way are deterministic - encrypting the same plaintext produces the same ciphertext.
There exists a private key that allows the decryption of any ciphertext produced this way.
Currently only supports the encryption of a single 256-bit block of data. """
key = _hash(message)
ciphertext = bytes_to_integer(encrypt(message, key))
key = bytes_to_integer(key)
return ((public_key * ciphertext) + key) % n, key
def visualize_keyed_permutation():
from crypto.analysis.visualization import test_4x32_function
from os import urandom
from crypto.utilities import bytes_to_integer
test_4x32_function(
keyed_permutation, (0, 0, 0, 1) +
tuple(bytes_to_integer(bytearray(urandom(4))) for count in range(4)))
def swap_places(top, second, third, bottom):
_state = integer_to_bytes(top, 4) + integer_to_bytes(
second, 4) + integer_to_bytes(third, 4) + integer_to_bytes(bottom, 4)
temp = bytearray(16)
# next_index=[7, 12, 14, 9, 2, 1, 5, 15, 11, 6, 13, 0, 4, 8, 10, 3]
# for index in range(16): # python style implementation
# temp[next_index[index]] = _state[index]
# to do: change to this sbox: F4589721A30E6CDB
temp[7] = _state[0] # C style implementation
temp[12] = _state[1]
temp[14] = _state[2]
temp[9] = _state[3]
temp[2] = _state[4]
temp[1] = _state[5]
temp[5] = _state[6]
temp[15] = _state[7]
temp[11] = _state[8]
temp[6] = _state[9]
temp[13] = _state[10]
temp[0] = _state[11]
temp[4] = _state[12]
temp[8] = _state[13]
temp[10] = _state[14]
temp[3] = _state[15]
top, second, third, bottom = (bytes_to_integer(_bytes)
for _bytes in slide(temp, 4))
return top, second, third, bottom
def encrypt(plaintext, key, wordsize=WORDSIZE, rounds=ROUNDS):
# 128 bit state
assert len(key) == KEY_SIZE
assert isinstance(plaintext, bytearray)
assert len(plaintext) == 16, (len(plaintext), plaintext)
a, b, c, d = [
bytes_to_integer(word) for word in slide(plaintext, 4)
] # this conversion makes this version slower then the 8-bit python version
key = [bytes_to_integer(word) for word in slide(key, 4)]
for round in range(rounds):
a, b, c, d = add_key_and_constants(a, b, c, d, key, round)
a, b, c, d = sbox_layer(a, b, c, d)
a, b, c, d = mix_state(a, b, c, d)
plaintext[:] = integer_to_bytes(a, 4) + integer_to_bytes(
b, 4) + integer_to_bytes(c, 4) + integer_to_bytes(d, 4)
return plaintext
def swap_places(top, second, third, bottom):
_state = integer_to_bytes(top, 4) + integer_to_bytes(second, 4) + integer_to_bytes(third, 4) + integer_to_bytes(bottom, 4)
temp = bytearray(16)
# next_index=[7, 12, 14, 9, 2, 1, 5, 15, 11, 6, 13, 0, 4, 8, 10, 3]
# for index in range(16): # python style implementation
# temp[next_index[index]] = _state[index]
# to do: change to this sbox: F4589721A30E6CDB
temp[7] = _state[0] # C style implementation
temp[12] = _state[1]
temp[14] = _state[2]
temp[9] = _state[3]
temp[2] = _state[4]
temp[1] = _state[5]
temp[5] = _state[6]
temp[15] = _state[7]
temp[11] = _state[8]
temp[6] = _state[9]
temp[13] = _state[10]
temp[0] = _state[11]
temp[4] = _state[12]
temp[8] = _state[13]
temp[10] = _state[14]
temp[3] = _state[15]
top, second, third, bottom = (bytes_to_integer(_bytes) for _bytes in slide(temp, 4))
return top, second, third, bottom
def convergent_encrypt(message,
public_key,
n=N,
_hash=hash_function,
encrypt=symmetric_encrypt):
""" usage: convergent_encrypt(message, public_key, n=N,
_hash=hash_function, encrypt=symmetric_encrypt) => ciphertext, decryption key
Given a plaintext message and public key, returns a ciphertext and secret decryption key.
The ciphertext and key are both integers, which is what the convergent_decrypt function requires.
Ciphertexts produced this way are deterministic - encrypting the same plaintext produces the same ciphertext.
There exists a private key that allows the decryption of any ciphertext produced this way.
Currently only supports the encryption of a single 256-bit block of data. """
key = _hash(message)
ciphertext = bytes_to_integer(encrypt(message, key))
key = bytes_to_integer(key)
return ((public_key * ciphertext) + key) % n, key
def test_mixColumn2():
from crypto.utilities import bytes_to_integer, integer_to_bytes
column = range(4)
column2 = range(4)
column = _mixColumn(column)
column2 = [byte for byte in integer_to_bytes(_mixColumn2(bytes_to_integer(column2)), 4)]
assert column == column2, (column, column2)
def verify(message, signature, public_key):
message_hash = bytes_to_integer(bytearray(hash(message)))
signature_a, signature_b = signature
key1 = choice(message_hash, signature_a, signature_b)
key2 = choice(message_hash, signature_b, signature_a)
if (hash(integer_to_bytes(key1, 32)), hash(integer_to_bytes(key2, 32))) == public_key:
return True
else:
return False
def find_duplicate2():
from crypto.utilities import bytes_to_integer
target_weight = 19
target_sample = bytearray(8)
samples = []
while hamming_weight(target_sample) != target_weight:
target_sample = bytearray(urandom(8))
test_sample = bytearray(8)
test_sample[-2:] = (255, 255)
test_sample[-3] = 7
assert hamming_weight(test_sample) == hamming_weight(target_sample)
print "Searching for duplicate"
target_sample, test_sample = bytes_to_integer(target_sample), bytes_to_integer(test_sample)
counter = 0
while test_sample != target_sample:
counter += 1
test_sample = next_bit_permutation(test_sample)
print "Found duplicate after: {}".format(counter)
def decorrelation_layer(state1, state2, transposition_table):
state = bytearray(16)
for index, byte in enumerate(
integer_to_bytes(state1, 8) + integer_to_bytes(state2, 8)):
state[transposition_table[index]] = byte
state1, state2 = bytes_to_integer(state[:8]), bytes_to_integer(state[8:])
# top half
# the strange ordering applies shuffle_bytes before the bit permutation
x = (((state1 >> 56) & 255) << 24) | (((state1 >> 48) & 255) << 16) | ((
(state1 >> 40) & 255) << 8) | ((state1 >> 32) & 255)
y = (((state1 >> 24) & 255) << 24) | (((state1 >> 16) & 255) << 16) | ((
(state1 >> 8) & 255) << 8) | (state1 & 255)
t = (y ^ (y >> 7)) & 0x00AA00AA
y = y ^ t ^ (t << 7)
t = (x ^ (x >> 14)) & 0x0000CCCC
x = x ^ t ^ (t << 14)
t = (y ^ (y >> 14)) & 0x0000CCCC
y = y ^ t ^ (t << 14)
t = (x & 0xF0F0F0F0) | ((y >> 4) & 0x0F0F0F0F)
y = ((x << 4) & 0xF0F0F0F0) | (y & 0x0F0F0F0F)
# bottom half
x = (((state2 >> 56) & 255) << 24) | (((state2 >> 48) & 255) << 16) | ((
(state2 >> 40) & 255) << 8) | ((state2 >> 32) & 255)
y2 = (((state2 >> 24) & 255) << 24) | (((state2 >> 16) & 255) << 16) | ((
(state2 >> 8) & 255) << 8) | (state2 & 255)
t2 = (y2 ^ (y2 >> 7)) & 0x00AA00AA
y2 = y2 ^ t2 ^ (t2 << 7)
t2 = (x ^ (x >> 14)) & 0x0000CCCC
x = x ^ t2 ^ (t2 << 14)
t2 = (y2 ^ (y2 >> 14)) & 0x0000CCCC
y2 = y2 ^ t2 ^ (t2 << 14)
t2 = (x & 0xF0F0F0F0) | ((y2 >> 4) & 0x0F0F0F0F)
y2 = ((x << 4) & 0xF0F0F0F0) | (y2 & 0x0F0F0F0F)
return ((y << 32) | t), ((y2 << 32) | t2)
def verify(message, signature, public_key):
message_hash = bytes_to_integer(bytearray(hash(message)))
signature_a, signature_b = signature
key1 = choice(message_hash, signature_a, signature_b)
key2 = choice(message_hash, signature_b, signature_a)
if (hash(integer_to_bytes(key1,
32)), hash(integer_to_bytes(key2,
32))) == public_key:
return True
else:
return False
def find_duplicate2():
from crypto.utilities import bytes_to_integer
target_weight = 19
target_sample = bytearray(8)
samples = []
while hamming_weight(target_sample) != target_weight:
target_sample = bytearray(urandom(8))
test_sample = bytearray(8)
test_sample[-2:] = (255, 255)
test_sample[-3] = 7
assert hamming_weight(test_sample) == hamming_weight(target_sample)
print "Searching for duplicate"
target_sample, test_sample = bytes_to_integer(
target_sample), bytes_to_integer(test_sample)
counter = 0
while test_sample != target_sample:
counter += 1
test_sample = next_bit_permutation(test_sample)
print "Found duplicate after: {}".format(counter)
def test_mixColumn2():
from crypto.utilities import bytes_to_integer, integer_to_bytes
column = range(4)
column2 = range(4)
column = _mixColumn(column)
column2 = [
byte
for byte in integer_to_bytes(_mixColumn2(bytes_to_integer(column2)), 4)
]
assert column == column2, (column, column2)
def test_for_fixed_points():
state = bytearray(16)
for index in range(16):
for shift in range(8):
state[index] = 1 << shift
state1, state2 = bytes_to_integer(state[:8]), bytes_to_integer(
state[8:])
assert format(state1, 'b').zfill(64).count('1') in (1, 0), format(
state1, 'b').zfill(64)
assert format(state2, 'b').zfill(64).count('1') in (1, 0), format(
state2, 'b').zfill(64)
state1, state2 = decorrelation_layer(state1, state2)
assert format(state1, 'b').zfill(64).count('1') in (1, 0), format(
state1, 'b').zfill(64)
assert format(state2, 'b').zfill(64).count('1') in (1, 0), format(
state2, 'b').zfill(64)
_state = integer_to_bytes(state1, 8) + integer_to_bytes(state2, 8)
if _state[index] == 1 << shift:
print "Fixed point in decorrelation layer at: {} {}".format(
index, shift)
state[index] = 0
for state in range(2**24):
state = integer_to_bytes(state, 16)
inputs = bytes_to_integer(state[:4]), bytes_to_integer(
state[4:8]), bytes_to_integer(state[8:12]), bytes_to_integer(
state[12:16])
outputs = nonlinear_mixing(*inputs)
if inputs == outputs:
print "Fixed point in nonlinear mixing layer: {}".format(
[format(word, 'b').zfill(32) for word in inputs])
def test_mixcolumn():
test = [
0x455313DB, 0xBCA14D8E, 0x5C220AF2, 0x9D58DC9F, 0x01010101, 0x01010101,
0xC6C6C6C6, 0xC6C6C6C6, 0xD5D4D4D4, 0xD6D7D5D5, 0x4C31262D, 0xF8BD7E4D
]
for i in range(len(test) / 2):
x = test[i * 2]
y = test[i * 2 + 1]
z = bytes_to_integer(_mixColumn(integer_to_bytes(x, 4)))
#z = _mixColumn2(x)
txt = "fail"
if (z == y): txt = "pass"
print("f(0x%08X) = 0x%08X (expect 0x%08X) [%s]" % (x, z, y, txt))
def test_mixcolumn():
test = [
0x455313DB, 0xBCA14D8E,
0x5C220AF2, 0x9D58DC9F,
0x01010101, 0x01010101,
0xC6C6C6C6, 0xC6C6C6C6,
0xD5D4D4D4, 0xD6D7D5D5,
0x4C31262D, 0xF8BD7E4D
];
for i in range(len(test)/2):
x = test[i*2];
y = test[i*2+1];
z = bytes_to_integer(_mixColumn(integer_to_bytes(x, 4)));
#z = _mixColumn2(x)
txt= "fail"
if (z == y): txt = "pass"
print ("f(0x%08X) = 0x%08X (expect 0x%08X) [%s]" % (x, z, y, txt))
def test_encrypt_decrypt():
message = "Testing!a;skldfp9a8ysdfkaljsdnlkwajerp98ydpf98yh1;i3oh4io9u3hrmou1 9pr1rpu91g3 rui1g riup1grp9u1gt5p91" * 300 # wtf? how does this work?
m = bytes_to_integer(bytearray(message))
key = 1
#outputs = []
#for count in range(1, 1024 + 1):
# plaintext = decrypt(encrypt(m, key), key)
# if plaintext == m:
# outputs.append(1)
# else:
# outputs.append(0)
#outputs = str(outputs)
#successes, failures = outputs.count('1'), outputs.count('0')
#print("Successes: {}; Failures: {};".format(successes, failures))
ciphertext = encrypt(m, key)
_ciphertext = ''.join(bytes(integer_to_bytes(item, 32)) for item in ciphertext)
print("Ciphertext: ({} bytes) {}".format(len(_ciphertext), _ciphertext))
plaintext = decrypt(ciphertext, key)
print("Recovered plaintext: ({} bytes) {}".format(len(message), integer_to_bytes(plaintext, len(message))))
assert plaintext == m, (plaintext, m)
def test_encrypt_decrypt():
message = "Testing!a;skldfp9a8ysdfkaljsdnlkwajerp98ydpf98yh1;i3oh4io9u3hrmou1 9pr1rpu91g3 rui1g riup1grp9u1gt5p91" * 300 # wtf? how does this work?
m = bytes_to_integer(bytearray(message))
key = 1
#outputs = []
#for count in range(1, 1024 + 1):
# plaintext = decrypt(encrypt(m, key), key)
# if plaintext == m:
# outputs.append(1)
# else:
# outputs.append(0)
#outputs = str(outputs)
#successes, failures = outputs.count('1'), outputs.count('0')
#print("Successes: {}; Failures: {};".format(successes, failures))
ciphertext = encrypt(m, key)
_ciphertext = ''.join(
bytes(integer_to_bytes(item, 32)) for item in ciphertext)
print("Ciphertext: ({} bytes) {}".format(len(_ciphertext), _ciphertext))
plaintext = decrypt(ciphertext, key)
print("Recovered plaintext: ({} bytes) {}".format(
len(message), integer_to_bytes(plaintext, len(message))))
assert plaintext == m, (plaintext, m)
def hash_function(message, algorithm=lambda data: hashlib.sha256(data).digest(), size=32):
return bytes_to_integer(bytearray(algorithm(integer_to_bytes(message, size))))
def test_function(a, b, c, d):
state = [integer_to_bytes(word, 4) for word in (a, b, c, d)]
permutation(*state)
return [bytes_to_integer(item) for item in state]
def random_word(wordsize=1):
return bytes_to_integer(bytearray(urandom(wordsize)))
def random_integer(size_in_bytes):
return bytes_to_integer(bytearray(urandom(size_in_bytes)))
def random(bits, index=[0]):
#index[0] += 1
#return _RANDOMS[index[0] - 1]
byte_count = bits / 8
return bytes_to_integer(bytearray(urandom(byte_count)))
def random_bits(count=None):
assert count is not None
assert not count % 8
return bytes_to_integer(bytearray(urandom(count / 8)))
def hash_function(integer):
#return abs(hash(integer))
return bytes_to_integer(
bytearray(hashlib.sha256(integer_to_bytes(integer, 32)).digest()))
def _mixColumn(column, mult=[2, 1, 1, 3]): # inverse_mult = [14, 9, 13, 11]
return integer_to_bytes(_mixColumn2(bytes_to_integer(column)), 4)
def prf(integer, _hash=lambda data: hashlib.sha256(data).digest()):
_bytes = integer_to_bytes(integer, 100) # size_in_bits(integer) * 8)
psuedo_random_bytes = _hash(_bytes)
return bytes_to_integer(bytearray(psuedo_random_bytes))
def bytes_to_word32(data):
return [bytes_to_integer(bytearray(block)) for block in slide(data, 4)]
def h(m, parameters=PARAMETERS):
hash_algorithm = parameters["hash_algorithm"]
return bytes_to_integer(bytearray(hash_algorithm(m).digest()))
def encrypt_then_mac(message, *args, **kwargs):
integrity_key = bytes_to_integer(bytearray(urandom(32)))
ciphertext = save_ciphertext(encrypt(message, *args, **kwargs))
ciphertext += save_ciphertext(encrypt(integrity_key, *args, **kwargs))
tag = hmac(integrity_key, ciphertext)
return ciphertext + tag
def encrypt(data, key):
left = bytes_to_integer(data[:8])
right = bytes_to_integer(data[8:])
key = bytes_to_integer(key)
left, right = _encrypt(left, right, key)
return integer_to_bytes(left, 8) + integer_to_bytes(right, 8)
def random_integer(size_in_bytes):
return bytes_to_integer(bytearray(urandom(size_in_bytes)))
def prf(integer, _hash=lambda data: hashlib.sha256(data).digest()):
_bytes = integer_to_bytes(integer, 100)# size_in_bits(integer) * 8)
psuedo_random_bytes = _hash(_bytes)
return bytes_to_integer(bytearray(psuedo_random_bytes))
def unpack_state(state):
a, b, c, d = (bytes_to_integer(state[offset:offset + 8]) for offset in range(0, 32, 8))
return a, b, c, d
def h(m, hash_algorithm=sha256):
return bytes_to_integer(bytearray(hash_algorithm(m).digest()))
def visualize_keyed_permutation():
from crypto.analysis.visualization import test_4x32_function
from os import urandom
from crypto.utilities import bytes_to_integer
test_4x32_function(keyed_permutation, (0, 0, 0, 1) + tuple(bytes_to_integer(bytearray(urandom(4))) for count in range(4)))
def random_bits(count=None):
assert count is not None
assert not count % 8
return bytes_to_integer(bytearray(urandom(count / 8)))
def encrypt(data, key):
left = bytes_to_integer(data[:8])
right = bytes_to_integer(data[8:])
key = bytes_to_integer(key)
left, right = _encrypt(left, right, key)
return integer_to_bytes(left, 8) + integer_to_bytes(right, 8)
def output_function(state):
return tuple(bytes_to_integer(section) for section in state)
def hash_function(message,
algorithm=lambda data: hashlib.sha256(data).digest(),
size=32):
return bytes_to_integer(
bytearray(algorithm(integer_to_bytes(message, size))))
def test_function(state):
state1, state2 = bytes_to_integer(state[:8]), bytes_to_integer(state[8:16])
state1, state2 = round_function(state1, state2)
state[:] = integer_to_bytes(state1, 8) + integer_to_bytes(state2, 8)
return state
def hash_function(integer):
#return abs(hash(integer))
return bytes_to_integer(bytearray(hashlib.sha256(integer_to_bytes(integer, 32)).digest()))
