def tvAES(): import mixminion._minionlib as _ml print "======================================== AES" print "Single block encryption" k = unHexStr("[00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF]") b = "MixminionTypeIII" print " Key:", hexStr(k) print " Plaintext block:", hexStr(b) eb = _ml.aes128_block_crypt(_ml.aes_key(k), b, 1) db = _ml.aes128_block_crypt(_ml.aes_key(k), b, 0) print " Encrypted block:", hexStr(eb) print " Decrypted block:", hexStr(db) print print "Counter mode encryption:" k = unHexStr("[02 13 24 35 46 57 68 79 8A 9B AC BD CE DF E0 F1]") print " Key:", hexStr(k) print " Keystream[0x00000...0x0003F]:", hexStr( mixminion.Crypto.prng(k, 64)) print " Keystream[0x002C0...0x002FF]:", hexStr( mixminion.Crypto.prng(k, 64, 0x2c0)) print " Keystream[0xF0000...0xF003F]:", hexStr( mixminion.Crypto.prng(k, 64, 0xF0000)) txt = "Hello world!" print " Example text M:", hexStr(txt) print " Encrypt(K,M):", hexStr(mixminion.Crypto.ctr_crypt(txt, k))
def ctr_crypt(s, key, idx=0): """Given a string s and a 16-byte key key, computes the AES counter-mode encryption of s using k. The counter begins at idx. """ if isinstance(key, StringType): key = _ml.aes_key(key) return _ml.aes_ctr128_crypt(key, s, idx)
def testLeaks1(): print "Trying to leak (sha1,aes,xor,seed,oaep)" s20k="a"*20*1024 keytxt="a"*16 key = _ml.aes_key(keytxt) while 1: _ml.aes_key(keytxt) _ml.sha1(s20k) _ml.aes_ctr128_crypt(key,s20k,0) _ml.aes_ctr128_crypt(key,s20k,2000) _ml.aes_ctr128_crypt(key,"",2000,20000) _ml.aes_ctr128_crypt(key,"",0,20000) _ml.aes_ctr128_crypt(key,s20k,0,2000) try: _ml.aes_ctr128_crypt("abc",s20k,0,2000) except: pass _ml.strxor(s20k,s20k) try: _ml.strxor(s20k,keytxt) except: pass _ml.openssl_seed(s20k) r = _ml.add_oaep_padding("Hello",OAEP_PARAMETER,128) _ml.check_oaep_padding(r,OAEP_PARAMETER,128) try: _ml.check_oaep_padding("hello",OAEP_PARAMETER,128) except: pass try: _ml.add_oaep_padding(s20k,OAEP_PARAMETER,128) except: pass try: _ml.add_oaep_padding("a"*127,OAEP_PARAMETER,128) except: pass
def tvAES(): import mixminion._minionlib as _ml print "======================================== AES" print "Single block encryption" k = unHexStr("[00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF]") b = "MixminionTypeIII" print " Key:",hexStr(k) print " Plaintext block:",hexStr(b) eb = _ml.aes128_block_crypt(_ml.aes_key(k),b,1) db = _ml.aes128_block_crypt(_ml.aes_key(k),b,0) print " Encrypted block:",hexStr(eb) print " Decrypted block:",hexStr(db) print print "Counter mode encryption:" k = unHexStr("[02 13 24 35 46 57 68 79 8A 9B AC BD CE DF E0 F1]") print " Key:",hexStr(k) print " Keystream[0x00000...0x0003F]:",hexStr(mixminion.Crypto.prng(k,64)) print " Keystream[0x002C0...0x002FF]:",hexStr(mixminion.Crypto.prng(k,64,0x2c0)) print " Keystream[0xF0000...0xF003F]:",hexStr(mixminion.Crypto.prng(k,64,0xF0000)) txt = "Hello world!" print " Example text M:",hexStr(txt) print " Encrypt(K,M):",hexStr(mixminion.Crypto.ctr_crypt(txt,k))
def prng(key, count, idx=0): """Returns the bytestream 0x00000000...., encrypted in counter mode.""" if isinstance(key, StringType): key = _ml.aes_key(key) return _ml.aes_ctr128_crypt(key, "", idx, count)
def aes_key(key): """Returns an opaque precomputation of the 16-byte AES key, key.""" return _ml.aes_key(key)
"""Given four 20-byte keys, encrypts s using the LIONESS super-pseudorandom permutation. """ assert len(key1) == len(key3) == DIGEST_LEN assert len(key2) == len(key4) == DIGEST_LEN assert len(s) > DIGEST_LEN # Split the message. left = s[:DIGEST_LEN] right = s[DIGEST_LEN:] del s # Performance note: This business with sha1("".join((key,right,key))) # may look slow, but it contributes only .7% to the total time for # LIONESS. right = _ml.aes_ctr128_crypt(_ml.aes_key(_ml.sha1("".join((key1, left, key1)))[:AES_KEY_LEN]), right, 0) left = _ml.strxor(left, _ml.sha1("".join((key2, right, key2)))) right = _ml.aes_ctr128_crypt(_ml.aes_key(_ml.sha1("".join((key3, left, key3)))[:AES_KEY_LEN]), right, 0) left = _ml.strxor(left, _ml.sha1("".join((key4, right, key4)))) # You could write the above as: # right = ctr_crypt(right, "".join((key1,left,key1))[:AES_KEY_LEN]) # left = strxor(left, sha1("".join((key2,right,key2)))) # right = ctr_crypt(right, "".join((key3,left,key3))[:AES_KEY_LEN]) # left = strxor(left, sha1("".join((key4,right,key4)))) # but that would be slower by about 10%. (Since LIONESS is in the # critical path, we care.) return left + right
super-pseudorandom permutation. """ assert len(key1) == len(key3) == DIGEST_LEN assert len(key2) == len(key4) == DIGEST_LEN assert len(s) > DIGEST_LEN # Split the message. left = s[:DIGEST_LEN] right = s[DIGEST_LEN:] del s # Performance note: This business with sha1("".join((key,right,key))) # may look slow, but it contributes only .7% to the total time for # LIONESS. right = _ml.aes_ctr128_crypt( _ml.aes_key(_ml.sha1("".join((key1, left, key1)))[:AES_KEY_LEN]), right, 0) left = _ml.strxor(left, _ml.sha1("".join((key2, right, key2)))) right = _ml.aes_ctr128_crypt( _ml.aes_key(_ml.sha1("".join((key3, left, key3)))[:AES_KEY_LEN]), right, 0) left = _ml.strxor(left, _ml.sha1("".join((key4, right, key4)))) # You could write the above as: # right = ctr_crypt(right, "".join((key1,left,key1))[:AES_KEY_LEN]) # left = strxor(left, sha1("".join((key2,right,key2)))) # right = ctr_crypt(right, "".join((key3,left,key3))[:AES_KEY_LEN]) # left = strxor(left, sha1("".join((key4,right,key4)))) # but that would be slower by about 10%. (Since LIONESS is in the # critical path, we care.) return left + right
def cryptoTiming(): print "#==================== CRYPTO =======================" print "SHA1 (short)", timeit((lambda: sha1(short)), 100000) print "SHA1 (64b)", timeit((lambda: sha1(s64b)), 100000) print "SHA1 (2K)", timeit((lambda: sha1(s2K)), 10000) print "SHA1 (8K)", timeit((lambda: sha1(s8K)), 10000) print "SHA1 (28K)", timeit((lambda: sha1(s28K)), 1000) print "SHA1 (32K)", timeit((lambda: sha1(s32K)), 1000) shakey = "8charstr"*2 print "Keyed SHA1 for lioness (28K, unoptimized)", timeit( (lambda shakey=shakey: _ml.sha1("".join((shakey,s28K,shakey)))), 1000) print "TRNG (20 byte)", timeit((lambda: trng(20)), 100) print "TRNG (128 byte)", timeit((lambda: trng(128)), 100) print "TRNG (1K)", timeit((lambda: trng(1024)), 100) print "xor (1K)", timeit((lambda: _ml.strxor(s1K,s1K)), 100000) print "xor (32K)", timeit((lambda: _ml.strxor(s32K,s32K)), 1000) key = "8charstr"*2 print "aes (short)", timeit((lambda key=key: ctr_crypt(short,key)), 100000) print "aes (1K)", timeit((lambda key=key: ctr_crypt(s1K,key)), 10000) print "aes (2K)", timeit((lambda key=key: ctr_crypt(s2K,key)), 10000) print "aes (28K)", timeit((lambda key=key: ctr_crypt(s28K,key)), 100) print "aes (32K)", timeit((lambda key=key: ctr_crypt(s32K,key)), 100) key = _ml.aes_key(key) print "aes (short,pre-key)", \ timeit((lambda key=key: ctr_crypt(short,key)), 100000) print "aes (1K,pre-key)", \ timeit((lambda key=key: ctr_crypt(s1K,key)), 10000) print "aes (28K,pre-key)", \ timeit((lambda key=key: ctr_crypt(s28K,key)), 100) print "aes (32K,pre-key)", \ timeit((lambda key=key: ctr_crypt(s32K,key)), 100) print "aes (32K,pre-key,unoptimized)", timeit( (lambda key=key: _ml.strxor(prng(key,32768),s32K)), 100) print "prng (short)", timeit((lambda key=key: prng(key,8)), 100000) print "prng (128b)", timeit(( lambda key=key: prng(key,18)), 10000) print "prng (1K)", timeit(( lambda key=key: prng(key,1024)), 10000) print "prng (2K)", timeit(( lambda key=key: prng(key,2048)), 10000) print "prng (28K)", timeit(( lambda key=key: prng(key,28678)), 100) print "prng (32K)", timeit((lambda key=key: prng(key,32768)), 100) print "prng (32K, unoptimized)", timeit( (lambda key=key: ctr_crypt('\x00'*32768, key)), 100) c = AESCounterPRNG() print "aesprng.getInt (10)", \ timeit((lambda c=c: c.getInt(10)), 10000) print "aesprng.getInt (1000)", \ timeit((lambda c=c: c.getInt(1000)), 10000) print "aesprng.getInt (513)", \ timeit((lambda c=c: c.getInt(513)), 10000) L10 = [ "x" ] * 10 L1000 = [ "x" ] * 1000 print "aesprng.shuffle (10/10)", \ timeit((lambda c=c,L=L10: c.shuffle(L)), 1000) print "aesprng.shuffle (1000/1000)", \ timeit((lambda c=c,L=L1000: c.shuffle(L)), 30) print "aesprng.shuffle (10/1000)", \ timeit((lambda c=c,L=L1000: c.shuffle(L,10)), 1000) lkey = Keyset("keymaterial foo bar baz").getLionessKeys("T") print "lioness E (1K)", timeit(( lambda lkey=lkey: lioness_encrypt(s1K, lkey)), 1000) print "lioness E (2K)", timeit(( lambda lkey=lkey: lioness_encrypt(s1K, lkey)), 1000) print "lioness E (4K)", timeit(( lambda lkey=lkey: lioness_encrypt(s4K, lkey)), 1000) print "lioness E (28K)", timeit(( lambda lkey=lkey: lioness_encrypt(s28K, lkey)), 100) print "lioness E (32K)", timeit(( lambda lkey=lkey: lioness_encrypt(s32K, lkey)), 100) print "lioness D (1K)", timeit(( lambda lkey=lkey: lioness_decrypt(s1K, lkey)), 1000) print "lioness D (2K)", timeit(( lambda lkey=lkey: lioness_decrypt(s1K, lkey)), 1000) print "lioness D (4K)", timeit(( lambda lkey=lkey: lioness_decrypt(s4K, lkey)), 1000) print "lioness D (28K)", timeit(( lambda lkey=lkey: lioness_decrypt(s28K, lkey)), 100) print "lioness D (32K)", timeit(( lambda lkey=lkey: lioness_decrypt(s32K, lkey)), 100) bkey = Keyset("keymaterial foo bar baz").getBearKeys("T") print "bear E (1K)", timeit(( lambda bkey=bkey: bear_encrypt(s1K, bkey)), 1000) print "bear E (2K)", timeit(( lambda bkey=bkey: bear_encrypt(s1K, bkey)), 1000) print "bear E (4K)", timeit(( lambda bkey=bkey: bear_encrypt(s4K, bkey)), 1000) print "bear E (28K)", timeit(( lambda bkey=bkey: bear_encrypt(s28K, bkey)), 100) print "bear E (32K)", timeit(( lambda bkey=bkey: bear_encrypt(s32K, bkey)), 100) print "bear D (1K)", timeit(( lambda bkey=bkey: bear_decrypt(s1K, bkey)), 1000) print "bear D (2K)", timeit(( lambda bkey=bkey: bear_decrypt(s1K, bkey)), 1000) print "bear D (4K)", timeit(( lambda bkey=bkey: bear_decrypt(s4K, bkey)), 1000) print "bear D (28K)", timeit(( lambda bkey=bkey: bear_decrypt(s28K, bkey)), 100) print "bear D (32K)", timeit(( lambda bkey=bkey: bear_decrypt(s32K, bkey)), 100)