def ctr_crypt(s, key, idx=0): """Given a string s and a 16-byte key key, computes the AES counter-mode encryption of s using k. The counter begins at idx. """ if isinstance(key, StringType): key = _ml.aes_key(key) return _ml.aes_ctr128_crypt(key, s, idx)
def prng(key, count, idx=0): """Returns the bytestream 0x00000000...., encrypted in counter mode.""" if isinstance(key, StringType): key = _ml.aes_key(key) return _ml.aes_ctr128_crypt(key, "", idx, count)
"""Given four 20-byte keys, encrypts s using the LIONESS super-pseudorandom permutation. """ assert len(key1) == len(key3) == DIGEST_LEN assert len(key2) == len(key4) == DIGEST_LEN assert len(s) > DIGEST_LEN # Split the message. left = s[:DIGEST_LEN] right = s[DIGEST_LEN:] del s # Performance note: This business with sha1("".join((key,right,key))) # may look slow, but it contributes only .7% to the total time for # LIONESS. right = _ml.aes_ctr128_crypt(_ml.aes_key(_ml.sha1("".join((key1, left, key1)))[:AES_KEY_LEN]), right, 0) left = _ml.strxor(left, _ml.sha1("".join((key2, right, key2)))) right = _ml.aes_ctr128_crypt(_ml.aes_key(_ml.sha1("".join((key3, left, key3)))[:AES_KEY_LEN]), right, 0) left = _ml.strxor(left, _ml.sha1("".join((key4, right, key4)))) # You could write the above as: # right = ctr_crypt(right, "".join((key1,left,key1))[:AES_KEY_LEN]) # left = strxor(left, sha1("".join((key2,right,key2)))) # right = ctr_crypt(right, "".join((key3,left,key3))[:AES_KEY_LEN]) # left = strxor(left, sha1("".join((key4,right,key4)))) # but that would be slower by about 10%. (Since LIONESS is in the # critical path, we care.) return left + right
super-pseudorandom permutation. """ assert len(key1) == len(key3) == DIGEST_LEN assert len(key2) == len(key4) == DIGEST_LEN assert len(s) > DIGEST_LEN # Split the message. left = s[:DIGEST_LEN] right = s[DIGEST_LEN:] del s # Performance note: This business with sha1("".join((key,right,key))) # may look slow, but it contributes only .7% to the total time for # LIONESS. right = _ml.aes_ctr128_crypt( _ml.aes_key(_ml.sha1("".join((key1, left, key1)))[:AES_KEY_LEN]), right, 0) left = _ml.strxor(left, _ml.sha1("".join((key2, right, key2)))) right = _ml.aes_ctr128_crypt( _ml.aes_key(_ml.sha1("".join((key3, left, key3)))[:AES_KEY_LEN]), right, 0) left = _ml.strxor(left, _ml.sha1("".join((key4, right, key4)))) # You could write the above as: # right = ctr_crypt(right, "".join((key1,left,key1))[:AES_KEY_LEN]) # left = strxor(left, sha1("".join((key2,right,key2)))) # right = ctr_crypt(right, "".join((key3,left,key3))[:AES_KEY_LEN]) # left = strxor(left, sha1("".join((key4,right,key4)))) # but that would be slower by about 10%. (Since LIONESS is in the # critical path, we care.) return left + right
def testLeaks1(): print "Trying to leak (sha1,aes,xor,seed,oaep)" s20k="a"*20*1024 keytxt="a"*16 key = _ml.aes_key(keytxt) while 1: _ml.aes_key(keytxt) _ml.sha1(s20k) _ml.aes_ctr128_crypt(key,s20k,0) _ml.aes_ctr128_crypt(key,s20k,2000) _ml.aes_ctr128_crypt(key,"",2000,20000) _ml.aes_ctr128_crypt(key,"",0,20000) _ml.aes_ctr128_crypt(key,s20k,0,2000) try: _ml.aes_ctr128_crypt("abc",s20k,0,2000) except: pass _ml.strxor(s20k,s20k) try: _ml.strxor(s20k,keytxt) except: pass _ml.openssl_seed(s20k) r = _ml.add_oaep_padding("Hello",OAEP_PARAMETER,128) _ml.check_oaep_padding(r,OAEP_PARAMETER,128) try: _ml.check_oaep_padding("hello",OAEP_PARAMETER,128) except: pass try: _ml.add_oaep_padding(s20k,OAEP_PARAMETER,128) except: pass try: _ml.add_oaep_padding("a"*127,OAEP_PARAMETER,128) except: pass