def tvAES():
import mixminion._minionlib as _ml
print "======================================== AES"
print "Single block encryption"
k = unHexStr("[00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF]")
b = "MixminionTypeIII"
print " Key:", hexStr(k)
print " Plaintext block:", hexStr(b)
eb = _ml.aes128_block_crypt(_ml.aes_key(k), b, 1)
db = _ml.aes128_block_crypt(_ml.aes_key(k), b, 0)
print " Encrypted block:", hexStr(eb)
print " Decrypted block:", hexStr(db)
print
print "Counter mode encryption:"
k = unHexStr("[02 13 24 35 46 57 68 79 8A 9B AC BD CE DF E0 F1]")
print " Key:", hexStr(k)
print " Keystream[0x00000...0x0003F]:", hexStr(
mixminion.Crypto.prng(k, 64))
print " Keystream[0x002C0...0x002FF]:", hexStr(
mixminion.Crypto.prng(k, 64, 0x2c0))
print " Keystream[0xF0000...0xF003F]:", hexStr(
mixminion.Crypto.prng(k, 64, 0xF0000))
txt = "Hello world!"
print " Example text M:", hexStr(txt)
print " Encrypt(K,M):", hexStr(mixminion.Crypto.ctr_crypt(txt, k))
def ctr_crypt(s, key, idx=0):
"""Given a string s and a 16-byte key key, computes the AES counter-mode
encryption of s using k. The counter begins at idx.
"""
if isinstance(key, StringType):
key = _ml.aes_key(key)
return _ml.aes_ctr128_crypt(key, s, idx)
def ctr_crypt(s, key, idx=0):
"""Given a string s and a 16-byte key key, computes the AES counter-mode
encryption of s using k. The counter begins at idx.
"""
if isinstance(key, StringType):
key = _ml.aes_key(key)
return _ml.aes_ctr128_crypt(key, s, idx)
def testLeaks1():
print "Trying to leak (sha1,aes,xor,seed,oaep)"
s20k="a"*20*1024
keytxt="a"*16
key = _ml.aes_key(keytxt)
while 1:
_ml.aes_key(keytxt)
_ml.sha1(s20k)
_ml.aes_ctr128_crypt(key,s20k,0)
_ml.aes_ctr128_crypt(key,s20k,2000)
_ml.aes_ctr128_crypt(key,"",2000,20000)
_ml.aes_ctr128_crypt(key,"",0,20000)
_ml.aes_ctr128_crypt(key,s20k,0,2000)
try:
_ml.aes_ctr128_crypt("abc",s20k,0,2000)
except:
pass
_ml.strxor(s20k,s20k)
try:
_ml.strxor(s20k,keytxt)
except:
pass
_ml.openssl_seed(s20k)
r = _ml.add_oaep_padding("Hello",OAEP_PARAMETER,128)
_ml.check_oaep_padding(r,OAEP_PARAMETER,128)
try:
_ml.check_oaep_padding("hello",OAEP_PARAMETER,128)
except:
pass
try:
_ml.add_oaep_padding(s20k,OAEP_PARAMETER,128)
except:
pass
try:
_ml.add_oaep_padding("a"*127,OAEP_PARAMETER,128)
except:
pass
def tvAES():
import mixminion._minionlib as _ml
print "======================================== AES"
print "Single block encryption"
k = unHexStr("[00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF]")
b = "MixminionTypeIII"
print " Key:",hexStr(k)
print " Plaintext block:",hexStr(b)
eb = _ml.aes128_block_crypt(_ml.aes_key(k),b,1)
db = _ml.aes128_block_crypt(_ml.aes_key(k),b,0)
print " Encrypted block:",hexStr(eb)
print " Decrypted block:",hexStr(db)
print
print "Counter mode encryption:"
k = unHexStr("[02 13 24 35 46 57 68 79 8A 9B AC BD CE DF E0 F1]")
print " Key:",hexStr(k)
print " Keystream[0x00000...0x0003F]:",hexStr(mixminion.Crypto.prng(k,64))
print " Keystream[0x002C0...0x002FF]:",hexStr(mixminion.Crypto.prng(k,64,0x2c0))
print " Keystream[0xF0000...0xF003F]:",hexStr(mixminion.Crypto.prng(k,64,0xF0000))
txt = "Hello world!"
print " Example text M:",hexStr(txt)
print " Encrypt(K,M):",hexStr(mixminion.Crypto.ctr_crypt(txt,k))
def prng(key, count, idx=0):
"""Returns the bytestream 0x00000000...., encrypted in counter mode."""
if isinstance(key, StringType):
key = _ml.aes_key(key)
return _ml.aes_ctr128_crypt(key, "", idx, count)
def aes_key(key):
"""Returns an opaque precomputation of the 16-byte AES key, key."""
return _ml.aes_key(key)
"""Given four 20-byte keys, encrypts s using the LIONESS
super-pseudorandom permutation.
"""
assert len(key1) == len(key3) == DIGEST_LEN
assert len(key2) == len(key4) == DIGEST_LEN
assert len(s) > DIGEST_LEN
# Split the message.
left = s[:DIGEST_LEN]
right = s[DIGEST_LEN:]
del s
# Performance note: This business with sha1("".join((key,right,key)))
# may look slow, but it contributes only .7% to the total time for
# LIONESS.
right = _ml.aes_ctr128_crypt(_ml.aes_key(_ml.sha1("".join((key1, left, key1)))[:AES_KEY_LEN]), right, 0)
left = _ml.strxor(left, _ml.sha1("".join((key2, right, key2))))
right = _ml.aes_ctr128_crypt(_ml.aes_key(_ml.sha1("".join((key3, left, key3)))[:AES_KEY_LEN]), right, 0)
left = _ml.strxor(left, _ml.sha1("".join((key4, right, key4))))
# You could write the above as:
# right = ctr_crypt(right, "".join((key1,left,key1))[:AES_KEY_LEN])
# left = strxor(left, sha1("".join((key2,right,key2))))
# right = ctr_crypt(right, "".join((key3,left,key3))[:AES_KEY_LEN])
# left = strxor(left, sha1("".join((key4,right,key4))))
# but that would be slower by about 10%. (Since LIONESS is in the
# critical path, we care.)
return left + right
def prng(key, count, idx=0):
"""Returns the bytestream 0x00000000...., encrypted in counter mode."""
if isinstance(key, StringType):
key = _ml.aes_key(key)
return _ml.aes_ctr128_crypt(key, "", idx, count)
def aes_key(key):
"""Returns an opaque precomputation of the 16-byte AES key, key."""
return _ml.aes_key(key)
super-pseudorandom permutation.
"""
assert len(key1) == len(key3) == DIGEST_LEN
assert len(key2) == len(key4) == DIGEST_LEN
assert len(s) > DIGEST_LEN
# Split the message.
left = s[:DIGEST_LEN]
right = s[DIGEST_LEN:]
del s
# Performance note: This business with sha1("".join((key,right,key)))
# may look slow, but it contributes only .7% to the total time for
# LIONESS.
right = _ml.aes_ctr128_crypt(
_ml.aes_key(_ml.sha1("".join((key1, left, key1)))[:AES_KEY_LEN]),
right, 0)
left = _ml.strxor(left, _ml.sha1("".join((key2, right, key2))))
right = _ml.aes_ctr128_crypt(
_ml.aes_key(_ml.sha1("".join((key3, left, key3)))[:AES_KEY_LEN]),
right, 0)
left = _ml.strxor(left, _ml.sha1("".join((key4, right, key4))))
# You could write the above as:
# right = ctr_crypt(right, "".join((key1,left,key1))[:AES_KEY_LEN])
# left = strxor(left, sha1("".join((key2,right,key2))))
# right = ctr_crypt(right, "".join((key3,left,key3))[:AES_KEY_LEN])
# left = strxor(left, sha1("".join((key4,right,key4))))
# but that would be slower by about 10%. (Since LIONESS is in the
# critical path, we care.)
return left + right
super-pseudorandom permutation.
"""
assert len(key1) == len(key3) == DIGEST_LEN
assert len(key2) == len(key4) == DIGEST_LEN
assert len(s) > DIGEST_LEN
# Split the message.
left = s[:DIGEST_LEN]
right = s[DIGEST_LEN:]
del s
# Performance note: This business with sha1("".join((key,right,key)))
# may look slow, but it contributes only .7% to the total time for
# LIONESS.
right = _ml.aes_ctr128_crypt(
_ml.aes_key(_ml.sha1("".join((key1, left, key1)))[:AES_KEY_LEN]),
right, 0)
left = _ml.strxor(left, _ml.sha1("".join((key2, right, key2))))
right = _ml.aes_ctr128_crypt(
_ml.aes_key(_ml.sha1("".join((key3, left, key3)))[:AES_KEY_LEN]),
right, 0)
left = _ml.strxor(left, _ml.sha1("".join((key4, right, key4))))
# You could write the above as:
# right = ctr_crypt(right, "".join((key1,left,key1))[:AES_KEY_LEN])
# left = strxor(left, sha1("".join((key2,right,key2))))
# right = ctr_crypt(right, "".join((key3,left,key3))[:AES_KEY_LEN])
# left = strxor(left, sha1("".join((key4,right,key4))))
# but that would be slower by about 10%. (Since LIONESS is in the
# critical path, we care.)
return left + right
def cryptoTiming():
print "#==================== CRYPTO ======================="
print "SHA1 (short)", timeit((lambda: sha1(short)), 100000)
print "SHA1 (64b)", timeit((lambda: sha1(s64b)), 100000)
print "SHA1 (2K)", timeit((lambda: sha1(s2K)), 10000)
print "SHA1 (8K)", timeit((lambda: sha1(s8K)), 10000)
print "SHA1 (28K)", timeit((lambda: sha1(s28K)), 1000)
print "SHA1 (32K)", timeit((lambda: sha1(s32K)), 1000)
shakey = "8charstr"*2
print "Keyed SHA1 for lioness (28K, unoptimized)", timeit(
(lambda shakey=shakey: _ml.sha1("".join((shakey,s28K,shakey)))), 1000)
print "TRNG (20 byte)", timeit((lambda: trng(20)), 100)
print "TRNG (128 byte)", timeit((lambda: trng(128)), 100)
print "TRNG (1K)", timeit((lambda: trng(1024)), 100)
print "xor (1K)", timeit((lambda: _ml.strxor(s1K,s1K)), 100000)
print "xor (32K)", timeit((lambda: _ml.strxor(s32K,s32K)), 1000)
key = "8charstr"*2
print "aes (short)", timeit((lambda key=key: ctr_crypt(short,key)), 100000)
print "aes (1K)", timeit((lambda key=key: ctr_crypt(s1K,key)), 10000)
print "aes (2K)", timeit((lambda key=key: ctr_crypt(s2K,key)), 10000)
print "aes (28K)", timeit((lambda key=key: ctr_crypt(s28K,key)), 100)
print "aes (32K)", timeit((lambda key=key: ctr_crypt(s32K,key)), 100)
key = _ml.aes_key(key)
print "aes (short,pre-key)", \
timeit((lambda key=key: ctr_crypt(short,key)), 100000)
print "aes (1K,pre-key)", \
timeit((lambda key=key: ctr_crypt(s1K,key)), 10000)
print "aes (28K,pre-key)", \
timeit((lambda key=key: ctr_crypt(s28K,key)), 100)
print "aes (32K,pre-key)", \
timeit((lambda key=key: ctr_crypt(s32K,key)), 100)
print "aes (32K,pre-key,unoptimized)", timeit(
(lambda key=key: _ml.strxor(prng(key,32768),s32K)), 100)
print "prng (short)", timeit((lambda key=key: prng(key,8)), 100000)
print "prng (128b)", timeit((
lambda key=key: prng(key,18)), 10000)
print "prng (1K)", timeit((
lambda key=key: prng(key,1024)), 10000)
print "prng (2K)", timeit((
lambda key=key: prng(key,2048)), 10000)
print "prng (28K)", timeit((
lambda key=key: prng(key,28678)), 100)
print "prng (32K)", timeit((lambda key=key: prng(key,32768)), 100)
print "prng (32K, unoptimized)", timeit(
(lambda key=key: ctr_crypt('\x00'*32768, key)), 100)
c = AESCounterPRNG()
print "aesprng.getInt (10)", \
timeit((lambda c=c: c.getInt(10)), 10000)
print "aesprng.getInt (1000)", \
timeit((lambda c=c: c.getInt(1000)), 10000)
print "aesprng.getInt (513)", \
timeit((lambda c=c: c.getInt(513)), 10000)
L10 = [ "x" ] * 10
L1000 = [ "x" ] * 1000
print "aesprng.shuffle (10/10)", \
timeit((lambda c=c,L=L10: c.shuffle(L)), 1000)
print "aesprng.shuffle (1000/1000)", \
timeit((lambda c=c,L=L1000: c.shuffle(L)), 30)
print "aesprng.shuffle (10/1000)", \
timeit((lambda c=c,L=L1000: c.shuffle(L,10)), 1000)
lkey = Keyset("keymaterial foo bar baz").getLionessKeys("T")
print "lioness E (1K)", timeit((
lambda lkey=lkey: lioness_encrypt(s1K, lkey)), 1000)
print "lioness E (2K)", timeit((
lambda lkey=lkey: lioness_encrypt(s1K, lkey)), 1000)
print "lioness E (4K)", timeit((
lambda lkey=lkey: lioness_encrypt(s4K, lkey)), 1000)
print "lioness E (28K)", timeit((
lambda lkey=lkey: lioness_encrypt(s28K, lkey)), 100)
print "lioness E (32K)", timeit((
lambda lkey=lkey: lioness_encrypt(s32K, lkey)), 100)
print "lioness D (1K)", timeit((
lambda lkey=lkey: lioness_decrypt(s1K, lkey)), 1000)
print "lioness D (2K)", timeit((
lambda lkey=lkey: lioness_decrypt(s1K, lkey)), 1000)
print "lioness D (4K)", timeit((
lambda lkey=lkey: lioness_decrypt(s4K, lkey)), 1000)
print "lioness D (28K)", timeit((
lambda lkey=lkey: lioness_decrypt(s28K, lkey)), 100)
print "lioness D (32K)", timeit((
lambda lkey=lkey: lioness_decrypt(s32K, lkey)), 100)
bkey = Keyset("keymaterial foo bar baz").getBearKeys("T")
print "bear E (1K)", timeit((
lambda bkey=bkey: bear_encrypt(s1K, bkey)), 1000)
print "bear E (2K)", timeit((
lambda bkey=bkey: bear_encrypt(s1K, bkey)), 1000)
print "bear E (4K)", timeit((
lambda bkey=bkey: bear_encrypt(s4K, bkey)), 1000)
print "bear E (28K)", timeit((
lambda bkey=bkey: bear_encrypt(s28K, bkey)), 100)
print "bear E (32K)", timeit((
lambda bkey=bkey: bear_encrypt(s32K, bkey)), 100)
print "bear D (1K)", timeit((
lambda bkey=bkey: bear_decrypt(s1K, bkey)), 1000)
print "bear D (2K)", timeit((
lambda bkey=bkey: bear_decrypt(s1K, bkey)), 1000)
print "bear D (4K)", timeit((
lambda bkey=bkey: bear_decrypt(s4K, bkey)), 1000)
print "bear D (28K)", timeit((
lambda bkey=bkey: bear_decrypt(s28K, bkey)), 100)
print "bear D (32K)", timeit((
lambda bkey=bkey: bear_decrypt(s32K, bkey)), 100)